Saturday, 24 October 2015
don't talktalk about it
CBBC star Hacker T Dog.
The current hack into TalkTalk's website creates an interesting taste of living in the cloud. The perpetrators are now claiming to have 4 million customer records and apparently have even issued a ransom note like something from a TV plot.
We've all got far more data than we care to think about lodged away in systems which increasingly work in the cloud. Part of that is because we all also want to be able to access these systems from smartphones and browsers, rather than sit on interminably long calls to so-called help desks.
Another reason is because industry is all being persuaded that it is economically sound to put their systems into cloud computing environments.
Systems like Google also progressively tie all our data together, so that even if you want to have a separate personal and professional appearance in the internet, the G+ robots will eventually catch up.
I use one of those automatic password generators for my own access to systems. It comes up with passwords along the lines of:
ryeX-Uc-bEv-jaw-oD-fIn-inG
And nope, I'm not actually using that one and I've selected randomised lengths too, so the syntax of my actual passwords will differ.
Of course I can't remember them all, and have to use 1Password to wrangle them.
The problem comes when people use passwords like -er- qwerty12345 or asdfg-0987 or password1992 or CFC4evva. It's because there's a high social engineering probability that this type of user will be using the same password elsewhere. So browsing through an unencrypted list of users, there'll be some that are probably easier to target, simply based upon the type of password they use.
Back to TalkTalk. The story goes that the hackers used a denial of service attack first as a diversionary tactic, whilst the slurping of data was taking place. The thieves even put up an extract of the data they stole onto a website to illustrate what they've done.
The data (if genuine) was still being displayed today, Saturday, some four days after the attack.
If I was John who drives taxis, Hadyn, Norma, Fraser, Catherine, Dolph or Amanda, amongst many others, I'd be pretty annoyed that my record was still on public display. If I was Ben or Rahmet, I'd be even more annoyed that my entire TalkTalk order was listed (update it's all still there on 26 Oct)
I'm not buying it though. Getting into a website is one thing. Like that opening sequence in Homeland the other day when the dodgy internet club managed to hack into the CIA. Then they immediately started downloading files that were at the core of the CIA's best secrets in Germany.
Yeah, right. It's sometimes hard enough finding files on one's own systems, let alone on a secret CIA station in Berlin.
But that seems to be what these hackers claim to have done as well.
Not only did they flood the TalkTalk system to make it run slowly, they then claim to have used this same period to get inside, and somehow find the exact files where the cellphone and SIM orders were kept, in clear (i.e. not encrypted format), and all comma delimited.
The method of intrusion as described is all a bit too tidy.
This smacks to me more of something purposeful conducted from inside TalkTalk's walls. It could be a whole lot simpler too. The conditions: Someone with access to the right files runs/introduces a pre-formed SQL query generating an Excel CSV (comma separated values) file and then downloads it to a memory stick, or via bluetooth to a phone.
This could be in a central location (operations or development), or possibly even from a helpdesk if there's local copies of the customer file. No wonder the class of tools to do these kind of dubious things are called Mole, Pangolin (scaly burrowing anteater) and Injector.
I guess it will all play out over the forthcoming days and weeks. It might also explain why the note accompanying the upload of the stolen data contains a message which says things like:
"We Have Made Our Tracks Untraceable Through Onion Routing, Encrypted Chat Messages, Private Key Emails, Hacked Servers."
Why bother to say These Things And With So Many Capital Letters? It's a bit like the villain's speech to explain the next logic jump to James Bond.
There's more, but it starts getting into a more lurid and fundamentalist area which I won't document here. The slightly juvenile style looks quite different from the increasingly common attacks on casino sites with distributed denial of service and BitCoin as ransom.
The eventual after-effect of this TalkTalk attack will probably be to create even more layers of security for not just TalkTalk's site, but everyone else.
Coincidentally, a few days ago I described a situation where a big commercial site had mis-transcribed my address in a way that meant they would only send things to a (wrong) address to Plot (wrong Number) in (wrong town) Shellsea in order to identify me.
A few days later I saw a different example on television, where (wrong name) Dr.Occupier was being incorrectly billed for electricity but could not change it because the security questions needed his/her name "Dr.Occupier" to be specified.
I suppose we can't have all this smartphone cloud access without the attendant security, so cue those sayings about the indolent falling prey to the active or about freedom, liberty and vigilance - I'm sure we'll be hearing them all over the next few days.
Thursday, 22 October 2015
shake it off
I wonder what will happen now that all the freebie subscriptions to Apple Music have run out?
For many, they actually ran out a month ago, but I expect there's a lot of people like me who don't remember until the money is quietly extracted from the credit card.
When the Apple system started, I thought I'd give it a go, but in honesty, I can't say that it has worked for me.
In iTunes I still mainly play my own choices of music, based upon my CD and download collection and playlists, but I've seldom used the Apple suggestions. I deliberately downgraded my Spotify back to freebie when I started, as a way to remind myself to use the Apple alternative.
So why didn't it work?
For me the Apple recommendations have always been so crass that I wondered what else I needed to do. Maybe there was another part of the system that didn't just assume I wanted to listen to recent pop, MoR and dad rock? My Apple Music recommendations regularly feature One Direction, Jean Michell-Jarre(?), Justin Bieber, Wally Murs, Pure Rave. If this was last.fm, it would be screaming musical compatibility - low.
Maybe it is because I haven't used it enough and I just get generic suggestions?
I've been using iTunes for many years and Apple have slurped in around 2.5k albums and 22k tracks that I have loaded. My stretchy taste in albums have been through their Genius process and Match, yet they come up with commercial 'top of the pops' suggestions. Perhaps it's their "don't know what to do" default.
I think the last couple of albums I bought were towards the popular end of the spectrum - Wolf Alice and Tame Impala, both of which are probably at least 'indie' in their iTunes genre classification?
To illustrate, that's Ellie Rowsell and the rest of Wolf Alice in Haringey early this year.
What next?
Today, after cancelling the Apple Music subscription, I restarted Spotify Premium, logged on and hit play.
It was an instantly better experience for discovering new music. Sure, I like listening to tracks I know, but sometimes to let Spotify wander off and find 20 or more tracks in a row without any need to hit skip. Far better.
So I'll stick with Spotify as the discovery mechanism, use iTunes as a player and continue to buy via a combination of artist web-sites, an occasional browse in Rough Trade or Fopp and online Amazon CDs with Autorip.
Wednesday, 21 October 2015
fire up the flux capacitor
I don't care if they got a few things wrong, I shall still watch these movies again sometime over the next couple of days. There's so many references still used today; who ever sees a Delorean car without thinking about Back To The Future?
And what about the idea of a flux capacitor? Or a hoverboard? They guessed a few things which are now commonplace like VR goggles, wearable technology, tablet computers, even if they missed the smartphone.
1.21 Gigawatts (Jigowatts?) might be more than 10% of the UK's nuclear power capacity, but it's still the amount needed to take an 88mph car through time.
Fortunately there are still people trying, like this car I spotted in a field. I'm wondering whether Doctor Who has ever met The Deloreans? If he hasn't then there's a quick line for a script sometime.
And by the time I write this, I see America will be waking up to a special issue of USA Today...The Hill Valley edition, delivered by Compu Fax Satellite.
I'm sure there will be a box-set DVD and some special content, but I can't help thinking this is one of the few movies that it would be fun to see with advert breaks. From 1985, of course.
And don't tell anyone, but an original-market Delorean speedometer only goes up to 85 mph ;-)
Tuesday, 20 October 2015
not in the right club?
Today's inertia rip-off was trickier to fix than I'd expected.
Nowadays many big organisations use inertia selling to increase fees and jack-up prices, in a kind of anti customer relationship management approach.
Our last household insurance policy was an example. They'd progressively wind the annual price up until a consumer pain threshold was passed, when we'd bail and go to someone else. Same with the car breakdown service. Better to let the last one lapse and start a new one. Kind of anti-loyalty rewards.
Today's example was a regular payment that I queried to one of the big well-known British financial service providers. First their currently published website phone numbers had all changed. You call he numbers and a recorded message reads out the new ones.
When I eventually got through to someone (maybe after 20 minutes), they couldn't find any record of me, even when I quoted a reference number.
Of course they'd acquired various companies and rebadged them, but behind it were all the creaky old systems, each with their own unhelp desks.
I went through all the questions, listened to all the messages and eventually got to speak to a human. We talked but the human had a script to follow and was unable to help. I dictated all of my details and asked them to call me back when they had more news.
Maybe this is all carefully engineered, like making the 'cancel subscription' buttons in web systems hard to find or not putting a phone number onto telecoms provider sites?
Anyway, a day later they did call me back, showing an Italian phone number. Maybe they have done a deal with Telecom Italia for their network?
The person dialling me (apparently from Ireland) was still not able to assist.
Instead, they transferred me to another number, which ominously said it was premium. It added that I could redial another number to get a cheaper rate. I'm still not sure who was paying for that call because they had originally called me.
I decided to wait on the line, listening to badly compressed pop music and then again went through the whole who I was, date of birth blah blah thing again (6th time by now).
Amazingly they found a record of me, although they had wrongly transcribed the address into their system. It was a plot number instead of an apartment address. They'd actually got the plot number wrong too, as well as the area, which they had as Shellsea. Yes, that well-known Royal Borough next to Kensington.
This is where it all got very silly because they now would not give me any information based upon their security guidelines. If I couldn't match their incorrect address, they wouldn't identify me. I asked them if they could, instead, send me a copy of their information, so that I could work out what to do/cancel etc.
Yes, they could, but they would have to send it to the address on file. But that's no good. It's not a proper address. And so it went on.
I have resolved it now, but the whole situation was another example of anti-customer relationship. That's another relationship club I'm better away from, but perhaps that's all part of the marketing plan too?
Monday, 19 October 2015
ä¸å›½åœ¨ä½ 的手 - China in your hand
The UK visit of the president of China, Xi Jinping, will have its controversial moments although some topics have been deemed not suitable for open forum discussion.
With his wife, he'll be staying in the Belgian (aka Honeymoon) Suite in Buckingham Palace, getting a 103 gun salute and white-tie banqueting with the Queen's and many of her family as well as a variety of senior politicians.
On the heels of Osborne's China trip, the agenda is to secure trade linkages, notably so that UK becomes the global offshore finance centre for China. The construction work on the new Asian Business Port area in east London's Albert Dock has started, although it's all looking somewhat flat at the moment.
Osborne has already announced the Hinckley deal for the new Chinese-built nuclear power station, along with the UK tax-payers' £2bn subsidy to get things started. The Chinese also get to build a second power station over in Essex.
The whole nuclear power thing is awash with subsidies and weird pricing, so it is quite difficult to really fathom out what is happening. Even the fella at DECC who oversaw what was happening was previously at KPMG (the financial advisors to the deal) and returned there after the outline agreements had been struck.
China has been canny at spotting the areas for negotiation with Britain, whilst casting an eye across Germany and France. Much easier to negotiate when there's other options lingering in the background.
So we'll probably get both a lumpy red carpet and some twisty and labyrinthine agreements from this visit.
Sunday, 18 October 2015
الوطن lemons or melons?
I watched the first episode of the new series of Homeland some time last week and will probably continue, to see how much more unreliable Carrie can become. She's been started off in that great place for spies, Berlin.
Somehow she seems to be working for a dodgy corporate organisation on the wrong side of what America considers to be good.
Almost immediately we get a sleazy club's computer hackers electronically stumbling into a CIA outpost's website where, with almost no trickery, they download the crown jewels of the entire covert operations in Germany. Oops.
Carrie then co-incidentally runs into her old boss Saul (the one who who speaks in pompous meeting cliches). There's a hat tip to le Carre when Saul later deploys old-school tradecraft using a handkerchief in his top pocket as a signal. This is to Quinn, another of Carrie's ex buddies coincidentally in Berlin, who is sent to blow up a pipe bomber.
I gather that the next episode recreates a Syrian/Lebanese refugee camp, with arabic graffiti on the walls saying 'Al watan (Homeland) is a Watermelon' and similar phases. Clearly no-one on the set knew the arabic for Homeland (الوطن) so when it appears scrawled in half a dozen locations no-one was expecting it to say anything awkward.
There's a short scene in episode one where Quinn co-incidentally appears for a debrief and talks about the lack of empathy for middle east of the people he is briefing. Along the lines of 'none of you have seen active service in the middle east'. I can't tell yet with this series if it is really having a pop or just being cartoony.
I have my suspicions.
Friday, 16 October 2015
a taxing calculation
I finally got around to looking at those Facebook annual accounts for the UK.
I say UK, although I notice from their Companies House Annual Return that they are set up with an Irish Director based in Dublin, which presumably helps give some taxation efficiencies.
The rest of the Directors are all based in California, so the 362 person UK business comprising 34 admin, 195 technical and 133 sales is directed remotely, at least according to the AR01.
Ernst and Young prepared the accounts in line with UK GAAP, and say that everything is tickety-boo. Facebook turned over about £105m in the UK in 2014, compared with £49m in the previous year.
With double the turnover of the prior year, they managed to make slightly more than double the loss of the previous year, 'worsening' the loss from £11m to last year's £28m. That also shows as a lower performance, making 126% loss this year vs 122% loss the prior year.
Of course, to the untrained eye, this could all look like some sort of fiddle of the books to dodge tax. But the big accountancy firms say not. This is all legitimate and above board. It's mainly the staff costs where the potential profit went. In addition to the £40.8m salaries, there's another share based payment charge of £35.4m. This apparent worsening of ultimate performance appears to be richly rewarded.
A few quick sums to get a sense of proportion. The average salary cost of one of the 362 UK Facebook employees works out at £112k, plus their payment of £24k National Insurance. That's £137k. Now add on the 2014 bonus averaged at £97.7k and the salary drifts towards £235k averaged across all employees.
I know, it's not that simple. Some people get paid less, and others get paid more. There is probably a distribution curve for performance too (XESIL), so that some people can get double bonuses and others get none. My quick bell-curve calculation shows a total reward range from £115k (mainly admin) to £336k for the bulk of the staff.
So do the staff actually get their hands on the bonus shares money? I can't be certain, but it looks as if they can't for four years.
What everyone appears to get are paper shares (RSUs) with a minimum 4 year vesting period.
So Facebook kind of wins twice, it has written its profits away, removed the Corporation Tax charge and only has to give the RSU certificates to its staff, until the end of another four years.
Oh well, I suppose it did have to pay £4,327 of Corporation Tax (usually rated at 20%-21% of profit) on its turnover of £104m. I wonder if it still has that Cayman Islands account where it was squirrelling advertising revenues?
Thursday, 15 October 2015
the fridge bear
My favourite pictogram from the new kitchen equipment is probably this one. As well as the wide range of instruction booklets in Arabic, Russian, French, German, Spanish and all points in between, many of the instructions were also available as little diagrams.
I'm not entirely sure what this one actually means though:
- Klaxon sound indicates bear in vicinity?
- If you hear a bear, hide in fridge?
- Don't leave fridge door open, because it may attract bears?
- Possible bear hazard in fridge?
- Do not pet the fridge bear?
- Bare right at fridge?
- If fridge door left open it will growl like a bear?
...or maybe its a jelly baby?
Wednesday, 14 October 2015
something else they don't tell you about the world wide web
It's still a couple of weeks until the start of this years NaNoWriMo National Novel Writing Month although I think I'll be giving it a miss this time around.
I did idly consider some kind of Colder War theme, but I think I'd be better off fixing some of my previous writing attempts.
Strange to relate, I recently had another book published. This one wasn't under the name 'rashbre' but instead under my real name and was with a bunch of accomplices. It's been a longish project and finally made the light of day in time for a conference in Frankfurt.
It's more technical than my novel-writing attempts, and doesn't really belong in these pages, so I won't say more here. Instead, back to the Colder War.
My background thinking for a new story theme was to consider the effects of a Colder War in a socially connected world. The ways that webs work. However, with current global conditions, the real-life events are already operating faster than I can make anything up. I'd considered something about border incursions to stir unrest, and how long it could remain undetected in the era of Twitter.
The reality has already unfolded with the tragedy of the MH17 plane disaster. The Dutch investigation is reporting that the plane was shot down by a surface to air missile. That's where the social media kicks in, tracing what could have happened...or as some are saying, could have been faked.
Top of the post I've shown a representation of a BUK Surface to Air system. There's the command post, a snowdrift radar unit (the thing that looks like a solar panel), the rocket launcher (shown is the more modern M2 with its flatter radome) and a backup truck with more missiles. The missiles shown are the most recent type with short fins for extra manoeuvrability. Bottom line: It's not an easy convoy to hide.
So when social media started to lace the MH17 situation together, they assembled a set of photos and videos of a BUK convoy on flatbed trailers in Russia, heading towards the Ukrainian border just a couple of days before plane was shot down. These are supposedly from random dashcams and similar. Here's an example video:
There's another video of an assembly of BUK equipment near a filling station around Alexyevka. At least some of the convoy travels south following the Ukranian border towards Kamensk-Schactinsky, which is itself about 15 km inside the Russian side of the border.
Then there's another photo from Paris Match, around Snizhne, inside Ukraine, of what looks like a similar BUK missile launcher, this time on a civilian flatbed lorry.
Although it is under camouflage netting, the shape of it suggests it is one of the older launchers with the bulbous radome. They have the long finned missiles and a different type of equally lethal shrapnel in the warhead. The type that carves a T-shaped bow-tie pattern.
Above, it's the same flatbed and launcher captured in a video sequence also in Snizhne, about to head up a hill to forest, which on google also shows a couple of large clear areas.
Most of this data was available a day or two after the plane crash over a year ago. Even with video footage of the launcher moving through Snizhne, there's been challenges to the authenticity of every aspect.
It includes a counter suggestion about a Python missile fired from a Sukhoi Su-25 jet fighter which was then subsequently shot down by a Russian plane. There's even a fancy control room reconstruction of the airspace, from the Russians and showing the Sukhoi SU-25 alongside the three civilian planes in the 17:00-18:00 timeslot.
All of this has been playing out on Twitter, Facebook and Youtube, with some incredibly polarised factions in the discussions. Further speculation includes that Putin was flying through the same airspace about 40 minutes before MH17. Presumably the Russian leader's plane would have IFF (Identify Friend or Foe) systems to identify it, like they now fit as standard to American and Canadian commercial planes?
What I'm coming around to, is that beyond the tragedy of the situation, there is also a complex web of jitterdata, which is now generated at spectacular velocity. Social media is fully in the mix and a few well-planted stories can quickly guarantee good coverage for just about anything. So if we are to get a Colder War, we'd better get used to looking for the webs and avoiding getting caught in them.
Tuesday, 13 October 2015
gloves? mince pies? already?
A couple of signs of the changing seasons.
First was the appearance as a 'Free Gift' in a cycle magazine subscription of a pair of gloves.
They are actually quite snuggly, although it seems slightly early to be wearing them. I've another pair that I normally use for cycling which are thicker and waterproof, but these are very compact and could easily find a place in the pockets of a jacket.
The second item was the first proper sighting of mince pies, this time in Tescos. The example perched on one of the gloves includes a splash of brandy in it, so I guess that's another warming device. I noticed that their 'best before' date is sometime in November, so these are clearly pre-season examples.
No prizes for guessing what happened next to that particular pie.
I finish the cutover to Windows 10 and Office 2016 for PCs and Macs
I've mainly finished my transition to Windows 10 and Office 2016.
It has all worked well, with the only mishaps being computers that stayed 'hung' on the "updating and then we'll switch off and re-boot" screen. It's one of those screens that I'm inclined to leave a long time before eventually pressing reset.
The end result of the updates has been pretty good. Windows 10 is like a cleaned up version of Windows 7, with few of the tiling and other Windows 8/8.1 functions left available. On my ex-Windows 7 work machine it runs fast and on the iMac in a virtual machine it is extremely slick. There's still pieces of the old code lurking, such as the old 'run' dialogues, still available by pressing WINDOWS+R, from which it is possible to launch olde worlde Windows utilities like msconfig or regedit. Even the glitzy co tool panel will revert to old-style dialogues for mildly unusual requests.
The other new thing with Windows 10 has been Microsoft Edge, the replacement browser. It is generally pretty good, although it currently lacks extensions, so to use the password security feature currently requires some deftness. 1Password also highlighted Microsoft's Wifi Sense addition for Windows 10, which is the thing that defaults to let all of the contacts in the contacts list have access to my private wifi network. I need to read the small print book of FAQs on this, which I've currently disabled.
The other big part of the jigsaw has been the updates to Microsoft Office, which are now part of Office 365 or Office 2016. Those have been straightforward updates on both the Windows and the Mac platform and the resultant software runs smoothly and error free (touch wood) in both environments. Some of the oddities of the previous Windows 8-ish versions have been removed. The shouty ALL CAPITALS menus have been changed back to mixed case and there's a modicum of customisation of the appearance of the product which can suit both the Windows and the Mac world.
What I particularly like is the way that the functionality has converged across Mac and PC in these new versions. I usually work with Excel on a PC and every so often if I try to do something on a Mac its just different enough to make my head hurt. All the way from simple things like formatting that were different, through to pivot tables and beyond.
The latest version seem to have rationalised those things, which were enough to make me actually swap back from a Mac to a PC if I had some serious spreadsheeting to do.
Word had some quirks too, particularly some types of fiddly editing which would fail on a Mac, as would some kinds of simple copying like embedding an Excel spreadsheet as a picture into a Word document.
I haven't tried all the combinations yet, but it looks as if it has got a whole lot better - particularly when working across mixed platforms.
I'll still be using the PC for what I call 'Work work', where Excel, PowerPoint, Word and Outlook are usually the corporate weapons of choice, and where I know I need to be able to swap documents reliably with other people.
Add for the occasional Project plan or Visio diagram, the extended Microsoft office suite becomes essential.
So it is pleasing that they seem to be getting the latest versions right, after a few aberrations in the last series.
Monday, 12 October 2015
keep on vanning
Keeping something of a road theme, we've been visited by all manner of trades' vehicles over the last few weeks, courtesy of the kitchen re-fit. One thing I've noticed is the increasing range of van colours in use. The old speculation about vans being white doesn't seem to apply around here.
I'd almost go so far as to say blue has taken over, except that one of the guys told me with only half a smile that it's plumbers who choose blue. The fella with the steel girder had a silver pick-up truck. The electricians came along in two blue vans. We had a guest appearance of a red van. So I'm not buying it that there's specific colours by trade.
It also got me thinking of the London services which have raised white van person to a gentlemen/lady thing. The most frequent I see are White Van Gentlemen, who also do occasional leaflet drops around the low SWs.
Next is the slightly less cleverly named Gentleman and a Van, which is usually in a royal blue livery, complete with a top-hat toting parcel carrier logo on the outside.
And the more recent Ladies and a Van, which is a sort of -er- magenta colour.
Although I think the Aussie Man and Van was probably the original of this type.
Nowadays the Aussie company seem to have huge articulated lorries as well as Ford Transits. Fair dinkum.
Subscribe to:
Posts (Atom)