No ads? Contribute with BitCoins: 16hQid2ddoCwHDWN9NdSnARAfdXc2Shnoa
Sep 282016

One of the things that has happened recently was that a commentator on security matters (Brian Krebs) was taken offline by a massive denial of service attack, which (not so) mysteriously happened after he published an article on denial of service attacks. The short version of the story was that his site was hit by a denial of service attack totalling approximately 650Gbps (that’s roughly 6,000 times as much network bandwidth as your typical broadband connection), when his denial of service protection threw their hands up in the air and said: “That’s too much like hard work for a pro-bono service” and gave him 2 hours to move his site.

Google helpfully provided an alternative with Project Shield, and the site was reasonable quickly available again. And to be fair to the original denial of service attack providers (which I’m not naming), this level of attack was sufficient to cause problems to their paying customers and protecting from this level of attack is very expensive.

And indeed paying for denial of service protection is very expensive; the income for the entire lifetime of this blog site would pay for approximately 2 hours of protection. If that.

There are two aspects to this attack, although to be honest neither are particularly new.

The first is technical. Most distributed denial of service attacks are quite simple in nature – you simply ask a question of a dumb “server” with the return address of the site you want to attack. If you send out enough questions to enough dumb “servers” (which can actually be simple workstations or even Internet of Things devices), then you can overwhelm most sites on the Internet.

There are two fixes for this :-

  1. Don’t run dumb and insecure servers.
  2. ISP’s should stop allowing people to forge addresses on network traffic (Ingres Filtering or BCP38).

The second fix is the simplest method, but given how successful the decades long campaign for ISPs to do ingres filtering has been, tackling both ISPs and dumb servers is worthwhile.

As this latest attack may have been chiefly by IoT devices simply sending requests to the victim, the implementation of ingres filtering may not have been of much use in this case, but it is still worthwhile – this attack is not the only one that is happening. Attacks are happening constantly. However, tackling these “dumb servers” that were controlled by the attacker is also a priority, and we need to start seeing concrete action by the ISPs to tackle their customers’ mismanaged networks (home networks in many cases) – aggressive filtering of infected customer networks, and customer notifications that include advice.

Of course ISPs are not going to like doing that just as IoT manufacturers don’t like paying more to make secure appliances. Well, it’s time to name and shame the worst offenders; the bad publicity may help to counteract the lack of incentive to invest in processes that don’t immediately help the bottom line.

The second aspect is rather more serious. We now have an Internet where it is relatively easy to silence anyone who says something you do not like – if you’re rich enough to hire a denial of service gang. Anyone that is who cannot afford protection from such gangs, and there are suspicions that some gangs also provide denial of service protection services.

And this story is not the first time it has happened, and we need to start thinking about mechanisms to keep smaller publishers online when attackers try to censor them. Unless we want all our media controlled by the big players of course.

2016-03-28-swamped bandstand.small

Sep 212016

In England and Wales, there is no such thing as Common-Law Marriage, except when there is.

Which basically comes down to the fact that courts accept informal marriages where there was no other choice – the example on the Wikipedia page is of prisoners held by the Japanese who could not marry according to the formal process.

So where did the notion of common-law marriage come from? That Wikipedia page claims that it was some sort of group-think mistake made in the 1970s … well perhaps.

In fact, Scotland (until 2006) had something that would in England be called ‘common-law marriage’, and England in all likelihood had something equivalent even if the lawyers claim there was no such thing as “common-law marriage”.  They are right to a certain extent, but the history of marriage law in England is byzantine and twisted.

Details of what happened in England regarding marriage before the christian church came to dominance is shrouded in mystery, but in all likelihood marriage was a legally binding contract initiated by oath (it should be noted that an old form of the marriage vow includes the phrase “I plight my troth” and the word “plight” is the Old English word for oath). For those who are suspicious of a simple sworn oath being the basis for a marriage should note that in Anglo-Saxon times, the sworn oath was a fundamental building block of society, and nobody was lower than an oath-breaker.

One indicator of this are the marriage vows; a pompous religious or civil official may pronounce “You are now married” or even “I declare you married”, but the important part of the ceremony are the vows that the two people swear to each other.

In the early medieval era, the state had no time for laws regarding marriage – it was still effectively a private contract between individuals. The church on the other hand took in interest in dealing with abuses – bigamy, fornication, prevented forced marriage (probably not entirely successfully), etc. But the church could not and did not perform marriages; marriages would often be “blessed” within the church, but marriages themselves took place outside.

One of the important principles established was that an illegal marriage was still a marriage.

The church took control of marriage after the Council of Trent, and declared that no marriage was legal unless it took place within a church and the ceremony was performed by a priest. Yet in all likelihood ‘irregular marriages’ still took place especially when extra-parochial areas, or remote under-served parishes were considered (some remote areas in the North could see a priest as little as once a decade or longer).

And of course getting married required money – the priest would insist on his cut as payment for his services. So the poor probably carried on doing what their ancestors had done, and simply declared they were married and got on with it.

The state took over marriage law in 1753, in an attempt to combat “clandestine marriages” (it didn’t entirely succeed; those in need of such marriages merely eloped to Scotland where the law on marriage was more relaxed), and it is often said that this act abolished common-law marriage.

It didn’t. There was no such thing.

A 15th century marriage was legally nothing more than a contract as in an agreement to supply certain goods in exchange for land. It looked like common-law marriage, and it would not be too surprising if rumours of how marriage used to be persists down to the present day. Especially when you consider that a significant number of non-conformists who avoided CoE churches would have been ‘married by consent’ rather than ‘married in law’.

So what does this matter? Well apart from being historically interesting, it is important to note that unless you are officially married then you do not have the legal rights of marriage. So those who believe in ‘common-law marriage’ are welcome to continue to do so, but should bear in mind that it has no legal status.




Sep 162016

Mention the infamous haggis to most people, and naby will turn pale and need to steady themselves on any conveniently placed furniture at the thought of eating it. But why?

Those very same people will quite happily chomp through a plate of sausages without a thought.

One contains bits of an animal chopped up with a grain, and sealed within another part of an animal, and the other contains bits of an animal chopped up with a grain, and sealed within another part of an animal. Of course both sausages and haggises usually use artificial skins these days, but the point remains – a haggis is just a variation on a theme.

The key difference is the animal choice – haggis is based on sheep, and sausages are based on any animal that isn’t a sheep.

So you could say those people who are horrified by haggis are just anti-mutton, but that turns out not to be the case. Many of those horrified by haggis are quite happy chomping their way through a sheep.

2015-12-31-seagull in the light.p1

Sep 122016

The title of this post came from a tongue-in-cheek post on a forum I sometimes post on, and this post is not about the NHS nor it is even about socialism.

What it is really about is the over the top reaction you get when anything even tangentially related to socialism crops up anywhere someone from the US can see it. I’ve mentioned elsewhere that this is a variant on Godwin’s law whereby if someone accuses something of being socialist, they instantly win and condemn the “thing”.

To which I want to respond: grow up and think for yourself.

First of all, socialism is not the same as communism and in turn, communism is not the same as the kind of communism as practised by the Soviets. It is possible that communism inevitably leads to the kind of totalitarianism that the Soviets were so keen on, although there are those who disagree. But this is not about what sort of government you have.

It’s about how to run certain things. How do we pay for, and run certain services we have decided are essential such as :-

  • Health care (of individuals)
  • Public health (of society as a whole – vaccinations, sewage, water supply, etc.)
  • Police and justice system.
  • Defence

There are plenty of things that we have historically decided that should be paid for by the community as a whole, and be run by our government (in a very loose sense the community itself), including many of the items listed above. Even the most rabid anti-socialist is unlikely to start bleating about how the government is interfering with the private sector when talking about defence.

Yet suggest something new should be paid for by the community as a whole – such as the health care system – and Americans will start shouting “Socialism” and condemn the notion without looking at the merits.

By all means condemn a new community-funded notion if there are obvious problems with it, but to condemn it because it might be something suggested by a socialist government is ideologically-driven stupidity of the first order.


Sep 082016

Freedom of information requests are a pretty cool feature of law that forces public bodies to disclose information on request if it is appropriate to do so. However it effectively only applies to public bodies which effectively excludes most charities and private companies.


The purpose of the FOI law is to catch out public bodies that are up to some sort of shenanigans – spending public money on first class junkets to Hawaii (or Italy if you’re on the American continent), diverting funds intended for hospital beds to some less worthy purpose, losing nuclear submarines, and all sorts of other nefarious activities that idiots with inadequate supervision can get up to.

This is all very well … indeed very useful, because the public should be able to obtain details from public bodies about what they get up to.

But what about other organisations?

In theory, private companies are supervised by the board, which in turn is supervised by the shareholders. In practice, shareholders are unlikely to be interested in the day to day operation of a company until that company starts losing money. So what happens when a company is up to something nasty, but is still making profits? Well there is always the hope that hard investigative journalism will expose the scandal.

Or you could change the law and make freedom of information requests apply to all organisations.

Because journalists can use FOI requests to delve into the secrets of public organisations to get an easy story, we are in danger of getting a skewed picture of the relative merits of public organisations versus private organisations. If scandals within the public sector are easy to expose, and scandals within the private sector are hard to expose, we will get more stories about scandals in the public sector.

Which may lead the naïve to believe that the public sector is more prone to nefarious behaviour than the private sector.

So in a way FOI requests applying to only the public sector is another way of demonising the public sector.

But ultimately the question is: do charities and private companies sometimes get up to activities that it is in the public interest to know? If the answer is yes, then of course FOI requests should apply to them.



Sep 012016

Although I use graphical on-screen calculators for many calculations, it can sometimes be convenient to perform calculations at the command-line (or in shell scripts). In which case the old tool is expr :-

» expr 3 \* 9 

Very convenient; even though I can do such a calculation in my head there are circumstances where checking with a calculator is suitably cautious. You can of course perform calculations directly in the shell; if you are using a modern shell such as zsh or bash :-

» echo $((3 * 9))

Whilst convenient, such methods do have their disadvantages :-

  • The expr tool takes it’s expression after the shell has had it’s way with interpreting it – which is why I have escaped the “*” to multiply. You cannot put quotes around the expression either as expr assumes it to be a string.
  • These calculations are integer calculations, so you cannot find out what 77/4 is (19.25). Oops! Turns out that if you make one of the numbers in the expression a float, then the result is properly calculated: echo $((77.0/4) -> 19.25.
  • These calculators are limited to relatively small numbers – according to zsh, 2^63 is -9223372036854775808

If you need something a little more sophisticated then qalc (this is the command-line interface for Qalculate!) makes a pretty good command line calculator. It has to be installed with sudo apt-get install qalc and once installed it should be run interactively to get the initial configuration out of the way :-

» qalc
You need the download exchange rates to be able to convert between different currencies.
You can later get current exchange rates with the "exchange rates" command.
Do you want to fetch exchange rates now from the Internet (default yes)? yes
> quit

Once installed you can perform calculations in the same way as expr (although you can enclose an expression in quotes) :-

» qalc "3 * 9"
3 * 9 = 27
» qalc "2 ^ 72"
2^72 = approx. 4.7223665E21
» qalc "0xff"  
255 = 255
» qalc "86400s to hours"                                                                  
86400 * second = 24 h

You can add the “-t” option to prevent qalc telling you the expression it calculated; perhaps more useful in scripts than interactively.


Sep 012016

One of the advantages that ZFS brings, is that it is so easy to create file systems, that you can create them for purposes that you would not previously do. For example, I have an additional file system mounted under my home directory for a certain application that generates a lot of data that I do not need backed up. Because the script I use to back up stuff does not cross file system boundaries (i.e. it does not descend into a directory that contains a mounted file system), I can simply exclude a large amount of frequently changing data by making a file system.

Or I might (as it happens I do not, but I could well do) create file systems for large lumps of data to easily see how much space they occupy – perhaps ~/Pictures. You can run a command like du -sh ~/Pictures, but that is an expensive command (it takes a while) and it tells you how large the files are; not how much space they occupy on disk. And on-disk compression can make that a significant difference! So simply run df -h ~/Pictures if that directory is on a separate file system.

But there is a bit of a gotcha with that. If you create such file systems in the normal way (such as zfs create pool/mikes-pictures; zfs set mountpoint=/home/mike/Pictures pool/mikes-pictures) you risk creating a situation that may prevent your home directory from mounting. If the “child” file system is mounted before the parent, it will not be possible for the parent file system to be mounted when booting.

Instead create the hierarchy properly :-

zfs create pool/h2
mkdir /h2
zfs set mountpoint=/h2 pool/h2
zfs create pool/h2/mike
zfs create pool/h2/mike/Pictures
ls /h2/mike/Pictures

You will also have to fix the permissions, but this is a far safer way of organising things suitable for future file system creation.


Aug 292016

It seems that occasionally GNOME can go a little screwy and its fancy mouse pointer plugin can result in an invisible mouse pointer. Which makes doing anything just a little bit tricky.

If you can open a terminal, enter the command :-

gsettings set org.gnome.settings-daemon.plugins.cursor active false

And all should be well. At least until it decides to turn itself back on again (so make a note of this fix!).


Aug 232016

There are moves afoot to scrap the UK’s Human Rights Act.

Think about that for a moment. There is a minister of justice who wants to take away your human rights.

Whether or not you like the ECHR, the fact that a British politician wants to scrap the Human Rights Act is somewhat worrying. They want to take away our human rights. It is all very well saying that the British authorities never behave in ways that would threaten our human rights, and we have both common law and traditions that protect our human rights. But scrapping the Human Rights Act sends a signal that we do not need human rights; a signal that may not be picked up and acted on for years or decades, but the signal is still there.

Now if they were merely going to modify the Human Rights Act, that would be fine. I am sure there are parts that go a bit too far and others that do not go far enough. The key thing is that changing the Human Rights Act; even improving it, sends a different signal no matter what those changes are. That signal is that we do believe in human rights.

And that is a good message to send.

The New Defence

The New Defence

Aug 192016

Of course it doesn’t. Anyone who claims so needs their brain rebooted.

This topic came up on an online discussion where there were many comments indicating a poorly conceived belief that a “not guilty” verdict from a court means “innocent”.

In a criminal case the court has to decide whether there is enough evidence to determine if the accused can be found guilty in the opinion of the court. The legal system very wisely knows that whilst it has the job of determining truth (as part of dispensing justice), it cannot do that so restricts itself to determining whether there is sufficient evidence to find someone guilty beyond reasonable doubt.

That means those who get a “not guilty” verdict comprise two groups – those who are innocent, and those who are guilty, but there is sufficient doubt over their guilt that they cannot be found guilty. Any policeman (or woman) will tell you that those found “not guilty” include plenty of people who really are guilty, but the evidence isn’t sufficient.

We have a legal system where there is a presumption of innocence – the old saying is that it is better that 99 guilty criminals go free than 1 innocent person be convicted. The legal system assumes that mistakes will be made (quite rightly – the decisions are made by people), and weighs the system heavily in favour of ensuring that mistakes result in people going free when they are guilty.

It does this by asking the jury to decide if the accused is guilty; not whether they are innocent. And they must have no reasonable doubts over the guilt of the accused. In a perfect situation a simple question has a black or white answer – the accused is guilty or innocent; in the real world we all know there are grey areas – there is plenty of evidence showing that the accused killed the victim, but she has a good alibi.

Where a case becomes grey and there is sufficient doubt, the verdict should be “not guilty” even if the accused was probably guilty.

The Edge

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.