Necrofelia

I was motivated to write this when I saw a reference to our prime minister’s onanism in an online forum.  He threw the press that word, and successfully distracted them – and it seems others – from discussing real issues.  In other words, a classic dead cat.

It is now well-known that Boris is the master of the dead cat.  He’s not the first, but we didn’t use the phrase when (for example) Blair used them, and in some ways he’s taken it to a new level.  We need a word for it.

We have a kind-of precedent in his predecessor Cameron’s necroporcophilia.  And now the onanism reference tells us Boris doesn’t merely like a dead cat, but takes gratification in it.  So we should speak of him as our necrofeliphiliac prime minister.  But that word seems ugly and confusing.  I propose contracting it to necrofeliac, or the root necrofelia.

Can I claim the coinage?  I guess a quick google will tell me if someone’s already coined it.  Dammit, either way the fact I’m talking about it tells us it’s homological.

Home Ownership

Having bought my house, I’m now enjoying its delights, but I’m also faced with all its problems.  I have a number of projects, some of them within my capabilities, others requiring professional help.  For example,

  • Get properly connected to the ‘net.
  • Build a bike shed in the underground parking area.
  • Install a big fitted wardrobe in the main bedroom.
  • Install wall lights for reading in bed in both bedrooms, and on the beam over the sit-down desk in the office.
  • Install ‘plantation shutters’ in the kitchen (which otherwise has no privacy from passers-by).
  • Replace the door to the balcony, and add fanlight windows suitable for winter ventilation.
  • Replace knackered old boiler.  A water (river) source heat pump would be good, if I could find anyone to install one.  Failing that, a regular combi boiler.

But right now, I’m dealing with a bigger, more urgent and unanticipated problem than any of those.  The bathrooms.

The two small bathrooms are back-to-back between the bedrooms and over the kitchen.  They are separated by a stud wall.  One has a shower, the other a bath; each has a basin and loo.  Great, I mostly take showers, but it’s nice also to have a bath available.

But the bathrooms have two problems.  The shower sometimes leaks into the kitchen below.  And the bathtub is only 150cm long, which is inadequate to take a bath in comfort.  150cm is the full width of the bathroom, and rearranging it wouldn’t be easy.

Until I can get the plumbing fixed around that shower, that’s a daily uncomfortable bath.  Actually it’s less uncomfy with practice: one learns what position works, but it’s certainly no pleasure.

OK, I need the shower repaired: that’s a plumber’s bill.  But can I, at the same time, do something about that bath?  The shower room is the same width as the bathroom, and a shower cubicle doesn’t need 150cm!  There’s room to steal 20cm from a corner of the shower room to make an alcove for the foot end of a new 170cm bath.  If this is to be my home for a fair few years, I bloomin’ well want to enjoy my home comforts!  Extending that thought, let’s have a little extra indulgence while we’re at it: a whirlpool bath!

So I started looking for a plumber to give me a quote.  Easier said than done: the usual story was “no time to take that on until sometime next year”.  Ouch.  Should I drop the ambitious plan and just get someone to fix that shower, so I can make the revamping of the bathrooms a non-urgent longer-term project like redesigning the kitchen?  Grumble.

Finally I found a plumber who could do it on a reasonable timescale (for an arm and a leg, of course).  He’s just done his first day of the job, in which he ripped out the old shower and put up struts for the new/moved stud wall.  The new shower will be a 120cm cubicle, and will stretch wall-to-wall.  That is to say, new wall accommodating bigger bath, to far wall.   TomorrowToday I think he’ll be putting in the wall to make the new shower cubicle.  I’m hazy on the sequencing of events, but the idea is to do as much as possible in the shower room while I still have the bath, so I’m not stuck with neither bath nor shower.

If all goes well, I’ll have him back to replace the boiler soon, and to do the plumbing when I redesign the kitchen sometime later when all the urgent things are done.  But until the job is finished, I’m a bundle of nerves about how my bathrooms will end up.  Ouch!

The other frustrating problem is my ‘net connection.  The 4G connection that did the job from my old place works for the laptop provided I keep the device on the window sill looking out (though even there it intermittently degrades to 2G), but it no longer works for the desktop – which is where I have all my main work stuff, like the toolchains and admin stuff for developing and testing software, and mentoring projects incubating at Apache.

I’m doing what I had in mind for when I bought a house, which is to go upmarket in my choice of ISP, with a view to the possibility of acquiring a couple of raspberry pis and bringing my server out of the cloud and in-house.  But I’ve hit a snag there: whereas in theory I have FTTC broadband, in practice something needs fixing between the house and the cabinet.  It’s now more than two weeks since I was supposed to be up-and-running, and the latest date to be suggested for the fix is November 11th.  Ouch!

The Peoples Democratic Republic

I’ve been meaning to have a good rant about this ever since Private Eye surpassed itself with that utterly brilliant headline The Ego has Landed in its Loon Landing Edition, blending the two topical stories of the ascent of Boris and the moon landing anniversary.

Not so long ago I thought May making him Foreign Secretary was a stroke of genius: surely the national embarrassment of so many idiocies would save us from seeing him as the next Prime Minister.  The stark revelation of that classic public school trope, the Bully and Coward, certainly cured me of what remained of my one-time admiration for him.  But I was wrong: he (like Flashman) has momentum, and Boris’s Momentum is a lot more powerful than Corbyn’s, so it can purge its party of all opposition.

So what’s he doing now?  Apart from threatening us with national perdition while waving a Magic Money Tree that would shame Labour’s wildest promises?  I think the whole key to it is, provoke the opposition into making itself look bad.  And not just the opposition: there’s the media, the judiciary.  Either you’re with us or you’re part of a great conspiracy.  With his media background, not as reporter (where an effort to tell the truth would be expected) but as a successful columnist, he knows how to pull the strings of both the media and of the public.  Or rather, in the latter case, his tribe.

Thus on brexit, keep them guessing.  He has to request an extension, what will he do?  If the EU see nothing coherent in UK politics – no plan that a sufficiently-united opposition might conceivably pursue – why would they agree to prolonging the agony?  And who are the opposition?  Two Labour parties that hate each other, Libdems who won’t go near Corbyn, and a handful of others including Tory rebels who.  Shouldn’t be too hard to keep them from presenting a credible alternative.  The Scots Nats valiantly try a constructive proposition (Corbyn on a very short leash), but even that fails to gain traction.

Meanwhile Boris presents himself as a tribal leader, shorn of any pretence of admitting contrary voices such as those of other tribes in ‘his’ nation.  He’s seen that succeed elsewhere, albeit usually with ugly consequences (including Northern Ireland – the part of the UK with a strongly tribal recent history).  He’s an obvious master of the dead cat, not least in the stories about sexual misdemeanours that play right into his hands by sending the Chattering Classes into a frenzy while being insufficiently serious for normal people to care.   I thought (and nearly blogged) about the Carrie row during the leadership contest, which looked staged to provoke excess outrage and collect a sympathy vote.  A few of these stories, and even if the next one were were a credible accusation of actual rape, who would believe it after so much fuss?

On the subject of brexit, the differing opposition attitudes are interesting but unhelpful.  Libdems seek a mandate to stop it outright, but they’re too far from a ‘main party’ for that to be realistic.  Corbyn presents a coherent plan – to do what Cameron should have done in the first place and present a referendum on an actual plan rather than a blank slate – but his party won’t unite and the media tell us it’s unclear.  Looks like too little, too late.  And – crucially – while they’re all panicking about WTF Boris might do (possibly in defiance of the law), they’re not uniting around a coherent plan, and what the world sees is headless chickens.

A grand narrative of a PM implementing the “will of the people” against a great conspiracy (conveniently forgetting of course that his predecessor would have delivered brexit if her own party hadn’t voted it down).  These past few weeks have given me an insight into how the world got “Democratic Peoples Republic“s: someone pursued an agenda with a genuine belief that it was the “will of the people”, and gradually dispensed with all opposition that comes from democratic checks-and-balances.

As for the latest row over language?  There’s another brilliant dead cat.  The “surrender act” is nasty, but Labour hasn’t got a leg to stand on in criticising it: that kind of language has been their own bread-and-butter for longer than I can remember.  On the other hand – and what finally provoked me into a rant about it, Boris’s rabble-rousing conference speech to his acolytes was seriously scary.  If we put aside alarming precedents from within living memory, it was at the very least a conscious effort to cast his opponents as turbulent priests: serious intimidation.

Indeed, one striking aspect of politics today is how the Tories have taken on Labour’s mantle.  In my youth it was Thatcher who talked mostly sense while Labour pursued tribal dogma in the name of socialism; now it’s Boris’s fanatics who are putting quasi-religious dogma ahead of the country’s interests in the name of ‘the people’.  That’s deeper than just stealing Labour’s spending mantle to try and crowd them out, or provoke them to yet-more-loony promises.

What will happen at halloween?  If I could get instant information, I’d be watching the hedge funds’ bets.  Especially those that help bankroll Boris and the Party, or are controlled by or closely connected to government insiders like Rees-Mogg and Leadsom.  They remember how Soros made gazillions betting against Blighty in 1992, but perhaps conveniently overlook the fact that he at least wasn’t doing so as a government insider.

Moved

I moved house again yesterday (Friday).  I’m now finally a homeowner: no rent to pay, though lots of repairs and improvements to consume what would have been a rent budget.  Over the coming days (or more likely weeks, months, …) I’ll be unpacking, sorting, fixing things, getting up to speed in the new place.  As well as a couple of final visits to the old place, to clean up and leave it in a presentable state, and (weather permitting) gather some fruit from the garden.

The new place has, alas, no garden.  The only outdoor space is the balcony, which hangs over the river.  But that river is a huge attraction: both the living room and the main bedroom above it look out on the river, so I get to sit and relax, as well as sleep, to the immensely soothing sound of rushing water from the weir.

And that weir is itself part of the building’s history.  For this was originally a foundry, and drew its power from the river.  The building was converted to houses in the late 1990s, but retains thick stone walls, wooden beams, and cast iron fittings, all of which are utterly beautiful, as well as giving character to the house.  So while on one level it’s a humble two-up two-down plus attic (which becomes my office), on another it’s most unusual and indeed amazing!

The location also has much to commend it: under ten minutes walk from the town centre shops, market, and activities, but also scarcely more than that to open moorland.  On the downside, it’s on a busier road than I would choose, and the front rooms – the kitchen and the guest bedroom – will get traffic noise.  And due to a high bank and trees on the other side of the road, the house gets little sun, and the north (river-facing) side gets more light than the south!

It was the river above all else that drew me to this house.  I hope I shall enjoy many years in its company.

 

Mail Hiatus

I am likely to be subject to email hiatus in the immediate future.

On seeing a suddenly-filled default inbox folder (customarily where spam lands, as procmail sorts non-spam), I find an address for me has been used as “From” in what is evidently a big spam run.  The unexpected messages are mostly out-of-office auto-replies.  A handful are from mailinglists that have been spammed but need “me” to subscribe before “I” can post.  Happily my own spam filtering has caught most of the other big class: bounce messages from servers so misconfigured as to accept the spam before identifying it as spam and “returning” it to the victim – me.

After a bit of firefighting to reject the autoresponses and moderate the server load, I instead just deleted the address they’re targeting.  Since it’s an address that is publicly advertised, I can’t make that a permanent solution[1].  I shall keep an eye on the mail log and re-enable it when the flood abates.  Also to relieve the load on the server, I’ve turned off greylisting.  It appears to be OK now, but if necessary I may intervene further.

Interestingly the lists spammed include a lot of my current and former hangouts at w3.org and apache.org.  Happily the “from” address isn’t one I’ve used to subscribe to any of those lists, so nothing should’ve sneaked through there as “from” me.

[1] Or maybe I can.  But that’ll be as part of a general revamp of my mail addresses, and needs planning.

Summer Concert

A week today, Saturday July 6th, we’re performing Rossini’s Petite Messe Solennelle at Plymouth’s Catholic Cathedral.  A work that’s lots of fun and should be worth coming to if you’re in the area.  Though also one I’m feeling I’ve done rather too often in recent years, and I might even make this the third major work in the concert repertoire I’ve sung from memory without the score (after the Messiah and Carmina Burana).

This is a summer concert, with interval cheese-and-wine (or somesuch) included in the ticket price.

Whatsupp?

Funny that.  Just a couple of weeks ago, I wrote:

The spy in your ‘puter or ‘phone … Some of that is P2P communications software like Microsoft’s skype or Facebook’s whatsapp, that should be prime vehicles for Aussie-style targeted espionage.

Suppose you’re a government spy agency that has leaned on whatsapp to introduce your spyware.  You want to get everyone to update to a version with the spyware.  How do you go about it?  How about an announcement of a serious security flaw in earlier versions to persuade everyone who might have something to hide to make the upgrade?

As reported, the whatsapp flaw was already at a much deeper level than just spying on whatsapp traffic (as per my earlier comment): it was used to install some of the world’s most sophisticated spyware called Pegasus, developed by an Israeli company NSO and sold to government agencies for total surveillance on dangerous elements such as dissidents and human rights lawyers.  The Reg article quotes a comment that kind-of summarises:

NSO Group has been bragging that it has no-click install capabilities for quite some time. The real story here is that WhatsApp found the damn thing.

— Eva (@evacide)

Indeed.  Pegasus wasn’t new, and was thought to have been distributed by more conventional means (and no doubt was, to less-than-paranoid users).  How did they make the connection between it and a critical whatsapp bug?  One might speculate there was more to this story than is being told!

A good day to bury other security/spyware news?  Golly, what a coincidence that Thrangrycat was also just announced.  The perfect way to bury something more than the official lawful intercept (wiretapping as required of them by the US Government) malware into Cisco routers, switches and firewalls, so deeply that future upgrades won’t affect it.

Wicked speculation: could it be the amount of work they’ve had to devote to supporting US Government spying requirements that caused Cisco to fall behind an unencumbered Huawei?

A World of Pain

Whither Firefox?

It’s a long time since I experienced the Web without ad-blocking, without noscript.  Individual sites may have changed for better or worse, but overall it remains a whole world of pain.

I don’t even mind adverts.  What I need to block is crap that moves: animations, tickers, slideshows, etc, including those that aren’t adverts at all but are just some deezyner’s wet dream.  And it turns out there’s a lesser nuisance alongside those: sites that put up a huge great dialogue box where I have to agree T&Cs, and usually telling me about their cookies, before viewing the page.

Goodbye, Firefox.  Hello Chromium.  Probably won’t look back (at least for general browsing) until and unless I start getting grief with the latter.

Quis Custodiet Ipsos Custodes?

With the controversy over the US and its allies adopting Huawei kit generating more heat than light, I think perhaps it’s time to don my mathematician’s hat and take a look at what could and couldn’t really be at stake here.  Who could be spying on us, and how?

Much of the commentary on this is on the level of legislating the value of pi.  That is to say, a fundamental conflict with basic laws of nature.  At the heart of this is Trump’s ranting about China spying on us: the idea that a 5g router (or any other infrastructure component) could spy on his intelligence services’ communications is on the level of worrying about catching cold from reading my blog because I sneezed while writing it.

At least, a router acting on its own.  A router in collaboration with other agents could plausibly be a different story, but more on that later.

To set the scene, I can recommend Sky’s historical perspective: Huawei’s 5G network could be used for spying – while the West is asleep at the wheel.  This looks back to the era of British domination of the world’s communications infrastructure, and how we successfully used that to eavesdrop German wartime communications.  It also traces the British company involved, which was bought by Vodafone in 2012.

Taking his lesson from history, Sky’s correspondent concludes that if the Brits and the Americans could do it (the latter a longstanding conspiracy theory more recently supported by the Snowden leaks[1]), then so could the Chinese.  Of Huawei (a private company), he says:

[founder] Ren Zhengfei … has said his firm does not spy for China, and that he would not help China spy on someone even if required by Chinese law.

Personally, I’m inclined to believe him.

But it may also be a promise he is unable to keep, even if he wants to. The state comes before everything.

which might just be plausible, with the proviso that it would risk destroying China’s world-leading company and a powerhouse of its economy.

But the historical analogy misses one crucial difference in the modern world.  Modern encryption.  Maths that emerged (despite the US government’s strenuous efforts to suppress it) around the 1980s, and continues to evolve, while also being routinely used online, ensures that traffic passing through Huawei-supplied infrastructure carries exactly zero information of the kind historically used to decrypt cyphers, such as (famously) the Enigma.  Encryption absolutely defeats the prospect of China doing what Britain and America did.  And – particularly since Snowden[1] – encryption is increasingly widely deployed, even for data whose security is of very little concern, such as a blog at wordpress.org.

Unless of course the encryption is compromised elsewhere.  The spy in your ‘puter or ‘phone.  Or the fake certificate that enables an imposter to impersonate a trusted website or correspondent.  These are real dangers, but none of them is under Huawei’s (let alone the Chinese government’s) control or influence.

Looking at it another way, there’s a very good reason your online banking uses HTTPS – the encrypted version of HTTP.  It’s what protects you from criminals listening in and stealing your data, and gaining access to your account.  The provenance of the network infrastructure is irrelevant: the risk you need to protect against is that there is any compromised component between you and your bank.  Which is exactly what encryption does.

So why is the US government attacking Huawei so vigorously, not merely banning its use there but also threatening its allies with sanctions?  I can see two plausible explanations:

  1. Pure protectionism.  Against the first major Chinese technology company to be not merely competitive with but significantly ahead of its Western competitors in a field.  And against the competitive threat of 5G rollout giving Europe and Asia a big edge over the US.
  2. The US intelligence agencies’ own spying on us.

OK, having mooted (2), it’s time to return to my earlier remark about the possibility of a router collaborating with another agent in spying with us.  The spy in your ‘puter or ‘phone.  There’s nothing new about malware (viruses, etc) that spy on you: for example, they might seek to log keypresses to steal your passwords (this is why financial institutions routinely make you enter some part of your credentials using mouse and menus rather than from the keyboard – it makes it much harder for malware to capture them).  Or alternatively, an application (like a mailer, web browser, video/audio communication software, etc) encrypts but inserts the spy’s key alongside the legitimate users’ keys: this is essentially what the Australian government legislated for to spy on its own citizens.

But such malware, even when installed successfully and without your knowledge, has a problem of its own.  How to “phone home” its information without being detected?  If it makes an IP connection to a machine controlled by the attacker, that becomes obviously suspicious to a range of tools in a techie’s toolkit.  Or for non-techie users, your antivirus software (unless that is itself a spy).  So it’ll have a pretty limited lifetime before it gets busted.  Alternatively, if it ‘phones home’ low-level data without IP information (that’ll look like random line noise to IP tools if they notice it at all), the network’s routers have nowhere to send it, and will just drop it.

This smuggling of illicit or compromised data to a clandestine listener is where a malicious router might conceivably play a role.  But for that to happen, the attacker needs a primary agent: that spy in your ‘puter or ‘phone.  If anyone’s intelligence service has spyware from a hostile power, they have an altogether more serious problem than a router that’ll carry or even clone its data.

And who could install that spy?  Answer: the producers of your hardware or software.  Companies like Microsoft, Apple, Google and Facebook have software installed on most ‘puters and ‘phones.  Some of that is P2P communications software like Microsoft’s skype or Facebook’s whatsapp, that should be prime vehicles for Aussie-style targeted espionage.  If anyone is in a position to spy on us and could benefit from the cooperation of routers to remain undetected, it’s the government who could lean on those companies to do its bidding.  I’m sure the companies aren’t happy about it, but as the Sky journalist said of Huawei, it may also be a promise he is unable to keep, even if he wants to. The state comes before everything”.

China’s presence in any of those markets is a tiny fraction of what the US has.  Could it be that the NSA made Huawei an offer they couldn’t refuse, but they did refuse and the US reaction is the penalty for that?  It’s not totally far-fetched: there’s precedent with the US government’s treatment of Kaspersky.

And it would certainly be consistent with the US government’s high-pressure bullying of its allies.  The alternative explanation to pure protectionism is that they don’t want us to install equipment without NSA spyware!  The current disinformation campaign reminds me of nothing so much as Bush&Blair’s efforts to discredit Hans Blix’s team ahead of the Iraq invasion.

[1] I’m inclined to believe the Snowden leaks.  But I’m well aware that anything that looks like Intelligence information might also be disinformation, and my inclination to believe it would then hint at disinformation targeted at people like me.  So I’ll avoid rash assumptions one way or t’other.  Snowden’s leaks support a conspiracy theory, but don’t prove it.

Passion

Time to mention our next concert: one of the greatest of all Easter works.  Bach’s St Matthew Passion, at the Guildhall, Plymouth, a week today (Sunday April 14th).

This work should need no introduction, and I have no hesitation recommending it to readers within evening-out distance of Plymouth.  I’m looking forward to it.

Just one downside.  As with our performance of the St John’s Passion three years ago, this is a “new” Novello translation.  I think if I’d come to these (translations) in reverse order my criticisms might have been a little different, but the underlying point remains: these are about money.  A rentier publisher contemptuously saying screw the art.  And I can now answer the question I posed then: with ISIS no longer having the earthly power to destroy more great heritage, Novello score a clear victory in the cultural vandalism stakes.