Category: trivial musing

why pay twice?

Yesterday’s Independent newspaper reports that HMG has let a contract with five companies to monitor social media such as twitter, facebook, and blogs for commentary on Goverment activity. The report says: “Under the terms of the deal five companies have been approved to keep an eye on Facebook, Twitter and blogs and provide daily reports …

Continue reading

Permanent link to this article: https://baldric.net/2015/06/05/why-pay-twice/

de-encrypting trivia

Well, that didn’t last long. When I decided to force SSL as the default connection to trivia I had forgotten that it is syndicated via RSS on sites like planet alug. And of course as Brett Parker helpfully pointed out to me, self-signed certificates don’t always go down too well with RSS readers. He also …

Continue reading

Permanent link to this article: https://baldric.net/2015/06/02/de-encrypting-trivia/

encrypting trivia

In my post of 8 May I said it was now time to encrypt much, much more of my everyday activity. One big, and obvious, hole in this policy decision was the fact that the public face of this blog itself has remained unencrypted since I first created it way back in 2006. Back in …

Continue reading

Permanent link to this article: https://baldric.net/2015/06/01/encrypting-trivia/

what is wrong with this sentence?

Yesterday the new Government published a press release about the forthcoming first meeting of the new National Security Council (NSC). That meeting was due to discuss the Tory administration’s plans for a new Counter-Extremism Bill. The press release includes the following extraordinary statement which is attributed to the Prime Minister: “For too long, we have …

Continue reading

Permanent link to this article: https://baldric.net/2015/05/14/what-is-wrong-with-this-sentence/

back on topic

Theresa May hasn’t wasted any time. The Independent reports today that Ms May (Home Secretary in the coalition administration) has said that the new Tory administration will bring the Draft Communications Data Bill, previously blocked by the Liberal Democrats, back to the House of Commons with the intention of getting it passed into law. As …

Continue reading

Permanent link to this article: https://baldric.net/2015/05/08/back-on-topic/

do not be ordinary

The early results of yesterday’s poll are depressing beyond belief. It looks almost certain that the Tory party will have sufficient seats to form the next government. I don’t often make party political points here (though my political leanings may sometimes be obvious) but I was reminded today of Neil Kinnock’s heart rending speech in …

Continue reading

Permanent link to this article: https://baldric.net/2015/05/08/do-not-be-ordinary/

the russians are back

About four years ago I was getting a huge volume of backscatter email to the non-existent address info@baldric.net. After a month or so it started to go quiet and eventually I got hardly any hits on that (or any other) address. A couple of weeks or so ago they came back. My logs for weeks …

Continue reading

Permanent link to this article: https://baldric.net/2015/03/30/the-russians-are-back/

kidnapped by aliens

An old friend of mine has expressed some concern at the lack of activity on trivia of late. In his most recent email to me he said: “You really should revive Baldric you know. Everyone will believe it if you just say you were kidnapped by aliens, and then you can just resume where you …

Continue reading

Permanent link to this article: https://baldric.net/2015/03/30/kidnapped-by-aliens/

merry christmas 2014

As I have noted before, 24 December is trivia’s birthday. Since my first post dates from 24 December 2006, today is trivia’s eighth birthday. It seems like only yesterday. I haven’t posted much in the last few months. I have a lot of material I need to cover, and a backlog of articles I want …

Continue reading

Permanent link to this article: https://baldric.net/2014/12/24/merry-christmas-2014/

solidarity with the tor project

On Thursday 11 December, Roger Dingledine of the Tor project posted the following email to the “tor-talk” mail list (to which I am subscribed). I’d like to draw your attention to https://blog.torproject.org/blog/solidarity-against-online-harassment https://twitter.com/torproject/status/543154161236586496 One of our colleagues has been the target of a sustained campaign of harassment for the past several months. We have decided …

Continue reading

Permanent link to this article: https://baldric.net/2014/12/13/solidarity-with-the-tor-project/

independent hit

On trying to reach the website of the Independent newspaper today (the Grauniad is trying my patience of late), I received the following response: Closing the popup takes you to this page: I haven’t checked whether this is simply a DNS redirect or an actual compromise of the Indy site, but however the graffiti was …

Continue reading

Permanent link to this article: https://baldric.net/2014/11/27/independent-hit/

CVE-2014-6271 bash vulnerability

Guess what I found in trivia’s logs this morning? 89.207.135.125 – – [25/Sep/2014:10:48:13 +0100] “GET /cgi-sys/defaultwebpage.cgi HTTP/1.0” 404 345 “-” “() { :;}; /bin/ping -c 1 198.101.206.138” I’ll bet a lot of cgi scripts are being poked at the moment. Check your logs guys. A simple grep “:;}” access.log will tell you all you need …

Continue reading

Permanent link to this article: https://baldric.net/2014/09/26/cve-2014-6271-bash-vulnerability/

net neutrality

My apologies that this is a few weeks late – but it still bears posting. John Oliver at HBO gave the best description of the net neutrality argument I have seen so far. Following that broadcast, the FCC servers were, rather predictably, overwhelmed by the outraged response from the trolls that Oliver set loose. Unfortunately, …

Continue reading

Permanent link to this article: https://baldric.net/2014/08/13/net-neutrality/

levison on dime

Ladar Levison and Stephen Wyatt presented the upcoming Dark Internet Mail Environment (DIME) at Defcon22 this week. According to El Reg, Levison, who shut down Lavabit, his previous mail service rather than comply with FBI demands that he divulge the private SSL certificates used to encrypt traffic on that service, said: “I’m not upset that …

Continue reading

Permanent link to this article: https://baldric.net/2014/08/11/levison-on-dime/

punctuation matters

There is a nice tweet over at @NSA_PR. It reads: We take your privacy, seriously. Beyond parody.

Permanent link to this article: https://baldric.net/2014/07/28/punctuation-matters/

department of dirty

Like most ‘net users I get my fair share of spam. Most of it gets binned automatically by my email system, but of course some still gets through so I am used to hitting the delete button on random email from .ru domains offering me the opportunity to “impress my girl tonight”. Most such phishing …

Continue reading

Permanent link to this article: https://baldric.net/2014/07/23/department-of-dirty/

drip

I get my domestic ADSL connectivity from the rather excellent people at Andrews and Arnold. Here’s why. And this is the original reason I moved to them. They also happily take (and similarly reply to) GPG encrypted support questions. Good guys. Thoroughly recommended. Now can you /really/ see BT doing any of that? ‘thought not.

Permanent link to this article: https://baldric.net/2014/07/21/drip/

inappropriate use of technology

I have been travelling a lot over the last few months (Czech Republic, Scotland, France, Germany, Austria, Slovenia, Croatia, Italy). That travel, plus my catching up on a load of reading is my excuse for the woeful lack of posts to trivia of late. But hey, sometimes life gets in the way of blogging – …

Continue reading

Permanent link to this article: https://baldric.net/2014/06/30/inappropriate-use-of-technology/

a new app

My newspaper of choice, the Guardian, has for some time produced its own android (and iOS of course) app. I have often used the android app on my tablet to catch up on emerging news items at the end of the day. I also read the BBC news app for the same reason. Yesterday I …

Continue reading

Permanent link to this article: https://baldric.net/2014/05/30/a-new-app/

nsa operation orchestra

In February of this year, Poul-Henning Kamp (a.k.a “PHK”) gave what now looks to be a peculiarly prescient presentation as the closing keynote to 2014’s FOSDEM. In the presentation (PDF), PHK posits an NSA operation called ORCHESTRA which is designed to undermine internet security through a series of “disinformation” or “misinformation”, or “misdirection” sub operations. …

Continue reading

Permanent link to this article: https://baldric.net/2014/04/16/nsa-operation-orchestra/

more heartbleed

For any readers uncertain of exactly how the heartbleed vulberability in openssl might be exploitable, Sean Cassidy over at existential type has a good explanation. And if you find that difficult to follow, Randall Munroe over at xkcd covers it quite nicely. My thanks, and appreciation as always, to a great artist. Of course, Randall …

Continue reading

Permanent link to this article: https://baldric.net/2014/04/16/more-heartbleed/

pulitzer guardian

The Guardian and the Washington Post have been jointly awarded the Pulitzer prize for public service for their reporting of Edward Snowden’s whistleblowing on the NSA’s surveillance activities. The Guardian reports: The Pulitzer committee praised the Guardian for its “revelation of widespread secret surveillance by the National Security Agency, helping through aggressive reporting to spark …

Continue reading

Permanent link to this article: https://baldric.net/2014/04/16/pulitzer-guardian/

boot and nuke no more

I was contacted recently by a guy called Andy Beverley who wrote: Hope you don’t mind me contacting you about one of your old blog posts “what gives with dban”. Thought I’d let you know that I forked DBAN a while ago, and produced a standalone program (called nwipe) that will run on any Linux …

Continue reading

Permanent link to this article: https://baldric.net/2014/04/15/boot-and-nuke-no-more/

heartbleed

This is nasty. There is a remotely exploitable bug in openssl which leads to the leak of memory contents from the server to the client and from the client to the server. In practice this means that an attacker can read 64K chunks of memory on a vulnerable service, thus potentially exposing security critical information. …

Continue reading

Permanent link to this article: https://baldric.net/2014/04/08/heartbleed/