More Zonkyness

Being Vegetarian

Feb 012013

Every so often I get asked why I am a vegetarian, and I usually come up with some sort of humorous answer; partially because the real reasons are a little mixed up and confused. Probably the biggest reason I am a vegetarian today, is that I was a vegetarian yesterday. I have been a vegetarian long enough that the thought of eating dead animals just doesn’t occur to me.

Although I’ll be honest in this little rant, I am not a proselytising vegetarian. I am not even an especially good vegetarian given that I have on occasions worn leather (belts, and shoes mostly). But I’m also not a “vegetarian” who eats fish, which is not vegetarian at all. I don’t object to eggs (with the exception of stuff like balut) or dairy products. I also try to avoid products made with animal rennet and gelatin without making a fetish of it.

I became one of those nutty vegetarians way back in 1987 or 1988 whilst I was at University for a variety of reasons :-

I was never that keen on eating meat for taste reasons. Most of the “real” meat dishes were unpalatable – steak, lamb, mutton, etc.
I was becoming increasingly concerned with killing animals for food; animal welfare in meat production during the 1980s was practically non-existent.
Someone asked me. Whilst this is no reason to give up in itself, it pushed me over the edge.

Since then, I have discovered other reasons. Some of which you may agree with; some may seem like complete rubbish. But that is not the point as these are the reasons why I am a vegetarian.

But We’ve Evolved To Eat Meat!

No we have not evolved to eat meat; we have evolved to eat everything (omnivores).

Although we have evolved to eat everything, we have decided not to eat certain kinds of food:- carrion, insects, horses, dogs, and of course our fellow humans. But all of those things are a matter of taste or morality. So we have evolved to eat everything yet we can choose not to eat certain foods because of concerns bigger than filling our bellies.

One mistake that people make when they portray people as omnivores is to assume that we are evolved to eat meat on a daily basis. Perhaps, but the information on the diets of hunter gatherers is understandably somewhat vague. What is known is that many of the hunter-gatherer groups still around today will eat meat as and when it is available; and it is not available on a daily basis in the large quantities that meat eaters in the West consume it.

Or to put it another way, we may be evolved to eat everything, but not meat every day. And the kind of meat that we eat is definitely not the same as that eaten by a hunter-gatherer who would be eating very lean meat indeed.

So you could say that going vegetarian or partly vegetarian is good for health reasons, although that is not why I’m veggy.

Meat Is Murder!

Perhaps that is putting it a little extremely, but some kinds of meat are murder – cannibalism.

The suspicions are that the annoying fellow in the next valley has been on the menu for most of human history, and cannibalism is rather quickly resorted to in times of extreme necessity. We all accept that going out and shooting your neighbour to fill the larder would qualify as murder. So does killing a gorilla or a chimpanzee qualify as murder?

Without specifying physical or biological attributes, it is actually quite hard to distinguish between chimpanzees and humans. Communications? We both do it. Tool use? We both do it. Mourning the dead? We both do it.

It is true that most humans can communicate and reason better than chimpanzees, but they are not that far behind. And if you accept that they are perhaps a bit more than “mere” animals, are they not worthy of some level of respect? At the very least not killing them. Indeed the average ape is probably more worthy of respect than some humans (think of Harold Shipman).

And if you accept that chimps are worthy of enough respect not to kill and eat them, where do you draw the line? Some people eat horses; some don’t. Some people eat dogs; some don’t. And it goes on.

And some people choose not to eat animals at all. It doesn’t necessarily have anything to do with liking animals. There’s very few animals I like, but as far as I’m concerned just because you don’t like somebody is no excuse to chop ’em up and put them in your freezer.

It’s Green

In the old days, vegetarians used to argue that producing livestock was an inefficient way of feeding the world, which it is. After all the feed that livestock eat has to be grown itself. It turns out that we have more than enough food to feed everyone on the planet; starvation is caused by poor storage and poor transportation.

However it has also been discovered that livestock is one of the largest contributors to total greenhouse gas emissions caused by human activities. The figures are disputed but transport is supposed to contribute 13% of greenhouse gas emissions and livestock production up to 18% of emissions.

See :-

The criticisms of the 2006 UN report boils down to the fact that the UN took all of the emissions due to meat production into account and overestimated the effect of methane, whereas they only took into account the direct emissions caused by transport. This is a valid criticism, but on the other hand transport accounts for practically no rain forest deforestation whereas livestock production is right up there. And those who criticise the UN for their report come up with daft statements like less meat production would result in “…more hunger in poor countries”; of course in the global sense, people in poorer countries cannot afford meat!

If you don’t consume vast amounts of electricity and gas, and don’t drive a chelsea tractor down to the corner shop it may very well be that the biggest single change you can make to reduce greenhouse gas emissions is to cut down or eliminate meat consumption.

Don’t You Miss It?

No.

It is true that for the first few years of being a vegetarian, you get occasional cravings for certain meat products – in my case it was BLT sandwiches. But as time goes on, the cravings disappear.

Adventures in Cisco IOS Land: A Route For “Unknown” Internal Networks

Cisco, Computing, Working Notes No Responses »

Jan 262013

First defining the problem. Let us say that I have a network with plenty of space for subnets (perhaps 10/8) and I am only using a very small number of the possible subnets – for this example, perhaps 10.0/16, 10.1/16, 10.2/16. What happens when I ping something like 10.52.1.3? Or perform a network scan of 10/8 ?

Well logically if a packet is destined for an unknown network, it will get routed to the default gateway (or “gateway of last resort” in Cisco’s rather gloomy terminology). Given that in most cases, the default gateway is going to be pointed in your ISP’s direction, this is probably not a sensible choice. In most circumstances it probably doesn’t matter, but there are a number of scenarios where it could be an issue :-

If the default gateway thinks that the route to 10/8 is back down to the router, then you’ll have packets bouncing back and forth for a while. This may not be a major issue … or it could be if someone tries to flood all your unknown networks as quick as possible.
Your default gateway could be a firewall of some kind which helpfully blocks such packets itself. However it may also helpfully log all these in your log files as problems which unhelpfully conceals other issues. You do inspect your log files, don’t you?

There are quite possibly other problems I cannot think of on a lazy Saturday, but it’s also the case that preventing packets destined for unknown packets leaking is the right thing to do.

So how to do it ? With a static route of course :-

conf t
> ip route 10.0.0.0 255.0.0.0 Null0 254
> ipv6 route 2001:db8:beef::/48 Null0 254

The choice of the device Null0 is a bit problematic; it should really be a “device” that returns a ICMP destination unreachable immediately. However it’s better than nothing.

The choice of the “metric” 254 (or “administrative distance”) is specifically chosen to allow any other route learnt by any mechanism to overrule this route.

Having a route to Null0 that covers all your internal subnets may seem alarming, but it seems to work – at least for my network. It is also documented that routing will choose the most specific route in preference to the least specific route – or in other words a route to 10.0/16 is used in preference to the route to 10/8.

Of course if some Cisco routing guru comes along, I’d be more than willing to be corrected. I’ve also tried to check this against Cisco’s “routing for dummies” document.

Can Hackers Cause Your Local Sewage Plant To Run Backwards ?

Computing, Security No Responses »

Jan 132013

Perhaps.

But it is a lot more complex than the mainstream press would have you believe. That story above is effectively about researchers using a specialised search engine to find what is effectively the login banner of SCADA systems … that is those systems that control utilities such as sewage plants, power systems, etc. What is not so widely publicised is that the same researchers warned about these insecurities as far back as 2010, so the latest warning by the US government is a bit lackadaisical.

On the other hand the discovery of what is effectively login banners is just that – login banners. Whilst this is pretty poor practice, it does not necessarily mean that the bad guys can get into the relevant systems. Attaching critical systems directly to the Internet is something that really should not be done, but is often done because :-

It has probably long been the practice to attach such systems up in such a way that work can be carried out from home. In the past, it would have been via a dial up modem. Making such systems available on the Internet makes such insecurity more visible, although dial up modems themselves are not necessarily secure.
Attaching the systems directly to the Internet is the kind of laziness that comes from a desire for convenience. Only services that everyone on the Internet can legitimately make use of should be directly on the Internet. Attaching “work from home” services should be done via some sort of gateway service, such as a VPN system, but that requires more work.
On occasions, such systems are connected directly to the Internet in an emergency for convenience – such as getting a vendor to look at some problem. And of course once connected, it tends to stay connected. Amazingly enough, it often seems that the customer needs to jump through hoops for the convenience of a vendor rather than the other way around.

Of course gateway systems themselves can be vulnerable especially given the problems we have with weak passwords.

Earlier I mentioned that just because a SCADA system can be reached from the Internet does not mean a bad guy can break into it to cause damage. Well, that is true enough but most experts think that SCADA systems are riddled with security issues including default passwords left unchanged, etc. Pehaps as poor as the Internet was back in the early 1990s.

It is a strange thing, but it seems that vendors who sell us stuff do not seem to pay much attention to security until bad guys start attacking them and exposing their vulnerabilities.

So we have a situation where SCADA systems are directly connected to the Internet, and many of those SCADA systems are vulnerable in some way. Does this mean that bad guys are going to break in and destroy the utilities ?

Well, perhaps. But on previous occasions, the bad guys have broken in just to look around. As someone remarked to me recently, the bad guys are busy making money and unless they see a way to make money from insecure SCADA systems they will leave alone. Of course there is always the issue of cyber-terrorism where the bad guys are less interested in money and more in making a point of some kind or another.

But should you worry about the security of SCADA systems? Probably not. After all, why worry about something you have no power over? Should I worry about the security of SCADA systems – definitely (as you may have guessed my work involves security). Anyone in the information security business should be looking at their own SCADA systems and wondering whether they are protected properly.

Modern Low-Level Keyboard Mapping for Linux

Linux No Responses »

Jan 112013

Customising keyboard maps in Linux is somewhat … confused with lots of different tools and layers to perform the same task. There are a number of tools for performing some form of keyboard mapping, but the most common ones have some disadvantages :-

xkb (which is the modern X way), and xmodmap (which is deprecated but conveniently has a very simple syntax for dealing with a single key) both work fine for ordinary keys but cannot do anything with “unusual” keys not passed into X. Just look online for just how many people have trouble with multimedia keys not being recognised.
The PS/2-specific tools of dumpkeys, loadkeys, and setkeycodes which work fine, but are somewhat reluctant to help out with USB keyboards.
Plus the desktop environment you are using may well have its own idea of how the keyboard will be used (GNOME has a nasty tendency to grab the menu key away from me).

There is fortunately another way which is rather difficult to find information about. Which is the reason behind this posting of course.

This “other method” is to use the generic input system to perform the keyboard mapping which has certain advantages over other methods. Most of the information to do this came from a README file contained within the source code.

The Example Keyboard

To demonstrate keyboard mapping, it is helpful to have an example keyboard with custom mappings to play with. Many of the keyboards I use this for are rather complex with many mappings, but I also have a mini keyboard with relatively few mappings :-

Original Key	new function
Esc	Lock screen
`/~	Esc
Caps Lock	Control
Insert	Delete
Delete	`/~

No great mystery as to why I want my keyboard mapped this way – I’m just fussy about keyboards.

The Basic “Tool”

In fact there is just one tool – /lib/udev/keymap – which performs all of the relevant tasks. Before it can do anything, it needs to be provided with the path of the relevant input device. This is easiest done from the console (rather than in X) as root. The easiest way of identifying the device is to unplug the keyboard, reboot the machine, and :-

# ls /dev/input/e* > /var/tmp/old.list
[Plug in keyboard]
# ls /dev/input/e* > /var/tmp/new.list
# diff /var/tmp/old.list /var/tmp/old.list
> /dev/input/event13
> /dev/input/event14

If you are lucky, there will be just one new input device. If not, you will have to try each one in turn. The first job is to record the keycode of each key to be customised in turn. To do this, it is necessary to run keymap with the input device and the “-i” option, and each keystroke will result in some output :-

# /lib/udev/keymap /dev/input/event13 -i
Press ESC to finish, or Control-C if this device is not your primary keyboard
scan code: 0x70029   key code: esc
# /lib/udev/keymap /dev/input/event13 -i
Press ESC to finish, or Control-C if this device is not your primary keyboard
scan code: 0x70035   key code: grave
scan code: 0x70039   key code: capslock
scan code: 0x70049   key code: insert
scan code: 0x7004C   key code: delete

A key can be mapped temporarily using keymap. But before that a list of possible key names is useful to have; there is one to be found in /usr/include/ :-

# grep KEY_ /usr/include/linux/input.h | less

The relevant name would be the part that follows the “KEY_” converted to lower-case.

# /lib/udev/keymap /dev/input/event13 0x70035 esc

But that is rather a temporary solution; it is better by far to create a file containing the necessary mappings to be automatically applied :-

# cat /tmp/custom-filco.map
0x70029 screenlock
#	Original: key code: esc
0x70035 esc
#	Original: key code: grave
0x70039 leftctrl
#	Original: key code: capslock
0x70049 delete
#	Original: key code: insert
0x7004C insert
#	Original: key code: delete

Making The Mappings Permanent

The first step is to obtain some details to uniquely (or as much as possible) identify the keyboard. Run :-

# udevadm info --export-db > /tmp/udev-db.txt

And look through the output for the input device you previously used. Look for a ID_VENDOR_ID and ID_MODEL_ID that you can use.

Next add a rule to /lib/udev/rules.d/95-keymap.rules along the lines of :-

ENV{ID_VENDOR_ID}=="04d9", ENV{ID_MODEL_ID}=="2011", RUN+="keymap $name custom-filco.map"

Once this is working you may want to add it to your version of custom-filco.map as a comment to preserve it for use after upgrades; alternatively you may wish to create a new file that will not get overwritten.

Before activating the new rule, remember to copy /tmp/custom-filco.map into /lib/keymaps/custom-filco.map. And again keep another copy in a safe place to preserve.

As to how to activate, a reboot is probably the simplest way.

Doing A Celebratory Dance At The Edge Of The Fiscal Cliff

Politics No Responses »

Jan 022013

According to the news, the US politicians have finally decided not to take a running jump off the edge of the fiscal cliff and have come to some form of agreement in relation to US taxes. The markets have of course bounced dramatically because of the good news … or is it?

Firstly, this decision is late. US politicians have been trying to come to some form of agreement with regard to taxation and spending for at least 18 months; the deadline everyone was worried about was introduced to concentrate minds on an agreement. And yet no agreement was reached until the last moment. US politicians deserve to be fired for not coming to an agreement sooner.

Secondly, this decision is not a full decision at all. The agreement only covers taxation, and does not cover agreements on spending cuts. They have given themselves a further two months to agree the rest of it. And who is to say that they will manage an agreement this time around?

There are those who argue that the phrase “fiscal cliff” is scaremongering, and that it should really be called a “fiscal hill” (or some other phrase). They’re wrong.

The actual effects of going over the fiscal cliff may well be rather gradual with tax increases and spending cuts only gradually kicking in over the year of 2013. But that is ignoring the big problem.

The big problem is that the politicians in charge of the world’s largest economy are a bunch of incompetent idiots who would rather argue for partisan advantage than do their job – govern the country in the interests of all of the citizens of the US. In most circumstances, a bunch of people in charge of a large organisation who could not agree on a budget in a timely fashion could and would be fired.

Perhaps the citizens of the US should get together and “kick some ass” – point out to their politicians that they are expected to govern the country properly, and if they do not pull their socks up, they will all be booted out of office come the next election – Democrats and Republicans. It is not the fault of any one party, but the fault of both.

Older Entries Newer Entries