Author's posts


This is nasty. There is a remotely exploitable bug in openssl which leads to the leak of memory contents from the server to the client and from the client to the server. In practice this means that an attacker can read 64K chunks of memory on a vulnerable service, thus potentially exposing security critical information. …

Continue reading

Permanent link to this article: https://baldric.net/2014/04/08/heartbleed/

the netbook is not dead

I bought my first netbook, the Acer Aspire One, back in April 2009 – five years ago. That machine is still going strong and has seen umpteen different distros in its time. It currently runs Mint 16, and very happily too. The little Acer has nothing on it that I value over much, all my …

Continue reading

Permanent link to this article: https://baldric.net/2014/03/31/the-netbook-is-not-dead/

the spy in your bathroom

Back in June 2008 I noted Craig Wright had posted to bugtraq reporting a “remote exploitation of an information disclosure vulnerability in Oral B’s SmartGuide management system”. I found it faintly amusing that a security researcher should have been looking for vulnerabities in a toothbrush. I should have known better. A report in wednesday’s on-line …

Continue reading

Permanent link to this article: https://baldric.net/2014/02/28/the-spy-in-your-bathroom/

checking client-side ssl/tls

At the tail end of last year I mentioned a couple of tools I had used in my testing of SSL/TLS certificates used for trivia itself and my mail server. However, that post concentrated on the server side certificates and ignored the security, or otherwise, offered by the browser’s configuration. It is important to know …

Continue reading

Permanent link to this article: https://baldric.net/2014/02/12/checking-client-side-ssltls/

policy update

An exchange of emails with Mark over at bsdbox.co a day or so ago made me realise that my privacy policy needed updating. Not, I hasten to add, for any fundamental reason, but simply because a couple of the references in that policy were out of date. I have therefore amended it and version 0.2.0 …

Continue reading

Permanent link to this article: https://baldric.net/2014/02/12/policy-update/

privacy matters

The Open Rights Group here in the UK has been campaigning against mass, unwarranted surveillance by GCHQ since the Snowden revelations first emerged in summer of last year. Two of its current campaigns are: “don’t spy on us” and “the day we fight back“. I have signed both of them. I have also written to …

Continue reading

Permanent link to this article: https://baldric.net/2014/02/11/privacy-matters/

compare and contrast

Foreign Secretary William Hague is apparently concerned about press restrictions in Egypt. He has reportedly urged the interim Egyptian government to demonstrate commitment to free expression. The press release on the gov.uk website says: Speaking today about increasing restrictions placed upon journalists and the media in Egypt, Foreign Secretary William Hague said: “I am very …

Continue reading

Permanent link to this article: https://baldric.net/2014/02/08/compare-and-contrast/


The “cloud” is achingly trendy at the moment and new companies offering some-bollocks-as-a-service (SBaaS) keep popping up all over the ‘net. Personally I am extremely unlikely to use any of the services I have seen, I just don’t trust that particular business model. I checked out the website for one of these companies today following …

Continue reading

Permanent link to this article: https://baldric.net/2014/01/22/dis-unity-2/

backblaze back seagate

In October last year I noted that the Western Digital “Green” drives in my desktop and a new RAID server build looked to be in imminent danger of early failure. That conclusion was based on a worryingly high load-cycle count which a series of posts around the net all attributed to the aggressive head parking …

Continue reading

Permanent link to this article: https://baldric.net/2014/01/21/backblaze-back-seagate/

thrust update

I have just run a search for further evidence of the possible compromise at thrustvps and found threads on webhostingtalk, vpsboard, freevps.us and habboxforum amongst others. All of those comments are from people (many, like me, ex-customers) who have received emails like the one I referred to below. So, I guess thrust /do/ have a …

Continue reading

Permanent link to this article: https://baldric.net/2014/01/20/thrust-update/

rage against the machine

I know it is futile to rant about banks. I know also that I should not really expect anything other than crap service from an industry that treats its customers as useful idiots. But yesterday I met with such appalling and unforgiveable stupidity and intransigence that I feel the need to rant here. I have …

Continue reading

Permanent link to this article: https://baldric.net/2014/01/19/rage-against-the-machine/

thrustvps compromised?

I have not used thrust since my last contract expired. I left them because of their appalling actions at around this time last year. However, today I received the following email from them: From: Admin To: xxx@yyy Subject: Damn::VPS aka Thrust::VPS Date: Sat, 18 Jan 2014 03:28:06 +0000 This is a notification to let you …

Continue reading

Permanent link to this article: https://baldric.net/2014/01/18/thrustvps-compromised/

strip exif data

I have a large collection of photographs on my computer. And each Christmas the collection grows ever larger. I use digiKam to manage that collection, but as I have mentioned before, storing family photographs as a collection of jpeg files seems counter intuitive to me. Photographs should be on display, or at least stored in …

Continue reading

Permanent link to this article: https://baldric.net/2014/01/11/strip-exif-data/

http compression in lighttpd

Today I had occasion to test trivia’s page load times. I used the (admittedly fairly dated) website optimization test tool and was surprised to find that it reported that parts of the pages I tested were not compressed before delivery. I have the default compression options set in my lighty configuration file as below: compress.cache-dir …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/30/http-compression-in-lighttpd/

getting close to the nsa

Since my last post there have been a couple more entrants to the Tor logo competition. Neither, strictly speaking, meets the original requested criterion that they be suitable for inclusion in Tor Project team presentations, but each has its merits. The first image below was posted by “David”. I think it captures rather nicely the …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/26/getting-close-to-the-nsa/

merry christmas

image of tor onion wearing crown

As I have noted before, 24 December is trivia’s birthday. My first post dates from 24 December 2006 so trivia is seven years old today. As is now becoming traditional I therefore post again today. And as a reflection of the story which has come to dominate trivia over the latter half of this year …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/24/merry-christmas/

tor boost

Moritz Bartl has just posted some good news. Torservers.net, a volunteer run organisation spread across eight countries which provides high bandwidth Tor servers to the network, has just been awarded $250.000 over two years by the Digital Defenders Partnership. According to Bartl’s press release, with this additional funding: participating Torservers organizations will be able to …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/14/tor-boost/

you choose

A letter in today’s Guardian, signed by someone called Paul Brannen, touched a chord. Brannen commented that it was difficut to find anyone today who did not, apparently, support Mandela’s release from Robben Island. Putting that in perspective, he noted that UK membership of the anti-apartheid movement in the 1980s averaged only 8,500. Brannen concludes …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/12/you-choose/

caption needed

image of president obama at mandela memorial

This picture, from the french news agency AFP taken at the memorial service for Nelson Mandela, just cries out for a speech or thought bubble caption (or two). Just what is the First Lady thinking whilst her husband poses with Denmark’s Helle Thorning-Schmidt (with our own dear PM trying desperately to get in on the …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/10/caption-needed/

an historical perspective

El Reg commentards can get worked up about a whole range of topics. That is one of the reasons I so enjoy reading it. Back in May 2009, El Reg posted an article about the then Home Secretary’s decision to place the right wing US Radio commentator, Michael Savage, on a persona non grata list …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/10/an-historical-perspective/

ssl cipher check

My recent explorations of how to strengthen the ssl/tls certificates I use on both trivia and my mail service have given me cause to look for tools to help me test my configuration. The Calomel firefox plugin and sslabs site are very useful for checking HTTPS configurations, but they are fairly specifically aimed at that …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/10/ssl-cipher-check/

no more akismet

In common with (probably) all wordpress based blogs, trivia has the aksimet plugin in place. Akismet is shipped by default in the base wordpress installation and new users are encouraged to sign up for an API key. On first configuring the blog’s plugins, users are greeted with the following commentary about akismet: Used by millions, …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/08/no-more-akismet/

where are you now?

image of map in germany

The ongoing revelations from Snowden continued recently with reporting in the Washington Post about the NSA’s program to track mobile ‘phone location data. Reporting here and elsewhere suggests that the NSA is gathering nearly 5 billion records a day on the whereabouts of cellphones around the world. That reporting, and its obvious implications, reminded me …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/08/where-are-you-now/

TLS ciphers in postfix and dovecot

A recent exchange amongst ALUG email list members about list etiquette resulted in a flurry of postings on a variety of related topics. I posted a flippant comment about top posting, but did so (deliberately) from my Galaxy tab using Samsung’s default email client which actually forces top posting. Steve responded suggesting that I look …

Continue reading

Permanent link to this article: https://baldric.net/2013/12/07/tls-ciphers-in-postfix-and-dovecot/