Rainbow Chard

An assortment of indigestible things

Using a Response Policy Zone with malwaredomains

Stop signThe lovely people at RiskAnalytics provide lists of domains known to serve malware at http://www.malwaredomains.com/. It makes these available in several formats including DNS zone files. They don’t even charge for the service which is, frankly, awesome!

Many people configure their DNS servers so that they spoof the zone for each domain such that traffic is redirected to (i.e. your own machine). This effectively stops hosts on that network from connecting to those zones and downloading unpleasant stuff. However, if you’re running a local webserver, say for development purposes, things can get confusing very quickly!

An alternative is using a DNS Response Policy Zone. This requires BIND version 9.8 or greater (or another DNS server that supports RPZ). RPZs are much more flexible than the approach above because they give us finer control over what we want the DNS server to tell the client. I have taken the approach that returning NXDOMAIN is the cleanest way of blocking traffic to these domains because a web browser will immediately give up on receiving that response. There’s no need to worry that a local webserver might interfere with domain blocking.

Letter to a young person: justice in plain language

Old legal parchmentAnyone who has been unfortunate enough to have dealings in the Family Court knows that ready access to justice is critically important when matters of marital property and child welfare are at stake. Access to justice is often talked about in terms of cost, and this is a serious obstacle to many especially since cuts to Legal Aid have started to bite the most vulnerable. However, access is also about accessibility: given a judgment from a court, can the average person understand it?

ksh deliberately segfaults if the last command in a script crashes

I recently found that ksh will deliberately crash if the last command in a script crashes. Other shells just set the appropriate exit code, but ksh sends itself the same signal that its child received. This can confuse the unwary (i.e. me) when trying to track down what crashed with abrt logs.

Selectively blocking Samsung TVs’ network access

Old television

This TV probably wasn’t spying on you.

You may have read in the recent Wikileaks exposé that the CIA developed the capability of making Samsung TVs spy on their unsuspecting users. While this hack requires physical access (a specially crafted USB stick must be plugged into the telly), it got me thinking about the network traffic generated by smart TVs. I’ve already blocked a few domains that my unit connects to, and this seems like a good time to share my work.

Unattended WSPR in the UK: is it legal?

Antenna in a fieldWSPR is a way of sending a tiny amount of data over huge distances using very little power. It’s used by radio enthusiasts to see what propagation conditions are like: receivers all over the world report what they hear to WSPRnet which serves as a real-time map of the radio world. The protocol itself is amazing: it takes nearly two minutes to send just 50 bits of data, and has such clever error-correction that only a tiny amount of received signal is needed to get a clean decode. Seriously, if you’re at all interested in information theory, then read the spec (at Appendix B of that link).

Yes, you can take notes in court without permission

Person taking notesTo observers in some foreign lands, the ban on audio and video recordings being made in British courts must seem like an affront to open justice. What is undoubtedly more bizarre is the position on note-taking by people in the public gallery. Although there is no statutory provision on this, there has long been a belief that members of the public are either banned from taking notes, or have to ask the judge’s permission before doing so. People have been castigated or even threatened with ‘contempt in the face of the court’ (a particularly serious form of contempt) for daring to take notes during a trial. Bona fide journalists seem to get better treatment.

Emotional disconnection and ‘shields down’

Empty officeWhen you last resigned from a job, when did you decide to leave? Can you identify a point in time, whether it was a flash of realisation or a slow dawning, when your relationship with your employer shifted from ‘attached’ to ‘it’s complicated’?

Shields Down‘, an excellent piece from Michael Lopp’s blog Rands in Repose, suggests that this often happens when an unexpected opportunity presents itself: you agree to go and have a chat at another outfit, and in that instant your shields are down. In the moments that follow, you weigh your current job with an envisioned alternative future, and ultimately make a calculated decision: should I stay or should I go?

Forcing poor parents to vaccinate isn’t the answer

Hypodermic needleVaccinating children against horrible diseases is as self-evidently beneficial—both to individuals and to society—as it’s possible to be. It is one of the greatest achievements of humankind that we can spare entire generations from disfigurement, paralysis, and horrific death due to illnesses which sound medieval to modern ears. So let me be clear before I go any further:

Please have your child vaccinated unless your family doctor advises otherwise.

How to block Windows 10 telemetry with your local resolver

CCTV camerasThere’s been a lot of talk about the data sent by a Windows 10 machine back to Microsoft. Some researchers have even found evidence of data being sent even when all available privacy settings are enabled. There is an emerging market for tools that will nobble Windows 10’s data collection, but who knows whether they work, or even if they’re malicious. Thankfully there is another way: if you run a local resolver, you can configure it such that DNS queries for domains linked to telemetry will always fail. Here’s how it’s done.

We need to talk: well-being in the tech sector

A circle of chairsIn 2013 I attended the wonderful DevOpsDays in London. On the first day there were a series of Ignite talks: a terrifying ordeal where the speaker gets five minutes to talk about something while their slides advance tyrannically every 15 seconds. I always watch them with a mixture of awe, angst, and terror that someone will eventually force me to do one. They range from the mundane through the muddled via the baffling to the fascinating. On that day, Mike Preston gave a talk called ‘Burnout—the elephant in the room’. The audience was silent and in thrall.

Page 1 of 6

Powered by WordPress & Theme by Anders Norén