More Zonkyness

UK Wealth Inequality

Jul 112015

The usual response when someone brings up the subject of the rich being just too rich, is to mention the "politics of envy". Which is a great way of suppressing a reasonable discussion of the matter; anyone would think that the phrase was invented by the rich to protect their excessive wealth. Most people would agree that those who work hard, are creative, and contribute towards the nation's wealth should get a bit more than a chav living on benefits.

Fair enough, but they already do – and far more than people realise. And not all of the rich do contribute a great deal towards the nation; many of them are merely sitting on growing piles of wealth.

Torquay: Part 1

Photography No Responses »

Jul 082015

Torre’s Quay

Torre’s Quay

Whilst this looks like a pier, it’s really a pier on top of a quay.

On A Wheel

On A Wheel

Rock Surface

Rock Surface

Sea Flower

Sea Flower

The Key To Alternative “Medicine” Phrases

General, Humour No Responses »

Jul 052015

Herbal

An untested chemical that grows in the garden. Possibly not your garden.

It could be benificial – Aspirin is after all a cleaned up and tested version of what was previously a herbal remedy. It could be safe; at least it could be safe in the kind of doses suggested (everything is poisonous enough in high enough doses – even water).

But it has not been tested properly either for effectiveness, nor safety. And if it is effective, is it more effective than a placebo?

Chemical-Free

Another way of saying an empty bottle. If you shake your bottle and it rattles or gurgles, send it back as it's got chemicals in it.

Homeopathy

Expensive water.

In fact if there were any positive value to homeopathy, there would be no complaints of joint pain in hard water regions (calcium carbonate is supposedly a treatment for joint pain). And guess what? I get both hard water through my taps, and joint pain.

Natural

… as opposed to "man-made". Both are a means of production and neither means of production has any implications as to the effectiveness of a product.

However evolution does not tend to produce something whose sole purpose is to cure headaches; the willow tree evolved to have a nasty bitter tasting bark to discourage animals from eating its bark not to cure headaches. That was an accident. To treat a headache "naturally", you will need to find a willow tree, pull off a chunk of bark, grind it up, and eat it. A man-made pill labelled "Aspirin" is more readily available, safer (it only contains the chemical for the headache treatment), and is less damaging to those poor willow trees.

So in this case, "natural" is actually a bad thing.

Faith-Healing

Asking an imaginary friend for help. Frankly asking a real friend is just as likely to work, and any effectiveness is due to the placebo effect.

Acupuncture

If you want someone sticking pins in you to make a little wax figurine replica of you to say "Oww!" then by all means go ahead.

Everyday Annoyances: The Stealthy Pedestrian Crossing Lights

General No Responses »

Jun 192015

Around about where I live, they have been replacing "proper" pedestrian crossing lights with the silly little stealth ones you can see above.

I am sure those who designed the crossings and the height of these lights had some pretty good reasons for putting them where they are, but they might not have had the pedestrian in mind …

Firstly they are in an unnatural position forcing you to look away from the direction of travel. It is normal to look in the direction of travel, and when I do, I can miss the lights turning green.

Secondly, and far more irritatingly, becuase these lights are just at beer belly height, it is all too common for people to stand in front of them blocking the view of the lights. So even if you are looking in the right direction, you can miss the lights turning green.

So what is so bad about the old kind of pedestrian crossing lights?

Security: So What Is An Exploit Anyway?

Computing, Security No Responses »

Jun 122015

This is going to be relatively lightweight in terms of technical content; most explanations of what a security exploit is do tend to be very technical in nature.

So what is an exploit? At the most fundamental, it is what an attacker uses to take control of your computer. It can be compared with the installation routine you normally run to install a new application, because an exploit is effectively how an attacker installs their agent onto your computer.

There are on a simplistic level two kinds of exploits out there – the kind that works against people (the attacker tricks the person into running their code) or the kind that works against software. Of course there are exploits that sit in the middle and defy this simplistic classification, but as this is a simplistic posting, we'll gloss over those.

Exploits against people are frankly quite boring. All that is needed to protect against them is to apply the relevant operating system patches and avoid turning off malware protection. Unfortunately people tend to be very resistant to operating system patches and often indulge in practices that turn off their malware protection (drinking!).

The technically interesting exploits are the exploits against software. And when I say "technically interesting", it means that they get very technical and difficult to describe very quickly.

But at the core, such exploits involve tricking the computer into treating what should be considered as data as code. As a very simplistic example, imagine you have a web form that takes input from random strangers on the Internet, and the input from that form is added to a database. If the code has been written naively an attacker can simply append their code to the end of the input and it will be run.

All computer data is at the lowest level nothing more than numbers. The word "Hello" is actually encoded as a stream of numbers: 72, 101, 108, 108, 111, 10. Taking just the first three numbers, and I find there is a photo of myself with that sequence. And one of the editors I use (EMACS) also contains that sequence. The meaning of a sequence of numbers is dependent on how the computer chooses to interpret it.

A great deal of computer code is dedicated to interpreting those sequences of numbers as intended – so a picture is shown as a picture and not run as code in a Python interpreter. If a computer mistakenly (or is tricked into) misinterpreting a sequence of numbers as some kind of data that it is not, then the result could be just about anything but is most likely to be a crash or displaying garbage.

And just occasionally the computer will run that misinterpreted data as code.

And that in some circumstances can be called an exploit. But what happens after the exploit? What does the attacker do then?

That's something for another time.

Older Entries Newer Entries