More Zonkyness

IPv6: Why The DNS Is So Important

Oct 192016

This is a bit of a thought experiment, so it may be not entirely correct (especially the maths – my probability theory is very rusty).

One of the lesser reasons for using the DNS rather than IP4 addresses is that typing mistakes are more easily caught – if you intend to type 192.168.67.52, but accidentally enter 192.168.67.53 instead, you still have a valid IPv4 address. Whereas entering the domain name wombar.example.com instead of wombat.example.com will most likely get you an error instead of sending your secrets off to an unknown location on your network – unless you have a rather silly server naming convention of course!

But how likely are you to make a mistake typing in an IPv4 address? According to a random web site “out there”, the average accuracy of a typist is 92%, or an average of 8 typos per 100 characters. If we convert this into a probability, we get a probability of typing each character correctly as 0.92.

Given that typing IPv4 addresses is something that some of us have a lot of practice at, and in many cases we will notice typos before they become a problem, I’m going to arbitrarily declare that the probability of getting any character within an IPv4 address correct is 0.999. But to type in an IPv4 address correctly we have to get a maximum of 15 characters correct :-

1	2	3	4	5	6	7	8	9	10	11	12	13	14	15
1	9	2	.	1	6	8	.	1	2	8	.	1	2	8

So the probability of getting all those characters right is 0.999 (first character) x 0.999 (second character) … Or 0.999^15.

And once you work that out, subtract it from 1 (to get the probability of making a mistake) and convert it into a percentage, there is an 11% chance of making a typo in an IPv4 address.

For an IPv6 address such as 2001:db8:ca2c:dead:44f0:c3e9:28be:c903, which has 38 characters (no I’m not doing that silly table for IPv6) – 100 * (1 – 0.999 ^ 38) – 32%.

Now whilst my calculations may be a bit off, the likelihood of entering an IPv6 address incorrectly is nearly three times higher than the risk of entering an IPv4 address incorrectly.

In other words, with IPv6 you really need a good working DNS solution just to keep the errors to manageable levels.

dam-ip6

It’s Not A Backslash! No, It’s a Slash or Solidus!

Computing No Responses »

Oct 192016

I have just been listening to a Microsoft fanboy on the you tube wittering on about something (not computer related), when he tried to read out a URL. According to him, there are “backslashes” in the URL.

Not in any normal URL. For those who do not know, URLs are web site addresses such as http://really.zonky.org/. The character that appears after the network protocol (http) – the “/” is formally known as the solidus, and less formally as a slash. The slash that goes the other way is called the backslash (or more formally the reverse solidus).

And who decided that one was a slash (‘/”) and the other a backslash (‘\’)? Although it has been used since the Medieval era, it was probably first called as solidus in the 19th century because of it being used to signify the British shilling. Currently it is the Unicode Consortium who call it a solidus in the international standard for character encoding. If you disagree with them, by all means either convince them they’re wrong or set up a new international standard and get it more widely adopted than Unicode.

Until then, I’ll carry on calling someone who says a backslash looks like – ‘/’, wrong.

Does it matter? In the big scheme of things probably not, but it does make reading out instructions more difficult when either slashes or backslashes appear. After all computers rarely say “Ah! I see what you meant! You meant http://example.org/ which is different (and makes sense) to http:\\example.org\“. And as anyone who has ever encountered autocorrect “mistakes” will attest, letting computers decide what you meant is not always the best idea.

And how did the mistake originally occur? To some extent Microsoft is to blame, although I doubt Microsoft ever called the slashes the wrong name.

When Microsoft wrote their first operating system (DOS), they chose to make it semi-compatible with an earlier operating system (CP/M) which used the slash to indicate the use of an option to a command-line command which in turn was inherited from certain early DEC operating systems.

When they came to implementing directories (yes that long ago), they broke with the tradition of stealing ideas from DEC (or we would have ended up with paths like C:[WINDOWS.SYSTEM]FOO.SYS) and instead chose the Unix path separator. But the slash conflicted with option processing on the command-line, so they used the backslash instead – C:\WINDOWS\SYSTEM\FOO.SYS.

Of course people started calling the backslash, a slash, and I’m sure there are many out there who will continue despite being told that they are wrong. Of course when I say they’re wrong, I have the backing of an international group of grapheme experts behind me.
solidus

Is Donald Trump A Democrat?

Politics No Responses »

Oct 022016

donald-trump-bw

I have said it before (quite possibly here): US politics sometimes seems like some kind of bizarre reality media show put on by the US to entertain the rest of the world. No serious political system could be that dysfunctional? Could it?

But this post is going to concentrate on the just one of the possible candidates (despite the media reports there are lots) – Donald Trump. It might be a little tin foil haty to ask this, but is anyone sure that he really isn’t a democrat supporter running as a spoiler? I mean the guy is so over the top as a buffoon, it seems like the most likely cause of his behaviour is that he really is a Democrat supporter who is running as a Republican to remove any possibility that the Republicans can conjure up a credible candidate.

Just look at some of the things he’s said :-

Do you mind if I sit back a little? Because your breath is very bad.

Just a silly example to start with. Most of us have thought this from time to time, but usually have second thoughts before opening our mouths. Now why do we re-think and decide not to say it? Because going around being nasty to people without consideration is indicative of a certain level of sociopathology. What is worse is that it is indicative of a dumb sociopath, as most people with enough sense to keep breathing without being constantly reminded to do so, will realise that acting like a dick will not win friends and influence people.

The point is that you can’t be too greedy.

Really? Kind of symptomatic again.

All of the women on The Apprentice flirted with me – consciously or unconsciously. That’s to be expected.

Creepy. Even ignoring political correctness, the later sentence implies an horrendous arrogance to the man.

If people can just pour into the country illegally, you don’t have a country.

Now there may well be problems with illegal immigration (although personally I doubt the problems outweigh the advantages), but the idea that you’ll lose you country because of immigration? Ridiculous. Illegal immigrants are nowhere near populous nor powerful enough to take over your country, and by the time their descendants are, they won’t be illegal immigrants any more but they will be you.

Scare mongering is the tactic of the lowest form of politician, and we all know how low they can get.

People love me. And you know what, I have been very successful. Everybody loves me.

No they don’t. Some people may love you, but not all. To think so is extremely delusional.

As for successful, it all depends on your criteria for success but most of his alleged success has taken place in the property development field which is notoriously easy if you already had money to invest (he did). There are a considerable number of serious commentators out there who question his business acumen.

I feel a lot of people listen to what I have to say.

What he neglected to mention is why people listen. Sometimes it’s to fall about pissing themselves with laughter.

That’s one of the nice things. I mean, part of the beauty of me is that I’m very rich. So if I need $600 million, I can put $600 million myself. That’s a huge advantage. I must tell you, that’s a huge advantage over the other candidates.

Which is of course another condemnation of the US political system which allows the rich and powerful to buy their way to power.

Sure, sure, I’d like to see Apples built in the United States, not built in China. I’d like to see them have factories in the United States. At least partially. They make nothing in the United States, virtually.

I’m reminded of King Canute (or Cnut) trying to hold back the tide. Fundamentally China is successful at producing mass market goods because it has very low labour costs. By the time you reduce US labour costs to the level of the Chinese, you will be looking at a revolution; the myth of the American dream won’t survive starvation.

As for nothing being built in the US, Trump needs to get out of his tower and go and take a look. There’s plenty being built in the US, but you won’t find cheap consumer goods (unless you count that made with slave labour; sorry I meant prisoner labour).

As your president, I will do everything in my power to protect our LGBTQ citizens from the violence and oppression of a hateful foreign ideology.

I hear the LGBTQ community has more to worry about the violence and oppression of a hateful domestic ideology.

Thanks to Hillary Clinton, Iran is now the dominant Islamic power in the Middle East, and on the road to nuclear weapons. Hillary Clinton’s support for violent regime change in Syria has thrown the country into one of the bloodiest civil wars anyone has ever seen – while giving ISIS a launching pad for terrorism against the West.

This is not the only quote about how Hillary Clinton is responsible for all of the world’s ills (and probably the four horsemen of the apocalypse too). Fact is that no foreign policy is going to cure the world’s ills; you can only respond to what other countries and people are doing. Foreign intervention in a country can make an existing situation worse but not create that situation.

build a permanent border wall between the US and Mexico that Mexico “must pay for”. The plan proposes various sticks to force Mexico to cooperate, such as impounding all remittance payments to Mexico from illegal wages earned in the US.

Ah yes! The infamous wall to stop immigration from Mexico. If we assume the wall will cost $1.5 million per kilometre, covering the whole 3,200 kilometres of the US-Mexico border will cost a cool $4.8 billion although this is probably a wild underestimate of the cost given that the 2006 Security Act allocated $1.6 billion for just a fence, and critics claim that it will need at least $4.8 billion more than is allocated. And that is for a fence not a wall.

And why should Mexico pay for it? They are not getting the benefit.

And you can use all the long words you like, but “impounding remittance payments” is just theft.

And that is of course just a quick taste of the inanities that Trump has come out with. There are those who excuse these comments by claiming a blunt honest man is better than another slimy politician. But there is a difference between bluntness, honesty and just plain stupidity. And having a stupid man in charge of the White House (and all that goes with it) is definitely not a good thing.

Internet Censorship By Denial Of Service

Computing, Security No Responses »

Sep 282016

One of the things that has happened recently was that a commentator on security matters (Brian Krebs) was taken offline by a massive denial of service attack, which (not so) mysteriously happened after he published an article on denial of service attacks. The short version of the story was that his site was hit by a denial of service attack totalling approximately 650Gbps (that’s roughly 6,000 times as much network bandwidth as your typical broadband connection), when his denial of service protection threw their hands up in the air and said: “That’s too much like hard work for a pro-bono service” and gave him 2 hours to move his site.

Google helpfully provided an alternative with Project Shield, and the site was reasonable quickly available again. And to be fair to the original denial of service attack providers (which I’m not naming), this level of attack was sufficient to cause problems to their paying customers and protecting from this level of attack is very expensive.

And indeed paying for denial of service protection is very expensive; the income for the entire lifetime of this blog site would pay for approximately 2 hours of protection. If that.

There are two aspects to this attack, although to be honest neither are particularly new.

The first is technical. Most distributed denial of service attacks are quite simple in nature – you simply ask a question of a dumb “server” with the return address of the site you want to attack. If you send out enough questions to enough dumb “servers” (which can actually be simple workstations or even Internet of Things devices), then you can overwhelm most sites on the Internet.

There are two fixes for this :-

Don’t run dumb and insecure servers.
ISP’s should stop allowing people to forge addresses on network traffic (Ingres Filtering or BCP38).

The second fix is the simplest method, but given how successful the decades long campaign for ISPs to do ingres filtering has been, tackling both ISPs and dumb servers is worthwhile.

As this latest attack may have been chiefly by IoT devices simply sending requests to the victim, the implementation of ingres filtering may not have been of much use in this case, but it is still worthwhile – this attack is not the only one that is happening. Attacks are happening constantly. However, tackling these “dumb servers” that were controlled by the attacker is also a priority, and we need to start seeing concrete action by the ISPs to tackle their customers’ mismanaged networks (home networks in many cases) – aggressive filtering of infected customer networks, and customer notifications that include advice.

Of course ISPs are not going to like doing that just as IoT manufacturers don’t like paying more to make secure appliances. Well, it’s time to name and shame the worst offenders; the bad publicity may help to counteract the lack of incentive to invest in processes that don’t immediately help the bottom line.

The second aspect is rather more serious. We now have an Internet where it is relatively easy to silence anyone who says something you do not like – if you’re rich enough to hire a denial of service gang. Anyone that is who cannot afford protection from such gangs, and there are suspicions that some gangs also provide denial of service protection services.

And this story is not the first time it has happened, and we need to start thinking about mechanisms to keep smaller publishers online when attackers try to censor them. Unless we want all our media controlled by the big players of course.

2016-03-28-swamped bandstand.small

The Common-Law Marriage “Myth”

History No Responses »

Sep 212016

In England and Wales, there is no such thing as Common-Law Marriage, except when there is.

Which basically comes down to the fact that courts accept informal marriages where there was no other choice – the example on the Wikipedia page is of prisoners held by the Japanese who could not marry according to the formal process.

So where did the notion of common-law marriage come from? That Wikipedia page claims that it was some sort of group-think mistake made in the 1970s … well perhaps.

In fact, Scotland (until 2006) had something that would in England be called ‘common-law marriage’, and England in all likelihood had something equivalent even if the lawyers claim there was no such thing as “common-law marriage”. They are right to a certain extent, but the history of marriage law in England is byzantine and twisted.

Details of what happened in England regarding marriage before the christian church came to dominance is shrouded in mystery, but in all likelihood marriage was a legally binding contract initiated by oath (it should be noted that an old form of the marriage vow includes the phrase “I plight my troth” and the word “plight” is the Old English word for oath). For those who are suspicious of a simple sworn oath being the basis for a marriage should note that in Anglo-Saxon times, the sworn oath was a fundamental building block of society, and nobody was lower than an oath-breaker.

One indicator of this are the marriage vows; a pompous religious or civil official may pronounce “You are now married” or even “I declare you married”, but the important part of the ceremony are the vows that the two people swear to each other.

In the early medieval era, the state had no time for laws regarding marriage – it was still effectively a private contract between individuals. The church on the other hand took in interest in dealing with abuses – bigamy, fornication, prevented forced marriage (probably not entirely successfully), etc. But the church could not and did not perform marriages; marriages would often be “blessed” within the church, but marriages themselves took place outside.

One of the important principles established was that an illegal marriage was still a marriage.

The church took control of marriage after the Council of Trent, and declared that no marriage was legal unless it took place within a church and the ceremony was performed by a priest. Yet in all likelihood ‘irregular marriages’ still took place especially when extra-parochial areas, or remote under-served parishes were considered (some remote areas in the North could see a priest as little as once a decade or longer).

And of course getting married required money – the priest would insist on his cut as payment for his services. So the poor probably carried on doing what their ancestors had done, and simply declared they were married and got on with it.

The state took over marriage law in 1753, in an attempt to combat “clandestine marriages” (it didn’t entirely succeed; those in need of such marriages merely eloped to Scotland where the law on marriage was more relaxed), and it is often said that this act abolished common-law marriage.

It didn’t. There was no such thing.

A 15th century marriage was legally nothing more than a contract as in an agreement to supply certain goods in exchange for land. It looked like common-law marriage, and it would not be too surprising if rumours of how marriage used to be persists down to the present day. Especially when you consider that a significant number of non-conformists who avoided CoE churches would have been ‘married by consent’ rather than ‘married in law’.

So what does this matter? Well apart from being historically interesting, it is important to note that unless you are officially married then you do not have the legal rights of marriage. So those who believe in ‘common-law marriage’ are welcome to continue to do so, but should bear in mind that it has no legal status.

marriage-bw

Older Entries Newer Entries