Strait Up

July 10th, 2017

You know, I always hated this record:

and I still do.

Anyway, we actually did have a lovely time in Bangor. My dear Stymistress booked us a weekend away, the primary objective being a visit to Bangor Garth Pier, so a trip up the A41 and along the A55 on a Friday morning saw us in Bangor by lunchtime, with lunch in a nearby pub and checked into the hotel overlooking the pier.

The pier, from the car park, a mere few yards from our hotel.

The pier itself is lovely: in generally good order, unlike one just down the coast, and long, poking out long enough into the Menai Strait that Whatpub starts suggesting The Gazelle Inn as nearby:

As to the town, subsequent exploring on Saturday showed that our location by the pier was by far the best for pubs and food: I don’t think the town’s considerable student population does it any favours, so we stayed around Garth mostly, though the fact we both were suffering with a cold probably helped on that one, a pleasant sit in the sun on the pier or a nearby beer garden being better than a sticky-floored, sticky-tabled city pub.

Sunday saw us drive over the lovely Menai Bridge to Menai Bridge, and a pop up the coast for a bonus pier, Beaumaris: less impressive than Bangor, but at least not falling down :-/.

A trip back down the coast, a visit to Plas Newyd, and a drive home. 2 more piers visited!

Watching

May 29th, 2017

I happened across a tweet from CPMG last week,and retweeted it (amd, indeed, responded to it with both a reply and by completing the survey (which I’d encourage you to do). The conversation that resulted can be viewed on twitter by clicking the first link, but is also screenshotted below:

Screenshot 1 of 2- click to embiggen.

screenshot 2 of 2, click to embiggen.

An interesting conversation, rapidly joined by Livestream Data Systems, who, in their own words, provide backend systems for ANPR. Almost as if they were ready, watching for replies, huh?

They made the very valid point that a number plate (VRM) is public data, publicly visible all the time. This is true, of course, but it’s trivial for people to associate my number plate with me- especially should the “they” be law enforcement, who can look it up in seconds.

Continuing that, it’s pretty trivial to track me by combining ANPR with a few other things. A thought occurred to me as an example: I completed the survey from the holiday flat we rented. I checked the public-side IP of the broadband connection, and it geolocated to within a few miles of my location (I was in Torquay, it said Dawlish). So, taking only public or non-personal data along with potential ANPR data (the camera locations are not public) I follow CPMG on twitter. I completed the survey from a location near Torquay having clicked through from Twitter (this data could be obtained from server logs).

CPMG probably don’t have many followers on the English Riviera, as they’re a Midlands unit.

Now search the ANPR data for cars travelling between the Midlands and the South West. Add in from the server logs that I used Linux, google a bit, and you have me, most likely. You know where I am, what car I drive, and you have my opinions on ANPR, without having to apply for a court order or similar. Analyse ny tweets, dig over this blog and there’s plenty to learn (of course, what I tweet or post here I’m voluntarily supplying, thank fuck I don’t use Facebook).

That might sound a little paranoid, but it’s an example, and it’s why we should all remain vigilant and wary. I don’t have anything to hide, and you could therefore take the view of “who cares”, but are you comfortable with being tracked?

There’s going to be a lot of pressure in coming times for greater surveillance, especially given recent terror events: but one thing to consider here is that if a terrorist is willing to kill or injure many people with explosives, I don’t think using false plates and/or changing vehicles is going to bother them, whereas the majority of us use one or two vehicles regularly, so it’s far easier to track ordinary citizens than the criminals. Most of us voluntarily carry a tracking device (smartphone), use bank cards: do the bad guys do that?

I’d like to make it clear I fully support CPMGs work, keeping the road safe for us all, but I’m a bit concerned about data use (and misuse) here, and this isn’t the first time. It’s the work of seconds to reveal misuse of anti-terror legislation for things as trivial as school catchment areas, and there’s prior cases of ANPR misuse. That’s even before we consider that companies like Livestream- a private company- may be providing the back end and processing for the national network (I don’t know exactly who does), and therefore we could be trusting their systems and employees with this data.

A quick Google search revealed a supplier of services to councils who apparently encrypt ANPR data with SQL.

Errrm?

Oooh- what’s that black helicopter overhead?

NHS & Ransomware

May 13th, 2017

Last night, news of a big ransomware outbreak within the NHS came out. This is very bad news: ransomware takes control of your PC and then encrypts any files it can, including any network drives it can get to, then demands money to decrypt them.

Ever since this outbreak was disclosed, there’s been a parallel out break of fuckwits. Stating that various people, from the NHS IT techs to the government are (ir)responsible, and this was entirely avoidable.

It was, of course. But at what cost? Lots of network admins will say how easy it is to keep systems up to date, and at one level it is. My home network is continually up to date: firmware on my domestic router is recent, all the PCs are patched. This is really, really simple, and I barely have to lift a finger to manage it.

It’s also quite simple in a large corporate network if the machines are simple- if they’re all recent PCs, and running little more than Windows and Office, you set up WSUS, keep the OS up to date by having an MS subscription, and it’s job done, and you’re in the pub by lunchtime.

Except, as usual, it’s not that simple.

There are times you can’t update an OS, or at least it’s prohibitively expensive and/or hard. This Twitter thread says it better than I could in relation to the NHS, but all over the place, in industry, education, and everywhere else, there’s systems that are only certified for old operating systems, systems that use bodged, modified OSs (Nortel Callpilot, I’m looking at you) and systems that are untested with patches and/or new operating systems. These cannot be patched or upgraded, and may have millions of pounds of hardware attached which can’t talk to anything else, so the choice becomes to air-gap them, stop using them and buy replacements, engineer a gateway between them and other systems, or just try to beef up the firewall and other edge-protection, and hope nothing gets through; and the compromise is a matter of judgment and risk management, balancing risk against cost and practicalities given limited resources of both staff and cash, and trying to maintain service in something cut to the bone by the current government. It’s worth remembering her that the NHS isn’t the only victim: anyone with finite resources can get hit- so that means basically, all businesses. As complexity increases, the dificulty of keeping it all up to date increases exponentially. Keeping tens of PCs and one server up to date is trivial, hundreds of servers and thousands of PCs with bespoke, complex software is most definitely not.

Finally, spare a thought for the poor NHS sysadmins, fighting this while probably not getting paid, and please, if you’ve suddenly discovered an interest in patching operating systems and are trying to grind a political axe with it, shut the fuck up until you know what you’re talking about.

Runeaudio

April 27th, 2017

I’ve had a Volumio music player for a while: pretty good overall, but sometimes a bit prone to corrupt filesystems. Checking the website, there was a new version, so I thought I’d try it. It was….interesting. Cleverly done, with squashfs filesystem images and a data partition to save data, but using it gave me a few issues. First of all, the original Raspberry Pi model B I was using turned out to be too slow: the initial setup took 20 min to complete, and playing audio was glitchy as it couldn’t shift data down the USB fast enough. Changing to a Raspberry Pi2 fixed that, but then it dropped off the network. With no HDMI monitor nearby, this was impossible to troubleshoot, so I tried an alternative: I had a HP thin client lying about, and Volumio has a x86 experimental version, so with a CF-IDE converter and a CF card to replace the tiny flash disk in the HP, off I went. Working out a few bugs in the BIOS that make booting the CF and not trying to boot the external USB drives that just contain music took a while, but it worked, quite well, with 2 problems- firstly, the web interface and the view through Cantata didn’t agree, and secondly…
Read the rest of this entry »

Beer Festival 2: Willenhall

April 22nd, 2017

Beer festival 2: Willenhall, at Bar 442– essentially Sporting Khalsa‘s clubhouse, though that makes it sound a bit on the small side; it’s a good size, pleasant bar, and for the festival they’d usefully extended it with a marquee over decking at the back. Overall a great festival- good beer, great Indian food, good organisation and even good weather.

Scores as follows:

Beers advertised 15
Beers available 15
Ciders advertised 7
Ciders Available 7
Venue 80
JC Bonus 0
Friends Present 2

So a score of 126.

Manchester

April 18th, 2017

The Easter holiday saw me working away in Manchester, pushing packets south. I’d been to Manchester before, but it was a long time ago, and only a day trip, though work scahedule this time didn’t leave much time for sightseeing (but by Jeebus, that town hall‘s a bit of magnificent Victorian “fuck you, look how much money we have”).

We did have some downtime though; and some of Manchester’s pubs are fantastic: every bit as good as some of the best Birmingham ones, and there were great restaurants too, as you’d expect in a large city. I just wish we could get some of that variety in Walsall.

Ahoy hoy

March 31st, 2017

It’s not been a good week phone-wise: I managed to lose my Wileyfox Swift last Saturday, so bought a replacement- a Swift 2, which arrived on Tuesday. With it still shiny and new, I went out for a bike ride, and a slightly ill-advised overtake of a jogger resulted in the front wheel getting hung up on the ridges of the path, a slide down the bank, and an unscheduled swim; the first time I’ve gone into the cut in about 35 years of riding.

The canal isn’t as cold as you’d expect, but the ride of about 3 miles home dripping is still quite grim, as was my smell pre-shower. I have no idea if every bearing on the bike is now washed free of lubricant…

The bag of rice failed to resurrect the phone, so back to the old Galaxy S2 it was, and a double claim to the phone insurance. The phones are quite cheap, but doing 2 in in a few days stings a bit.

I’d not been totally happy with the Swift 2: it was dual-SIM like the original, but using a Micro-SD blocked one SIM slot, so I decided to go for a Lenovo Moto G5 Plus, which takes 2 SIMs and a Micro SD, and has a removeable battery, and, like the Wileyfox phones, keeps the bloatware to a minimum, staying quite close to stock Android; The big-name phones, for me, have too much added on, and I’m not going to void the warranty on a brand-new phone to remove it.

Festival -1: Walsall Beer Festival

March 9th, 2017

Sad to hear that this weekend’s Walsall Beer Festival is off:

or at least, not really the same:

So while we’ll see a kind of pre-determined pub crawl, the “tons of beer in one place” option is gone, and, I have to say, while the BCA is a fine pub in many ways, it’s not one of my favourites. The Wheatsheaf is a great pub, as is The Victoria, and The Drunken Duck is one of my locals, so they’ll be opportunity to try something new, hopefully.

[edit] The White Lion and The Fountain are also finding a home for some of the beer.

There’s been a lot of speculation about the cause of the cancellation, and depressingly allegations and recriminations aimed at Walsall Council and indeed at the volunteers from Walsall CAMRA who give up their time for nothing to do this. At this time I don’t know for sure where the problem originated, but it seems the venue didn’t have the correct licence:

From Walsall CAMRA’s facebook page.

Whatver the problem, I’d like to thank Walsall CAMRA for their hard work, and the pubs mentioned for taking on the beer, because wasting it would be a disaster…

Old Haunts

March 7th, 2017

We’ve been away: south-west Scotland. In February. I didn’t fancy the warmer options (as it involves a metal cylinder full of bastards), so my better half booked some places, and we hit the M6 to head north and do some B&B hopping.

First stop: Annan. We’d not been here before, and it’s a very noticeably Scottish town for one so close to the border: red sandstone, scottish baronial clock tower on the town hall,

Annan’s town hall clock tower


and the odd other bit of Victorian excess, now faded. We stayed in one, and I walked past another one morning: a glorious money pit of a hotel:

The Central Hotel: currently disused. Copyright Richard Dorrell and licensed for reuse under this Creative Commons Licence

The last time it was for sale, it had a guide price of £150K: I’d guess you’d need many times that to restore it, and I strongly doubt you’d make it back: Annan was a nice town, with some good pubs, but it’s not got masses of tourism or masses of cash.

It has, however, got a reborn distillery that Professor David Thomson was brave enough to restore– and the curiously named Devil’s Porridge Museum nearby.

Next call was Portpatrick: postcard-pretty harbour, and a nice hotel for a couple of nights. We popped to Stranraer, which is still a bit grotty, and on to Port William. That’s Port, not Fort. Beware the mistake, and automatic suggestions from websites: we nearly misbooked, and we’re not the first, according to a previous landlord of the Monreith Arms over 20 years ago. Our last stop was Ecclefechan, for no better reason than the hotel is lovely, and a bargain.

We’d last been to South West Scotland in 2009, but not come further west than Castle Douglas: it was well over 20 years since coming this far over, and it was surprising: not a lot had changed, to be honest, but Port William was prettier than we remembered, and Glenluce tattier…

Free the Meraki

February 22nd, 2017

So, around 3 years ago, we had some Meraki access points at work. I was pretty keen on the tech, but less so on the licence model, where you pay the going rate for an access point, and then have to pay for a licence to use it, or it becomes useless, because it will only work if connected to Meraki’s cloud managment.

This is no longer true, and became untrue a while ago, and as the Meraki APs we had have come due for renewal, and have been replaced, I had one thrown in my direction.

A bit of searching threw up a few pages suggesting OpenWRT will work just fine, with a couple of caveats about the difficulty of rooting the device to gain enough access to overwrite the Meraki firmware: they’d really rather not let you do this- they give away sample access points, so maintaining their licence model is the way they make money.

Anyway, I already had a CP2102 USB-Serial (TTL level) converter I’d bought to have a play with one of those dodgy webcams, so I bought a PSU from Ebay, and got out the soldering iron, PuTTY, and an ethernet crossover cable.

The basic instructions are here, but to get root, I had to follow the procedure here, and indeed root the standard firmware (to get a reboot command, as my AP would not boot properly with the UART connected to the laptop).

The first challenge was getting the UART cabled correctly: the phrase

an UART adapter wired to the MR18 (speed is 115200). Pinout (left to right): VCC/RX/TX/GND

was misleading for me: first of all, that is corrrect if you hold the AP with the connector at the top like in this picture, and secondly, the RX/TX desgnation refers to which pins you need to connect from the CP2102, rather than their function on the AP, so I had some fun getting the UART cabled.

The second, but not hard, challenge was installing a web server, and realising that openwrt-ar71xx-nand-mr18-initramfs.bin had changed name to openwrt-ar71xx-nand-mr18-initramfs-kernel.bin in a later version.

The third challange was that the AP got stuck in a boot loop from cold with the UART connected, though a warm boot was fine. That wasn’t a problem for the initial rooting (where you hold down “S”), as there’s enough time during the boot cycle after powering up the AP, but when it came to booting the OpenWRT image, I couldn’t hit “2” in time: I resolved this by rooting the Meraki firmware to get a reboot command, then hitting “2”.

With those out the way, it was as simple as setting an appropriate fixed IP on the laptop, connecting the ethernet crossover, logging in to the newly booted image’s LUCI interface, and applying the full firmware image, which erases the Meraki firmware once and for all, and you have a free MR18 🙂


This blog is protected by Spam Karma 2: 41052 Spams eaten and counting...