There is a group of people in the UK who believe that, by submitting a document to the government, they can detach themselves from society and thereby avoid all statutory responsibilities. They are predominantly male, intelligent, articulate, and for some reason seem to live in the south-west of England. They call themselves ‘sovereign citizens’ or ‘freemen on the land’, and seem to be a small offshoot from a much larger US-based movement (of which more on the excellent Quatloos! forum). I wouldn’t be surprised if you’ve never heard of them: despite the number of videos on YouTube, they seem to boil down to a few relatively high-profile individuals. In this article I’ll just refer to them as ‘sovereigns’—you know, as if that actually means something—and try to explain why they really, really get my goat.
Like many—if not most—iPhone owners, I recently upgraded to iOS 5. As part of the upgrade process, the phone asked me if I would let it send debugging information to Apple. I instinctively answered ‘no’. However, after a bit of fiddling I found that you can view the data that it wants to send, so I decided to do a bit more digging, and eventually changed my mind. Here’s why.
Before I start, I should say this: I have nothing but admiration for good developers, and nothing in this article is meant to say otherwise. I started out as a C/C++ developer after I graduated, and after 15 months I figured out that I’m not very good at it. So I leave the code to the experts, and merely advise them as best I can. That is the spirit in which this article is written.
It took me a long time to think of an appropriate title for this post. I didn’t want to upset anyone by calling their products ‘consumer grade’ when that’s not how they’re marketed, and I couldn’t think of a way to say ‘disk arrays that aren’t made by Oracle, HP, IBM or NetApp’ that didn’t somehow denigrate the competition. I toyed with ‘sub-prime’ but that has other unfortunate connotations 😛
(This is a bit of a rant. There may well be more rants to come.)
If you say to a security professional, ‘I’m going to run my ssh daemon on an unusual port for security reasons’, you’d better stand back and wait for the gasp. *gasp* they say! That’s just security through obscurity, which is no security at all! Shut down your servers and turn the lights off on the way out, you worthless collection of mucus.
‘Security through obscurity’: it even rhymes, which means that it joins the list of empty phrases that sound like they carry authority but actually don’t. ‘It’s Adam and Eve, not Adam and Steve!’ ‘White is right!’ Ohhh I seeeee: there was me thinking you were just a bigot, but your argument rhymes, so it smartly trumps anything I could possibly say!
(like my previous post, this process is reconstructed from memory and a judicious amount of diffing… so there may be bits missing)
Call me paranoid, but I’ve always been nervous about my home wireless network. I know that WPA is supposed to be reasonably secure (my router, a Netgear DG834Gv2, doesn’t support WPA2), but the lack of logging makes me worry that I really don’t know who might be having a go at it. I do all the right things to secure it — strong password, MAC filtering — but still I worry that someone might sit outside my house downloading something that could get me prosecuted. (and yes I know that MAC filtering isn’t strong security but it will defeat a casual would-be intruder).
I’m slowly thinking of things that I’ve hacked together over the years that might be of interest or use to others, and this one is next on the list. I’ll say at the outset that there might be things missing here as I’m having to reconstruct the whole process from memory.
When registering for websites that you might only use once or twice, or where you don’t particularly trust their privacy policy, an throwaway email address is particularly handy. If they start to abuse it, or it leaks or is stolen, you can just discard the address. There are services like Sneakemail that will do this for you, but being a bit of a control freak I wanted something that I could control. Like many others I have a vanity domain and my own mailserver, which runs on a Linux virtual private server provided by the brilliant people at Bytemark (who get a well-earned plug!).
This technique can be used to find out if any SNMP-enabled device has something interesting to share, but here I concentrate on VMware ESXi 4.1. No idea what the deal is with earlier versions.
There are quite a few blog posts out there describing how to enable the SNMP daemon on ESXi (this rather well-written one is the one I used). However, the only information I’ve found says that the only data available is in the standard MIBs supported by most devices, giving information similar to netstat. If that’s all there was, it ain’t particularly useful.
I’ve been toying for a while with the idea of publishing any useful little tidbits of information I come across, so if I can be arsed, this is where they’ll appear.
Of course, far more likely is that I’ll forget about this blog and it’ll go the same way as my last attempt at blogging (c2003, can’t even remember the URL)…