Feb 272020
 

Gotta love advertisers, they don’t bother to read or do any form of minimal research, make crass assumptions, then promptly shoot themselves in the foot:

Hello

My name is XXXXXXXX,…

Really, given it’s in your From header and your email signature, I’d have never guessed!

…and I’m a content manager at XXXXXXX XXXXXX. I’m reaching out because I came across your site and as I see you take on advertisers.

Where do you see that?

So I’m interested in purchasing some space for a sponsored article on your site.

Seriously honey, if you need to ask for a price, you can’t afford it. I bill by the nanosecond of page view time for each pixel occupied by your content.

I’m always looking for high-quality sites, like yours, so I will be glad to discuss prices and guidelines with you.

Mmm, hmm, you seriously haven’t had a very close look have you?

The content we write is always unique, relevant and informative.

As unique and informative of the load-of copy-pasta deja-moo you’ve just emailed me (in duplicate I might add)?

Moreover, we want to promote article we publish on your site. We have more than 10k subs in our email newsletter and 7k on Facebook, as you can see, we can offer not just money.

Harvesting 10000 email addresses randomly off the internet does not constitute subscriptions. Buying 7000 Facebook accounts and making them “like” your page does not constitute approval.

Ohh, and you might want to have a look at this, or this, or maybe this. Life’s too short to stuff around with a glorified BBS.

Looking forward to hearing from you.

Best regards

XXXXXXXX XXXXX

Well, you won’t hear from me directly, but you may hear from Google as you violated their terms of service in sending that spam. So yeah, I guess I do take on advertisers. I take them on and take them down.

Honest advertisers have no reason to come here, because they already have a good idea of how to build up reliable clientele without breaking laws like the Spam Act 2003 or making invalid assumptions. They do their homework. You, on the other hand, dear wannabe advertiser, are the reason such laws exist!

Updated 1 March 2020:

So, having not received a direct reply… they try again:

Just making sure you receive our last email below.

On Wednesday, February 26, 2020 at 7:30 PM, XXXXXXXX XXXXX <spammer@example.com> wrote:

${quote of original email in full}

You clearly don’t read the websites of those whom you pester do you? Actually, don’t answer that, because we know that from your original email.

Dec 222019
 

No doubt many will have heard about the “bushfire crisis” that has basically been wreaking havoc for the past month. Here in Brisbane things haven’t been too bad, but we’ve had our fair share of smoke haze and things of course are exceptionally dry.

From where I sit, this is a situation we have let ourselves get into. Some argue that this is all because of the lack of back-burning, and to a certain extent this is true.

Back-burning doesn’t make it rain however. The lack of back-burning is a casualty of a few things, partly a lack of firefighting resources, and also significantly, a hotter, dryer climate.

Climate change has been known about for a long time. When I was growing up in the early 90s, the name used was the “greenhouse effect”. The idea being that all the “greenhouse gasses” we were generating, was causing heat to be trapped in the atmosphere like a greenhouse, and thus heating up the planet.

Back then, there didn’t seem to be any urgency to combat the problem.

So, we’ve just continued the way we always have since the start of the industrial revolution. Some things have improved, for instance electric vehicles just weren’t practical then, they are slowly gaining traction.

Large-scale PV generation in the 90s would have been seen as a joke, now we have entire paddocks dedicated to such activities. Renewable power generation is big business now. Whilst it won’t displace all traditional methods, it has an important place going forward.

Yet, in spite of all this progress, we’ve still got people in government, and in big corporate organisations who cling to the “business as usual” principle.

When South Australia announced they were going to install a big battery to help back-up their power supply, the idea was poo poohed, with many saying it wouldn’t be big enough to make a difference. What it doesn’t have in running-time, it makes up for in very fast responsiveness to load changes.

A coal-fired power station operates by using thermal energy produced by burning coal, to boil water to produce steam which drives turbines that in turn, drive electric generators. A nuclear station isn’t much different — the thermal source is the only bit that changes. Geothermal is basically using a nuclear station that mother nature has provided.

The thing all these systems have in common is rotating mass. It takes significant energy to cause a step-change in rotational speed of the turbine. If the turbine is still, you’re going to have to pump a lot of energy in, somehow, to get it spinning. If it’s spinning, it’ll take a lot of energy to stop it. Consequently, they are not known for reaction times. Cold starts for these things in the realm of a day is not unknown. They also don’t take kindly to sudden changes of load. It is during these times the emissions from such generators are at their worst.

Solar is great during the day when it’s fine, but on a cloudy day like today the output is likely to be greatly diminished, and it’ll be utterly useless at night. If we had big enough battery storage, then yes, we could theoretically capture enough during the sunny days to carry us over the nights and cloudy days. That’s a big if.

So I still see the traditional methods being a necessary evil. The combination of all three options though (renewables, traditional generation and battery storage) could be a winner. Let the older stations carry the evening base-load and keep the battery topped up, ramp them down a bit when we’re getting good renewable output, use the batteries to cover the load spikes.

Nuclear could be an option, however to my mind they have two big problems:

  1. Public perception
  2. Commissioning time

Without a doubt, the modern designs for these things has greatly improved on what graced the sites of Chernobyl, Three Mile Island and Fukushima. They generate waste still, but in many cases the half-life and quantity of this waste is greatly reduced. The biggest problem though is public perception, as there are many who will not differentiate between the designs, and will immediately respond: “not in my back yard!”

Even if you could win peoples’ trust, you’ve got a second problem, getting them built and commissioned in time. If we had started in the 90s, then maybe they’d be doing useful things for us now. That boat has long set sail and is dipping over the horizon now.

Transportation is another area where we’re, as a nation, addicted to fossil fuels. It’s not hard to see why though. Go outside a major capital city, and infrastructure for a purely electric vehicle disappears.

Moreover, the manufacturers, stuck in their echo-chamber, don’t see larger electric vehicles as worth the investment.

Back in 2007, my father was lucky enough to win the Multicap Art Union, and so replaced the Subaru stationwagon he’s owned since 1982 with a Holden Rodeo ute (we had the choice between that or Toyota).

This vehicle was chosen with the intent of towing a caravan with it — something he later purchased. The caravan weighs about two tonnes. Yes, an electric vehicle could theoretically tow it, and could even do a better job, but at the time, no such vehicle was available from any of the available suppliers.

To my knowledge, this is still the case. Few, if any of the electric vehicles on the market here in Australia, have the necessary facilities to tow a caravan even if the motor is capable of it.

Then there’s infrastructure to consider. A pure electric vehicle would probably be impractical outside of major regional centres and capital cities. Once you got away from the network of high-power chargers, you better plan for staying a few days in each town where you charge, because it will take that long to charge that battery from a 240V 10A socket!

Diesel-electric though, could be a winner since diesel engines similarly operate most efficiently at constant speed and could drive a generator to charge battery storage.

A return of the gas turbine engine could also be a good option. This was tried before, but suffered from the typical characteristic of turbines, they don’t like changing speed quickly. Poor throttle response is a deal-breaker when the engine is providing the traction, but it is a non-issue in a generator. They run on a wide variety of fuel types, including petroleum and diesel, so could utilise existing infrastructure, and the engines are generally simpler designs.

Is there research going into this? Not from what I’ve seen. Instead, they trot out the same old style vehicles. Many people buy them because that’s all that’s on offer that fulfils their requirements. Consequently this inflates the apparent desire for these vehicles, so the vehicle makers carry on as usual.

The lack of cycle infrastructure also pushes people into vehicles. When I do ride to work (which I’ve been trying to do more of), I find myself getting up early and getting on the road before 4:30AM to avoid being a nuisance to other road users.

In particular road users who believe: “I paid vehicle registration, therefore this road is MINE!” I needn’t waste space on that assertion, the Queensland government raised about $557M in revenue (page 14) from vehicle registration in 2018-19, whilst the DTMR’s expenditure at that time was over $6bn (page 15).

The simple truth is that a lot of these initiatives are seen as nothing but a “cost”. Some simple-minded people even say that the very concept of climate change is invented simply to slug the developed world. We need to get past this mentality.

The thing is, business as usual is costing us more. We’re paying for it big time with the impact on the climate that these emissions are having. Yes, climate does go in cycles, but what we’re experiencing now is not a cycle.

I can remember winters that got down to the low signal digits here in Brisbane. I have not experienced those sorts of conditions here for a good 15 years now. Yes, this is a land of drought and flooding rain, however, we seem to be breaking climate records that have stood longer than any of us have been alive by big margins.

The “fire season”, which is used to determine when back-burning should take place has also been lengthening. It will get to a point where there just isn’t a safe time to conduct back-burning as theoretically every day of the year will be “fire season” conditions.

This is costing us.

  • It will cost us with property being destroyed.
  • It will cost us with work being disrupted.
  • It will cost us with food production being threatened.
  • It will cost us with health issues due to increasing ambient temperatures and air pollution issues.

Lately I’ve been suffering as a result of the smoke haze that has been blowing through the Brisbane area. I recognise that it is nowhere near as bad as what Sydney has to put up with. Whilst not severely asthmatic, I have had episodes in the past and can be susceptible to bronchitis.

On one occasion, this did lead to a case of pneumonia.

About a fortnight ago I started to go down with a bout of bronchitis. I’ve had two visits to the doctor already, prescribed antibiotics and a puffer, normally by now my symptoms would be subsiding by now. This time around, that has not been the case. Whilst the previous bouts have been stress-related, I think this time it is smoke-induced.

I think once the smoke clears, I’ll recover. I am not used to this level of air pollution however, and I think if it becomes the new “normal”, it will eventually kill me. If I lived in Sydney, no question, that level probably would kill me.

This is a wake-up call. Whilst I don’t plan to join the Extinction Rebellion — as I don’t think blocking up traffic is doing anyone any favours, I do think we need to change direction on our emissions. If we carry on the way we are now, things are only going to get worse.

Oct 122019
 

Recently, I’ve been doing a lot of work with 6LoWPAN on the 2.4GHz band. I didn’t have anything that would receive arbitrary signals on this frequency, so I decided to splurge. I got myself my first bit of tax-deductible amateur radio equipment: a HackRF One.

It’s been handy, fire up CubicSDR, and immediately you get a picture of what’s happening on the frequency. In the future I hope to get the WIME framework working so I can decode the 802.15.4 frames and pipe them to Wireshark, but so far, this has been handy.

Since I’m not using it every day, I also put it to a second use, DAB+ reception. I used to listen to various stations a lot, and whilst FM stereo is built into my phone, I’ve got nothing that will do medium-wave AM. The HackRF stops short at 1MHz (officially 10MHz), and needs a suitable antenna to do so. However, it occurred to me that it was more than capable of doing DAB+, so after some experimentation, I managed to get qt-dab working.

Since getting that working, I bought a second SDR, a RTL-SDR v3. The idea is I’d be setting this up on the bicycle with a Raspberry Pi 3 which also has a DRAWS board fitted (the successor to the UDRC). I figured I could use this as a second receiver for amateur radio stuff, or use it for FM stereo/DAB+, maybe short wave.

So today, I was testing this: using the RTL-SDR with a Pi 3, seeing whether it would perform acceptably for that task. Interestingly, CubicSDR will de-modulate FM stereo quite happily when you’re running it via a X11 session forwarded over SSH, but it stutters its way though if you try to run it natively. I think the waterfall displays are too much for the machine to cope with: it can render them, but painting them on the screen causes too much CPU load.

qt-dab however works quite well. It occupies about 60% CPU, which means you don’t want to be doing much else. Whether I can do AX.25 packet simultaneously as planned or not is a valid question. Audio quality through the PWM output on the Pi3 is good too — I did try this with an original Pi and got an aural assault courtesy of the noisy 3.3V power rail, but it seems this problem is largely fixed on the Pi3.

In truth, I’ll probably be using the GNURadio framework directly when I get to implementing this on the bicycle. That makes a custom tailored UI a little easier to implement.

The WTF moment though was whilst putting this rig through its paces… I noticed a new station:

ELF Radio, a station dedicated to Christmas Carols

A new station, “ELF Radio” had appeared in multiplex 9A (202.928MHz)… this is exactly what it sounds like, a station dedicated to Christmas carols. We’re not even half-way though October, and they’re already out to flog the genre to death.

Now, Christmas rage was not a thing when I was younger, it seems the marketing world is intent on ruining this tradition by making excuses for starting the sales earlier and earlier… and it seems the “ambience” is part of the package deal that they insist must start long before that Celtic tradition, Halloween! As a result, most of us are thoroughly fed up by the time December rolls around.

Here’s a hint advertisers: playing this crap so soon in the year will not result in higher sales. It’s a sales repellent!

Jun 022019
 

There’s a couple of truths in life:

  • You don’t get to choose your biological family
  • You don’t get to choose your place of birth

Now, as it happens I ordinarily do not have any real issues with my family or my place of birth, except on one matter: I have never possessed a driver’s license, and really don’t wish to obtain one.

I can get around just fine on my bicycle when I need to. That mode of transport is not nearly as limiting as people think it is. Sure, it’ll take me longer to get places, and I need to perhaps do more planning than most, but I can get where I’m needed.

Yet, time and time again, I run up against the same problem: people assume that people my age, drive cars. People then make the leap to suggest that you’re a useless person if you don’t drive.

I did try to obtain a learner’s permit some time ago. I tried the written test twice: at $20 a pop, at a time when I was unemployed. I wasn’t sure how I was going to fund obtaining a vehicle and paying the necessary fees, but I figured I’d try the first step.

I failed both attempts on one question.

I decided that an identity card was more important: I researched what documentation was required, paid my dues, handed over said documentation, wandered out with a new 18+ card. I figured if I needed to try the driver’s license again, I’d be back.

That was in December 2007. The requirements for obtaining a license have since become more onerous, and let’s face it, there are too many cars on the road today. I’d be looking at taking about 200 hours off from work in order to get the necessary log-book time up and spending tens of thousands of dollars on driving lessons. It isn’t financially worth it.

I re-discovered cycling about 6 months later. I bought a folding bicycle, and started using that to get around, and realised that this was a viable mode of transport for me. Over time, I did longer and longer trips.

The longest I’ve gone unsupported was about 82km. A ride from my home at The Gap to the park at Logan Central takes about 3 hours each way with a couple of rest stops en route. I get going early, take my time, and get there without any trouble.

My work is at Milton, a run of about 10km: I can get there in an hour: faster than public transport. In the early mornings, my times tend to be closer to 45 minutes.

In short, there is just no useful purpose for me to have a car. More to the point, I’d have nowhere to park it. What limited space is available at the front of our property is occupied by a caravan and the neighbours’ numerous cars. If it weren’t for the caravan in fact, it would be all cars belonging to the neighbours.

Moreover, my body actually needs the physical exercise. It’s a fact that moving around is required to keep bodily functions working. You don’t move around enough: bowel movements slow down. I already had one bowel-related health scare this year.

I have not been riding much lately due to scheduling — and I feel my health is suffering greatly because of it.

In spite of this, I still get people, family included, shaking their metaphorical car keys in my face suggesting I should be driving too.

It’s as if, as a non-driver, you’re not welcome in this society. You’re seen as a waste of space — you don’t belong here. We’re seen as “shits” that are there wasting other peoples’ money.

I’ve had a lifetime of that sort of treatment for numerous reasons.

Back in the late 80s, the argument was that I had an Autism diagnosis, therefore I should be going into institutionalised care. Then the same condition was used to argue that I belonged in a special school. At high school, the same reasoning was probably used to put me in the lowest-grade maths and English classes.

I am generally able to focus on a task and do it well. This is probably the reason why I wound up doing double Bachelor-level IT/electronics degrees at uni, and passing both.

I could have instead just been institutionalised. Occupying a tax-payer funded bed. I’d be a record in the NDIS system today. Completely un-employable, generally useless. Definitely not earning >$60000/year doing full-stack software development. There is income tax being paid amongst that — whether my day job is actually worth what I get paid is a debate I’ll leave for others.

The fact remains that I work for a living, and pay my own way.

However, there is a difference to laying out a PCB or writing a code module; and manoeuvring ~600kg of metal travelling at 50+km/hr through suburban roads. One requires focus and patience, the other requires millisecond-level decision-making and reaction times.

I am not someone who thinks well at speed, and I would make no friends driving a car along Waterworks Road at 30km/hr in the morning peak-hour traffic. At 30-40km/hr, I can just manage on the bicycle. I can do up to 60km/hr, but I’m not comfortable at all going that speed!

In a car, you are expected to do the speed limit (50-60km/hr in the case of Waterworks Road). Brisbane’s drivers are not forgiving of anyone who can’t “keep up”.

There are people who have no place driving a car, and I would count myself as being a member of that group. I avoid being on the roads much of the time for that very reason — as a courtesy to drivers who would likely prefer to not be stuck behind a slow cyclist like myself.

Coupled with the health problems: me taking up driving would be an early death sentence. If this is really what is expected, I might as well stop now and get the dying bit over and done with, it’ll be one less person on this planet consuming ever dwindling resources.

It’ll be more humane for me to just quietly go, then to be constantly in and out of medical care for “this” medical condition, or “that” medical condition, costing my employer sick-leave, costing my health fund, occupying resources in our health system, simply because I didn’t get enough exercise.

If a non-driver like me is as useless as people make out, then I guess it won’t hurt anyone that I’m gone. … or maybe we can re-think the “non-drivers are useless” concept. One of the ideas in this paragraph is wrong. I’ve given up trying to decide which!

May 182019
 

Seriously, if you think this is a good way to earn some yuan, think again. I just got this email this afternoon:


Dear CEO,
(It’s very urgent, please transfer this email to your CEO. If this email affects you, we are very sorry, please ignore this email. Thanks)
We are a Network Service Company which is the domain name registration center in China.
We received an application from Hua Hai Ltd on May 14
, 2019. They want to register ” stuartl.longlandclan ” as their Internet Keyword and ” stuartl.longlandclan .cn “、” stuartl.longlandclan .com.cn ” 、” stuartl.longlandclan .net.cn “、” stuartl.longlandclan .org.cn ” 、” stuartl.longlandclan .asia “、domain names, they are in China and Asia domain names. But after checking it, we find ” stuartl.longlandclan ” conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?
 


Best Regards
**************************************
Mike Zhang | Service Manager
Cn YG Domain (Head Office)
Contact details censored as I do not wish to promote their business
*************************************

The wording is identical to that seen in this article on squelchdesign. Knowing this to be a scam, I did two things:

  1. As per my standard policy, I forwarded it to SpamCop. The source of the email was Baidu’s own network.
  2. I figured since it’s obviously a scam and since these people seemingly do not learn from the skirmishes with others, I’d have some fun with them:

On 18/5/19 11:46 am, Mike Zhang wrote:

Dear CEO, (It’s very urgent, please transfer this email to your CEO. If this email affects you, we are very sorry, please ignore this email. Thanks)

You want this to go to my CEO? Does every individual person in China have their own personal CEO? Is that why they have such a big population? Please keep in mind what the .id.au domain suffix is for: INDIVIDUALS.

We are a Network Service Company which is the domain name registration center in China.

Ahh, so you must know the rules around domain registrations, like the .id.au domain suffix being non-commercial.

We received an application from Hua Hai Ltd on May 14, 2019. They want to register ” stuartl.longlandclan ” as their Internet Keyword and ” stuartl.longlandclan .cn “、” stuartl.longlandclan .com.cn ” 、” stuartl.longlandclan .net.cn “、” stuartl.longlandclan .org.cn ” 、” stuartl.longlandclan .asia “、domain names, they are in China and Asia domain names.

They must be rich. They also wanted bellavitosi .cn, bellavitosi.com.cn, bellavitosi.net.cn, bellavitosi.org.cn, bellavitosi.asia, formula1-dictionary.cn, formula1-dictionary.com.cn, formula1-dictionary.net.cn, formula1-dictionary.org.cn and formula1-dictionary.asia.

What does this group do? Are they a subsiduary of BaoYuan Ltd? I hear pan xiaohong has wealth that rivals Jack Ma.

But after checking it, we find ” stuartl.longlandclan ” conflicts with your company. In order to deal with this matter better, so we send you email and confirm whether this company is your distributor or business partner in China or not?

Well, this “company” does not exist, so can’t possibly have a partner in China. I say to them, go ahead and register those domain names, I dare you, it’ll cost you a lot more than it will cost me.

Errm, yeah… the SEO spammers are slowly learning not to mess with me as I’ll just report the email as spam and will tweak mail server settings to ensure you stay blocked. Or I may choose to publicly ridicule you like I have done here.

The worst they can do is actually follow through and register all those domains, which will cost them an absolute bloody fortune (.asia domains are not cheap!) and my content is already well known with the search engines — it’s not like I rely on my online presence for an income anyway as I have a day job. Anything I do here is for self-education and training.

All this mob is doing, is destroying the image of some innocent company in Hong Kong, which are likely nothing to do with this scam. Seriously guys, get a real job!

Nov 132018
 

Yeah, so our illustrious Home Affairs minister, Peter Dutton has come out pushing his agenda for a “back door” to encrypted messaging applications.  How someone so naïve got to be in such a position of power, I have no idea.   Perhaps “Yes, Minister” is more of a documentary than a comedy than I’d like to imagine.

It’s not the first time a politician has suggested the idea, and each time, I wonder how much training they’ve had in things like mathematics (particularly on prime numbers, exponentiation, remainders from division: these are the building blocks for algorithms like RSA, Diffie-Hellman, etc).

Now, they’ll tell us, “We’re not banning encryption, we just want access to ${MESSAGING_APPLICATION}”.  Sure, fine… but ${MESSAGING_APPLICATION} isn’t the only one, and these days, it isn’t impossible to imagine that someone with appropriate skills can write their own secure messaging application.  The necessary components are integral to every modern web browser.  Internet routers and IP cameras, many of which have poor security and are rarely patched, provide easy means to host the server-side component of such a system freely as well as an abundance of cheap VPS hosting, and as far as ways of “obscuring the meaning” of communications, we’re spoiled for choice!

So, shut one application down, they’ll just move to another.

Then there’s the slippery slope.  After compromising maybe a dozen applications by legal force, it’s likely there’ll be laws passed to ban all encryption.  Maybe our government should talk to the International Telegraph Union and ask how their 1880s ban on codewords worked out?

The thing is, for such surveillance to work, they have to catch each and every message, and scrutinise it for alternate meanings, and such meanings may not be obvious to third parties.  Hell, my choice of words and punctuation on this very website may be a “signal” to that tells someone to dress up as Big Bird and do the Chicken Dance in the Queen Street Mall.

This post (ignoring the delivery mechanism) isn’t encrypted, but could have hidden meanings with agreed parties.  That, and modern technology provides all kinds of ways to hide data in plain sight.

Is this a photo of a funny sign, or does it have a message buried within?

Digital cameras often rely on SD cards that are formatted with the FAT file system.  This is a file system which stores files as a linked list of clusters.  These clusters can wind up being stored out-of-order, a problem known as fragmentation.  Defragmentation tools were big business in the 90s.

FAT is used because it’s simple to implement and widely supported, and on SD cards, seek times aren’t a problem so fragmentation has less of an effect on performance.

It’s not hard to conceive of a steganography technique for sharing a one-time pad which exploits this property to use some innocuous photos on a SD card, arranged in such a way so that the 4kB clusters are randomised in their distribution.  The one-time pad would be shared almost right under the noses of postal workers unnoticed, since when they plug the SD card into their computer, it’ll just show photos that look “normal”.  The one time pad would reach its destination, then could be used for secret communications that could not be broken.

So, the upshot is banning encryption will be useless because such messages can be easily hidden from view even without encryption.

Then there’s the impact of these back doors.  The private keys to these back doors had better be very very VERY secure, because everyone’s privacy depends on them.  I mean EVERYONE.  Mr. Dutton included.

Bear in mind that the movie industry tried a similar approach for securing DVDs and Bluray discs.  It failed miserably.  CSS encryption keys used on some DVDs were discovered, then it was found that CSS was weak anyway and could be trivially brute-forced.  HDCP used in Bluray also has had its secret encryption key discovered.

See, suppose a ban was imposed.  Things like this blog, okay, you’ll be hitting it over clear-text, the way it had been for a number of years… and for me to log in, I’d have to do so over plain-text HTTP.  I’d probably just update it when at home, where I can use wired Ethernet to connect to the blog.  No real security issue there.  There’s a problem of code injection for my few visitors, it’d be nice to be able to digitally “sign” the page without encrypting it to avoid that problem.  I guess if this became the reality, we’d be looking into it.

Internet banking and other “sensitive” activities would be a problem though.  I do have Internet banking now, but it’s thankfully on a separate account to my main savings, so if that got compromised, you wouldn’t get a lot of cash, however identity theft is a very real risk.

Then there’s our workplaces.  My workplace happens to do work for Defence from time to time.  They look after the energy management systems on a few SE Queensland bases: Enoggera (Gallipoli Barracks), Amberley (yours truly interrogated the Ethernet switches to draw a map of that network, which I still have a few old copies of), Canungra, Oakey, … to name a few.

We rely on encryption to keep our remote access to those sites secure.  Take that away, and we either have to do all that work “in the clear”, or send people on site.  The latter is expensive, and in some cases, the people who have clearance to step on site don’t have all the domain knowledge, so they’ll be bringing others who are not cleared and “supervising” them.

Johnny Jihadist doesn’t have to break into a defence base, they just have to look on as a contractor “logs in”.  If the electrical and water meters on a site indicate minimal usage, then maybe the barracks are empty and they can strike.  You can actually infer a lot of information from the sorts of data collected by an EMS.  A scary amount.

So our national security actually depends on civilian encryption being as strong as government encryption.  Setting up 256-bit AES with 4096-bit RSA key agreement and authentication is a few clicks and is nearly impenetrable: back-door it, and it’s worthless.

Even if you break the encryption, there’s no guarantee that you’ll be able to find the message that you’re looking for.  Or you might just wind up harassing some poor teenager that uploaded a cute but grainy kitten photo because you thought the background noise in the JPEG was some sort of coded message.

I think if we’re going to get on top of national security issues, the answer is not to spy on each other, it’s to openly talk to each other.  Get to know those around you, and accept each other’s differences.  Colonel Klink didn’t have any luck with the iron fist approach, what makes today’s ministers think they are different?

Sep 172018
 

Politicians and bureaucrats, aren’t they wonderful?  They create some of the laws that are the cornerstone of our civilisation.  We gain much stability in the world from their work.

Many are often well versed in law, and how the legal systems of the world, work.  They believe that their laws are above all overs.

So much so, they’ll even try to legislate the ratio of a circle’s circumference from its diameter.  Thankfully back then, others had better common sense.

They legislated for websites to display a banner on their pages that people have to click, telling the user that the website uses cookies for XYZ purpose.  Now, I have never set foot in Europe, I really don’t have any desire to leave Australia for that matter.  I am not a European citizen.  I do not use a VPN for accessing foreign websites: they see my Australian IP address.

In spite of this, now every website insists on pestering me about a law that is not in force here.  You know what?  You can disable cookies.  It is a feature of web browsers.  Even NCSA Mosaic, Netscape Navigator and the first versions of Internet Explorer (which were dead ringers for NCSA’s browser by the way), had this feature.  I’m talking mid-90s era browsers … and every descendent thereon.

It’d be far more effective for the browser to ask if XYZ site was allowed to set a cookie, but no, let’s foist this burden onto the website owner.  I don’t doubt people abuse this feature for various nefarious purposes, but a solution this is not!

It gets better though.  To quote the EFF (Today, Europe Lost The Internet. Now, We Fight Back):

Today, in a vote that split almost every major EU party, Members of the European Parliament adopted every terrible proposal in the new Copyright Directive and rejected every good one, setting the stage for mass, automated surveillance and arbitrary censorship of the internet: text messages like tweets and Facebook updates; photos; videos; audio; software code — any and all media that can be copyrighted.

Three proposals passed the European Parliament, each of them catastrophic for free expression, privacy, and the arts:

1. Article 13: the Copyright Filters. All but the smallest platforms will have to defensively adopt copyright filters that examine everything you post and censor anything judged to be a copyright infringement.

Yep, this is basically much like China’s Great Firewall, just outsourced.

It actually has me thinking about whether it is possible to detect if a given HTTP client is from the EU, and respond back with a HTTP error 451, because doing business in the EU is just too dangerous legally.

Jul 162018
 

So, the local media here (can’t comment for other parts of the world) have been quite busy reporting on the fate of The Wild Boars soccer team and their coach, stuck in a flooded cave in Thailand.  With the great work of many, the group is now free of the cave, and getting the medical attention they need.

Pats on the back all around.  It could have very well been a dozen funerals that needed to be organised instead of servings of various meals.

Overshadowing this somewhat, has been the somewhat childish spat between Vern Unsworth and Elon Musk over the miniature submarine that was proposed as a vehicle for transporting the children through the cave system.

Now, I’ll admit right up front, what I know is what I’ve heard from the media here.  In amongst the reports, it was commented that the gaps though which people had to squeeze through, were as small as 38cm in places.

That does not leave you much room.  That’s bloody confined in the extreme.  A submarine that could fit a child and squeeze thorough such a gap?  It’d be positively claustrophobic!

Now, Mr Unsworth did label this as a PR stunt.  Maybe it was … maybe the design was just naïve.  I think the goal was a noble one, and Elon Musk’s team did a great job in giving it a go, even if they did overlook a few critical details.

However, I think I’ll take Mr Unsworth’s advice over Mr Musk’s regarding whether the device was practical, as he was actually there.  If the device got stuck, the results could have been fatal.  The team was already in a dangerous situation and had lost one member of their team already, they really weren’t in a position to experiment.  I think responding with “stick it where it hurts” is being overly harsh, but otherwise I think the criticism was entirely valid.

You do not, however, call someone a “pedo”, without very good grounds for doing so.  That is slanderous.  And what exactly is “sus” about living in Thailand?  Tesla’s been suffering some quite bad press lately, I really do not think this juvenile behaviour helps anyone.

One is free to believe that ego is not a dirty word, but that does not mean one’s humility should be locked under the stairs!


Update 2018-07-17: Hmm, I was saying…? Tesla sheds almost $US2b after Elon Musk’s ‘pedo’ attack on British diver.

Jun 282018
 

So this evening, I got a bit of marketing from Telstra. This was to an email address I had used to register the SIM card that I’m trying out in the Kite. I naturally followed the same approach I have with other such suppliers as an anti-phishing tactic.

The email is not unsolicited, but it is a commercial email nonetheless. I figured I’d just quietly opt-out, no need to make a fuss. The email itself was legitimate, so no concern about boobytrapped unsubscribe links. Naturally, I copied the address from their email and paste it into the form on their webpage. I get told this:

Errm, excuse me? That is the email address that I wish to unsubscribe, and if it were invalid, I would not be trying to unsubscribe because I would not have gotten the email in the first place!

Okay, so I’ll need to go through a human to get this resolved, what joy. Navigate the labyrinth that is the Telstra support site (they really don’t want you to be able to make complaints), and I get to a complaints form. First thing I note, they forgot to close an <a> tag (end of line 154)…

<p>If you require immediate assistance with a complaint, <b>Consumer customers</b> can call us anytime on 132200 and say "complaint".<br><br>
If you are a <b>Business customer</b> and require immediate assistance with a complaint, you can call us anytime on 132000 and say "complaint".</p>
<b>Enterprise and Government customers:</b> please go to your specialised contact page <a href="https://www.telstra.com.au/business-enterprise/contact-us/make-a-complaint" target="_self">here</a>.
&nbsp;
<p>Further information on how we handle complaints can be found in our <a href="https://www.telstra.com.au/content/dam/tcom/personal/help/pdf/telstra-complaint-handling-process.pdf">complaints handling process document (PDF).</p></pre>
</div>
<div id="surveyMainDiv" class="main-background">
<div class="place-holder-div" id="surveyMainDivBannerDiv"></div>
<div id="surveyContentDiv" class="content-background">

As a result, Firefox thinks everything to the end of the form, is part of the link! They also close a tag that isn’t open: <pre>.

UPDATE 2018-07-07: This has now been fixed.

Right, so there’s two things. I persevere with the form, resorting to keyboard shortcuts since clicking on any form element brings up that PDF.

Happy that I’ve covered what I wanted to say, I hit the submit. Only to find out the same person who designed the last form, must have designed this one too.

Great, so that’s now three things to complain about.

What really saddens me with Telstra is that today their management tell us they “aspire to be a technology company”. The fact that years ago, Telecom Australia was very much a respected member of the ITU meant it pretty much was a technology company… and the fact they can’t get something as basic as email address validation or a simple web form right, really does show how far they have fallen.

I fully expect this will go back-and-forth while they ask for my browser details (irrelevant, this is broken HTML at their end), my OS (again irrelevant), and then the claim that: “Ohh, we don’t support that!” Which will hold about as much water as a tissue paper G-string.


So, an update. I had a reply back, basically they stated a few things:

  1. they claim to not have seen any marketing emails for the past two months sent to me. (how hard did they look?)
  2. they claim to have taken my name off the list (we’ll see)

They make no comment about fixing the forms. The complaints form now has its closing </a> tag back, so clicking on form elements no longer causes it to pop up with a PDF download. Great, 1 problem of 3 fixed.

I finally had a moment to reply, and did so. In their email, they give an address to send the reply to (because we’re to cool to set the Reply-To header or use the correct From address):

I got back an immediate response:

Delivery has failed to these recipients or distribution lists:

ComplaintResolutionCentre@team.telstra.com
The recipient’s e-mail address was not found in the recipient’s e-mail system. Microsoft Exchange will not try to redeliver this message for you. Please check the e-mail address and try resending this message, or provide the following diagnostic text to your system administrator.


Sent by Microsoft Exchange Server 2007

Diagnostic information for administrators:

Generating server: srv.dir.telstra.com

ComplaintResolutionCentre@team.telstra.com
#550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##

Original message headers:

Received: from ipani.tcif.telstra.com.au (10.97.216.198) by
 ties-smtp.in.telstra.com.au (172.49.40.197) with Microsoft SMTP Server id
 8.3.485.1; Sat, 7 Jul 2018 17:58:02 +1000
Received: from ipocni.tcif.telstra.com.au ([10.97.216.53])  by
 ipbani.tcif.telstra.com.au with ESMTP; 07 Jul 2018 17:58:02 +1000
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0GkBACJcUBb/+KwZZaFN5wRlRWBaTKBT?=
 =?us-ascii?q?YYSBgMCAgKGSwtCJwE8FYEggwqqCQUOgmyEHYUAgStDAWaJaIMgSYRqCAUFAQs?=
 =?us-ascii?q?IB1eCWYo0hF4Pg1eBKA6YUIQOgmt2imKIYIUYPYIxoUUCDRsDggU?=
X-IPAS-Result: =?us-ascii?q?A0GkBACJcUBb/+KwZZaFN5wRlRWBaTKBTYYSBgMCAgKGSwt?=
 =?us-ascii?q?CJwE8FYEggwqqCQUOgmyEHYUAgStDAWaJaIMgSYRqCAUFAQsIB1eCWYo0hF4Pg?=
 =?us-ascii?q?1eBKA6YUIQOgmt2imKIYIUYPYIxoUUCDRsDggU?=
X-IronPort-AV: E=Sophos;i="5.51,320,1526306400"; 
   d="png'150?scan'150,208,217,150";a="119258049"
X-Amp-Result: UNKNOWN
X-Amp-Original-Verdict: FILE UNKNOWN
X-Amp-File-Uploaded: False
X-SBRS: None
Received: from eth2015.qld.adsl.internode.on.net (HELO
 mail.longlandclan.id.au) ([150.101.176.226])  by ipxcno.tcif.telstra.com.au
 with ESMTP; 07 Jul 2018 17:57:59 +1000
Received: from [IPv6:2001:44b8:21ac:7053:a64e:31ff:fe53:99cc] (unknown
 [IPv6:2001:44b8:21ac:7053:a64e:31ff:fe53:99cc])	by mail.longlandclan.id.au
 (Postfix) with ESMTPSA id C159B51F720	for
 <ComplaintResolutionCentre@team.telstra.com>; Sat,  7 Jul 2018 17:57:56 +1000
 (EST)
Subject: [SR 1-1580842703975] Re: Follow Up-Your complaint with Telstra
References: <1e3d0bcc-a187-42cb-ac52-1e1ef0f4673b@wsmsg3704.srv.dir.telstra.com>
To: <ComplaintResolutionCentre@team.telstra.com>
From: Stuart Longland <me@mydomain.org>
Openpgp: id=77102FB21549FFDE5E13B83A0C7F53F4F359B8EF;
 url=https://stuartl.longlandclan.id.au/key.asc
Message-ID: <b5da1c9c-bc3d-8b2f-0f56-55361dc16503@longlandclan.id.au>
Date: Sat, 7 Jul 2018 17:57:51 +1000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <1e3d0bcc-a187-42cb-ac52-1e1ef0f4673b@wsmsg3704.srv.dir.telstra.com>
Content-Type: multipart/mixed;
	boundary="------------37DC9E91B74192D682B54693"
Content-Language: en-GB
Return-Path: me@mydomain.org
Reporting-MTA: dns;srv.dir.telstra.com
Received-From-MTA: dns;ipani.tcif.telstra.com.au
Arrival-Date: Sat, 7 Jul 2018 07:58:02 +0000

Final-Recipient: rfc822;ComplaintResolutionCentre@team.telstra.com
Action: failed
Status: 5.1.1
Diagnostic-Code: smtp;550 5.1.1 RESOLVER.ADR.RecipNotFound; not found

Oops… so there’s another complaint:

I note there’s another address (with an ‘s’ on the end) in the footer of the email, and so I have sent them the following:

Hi,
It's taken a little while to get back to you on this as I've been flat
out, but here goes.

On 07/07/18 17:20, Telstra_Notifications wrote:
> Your complaint with Telstra
>
> Reference no: SR x-xxxxxxxxxxxxx
>
> Dear Mr Longland,
>
> Thank you for getting in touch with us on 28 June 2018 about a
> complaint relating to your Telstra account number xxxx xxxxx xxxx.
>
> I’m sorry that you’ve experienced an issue with your service, but
> I'm pleased to offer you the following resolution.

To be clear, the issue is not with the mobile service itself, that's
been fine for the purpose I've used it. The issue is in the marketing
that came with it, that was unwanted.

> You were concerned that:
>
> * You’d like to be removed from Telstra’s marketing list

Yes, this is correct. It might be polite to ask people when they sign
up whether they want to be on this marketing list or not.

In my case, the service is temporary: I have the loan of a prototype
mobile phone: iSquare Mobility Kite v1.

http://www.kiteboard.io/ is the device being trialled.

The manufacturer has loaned it so that I can trial the device on the
Australian mobile networks, and see how it performs in weak-signal
conditions. I have loan of it possibly for another month or so at most.

(So far, it performs *MUCH* better than the ZTE T83 I use, and holds its
own against the ZTE T84 which uses the same chipset as the Kite.)

I'd have used my own SIM card, but my card is too big to fit in this
phone (mine is a miniature SIM, this phone requires a micro-SIM), and
given its temporary custody, it made no sense to get my existing Telstra
service moved to a new SIM.

Thus for this purpose, I just activated a pre-paid service to be able to
try the device out. I also have a service activated with Optus as it's
a dual-SIM device.

Once iSquare Mobility ask for the return of the device, naturally I'll
have little use for the two pre-paid SIM cards that are presently in it,
and won't have any interest of any offers from Telstra (or Optus).

I have an old 3G phone I can possibly use up the remaining credit of the
Telstra SIM in, otherwise I'll just use my current phone service which
I've had since 2001.

> * Telstra should fix broken complaints form
>
> I've confirmed that:
>
> * We have checked your account and found no marketing emails sent to
> you for the past two months

Allow me to present exhibit A; sent Thu, 28 Jun 2018 00:39:53 -0700.
This is attached.

I'm a little surprised your list management software had trouble finding
it, unless of course, you didn't read the complaint message carefully to
see the address my account was *actually* registered under.

I see you don't mention the issues with the form. One issue makes the
form damn-near unusable for anyone due to malformed HTML causing the
entire form to act as a hyperlink to the complaints information PDF.

The other, prevented me from self-unsubscribing and was the reason for
the complaint in the first place.

Don't worry, the world already knows:
Telstra: another mob that didn’t get the RFC5233 memo
I see the missed tag on the complaint form has now been corrected. The original issue that started this, so far has not been corrected. I've attached screenshots for your reference. > We know you've been put out by this matter so we'd like to fix things > by: > > * Confirming the medium of marketing (SMS, Email, phone call, MMS, > face to face marketing, etc) and date you received it This is email marketing. There have not been any other forms of marketing. > * Removing your name and details from Telstra’s marketing list. > Please be advised that this is only applicable for Telstra marketing > calls. Yep, I understand this. This is a silent number, and a temporary one at that. By Christmas time, this service will be no-more, as it will be surplus to requirements. > If you’d like to talk more about this or accept this offer, please > contact me on 1800 241 787* PIN 5172 or email > ComplaintResolutionCentre@team.telstra.com quoting your Telstra > reference SR x-xxxxxxxxxxxxx number. I'm available Tuesday-Saturday, > 9am-5pm (AEST). For reference, ComplaintResolutionCentre@team.telstra.com bounces. I've attached the bounce message I received, and have also submitted it as SR x-xxxxxxxxxxxxx just in case this email doesn't get through. So that's now 4 issues in total, with 1 resolved so far. If you could fix up the broken email validation on the opt-out form and complaints form, and fix the broken email address in your reply messages then that will resolve the remaining issues. Thanks in advance. Regards, -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
Jun 062018
 

Recently, a stoush erupted between NBN chief executive Bill Morrow and the gaming community over whether “gamers” were “causing” the congestion issues experienced on fixed-wireless broadband links.

The ABC published this chart, comparing the average transfer rate, of various games, to the average transfer rate seen watching various movies.  It’s an interesting chart, but I think it completely misses the point.

One thing that raw download speeds miss, is latency.

Multimedia is hard real-time, however unless you’re doing a two-way video or voice call, a few seconds of latency is not going to bother you. Your playback device can buffer several seconds worth of movie to feed to your video and sound devices and keep their buffers fed. No problem.

If those buffers aren’t kept topped up, you get break-up in your audio and the video “freezes” momentarily, loosing the illusion of animation. So long as the data is received over the Internet link, passed to the decoder to be converted to raw video frames and audio samples, and stuffed into the relevant buffers in time, it all runs smoothly. Pre-recorded material makes this dead easy (by comparison). Uni-directional live streams are a bit more tricky, but again you can put up with quite a bit of latency.

Radio stations often have about 300-500ms of latency … just listen to the echo effect when a caller rings up with a radio on in the background, if it were truly live, it would howl like a PA microphone!

It’s two-way traffic that’s the challenge.

Imagine if, when typing an email… it was 5 seconds before the letters you just typed showed up. Or if you moved the mouse, it took 3 seconds before it registered that you had moved. If someone were just observing the screen (unaware of when the keystrokes/mouse clicks had been entered), they’d think the user was drunk!

And yes, I have personally experienced such links… type something, then go wait 30 seconds before hitting the ENTER key, or if you spot a mistake, count up the number of backspaces or cursor movements you need to type, then wait for the cursor to reach that spot before you make your correction. It’s frustrating!

Now consider online gaming, where reaction time requirements are akin to driving a race car. One false move, and suddenly your opposition has shot you, or they’ve successfully dodged your virtual bullet.

Carrier pigeons carrying MicroSD cards (which reach 128GB capacity these days) could actually outperform NBN in many places for raw data throughput. However, if the results from the Bergen Linux User’s Group experiments are anything to go by, you can expect a latency measured in hours. (Their ping log shows the round-trip-time to be about 53 minutes in the best case.)

The movie stream will be sending many large packets at a mostly regular rate. The video game will be sending lots of tiny packets that Must Be Delivered Right Now!

I think it naïve to directly compare the two in the manner these graphs simply due to the nature of the types of traffic involved. Video/VoIP calling would be a better metric, since a 100ms delay in a telephone conversation will have both parties verbally tripping over each other.

Tele-medicine is touted as one of the up-and-comming technologies, but for a surgeon to remotely operate on a patient, they need that robotic arm to respond right now, not in 30 seconds time.  It may not be a lot of data to say “rotate 2°”, or “move forward 500µm”, but it needs to get there quickly, and the feedback from said movement arrive back quickly if the patient is going to live.

The sooner we stop ignoring this elephant in the room, the better off we’ll all be.