No ads? Contribute with BitCoins: 16hQid2ddoCwHDWN9NdSnARAfdXc2Shnoa
Oct 222016

Yesterday lots of people found the Internet disappearing on them due to a significant DDoS attack against the DNS infrastructure of one company. Now there are all sorts of suggested fixes for this sort of problem, some of which are useful.

However it is notable that people have not mentioned one method built into DNS which could have been used more effectively. Indeed one suggestion was for the DNS to do something it already does – caching.

When you ask your ISP’s DNS servers to resolve a name such as, the answer that your ISP’s DNS server gets back contains several bits of information in addition to the answer you are interested in (the IP address to connect to). One of which is how long to cache the value for, which means that your ISP’s DNS servers can save themselves some work for as long as they are allowed to cache the answer for.

Now it is awfully convenient to set this value to something like 5 minutes because if you have a need to change the value, it is nice to have the value change as quickly as possible.

But it also increases your vulnerability to a weaknesses in the DNS infrastructure.

If you increase the time-to-live (TTL) value to something more like 24 hours, then your DNS servers (or more usually the DNS servers of your DNS service provider) are required less frequently which means that if something takes them offline for any reason then there would be a decreased impact. It will still stop some people from getting the DNS answers they need, but the proportion unable to get an answer will drop dramatically.



Oct 212016

All that is necessary for the triumph of evil is that good men do nothing

– Possibly not Edmund Burke.

If you are of sensitive disposition and get a little twitchy around ‘naughty’ words, probably best skip this one – I’m really, really angry and the box of swear words is wide open.

Recently there has been some noise on my Facebook feed perpetrated by the kind of malevolent dipsticks who swallow the output of the Daily Fail (I’m not linking directly to their site because the slimy little shits don’t deserve the extra ad revenue) wholesale. Specifically there are some ‘concerns’ regarding the child migrants from Calais entering the country.

Apparently these fearful little whinging cowards are quaking on terror at the thought that some of these child refugees might not be children, but either young adults or some sort of Daesh terrorist in disguise. So because there is a tiny risk that some children might be a little too old to be technically children, or that there is a tiny risk that some might be associated with Daesh, we’re supposed not to give some refugee children in dire straits a home?

Hell, no.

Whilst the pathetic little worms are right in saying that some of the children might be a bit too old to be considered children, and there might be some risk that Daesh could infiltrate a terrorist, it’s time to tell the to tell the worms to piss off until they’ve grown a spine.

We’re British, which doesn’t mean cowering in our little hovels hoping that bump in the night isn’t some monster out to get us. It means doing the right thing and welcoming child refugees to our country, and if that means a bit extra risk (although most terrorist attacks are from home-grown terrorists), then we’ll suck it up. Hell, we take a bigger risk opening the front door and going to work every day.

And if you’re one of those pathetic individuals who doesn’t agree with this, then you can fuck right off. I’m not lowering my standards to pacify your pathetic need for safety, and it is about time a few more of us were prepared to tell you how pathetic you are.



Oct 192016

This is a bit of a thought experiment, so it may be not entirely correct (especially the maths – my probability theory is very rusty).

One of the lesser reasons for using the DNS rather than IP4 addresses is that typing mistakes are more easily caught – if you intend to type, but accidentally enter instead, you still have a valid IPv4 address. Whereas entering the domain name instead of will most likely get you an error instead of sending your secrets off to an unknown location on your network – unless you have a rather silly server naming convention of course!

But how likely are you to make a mistake typing in an IPv4 address? According to a random web site “out there”, the average accuracy of a typist is 92%, or an average of 8 typos per 100 characters. If we convert this into a probability, we get a probability of typing each character correctly as 0.92.

Given that typing IPv4 addresses is something that some of us have a lot of practice at, and in many cases we will notice typos before they become a problem, I’m going to arbitrarily declare that the probability of getting any character within an IPv4 address correct is 0.999. But to type in an IPv4 address correctly we have to get a maximum of 15 characters correct :-

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
1 9 2 . 1 6 8 . 1 2 8 . 1 2 8

So the probability of getting all those characters right is 0.999 (first character) x 0.999 (second character) … Or 0.999^15.

And once you work that out, subtract it from 1 (to get the probability of making a mistake) and convert it into a percentage, there is an 11% chance of making a typo in an IPv4 address.

For an IPv6 address such as 2001:db8:ca2c:dead:44f0:c3e9:28be:c903, which has 38 characters (no I’m not doing that silly table for IPv6) – 100 * (1 – 0.999 ^ 38) – 32%.

Now whilst my calculations may be a bit off, the likelihood of entering an IPv6 address incorrectly is nearly three times higher than the risk of entering an IPv4 address incorrectly.

In other words, with IPv6 you really need a good working DNS solution just to keep the errors to manageable levels.


Oct 192016

I have just been listening to a Microsoft fanboy on the you tube wittering on about something (not computer related), when he tried to read out a URL. According to him, there are “backslashes” in the URL.

Not in any normal URL. For those who do not know, URLs are web site addresses such as The character that appears after the network protocol (http) – the “/” is formally known as the solidus, and less formally as a slash. The slash that goes the other way is called the backslash (or more formally the reverse solidus).

And who decided that one was a slash (‘/”) and the other a backslash (‘\’)? Although it has been used since the Medieval era, it was probably first called as solidus in the 19th century because of it being used to signify the British shilling. Currently it is the Unicode Consortium who call it a solidus in the international standard for character encoding. If you disagree with them, by all means either convince them they’re wrong or set up a new international standard and get it more widely adopted than Unicode.

Until then, I’ll carry on calling someone who says a backslash looks like – ‘/’, wrong.

Does it matter? In the big scheme of things probably not, but it does make reading out instructions more difficult when either slashes or backslashes appear. After all computers rarely say “Ah! I see what you meant! You meant which is different (and makes sense) to http:\\\“. And as anyone who has ever encountered autocorrect “mistakes” will attest, letting computers decide what you meant is not always the best idea.

And how did the mistake originally occur? To some extent Microsoft is to blame, although I doubt Microsoft ever called the slashes the wrong name.

When Microsoft wrote their first operating system (DOS), they chose to make it semi-compatible with an earlier operating system (CP/M) which used the slash to indicate the use of an option to a command-line command which in turn was inherited from certain early DEC operating systems.

When they came to implementing directories (yes that long ago), they broke with the tradition of stealing ideas from DEC (or we would have ended up with paths like C:[WINDOWS.SYSTEM]FOO.SYS) and instead chose the Unix path separator. But the slash conflicted with option processing on the command-line, so they used the backslash instead – C:\WINDOWS\SYSTEM\FOO.SYS.

Of course people started calling the backslash, a slash, and I’m sure there are many out there who will continue despite being told that they are wrong. Of course when I say they’re wrong, I have the backing of an international group of grapheme experts behind me.


Oct 022016


I have said it before (quite possibly here): US politics sometimes seems like some kind of bizarre reality media show put on by the US to entertain the rest of the world. No serious political system could be that dysfunctional? Could it?

But this post is going to concentrate on the just one of the possible candidates (despite the media reports there are lots) – Donald Trump. It might be a little tin foil haty to ask this, but is anyone sure that he really isn’t a democrat supporter running as a spoiler? I mean the guy is so over the top as a buffoon, it seems like the most likely cause of his behaviour is that he really is a Democrat supporter who is running as a Republican to remove any possibility that the Republicans can conjure up a credible candidate.

Just look at some of the things he’s said :-

Do you mind if I sit back a little? Because your breath is very bad.

Just a silly example to start with. Most of us have thought this from time to time, but usually have second thoughts before opening our mouths. Now why do we re-think and decide not to say it? Because going around being nasty to people without consideration is indicative of a certain level of sociopathology. What is worse is that it is indicative of a dumb sociopath, as most people with enough sense to keep breathing without being constantly reminded to do so, will realise that acting like a dick will not win friends and influence people.

The point is that you can’t be too greedy.

Really? Kind of symptomatic again.

All of the women on The Apprentice flirted with me – consciously or unconsciously. That’s to be expected.

Creepy. Even ignoring political correctness, the later sentence implies an horrendous arrogance to the man.

If people can just pour into the country illegally, you don’t have a country.

Now there may well be problems with illegal immigration (although personally I doubt the problems outweigh the advantages), but the idea that you’ll lose you country because of immigration? Ridiculous. Illegal immigrants are nowhere near populous nor powerful enough to take over your country, and by the time their descendants are, they won’t be illegal immigrants any more but they will be you.

Scare mongering is the tactic of the lowest form of politician, and we all know how low they can get.

People love me. And you know what, I have been very successful. Everybody loves me.

No they don’t. Some people may love you, but not all. To think so is extremely delusional.

As for successful, it all depends on your criteria for success but most of his alleged success has taken place in the property development field which is notoriously easy if you already had money to invest (he did). There are a considerable number of serious commentators out there who question his business acumen.

I feel a lot of people listen to what I have to say.

What he neglected to mention is why people listen. Sometimes it’s to fall about pissing themselves with laughter.

That’s one of the nice things. I mean, part of the beauty of me is that I’m very rich. So if I need $600 million, I can put $600 million myself. That’s a huge advantage. I must tell you, that’s a huge advantage over the other candidates.

Which is of course another condemnation of the US political system which allows the rich and powerful to buy their way to power.

Sure, sure, I’d like to see Apples built in the United States, not built in China. I’d like to see them have factories in the United States. At least partially. They make nothing in the United States, virtually.

I’m reminded of King Canute (or Cnut) trying to hold back the tide. Fundamentally China is successful at producing mass market goods because it has very low labour costs. By the time you reduce US labour costs to the level of the Chinese, you will be looking at a revolution; the myth of the American dream won’t survive starvation.

As for nothing being built in the US, Trump needs to get out of his tower and go and take a look. There’s plenty being built in the US, but you won’t find cheap consumer goods (unless you count that made with slave labour; sorry I meant prisoner labour).

As your president, I will do everything in my power to protect our LGBTQ citizens from the violence and oppression of a hateful foreign ideology.

I hear the LGBTQ community has more to worry about the violence and oppression of a hateful domestic ideology.

Thanks to Hillary Clinton, Iran is now the dominant Islamic power in the Middle East, and on the road to nuclear weapons. Hillary Clinton’s support for violent regime change in Syria has thrown the country into one of the bloodiest civil wars anyone has ever seen – while giving ISIS a launching pad for terrorism against the West.

This is not the only quote about how Hillary Clinton is responsible for all of the world’s ills (and probably the four horsemen of the apocalypse too). Fact is that no foreign policy is going to cure the world’s ills; you can only respond to what other countries and people are doing. Foreign intervention in a country can make an existing situation worse but not create that situation.

build a permanent border wall between the US and Mexico that Mexico “must pay for”. The plan proposes various sticks to force Mexico to cooperate, such as impounding all remittance payments to Mexico from illegal wages earned in the US.

Ah yes! The infamous wall to stop immigration from Mexico. If we assume the wall will cost $1.5 million per kilometre, covering the whole 3,200 kilometres of the US-Mexico border will cost a cool $4.8 billion although this is probably a wild underestimate of the cost given that the 2006 Security Act allocated $1.6 billion for just a fence, and critics claim that it will need at least $4.8 billion more than is allocated. And that is for a fence not a wall.

And why should Mexico pay for it? They are not getting the benefit.

And you can use all the long words you like, but “impounding remittance payments” is just theft.

And that is of course just a quick taste of the inanities that Trump has come out with. There are those who excuse these comments by claiming a blunt honest man is better than another slimy politician. But there is a difference between bluntness, honesty and just plain stupidity. And having a stupid man in charge of the White House (and all that goes with it) is definitely not a good thing.

Sep 282016

One of the things that has happened recently was that a commentator on security matters (Brian Krebs) was taken offline by a massive denial of service attack, which (not so) mysteriously happened after he published an article on denial of service attacks. The short version of the story was that his site was hit by a denial of service attack totalling approximately 650Gbps (that’s roughly 6,000 times as much network bandwidth as your typical broadband connection), when his denial of service protection threw their hands up in the air and said: “That’s too much like hard work for a pro-bono service” and gave him 2 hours to move his site.

Google helpfully provided an alternative with Project Shield, and the site was reasonable quickly available again. And to be fair to the original denial of service attack providers (which I’m not naming), this level of attack was sufficient to cause problems to their paying customers and protecting from this level of attack is very expensive.

And indeed paying for denial of service protection is very expensive; the income for the entire lifetime of this blog site would pay for approximately 2 hours of protection. If that.

There are two aspects to this attack, although to be honest neither are particularly new.

The first is technical. Most distributed denial of service attacks are quite simple in nature – you simply ask a question of a dumb “server” with the return address of the site you want to attack. If you send out enough questions to enough dumb “servers” (which can actually be simple workstations or even Internet of Things devices), then you can overwhelm most sites on the Internet.

There are two fixes for this :-

  1. Don’t run dumb and insecure servers.
  2. ISP’s should stop allowing people to forge addresses on network traffic (Ingres Filtering or BCP38).

The second fix is the simplest method, but given how successful the decades long campaign for ISPs to do ingres filtering has been, tackling both ISPs and dumb servers is worthwhile.

As this latest attack may have been chiefly by IoT devices simply sending requests to the victim, the implementation of ingres filtering may not have been of much use in this case, but it is still worthwhile – this attack is not the only one that is happening. Attacks are happening constantly. However, tackling these “dumb servers” that were controlled by the attacker is also a priority, and we need to start seeing concrete action by the ISPs to tackle their customers’ mismanaged networks (home networks in many cases) – aggressive filtering of infected customer networks, and customer notifications that include advice.

Of course ISPs are not going to like doing that just as IoT manufacturers don’t like paying more to make secure appliances. Well, it’s time to name and shame the worst offenders; the bad publicity may help to counteract the lack of incentive to invest in processes that don’t immediately help the bottom line.

The second aspect is rather more serious. We now have an Internet where it is relatively easy to silence anyone who says something you do not like – if you’re rich enough to hire a denial of service gang. Anyone that is who cannot afford protection from such gangs, and there are suspicions that some gangs also provide denial of service protection services.

And this story is not the first time it has happened, and we need to start thinking about mechanisms to keep smaller publishers online when attackers try to censor them. Unless we want all our media controlled by the big players of course.

2016-03-28-swamped bandstand.small

Sep 212016

In England and Wales, there is no such thing as Common-Law Marriage, except when there is.

Which basically comes down to the fact that courts accept informal marriages where there was no other choice – the example on the Wikipedia page is of prisoners held by the Japanese who could not marry according to the formal process.

So where did the notion of common-law marriage come from? That Wikipedia page claims that it was some sort of group-think mistake made in the 1970s … well perhaps.

In fact, Scotland (until 2006) had something that would in England be called ‘common-law marriage’, and England in all likelihood had something equivalent even if the lawyers claim there was no such thing as “common-law marriage”.  They are right to a certain extent, but the history of marriage law in England is byzantine and twisted.

Details of what happened in England regarding marriage before the christian church came to dominance is shrouded in mystery, but in all likelihood marriage was a legally binding contract initiated by oath (it should be noted that an old form of the marriage vow includes the phrase “I plight my troth” and the word “plight” is the Old English word for oath). For those who are suspicious of a simple sworn oath being the basis for a marriage should note that in Anglo-Saxon times, the sworn oath was a fundamental building block of society, and nobody was lower than an oath-breaker.

One indicator of this are the marriage vows; a pompous religious or civil official may pronounce “You are now married” or even “I declare you married”, but the important part of the ceremony are the vows that the two people swear to each other.

In the early medieval era, the state had no time for laws regarding marriage – it was still effectively a private contract between individuals. The church on the other hand took in interest in dealing with abuses – bigamy, fornication, prevented forced marriage (probably not entirely successfully), etc. But the church could not and did not perform marriages; marriages would often be “blessed” within the church, but marriages themselves took place outside.

One of the important principles established was that an illegal marriage was still a marriage.

The church took control of marriage after the Council of Trent, and declared that no marriage was legal unless it took place within a church and the ceremony was performed by a priest. Yet in all likelihood ‘irregular marriages’ still took place especially when extra-parochial areas, or remote under-served parishes were considered (some remote areas in the North could see a priest as little as once a decade or longer).

And of course getting married required money – the priest would insist on his cut as payment for his services. So the poor probably carried on doing what their ancestors had done, and simply declared they were married and got on with it.

The state took over marriage law in 1753, in an attempt to combat “clandestine marriages” (it didn’t entirely succeed; those in need of such marriages merely eloped to Scotland where the law on marriage was more relaxed), and it is often said that this act abolished common-law marriage.

It didn’t. There was no such thing.

A 15th century marriage was legally nothing more than a contract as in an agreement to supply certain goods in exchange for land. It looked like common-law marriage, and it would not be too surprising if rumours of how marriage used to be persists down to the present day. Especially when you consider that a significant number of non-conformists who avoided CoE churches would have been ‘married by consent’ rather than ‘married in law’.

So what does this matter? Well apart from being historically interesting, it is important to note that unless you are officially married then you do not have the legal rights of marriage. So those who believe in ‘common-law marriage’ are welcome to continue to do so, but should bear in mind that it has no legal status.




Sep 162016

Mention the infamous haggis to most people, and naby will turn pale and need to steady themselves on any conveniently placed furniture at the thought of eating it. But why?

Those very same people will quite happily chomp through a plate of sausages without a thought.

One contains bits of an animal chopped up with a grain, and sealed within another part of an animal, and the other contains bits of an animal chopped up with a grain, and sealed within another part of an animal. Of course both sausages and haggises usually use artificial skins these days, but the point remains – a haggis is just a variation on a theme.

The key difference is the animal choice – haggis is based on sheep, and sausages are based on any animal that isn’t a sheep.

So you could say those people who are horrified by haggis are just anti-mutton, but that turns out not to be the case. Many of those horrified by haggis are quite happy chomping their way through a sheep.

2015-12-31-seagull in the light.p1

Sep 122016

The title of this post came from a tongue-in-cheek post on a forum I sometimes post on, and this post is not about the NHS nor it is even about socialism.

What it is really about is the over the top reaction you get when anything even tangentially related to socialism crops up anywhere someone from the US can see it. I’ve mentioned elsewhere that this is a variant on Godwin’s law whereby if someone accuses something of being socialist, they instantly win and condemn the “thing”.

To which I want to respond: grow up and think for yourself.

First of all, socialism is not the same as communism and in turn, communism is not the same as the kind of communism as practised by the Soviets. It is possible that communism inevitably leads to the kind of totalitarianism that the Soviets were so keen on, although there are those who disagree. But this is not about what sort of government you have.

It’s about how to run certain things. How do we pay for, and run certain services we have decided are essential such as :-

  • Health care (of individuals)
  • Public health (of society as a whole – vaccinations, sewage, water supply, etc.)
  • Police and justice system.
  • Defence

There are plenty of things that we have historically decided that should be paid for by the community as a whole, and be run by our government (in a very loose sense the community itself), including many of the items listed above. Even the most rabid anti-socialist is unlikely to start bleating about how the government is interfering with the private sector when talking about defence.

Yet suggest something new should be paid for by the community as a whole – such as the health care system – and Americans will start shouting “Socialism” and condemn the notion without looking at the merits.

By all means condemn a new community-funded notion if there are obvious problems with it, but to condemn it because it might be something suggested by a socialist government is ideologically-driven stupidity of the first order.


Sep 082016

Freedom of information requests are a pretty cool feature of law that forces public bodies to disclose information on request if it is appropriate to do so. However it effectively only applies to public bodies which effectively excludes most charities and private companies.


The purpose of the FOI law is to catch out public bodies that are up to some sort of shenanigans – spending public money on first class junkets to Hawaii (or Italy if you’re on the American continent), diverting funds intended for hospital beds to some less worthy purpose, losing nuclear submarines, and all sorts of other nefarious activities that idiots with inadequate supervision can get up to.

This is all very well … indeed very useful, because the public should be able to obtain details from public bodies about what they get up to.

But what about other organisations?

In theory, private companies are supervised by the board, which in turn is supervised by the shareholders. In practice, shareholders are unlikely to be interested in the day to day operation of a company until that company starts losing money. So what happens when a company is up to something nasty, but is still making profits? Well there is always the hope that hard investigative journalism will expose the scandal.

Or you could change the law and make freedom of information requests apply to all organisations.

Because journalists can use FOI requests to delve into the secrets of public organisations to get an easy story, we are in danger of getting a skewed picture of the relative merits of public organisations versus private organisations. If scandals within the public sector are easy to expose, and scandals within the private sector are hard to expose, we will get more stories about scandals in the public sector.

Which may lead the naïve to believe that the public sector is more prone to nefarious behaviour than the private sector.

So in a way FOI requests applying to only the public sector is another way of demonising the public sector.

But ultimately the question is: do charities and private companies sometimes get up to activities that it is in the public interest to know? If the answer is yes, then of course FOI requests should apply to them.



By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.