Category Archives: General

Equality and security

Trending on Twitter right now: There are no US ambassadors because Donald Trump just fired them all

True or False?

I recently wrote a piece on “fake news and false information” in the context of online security. The feedback was interesting because most commenters did not ( immediately ) equate fake news/false information with their own security in the online space. To put it bluntly, false information significantly increases the risk of decisions leading to compromise. Plain and simple. The terms phishing, vishing and whaling all come to mind as the results of false information.

As an extension of this, online social behaviour also impacts on our ability to interact online safely. The expressions of netizens who deal in, and react to, false information in a fashion that is above what we would call “the norm”, seems to now be “the norm”. This in particular effects all forms of equality. In the context of gender equality specifically, Ashley Judd recently gave stunning TED talk relating her own experiences ( and those of many others ) online.

( note: the following features graphic language )

This abuse online is now the norm.

But past gender equality alone, there are numerous issues that plague online socialisation. Is the hate, vitriol and abuse continuously hurled in online platforms simply a manifestation of online personas or is this the reality that simmers just below our daily lives? Is this who we are now? We’re not face to face with someone so it’s easy to say …

The spectre of Trump is a paradox being forced onto a world which has in recent decades ( mostly ) been fighting for all manner of equality and diversity: gender, politics, race, work, sex, location, creed, religion, caste, etc. Does the election of Trump ( and similarly the election result of Brexit ), and all its retrograde rhetoric, mean that a large portion of the US ( and other parts of the world ) really believe that equality is no longer important?

This may seem like a tangent but the fact is that we’ve seen a reduction in expectations of online privacy and an escalation of online abuse in recent years.  Governments all of the world are reducing electronic privacy in the name of increasing citizen security, a fallacy perpetuated ad nauseam with little effective proof.  And as online and real-life socialisation blur, so does our security, or threat thereon.

It’s not just direct electronic threats ( malware, phishing, botnets, etc. ) that we have to concern ourselves with, it’s our lives online.

Invoiceplane takes another step

I took quite some time to find an accounts/invoicing package that suits my work style but I finally came upon Invoiceplane last year. The basic requirements were:

  • product/service database
  • client database
  • create quotes
  • create invoices
  • send invoices via email
  • classification of invoices and quotes ( workflow eg. created, sent, overdue, etc. )
  • list invoices by client
  • list overdue invoices
  • create recurring invoices

And Invoiceplane delivered on all accounts with a nicely designed interface with good usability and ergonomics. The UI includes a top bar menu divided into a few prime categories: clients, quotes, invoices, payments and reports. There is also a one-shot dashboard giving an overview of quotes and invoices, with quick links to various aspects of the quotes and invoices.

Installation is straightforward – you need a LAMP or WAMP system with MySQL, Apache and PHP support. Once installed, there is some basic setup, which includes setting up email and invoice/quote templates and then you can start adding clients. Custom fields are a nice addition allowing one to add fields/parameters to customers that aren’t available by default.

The next step is to add services/products – these can be created ( and saved ) while generating invoices or you can pre-create them in the Products section.

And finally, start creating invoices selecting pre-created products from the database or creating these on the fly. VAT and Tax are catered for in invoices as well as invoice terms ( I use this field to include my bank details ) and due date.

The latest version 1.2 includes the ability to lock invoices to read-only once created as many tax authorities require that an invoice not be altered once it’s created. As payments are processed on the system ( which includes amount, payment date and type ), these are offset against the invoices which have their status altered to Paid. Any invoice can also be converted into a recurring invoice with variable generation terms ( ( eg. monthly or yearly ).

For reporting, there is invoice ageing available as well as payment history and sales by client. All invoices, quotes and reports are generated as PDF files which can be tailored with logos and some other items. One really neat feature if the quote system is that a URL is generated at which a client can approve or disapprove the quote. Once approved, you can convert the quote into an invoice.

All in all , this is a fantastic piece of software that does the basics and does it well.

A fascination with special characters

In the computer world, special characters can have a certain usefulness or can be a hindrance. The very first special character I learnt 25 years ago, was the colon. It was ( still is ) used as the delimiter to change drive letters in DOS.

eg. if you were in drive C and wanted to go to drive D, you would type:

d:

Simple? Yes

But not always so. Because of the special intent of certain characters, using them in a non-content fashion can be problematic ( sometimes catastrophic ).

What do I mean by non-content? Well consider a document – the text in the document is the content and the title of the document is ( part of ) the metadata or non-content.

System administrators or programmers will know that #! has special meaning. If you want to use it in a non-content fashion, you have to take extra steps. If you don’t, you may not get the result you expect.

This brings to mind a recent story from a colleague. A client had gone to a web development firm to ask about pricing for a web site. Not having done anything similar before, they got quite a shock when the quote was presented.

The client decided to look for other avenues and ended up doing the site themselves using an online templating service. It was a reasonable site but had many links and pages, and was a bit complex. Nevertheless, the client then approached an SEO firm ( search engine optimisation ) to make sure that the site was successful from a search and marketing point of view.

But the site never appeared in search results at all. The client was quite upset with the SEO firm but after much troubleshooting the SEO firm determined the issue was not with them. So the client asked my colleague to take a look and he found the issue: the client had prefixed all page titles on the site with #! – those in the know  understand that this means “Do not index this site under any circumstances!” And so the search engines blissfully ignored the site.

And so the client had to go back and re-title around 300 web pages – quite a bit of not-so-enjoyable work.

It often occurs that someone is not happy with the pricing of a service but there might be a very good reason for that pricing – the service provider has experience and understands the ins and outs of their industry. That experience costs money and is of value. Doing things yourself can sometimes end up costing you more in the end.

Not to digress, special characters should be avoided at all cost. Do NOT use them!!!

My philosophy is to only use lower case and no special characters at all, especially when naming things. Keep it simple.

New electrical sockets for SA

It may come as a bit of shock to some but we are getting a new electrical socket in the form of the SANS 164-2 specification. This specification socket was adopted by the SABS in 2013 and takes over from the old 3-round-pin socket ( adopted from the British ) that has been in use since the 1930’s. The three-pin plugs are polarised and un-fused (they don’t have individual fuses) and are not interchangeable between electrical current ratings.

We also use 2 other format plugs currently: The two standards are the SANS 164-5 two-pin, non-rewireable system (2,5A; 250V) for equipment like cellphone chargers and the SANS 164-6 two-pin system (16A; 250V) for equipment like power tools and electric lawnmowers.

All 3 formats currently in use will be superseded by the new format and all new installations as of 2015 will use the new format plug/socket combinations. The new format is the same as is used in Brazil and similar enough to the Swiss standard to be interchangeable. It’s likely to take some time before the new format becomes the norm as manufacturers have to tool up to change to this format for appliances, tools and other electrical items.

The reason for the change is for safety and size – the new format is considerably more compact than the old. And you can forgo the need for Europlug adaptors.

IT Support effectiveness

It’s long been a bugbear of mine that many IT Support folk have difficulty in troubleshooting IT issues. This is an area where one would expect ( and require ) personnel to have a high degree of logic ( crucial to faultfinding procedures ) but it seems that many IT engineers are almost devoid of this critical requirement. Maybe it’s something that needs to be taught; I think you either have it or you don’t.

How does this manifest? Well for the N-th time, I had someone suggest a reboot of a key system without even understanding if that system was the source of the issue. Sure they were Windows-orientated in terms of their IT experience; and you can often solve issues on Windows systems with reboots, but that doesn’t mean you know what the origin of the problem is. It may also be the easy way out – instead of following a logical train of troubleshooting steps, it’s easier to just hit reboot. It’s also the lazy option …

I deem the quality of an IT Support person to be directly related to their ability to troubleshoot. Under pressure as well. When the chips are down, you have to be able to look at both the big and small pictures, think logically and follow a planned set of steps that directly relate to solving your issue at hand. To do this, you need to know and understand your IT systems intimately. Without knowledge of the IT systems you’re responsible for, you’re just guessing. One also needs to be able to view the data being presented ( eg. via logs, screenshots, descriptions or other data ) and extrapolate details out of that data that may assist in leading to a solution.

There are also many occasions when people can’t present or explain the simplest information regarding an issue. The person presenting the issue needs to provide as much information as possible relating to the issue. It’s possible that a crucial piece of information is in the details provided by those with IT issues. And without that info, the IT Support engineer may miss the opportunity to solve the issue. I always equate this to someone taking their car to the mechanic for a problem. Simply telling the mechanic that you have a problem is not an option. Tell the mechanic that you have a braking problem, the brake lever feels soft and it only manifests when going downhill. The more information you give, the quicker the mechanic can solve the issue.

So on the one hand, you need a well-described issue and on the other, you need a logical troubleshooting process with the ability to sift through descriptions and data looking for information that may assist in solving the issue. You also need commitment in terms of solving the issue; from both sides.

IT Support engineers need to up their game in terms of troubleshooting. Period.

Aaron Swartz and freedom of information

I had a passing knowledge of Aaron but did not know too much about him beyond his involvement in Reddit. It’s very sad nonetheless to hear of his passing this weekend past. At his own hand shows perhaps a despair he may have had as a result of his legal issues.

Aaron’s story will ring true with many of us on the internet. Many who perceive the all to heavy hand of governments, commercial entities and others who put pride, greed and money above basic human rights. Aaron wanted to make sure that information was shared with everyone, not just those who could afford it. As a result, he was victimised by a US government seemingly hell bent on keeping information shuttered in a carefully selected box, information that should be available to all.

Others thought ( and do think ) the same as Aaron, and the cacophony of voices that have graced the internet since his passing, are proof that he was, and is not alone. John Atkinson wrote the following:

Aaron Swartz is what I wish I was. I am a bright technologist, but I’ve never built anything of note. I have strong opinions about how to improve this world, but I’ve never acted to bring them to pass. I have thoughts every day that I would share with the world, but I allow my fears to convince me to keep them to myself. If I were able to stop being afraid of what the world would think of me, I could see myself making every decision that Aaron made that ultimately led to his untimely death. This upsets me immensely. I am upset that we have a justice system that would persecute me the way it did Aaron. I am upset that I have spent 27 years of my life having made no discernible difference to the world around me. Most of all I am upset that Aaron’s work here is done when there is so much more he could have accomplished.

All too often, we are goaded into a corner by our fears. Notwithstanding responsibility for our actions, we have a voice, and we need to use it.

Medical Security and Open Source

Earlier this year, I read and listened ( through the linux.conf.au podcast ) to what can only be described as a seminal and thought provoking paper on medical software security by Karen Sandler, opening my eyes to an entire area of software security that one doesn’t normally think about. Karen’s talk at the 2012 Linux Conf in Australia, appropriately titled “Freedom in my heart”, struck a cord – I’ve been dealing with 8 years of CFS so I have some idea of the constant nag at the back of your mind about one’s health. When that health is threatened because of software developed by the lowest cost bidder, then we’re in for a bad time.

Considering that even simple medical devices now have upwards of 100,000 lines of code, and with a commercial industry standard of 1 bug per 1000 lines of code, issues can mount up very quickly. Of course commercial companies are the first to stand up and raise their security-by-obscurity flag, but how can we trust our health to these companies when we know with certainty that their software is riddled with bugs. There is no or little recourse to action as you have with Open Source Software. Unless you can prove negligence implicitly – considering the protection afforded medical companies, this is unlikely.

Besides the security aspect of medical software, there are of course many other areas of critical importance that seem to be dominated by commercial companies with no apparent respect for the ‘client’ and an overriding passion above all else, for profits. The attacks on core Iranian nuclear infrastructure of the last year via Flame, open access to confidential government information on New Zealand’s Work and Income public computer terminals, TD Bank’s missing unencrypted backup tapes, vulnerabilities in Sinapsi’s eSolar SCADA systems, the recent Shamoon virus attack that turned 30,000 Aramco workstations and servers into expensive paperweights, and the in-game exploit that managed to kill  the majority of characters of some cities in World of Warcraft are just some of the issues that we’re facing every day. Exploits and security issues are no longer the prevue of script kiddies and lazy coders – the motives are now profit and destruction, and the actors are governments and organised crime groups.

In the USA for example, it’s estimated that over 80% of critical infrastructure is in the hands of commercial companies who have little incentive to fortify their networks against cyber attacks – that would involve cost and eat into shareholders profits. IOActive researcher Barnaby Jack has recently found flaws in wireless transmitters of medical equipment that could result in death-at-a-distance. The Economist’s article, “When code can kill or cure”, gives a startling perspective on the issues surrounding medical device security. The list is endless.

And my point is?

Open Source Software has proven itself equal to, and in many cases better than, commercial solutions. It’s used in every aspect of life from computers to smartphones to cars and TV’s. But there are certain areas where commercial companies are afforded protection via inaction or action to provide patently insecure solutions to critical areas. Besides the obvious security benefits of OSS solutions, there is also lower ( or no ) costs, rapid development, high quality coding, open standards and best-in-class support.

The next time you’re thinking about purchasing some software, ask your commercial software vendor about their security track-record. Or better yet, think about the OSS option. Either way, you may be surprised.

Digital rights and your personal freedom

“We live in a democracy. Or so they told us.”

If you take a look at democracies around the world today, you’ll find governments that behave in a completely undemocratic way. One just has to look at the lengths the US has gone to, in undermining the Bill of Rights in the pursuit of terrorism ( well that’s the drivel the American people have been fed ). The freedom and liberties that are our due, per the constitutions that our countries are based on, are just tokens. The internet then, with its global-spanning tenet of freedom and open community, is an unbridled proverbial thorn in a lot of governments’ sides. It was easy 10 years ago to monitor telephone calls and snail mail. But electronic communications have changed this –  voice is now data, and data can be moulded into whatever you want. It’s no longer enough for the government to have systems that can intercept telephone calls through telcos; they now need to have access to data travelling through ISPs as well.

Everything you do on the internet can be intercepted, classified and interrogated. ISP’s are at the leading edge of the fight to resist government intervention however, there’s little they can do when laws are passed that legalise the the interception of personal data.

And if you look at a lot of the laws being passed around the world in democratic countries ( in the name of copyright control for example ), you’ll see that your freedom and your data are no longer your own. Big business ( read Hollywood studios and music producers ) have sold everyone a fat lie. The US government buckles under the pressure of sustained lobbying. They push for local sanctions against copyright infringers and then extend this through global treaties like ACTA and other laws. Internet censorship is not limited to the typical countries you would think of like China and Iran ( eg. China’s Great Firewall ). The US is doing similar things to what restrictive governments are doing, while at the same time condemning those governments. The UK government has a bill on the table ( Communications Data Bill ) that will allow them to read any email you send through your ISP. Australia have implemented a blacklist of sites that ISPs have to filter ( well they tried and failed ). Many other western democracies are enabling similar projects under the guise of protecting their citizens.

But that’s all it is: a guise. Our constitutions guarantee our freedoms and our governments take them away. So it’s important to understand the facilities you have at hand to protect your freedom and privacy while working online.

  • Always use https ( instead of http ) for websites if possible when surfing – this will encrypt data between your workstation/device and the target website. Your bank will use this automatically for online banking.
  • Make use of a privacy tool like Tor/Privoxy – this will obfuscate your web surfing data including dns queries
  • Do not expose personal details about yourself online, especially on social networking sites
  • Bittorrent is increasingly being monitored by copyright control companies; use alternate methods for downloads like https-based news systems
  • Use an encrypted  SMTP service ( also known as TLS ) for sending email

You can also monitor sites like the Open Rights Group that provides information on the attempts of governments around the world to censor and control internet usage. Moral of the story: stay safe and be careful what information you put on the internet.

Traffic, accidents and death in SA

Accident statistics in South Africa are, I think, mostly regarded as fiction – it’s rare to find traffic death rates as high as in this country, so most drivers ( in this country ) appear to ignore the stats/reality and simply go about their daily business, driving without care or regard for law or other road users. ‘It won’t happen to me’ they think. I’m the better driver. There’s a certain aggressiveness about most drivers. They’ll go through a stop street, exceed the speed limit or break some other traffic law; but the fault is never theirs, responsibility abdicated. Herd mentality reigns, if everyone else does it, why shouldn’t I?

I saw the aftermath of an accident earlier this year in which 2 teenagers on a moped were killed because someone in front of them decided to make a u-turn across a solid lane divider. The melted road from the ensuing vehicle fire, at the corner Bosmansdam and Giel Basson, bears a stark reminder that a large percentage of drivers ‘just don’t care’. Until it’s too late of course.

I watch every day as drivers ignore the stop street in front of my house, a number not even bothering to slow down. I watch every day as car after car goes through the red traffic lights on Bosmansdam Bridge. I watch every day as moms ignore the stop streets outside Edgemead Primary and at the corner of Letchworth and Thomas Bowler. I watched yesterday as the Bantam bakkie ignored the stop street on Hendrik Verwoed and almost slammed into the back of the Audi that had just entered the lane ( legally ). I recently saw a father driving with his daughter, who was controlling the steering wheel, on his lap. I watch a family member of mine living with an incredible amount of pain, as a result of injury from an accident.

I watch all this and hope that no one will be in an accident and die. Inevitably, someone will be and will die.

Is it such a common occurrence that we simply are de-sensitised? Or is it that most of us are just plain lazy and couldn’t be bothered to stop at that stop street or driver sober? A combination I think. Friends, family, neighbours, work colleagues, delivery men, truck drivers, taxis, doctors, businessmen, mothers, lawyers, politicians – everyone ignores road law.

Call me cynical. Call me insensitive. Call me whatever you want. But when someone drives through a red light a kills you, will it matter? Will it matter that you didn’t try and make a difference by scolding your brother for speeding? Will it matter that you said nothing when your colleague went through the red light? Will it matter that you yourself were intoxicated and still drove?

It won’t matter at all.

Sensitivity is irrelevant to the person that dies. It’s too late then.

Do your part today – respect human life, drive according to the law and teach others to do the same

  • there are 13,000+ fatal accidents, 40,000 serious injuries and 500,000 accidents per year in SA
  • 70%+ drivers do not stop correctly at stop streets
  • 1 in 10 drivers will go through a red traffic light 3 out of 10 times ( where an orange light has presented an opportunity to stop )
  • 1 in 100 drivers will go through a red traffic light 1 out of 10 times ( where a red light is already present )
  • 90% of accidents in South Africa are due to lawlessness
  • “Human factors” – such as non-adherence to traffic rules and aggressive, reckless, negligent or inconsiderate driver behaviour – are the major contributing factors in accidents, playing a causal role in 70-80% of all accidents
  • “Vehicle factors” such as poor lights, smooth or damaged tyres and poor brakes contribute to a further 10-15% of accidents
  • Poor road conditions only contribute to 5-10% of accidents
  • A full 2 thirds of readers of this article don’t stop at stop streets

The arrivealive website has a large amount of relevant information and the Safe Driving Techniques section is especially important. The car-accidents website shows a grim reminder of the reality of vehicle accidents.

On-line electricity purchases in Cape Town

I’ve never been a fan of the PayCity on-line site. It’s amateurish and looks like it’s been put together by a group of 5 year olds. In addition, there’s no mobile option ( not SMS ) – an unforgivable missing feature in this age of always on and connected-ness. Powertime is the complete opposite – a solution that ‘just works’ and has an app for most smartphones on the market. But the City of Cape Town has done some re-classification of electricity distribution methods ( well some complex changes that I can’t understand ) and PowerTime no longer fits their criteria. So all the CoCT consumers that were happy, are no longer. I really don’t care what the trouble is between CoCT and Powertime: all I want is Powertime or a Powertime-like solution that works 24×7. Unlike this evening where 2 purchases via SMS to PayCity have gone into the ether with nary a response. And the result is a trip down to the local BP at 10.30pm in the miserable weather to spend even more money.

Looks like I’ll have to call Mastercard tomorrow to reverse the 2 charges from PayCity on my credit card. And I’ll be looking for alternatives …

UK Violence

Any kind of violence is a sad thing to see. We’ve seen our own share here in the south of Africa however, things have been tailing off for a number of years now while people get on with the business of living. Yes we have our issues, but for the most part things just go on. Political violence is seen from time to time but on a fairly small scale. Day-day crime is ongoing however, the police are slowly getting a handle on it ( notwithstanding our useless police commissioner ). Economic conditions are always directly responsible for crime rates and as we try to improve the social, living and employment conditions of those less fortunate around us, crime rates are sure to drop. Technical improvements ( including enhanced Internet connectivity ) in many African countries are driving a new generation of IT literate Africans, uplifting the entire continent. We still have issues with foreign pillaging of resources ( directly causing many of the issues so many foreigners like to place at our doorstep ), but this is something that will be sorted out over time.  I’ve always equated South Africa ( and Africa ) to the Wild West – a great place to live with a little bit of spice thrown in.

So it’s interesting to see the attempted justifications by UK residents of the current situation over there. A defensive posture stems from the unpreparedness ( and in cases non-acceptance ) they have with the worsening situation. As the financial crisis deepens in both the US and many European countries, increasing unemployment and economic conditions are fueling an increase in criminal activities.

Notwithstanding these general conditions for crime, the British youth have always been a quick-to-encite lot with a mob mentality. Having lived in London for quite a few years, I can attest to the complete lack of respect many British youth have for any sort of authority. Add to this a mixed pot of cultures, poor immigration entry controls and the opening of borders to more EU countries, and you have a situation that’s ripe for violence and misuse by criminals. In other words,  many of the same issues we’ve been struggling with in SA for years now.

It’s quite telling that I’ve only ever been physically attacked ( twice ) in the UK ( not South Africa ) and both times were in London by yobs …

On the technical front, the targeting of BBM as a means to incite violence is just a coincidence – people will use what’s at their disposal at that time to propagate their agendas so blaming BB for this is a useless waste of effort. While many I’m sure, think they’re safe using that platform ( due to its inherent encryption ), most countries’ laws now allow fast-tracking of access to commercial companies’ data stores in times of terrorism or large scale violence. So BBM users are not above the law. The only way to truly secure your transmissions is to run your own communications systems.

In closing, South Africans don’t have a monopoly on violence. It happens everywhere. So to those locals and expats who would put SA down, it’s not always greener on the other side. As you’re starting to find out.

My sympathies go out to anyone who has been affected by the riots in the UK.