More Zonkyness

Blog

  • America: The Greatest Country On Earth?

    Of course it isn’t; it’s England (I’m English).

    It’s all very patriotic to claim your country is the greatest on earth, but it also indicates an immense level of smug complacency. If you live in the greatest country on earth there is no reason to look at your country and see what to do better.

    Some questions to ask yourself about your country :-

    1. Where does your country fit in the list of infant mortality?
    2. How free is your country according to the Press Freedom Index?
    3. What ranking does your country get in the list of life expectancy?
    4. How evenly is wealth distributed?

    Now you might not agree with my list of how well a country is doing (and mine isn’t necessarily the same as the one above), and I may well disagree with your list vehemently. But that is beside the point – choose your list of what you think is important in a country, assess your country’s level, and then decide if your country is the greatest, or whether it could do better.

    stack-of-coins-p1

  • Vim: The Ex Mode

    I have recently been ‘entertaining’ myself with watching some videos on the vim editor which to the uninitiated is an extremely powerful if somewhat ‘unusual’ editor that is popular amongst Linux power users. One of the surprising things that came up was that apparently there are experienced vim users who are not aware of why the ex mode exists.

    Or probably why the ex command exists.

    In the dim and distant past (and in fact even longer than I’ve used Unix!), one of the possible ways of interacting with computers was with a printing terminal :-

    On such a terminal, using a visual editor like vim (or it’s predecessor vi) would have been painful. Redrawing the screen would take a couple of minutes or more; imaging moving the cursor across from the beginning of the line to the end!

    So it was common to use an alternative kind of editor – the line editor. The process of creating a file is somewhat clumsy :-

    $ ex ~/Foo
"~/Foo" 1L, 4C
Entering Ex mode.  Type "visual" to go to Normal mode.
:p
Foo
:a
Bar
.
:p
Bar
:1
Foo
:write
:quit

    Now for a quick explanation (although this is no tutorial on line editors!): The ex ~/Foo is the command given to start editing a pre-existing file called Foo in the ex editor. After the editor starts up, I enter the “p” command to print the current line. I then use the “a” command to append text after the first line, and enter a “.” on it’s own to finish adding lines. Again I use “p” to print the current line, and then “1” to print the first line.

    Which is more than you’ll ever want to know about how to use ex, so why does it still exist?

    The first reason is simply because it’s possible. It’s almost certainly fairly easy to support the ex mode with vim; after all the ex-mode is effectively the commands you get when you enter “:” within vim.

    The next reason is that line editors were sometimes used within shell scripts to batch edit files, and somewhere out there is a shell script from hell that relies on ex to keep running.

  • Friday’s DDoS: Assisted By Poor DNS Configuration

    Yesterday lots of people found the Internet disappearing on them due to a significant DDoS attack against the DNS infrastructure of one company. Now there are all sorts of suggested fixes for this sort of problem, some of which are useful.

    However it is notable that people have not mentioned one method built into DNS which could have been used more effectively. Indeed one suggestion was for the DNS to do something it already does – caching.

    When you ask your ISP’s DNS servers to resolve a name such as example.org, the answer that your ISP’s DNS server gets back contains several bits of information in addition to the answer you are interested in (the IP address to connect to). One of which is how long to cache the value for, which means that your ISP’s DNS servers can save themselves some work for as long as they are allowed to cache the answer for.

    Now it is awfully convenient to set this value to something like 5 minutes because if you have a need to change the value, it is nice to have the value change as quickly as possible.

    But it also increases your vulnerability to a weaknesses in the DNS infrastructure.

    If you increase the time-to-live (TTL) value to something more like 24 hours, then your DNS servers (or more usually the DNS servers of your DNS service provider) are required less frequently which means that if something takes them offline for any reason then there would be a decreased impact. It will still stop some people from getting the DNS answers they need, but the proportion unable to get an answer will drop dramatically.

     

    damascus-dns

  • Calais Children and the Pathetic Little Whinging Cowards

    All that is necessary for the triumph of evil is that good men do nothing

    – Possibly not Edmund Burke.

    If you are of sensitive disposition and get a little twitchy around ‘naughty’ words, probably best skip this one – I’m really, really angry and the box of swear words is wide open.

    Recently there has been some noise on my Facebook feed perpetrated by the kind of malevolent dipsticks who swallow the output of the Daily Fail (I’m not linking directly to their site because the slimy little shits don’t deserve the extra ad revenue) wholesale. Specifically there are some ‘concerns’ regarding the child migrants from Calais entering the country.

    Apparently these fearful little whinging cowards are quaking on terror at the thought that some of these child refugees might not be children, but either young adults or some sort of Daesh terrorist in disguise. So because there is a tiny risk that some children might be a little too old to be technically children, or that there is a tiny risk that some might be associated with Daesh, we’re supposed not to give some refugee children in dire straits a home?

    Hell, no.

    Whilst the pathetic little worms are right in saying that some of the children might be a bit too old to be considered children, and there might be some risk that Daesh could infiltrate a terrorist, it’s time to tell the to tell the worms to piss off until they’ve grown a spine.

    We’re British, which doesn’t mean cowering in our little hovels hoping that bump in the night isn’t some monster out to get us. It means doing the right thing and welcoming child refugees to our country, and if that means a bit extra risk (although most terrorist attacks are from home-grown terrorists), then we’ll suck it up. Hell, we take a bigger risk opening the front door and going to work every day.

    And if you’re one of those pathetic individuals who doesn’t agree with this, then you can fuck right off. I’m not lowering my standards to pacify your pathetic need for safety, and it is about time a few more of us were prepared to tell you how pathetic you are.

    cropped-B84V9142t1-elements-have-their-way-1.jpg

     

  • IPv6: Why The DNS Is So Important

    This is a bit of a thought experiment, so it may be not entirely correct (especially the maths – my probability theory is very rusty).

    One of the lesser reasons for using the DNS rather than IP4 addresses is that typing mistakes are more easily caught – if you intend to type 192.168.67.52, but accidentally enter 192.168.67.53 instead, you still have a valid IPv4 address. Whereas entering the domain name wombar.example.com instead of wombat.example.com will most likely get you an error instead of sending your secrets off to an unknown location on your network – unless you have a rather silly server naming convention of course!

    But how likely are you to make a mistake typing in an IPv4 address? According to a random web site “out there”, the average accuracy of a typist is 92%, or an average of 8 typos per 100 characters. If we convert this into a probability, we get a probability of typing each character correctly as 0.92.

    Given that typing IPv4 addresses is something that some of us have a lot of practice at, and in many cases we will notice typos before they become a problem, I’m going to arbitrarily declare that the probability of getting any character within an IPv4 address correct is 0.999. But to type in an IPv4 address correctly we have to get a maximum of 15 characters correct :-

    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
    1 9 2 . 1 6 8 . 1 2 8 . 1 2 8

    So the probability of getting all those characters right is 0.999 (first character) x 0.999 (second character) … Or 0.999^15.

    And once you work that out, subtract it from 1 (to get the probability of making a mistake) and convert it into a percentage, there is an 11% chance of making a typo in an IPv4 address.

    For an IPv6 address such as 2001:db8:ca2c:dead:44f0:c3e9:28be:c903, which has 38 characters (no I’m not doing that silly table for IPv6) – 100 * (1 – 0.999 ^ 38) – 32%.

    Now whilst my calculations may be a bit off, the likelihood of entering an IPv6 address incorrectly is nearly three times higher than the risk of entering an IPv4 address incorrectly.

    In other words, with IPv6 you really need a good working DNS solution just to keep the errors to manageable levels.

    dam-ip6