No ads? Contribute with BitCoins: 16hQid2ddoCwHDWN9NdSnARAfdXc2Shnoa
Jul 142018
 

Liam Fox has claimed that Trump protesters have “embarassed” themselves by protesting Trump’s visit to the UK. He claims that we have a tradition of being polite to guests (at least until they throw up on the carpet, piss in the wine, and try to have sex with the host).

Well, I didn’t invite that jumped up rancid little toad who is Putin’s lickspittle and quite possibly the closest thing we’ve seen to a major free world leader being a Nazi. So I am under no obligation to be polite to the bankrupt crook.

Besides which, with his unreasonable and unhinged attack on NATO, Trump has been pissing in the wine, so it would not be unreasonable to slam the door in his face. Of course I’m not being “diplomatic” but I’m not a politician so I’m not being paid to be polite to the kind of person resembling that which you instinctively scrape off your shoe.

To USians who might feel a bit insulted by how their president is being treated; well if you did your job properly and didn’t elect someone with the brains of a pea-sized petrified panda turd who separates children and puts them in concentration camps then we might treat them with a bit more respect.

Jul 112018
 

Well that was an interesting day in politics!

Trump has arrived in Europe and immediately tried to insert both feet into his mouth – he insults the other members of NATO by openly criticising them for not meeting their commitment to military spending, and claims that NATO owes money to the USA for protection.

Now there used to be some grounds for criticising the European members of NATO for not spending enough on their military, but the spending has been going up in recent years (despite austerity). You don’t criticise someone for being overweight when they’re on a diet and have lost half their flab!

And Trump claimed that Germany is under the control of Russia because of Germany buying natural gas from Russia! First of all, the figures he were using were wrong, and when you boil it down Germany’s energy needs are very rapidly being switched to renewable energy sources – on some days all of Germany’s energy is supplied by renewable energy sources.

Trump exhibits the diplomatic skills of a rabid dog.

European nations aren’t dumb – we watched Russia blackmail Ukraine over gas supplies in winter and know that we need to wean ourselves off Russian gas. And we know that the US has sent us a self-destructive idiot to deal with; those meeting with Trump will be gritting their teeth and putting on their most diplomatic face.

The other interesting thing is the effect Trump’s attack on NATO has had on the US Senate; they’ve basically passed a resolution (passed 97-2) saying in a long-winded way: “Ignore that idiot Trump, we’re fully behind NATO”.

There are those in the US media saying that Trump is Putin’s biggest ally on all of this – he apparently would rather do a deal with the Russians than with the traditional allies of the US. Is Trump actually an FSB agent?

No. The Russians might well make use of Trump and drop him an advantage or two, but they’re not so dumb as to employ an idiot like Trump.

Trump is a clear and present danger to the interests of the US; not the stuff like treating immigrants like criminals (although that is bad enough) but the big stuff; stuff that will encourage Republicans to turn on Trump – National Security and the economy.

 

Jun 232018
 

On any number of occasions, you encounter the first half of a quote from 1 Corinthians 7:1-16 from feminists determined to show that christian marriage is no more than sexual slavery for women :-

For the wife does not have authority over her own body, but the husband does.

However the full quote makes it sound a little bit different :-

For the wife does not have authority over her own body, but the husband does. Likewise the husband does not have authority over his own body, but the wife does.

Do not deprive one another, except perhaps by agreement for a limited time, that you may devote yourselves to prayer; but then come together again.

Not quite the same. Perhaps not at modern levels of political correctness, but neither is it at quite the level that the feminists will portray it as.

Now there are other bible verses on marriage; some good (from today’s perspective) and some bad. If you take all the bad bits, it makes it sound like women were repressed to the point of being ground into the ground. If you take all the good bits, it makes it sound like early christian marriage was a perfect equal partnership of a type that wouldn’t look totally wrong even to today’s standards.

The truth lies somewhere in between.

If I move onto mediæval marriage, there is often a mistaken belief that an arranged marriage was a forced marriage, and that arranged marriages were always young girls being married to lecherous old men. There is always the assumption that the men were always happy about the arrangement whilst the women were always unhappy.

In other words, it wasn’t just women “persuaded” into an arranged marriage.

As for young girls being married off to old lecherous men, there are a few exceptions :-

  1. Henry II may have been “old enough” when he was married to Eleanor of Aquitane, but she was 11 years his senior.
  2. David II was just under 5 years old when he was married.
  3. Henry IV was probably 14 when he was first married.

Obviously not conclusive, and it is still possible that the overwhelming majority were lecherous old men marrying young girls. But we don’t really know.

As to women being forced into arranged marriages, it certainly happened from time to time, but there were usually plenty of opportunities for the victim (whichever one) to escape :-

  1. The church was opposed to forced marriage, and it is possible that they would assist those forced into a marriage to get an annulment (although a peasant might find this trickier).
  2. There are plenty of cases where women who were opposed to an arranged marriage would run off to a convent for temporary (or permanent) refuge.
  3. The church would recognise any “informal” marriage as a valid marriage blocking any further marriages. So anyone with a problem with a proposed arranged marriage could simply run off and get married to someone else. Which would instantly block any arranged marriage.

One indication that forced marriage wasn’t generally accepted is that the Magna Carta contains a provision to block the king from forcing his wards into arranged marriages. So the barons who forced the king into accepting the Magna Carta were annoyed by the king forcing their female relatives into marriage.

Property rights are a similar area where the law is misunderstood; married women could not own property in their own right. True enough, but there are two aspects that are overlooked :-

  1. Dowry was an arrangement by which a woman’s family or the woman herself could take property into a marriage with the expectation that on the death of the husband that the property would be returned to her. It was an arrangement to ensure that the woman had the resources to maintain herself after the marriage died. And whilst this was open to abuse, there are plenty of legal cases to show that a woman could (and usually succeeded) take a case to court and get the dowry returned.
  2. In some cases women could get a declaration of femme solo to go into business on her own account, own property, and be responsible for her own debts independent of her husband.

Does this mean that everything was equal and fair? Of course not, but equality wasn’t an important concept to the mediæval society – and that applied to men just as much as women. But neither was it quite as bad as portrayed; indeed there are plenty of indications that conditions for women got worse as the mediæval era ended and the modern era began.

One concrete indication of that was the 1834 reform act which for the first time explicitly removed the vote from women; before that date women could and did qualify for a vote under the regulations for their constituency. Although social pressure to not vote increased towards 1834.

Early Morning Seatrip

Jun 212018
 

The USA likes to think of itself as the “leader of the free world”, but two things that have happened recently shows that it is really morally bankrupt. It is no longer a great country but an international pariah.

The first is that they have left the UN panel on Human Rights because it is supposedly broken – they would rather throw a childish tantrum than stay, fix the supposed problems, and fight for human rights.

Actually it is the US that is broken. They would rather protect their ally (Israel) than actually do their job on the human rights panel; the honourable thing to do is not to protect their ally no matter what but to keep quiet when Israeli human rights abuses are being discussed.

The second is that the US has been found out about it’s policy of dragging young children (including dragging a baby away from its mother whilst breastfeeding), and locking them up in concentration camps (not death camps). Putting them in cages, letting the sleep on floors, limiting their bedding to survival sheets of shiny foil, keeping them inside for 22 hours a day; what else can you call this other than a concentration camp.

And that is just what has leaked so far – in just over a month since this policy was started.

There has been predictably a negative reaction to this policy – many US politicians  are outraged (and not just Democrats). One Republican governor has had himself pictured sending Sessions the finger; eight state governors have refused to send their respective National Guards to the borders.

And the number of lies told by Trump’s minions is unbelievable. The scum in the White House did this deliberately to provoke a reaction. But the reaction may have been bigger than expected – Trump has just announced that he is revoking his policy and children will be imprisoned with their parents.

I thought about not publishing this post when I heard, but then I thought No. The US government did this thing so still qualifies as a rogue nation.

Just take a good long look at that crying child; the US government did that. Trump and his minions went ahead and set up concentration camps for children; they probably spent close to a year getting prepared for this and at no point thought better of it. If your government ever does anything like that, you know that the wrong sort of people are getting into power.

And the people. As many as 28% approve of immigrant children being put into concentration camps; as many as 28% have a broken moral compass.

Jun 142018
 

Trump is outdoing himself in stupidity by starting a trade war with the strongest allies of the US. He imposed unilateral tariffs on steel and aluminium (supposedly to protect US workers although it won’t do that), and acts surprised when allies respond with tariffs of their own.

Which is a bit like a child being surprised when they throw a ball in the air and it falls back on their head.

So what effect will the tariffs on steel and aluminium have? For a start, the US producers of steel and aluminium are not going to suddenly pick up the slack – the US imports in the region of $2 billion worth of steel products per month, and whilst US steel manufacturers can increase production it won’t be able to increase it that quickly.

So the US will continue to import foreign steel, but importers will pay more for it. That means the goods produced by imported steel will cost more. Consumers will pay more for those goods or switch to foreign producers who produce it cheaper (the later will cost US jobs).

So Trump has chosen to implement tariffs that will harm the US.

And assumed that those countries Trump has imposed tariffs on will meekly accept their punishment; which obviously hasn’t happened..

The EU has imposed retaliatory tariffs on motorcycles, cranberry juice, denim, peanut butter, and cigarettes. Notice something interesting about those products? They are all finished products with easily sourced alternative suppliers, or luxury goods that aren’t necessary.

In other words the EU tariffs are going to have a minimal impact on the EU economy.

So Trump will blame the damage to the US economy on his own trade war, and point to the lack of damage to the EU’s economy as ‘evidence’.

Expect more temper tantrum Trump ‘policies’ shortly.

 

Jun 122018
 

This posting is about using the command-line ssh tool for relatively securely copying stuff around, and logging into devices. Many of the tips contained within are things I have had to pry out of the manual page for my own use and these notes are a way of keeping the information around without relying on my brain.

#1: It Comes With Windows

If you are running the latest version of Windows 10, you get the command-line versions of ssh and scp without dropping into the Linux shell :-

Of course you have been able to install ssh clients for Windows for years or even decades, but having it available by default is a big win. Particularly for Windows machines you don’t tweak with your favourite applications.

#2: Public/Private Key Authentication

This the first part of increasing security by only permitting key authentication so that password brute forcing attacks become impossible. With the assistance of an ssh agent (not covered here) or a passphrase-less key pair (not advisable), it is no longer necessary to enter a password.

Of course getting into this sort of thing can be very confusing especially as most instructions tend to get into far too much detail on the cryptography involved. To keep it simple, I shall avoid going on about the cryptography, and concentrate on how to get it to work.

The most important thing to remember about key authentication is that there are two keys – the private key (which should be kept as secure as possible on the client machine) and the public key (which is copied to the devices you want to connect to).

So to get started, you first need to generate a key pair, which can be done with ssh-keygen; this has lots of options, but at this point you can ignore them. After you enter the command, you can simply hit return at all the prompts to generate a key pair :-

Generating public/private rsa key pair.
Enter file in which to save the key (/home/mike/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/mike/.ssh/id_rsa.
Your public key has been saved in /home/mike/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:REMOVED mike@Michelin
The key's randomart image is:
+---[RSA 2048]----+
|=*+o ..  .B*..=o |
|o+++.  . =+o. o+.|
|.BE.+   + .  =  .|
|o+=& . . .    o  |
|. o +   S    .   |
|     .           |
|    SS           |
|              .  |
|     --          |
+----[SHA256]-----+

Of course this is not ideal because there is no passphrase, but to get started with that’s fine. You can ignore most of this output (except for the first item in the following list) but just in case :-

  1. The key pair is saved in the files ~/.ssh/id_rsa (the private key) and ~/.ssh/id_rsa.pub (the public key). The permissions are usually generated properly, but just to be safe you may want to reset the permissions anyway: chmod 0400 ~/.ssh ~/.ssh/id_rsa; chmod u+x ~/.ssh
  2. The key fingerprint can be used to check that when you are connecting that the keys haven’t changed unexpectedly.
  3. Alternatively (and slightly more of a reasonable check) you can check the fingerprint using the “randoart”.

Of course on its own, it doesn’t do much good. You have to copy it into place onto the machine you wish to authenticate to :-

$ ssh username@server mkdir .ssh
$ cat ~/.ssh/id_rsa.pub | ssh username@server cat ">>" .ssh/authorized_keys

Note the quotes around the “>>”; these are significant because you do not want the local machine’s shell to interpret them – they need to be interpreted by the remote machine’s shell. Normally I would simply “scp” the file into place, but appending to a supposedly non-existent file is safer – just in case it does exist and does contain public keys that are currently in use.

There are a whole bunch of options to the command, but the two most important ones are :-

  1. The -t option which is used to specify the key type to generate (dsa, rsa, ecdsa, and ed25519). This is mostly unnecessary, but some older and limited devices do not understand certain key types. And as time goes on, more key types will be declared “insecure”. So you may sometimes find the need to generate more secure keys. The simplest (but not very efficient) process for dealing with such situations is to generate a key for each key type and try each one in turn.
  2. The -f option which is used to specify the output filenames – the private key is saved under the name ‘filename’ and the public key under the name ‘filename.pub’.

#3: SSH Configuration File and Usernames

There are a ton of things that can be done with the ssh configuration file, but for this section I’ll stick with setting the username used to login to specific hosts – not because this is the most interesting thing that can be done, although it is quite useful.

The configuration file can be found (if it has been created) at ~/.ssh/config (with a system-wide version at /etc/ssh/ssh_config). Within that file, you can set global preferences, or host specific preferences :-

Username fred

Host router
  Username admin
Host dns*
  Username fxb
Host ds-* web-*
  Username baileyf
Host *
  Username fred

The first line (Username fred) instructs ssh to use the username ‘fred’ when no username is specified – ssh 192.168.77.98 effectively becomes ssh fred@192.168.77.87.

If you specify the same username within a Host section, the specified username is used for any hosts that the specification following the Host word. In the first case (“Host router”) the username “admin” will be used for any host called “router” but not “router.some.domain”.

In the case of the second clause, a wildcard is used which is very useful for specifying a range of hosts – the example can match “dns01”, “dns01.some.domain”, or even “dns02”. In fact the first Host section is an example of what you should not do – put in a single hostname without a wildcard because it will only activate if the hostname is specified exactly as given. Put a wildcard in there, and it will work whether you use a single hostname or use the fully qualified domain name.

You can also have more than one host specification – as in the “ds-* web-*” list.

And lastly you can (if you choose) use the Host declaration to specify a set of default values – in much the same way that configuration settings in the global context specify default values. Use whatever method you choose.

#4: Cryptographic Incompatibility

I have commented elsewhere on this, but basically the ssh developers have chosen to disable weak encryption by default. Personally I would prefer that ssh throw up huge warnings about weak cryptography, but what is done is done.

If you need to connect to something with weak cryptography, there are three potential ‘fixes’ to allow connections. Each of these is a keyword to add to a specific host section, followed by a specification of what ‘algorithm’ to add.

In each case, a connection attempt will give an indication of what is wrong together with an indication of what algorithm to include :-

» ssh admin@${someswitch}
Unable to negotiate with ${ip} port 22: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1

In this case, we can see that it is the KexAlgorithms we need to adjust and the algorithm we need to add is “diffie-hellman-group1-sha1” :-

Host someswitch*
  KexAlgorithms +diffie-hellman-group1-sha1

This can be repeated for Ciphers and (rarely) MACs.

#5: X11 and Port Forwarding

Run X11 gooey programs over an ssh connection? Of course .. why not?

This can be enabled on a host-by-host basis (it is off by default because it can be insecure) using the configuration file :-

Host pica*
  ForwardX11 yes

This is just a special case of port forwarding where a network port is connected (via the ssh session) to a remote network port. Port forwarding can be very useful – for example to access an internal web site temporarily that isn’t (and probably shouldn’t be) exposed with a hole through the firewall.

Of course this can be done with a VPN, but ssh may be simpler :-

Host pica*
  LocalForward 8000 8000

When the connection is made, a local port is opened (tcp/8000) and connected to tcp/8000 on the machine you are logging into.
 

Jun 052018
 

As the subject says, this blog has been offline for just over a week because of a hardware failure. Just when I wanted to moan about all the GDPR hissy fits that people are throwing.

Noticed some websites are blocking you because of the GDPR?

That’s the hissy fit. Seems that some international web site operators who previously assumed that GDPR didn’t apply to them, are suddenly realising that it does. Which is an indication that they have been impersonating an ostrich for a couple of years now.

Smaller businesses get a free pass on that one, but any reasonably sized company should have been aware of GDPR by now. It was put in place and deliberately put on hold for two years to allow people to get started with complying with GDPR. Anyone involved in the security business has been hearing “GDPR” for over two years now.

So there are those who claim they’ve not heard of it, and are now panicking and trying to catch up, making a mountain out of a molehill, and claiming that it’s a dumb law. Technically it isn’t actually a law but an EU regulation that member states are required to make law.

Anyway onto some of the biggest arguments against the GDPR …

The Whois Question

This is a great example of what happens when you ignore a situation and then panic.

When you register a domain (such as zonky.org) or a netblock (a set of IP addresses), you are expected to provide contact details for the individual(s) involved in the registration process – to allow for billing, and contact to be made in the event of operational issues.

Storing that information is perfectly reasonable.

Publishing that information is perfectly reasonable given informed consent.

Ideally the domain registration would offer a choice to the registrant – public listing of personal details, public listing of role contact information, or public listing of indirect contacts (i.e. keeping the contact details private).

There is a German court case decision saying that it isn’t necessary to have contact information for registering a domain; all I can say is that the German court obviously didn’t have the full facts.

GDPR’s “Right To Be Forgotten”

One of the misconceptions is that the “right to be forgotten” is an absolute human right; for a start it’s not a a human right, but a right under the law. And it is not absolute; the text of the GDPR includes numerous exceptions to the right to be forgotten, such as :-

  • A legal or regulatory obligation to keep the personal information.
  • An overriding public interest.
  • Ongoing legitimate business processes still require that personal information.

The key is that if you are an ethical business (in particular don’t plan to sell personal information and/or keep spamming people) then the right to be forgotten isn’t anything to worry about.

GDPR: The Fines

The strange thing is that there is doubt over the level of fines that can be levied under the GDPR which is remarkable as the language is quite clear – the lower level of breach can be fine of up to either €10 million or 2% of annual turnover.

Or to put it another way, for the lower level of breach, the maximum fine is whichever is greater €10 million or 2% of annual turnover. The maximum.

Do you know how often the ICO has imposed the maximum level of fine under existing legislation? Never.

The Jurisdiction Issue

Now here there is some legitimate grounds for grievance; after all whenever the US starts imposing its laws outside of the US, people outside the US start jumping up and down. And yes, the EU does expect non-EU companies to obey the GDPR regulation if they store data on EU citizens.

In practice, the EU isn’t going to try going after small companies outside the EU; particularly not small companies that are just ordinary business and not engaged in Cambridge Analytica type business.

The other way of looking at the global reach of the GDPR is whether it would be a good idea for there to be a world-wide law in relation to the protection of personal information. The Internet means that world-wide laws are necessary in this area, or those abusing personal information will merely move to the jurisdiction with the weakest protection of personal information.

Rusty Handrail

May 242018
 

A day or two ago, I bumped into someone online that used the phrase “elitist expert” in a negative context; either a troll or a spectacularly dumb person. He isn’t the only one; there are plenty of people who show a similar attitude.

Hell, the whole Trump government is riddled with that attitude.

There are two parts to this attitude – the notion that “elitist” is wrong, and the notion that “expert” is wrong. And I will attack those attitudes in reverse order.

An expert is simply someone who knows what they’re doing in one particular area – not necessarily just one. That could be an expert in economics, coal mining, carpentry, plumbing, etc. There is no reason why ordinary working people cannot be experts in what they do; in fact many of them are.

Imagine if you will that a plumber inspecting your pipework suggests that some of the pipes need replacing. If you totally ignore him, there is a word to describe you: “idiot”. Sure if it costs lots of money, getting a second opinion from another plumber is a sensible precaution, but to totally ignore the advice of the expert? Surely that’s stupid.

So don’t ignore experts – by all means get advice from other experts too, but to ignore them is stupid. Of course if you consult 1,000 experts and 995 of them say the sky is blue and 5 say the sky is purple, you should probably side with the majority.

As to elitist, well it is usually a bad thing – treating one person better than another for whatever reason is almost always wrong. But in at least one case, elitism is just common sense – my opinion on a plumbing problem is worth less than any plumber much less a plumber that other plumber go to for advice (“Man, that’s a tricky one; you’d better ask Jo.”).

Why do I use a plumber as an example rather than say a climate scientist?

Because there are two other factors in play :-

  1. The notion that “book learning” is inherently wrong.
  2. The notion that practical skills are worth less than intellectual skills.

A plumbing expert is just as useful to society as a climate scientist, and visa-versa. Of course they are valuable at different time scales – if there is sewage spewing out of your toilet, you need a plumber right now, and the services of a climate scientist are rarely that urgent.

Follow The Path

 

 

WP Facebook Auto Publish Powered By : XYZScripts.com