Dec 042023
 

Just for fun (I have admittedly a very weird sense of fun), I thought I’d have a look at one of the phishing emails that came into me. I’ll go through this bit by bit, picking out bits that first occurred to me …

Subject: LastPass : Required action needed regarding your account

Eh? Do I even have a LastPass account? I keep my passwords stored somewhere else, but it’s not impossible – I’ve been known to sign up to things just to test them out. Including cloud-based password managers.

But all the same, let’s give it a point on the suspicion scale. Running total: 1.

From: LastPass <yoji-okugawa1975@tg8.so-net.ne.jp>

Well LastPass certainly use a funny looking email domain (the bit to the right of the “@”), but Marketing departments sometimes aren’t aware of how important that email domain really is. On the other hand, “tg8.so-net.net.jp” does look particularly uncorporate, so let us give it a suspicion point.

Running total: 2

On the other hand, it is too easy to fake domains – I could very easily send you an email from the-management@lástpáss.com (and even more subtle equivalents of “a” – “а”, “ạ”, “ą”, “ä”, “à”, “á”, “ą”). And just to demonstrate something that looks identical can actually be quite different :-

In [8]: print(ord('а'))
1072

In [9]: print(ord('a'))
97

Now this isn’t to suggest that you should run your email headers through some Python code, but just that because something looks like lastpass.com doesn’t mean it really is. The next thing that jumped out at me was the body of the email – I may be well trained, but something new and shiny is still distracting :-

Now the first thing that jumps out at me is that red “Confirm my information” box. Screams “click here” doesn’t it? Well don’t click on it! In my email client (something you’re quite likely not using – claws-mail), if I hold the mouse pointed above a link, it’ll tell me where that link goes in the status bar of the client. In this case it shows up as https://tg8.benchurl.com/…. doesn’t look very much like lastpass.com does it? That’s sufficiently suspicious that I’ll award it 3 suspicion points.

Running total: 5

Notice how they don’t add a “Dear ${name}” to the top of the email? Not personally addressing email is ever so convenient to scammers that want to get your details – because they don’t necessarily know your name. That’s a suspicion point all on its own.

Running total: 6

Next note how it tries to rush you … “log in before January 16, 2024”. It’s subtler than many phishing scams, but it’s still trying to rush you. Add another suspicion point.

Running total: 7

There’s further details we could dig into, but that’s more than enough that the Delete button is the only thing this email should attract. That running total? It was just for fun, it’s not intended as a guideline for when to count something as a phishing email.

In the case of doubt, contact the company via other means.

Oct 132023
 

Do you have a disk in your computer to keep data on? Really? It must be quite old then. Most of us are switching to solid-state devices.

And even if your hard disk really is spinning rust, it technically isn’t one disk; it’s a number of them (individually called platters).

IBM terms all appropriate storage devices DASDs (direct-access storage device) which because it refers to what the storage device does rather than describes how it is constructed. Except for the difficulty pronouncing it, it makes a far better name.

How about cheating and referring to them as DASes?

Wooden and Concrete Seating
Jul 302023
 

Ah yes! Well the first thing to answer is what a terminal is.

A terminal is a device for communicating with text (graphics was possible but relatively rare especially in the early days) with a computer – you would type in a command in text and the computer would respond in text :-

» ls
1  2  bad-directory

Although the “terminal” is still available today in the form of a gooey program, the early terminals communicated with the computer with some form of serial port (usually RS232). The first terminals were modified teleprinters (often called “Teletypes” due to the domination of that company in the USA). These were large electromechanical devices where the display was paper – they were printing terminals.

The first terminals that displayed on a screen were very much like the printing terminals – they would “print” output from the computer on the last line of the screen and scroll for additional lines. Just like on a printing terminal except that once things scrolled off the top of the screen they were lost.

At this point in computing history, we’re just at the start of the microcomputer age; in fact one of the uses for which Intel’s second processor (the 8008) was developed was to operate as the heart of a computer terminal.

As the microprocessor controlled terminal was essentially run by software, programmers started adding in new features that would do things like clear the screen, move the cursor around the screen so you could display text anywhere you wanted.

At this point one definition of “dumb terminal” can be found – a terminal that just emulated a printing terminal was a dumb terminal; ones with additional features weren’t so dumb.

As the 1970s progressed, terminals gained more and more features and eventually some became capable of downloading software from the computer they were connected to and running that software locally. Such as (optionally) the HP 2647. Or the Bell Labs blit terminal.

Such terminals could be termed “smart” and their predecessors “dumb”. And if you notice a similarity with the somewhat later “thin clients“, you wouldn’t be entirely wrong.

Alternatively, some terminals (such as the IBM “green screen” terminals) operated in block mode where the terminal would allow a certain amount of editing within the terminal and send the result back to the computer a screen at a time. These necessarily had to have a certain amount of “smarts” built in, so they were smarter than character at a time terminals (thus “dumb”).

"Dumb" Terminal
A “dumb” terminal

So to an extent there is no real agreement on what a “dumb terminal” really is. Pick one that you like!

Jun 112023
 

Ah yes! The eternal debate on how to do storage under Linux (and previously Unix). This debate has been going on since Unix found itself with some disks.

No, but …

First of all, in the simplest case of installing Linux onto a machine with a single disk isn’t the only possibility here. If you are in that situation, you do need to consider a separate partition for the /home file system.

But there are all sorts of other possibilities here – for example my own workstation has a separate /home file system but it comes from another (ZFS) storage pool of disks. So my system disk doesn’t have a separate partition for /home. If you are using extra disks you’ll almost always want a separate /home file system.

But before we get too deep into the technical terms, what exactly are they?

  1. When setting up a new disk, you can divide it up into 1 or more partitions which to the operating system look pretty much like disks – you can use nvme0n1 to create a file system, or you can use nvme0n1p1. On a system disk you will very often have three or more – one each for /boot, /boot/efi, and / (at the least).
  2. Once Linux has taken over a disk and “formatted” it for its use, it has a data structure on it that makes it a file system of one type or another. This file system can be mounted at any point in the hierarchy, so historically (when we had much smaller disks), there could be file systems mounted at /, /usr, /var, /var/spool, /usr/local, etc.

So do we need a separate /home file system? Of course not, but that doesn’t mean it isn’t a wise thing to do.

If you’re setting up a throw-away laptop that won’t ever store anything important, then sure a separate /home file system is probably a waste of time – it’ll probably only ever store some configuration files. If the system you’re setting up is your main machine and /home contains all your files – past, present, and future, then a separate /home file system is worth considering.

  1. If you ever re-install the operating system, your separate /home could be preserved so that you don’t have to restore from backup. That isn’t safe (so you should always have a backup elsewhere) but it can be done fairly easily (with enough practice).
  2. If you upgrade your storage, a separate /home file system can be quicker and safer to copy (at the file system level) to the new storage. Doing it on a file-by-file basis (such as with the excellent rsync) is likely to be very much slower than doing it at the file system level (such as with zfs send).
  3. It should be a great deal easier to take important backups if all the important files are on one file system.
Peering At Each Other
Feb 092023
 

Sometimes, computers seem to suck at maths :-

>>> 1.2 - 1.0
0.19999999999999996

To be fair, that’s a raw Python interface; an application intended for use as a calculator works a bit better :-

» qalc 
> 1.2 - 1.0

  1.2 − 1 = 0.2

The problem is related to low-level numeric types. Computers store numbers in a variety of different formats (called types by developers). Whole numbers (integers) are easy – just allocate a certain number of 8-bit bytes (more means you can store bigger numbers; but it takes more memory for each number) and you would have something that would store whole numbers with perfect accuracy.

Floating point (i.e. numbers with a ‘decimal’ point) on the other hand are much more a compromise between size and accuracy. Floating point in effect uses scientific notation for numbers – 1.23E23. So a number is split into two – the mantissa (effectively the bit before the “E”) and the exponent. Storing two numbers in 32-bits (single precision) limits the precision in which numbers are stored but is usually sufficient and allows a far larger range of numbers :-

>>> print("{:10.4f}".format(1.2 - 1.0)) 
    0.2000

In other words if you are using a low-level interface as a calculator, you can produce sensible output merely by writing your code properly. Or use a proper calculator program like qalc(ulator).

This is of course an over simplification and the Wikipedia article on single precision floating point goes into far more detail than I want to understand. Amongst other things I’ve glossed over is the problem of performing calculations in base 2 (binary) rather than base 10 (decimal).

Plus there are a whole bunch of other numeric types such as larger floating point types, decimal floating point, bignums (which use whatever memory is necessary to store a number), fixed point, etc.

Computers aren’t bad at maths; it is just you can trick them into making themselves look bad.

Untitled Seascape