I’m a self-confessed geek with things on my mind. By day i’m an IT Architect and Security Consultant.
In my spare time I also love being outdoors, camping and bushcraft.
This is my homepage and blog. Feel free to browse, comment and share.
I’m a self-confessed geek with things on my mind. By day i’m an IT Architect and Security Consultant.
In my spare time I also love being outdoors, camping and bushcraft.
This is my homepage and blog. Feel free to browse, comment and share.
There is no denying that the current COVID-19 situation has caused a rapid, seismic shift in how we live our daily lives. For some this has been a huge challenge, for others less so. Now, over one month into the lock-down, people are starting to talk about a return to “normal”, whatever that is. But, do we want to return to the way things were? You see, it hasn’t been all bad. When I walk down the road for my daily exercise, I can’t help but think, I wish it were like this all the time. There’s less traffic on the roads. I can hear the birds and the wind in the trees rather than the constant hum of traffic. I can smell the spring blossom on the air instead pollution. I see couples and families, happily enjoying time together, walking or cycling. Everything seems slower, less hectic and somehow happier. The shops are no longer open late but nobody seems to mind. We patiently wait in line because we’re all on this together, we’re not in a rush, we have all the time in the world.
Now, before I go further, I know some elements of the COVID-19 response are hard, particularly on those in inner cities and for those who live in flats and tower blocks. However, many of the changes we have seen are positive. People are less obsessed with the material. Local businesses are thriving with many people choosing to shop local. Businesses, restaurants and takeaways have stepped up, offering products and services they never thought of and delivering them to your door. The big fast food restaurants are closed and nobody seems sad to see them go. People are working from home and realising that you don’t need to be in the same place to work effectively.
I have been a long-term advocate of home-working. In fact, some might class me an expert in it and the technology that makes it possible. You see, I have a complex family. I have children affected by disability and I’m currently unable to go to work in an office. Back when I did work in an office, I worked closely with diverse global teams that I never met in person. Most of the desire to be in the same office is centred around old fashioned views that you need to be in a room together to work together, or that people won’t actually work at home. However, nothing is farther from the truth.
Homeworking means a better work-life balance. It means we can better respond to the needs of our families and employers. We can be flexible on hours, which is of huge benefit to businesses, particularly those who do business across time zones. Because we don’t have to commute, we get more time with our family. Quite often people who work at home work more hours than the equivalent employee in the office and still get more quality time with their family and lower stress levels. Employers’ insistence on people being present in an office is discriminatory. It means that many skilled people, who have a disability or care for somebody who has or who have young children, cannot work. Home working levels the playing field. Commuting and being out of the house for long hours has an impact on relationships, our physical and our mental health. All of this puts a burden on the NHS and the benefits and social care systems which could be avoided. Home working is better for the environment. If we take all of those commuters off the roads, off the trains and have them at home for at least a percentage of the time, our environment, locally and globally benefits. When we add COVID-19 or other pathogens into the mix, we see that the simple act of commuting and being in an office greatly increases our risk of exposure, not just during this pandemic but any future events too. This risk is bad for business. Right now, people planning for business continuity should be thinking about how we ensure that the workforce isn’t taken out of action en-masse by a pandemic. Home working is the obvious answer. This comes with the bonus of decreased office space requirements and overheads for premises etc.
Talking of businesses, what about corporate responsibility. If your employer insists you come to an office to do a job you could do at home and you become ill as a result they could be (and probably should be) held liable for this in the same way as with any other workplace injury. Employers have a duty of care to their staff and homeworking is an obvious mitigating action.
On realising all of this, the government has a responsibility too. Government should take actions to incentivise companies to support home working. COVID-19 has begun the culture shift, somebody needs to help drive it forward.
Of course, not everyone can work from home. However, if you can’t do your job from home, employers should have robust plans around managing exposure to pathogens in the same way as other health and safety risks are mitigated. The basic premise that individuals should be able to choose to take a a risk, not be required to should be upheld. If you choose to go out and socialise, that’s your prerogative. If your employer tells you to go somewhere, they should take responsibility for you and your family’s well-being from the second you leave your home. People in jobs where they are considered at risk should be able to resign at any point to avoid this risk without being penalised by the employer or the benefits system. If you do become unwell, you should be entitled to full pay for the duration of the illness, including any time spent self-isolating or caring for other family members.
The simple act of limiting potential exposure to just things we choose to do, like shopping or seeing friends, removes most of our weekly exposure. It takes many hours of contact with potentially hundreds of other people out of the equation. This is the most important part of social distancing. It’s not staying 2 metres apart, it’s not wearing a mask, it’s simply not commuting, not working in an office every day, making less visits to the supermarket. This is the uncomfortable truth the government is skirting around. The only measures that really makes a difference are the number of people you share an enclosed environment with and the number of hours you are exposed to this risk. The biggest risk of catching COVID-19 are touch-points, like door handles, pin machines and train doors and furniture, not how close you stand to somebody. Conversely, somebody cycling past your drive or a family sitting on the beach together don’t pose a significant risk to anybody. We, as a society have chosen to focus on the least important pieces of guidance and to treat them as the most important and the government has done little to correct this. It is a dangerous practice and it gives the public a misplaced sense of security coupled with an over-developed sense of self-righteousness that doesn’t follow the science. The media has been complicit in this, giving a voice to untrained opinion and hearsay.
So, do we want things to go back to normal? I say no, we want a new, better normal. Better for our physical and mental health, better for our families, better for our community, better for our employers, better for our country and better for our planet. Don’t accept the old normal, lets do better.
It seems that one of the most respected UK domain registrars has now lost it’s edge.
Despite having updated glue records several times with Easily, since they have been taken over they have hung up on me, failed to reply to emails for three months and in fact, don’t even understand what a glue record is!
Congratulations Easily, you have lost my business.
Thanks Andrews and Arnold for stepping in and helping me update my records!
As you all now know, a recent “cyber attack” has affected many computers around the world, including, most prominently, the NHS. In this article I will ask the question, “what implications does this have on future IT services for the healthcare industry?”
Firstly, this incident was not a “cyber attack”. No targeted attack against the NHS took place. In fact, whether it is an attack at all is open to debate. The incident was in fact caused by a piece of “ransomware” which takes the form of an Internet worm. Worms are self-replicating pieces of code which spread from computer to computer using networks. They usually exploit a vulnerability in target software or operating system code to gain access and/or elevated privileges on the target system. Once infected, the real purpose of the worm, termed the payload, activates. The payload can range from something benign to something more sinister. In the case of ransomware, the usual modus operandi is to encrypt data on the target computer’s hard-drive and then offer to decrypt it in return for the payment of a ransom.
So, having established what happened, how did it happen and why was the impact so significant? The answer to this lies in the exploit used. This particular exploit leveraged a vulnerability which, according to Microsoft, was not known to them. In fact, it was developed by the NSA, who kept quiet about the vulnerability so they could use it against their targets. Recently a group leaked a set of NSA exploits, including one which used this vulnerability. Because the exploit was not discovered, disclosed to the vendor and patched, as is the normal way these issues are dealt with, Microsoft did not have an immediate fix. This type of exploit is termed a “zero-day exploit” in the industry. In fact, this is the worst kind of vulnerability. It was not just a theoretical vulnerability but a tried and tested working exploit. Because Microsoft was now on the back foot, coders managed to release a worm that used this exploit before a security fix could be released. In fact, they had little hope of stopping a determined coder in time. So, this worm is more a direct result of the cracking activity of the NSA and by extension GCHQ as they are very closely linked. Is this something we should be concerned about? Absolutely! Could it have been handled better, most definitely!
Having established what happened and why, what lessons can we learn from this? Well, firstly, the standard response to this type of threat is to ensure your software patching schedule and methodology ensures your operating systems and software are kept up to date. However, in this circumstance, this would have done nothing to mitigate the risk. There are things that could have helped to protect important data, however. I will deal with these below.
The first question that springs to my mind is why is raw data is accessible from a terminal in the first place? If files are not directly accessible, they cannot be encrypted. This means that, even if a terminal is affected, a simple re-image will get you up and running again. If we take this a step further and look at network boot, thin client environments, the risk can be greatly mitigated and the recovery time greatly reduced.
Coupled with this we must look at how our data is accessed and presented. Placing our data in the cloud would help to mitigate against this type of attack. If our data is hosted on a highly secure system and accessed, for example, using HTTPS or XMLRPC then our data would be safe even if the terminal was compromised. Data could continue to be accessed and it could not be held to ransom. We must also be mindful of correct backup procedure and cold storage, so that any data that is compromised could be restored intact. Placing data in the cloud provides a unique opportunity to protect ourselves from local network attack, so the only element at direct risk from attack vectors such as the one used by this worm is the access layer to our data. Cloud computing allows us to treat our local and wide-area networks as we should treat them; hostile, untrusted environments. It is obvious from the impact on the NHS that both the NHS National Network (N3) and local NHS Trust networks were heavily involved in the propagation of this worm and should not be treated as trusted networks. Perhaps the existing paradigm, where N3 is widely considered safe to pass patient data should be under heavy scrutiny and more controls should be applied to data transiting this network.
When we consider N3 as an untrusted network, we realise that our second line of defence, beyond our firewalls and security procedures is very simple. Isolate, contain, eliminate. We must be prepared to pull the plug on our links to the outside world when threats such as this take place in order to protect the integrity of our local networks and our data. Commonly, a loss of connectivity is considered an undesirable event. However, IT managers must consider a controlled disconnection as one of the tools in their arsenal to protect their network. This approach, however, presents unique challenges to business continuity, particularly around the access to services and data. These challenges are more apparent when we move towards a cloud-enabled data model. It is this specific area that my company, iCoriolis, is working on innovative solutions to ensure data is still accessible even when disconnected from the WAN and by extension the cloud, whether this event is controlled or an incident.
Lastly and possibly most important in my mind are the choices made by IT managers about the software and operating systems they choose for terminals and servers. This incident has shown us that Microsoft, despite considerable effort, cannot predict the future. They simply cannot fix an unknown vulnerability fast enough in these circumstances. This is not inherently their fault as they rely on the security community to identify and report vulnerabilities; no one company can discover everything. This is where Open Source software really shows its advantage. It’s not that Open Source developers are better (although some are). It’s not an ideological issue. It’s simply that because the code of Open Source software is made freely available and the community constantly peer reviews and improves it. Vulnerabilities are discovered, shared, discussed and fixed. Rather than this time-bomb hanging around for years, it could have been fixed in a short amount of time. With these facts in mind, putting my personal preference for Open Source software and my dislike of Windows for a moment, I find it difficult to understand how anyone can now trust a closed-source operating system for critical data. Indeed, governments seem to agree, with the NSA and GCHQ widely using and recommending Open Source software. Whilst Open Source software is not a magic bullet, in my mind, this is certainly a case of “better the devil you know”.
When my daughter went to secondary school, it just didn’t fit. To be fair, it was not just the schools fault. You see, she suffered Meningitis when she was seven and she was left with brain damage. When she came around from three weeks on a ventilator in a medically-induced coma she was lucky to be alive. She’d lost her speech, her movement on her right side and her ability to walk.
What followed was little short of a miracle. With minimal help from the medical community, she started the slow process of learning to walk and talk again. She went back to school and there began the struggle with the system which eventually led to the decision that the system could not provide for her very individual needs. Primary school was okay. It was certainly not perfect, but she managed. Secondary school, on the other hand, was much more of a challenge. She managed one year at secondary school until eventually, with much negativity from the school and Local Authority, we sent our de-registration letter.
What followed was similar to many EHE familes. A period of de-schooling led to that all too familiar “what next” feeling. She did some on-line courses. She saw a private tutor, primarily focusing on English and Maths. During this period, she also sustained a serious injury to her ankle, which, over the course of the next year, put her in a wheelchair when outdoors and on crutches indoors. She now had coming to terms with a new disability and all of the associated pain and upset this brings.
Our EHE provision adapted. We focused on independence, resilience and coping strategies for a disabled teenager to be independent in life. Whilst she continued some academic work, of primary importance was her ability to interact with the world and to cope with her disability. We felt, and still do feel, that this is the biggest enabler for a young person coping with disability. Academic study can come at any time in life, but coping strategies can last a lifetime.
This year, in what would have been her year-11 year if she was in mainstream school, she has gone to college, on a pre-vocational course. It’s been a struggle at times but she’s done really well and we’re proud of her. Next year, she hopes to study Media. She’s come full-circle, from mainstream schooling, following a parabola through EHE and back to main-stream again next year. Her time as EHE has allowed her to step back and re-assess what she wants to achieve from education. It has allowed her to see education as a very personal, positive experience which she can be excited about. She is motivated and engaged. (most of the time, she is a teenager!)
Last week, it felt like all of our hard work had been justified, when the local authority EHE advisory teacher, who has always been very supportive, praised our daughters achievement and said her story was a “model” for other EHE parents in similar situations.
I would imagine many EHE parents and young people, particularly those with some element of special needs, will identify with this path. EHE is a great enabler, but many still want to be able to engage with mainstream higher and further education as a conclusion to their EHE journey. It’s great to be able to look forward to a life where a young person can fully integrate into society, taking their new-found confidence and skills that have been fostered by EHE. The next couple of years for our daughter could see a complete transformation. From young person to adult and due to some hopefully life-changing surgery, from wheelchair user to able-bodied young woman. We’re excited to see what the future holds.
Last week I received my new Hytera MD650 from my helpful Chinese supplier.
I am very impressed with the radio indeed. It is:
The radio came pre-programmed with the latest European version of the firmware; from the version 7 series and I was also supplied with the correct version of CPS.
You may have noticed that I have the MD650 – this is the Chinese, Zone 0 version. This is nothing to worry about, however. The supplier had pre-programmed the radio with the Zone 5 (Europe) firmware and provided the appropriate CPS to go with it. The hardware for all versions is the same. Buying the Chinese version direct from China was far cheaper than buying here in the UK.
Programming the radio with CPS was simple enough and will be no great challenge for anyone used to programming radios. I bought the PC-47 programming cable with the radio. Having pre-installed the driver and CPS software in a Windows Virtual Machine on my laptop (I use Linux) before receiving the radio, it worked first time.
I am very impressed with the simple, solid-feeling speaker-mic, which has the LCD display and all of the buttons required to operate the radio on it. Operation is intuitive and the transmit and receive audio is great, as confirmed by on-air comments. Dare I say it, but in subjective tests, it seems to consistently outperform many Motorola radios for audio quality. The AGC seems to work well too.
I have asked the supplier to get me a Roaming Licence, as this is separately licensed for Hytera radios, which he has promised to do.
All-in-all, I’m very satisfied, especially for the price – a little over 200 UKP; around 300 USD.
Shipping by DHL was reasonably priced and reliable.
I would definitely recommend the radio. I bought it from here.
Please note, I’m not affiliated with this seller but based on my experience with their service, I would thoroughly recommend them.
Here is the simple recipe for Thai Green Curry I use. It’s easy and quick and tastes great:
Note: vegetables can be switched up to you liking.
I tend to cook this in pretty big batches. You can halve the ingredients list if you like.
NEVER let this boil or it separates the coconut milk and ruins the curry!
It amazes me that companies selling TLS certificates are really allowing you to generate your private key and your CSR online. Anyone who would do this completely misunderstands how TLS works.
Generate your private key on the server it applies too!
I’m struggling to reconcile the response to the Shoreham air crash with the current crisis involving refugees that is happening globally.
Don’t get me wrong, the Shoreham air crash was terrible and the families deserve help and support. However, in the last few days, I’ve seen shops collecting for the families, café’s donating their tips to the Shoreham air crash families. I have heard supposed stories of distant family members who barely knew the victims starting go fund me campaigns to cash in on the disaster and make £20-30k tax free profit from this tragic accident, effectively conning the public and exploiting someone’s death.
The families of the unfortunate victims will receive help, not least from the Public Liability Insurance for the event, as they rightly should without all of this public fund-raising. Is the offer of money not in some way insulting; it can’t bring someone back.
In sharp contrast, I have not seen any fund-raising for refugees locally. Just a modest contribution to this cause could greatly change the lives of these vulnerable people.
So, Great Britain, are eleven British lives really more important than thousands of others, just because they are British and died on British soil? In my mind, no they are not. These refugees (I refuse to call them migrants) deserve our help and support. If we have any humanity left in us, let’s remember the dead from the Shoreham air crash, let’s help the families, but let’s also offer the same compassion to those fleeing violence, oppression and death too.
“A society of free people will always have crime, violence and social disruption. It will never be completely safe. The alternative is a police state. A police state can give you safe streets, but only at the price of your human spirit. ”
These are the words of Alexander Shulgin in 1991, a name you may know as an expert in psychopharmacology. The full text of the lecture that this quote was taken from is linked below. I urge you to read it. He’s talking about the US war on drugs, but his words are strikingly relevant to the current “war on terror”. I do not post this for it’s words on drugs but rather as a mirror held up to the progression of society which is equally as applicable today as in 1991 when this was written.
Today, right now, our “leaders” are making an attack on our privacy, our right to expression, our right to communicate. David Cameron is seriously suggesting that the UK outlaw encryption and allow open monitoring of any and all of our communications, without the requirement for a court order. Does that fit the definition of a police state?
Don’t get me wrong, I understand that the security services need the ability to monitor, surveil, spy in the interest of national security, but not to offer the protection to the freedoms of the individual by requiring a court order to do so does, in my opinion cross the line into a police state and is disproportionate and dangerous, particularly if we allow politicians to decide who is surveiled and when. Politicians should only wield so much power and there should be protection against them using this power for their own gain.
There are so many parts of this text which are quote-worthy, but I will leave you with this.
“Let me ask each of you this simple question. What indicators would you accept as a definition of a police state, if it were to quietly materialize about you? I mean, a state that you could not tolerate.”
RIP Alexander Shulgin, 1925 – 2014.
We’ve all had a call from the bank, this is nothing new. However, in today’s day-and-age, why do banks and other organisations we have accounts with think it’s okay to ask for our personal details on the ‘phone?
Several times this week I’ve had a call from my bank. Upon answering, I’ve been told that they want to speak to me about “personal banking matter” and then asked for my personal details. This could be your date of birth, postcode, address, account number or one of many more pieces of personal information. I politely declined, telling the call-centre droid that it was a personal security risk to give this information out on a incoming call. They then proceeded to give me a number to call back on, which I also declined for the same reason. When I called my bank to ask about the call, they told me I did the right thing by not giving my personal information, even though it appears that it was them who called me!
We all know about about identity theft. Many of us have heard of social engineering, so why do supposedly reputable organisations insist on using such poor practice to try and contact us? Surely, we all know that someone can easily ‘phone you and pretend to be someone they’re not? Caller-Line ID is easy to fake if you know how so even the ‘phone number isn’t much use to you.
The FSA should produce guidance on this and banks and other organisations should agree never to ask for information in this way, to help stamp out unintentional information disclosure to nefarious third parties.
But why don’t these organisations seem to care? The answer is simple, all they care about is profit. They are not actually concerned about safeguarding you as long as they turn a profit and as long as it does not harm their reputation. The only way this behaviour is going to stop is if we all refuse to give out this information and make their calling not worthwhile.
So, next time someone calls you like this, I urge you to politely decline to give information. It’s safer for you and if enough of us do it, these organsations will stop trying their luck.