Talk Turd

Note: This entry has been restored from old archives.

I get my ‘net and phone from a company here in the UK called “Talk Talk” (which is a subsidiary of another company called Carphone Warehouse.) On moving to a new house the usual thing to do is call your provider and get them to sort out a transfer, so this I did. All the way back in April, on the 30th I think.

I was pleased that the phone line went live in the expected time. Right at the end of the window, but still OK.

Two weeks later I still have no ADSL though. The window was 2 weeks. So I call Talk Talk, get redirected to the same incorrect menu-navigation twice, and finally speak to someone from the correct team. After interminable breaks “on hold” I’m told the broadband will go live on the 22nd of June. The 22nd of June?!! The bloody what?

That’s almost a full two months between putting in the moving-home “order” and having the process completed. Yet, it only took two weeks to get the phone line connection. That’s 2 months without a proper Internet connection!

So, I’ve got to live another month with flaky 15-min-on 15-min-off 3G Internet. At least the 3G connection was enabled within an hour of me signing up at the shop! Maybe it is time I found a power point in the local pub (who have reliable wifi that I can use for free.)

I enjoyed my lunchtime today, how about you?

Powerless in Hitchin

Note: This entry has been restored from old archives.

We’re still too busy to spend much time on writing and photographing. Well, we’ve taken plenty of photos but the process of getting them from the camera to the web is too time consuming. Just now the power went out (for about three hours in the end), someone dug a hole– bzzt, no power.

I like birds

We’ve been feeding the birds. We put a bird feeder up in the elder tree and have been entertained by Great Tits, Blue Tits, House Sparrows, Greenfinches, Blackbirds (they eat snails, yes!), a Collared dove, and a couple of Wood Pigeons. I think the tits, sparrows, and finches are the same breeding pairs returning regularly. The whistles and chirps of these various birds is a constant background all day, rather pleasant really.

One thing we have learnt is that the fancy-pants birdseed mixes are no good for hanging feeders. The Great Tits just sit at the spout and throw everything out (onto the ground below) until they find the bits they want. I spoke to the lady in the Fruit & Veg shop, that also sells bird feeders and feed, about this (they also, unbelievably, sell stamps and coins – as in the collecting variety.) She confirmed my suspicions, basically the fancy-pants mixes are for fools! This is a common occurrence, the mixes can be OK for feeding trays though. The best thing is to have one feeder for peanuts (what the Great Tits go for) and another for seeds. So now we have two feeders in the elder tree.

Harry Tuttle, a man consumed by paperwork

I’ve been working through the condition report. Back in Australia rental condition reports tend to be a single A4 sheet of standard design, containing tick-boxes and a few brief notes. Here in the UK there’s a whole industry for the things, check-in and check-out reports are prepared and conducted by specialist “Independent Inventory Clerk” companies. For our new place we have a 31 page document, it reads like a maintenance nightmare. That’s good for us though, it’d take a lot of neglect to make the place worse by checkout. All in all I expect it’ll be in significantly better condition when we leave.

Anyway, in addition to the 31 page document I’ve typed up my own 4 page document. This is mainly 2.5 pages of additional details where issues were not covered in the inventory. Such as the Cooker Hood missing its filters and having a disconnected extractor hose. Also, several internal doors don’t latch, which is annoying at times but OK. The largest concern is security, the ground-floor windows have no locking mechanism and are difficult to close.

I’ve already been busy putting up curtain rails and curtains as well as mucking around in the back yard. We’re getting there. Got a lot of stuff to do still though. After all this I hope we end up staying here for a good two years. Never know what’s going to happen though. Stability? A thing of the past.

The whole condition report thing is whiffy to me, it all stinks of collusion. Another black mark against “agents,” may their lying brains rot and run out their ears. Agents have nice relationships with these inventory companies, and the check-out cleaning companies, who are in with the inventory companies. Back in Ricky they all knew each other very well. The agents recommended a particular cleaner, and make it pretty clear that this is the cleaner to us. The cleaner has an arrangement with the agent such that if there are any issues with cleanliness the cleaner comes back to fix these up at no extra cost. The whole system is highly tuned to extract my money as efficiently as possible. We got the whole bond back, but in reality that’s minus £150 for 30 minutes of the Inventory Clerk’s time and minus £210 for the cleaning… £350! (The cleaning was done very well though, and the price included full and thorough cleaning of the oven. The price may seem high, but there were three people doing the job and it took them the better part of a day.)

Neighbours, everybody needs good neighbours”

I’ve met one of our neighbours, she was sweeping her front path when I popped out wondering why my electrons had stopped flowing. Her and her husband have been living in their house for 49 years! It was £3500 when they bought it, how’s that for inflation? It isn’t just inflation though, back then most people could afford a house, so long as one of them had some sort of full time employment. Pretty much any sort of employment would be sufficient to afford a place. Times have changed, eh? These days, for the same place in the same location, a couple would have to both have full time work and both have pretty good jobs to boot.

She moved here with her husband from the West Indies. Living in a single-room bedsit to start with, just up the road in Letchworth. They’ve been in the area ever since.

She says she’s never heard of any burglaries on the street, which is reassuring. Apparently many residents are retirees who’re home most of the day, and everyone keeps their eyes on things. She does seem to have a “kids these days” sort of expectation that it’s going to happen eventually though. “It used to be quieter in these parts.”

I’m a lumberjack, and I’m OK, I work all night and I sleep all day

Well, sometimes I wish. It’d be a simpler arrangement. I’ve mentioned the landscape gardening thing before, right? 🙂

Work, my sort at least, is very difficult without a decent ‘net connection. It’s becoming frustrating. A large part of the difficulty is that we, long ago, chose Perforce as an SCM. Perforce is nice, I like it, I’ve become a fan even. That said, there’s many SCMs out there these days and I’ve only tried a small handful of them. By default I still stick to “plain old” SVN.

The problem with Perforce is that it really doesn’t like being offline. It isn’t an SCM for the disconnected café hacker, or otherwise ‘net challenged individual. By default all your files are checked out read-only, to edit one you need to tell the Perforce server – it is the server that tracks these things you see. You can just chmod+w or otherwise force writes, but then you get confused since it’s just your own head trying to track things at that point (I do, I’ve tried.) You can also check out the entire codebase as “open for edit,” however this has its own issues when it comes to committing changes and creating changelist spam. I think I’ll be more sane if I switch to this approach now regardless.

Proper ‘net should be along soon, we do have a phone line now at least. As is usual, for the UK, we’ve been given a phone line that was recently active elsewhere. (With our previous number I answered more calls for “Trout Rise Farm” than I did for us.) Our first call to the new number was a barely intelligible telemarketer, joy, so I immediately added the number to the “do not call” list. Subsequently we’ve received several calls for people I’ve never heard of. So now I don’t answer the phone, in fact I’ve unplugged it. We’re not going to give the number out. In the cases, which crop up now and then, where some braindead company considers a landline number mandatory I guess we’ll give it to them – with the caveat that we will never answer calls to the number.

Baby baby baby, you are my voodoo child“–

Man do I hate gym music. Must dig up the JoS and get some more acceptable, and less repetitious, beats happening.

So, the Letchworth Cannons isn’t really up to scratch in the free-weights department. No squat rack, that’s the main negative – but I was hardly expecting to find one. They have the ubiquitous Smith Machine, which is OK for squats so long as you’re careful. At least, this is my belief based on all the reading I’ve done on the subject. The problem with the Smith Machine is that it causes you to rely on it for stability, thus you do your stability muscles no good. Worse still, using the bar as a stability point can easily cause you to place shearing force on your spinal column – a big no-no. When some gym waif squats a few kg for a handful of reps they’re probably not going to do themselves much damage. But when you want to squat heavy the shear force is going to be higher, thus you must be very very careful with your form (even more so than usual it seems.) Again, I’m no expert but I’ve read a lot of material on this, complete with anatomical force diagrams – they have me convinced.

Some of the more extreme sites I browse are vehemently anti-Smith-Machine, considering a squat machine a far better alternative (since they generally force you to keep better form.) Generally gym equipment is a pretty divisive subject, the flame-wars are much the same as they are in tech-communities. I tend to listen to the side of the argument that comes from the heavy lifters, this group, I think, is in the best position to know what’s safe and sensible. (You don’t get to squatting more than 150kg using unsafe techniques!)

From the PoV of a gym, which is more relevant in this instance, a proper squat rack probably is a safety liability. A clueless person lifting light weights on a Smith Machine is less likely to damage themselves than they are trying to squat light weights with a free bar. Gyms like Cannons are mostly full of clueless people! This flips for the semi-informed and heavier lifters, who’re more likely to damage themselves on the Smith Machine as a result of regular lifting with more subtle flaws to their form. Gyms like Cannons generally don’t have to worry about these sorts of users because they don’t go to gyms like Cannons. Why do I go to Cannons? Because I’m a cheapskate (it’s free with my health insurance if I go often enough) and, when it comes down to it, don’t take it too seriously anyway. That is, I take safety completely seriously – that’s why I read so much about it. What I don’t take seriously is my squatting; no squat rack? OK, no heavy free-bar squats then. I can do heavy dumbbell squats and high-volume bar squats with lighter weights.

Anyway, Cannons makes up for the absence of a squat rack somewhat by having two good cable machines with all the typical attachments and a variety of chin-up and dip handles. They also have the usual huge rack of dumbbells, so no switching plates all the time (the number 1 annoyance with working out at home.)

Consuming Passions

Coffee

Little luck with coffee in town so far. Nero is the best I’ve found, sadly enough, but is very unstable. The posh deli has some promise though. They list several coffees as fresh roasted and the girl I spoke to claims they’ll do any of them as espresso or filter. This last bit is a little disturbing, seeing only one grinder I assume they mean that they keep the other coffees pre-ground. Ick. Anyway, what it does mean is that their house-blend is probably not too old, a good sign. It tastes OK but there’s a big problem in their default espresso – far far far far too long. One of the worst cases I’ve come across, it’s basically a “Darren Black” (as we call it back in Sydney because Darren likes ’em, a whole cup of coffee put through the grounds.)

Meat

We’ve had much better luck with our carnivorous urges. The butcher on the town square, Allingham Bros., is a purveyor of fine quality flesh. It’s a traditional little butcher shop-front, and at the end of they day the meat in the display window is replaced with a little display of historical artefacts. There’s little information about them online, the most interesting fact I can find is that they were trading during WW2. “Ration books came in and Mum would regale us about how she managed to fare in Allingham’s the butcher’s queue – offal and rabbits were not rationed and on such a buy Mum would act as though she had won the pools.

The butcher has direct game sources, it sounds like they have a good relationship with several keepers. They also have a direct rabbit source, and sell only snared and ferreted rabbit. They keep a large stock in the freezer for the off-season too, including pheasants, wild boar, and venison (wild.)

Their more “normal” meats have fuelled my last week of BBQing. I’ve BBQed lamb, beef, pork, and chicken. BBQ! BBQ! Yay! Now I’ve done the “normal” meats it’s time to move on to the wildlife, that wood pigeon that visits our little yard better be aware!

My has meat been getting expensive though, especially beef and lamb.

Vegetables

There’s a lot of choice for vegetables on market day, with at least three stalls available. In general I think we’ll do our veg shopping at the little “stamps and coins” place. I like the feel of it, and they sell bird feeders too, as well as stamps and coins. I got some very fresh asparagus there yesterday, excellent stuff.

That’s a lot of words. Bye.

Debian SSH, what are the chances?

Note: This entry has been restored from old archives.

First, these are more informed and to the point:

Some people think that having a 1-in-131k chance of getting the right key for a susceptible account isn’t enough of a risk to cause much concern. I can’t agree, I think any reasonable risk is a concern and that this is certainly a reasonable risk. Given that the default is 2048 bit RSA keys and it is reportedly likely that the generating PID is low the risk is probably higher anyway, less than 1-in-32k.

There’s an easy solution for SSH authorized_keys: check the keys against the blacklists! The metasploit page has blacklists for the usual key sizes available as well as a few less common key sizes.

What’s the risk though? The main known factor is that there are a small number of possible keys. If we know our target is x86 (highly likely) and only go for RSA 1024, 2048, and 4096 keys plus DSA keys that’s only about 131k keys (as large as that number seems, I assure you that it really is rather small in this context.) For an attacker to successfully compromise your system he’ll have to “get lucky” with a key and username combination. There are a couple of general classifications for the attack scenarios I guess:

  1. Global brute-force. (Low chance of successful attack on a specific system?)
  2. Targeted attack with inside knowledge. (High chance of successful attack on a specific system?)

The first scenario is best executed with a botnet. If I was an evil botnet herder I’d probably consider devoting some of my resources to this. I’d probably select only 2048 and 4096 bit keys to attack, as in my experience these are the most recommended key sizes (in fact, it is probably a good bet to try for just 2048 bit RSA keys only, as this is the default for ssh-keygen and I expect most people stick to the defaults. I’m not sure about the data-point regarding PIDs on the metasploit site, but I can imagine it to be true. (I imagine many user keys are generated as an almost first-step after installing and booting a new system, thus a low PID.) Believing the data-point I’d assume that limiting the PID seed to 10k probably increases the likely rate of successful compromises.

The other variable from the point of view of a single system is user-names. I think trying for ‘root’ is a given, and may even consider that to be the only user-name worth trying. Not going for the lowest hanging fruit, going for the ripe and juicy windfall apples. (I know admins who prefer to give ‘root’ access via ssh keys, because then you can revoke an individual’s root access without having to change the password and update everyone. There’s sudo for that these days though, stop using ssh keys.)

So, block remote root logins – as you should – and you’d probably be safe from me. But there’s also common user-names, attackers have lists of these. (I get a large number of SSH login attempts daily for user/pass combinations like bob/bob, tom/tom, … etc.) These user-names are probably a definite risk. Like I said, I see a regular flow of brute-force attempts to SSH in brute-forcing on usernames and passwords, given that this activity is common on the ‘net I reckon it is a given that it’s already happening for the bad SSH keys.

How about the likelihood of your server actually being attacked? From the point of view of the attacker this is a third variable, server address. It is a big Internet. Assuming bot-nets are randomly testing all valid ‘net IPs individual machines are probably, statistically, fairly safe. Though if I were configuring a botnet I’d pare the IP range down to blocks owned by specific co-location providers. Places like EV1 where large numbers of machines with lots of bandwidth are administrated by large numbers of totally clueless gits. If you’re on such a network your risk is likely to be higher (and who doesn’t have a server that’s in a “bad neighbourhood” purely because such neighbourhoods are cheap?)

Overall, I’d rate the chances of becoming the victim of a global-brute-force as fairly low. Still, the bad guys are going to successfully compromise some machines, it could be your unlucky day! This bug still increases your overall chances of compromise and you decrease them by fixing it. At the very least ensure that remote root isn’t permitted (and fix the situation if it is) then check all user-keys without locking down SSH.

The second scenario could leave you much more vulnerable.

If your company is likely to be targeted then it is likely that the attackers can get hold of all kinds of information. If they know the names of your employees (easy to find out) they can probably work out a list of likely user-names. If any one of your uses logs in with key-based auth and has a susceptible key you’re probably screwed (especially if they chose a 2048 or 4096 bit RSA key, like most people probably do?)

If an employee has lost a laptop with a susceptible SSH key you have a new worry (amongst the many your probably have anyway): it no longer matters how good their passphrase is. The new owner of the laptop’s data now knows the employee’s login (well, it is likely, .bash_history for example) and the size and type of their key.

What if some employee logs in from a shared machine where somebody else has root? OK, this is already a risk. You should simply never do this and employee’s who use SSH should know better! Anyway, previously the untrusted root would have to set something up to snaffle the key when the user types in their passphrase – now they can narrow it down to one of 32k keys without intervention.

What if your employee logs into another server run by someone else using an SSH key that they also use on your server? The owners of the other system now have that employee’s private key, all they have to guess is the login. Vice versa, you now have the private key for systems that the employee may log into with that same key. It probably only takes a little bit of digging to find out what companies/institutions many of the users of your system uses. The user could be security concious and may not trust you, but it’s OK the only data they’ve given you is their SSH public key, right? But now you have their private key! It is likely that they use the same key for other systems, have a guess at their username and try logging into the IPs they’ve logged in from.

There’s more…

Anyway, this is all speculation. I’m just tossing around some of the obvious risk scenarios in my head, I don’t have the data to put any numbers on them so I can’t prove anything at all. The main point is that I think there are enough risk cases that taking this potential hole in your system lightly is probably a bad mistake. You should have fixed it already.

In the end I think this is a case where it is better to be paraniod.

And I’m only talking about SSH user keys here – server certificates are a whole other nightmare. Given that you publish your SSL public key as part of the transaction I assume it would be trivial for someone to generate your private key from this data – Mavis is going to be one very happy girl. IIRC signed keys are typically only 1024 or 2048 bit (last time I worked with CA-signed server keys, years ago, our CA would only sign 1024 bit SSL keys.)

Debian SSH joy

Note: This entry has been restored from old archives.

Everyone is writing about the Debian & derivatives SSH issue.

[Update: For the sake of accuracy I did an s/32k/196k/ in a couple of places.]

I don’t think it can be written about enough, the more exposure the better. When I first saw the headlines I thought, “oh, probably just anther ones of those things where a heat-death-of-the-universe problem has become a 1-million-years problem” – ho ho! How wrong was I? It really is very serious. If you generated an SSH key on a Debian/etc machine while the bug was in place your private key is one of only 32k possible keys (for each key type for each key size, i.e. 32k possible 2048 bit RSA keys, etc. So for 1024, 2048, and 4096 bit DSA & RSA keys that’s 196608 possible keys [Update: oops, DSA keys can only be 1024 bits!]) This means that if someone knows a machine you log into and your username it’ll take them no more than 196k attempts to log in to the system as you (and probably less, since the Metasploit page linked to above claims most keys are generated by proceses with low PIds.) That’s a tiny number of attempts in the brute-forcing world.

Some of us have brute-force blocks on our gateways and servers, this is great up to a point. For example a typical set-up is to start blocking all traffic from an IP if it hits port 22 more than 10 ten times in 30 seconds. I do the this on my server.

This is only good so-far though. First, if yo aren’t in a hurry configure your brute-force script to try every 10 seconds. I doubt most firewall setups go as far as to notice that sort of thing.

Second, this is a bonanza for botnet owners! If yo have a modestly sized botnet (say, 32k nodes) yo just give each bot a set of keys, a list of common logins, and the Internet. Actually, you’ll probably do pretty well just testing the entire internet with ‘root@’. (AFAIC you should never permit remote root login anyway – but I suspect many servers do and they make it “secure” by permitting only key-based ath, heh heh.)

What I wold be doing right this moment if I was an admin:

  1. Block SSH at the gateway! (Ouch!) And all other SSL protected servers.
  2. Check your server keys, replace if needed. This could take a long time where re-signing for public keys is required.
  3. Move all users .ssh directories to something like .ssh_suspect
  4. Inform users, probably by phone. (They’ll probably call you when they loose SSH.)
  5. Start scanning all .ssh_suspect directories for blacklisted keys, remove them, inform the users, reinstate SSH with good keys restored.
  6. Continue mopping up the mess– probably mostly a case of chasing up server certificate re-signing and informing/handling users.

I’m not an admin and not an SSH expert, so that scheme is vague and probably needs further tightening. It surely must be better than doing nothing though. You probably need to audit all your logs too, especially auth and firewall. Essentially the security of all your systems is suspect until you are certain that all logins prior to the lock-down were kosher (probably requiring a lot of back-n-forthing with users.)

I haven’t even sat down and contemplated the full extent of this yet.

The fact that we could even have got into the situation is insane. Peer review?
How cold someone clueless enough to cluelessly mess with the PRNG in security
code even be permitted to make such a change?! It beggars belief.

Of course, anyone even vaguely interested in security has probably already reached the cynical point of believing that there isn’t any security. Awareness is key.

Novatel Ovation MC930D and Linux (Ubuntu)

Note: This entry has been restored from old archives.

[Quick answer: try eject /dev/sr1 (that’s probably what it’ll be if you have a CDROM, for me it was /dev/sr0, to confirm insert the dongle and check the last few lines of dmesg) as step zero for the Novatel Linux instructions.]

Gah, I got sick of having to use WinXP to get my mobile broadband. Last week I signed up with O2 and got a Novatel Ovation MC930D as part of my contract. Initially I had fairly low expectations for this being easy to get working in Linux. Then I found a page on the Novatel site explaining how to set up the device in linux. w00t! Oh, ah, not so fast…

I got to step 15 and didn’t get anything back from the modem query. To get this far I had chosen the USB product id of 0x5010, since that is what I saw when I plugged in the dongle. The page actually says I should use 0x4400 for my device, but I figured it was some sort of mistake since all I saw was 0x5010! There was more to it than that as well, I also had to remove the usbstorage driver first because it picked up the dongle as a storage device and created /dev/sr0 for it. No great surprise, it does have 64MB of flash available.

In the end further web searching found that the dongle is a “switch mode” USB device. I.e. if you poke it in the right ways it turns into different devices, changing its skin like a chameleon. This is a pretty slick set up for Windows installs, it simply looks like a memory stick. The trick is that it has an autorun.inf and when inserted takes you through the Novatel/O2 driver/software installation. Once the driver is installed the device is switched, and is automatically switched by the driver on future insertions.

There’s a tool for switching various USB devices, including my Novatel MC930D. It involves compiling and crap though, I do enough compiling as it is, ick.

Lucky me! There’s a note that mentions that the Novatel actually switches on a storage/SCSI ‘eject’ command. How about we try eject /dev/sr0? Gotya!

So, in the end I can recommend the official Novaltel Linux instructions linked to above. However, first insert this new “step 0”.

0. Execute: sudo eject /dev/sr0

When you do this the 1410:5010 USB device will vanish and in its place a 1410:4400 device will appear. From this point onwards the official Novatel instructions can be followed.

Note that I’m using an Ubuntu ‘gutsy’ system here, so YMMV.

If you’re wondering about other “fill in the blanks” for the Novatel setup page then here’s an answer-sheet for using the Novatel MC930D (maybe other devices too) with O2 (UK mobile provider):

  • Phone Number: *99***1#
  • Initialization String 2: AT+CGDCONT=1,"IP","mobile.o2.co.uk"
  • Username: o2web
  • Password: password

What’s really insane is that the connection seems to be far more stable under Linux. On Windows it gives about 15 minutes of connectivity punctuated with 5 minutes of “not reachable.” I just got more than 3 hours out of the last Linux connection.

Underground, overground, dongling free,
The dongles of Dingledon Common are we

Now I can dongle in the middle of Wimbledon Common at 7.6Mbps with my “free” OS. Wombling free al’right.

Settling in, some notes

Note: This entry has been restored from old archives.

Not much time to type up my thoughts lately, so here’s some scattershot points to fill in the time. On family:

  • Mum: we’re settling in fine and enjoying the place, I’ll call as soon as I have a working landline again. That’s up to 3 weeks away 🙁
  • (And don’t forget to sort out your passport.)
  • Yaël: Would love to come to The Windsor, bit far away though 😉
  • Kat’s family, if they read this: Kat will call as per the timeline above – BT/etc here are worse than Telstra!

On the new place:

  • We met the landlady, very pleasant Indian woman. Her and her husband have owned the place for about 20 years by the sound of it! She’s a teacher in London, her Husband is a Software Engineer in Sydney/Canberra (got sick of the English climate, picked up sticks and left.)
  • Landlady is happy for us to fit curtains/etc and will pay for any permanent fittings we put in. We picked up some decent stuff from B&Q this weekend, starting to look better already. And now I own a drill again! I am complete! Heh. What’s a dude without a power tool, eh?
  • Musty smells and tired airs seem mostly flushed after a week of open windows and heating, much nicer.
  • Made decent progress in the little garden, weeded the entire larger bed (it’s only about 5m by 2m.)
  • As soon as some weeding was done the bloody cats next door started shitting on the garden. Boy do I hate cats. It turns out that it is probably illegal for me to set rabbit traps for them, or otherwise end their miserable lives. So I have created a fence and draped netting over it, I’m not happy about this. Have plans to rig up a sprinkler with a solenoid tied into a motion detector – that should keep cats out without annoying fences/netting. No time right now though, plus it turns out that the place has no outdoor tap!
  • Took the bike out for a spin today, it’s been far too long – living on the 2nd floor and not commuting meant my bike became a dust collector. It takes me 15 minutes to ride to the Cannons gym in the neighbouring town, Letchworth, I should be able to get that to 10 mins pretty quickly.
  • Cannons is the closest “free” gym, I inspected the place and the free-weights are kind of minimal but they told me they had more stuff coming in. At least they do seem to have have squat-rack that isn’t quite a smith-machine. I’ve booked an appointment on Wednesday to go over the equipment I’m less familiar with. Gym membership should give me the incentive to get back with my program, if I get in there for 3 days a week it is free under my current health insurance.
  • Booked my bike in for servicing next Friday, the local bike shop seems to be very busy – Friday 23rd was the soonest they could do!
  • Finally put the BBQ together and had a couple of BBQed meals this weekend! I bought the thing for 30 quid at the end of our first summer here (half price, then with a friend’s employee-30%-discount on top of that, very good deal) but it sat in its box because we weren’t allowed to use it on our balcony. It takes an Australian to lug a 15kg gas bottle for 1.2km in order to have a BBQ.
  • The markets are great, three market days with a lot to choose from. Good local butchers and fruit and veg, both in the market and shops.
  • We visited the little Hitchin history museum on Saturday, the townsite has been inhabited for a very long time. We also met the local history officer, they were having a publication party for a little “Brief history of Hitchin” booklet he’d written – his partner took the photos for the booklet.
  • On Sunday we caught the train into Stevenage (one stop away) and went to the huge B&Q hardware store (aforementioned curtains, drill, and other tools and bits.) That’s a fairly doable trip, about a 15 minute walk at the B&Q end and we’re obviously limited in how much we can lug but we can lug quite a lot! I decided I’d order some of the larger items I want online, only to find out that most of them aren’t available online! Meh! Stupid B&Q, also stupid Homebase it turns out. I assume they have some logistical reason for not offering a lot of their produces for sale via their website.
  • I will try to make time to post some photos during the week, but probably won’t have any more time to write about things. Work, and further unpacking, will be keeping us busy.

On tech/work:

  • Straight back into work last Tuesday, with added fun of having to deal with a bug report while all my equipment was packed up and I had no reliable ‘net connection. Yay.
  • Lots of time spent sitting in the Hitchin Caffé Nero using a very flaky BTOpenZone connection, it sent me insane!
  • Gave in and got a 20-quid-per-month mobile-broadband account from O2. For an 18 month contract I get 3GB per month using an included USB dongle (that does everything from GPRS to HPUDA, crazy.) Also get totally free unlimited use of “The Cloud” hotspots, and can reach one of them from the Starsucks in town.
  • The 3G mobile broadband is excellent, and 20 quid per month for 3GB isn’t too bad – for cellphone networks ‘net that is, still very expensive compared to DSL. The connection is more reliable than the bloody OpenZone connection I had in the café. I get 3G almost everywhere here, though to get it at home I have to dangle the dongle out the window on a pair of 2m USB extensions, works fine.
  • The dongle apparently works fine under Ubuntu with just a little fiddling. For the sake of ease though I’m running it on my laptop under windows and using the lappy as a gateway with my Ubuntu desktop connected via it. This configuration works out fine.
  • The configuration has also prompted me to try our synergy – it is an excellent utility. I now use the mouse and keyboard attached to my laptop to seamlessly work with both the Linux and Windows machines. (Configuring the Windows version as a server is somewhat less simple than using quicksynergy on Linux though, the interface it a little obscure.)
  • Kat has “earlies” this week, which means waking up at 05:00. It’s actually a nice time of day to wake up. I walked Kat to her 05:58 train, then wandered home and hunted down all my bike bits before getting the bike in working order and cycling up to Canons. Signed up at the gym, back in town for coffee at 08:00, back home at 08:30 – so much done, think I might try to make it a habit! (Normally we wake up at 06:00 anyway, and this isn’t any different from back in Ricky, so it isn’t much of a leap to go to 05:00.)

There’s more, but that’s all I have time for right now.

Hello from Hitchin

Note: This entry has been restored from old archives.

I find myself in the Hitchin presence of the dubiously Italianesque coffee chain Caffé Nero. Maybe there’s better coffee in town, we don’t yet know, but Nero has BT wifi access and is open on Sunday.

So… we have access to our new place in Hitchin and are well along the path to moving in. Half our stuff is still in storage, we’ll grab all of that on Monday (tomorrow.) I failed to restrain myself and have already cleared 75% of the larger garden bed of weeds. We took a trip up to a large garden centre half way between Hitchin and Letchworth, worth doing while we have the convenience of the van. I obtained bags of manure, compost, and seed raising mix. As well as seeds, seedlings, pots of herbs, and various tools. It’s been so long since I’ve wielded a fork in anger, anger against the tyranny of weeds. Anyway, more on that another time.

Driving the van has been fun, it’s a box with wheels and an engine. Reverse parking is a nightmare! Thanks to Kat stepping out and guiding me it is possible, otherwise I’m sure I’d be running over the small cars I’m trying to park between. Still, I do actually enjoy driving the thing, you get a lot more respect on the road than you do in a bloody Ford Focus, for example. It reminds me of the days when I owned an old Ford F-100 ambulance, good times. Despite the ever rising cost of fuel I’m ever tempted to get a car, maybe, maybe.

We popped into Ricky yesterday, had a final lunch at Cinnamon Square, picked up a 2nd hand couch from 9 Lives, then gave the Ricky keys back to the letting agents. Over. The cleaners, who were painfully expensive, did a damn good job – worth it in the end I’m beginning to think.

On the cleanliness side the new place left a lot to be desired. We went over it with the friendly Inventory Clark as arranged by the Letting Agents. She was generally scathing of the owner’s efforts to clean the place and the overall condition of the house. Downside: we have to do some cleaning, especially the kitchen. Upside: we certainly don’t have to worry about cleaning when we move out! (Though we’ll probably maintain it in a better state than we took it in.) There are several rough edges, the wallpaper is peeling here and there, and has been very badly painted over in some areas, in fact it has been rather unprofessionally applied in several places. With fittings clearly just punched through the paper. The bathroom has a shower, it has a power shower! This is a device that runs on mains power and pumps the water to achieve a powerful showering experience. The fittings in the bathroom are new, but not well installed. The Inventory Clark said of the flooring: “they told me the vinyl was newly fitted, but whoever did it must have needed a guide dog.”

OK, I’ll stop with the whinging now. We do like the place, well I do, Kat says she does … I’ll just have to believe her. It is large, insanely large for two people. Getting from our chosen bedroom to the kitchen is an epic quest.

Overall it fulfils three major requirements, the very things that led to our decision to leave the Ricky place:

  • Quiet (at least, so it seems thus far – even Saturday night was good.)
  • Spacious Kitchen (like huge, maybe four times the size of the cubby-hole kitchen in Ricky.)
  • Outdoor Space (not a lot of garden bed, but enough considering my generally busy schedule, and loads of space for a BBQ.)

There are additional obvious pluses too:

  • Seemingly a great pub around the corner, The Nightingale has 5 real ales on tap!
  • Lower rent, a 3br house for less than a 2br apartment!
  • Allotments around the back, possible future gardening expansion?
  • Larger town, more shops, open on Sunday (but it’s further away.)

Anyway, must get on with the day.