no police here

February 1st, 2011

The UK Home Office launched a new crime statistics website today at www.police.uk. The site is supposed to show “Local crime and policing information for England and Wales”.

I’m not entirely convinced of the merit of the site in the first place (and can see all sorts of potential objections arising in some of the more rabid tabloid newspapers), but I thought I would try it out before making any form of judgement of my own. Unfortunately I’m not impressed.

The opening page of the new service invites the user to “Enter your postcode, town, village or street into the search box below, and get instant access to street-level crime maps and data, as well as details of your local policing team and beat meetings.”

I have tried various combinations of the suggestions, scaling outwards and upwards from my precise postcode to the whole of that part of the County in which I live. I was not reassured to get the following message:

screenshot of www.police.uk website

Discussion elsewhere on the ‘net suggests that this result is not unusual. It appears to be a badly worded (or badly coded) response to an error condition resulting from system overload following the launch. At least I sincerely hope that is the case and we are not really completely devoid of policing services in the whole of South Norfolk.

Examination of the HTML source for the webpage generated suggests that the service is running on Amazon’s Web Services. Certainly some of pages are retrieved from S3 servers, and the IP address of the site appears to be on Amazon’s AWS (see dig and whois results below *). If the site is, as it appears to be, cloud based, then either the supplier (Rock Kitchen Harris, Leicester) or the Home Office has seriously undersized the requirement. Regardless of who is at fault here, there is an evident need to pull in some more resource pretty quickly. This should be a good test of the much vaunted flexibility of cloud based services such as Amazon’s EC2. I expect the service to be running quickly and cleanly by this time tomorrow.

* dig www.police.uk returns:

; <<>> DiG 9.6-ESV-R3 <<>> www.police.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10557
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.police.uk. IN A

;; ANSWER SECTION:
www.police.uk. 1251 IN CNAME policeuk-167782603.eu-west-1.elb.amazonaws.com.
policeuk-167782603.eu-west-1.elb.amazonaws.com. 60 IN A 46.137.113.146

;; Query time: 268 msec
;; SERVER: 80.68.80.24#53(80.68.80.24)
;; WHEN: Tue Feb 1 14:16:23 2011
;; MSG SIZE rcvd: 107

and a whois lookup of 46.137.113.146 returns:

% Information related to ’46.137.0.0 – 46.137.127.255′

inetnum: 46.137.0.0 – 46.137.127.255
netname: AMAZON-EU-AWS
descr: Amazon Web Services, Elastic Compute Cloud, EC2, EU

Tags: , ,
Posted in coding and admin, networks and networking, trivial musing | 1 Comment »

is my computer off

January 29th, 2011

This site is probably even more pointless than most webcams, but it, and the site it was inspired by, amused me. Having found this, I just had to register a similarly pointless domain of my own. So now I am the proud owner of theinternetisoff.net.

Make it your home page. You know it makes sense.

Tags: , , ,
Posted in trivial musing | No Comments »

now I feel bad about blogging

January 27th, 2011

El Reg has a wonderful ROTW post here. One “Matt Kracht” lays into an article by Andrew Orlowski about P2P bitorrent users saying:

“I hate… no, I *loathe* when bloggers try to move to online news sites. If there’s one thing that web 2.0 has done, it has fucked up journalism so bad that nobody can tell the difference between some dork yelling his uninformed opinions about uninteresting shit and an actual newspaper article. Sure, once in a while, you get filler crap even in the New York Times, but it’s at least *interesting*. It’s about topics that people care about, and has new, informed, researched opinions and insights. What the hell is your article about? Being bored? Unimpressed by illegal file sharing sites run by scammers trying to make a quick buck? God, you’re an embarrassment to anyone who’s ever written anything less shallow than a blog. You offend me, sir, with your pathetic writing.”

Kudos to Orlowski for posting it. But I feel bad to be considered “shallow” because I blog – or do I?

Tags: , ,
Posted in trivial musing | No Comments »

I guess they do it differently over there

January 26th, 2011

I came across a potential new entry to the “slug replacement” competition today in the shape of a 2GHz Sheeva Marvell based plug computer by Ionics called the Nimbus 2000 (all the company’s products seem to be named after cloud types – wonder why).

nimbus 2000 sheeva plug

In addition to that rather fast ARM CPU, this little beast boasts: 512 MB DDR2 RAM at 400 MHz; 512 MB NAND Flash; one USB 2.0 port and a Gigabit LAN port. The plug apparently runs a 2.6.23 kernel in a custom embedded linux. Now if we can get debian onto that little thing (as is the case with the 1.2GHZ sheevaplug from Global Scale Technologies), it looks like being an attractive proposition for anyone wanting a small, but powerful web or file server.

But, whilst I was scanning the company web site I was struck by their “careers” page. Here’s a sample:

DESIGN LIBRARY ENGINEER II
• Female
• Bachelor’s degree in Computer Engineering or Electronics & Communications Engineering
• Strong background in electronics engineering
• At least 1 year experience in design library with emphasis on schematic symbol and component footprint creation
• Preferable with experience using Mentor PADS, Cadence OrCAD, Cadence Allegro or equivalent EDA tools

and

ODM QUALITY ASSURANCE MANAGER
• Male
• Candidate must be a graduate of BS Engineering
• Background in electrical or electronics is desirable for this position.
• Must have experience in Original Equipment Manufacturer / Original Design Manufacturer.
• The candidate must have demonstrated previous supervisory experience.
• Strong computer skills to oversee electronic quality management systems including document control and CAPA.
• Willing to be assigned in Calamba City, Laguna

I suppose they must have some odd policy of balancing the sexes across the disciplines. At least they are not advertising for “Secretary – female” and “Engineer – Male” as we might have done a few years back.

Tags: , ,
Posted in electronics, linux and unix, trivial musing | No Comments »

wordpress setup

January 24th, 2011

I have just added a couple of new plugins to this blog and tidied up some old cruft that I had been meaning to get around to for a while. One of the plugins I have added is a really rather good statistcs tool called Counterize II. It provides a very quick (and impressively comprehensive) set of stats about page hits, browser types, referring URLs etc. all readily accessible from the wordpress admin dashboard – so no need to trawl through web logs to find out where your visitors are coming from or which is your most popular post or page. Thoroughly recommended.

In the process of searching for such a plugin I also came across Angie Bowen’s posting about the top ten things she always does when setting up a new blog. Whilst I don’t agree with all her recommendations (identifying the ones I disagree with is left as an exercise for the class) I think this is a very handy aide-memoire. Her pointers about blog security and discussion settings in particular are sensible and worth reading.

Tags: , , ,
Posted in tips, tricks and howtos, trivial musing, wordpress | No Comments »

click here

January 23rd, 2011

The Cory Doctorow article referenced at the end of the post below mentions URL shorteners as potentially dangerous because they completely obscure the actual URL you will be taken to if you click them. By way of experiment I thought I’d post one here just to see how often it is used.

Tags: ,
Posted in privacy, security, trivial musing | 4 Comments »

damn, I think I got hit by a 419er

January 23rd, 2011

I am normally pretty careful about my on-line security and privacy. I take a lot of care to ensure that my home network is nailed down tightly and all the clients and servers on it are also nailed down as well as I know how. I don’t use software which is susceptible to the majority of the malware out there; my browser is nailed down as tightly as I can get it whilst still allowing it to be useful (roll on HTML5, I hate flash, but it is so damned useful); I do some, very specific, browsing (such as on-line banking) from within a VM and do not use that browser or machine for anything except that specific activity; I routinely bin cookies and flash LSOs (in fact I find it better to disallow all LSOs in the first place); this blog does not include any email addresses harvestable by ‘bots; my email client is a niche (i.e. minority) product and is configured only to allow text (no HTML or embedded images or webbugs); I use tor when I want to be as anonymous as possible; my local DNS server blocks access to a whole range of addresses I don’t like; and I never respond to unsolicited email.

But I got phished. Damn.

Here’s what happened.

I advertised an unwanted mobile phone on gumtree. I chose gumtree in preference to ebay because a) adverts are free, and b) gumtree allows you to target the advertising to a specific location. I like this idea because it means you can say “I’ve got a doohickey for sale in South London. Come and see it and pay cash if you want it”. My ad gave details of the item for sale and, as is recommended, I chose to have responses emailed to me. Here I made mistake number one – I used my normal email address rather than a disposable one. To be fair, gumtree don’t expose any of your private details, they just forward any responses to the address you give. Here’s where I made mistake number two, I responded to queries about the ad from the address given to gumtree. Damn. Idiot. So stupid.

So why do I think the responses weren’t kosher? Well there were a number of giveaways. Firstly the requests were for information already in the ad (“how much do you want?”); secondly, there were a suspiciously high number of “spilling misteaks” in the emails; thirdly, the correspondent wanted me to mail the ‘phone to a location outside the UK (“Thanks for your quick respond actually i will love to buy the Ad for my Daughter who is currently studying at British international college (BIC) in West Africa so am willing to pay you additional £48.76 for the shipping via Express Air Mail.” (sic)); fourthly, the respondents all seemed desperately keen for me to accept paypal as the preferred payment option. I’m normally quicker on the uptake than this, but sadly it took me four or five emails to realise that there was a pattern here and that the people after the phone seemed to be following a script and were completely ignoring my responses. Here’s a sample:

Someone calling him or her self “Janet Mason”:

“Hello Seller,
Can I know the condition of the item? I think you will accept PayPal. And I will pay the postage and packing cost for the item. If you can send me paypal payment request now and I will make the payment straight away without any delay. Hope to hear from you very soon.”

My response:

“Janet

As the ad say, the phone is in “as new condition”. This means what it says. The phone is completely clean and has no visible markings or scratches.”

“Janet’s” reply:

“Ok send me your paypal Payment request now so that I can make the payment now.”

My response:

“I’d like a bit more detail first please.

Where are you? (Full address and telephone mumber so that I can confirm that I am sending to “Janet Mason”.

Details of your confirmed paypal account (so that I know that Paypal have verifed you).

If you want to know why I am concerned please read the paypal guidance for sellers – particularly the bit about sending only to UK or US based addresses and getting signatures on receipt of goods.

I have received several requests to send the phone to “my daughter/son/nephew” or whatever in various Countries outside the EU. I am naturally suspicious.”

“Janet” then says:

“Hello, 
Am in London right now but due to the nature of my work here in London I will not be able to post the item to my Business Partner Daughter in Nigeria as a New Year Gift. But I will pay for the postage and packing cost via FedEX. Get back to me with your paypal payment request now so that I can make the payment now and get the item posted out tomorrow Morning.”

Correspondence ends…..

Now whilst I have not lost the ‘phone, I have verified a usable email address to a bunch of scammers. I expect my spam volume to that address to increase dramatically. Never mind though, I’m not alone in losing out to the bad guys, and at least I haven’t lost any passwords in the process.

Still, I’m pretty pissed off.

Tags: , , , , , , ,
Posted in privacy, security, trivial musing | No Comments »

critical security update to wordpress

January 4th, 2011

This blog comes to you courtesy of those excellent free open source authors who have contributed to wordpress. Unfortunately, in common with all software, wordpress inevitably has some bugs. Worse, some of the those bugs can occasionally be sufficiently bad as to make the software vulnerable to remote exploitation by ne’er do wells and other assorted bad guys.

On 29 December last, Matt Mullenweg posted a notice to the wordpress security blog announcing a very important update which he recommnded be applied as soon as possible because it fixes a “core security bug in [wordpress'] HTML sanitation library, KSES”. Mullenweg rated this [3.04] release as “critical.”

I have just updated my installation. I recommend you do the same.

Tags: , ,
Posted in free software, network (in)security, security, trivial musing, wordpress | No Comments »

a personal note

December 31st, 2010

I have not posted anything new since October because I have been hobbled following an operation to my ankle. Perversely, this made sitting at my desk (and hence my keyboard) very uncomfortable because my leg would swell inside the plaster if I stayed in a seated position for more than a few minutes at a time. But I am now on the mend, the plaster is off, and I wanted to make sure that I made at least one post before the end of the year.

So Happy New Year to (both) my readers. :-)

Normal service will be resumed as soon as possible.

Posted in trivial musing | 2 Comments »

google opt out village

October 9th, 2010

The Onion News Network reports:

This is not satire……

Tags: , , ,
Posted in privacy, trivial musing | No Comments »

« Older Entries
Newer Entries »