Archive for the ‘Technical’ Category

« Older Entries
Newer Entries »

TapRenault Laguna – maintenance warning

2 Apr 2007 19:14 by Rick

Thanks to Andy who commented on my first Laguna posting, I now know how to reset the flashing spanner on the dashboard that tells me that it is time for a service. This is set to come up every 18,000 miles and some independent mechanics don’t know how to reset it.

With the key in the ignition (it doesn’t matter if the engine is running) press the button on the end of the stick to scroll through the trip computer settings. The one you want should have a static spanner and the number zero and is the seventh (and last) one from the start.

Now press the reset button on the dashboard and hold it in. After a few seconds it will flash and then reset to 18,000.

This is correct at least for my 2001 model.

Posted in Miscellaneous, Motoring | 18 Comments »

TapWeird Wi-Fi

1 Apr 2007 07:46 by Rick

This is an odd problem which is complicated in explanation but ought to be simple to fix; except I can’t!

Our network is straight forward except that it has been put together over a long period so all the components are separate.

  • Cable Modem
  • Router (Linux Router Project now called LEAF) running a firewall, DHCP and DNScache
  • Switch (Netgear GS608) replaced an old hub
  • Wireless Access Point (Netgear WG602v3) replaced a dead Belkin

I have known for sometime that there was something up with the wireless as, although our laptop worked fine, no one else could ever connect. Our machine was using an early 802.11b PCMCIA card (Belkin F5D6020) which came with its own custom drivers, not using the XP stuff at all. We set this up with WEP 128 bit encryption and stealth SSID but no MAC filtering and everything was fine. It connected first time, every time though reception was a bit poor two floors down. When I changed the AP because the old one stopped transmitting it was still fine (and the reception was better).

Everyone else who tried to connect with more modern stuff seemed to connect ok but they would never get an I/P address from DHCP. Fixing the I/P address to one outside the DHCP range achieved a connection but still nothing went through. I can’t remember it it ever worked with the Belkin AP.

We have just replaced the laptop so had to fix it so I have been through all the configuration with a fine toothed comb and upgraded all the firmware to the latest version. What I really needed was a sniffer on the Ethernet but couldn’t figure out how to do it. I first suspected the obvious, that we had MAC filtering on without realising it but no. Then I thought about how switches work and convinced myself that you couldn’t put an AP on a switch (rubbish of course). Then I discovered.

  • it never worked with WEP.
  • it worked just fine without any encryption, though I didn’t test it for long as this makes me nervous.
  • with WPA it works but sometimes you have to reconnect it a few times to persuade it.

It rarely works right the first time, sometimes you don’t get an I/P address, sometimes you do but no communication, sometimes just a few packets get through. Disconnecting and reconnecting once, or sometimes twice, fixes it. Once you get a decent amount of traffic through it doesn’t give any problems and we do now have higher speed and better security. I have switched off the stealth SSID because it seems a bit better that way and makes it much easier to reconnect.

Now we will see if we can live with it like that. If not I may scrap the lot, replace it with an integrated Wireless Router Switch and cut down the clutter, but it irritates me that I can’t solve it.

Posted in Technical | 2 Comments »

TapBritish Dictionary for Firefox

30 Mar 2007 08:18 by Rick

I know that the Add-ons for Firefox are created by volunteers but the organisation does itself no favours by allowing a fundamental extension go out of date. In most cases there is nothing wrong with the extension, just that the install package is out of date specifying a maximum version older than the current one. This has happened with the British English Dictionary so I have made available a hacked copy here.

Update: 10 Aug 2009: British English Dictionary 1.19.99.1 Now supports Firefox 3.5+

Update: 24 Feb 2010: British English Dictionary 1.19.99.2 Now supports Thunderbird 3.0+.

Posted in Browsers, email, Technical | 20 Comments »

TapIdentity credentials

29 Mar 2007 12:42 by Rick

There are three well known factors than can be used to establish a personal identity (this word is used here as a relative not an absolute i.e. who you are with respect to the service you wish to obtain).

  • Something you Know—such as a password or anything else not easily guessed.
  • Something you Have—such as a swipe card or warrant.
  • Something you Are—such as a fingerprint or other metric that is an integral part of the body.

Using all three of these becomes “three factor authentication” the holy grail of identity management.

The caveat of “relative identity” is important because people hold a number of separate identities at different times and places. For example at one moment you may be “mummy” and at another, “teacher.” In the shop you would be “customer” and at work “employee.” It is important to note that these are truly independent and don’t need to relate to each other in any way nor require the same degree of authentication.

In many cases reputation plays a key role. If you are behind the counter and the sign over the shop says “Jones—Butcher” then it matters not at all if your name is really Jones, but if you serve good meat then customers will come back with confidence. If someone else takes your place they will be less sure. Similarly if next day you are in the Bakery, then you will need to establish your reputation again before they will trust your bread.

Each of the first two factors have serious weaknesses when used on their own. Passwords can be forgotten, disclosed or compromised requiring an elaborate secondary mechanism for resetting them; cards can be lost, stolen or forged. Used together they are quite effective and form the mechanism of many well known authentication systems—ATM, chip and pin, Secure-id tokens and the better door entry swipe cards for example.

In theory the third, the “Are,” has the potential to be both an absolute (unique in the population) and sufficient (for the same reason) but in practice obtaining and validating such a metric is often beyond the capability of the systems available. Thumb prints have been used for login to a lap-top or starting a car for instance, but the experiments with facial recognition have been a disaster.

The factors are only valid if they are kept completely independent of each other. It becomes meaningless if you tattoo your password on your hand or store your finger-print on your passport but an exceptions are made, e.g. a photograph (a weak “Are” factor) on an employee id card ties the card to the person before using it to gain entry. This guards against loss or theft (to some extent) but not forgery; for that you need to ensure the uniqueness of the document. At validation this would mean comparing a master copy with the one presented, a relatively simple account lookup. For issuing new documents it means cross checking against all others issued, not just the person standing in front of you; this is a much harder empirical search.

Let us consider some traditional and modern examples. I have selected a few to illustrate both the wide variety of situations where we evaluate identity and the different means and rigour by which we do it.

Let’s look at correspondence; try a telephone call—the recipient may be partially identifiable in respect of having answered the call but the caller is anonymous (disregarding caller-id) unless they give you a name. Voice “Are” identification is not reliable even for people we know well. This explains the lengths the credit card company will go to establish who you are before discussing account details. Face-to-face conversation is little better, you have only substituted another unreliable “Are” factor, your face, but that is about all unless you can identify them from another source. A chat room/forum is even worse, the law may now require proof of age (somehow) for obtaining an account but little else. Your tag (name) is your own choice and there are no secondary means of identification. Try an email; even with ISP or domain addresses, the only requirement is that the user pays the bill. The service provider will know rather more but will only reveal it when legally obliged. Disposable email addresses are available which are not tied to anything. Perhaps you should write a letter; A name is now tied to a house address (an unusual “Have” factor) which needs to be valid because without it you won’t get a reply. There may be a signature but there is often nothing to validate it against. BUT—the question to ask is does it matter? No, not always! If you get an email of thanks for a helpful web page, does it really matter who sent it? Would they have sent it if they had to positively and absolutely identify themselves?

Other examples are financial transactions: You have an account number; depending on how secret this is kept this can vary from a “Know” factor to virtually useless. The Americans have hit this problem with their Social Security Numbers. It can be used to authenticate that the account owner is entitled to the service but not that the person giving the number is that person so requires additional verification. On a cheque, the signature is a very weak “Are” factor which, in theory, is validated against a master copy held by your bank or in association with the “Have” factors, the guarantee card and pre-printed cheques. Use your credit card then you “Have” the card and you “Know” the pin (or on old systems you use your signature which is, in theory, verified from the card). But if you are not present, by phone or web site for instance, then you “Have” the card but have to prove it by giving the secondary security number. How about cash; this is the best known of the “Have” tokens. It doesn’t matter at all who you are, only that your authority—the ready cash—is valid. Extraordinary measures have been take to ensure that it is hard to forge. At the extreme is the contract which requires identifiable witnesses present who know you and are prepared to vouch for your identity. They may also be required to be recognisable members of a community such as professionals.

Now you could argue that a simple National Identity Card would solve all of our problems but that would be to disregard my early point that the absolute and incontrovertible identity that this would attempt to give is not always necessary or desirable; and at what cost? After all, it is only a single factor “Have” token which attempts by some magic to connect itself to your “Are” existence by means of biometrics. None but the blinkered are convinced that this is even possible beyond the photo-id and signature we already have.

Posted in Miscellaneous, Security | Comments Off on Identity credentials

TapSafe login

23 Mar 2007 12:06 by Rick

Now you have a good password and you have kept it somewhere safe then you need to consider how you login with it. When you go to the entry page is there a little padlock at the bottom of the screen? Is it closed? If not then the page is not secure; it has not been encrypted. These days most of the important ones are done properly but sometimes you find one that is not; one of my web-mail pages was like this. This is important because without it, your account name and password are being transmitted over the internet in clear plain text. Generally the risk is low but if you use a wireless connection, especially a public one, then anyone can see what you are sending.

One thing that is worth a try is to change the http: on the front of the web address to https: This means “secured” and sometimes it works and gives you an encrypted connection. What has happened here is that your supplier has set up the system but has been too lazy to tell you about it or switch it on automatically. If you find that this is the case, change your bookmark (favourite) so that it always goes to this version of the address and you will be safe in the future.

If even this doesn’t work then complain to your supplier—if it is worth a password login, then it is worth securing! If it is important to you then change supplier if you get no satisfaction.

Posted in Security, Technical | Comments Off on Safe login

TapSecurity Heresy

22 Mar 2007 17:00 by Rick

You are better off writing a good password down rather than memorising a poor one.

I have already posted the method I use for managing passwords but this relatively high-tech solution is not for everybody. I am not advocating the “post-it on the monitor” that the cartoon in the last post was talking about, but for those important passwords that you don’t use often and can’t remember, write them on a slip of paper and put them somewhere safe. This is a much better plan than using a silly password that anyone can guess.

The point is that everything deserves just the right amount of security. Providing any more is counter productive. You have to balance the potential loss against the risk and take into account the inconvenience; if it is too difficult then you won’t stick with it.

Some accounts don’t need much security at all—a simple password will do for subscription news accounts and you can safely let the browser remember them and automatically log you in (but write them down anyway in case you have to change machines). Most shopping accounts are similar, but email and forum accounts need a little more care because your reputation could be at stake. For financial & eBay passwords make sure that they are good and random and keep them very safe somewhere. If you need an email account on the road then the safe place could be as simple as your wallet. This is not a good place for your online banking account however, as there is a lot of other information in your wallet to help the thief. For most systems an adequate place is a notebook in another part of the house from your PC; you are hardly ever going to use them. And, as I said before, make sure that your heirs know where they are.

Posted in Miscellaneous, Security | 2 Comments »

TapPassword Reminders

19 Mar 2007 15:48 by Rick

Password Reminders

Thanks to the Security Buddha for this.

Posted in Miscellaneous, Security | Comments Off on Password Reminders

TapFake 20s

10:27 by Rick

These are the guidelines given in a press release from the Bank of England (PDF) about the new “Adam Smith” £20 note.

What should I do if I think I have a counterfeit note?

Counterfeit notes are worthless. It is a criminal offence to hold onto or pass on counterfeit notes. If you suspect a note is counterfeit, take it to the police as soon as possible. They will give you a receipt and send the note to the Bank of England for analysis. If the note is genuine, you will be reimbursed.

That last sentence doesn’t exactly encourage you to look too carefully does it?

Posted in Miscellaneous, Security | Comments Off on Fake 20s

TapI’m in Germany now

16 Mar 2007 09:46 by Rick

… but read on to understand why. My workstation in the office is connected to a large international company network so when we send mail to colleagues around the world it travels entirely on our own wires. There are a number of places where it makes contact with the Internet so that field workers can get in using VPN and mail can pass to and from our customers and suppliers. This is also true for web access and the proxy I have been given access to is in Germany. The web servers I contact are given the I/P address of the proxy not my workstation address; that is not unique. This address is part of a block allocated to the German branch of the company and many web sites know this, so they think that I am also in Germany.

This may seem like no big deal but it has some strange side effects. Some web sites, particularly search engines and advertisers (is there a difference?) try to be clever and present “targeted advertising likely to interest me.” So if I go to www.google.com it automatically redirects me to www.google.de and I can’t read the instructions to change it back. Advertising on many pages, if it is outsourced to a major provider, is directed at the imaginary German “me.” There is a possibility that I would be unable to see some sites at all; I am told that parts of the BBC web site are for national use only but I haven’t found them. It does have some advantages though; I don’t get distracted by the advertising so much any more as I can’t understand a word of what they are about. So when I am offered “Komplettes Zugriffs und Identitäts-Management” I take no notice, which is probably just as well.

In some ways, what is more disturbing is that, at home, some sites know I am in Bristol, not just the UK. They will know my address soon.

Posted in Technical | 1 Comment »

TapTrojan Horse

7 Mar 2007 15:19 by Rick

Do you remember the story of the Trojan Horse, where the Greeks put a load of soldiers inside a wooden horse and gave it as a gift to the city of Troy? It wouldn’t work now, would it?

Trojan Horse - The Chaser

Perhaps it would!

Posted in Miscellaneous, Security | Comments Off on Trojan Horse

« Older Entries
Newer Entries »

^ Top