Archive for the 'General' Category

NHS & Ransomware

Saturday, May 13th, 2017

Last night, news of a big ransomware outbreak within the NHS came out. This is very bad news: ransomware takes control of your PC and then encrypts any files it can, including any network drives it can get to, then demands money to decrypt them.

Ever since this outbreak was disclosed, there’s been a parallel out break of fuckwits. Stating that various people, from the NHS IT techs to the government are (ir)responsible, and this was entirely avoidable.

It was, of course. But at what cost? Lots of network admins will say how easy it is to keep systems up to date, and at one level it is. My home network is continually up to date: firmware on my domestic router is recent, all the PCs are patched. This is really, really simple, and I barely have to lift a finger to manage it.

It’s also quite simple in a large corporate network if the machines are simple- if they’re all recent PCs, and running little more than Windows and Office, you set up WSUS, keep the OS up to date by having an MS subscription, and it’s job done, and you’re in the pub by lunchtime.

Except, as usual, it’s not that simple.

There are times you can’t update an OS, or at least it’s prohibitively expensive and/or hard. This Twitter thread says it better than I could in relation to the NHS, but all over the place, in industry, education, and everywhere else, there’s systems that are only certified for old operating systems, systems that use bodged, modified OSs (Nortel Callpilot, I’m looking at you) and systems that are untested with patches and/or new operating systems. These cannot be patched or upgraded, and may have millions of pounds of hardware attached which can’t talk to anything else, so the choice becomes to air-gap them, stop using them and buy replacements, engineer a gateway between them and other systems, or just try to beef up the firewall and other edge-protection, and hope nothing gets through; and the compromise is a matter of judgment and risk management, balancing risk against cost and practicalities given limited resources of both staff and cash, and trying to maintain service in something cut to the bone by the current government. It’s worth remembering her that the NHS isn’t the only victim: anyone with finite resources can get hit- so that means basically, all businesses. As complexity increases, the dificulty of keeping it all up to date increases exponentially. Keeping tens of PCs and one server up to date is trivial, hundreds of servers and thousands of PCs with bespoke, complex software is most definitely not.

Finally, spare a thought for the poor NHS sysadmins, fighting this while probably not getting paid, and please, if you’ve suddenly discovered an interest in patching operating systems and are trying to grind a political axe with it, shut the fuck up until you know what you’re talking about.

Some you win

Friday, November 4th, 2016

Time I blogged a bit more…

A week of differing days: starting with a very long day, and a failed Internet connection and firewall migration (which had to be reverted), followed by another late finish, followed by a hospital appointment with a long wait (and having arrived early in order to park, that made it a very long one) and a vile, stop-start rush hour drive back through Brum, along with the accompaniment of an ominous rattle from the car, sounding like I was dragging a wind chime.

Today was improved: the rattle went, and after a check by my friendly local VW specialist, we agreed it was probably nothing more than a stone trapped in a brake disc shield, which then dropped out at some point. A grim drive from there to work, but then things start to improve later in the day: I did have a spare PCI ethernet card in my desk to connect a failing wireless network, the IPCop firewall PC did have a spare slot and the drivers for the card, I did know the password, and it all just worked, which meant a 4pm finish, and a surprisingly good journey home.

With a bit more time on my hands, it’s easier to persuade myself go for a quick spin on the bike to Chasewater. Rush hour was still in progress on the roads, but the towpath was literally almost deserted (I met one person, one cat and one fox in over 6 miles) and peaceful, but tough going after a week and a half not riding. The compensation for dragging my corpulent carcass out on a dark and relatively cold night is that I’ve reclaimed my towpaths from the armies of dog walkers, anglers, fair-weather cyclists, and pokemon hunters that are all over the place on the lighter, warmer evenings (though to be fair there was one pokemon hunter at Chasewater itself).

I’m now hoping my plan to leave early today (Friday) comes to fruition. A plan for the cinema, some beer and some food is forming….

The Pub Lifecycle

Tuesday, August 16th, 2016

Some thing I’ve remarked upon with friends but not really covered here before now is the seemingly cyclical nature of some pubs; Andy has mentioned it in a number of posts, and we’ve probably caught pubs at different stages of the cycle during 100pubs.

What’s prompted this post is one of my local pubs, seemingly on the rise about 2 years ago, has seemingly quickly declined and is heading for the bottom of the curve. I won’t name it.

The cycle seems to go like this:

New landlord/owner –> investment/refurb –> interest in the business –> good beer –> increased custom –> better pub.

There may be food involved, though it’s optional (I’ll return to this).

Then the landlord or the pubco lose interest.

pub gets tatty –> fewer customers –> beer quality down –> takings down –> possible closure/landlord leaves.

Some pubs survive at this low point: if you’ve got an established trade of less fussy customers who drink a basic lager such as Carling or Fosters or a keg bitter like John Smiths that doesn’t go off quickly, there’s money to be made. I’d also like to point out that only serving such beer isn’t neccesarily a sign of a poor pub- I can think of sveral fairly decent pubs with no cask ale near here- but here’s a list othings I’d consider warning signs:

1. Cask ale declines in quality or disappears.
2. “Premium” lager disappears.
3. Wine disappears.
4. Food, if it was served, disappears.
5. Basic maintenance/cleanliness disappears. The toilets are usually the worst thing…
6. Choice of the more basic beer/cider reduces.

Once you get to 6, that’s usually trouble. The locals start to abondon the place, so the money dries up, and this is exactly where we seem to be in this case, and the other local pubs (Walsall Wood being blessed with several) are gaining custom, and raising their game accordingly: one one occaision I’ve left the pub in question due to the poor beer choice, only to see 6-8 customers that left before me in another one nearby.

I know that it’s harder to run a pub these days, and the closures have complex and varied causes, but there’s still oney to be made running a pub, and around 12-18 months ago, this pub was very busy indeed: Walsall Wood isn’t a huge place, but there’s plenty of drinkers about willing to be seperated from their money if you do it even half right, and decent beer, decent wine, and bogs that are at least tolerably sanitary would be a good starting point on the way to a perfect pub. Food can spoil pubs done wrongly, but well done it can boost takings and footfall withoout spoiling atmosphere.

What I don’t understand is that I’ve seen all of the local pubs go through this cycle at least once in the last 20 years (and one of them manage it 3 times, at least). There’sobviously potential to succeed, as they do when a new landlord arrives, but why the rapid cycling when some pubs remain stable for decades?

Beyond the Northern Wastes

Thursday, July 7th, 2016

In the over 20 years I’ve lived in Walsall Wood, near to the 39x (previously)/10/10A (now) bus route, I’ve probably only caught the bus northwards towards Brownhills a handful of times, heading instead towards the bright lights of Walsall, and even on those occaisions, I’ve never strayed north of the A5, because “here there be dragons”, obviously.

It was about time for a change. The happy realisation that the evening service is every 30 minutes or so for its full length from Walsall, through Walsall Wood and Brownhills, into Chasetown and Burntwood, and back, means that a whole raft of new pubs are within reach, so off we went. It’s been a while since we had a bus-based pub crawl.

A short trip to the Swan Island saw us outside The White Swan, which was closed, so we continued to The Nags Head, pausing there for a drink en route to The Drill Inn for food. After a walk back, The White Swan was open, so a swift one in there, and as the bus passes right by and stops very near, one at The Junction, before returning safely back south of the border.

All your files are exactly where you left them

Wednesday, January 13th, 2016

The title of this post comes from a Windows message displayed during a update to Microsoft Windows 10. At the time @theardvaark posted this tweet voicing his distrust of the statement, I muttered to myself “Don’t be soft. Why on earth would a simple windows update move them?

Despite now having worked with the Evil Empire’s products for something like 27 years, and so being used to useless error messages (“An unexpected error has occurred”, for example) and being downright lied to (any message produced by Internet Explorer), I still get caught out at times, and one such thing gave me a nasty shock the other day.

Getting The Turtle’s Head

Sunday, December 13th, 2015

Yesterday saw us at the Brownhills Christmas Market mid-morning, and having beer forced upon us by the nice chaps at Backyard. As reported over on BrowhillsBob’s Blog the event seemed a success, despite the weather, though I felt last year’s layout, with a cluster in Ravenscourt worked better, but given relations between Walsall MBC and the owners may be a little awkward, maybe co-operation on that front wasn’t possible, and it may also be that the chosen layout was deliberate to encourage foot traffic along the High St. Whatvever, we had a wander, the aforementioned beer, and caught the attention of a bird or two:

"Cats, you say? Nom."

“Cats, you say? Nom.”

then off to Aldridge, to order our turkey, and check out The Turtle’s Head, (snigger) Aldridge’s first Micropub, which made for a pleasant interlude, and all by public transport, which has to be better than staying sober and mucking about parking.

Near Beer

Thursday, October 8th, 2015

We’ve been away, to Seaton, as I didn’t fancy a long drive to Scotland just yet, so the M5 beckoned.

We’d been here before, around 20 years ago, and fancied staying in Beer (because Beer) then, but lack of parking drove us out to Seaton. This time we chose Seaton for it’s size, flat terrain, and public transport: I’m much less of a keen driver than 20 years ago.

It’s a nice town, Seaton. A wide promenade, with a good view,

Seaton Promenade

Seaton Promenade

lots of benches (useful when you’re trying to regain walking distance), and independent pubs, cafes, and restaurants- remarkably chain-free, if you can ignore the Tesco behemoth with attached Costa coffee. We had a seafront property, which was great, and a short walk to town.

I’d mentioned public transport: we actually managed to not use the car all week, between walking around town, the tramway, and buses, we got about. The buses were the X53 Jurassic Coaster, and the 899 local service run by AVMT. Both weave their way through small roads, but the 899 at times goes down roads where the greenery hits both sides simultaneously in places, and in others the space each side was measured in inches, and you get to see some nice small Devon villages. Like Beer.

Sadly Beer wasn’t the best place to drink, which made our choice of Seaton to stop in all the better, even if the best meal of the week was in a hybrid Italian/Thai in Beer.

We were interested that Sidmouth, which 20 years ago, in our 20s, we’d discounted as God’s waiting room, and dull, was lovely, with at least one great pub, a nice hotel where we had drinks brought to us by a very smartly dressed waiter (and for less than a tenner), and a bit of a slightly upmarket, but lively feel. I think both us and the resort have changed…

The Jeep Hack – the full horror

Tuesday, August 25th, 2015

Full details have now been released of just how the Jeep hack I mentioned here was carried out, and there’s a video (long, but worth it if you’re interested):

A article on Hackaday, and a white paper (PDF, 4.3MB) explaining how it’s done.

There’s two things to draw from this- that the researchers are very clever, and that the people that designed Uconnect are either naive, stupid, or foolhardy. That sort of thing is fine if you’re experimenting with code, less so if you’re developing code that can be exploited in a fast-moving 2-tonne chunk of metal. Since the video is long, I’ll pick on a few key points.

1) The “random” passphrase for the inbuilt wifi hotspot is fairly predictable.
2) Port 6667 (DBUS) was left exposed to the internet on the 3G connection, and the system calls availble there were exploitable.
3) Services were running as a superuser, so they didn’t have to work out privilege escalation.
4) Firmware updates have no signing to check validity.
5) The radio had a connection to the “drive” CANbus.

added together, that’s pretty scary.

Time to review InternetofShit.

In the PC world (and in that, I’m including Mac and Linux), the devices you have may have a life of 10 years, and in that time, these days, they will be regularly patched, so silly vulnerabilities get fixed. Also, generally speaking, things controlling dangerous machinery aren’t always connected to the Internet (though that is becoming less true as time goes on). A car will have a longer life, and probably be rarely patched, especially by the time it has it’s second or third owner, who is unlikely to take it to a franchised dealer. How about a fridge? Mine is 20 years old now, and had it been possible to buy an Internet-connected fridge then, do you think the manufacturer would be supplying firmware?

Just because you can connect something to the Internet, it doesn’t mean you should.

Sticking it to The Man

Thursday, July 2nd, 2015

I’m now, around 2 months after surgery, finally starting to feel a bit recovered- but still having to take things very, very carefully. At point of coming out of hospital, I could just about hobble a few yards on 2 sticks, or rather elbow crutches. I’ve built that up, very gradually, to the dizzy heights of half a mile with one, wandering around the house with none, and managing a trip around the supermarket with the trolley to lean on, and I can drive short distances. Soon, I’ll hopefully be better (but fatter, see below) than beforehand.

Being temporarily disabled opened my eyes to a few things.

1) People, overall, are very kind and helpful, from pub and restaurant customers to bus drivers and passengers, and taxi drivers- but people *stare*. It’s good-natured- they want to be sure you’re OK- but still uncomfortable.

2) Having to use taxis a lot gets expensive quickly. Getting to my GP surgery if someone couldn’t drive me in a car was a ridiculous journey: it is all of 2 or 3 miles, and can be done on one bus *if* you can walk about half a mile to a bus stop, which I couldn’t at that point- so taxi it was. Anyone on a low income would struggle, and even for a simpler trip to Walsall, that walk to the bus stop (only a few hundred yards) can seem a long way, and getting to a walk-in NHS centre to get staples removed would have been next to impossible except by car or taxi.

3) Room to move becomes important, and people parking on pavements, self-closing doors, and narrow doorways in buildings become really difficult.

4) Sitting on one’s increasingly capacious arse (a result of boredom eating, and going from cycling 4-5 evenings a week and walking to local shops to doing almost *nothing*) sounds like fun, but rapidly isn’t. The garden is overgrown, the cars are unwashed, and I have the time to do them, but can’t do so. Friends have helped, but I cannot rely on that all the time, and don’t want to either. By the time I *can* do it, I’ll have to go back to work 🙁

5) I spent a few weeks being almost totally dependent on others- I could get to the toilet, I could get showered, and dressed (even if it took 15 minutes and a dazzling amount of expletives to put a sock on…), and it wasn’t a good experience, despite my better half being very supportive. I could get to the kitchen, but could only carry stuff I could get in a pocket. What would I do if I lived alone?

6) While Internet shopping handily solves some difficulties, being unable to lift/carry items within the house makes getting the shopping from the front door hard. I’m not suggesting they should come and put it away for me; merely that on the face of it, it seems like a fix, but I still needed assistance.

7) One’s drinking social life becomes impaired. Pubblog has had few updates, and #100pubs is looking very, very sick.

Basically, it’s stunning how many everyday things get harder, more expensive, or both, and at the risk of repeating myself, people would do well to remember this.

PS: when you start watching On The Buses repeats, and being genuinely aggrieved if you miss it, you’ve probably been at home too long ;-).

Turning the wheels

Thursday, July 2nd, 2015

As I’ve been recovering from surgery, I’ve not been using my car, so to preserve the battery (now around 9 years old), I connected (well actually, my other half connected) my excellent CTEK battery charger, at first using the croc clips, then, when I was able to, using the comfort connector- a socket that is connected to the car permanently.

Doing this upset things: when I went to try and start the car, I got a load of warning lights, and plugging in the diagnostics revealed a fault code for the steering angle sensor:

00778 - Steering Angle Sensor (G85)

Clearly dicking about with the battery terminals had lost the basic setting.

The sensor simply tells the ECU how far the steering wheel has been turned, and is needed, and calibrated, so that the Stability Control knows which way the wheels are pointing, and also so the Steering Assist ECU can adjust the steering weighting according to speed and how much steering lock is applied. As such, you have to tell the Stability Control (part of the ABS controller) where straight ahead is, with this procedure, and then allow the car to calibrate where the two ends of travel of the steering rack are by following this procedure, which is why it’s remained undone until now, now I’m able to drive short distances and manage the steering with little power assistance.

In the event, it took several attempts at the second procedure, which is why today found me sitting in an quiet industrial estate, with the car running and a laptop on the passenger seat, and even then, it took a short drive and several lock-to-lock moves to clear. The steering was both very heavy and devoid of feel until all of a sudden, the fault lamp cleared, the steering got lighter, all started working correctly, and a scan produced this:

A happy steering assistance ECU

A happy steering assistance ECU

All a bit complicated, really, but that’s the price we pay for all the fancy active safety gear, and another sign of how car systems interact: the steering angle sensor will report an error in the steering assist ECU, but the basic settings are set in the ABS/Stability controller, and both controllers get upset if this setting is lost.

This blog is protected by Spam Karma 2: 41037 Spams eaten and counting...