Friday, 17 November 2017

DoS attacks, sorry

I'd love to be able to blog in detail about denial of service attacks, what works, what does not, what we can or cannot do, but it would be mad to do so.

Suffice to say that anyone that wants to, and has a few bitcoins to spare (or fractions thereof) can engage one of the many botnets that exist and DoS the hell out of almost anyone, no matter how big.

It is unusual for an ISP to actually be the target, so much so that we did not cope well at all. We have all been working hard all day, and we all feel knackered. This attacker has caused the problems he wanted to cause, he has upset customers, and disrupted an ISP. Whack-a-mole does not really explain today adequately.

A customer had even ordered pizza for the staff, which is appreciated.

We still have much work to do even if the attack has now stopped, and we hope it has. Not only undoing loads of temporary hacks that cause their own issues, but planning for the future and how to handle things better in future.

At the end of the day we are a small ISP and we try to do a good job for our customers. It is a shame when we cannot do that, and if anything we, or I, did upset anyone I am sincerely sorry for that.

And, of course, I am sorry that our customers have suffered.

OK I get it, enough is enough

Just in case someone felt my last blog post was dick waving about how good our network is, and I think it is good, I do accept that any network can be DoS'd to hell.

I get it, OK.

Thursday, 16 November 2017

Pushing the limits

We are deploying some new LNSs at A&A, three of them so increasing the eight live LNSs to eleven. This will happen over the next few days.

Why? Well, we are hitting some amazing levels of traffic - we seem to have actually exceeded 1Mb/s average peak usage per customer.

This is a metric which we discovered is used by the likes of BT Wholesale, and a few years ago, at over 100kb/s we were a really high usage ISP on their network - the highest at the time.

Basically you look at the peak usage, which for us is now in the evening, and divide by number of customers, simple as that. Bear in mind, at that peak time, pretty much every one of our business lines (which is a lot of our customers) will be idle.

Even so, that average is getting to the 1Mb/s. That is amazing. I am shocked. We have multiple 10G links to peers, and multiple 10G links to one carrier, and extra 1G links going in right now to another carrier, and more LNSs. All in aid of not being the bottleneck.

This really is the netflix generation taking off, and it is a challenge for ISPs. We are coping, and we are making sure we stick to our "not the bottleneck" aims. But it means some quick work to extend the capacity with staff on site today installing new LNS hardware.

We know that Talk Talk are working on expanding their network, no doubt seeing the same increases, and we are working with them to make the best use of that new network as soon as possible. Thanks to those customers testing things with us.

It seems not long ago the maximum a customer could manage, a far cry from average, was 64k ISDN. How times change.

With new links to BT going in, we expect to make tariff changes over the coming weeks to make "terabyte" just another level on all of the Home and SoHo packages, with easy regrades, and balancing of traffic over multiple lines. (Not for 20CN, sorry)

If you want Internet access that works, and keeps up with the ever increasing usage, you know where to come :-)

Wednesday, 15 November 2017

Flat Earth

I am confused by these people that say the earth is flat. There is a Flat Earth Society (with members all around the globe). There are conventions. It seems odd.

Now, let me say right away, I have no issue with fiction. There are groups of people that meet up, and create social organisations, all in support of some fiction, like a book or TV series or some such. One excellent example is Trekkies. These people go to conventions and clubs and have uniforms, and all sorts. It is amazing. It is, however, an escape from reality. We all like to get engrossed in a fiction of a book or a TV show or a film. All of the people involved in being Trekkies know it is "make believe". They do it, and it is fun, but it is not reality and they know it, even when dressing up as their favourite characters. I don't think a single one of them thinks there is actually a Starship Enterprise in orbit or that they are on the crew, or that they are actually a Klingon. They are a bit too much for me (and I like Star Trek), but they are not actually crazy - they have a fun hobby. They have a fun social group. Well done to them.

There are a lot of these fiction and fantasy type clubs and organisations - they create a common focus for a social group. We all want to be part of a group - and a liking and appreciation for some specific fantasy or fiction helps forge such groups and friendships. It is important. I rather like those that follow Terry Pratchett and discworld. That is a flat world too. It is not Earth!

But even those people will not think they actually live on discworld or have magical powers. They know it is fiction and "make believe" and fun.

It is quite amusing listening to my 4 year old grandson - he has a grasp of "pretend", and will sometimes "explain" to me that something is "pretend" if I play along too convincingly. Well done to him for understanding at such a young age. He still likes to pretend though. It is fun!

But this "flat earth" bunch seem different. Some will be "playing along" for fun, I am sure, but not all. Some seem to be sincere! They are people that somehow genuinely believe the world is flat? Yes, the world we live on! The one that we have pictures of from space. The one we can literally fly around on a plane for a small fee. With time zones and everything. The concept of a "flat earth" dates back a long time - and if you really lived your whole life in a mud hut communicating with a village of 100 people and no more you could believe it. But the concept was debunked millennia ago in so many ways, and today people have actually gone outside this earth and looked at it from space, from the moon even. We actually have satellite communications. People watch Sky TV beamed from a satellite that would only work if the world was what it is! They probably watch flat earth conspiracy bullshit via Sky TV even - how is that for irony?! There is no question whatsoever on this point.

So if the "flat earth" bunch were like Trekkies, playing a game, make believe, that would be fine. But it seems they are not. Either that or I am falling for a huge wind up. Am I?

If we accept the premise that there are actually people out there, and a lot of them, that actually believe the earth is flat - and even more - they believe that all of the evidence that proves otherwise is somehow part of a global conspiracy (to what end?), what does that mean?

Is it a problem if there are such people?

I think so. I think it is, at the very least, a clear symptom of something very wrong with society and the education system that such people could exist outside some sort of mental health facility.

Surely the most basic of education would cover this, and the basic science of the world in which we live. I bet I would have a hard time convincing my 4 year old grandson the world was flat - he has google earth on his iPad and loves it. He may be happy to "pretend" for a game, but he is not that daft so as to believe it.

To be clear, I have no issue with Trekkies or anything similar. They know it is make believe. They are "having some fun". We all like to escape from reality to some fiction. But when you start believing your fiction then you are mentally ill, sorry, plain and simple. If you actually thought you were Mr Spock from the Starship Enterprise, and persistently asserted that in real life, you stand a good chance of being locked up, and for good reason. Sorry, not "locked up", but "assigned to receive appropriate mental health treatment".

How is it that anyone asserting the earth is flat is not simply sectioned? Have a doctor go to a conference and literally sanction people and have them carted away? How is this not so?

To be fair, if you have absolutely zero scientific background, have never flown anywhere, or read about time zones (or read anything), and you are really poorly educated, you could fall for this. So explain to someone the reality of the world in which we live (the globe on which we live) and they understand, good. But if they won't understand then they are either educationally subnormal or mentally ill. How can it be anything else?

Is this not like religion?

Well, good point! A point someone made when I tweeted this. Personally I don't understand how people fall for religion. However, religion is somewhat clever. It never asserts something that can be categorically disproved, well, usually not. It will assert something which cannot be disproved because proving a negative is generally not possible. So it leaves a window for doubt among the gullible. So I am not going as far as saying that religious people are nut cases, not quite.

But even a religious person that claims god spoke to them and told them to kill their son, and so they did it, will get locked up - it has happened. Obviously, if that had been a story from a bible, it would somehow not be a case of mental illness, but in reality and in the here and now it is seen as such.

In some ways, maybe religion falls in to the same category as Trekkies. Maybe not, as I suspect a lot of people do not realise religion is all "make believe" as well. I bet a lot do though, even though they "practice" religion. They must know it is all "make believe" just to feel better, surely?

It is, perhaps, telling that no religion (as far as I know) proclaims the earth to be flat! They are not that daft. Tell me if one does :-)

Monday, 13 November 2017

🎶 The Internet is really really great... 🎶

I do not watch much conventional TV so rarely see adverts, however I have noticed on the rare occasions I catch TV in another room, or radio in a car (I don't drive either), there appear to be adverts running to advise people of the dangers of entering personal details on the Internet.

I am not sure if these are public service adverts or run by a bank or what, but they are an important message. Checking the web site is secure, is the site you think it is, and why they are asking for details.

Always be wary of web sites asking for personal or banking details!

Except, of course, when it is a porn site, because they are being forced by UK law to ask for details to verify age, or link you to some age verification system that asks details, even when not purchasing anything from the site!

The Open Rights Group rightfully raise concerns over the age verification companies (here). There are also serious issues over competition for age verification services, possible monopoly which may price some sites out of the market, and the AV services run by the main porn site provider, so no real separation of identity from porn preferences.

This is bad, but for me the bigger issue is the number of scams that will be out there. If it becomes normal to have to enter personal details or bank details to prove your age then there will be no end of scam sites offering free porn, or simply redirecting from a fake site to a free site that does not ask after it gets details. They will quote, and even link to, the UK legislation and information sites I am sure, just to add credibility.

And when someone gets charged £10 for some dodgy age verification site, really, how many people will own up to being duped? Especially if the porn in question is even remotely embarrassing or "specialised". Though the issue is bigger than just random charges, that personal data then gets sold on a black market and exploited. Depending on the sites it may be used to blackmail people. Leaked data from actual sites has already led to suicides - this will be way worse.

And none of this "solves" the supposed social issue, if there is an issue to solve even. What we need is better sex and relationship education in schools, simple as that.

But, to add a slightly lighter note, don't forget, as Avenue Q have said...

Sunday, 12 November 2017

Ada

I did say I was trying to learn Ada.

Well, I thought I would explain that it is a bit stalled, sadly.

I have managed to read a lot of the Barnes book on Programming in Ada 2012. Well, over half anyway. I read a lot whilst on a cruise!

It is a tad more verbose than I am used to, but overall I would have to say it does look good. The very strong typing, and the fact that all types allow value range controls, all make for much safer code. Even the multi-tasking looks interesting.

I have got to the stage that I would like to try using it, and that is where I have come unstuck, sadly.

Obviously, if I wanted to simply code some abstract program, much as one would on a Computer Science course, then of course I could use Ada. Sadly, such simple self contained abstract programs with no more than basic text input and output are pretty much academic now. Nobody does INPUT and PRINT to communicate to the user, they use a range of libraries, web sockets and web pages, javascript, all sorts. And that is just the user side, the back end is all libraries for mysql, or B2B XML, or libcurl, or something else.

A lot of the code I work on, and code I start from scratch even, is run on a linux environment. I have a load of our own C libraries which we use extensively, but of course linux has a lot of C libraries that are used for all sorts of things. I am not against re-working our own libraries - some of the key ones are XML manipulation and SQL front end for the standard client library. I am sure both can be done in Ada with no problem, but I am not re-working OpenSSL from scratch in Ada.

The problem is that to use these from Ada I would have to find or code interfaces or new libraries. That is going to make a huge hurdle for any code I need to write. I get the impression that there are some Ada wrappers and libraries available, but I am struggling to find them.

I mean, is there an Ada library for mysqlclient interface, or openSSL for TLS? Heck, what about something really simple to start with like popt library? There must be a good Ada XML library?! If I can find libraries or wrappers for a large list of key functions that we use regularly on linux then maybe I can start using Ada, but right now it is not looking promising.

There is one closed project we work on, and have for many years. It is a project where every library and functions is written from scratch, including the operating system. It was suggested long ago that maybe we should use Ada, and I decided against it. In hindsight maybe that was a mistake, as it would have been a perfect case where we did not rely on any external systems and could have started from scratch in Ada. That project is the FireBrick. There is even some chance we may start using some Ada modules in future... But that would have been cool - a complete operating system from scratch all based on Ada. I am kicking myself for not doing that when we started now. Sorry Cliff.

If I do make more progress, I'll let you know, but for now it is stalled.

Saturday, 11 November 2017

Is this getting out of hand now?

This is to try and maybe spark some debate, and as always I am interested in some views here.

There seem to be an awful lot of accusations of historical sexual abuse or harassment flying around, and I noticed today that George Takei (Sulu from Star Trek) has had some sort of allegation of something from 40 years ago. I am not even going to bother looking it up.


So it struck me that there are clearly issues here, not only with actual cases of sexual abuse going unreported for so long, but also the cases where people are simply "jumping on the bandwagon" hoping for some settlement. Even where something did happen, I really find it unbelievable that either party could accurately remember what happened 40 years ago - the way memory works it will have changed your memory of what happened quite a lot over time, if you remember at all. The same goes for any witnesses.

So how on earth can this be fixed? Well, I suggest a simple time limit - perhaps 10 years (or 10 years after the victim becomes an adult if that is longer). Even 10 years seems a long time for clear memories in what is almost always one person's word against another.

But don't shoot me down just yet - I am not trying to be insensitive. I am not in any way saying this as a way for perpetrators to get away with sexual assault, in fact quite the opposite.

Clearly, and this is where I am doing my armchair psychology, the victims in such cases feel they cannot come forward. As time goes on, there is nothing to change that view - no impetus to make them come forward, except perhaps when something is in the news, even relating to the same perpetrator. Without that impetus the victim has to live with this memory forever and the constant "should I say something?" feeling and dread.

If, however, there is a time limit, there is am impetus. There is a deadline, and that could encourage people to finally come forward, even if right on the time limit. If they choose not to, then they at least no longer have the "should I say something?" feeling as they chose not to in the time they had, so it is "settled", mentally. Maybe they can move on?

But it could mean that perpetrators get dealt with sooner as well. Instead of justice coming to them 40 years later it is only 10. Indeed, maybe it should be shorter like 5 years?

This would have the other side effect of stopping these crazy made up claims from decades ago, and also make it slightly easier for the poor investigators that are trying to unravel such cases. 10 years is a long time for memories to be clear, but when you start talking 40 years, it must be impossible for anyone to prove anything. One really long time scales you even run the risk that possible witnesses are now dead! These accusations then go unresolved and can be extremely damaging for the accused who equally cannot prove they are innocent. You end up with trial by media in effect.

Is that a crazy idea?