twinhelix.org


In the last two weeks, I've seen at least two websites fall off the internet because of a distinct lack of forward planning

I've got plans to upgrade my own infrastructure, but currently, I don't see that much traffic

I wrote this handy little script today, it’s not particularly well perlified.. (y’know, short and unreadable).. nor is it *particularly* elegant, and i’m sure loads of people will criticise me for it.. but here we go.

Say you’ve got a file, and you want to count duplicate lines, say, in a log file, apparently, there is no easy way to do this in bash. no, grep -c|sort -n does not do it right.

#!/usr/bin/perl
use warnings;
use strict;
use IO::File;
use Digest::MD5 qw(md5 md5_hex md5_base64);
use Data::Dumper;
my %library;
my %strings;
my $fh = new IO::File;
$fh->open($ARGV[0]); #open first argument as file
while(<$fh>){
        my $string = $_;
        chomp $string;
        my $digest = md5_hex($string);
        if(exists $library{$digest}){
                $library{$digest} += 1;
        }else{
                $library{$digest} = 1;
                $strings{$digest} = $string;
        }
}
for my $key (sort{ $library{$b} <=> $library{$a} } keys %library){
        print $library{$key} . "t" . $strings{$key} ."n";
}

1) Does anyone still read this?

2) Ch…ch…ch…Changes.
I’m starting a new job in about 3 weeks.  Systems Administrator again, this time for http://www.assanka.net in Shepherd’s Bush, London.  I’ll be moving up to London on the weekend of the 17th of July, or so.  Another big step, about as scary as moving to Brighton was, a year ago.

3) BSO Rant. 
I’ve been thinking again about getting a bike (no, not a motorbike, not just yet), but something i could ride around london’s parks on, or commute on if i needed to.

Being an engineery type, I’ve got a fairly clear idea of what’ll work, and what doesn’t.

Use Case
Tom wants to ride to work on the roads, ride around the parks, ride along the riverside.  And get fit enough to do the London2Brighton in 2010.

I want:
Aluminium frame
Good brakes (Discs would be ace)
Proper gears with proper shifters
Maybe front suspension would be nice too.

I DO NOT WANT:
An oversized steel frame which is stupidly heavy
Garish colours
Gripshift gears (These are the epitome of crap mechanisms)
Full suspension for an extra £30 (Going on “you get what you pay for” it can’t be that good!)
Plastic pedals
Shitty brakes.

For the right bike, i’d be willing to pay about £350-450.  I thought I’d be able to get a good idea from some online retailers, but all they seem to offer are “Bike Shaped Objects” (BSOs).  I know i’m not the only one to have this problem in finding a Real Bike.

Anyone got any ideas? suggestions? want to take me bike shopping?

Wordpress cruelly ran stripslashes on stuff inside a <pre>.  I’m not happy.. Here’s the real version

http://pastebin.com/f41c22261

A few weeks ago, I wrote about this facebook meme, “The Name Game” and I hypothesised that this wasn’t a meme, but actually a data gathering exercise, possibly started by scammers.

I’ve found another one.  One of my friends took the “True Age Test”, and came out younger than their actual age.  I’ve just had a brief flick through the questions.

Starting off with fairly harmless, questions which are related to the app, “What is your actual age, what race are you, how much exercise do you get” etc…
Rapidly progresses into “Have you ever had any heart conditions, did anyone in your family die before the age of 60 from coronary related illnesses”

Later, “Do you have diabetes. Do you have any Digestive problems, Do you use drugs, How depressed do you feel, What is your relationship status” and so on.

Now, not only are these questions a bit personal, but there is no obvious information on how your data will be stored, or used, or archived.  Given that facebook already shares a good proportion of your personal data with these applications, what is the probability that you’ve just answered enough data to build up a probability report of how much a risk you would be to a) a future employer, b) a bank, building society, etc or c) an insurance salesman.

It also doesn’t state (nowhere that I saw, anyway) what they’re gonna do with the data, Is it transient, or stored in a file somewhere.  How long is it stored for? Do they plan to sell the data? Domestically, or overseas?

Also, without a comprehensive code review, it’s not very easy for people to see whether the data is going to be exported through a backdoor in the code, so even if they say “Oh no, the data isn’t stored, or identifiable”, there doesn’t seem to be any easy way to prove that.

IIRC, Facebook don’t ask to see your sourcecode to the application, so it might be quite easy for an individual with malevolent intent to gather a vast amount of potentially sensitive information quite easily.

The motivation for people to participate in this application is simple “I want to prove that my ‘real age’ is younger than my biological age, therefore I feel good about myself”.

We all want to feel good, don’t we?

But at what cost?

The last time I saw questions like that was on a health insurance quotation.

I wonder if you’ve heard of a Drabble?

A drabble, simply put, is a story, normally science fiction or fantasy that is exactly one hundred (100) words in length. No more, no less.

Here is mine:

It was a slow day in the spaceport.
“These rocket cowlings aren’t going to fix themselves”, Simon thought to himself, wistfully.
It was 4 days since the incident, nobody said a word after it happened, not until this morning, that is.
Simon knew exactly what to do; he lifted the great copper mallet above his head, and struck the cowling with all his might.
The resonance shook the entire rocket, the mallet, his arm and the rest of his body. “Damnit”, Simon swore, just as a shadow appeared over Simon’s left shoulder.
“I owe you a pint, for this”, the shadow said.

Or is it social engineering?

There’s a current meme going around on facebook.. One of these note things, you do it, you tag your friends, they do it, etc etc.

This one bugs me slightly, because it asks for a fair bit of information.  Here’s a brief summary of the answers you give.

1. Your Full Name
2. Your Mother’s Middle Name.
3. Your Grandfather’s Name.
4. Your favourite: Colour, Animal, Drink, Ice cream flavour, Cookie
5. Place of Birth
6. Street where you live
7. Street you grew up on
8. Name of your Pet

I recognise some of those as secret question/answer pairs from a number of websites.   I’m really only kicking the tyres on this one, but what if someone designed these memes to gather data about people, including data about their past, place of birth, residential address, pet names, other stuff that’s commonly asked for sample questions on “Secret Question/Answer” credentials online.

I decided not to participate in this one unsurprisingly.  In fact, I recommend that everyone who has done the “Name Game” note looks closely at their note privacy settings, just to make sure they don’t mind everyone knowing this information about them.

I love collaborative websites.  Wikipedia, Blogs, community oriented stuff like Stack Overflow (Yeah, i said it. )

There is however, the lingering problem of vandalism, and it’s one that seems to crop up on pretty much ever collaborative website i’ve ever seen. Wikipedia has a lot of newbies contribs which are utter nonsense, advertising, spam, page blanking and so on.  There’s a hefty team of people on Wikipedia however who go around reverting this kind of stuff.  I’m one of them.  I use mediawiki at work also, so I’m pretty confident around the entire wiki platform, and IMHO, mediawiki is the best wiki software out there.

Anyway, on Saturday, I was quite pleased to discover that the Science Museum in London has now got a collaborative object wiki.
I love the idea of having visitors add their own memories of stuff that is on exhibition.  It seems that it’s mostly household items that are well commented on, for example Frigidare Refridgerators.
It was on this site, on saturday that i discovered that they had fallen to the terrible plague of edit vandalism, and the homepage of the wiki was now some statement about some girl called Louise and her love of turkey and cannock. It seemed she had also discovered her User Page, and decided to spread the nonsense to the public home page.

I created an account, reverted her edit, left her a message on her talk page (Sometimes these passive-aggressive things are all you can do!), and then had a rather nice thank you message from one of the administrators.

I think that might have been my 8 or 9th visit to the science museum.  I’m forever discovering new stuff there.. That, and they keep adding new stuff :-).  I’m quite looking forward to the future “Biker Tribes” exhibition, as I’m rather mad about motorbikes these days (more on that soon! [Sidenote: Anyone following me on Flickr might be interested in my Motorbikes Collection]).  There’s much more I could say in praise of the Science Museum, but I haven’t time, or pixels left.

I got an email today from some software company.. Trying to sell me a password management tool.  I used to use KeePass which was pretty effective.  This one is considerably more expensive.  Among its features, it boasts:

1) Generate uncrackable passwords using the integrated Password Formulator

2) Maximum protection of your sensitive data thanks to the security algorithm Rijndael 256-Bit!

3) instead of passwords like “toothbrush” or “Rover”, which can both be cracked in a few minutes, you now use passwords like “g\/:1bmV5″£$p’}=8>,,/2¬%`CN?\A:y:Cwe-k)mUpHiJu:0md7p@<i” (with a 1-GHz-Pentium-PC, it takes approx. 307 years to guess this password!).

4) Password lists on the internet: Place your encrypted password lists on the Internet and enjoy access to all of them, no matter where you are!

5) Protection from keylogging (intercepting of keystrokes) – All password fields are internally protected from keylogging.

I’ve got issues with all three five points above.

1)  That’s a pretty bold statement to say that your passwords are uncrackable.. I suspect they really mean that they haven’t been able to crack them, or somebody  hasn’t been able to crack them YET.

2) Another word for  Rijndael…  Yep, AES.  Really nothing that sophisticated.  Under closer inspection they’re really no better than the free alternatives.

3)  While “g\/:1bmV5T$x_sb}8T4@CN?\A:y:Cwe-k)mUpHiJu:0md7p@<i” may be long, secure, mixed cases, characters, alphanumeric, and symbols, it’s certainly not memorable.  So what happens if you generate this password for XYZ internet banking service, and then you go on holiday and forget to pay a bill, or need to move some money about.. You don’t have your password safe with you.  Bugger.

The other thing that’s at the front of my mind now, is what password do you use to lock the password safe? Do you use a long, complex, difficult to break one, which you’ll probably never remember, and will need to write it down (therefore making it totally pointless anyway), or a simple short password like your first pet’s name, and some thoughtful numbers after it.

Sidenote to point 3.  307 years on a 1GHz Pentium.. What about a dual-quad core Pentium Xeon.  Or a distributed attempt across 256 nodes of dual-quad core Xeons.  Still, it’s reaching a bit far, but it doesn’t mean that this password is unbreakable.  Not by a long way.

4) Does anyone else think this is potentially asking for trouble? Assuming XYZ company is hosting them, “securely”, how can you prove they don’t have a backdoor to decrypt the files.  Do you trust them? Considering you’ve paid €30 for this package, it’s not really as binding as a really expensive legal SLA.

5) Uh, right.. So this software is going to prevent me from putting a PS2/USB hardware keylogger between the PC and the keyboard? I think not. And if it claims to protect against software keylogging, how could you prove that it wasnt a keylogger itself.  It would be a pretty ingenious way to harvest credentials, make the user believe they’ve just bought a security enhancement, really they’re buying a back door.  (I’m not saying that’s what they’re doing, but it’s certainly enough to make me want further verification of the publisher’s honesty.)

I really don’t like the sound of this software, actually, I’m not keen on this “credentials management” type thing at all.  There’s too many unanswered questions.  And that’s before we get onto the rather open question of the use of biometrics for passwords. There seems to be a growing trend at the moment where biometric data (fingerprints, webcam images, iris scans) provide the password data, as opposed to the identity data that is then confirmed with a password.

Private keys and passwords are easy to change when compromised, but how do you change your fingerprint, facial shape, or iris detail when your credentials are compromised?

This week, it’s Old Cocky, Stinger, Young’s Kew Gold

Young’s - Kew Gold
A light bottle-conditioned ale brewed with lager and crystal malts.  This is a very good satisfying drink. Mellow hops and a lovely fruity citrus finish.  Will buy more.

Welton’s - Old Cocky
Delicately sweet, with a nutty finish. Somewhat overhoppy for my liking.  Alright, but nothing too special.  Brewed locally in Horsham

Badger - Stinger
A firm favourite of mine, reminiscent of the last holiday in Dorset.  Probably better on draught than bottled.  Brewed with nettles.
Grassy with a slightly spicy citrus aftertaste.
Only slightly bitter, a very remarkable ale.