Putty Is Malicious

Note: This entry has been restored from old archives.

Malicious adj.

Having the nature of or resulting from malice; deliberately harmful; spiteful: malicious gossip.

The American Heritage© Dictionary of the English Language, Fourth Edition

Hrm, no OED handy at the moment, the yankee one will have to be good enough. Malicious is a synonym for malignant – a word somewhat related to my domain name[1].

I tried to download my favourite Windows
SSH client today
from it’s usual URL and was stopped in my HTTP tracks by an ever vigilant watcher! A watcher well taught in the lore of URL-filter; learnt from a source that shall remain unnamed[2].

I thought to myself: What kind of idiocy is this?! In what way is this humble SSH client, this paragon of security, malicious. To who does it mean harm, where hides the spite? [3]

I shook my head and raised my finger to the watcher on the wire. Then laughed, for it has little power over me, I obtained my hit of delicious TCP/IP encipherment from another
source
.

On a more serious note. Blocking putty is utterly retarded, not only is putty in no way “malicious” but the act of blocking it in this way forces one to seek out another location to download it from. For a popular tool such as Putty you’re likely to find an official mirror first-go; but what if you don’t? And what if you’re not in the habit of checking signatures (most people I assume)? Does this increase the chance that you’ll download a version of a tool from an unofficial source that has some special extra – a feature that really is malicious? There seem to be quite a few sites devoted to issues related to URL-filters and other “censorware”.

[1] Sometimes I do wonder if it is time to throw out Malignity.net as a leftover of a past age. If that ever happens I’ll likely switch to yvan.seth.id.au, which currently redirects to malignity.net anyway.

[2] But be assured, it is not a wise and venerable, thousand year old monk who lives on top of a mountain; nor a timeless and grey bearded wizard who wanders the earth doing good.

[3] Is it possible that the tool is malicious because it is a security tool? Since the very act of encrypting traffic could be illegal
in some places
? It should at least be a different categorisation.

Google Hates Me

Note: This entry has been restored from old archives.

Well, at the very least Google has decided that I am not dissimilar to a small and rather stupid perl script:

Google hates me

What makes it really annoying is there there seems to be some sort of unhateme option where you type in the random characters from an obscured image but the image of the characters times out! I can’t be unhated, whaaa! It only happens for my personalised Google home, the normal Google search works fine.

No contact info provided, just a sad little note apologising to me if I happen to care (i.e. if I really am not a script) and hoping to see me again.

It works okay if I bounce through a proxy in another location. Maybe the site I’m at has a Google bashing infestation and has been blacklisted… now that would be amusing.

Web Album

Note: This entry has been restored from old archives.

I’m giving serious thought to moving over to an online service to keep photos. For several reasons I don’t like the idea though. They’re my photos, I’m a bit iffy about trusting them to some corporation to store and display. Control of the look-and-feel of the sites that provide this service is limited. The look-and-feel of the existing sites is just plain awful.

What might change my mind is Picasa Web Albums. I foolishly trust Google with a lot of my data so why not some photos? And while it is unlikely that the look-and-feel will be highly customisable there is a good chance that the default will not suck.

My main problem with my existing photo publishing approach is that the barrier between taking photos and getting them to the web is too great (thus I never get around to uploading). I suck them off the camera, use one piece of software to browse-rotate-cull them and then another for touch-ups, then I upload them to Gallery and go through adding the captions (slow via web interface). Google has have Picasa for Linux (in Labs) and I assume that interaction between Picasa and Picasa Web Albums will be seamless, in typical Google style. When it all works I’ll give it a spin, and maybe my next album upload will be to Google.

The drawbacks are: It isn’t ready yet (beta for invited Picasa users), the Linux Picasa doesn’t support it yet (no idea when), there is only 250 MB of storage space (or am I willing to pay US$25 per year for 6GB of storage, depends on how good it is).

I wonder when we’ll have the Google range of home appliances? With a nifty web interface that lets you add ‘make coffee’ events to your calendar and have your Google Coffee machine obediently spit out a brew, and Google being perfectionists I just bet it’ll know what a Double Ristretto is. Like the white stuff in the coffee? Don’t worry, Google Coffee will interface with Google Fridge to ensure that it is kept in stock from your favourite online supermarket.

I await Google Baby, being able to upload your child to a Google server might make the concept of breeding more palatable. I’m sure a lot of parents wouldn’t mind their brats being reduced to little more than a feed on their Google home page.

Working Hours

Note: This entry has been restored from old archives.

For my previous 6 month stint in the UK it was about 15 minutes from door to desk, now it is about 35 to 45 minutes, longer if there is a traffic issue of course. It’s an extra hour of my day and non-working hours are precious things. I think that now with an aim to “settle” in the UK and with Kathlene here I’ll try to bring my working day closer to its supposed 9-to-5 nature. Hur Hur, sure thing. Might make that 8-4 actually, since then I can skip the damn traffic. Leaving at 16:00 would be difficult, it’d feel wrong. At the moment I’m doing about 8-to-6 or 8-to-7 – though I try to make up for that by taking a good one hour break in the middle of the day (like now).

What are normal IT working hours? There’s a strong (but hopefully exaggerated) indication from various sources that a typical IT worker does 12 hour days and that’s what is expected of them. Maybe this is a thing in the US? The land where being an employee is no better than being of the downtrodden masses in a fascist dictatorship. Here in the UK it seems more common for employees to stick closer to their 9-5 day, except for a few notable examples (the more certifiable “geeks” in the office, including myself) most people are gone not long after 17:00. Back in Sydney half the office is still around at 18:00 and a good many still there are 19:00, admittedly some of them don’t get to the office until 10:00 in the morning.

It’s like an IT-worker “macho” factor, “I stay in the office longer than you and thus am a more valuable asset to the company”. Complete bullshit, most of the best developers in the company are ones who stick to a well-bounded working day. But is the individual mindset remediable? Some of us who work over-long hours and then go home and spend a couple more hours dealing with work communications and other related material have trouble stopping. If I go an evening without having my work mail open for reading/replying I feel guilty about it. But it’s not like I feel hard-done-by, I also don’t feel that it is something that is expected of me – it’s just something I do. Is it an addiction?

What is the cure?

Commuting is cutting into my usual lunch-making time, I’ll have to try and reorganise to handle it (the good old “wake up an hour earlier, thus go to bed an hour earlier” that never happens). I’ve had lunch from the caf across the road on too many occasions over the last two weeks; it’s a great place for food if you happen like mayonnaise sandwiches. I only get food from there when the hunger becomes too annoying to ignore.

Everything is report writing at the moment, aside from a brief stint of benchmarking I’ve been working on writing reports since I got back. It is interminably dull. Should be done with that this week and then I have something interesting to look at, that will be a relief.

Down with the Trees!

Note: This entry has been restored from old archives.

Save the trees? Nice idea, but it could ultimately be a fuck up. We’re still living in the dark ages folks. Unless it’s down in ink on a piece of paper most information about you is about as useful as tits on a bull. Worse yet, that idealistic choice to “save the trees” could end up making your life difficult. Down with the trees I tell you!

UK Visas

When it comes to visas in the UK anything short of marriage virtually non-existent. There is entry of “unmarried
partners
” but they make it hard to access, you need two years of documentation supporting your partnership consisting of multiple documents covering the whole period. Typical combinations being tenancy agreements, utility bills and bank statements. These generally must be addressed to both parties (and who ever thinks of that when they get the phone connected?) or can be to individuals but then you need even more documents.

So if you don’t have that vital stack of paper gathering dust in a filing cabinet then you’re quite stuffed. If you ring the consulate they all but tell you not to bother.

We will have enough documentation in a few months, but what then is the situation for us trying to apply for this when already in the UK? Does it indicate a breaking of the conditions on Kat’s Working Holiday visa? At best it is highly borderline, and not possible until I can switch to a settlement visa anyway (HSMP, about 9 months away). And while under the terms of my current visa I can switch to HSMP I don’t think Kat can switch to a dependant partner visa, her option is basically only HSMP. For HSMP she’d have to earn an income in the space of 12 months which is likely to be unrealistic, 12 months is the most time she can spend working under her visa and she can’t be here for the specific purpose of working (if we stretch things too far it could make the visa people unhappy, and then we’re stuffed no matter what we do). We will be going back to Australia in 10 months, so maybe on we can make new visa applications from Australia then (what on earth will our residency status be at that time?). It does seem that the Working Holiday visa was specifically designed with loopholes, so maybe the approach is less strict than it seems? I have heard otherwise.

Thus my previous musings regarding signing a piece of paper to make us “married” by law, but looking over things I’m not sure that that would make it easier anyway. I’m loath to take such drastic measures, I have no respect for the institutionalised concept of “marriage”; we have laws that make it nothing more than a game and the old religious relevance that it had is quickly fading (and not applicable to myself). I do wonder how long it will be before the dinosaurs that run the world will be dinosaurs who make the necessary changes, unless something drastic happens (religious right stages a successful military takeover of the planet), I think change toward my own way of thinking is inevitable. Of course, by then I’ll be one of the dinosaurs and we’ll collectively not understand why the youths of tomorrow aren’t happy with the new freedoms our generation has given society. What’s this with a gay partnership between a young man and a cerebrally enhanced goat needing to be recognised by the state? You’re absurd, absurd and perverted.

I digress.

UK Banks

This one is a better justified annoyance, you simply cannot open a bank account here until you have utility bills (not mobile phone) that show the UK address of all account holders. So you’ll typically be waiting a couple of weeks before a bank account can be opened. Once we had the right documentation opening an account was plain sailing (HSBC, we used Australian bank statements sent to both our names in the UK, the same for our previous address in Sydney and also Scottish Power bills addressed to both of us plus passports for Id).

UK utility bills, now that leads to another matter…

Utilities

Speaking of Dark Ages, the utilities I’ve dealt with in this country have severely handicapped IT systems. Fancy having a very restrictive limit on the size of the name field in an address! Scottish Power have just this, while our Gas/Elec account is in both our names the correspondence is addressed only to me. When I asked about this they simply said: We just canne do eet captin!. Now if you were married then it’d all be fine, we could fit in “Y & K Seth”. Great, my electricity provider is telling me I should be married; asswipes. Their solution to their IT dilemma is a simple one, two copies of every piece of correspondence is sent to us, both addressed to me but one with content starting “Dear Mr Seth” and the other with appropriate text for Kat, this being the only difference between the two copies.

BT have it worse, they simply don’t support having a line registered in more than one name. My name only, or Kat’s name only and according to their support representative the phone book entry can only match the account holder name, we could get a second phone account though. What? Bloody retarded. I’ve complained about good old Telstra back in Australia before, but I must hand the UK the prize for utility dumbness.

So only one piece of paper from BT and it is not a lot of use for the Kat+Yvan equation and more useful data from Scottish Power, albeit in a retarded form that uses twice as many trees.

Chip and Pin

Here I abort the topic of the sad fact that we must kill more trees to further the machinery of bureaucracy.

Chip and Pin is more common here now, to the point where there are actually retailers who will only accept either it or case and shake their head at your old-skool sign-the-paper credit card. International travelers beware! Luckily supermarkets and servos have not been so stupid, just things like a few phone shops and electronics goods stores. I think it’ll be years before Australia moves onto universal Chip and Pin, and America can hardly be expected to catch up anytime this decade.

Now, in an ideal world they would have created an an interface that lets the shop upload a digital form of your receipt to the card. Why didn’t they do this? 10k of EEPROM should be loads for a typical week and you could have a reader at home to suck the data onto your computer, or freak out all the privacy nuts and have a RFID-style data-suck (encrypted of course, and our credit cards could be an “always on you” private key too!). This all means increasing the number of gates on the card of course and thus the cost to manufacture, although it wouldn’t surprise me if the silicon is already in there. There would also need to be sensibly thought out, in a typical case it’d be some proprietary garbage that will soon have the shit ripped out of it by Schnier and a week later be hacked by a bunch of bored youths.

On a slightly related note, banks still give you cheque books here in the UK and if you want to withdraw more than 300 quid you have to write out a personal cheque to yourself and visit a bank branch. Weird and very interesting how some things are so far ahead of Australia here yet other things are way behind.

Credit Cards

No chance. No credit history, no credit card. From outside the UK? You may as well have been born yesterday. HSBC will likely give us one in three months, Amex require us to wait six months (would have helped to have had an Amex in Australia). For now we’ll have to continue to use our Australian CCs quite a bit, and pay the associated charges. St. George must love us. Does the namesake for the bank have a tomb anywhere? I think I might go and piddle on it, not as something specifically against our bank (I actually like St. George) but more as a gesture toward the inanity of the systems we’ve built around our modern society; ostensibly with the express purpose of making everyday life more difficult and the machinations of evil harder to spot.

Hooray for humanity.

[…and hooray to me who just wasted an hour of his day and thus forced an extra hour in the office on himself, fool.]

Aylesbury Coffee Nut

Note: This entry has been restored from old archives.

By random chance of web trawling I just found a genuine coffee nut (or should that be “bean”) in Aylesbury, who by chance happens to say good
things about old Toby’s
back in Sydney. I was generically looking for a Toby’s equivalent in the UK, especially around the Ricky/Aylesbury run. What’s more, this guy is a roaster and has a shopfront
in Aylesbury
, of all places! I know where I’m heading for “lunch” today.

If You’re Going to San Francisco

Note: This entry has been restored from old archives.

Well, my crash visit to the US is almost over. Been a well packed and fun couple of days here in California. Thanks to Simon‘s expert tour guiding I’ve had a very good introduction to San Francisco and a cruisey Sunday in the Santa Cruz area. The area really doesn’t look like what I expected, it’s so much more green and rugged. All in all I quite like the place, especially the area around Santa Cruz… the view from the UCSC gym is really quite something else.

Rather out of it at the moment, averaged 4 or 5 hours of sleep a night since getting here and Friday was effectively a 36 hour day. I’m hoping I get some sleep on the flight to Sydney, but that may be too optimistic.

We’ll, as the Governator says… I’ll be back.

Google Calendar

Note: This entry has been restored from old archives.

I’ve just discovered Google Calendar… maybe this will be the answer to all my calendaring dreams. Globally accessible, interoperable and seems to allow things like sharing events and inviting third parties to events. It is very new, but my “first 5 minutes” using it have been promising.

It would be good if Google put together a partner desktop app to go with it for local mirroring/synchronising of calendar data. Maybe one for the Mozilla calendar app?

Asynchronosity

Note: This entry has been restored from old archives.

I find this story about an asynchronous ARM processor very interesting. It immediately reminded me of two things.

The first thing was one of my Elec Eng lectures back in 3rd year for a course taken by one of my favourite professors. Asynchronous circuits were covered as something of academic interest, a method of building digital circuits that has many interesting properties but is ultimately just a curiosity. The problem being that there are too many complexities to make it a practical way to design ICs, designing a large asynchronous circuit is simply too difficult for any team of engineers, even very good engineers. These are the facts as I was taught them, as recently as 2002.

No doubt the content of the course lagged a little behind reality, since there must have already been people working on exactly this task and already building significantly functional asynchronous ICs. And now they’ve implemented an entire asynchronous ARM9 core!

I find this news remarkably exciting. It shows how rapidly technology continues to change and advance, that we’re continually breaking barriers that were so recently considered to be pretty solid. All thanks to the advance of technology driving its self.

And that brings me to the second thing. The theory that there is a phenomenal turning point in history ahead of us. A point that we can’t predict and beyond which we cannot imagine what will happen, I’d say we can’t be certain it will ever happen – we might not last long enough. It may even happen within the span of our very own lifetimes, that would be something worth seeing.

This is the point where our technology can autonomously design the next generation of technology, triggering a world changing chain reaction that the homo sapiens sapiens species as we know it cannot survive. Either in some way or another it’s the end of the line, or (more optimistically) we’re caught up in the process of driven evolution and become something we cannot imagine.

It really is a very exciting concept. It is just another crazy futurist theory of course, one I happen to find particularly attractive.

Big Iron

Note: This entry has been restored from old archives.

Well, I really mean bigER iron – bigger than a VPS at any rate. I’ve had enough of this whole VPS thing, performance is too unreliable (who knows how many VPSs they have on a system?).

So I’m likely to go for getting a dedicated server, since the thing is my primary communications hub (and also for a couple of other people) I think it is time to upgrade for the sake of reliability. I haven’t decided where yet, there’s good old EV1 of course who are fairly solid (though they do have an iffy reputation for getting IP ranges spam blacklisted and they don’t do Debian) but there are many other choices. It’ll either be in the US or UK since prices in these locations are still much better than back home.

It costs a lot more than a VPS of course, so ideally I’d like to share the cost around and form one of these “server collectives”. I have no idea if anyone is likely to be interested in this, but if you are send me an email and if I get any responses we’ll work out what we need and how much it is likely to cost.

The deal would be simple: If the server costs $x then each of ‘n’ users pays $x/n. For your $x/n you get a single shell, root access if you feel you need it (I think I trust almost everyone I know to admin a Linux system without major mishap!) and an equal say in the running of the machine. I’m happy to look after all server administration, my typical setup provides POP3 and IMAP with Courier, Postfix for SMTP, Apache for HTTP, webmail with SquirrelMail and I use ClamAV and SpamAssassin. Debian is the OS, I wont budge on that. And some packages are sourced from backports.org for the sake of keeping up to date (for items like ClamAV and SpamAssassin where being up to date is important).

As for the machine, that would be decided by the people involved. As an example, the cheapest EV1 option is US$99 per month (however EV1 only offer RHEL, so they’re actually an unlikely choice) and this is a 1.3GHz Celeron with 512MB or RAM and 60GB HDD. I’d think that having an IP per user would be sensible plus one for the system (for HTTPS use, system IP is for SquirrelMail), IPs are usually cheap (7 for “free” with EV1 for example). I think the basic HW specs with the EV1 example are fine for a fair number of normal users (assuming you don’t have an insanely popular website).

Now we’d (Kat and I would be 2 users of course) be willing to pay a reasonable amount (if nobody is interested then we’re likely to end up getting a dedicated server anyway), so having a small group of people with up to US$40 a month to spend would get us a decent setup – and the more people the cheaper the price is! Using the EV1 example then two extra people would get us the server for US$25 each.

Some dedicated server setups:

Me buying a server from eBay or something and just paying co-lo is also an option (some good options in the UK for around 50 GBP).

It may also be an option to have a cheaper class of user, for just email, FTP and webspace say – but it’d be easier if everyone was equal. An equal share user can have as many web domains and email addresses as they like of course and can provide simple hosting for others (for example I host a domain for my Mum and handle her website and email) but the only login access she has is for email. So long as the setup of a user does not adversely affect others on the system I’m sure everyone would be happy, so really the only restrictions are that only paying users get a shell and root access.

So send me an email if you’re interested!