Monthly Archives: March 2017

The right weapon

Today’s terrorist attack in London seems to have been in the worst tradition of slaughtering the innocent, but pretty feeble in its token attempt on the more noble target of Parliament.  This won’t become a Grand Tradition like Catesby’s papists’ attack.

But if we accept that the goal was slaughter of the innocent, then today’s perpetrator made a better job of it than most have done, at least since the days of the IRA, with their deep-pocketed US backers and organised paramilitary structure.  His weapon of choice was the obvious one for the purpose, having far more destructive power than many that are subject to heavy security theatre and sometimes utterly ridiculous restrictions.  Even some of those labelled “weapons of mass destruction”.

The car.  The weapon that is available freely to everyone, no questions asked.  The weapon no government dare restrict.  The weapon that kills more than all others, yet where it’s so rare as to be newsworthy for any perpetrator to be meaningfully punished.  Would the 5/11 plotters have gone to such lengths with explosives if they’d had such effective weapons to hand?

With this weapon, the only limit on terrorist attacks is the number of terrorists.  No need for preparation and planning – the kind of thing that might attract the attention of police or spooks – just go ahead.

And next time we get a display of security theatre – like banning laptops on flights – we can point to the massive double-standards.

Advertisements

Equinox

Just noticed:  Sunrise 06:25 Sunset 18:26.  Starting today, we are into the season of daylight!

We’ve had some spring weather too, though nothing dramatic.  What is looking impressive is the wide range of spring flowers and blossom all around.  Not just the Usual Suspects like daffodils and primroses, but even later flowers like the tulips in the front garden are peeping through.  And we have the appearance of other spring wildlife, like the bumblebees servicing the flowers in the garden.

Also mildly bemused by the white heather at the bottom of the garden.  I’ve seen heather ranging from red/pink through to blueish, but pure white is new to me.

Under attack

Yesterday morning I woke up to several hundred (or was it thousand?) messages from the online contact form on my website.  They came from what was clearly an automated dumb probe: all within a few minutes just before 4 a.m.  The probe had tried filling different fields with all kinds of payloads: fishing Unix paths, fishing Windows paths, escaped and unescaped commandline sequences including shellshock, SQL injection attacks, Javascript/XSS fragments, attempts to send mail or proxy HTTP.  Oh, and some fragments whose potential purpose eludes me.

OK, no big deal: just a few minutes of my time.  Dumb bots attack websites all the time.  Whatever vulnerabilities my server has (and I’m sure there are some), that kind of bot probing my contact form is no threat – except insofar as it could become a DoS.

This morning, another 740 messages.  From an even briefer probe: all at 03:59 and 04:00.  Checked the IP they all came from, and firewalled it off.  With a DROP rule, of course.  If it recurs from elsewhere, I’ll have to take a view on whether this approach can be extended or is useless.

If I can be arsed, maybe I’ll stay up and tail the log tonight, starting 03:50 or so.  Wonder if the perpetrator can be pwned while in action?  On second thoughts, maybe not at that hour, doubly not after the couple of pints I regularly enjoy on a Thursday evening.

Pratocracy Article

Some months ago, Apache PR (aka Sally) launched a monthly series under the generic title “Success at Apache”, and solicited volunteers to write articles on topics of relevance to the Apache Way and how things work.  I was one of many to reply, and she put me down for this month’s piece.  A few days ago it went live, here.

The original proposal was to discuss the Just Do It and Scratch Your Own Itch aspects of Apache projects and how, with the checks and balances provided by the meritocratic and democratic elements of project governance, that Just Works.  Some (linguistically) very ugly words for this have been floating around, so I’ve made an attempt to improve on them with a new coinage to avoid muddling English and Greek.  Pratocracy: the Rule of the Makers.

Sometime before I started writing, a question came up on the Apache Members list about any guidelines for companies looking to get involved with an Apache project.  It appears most of what’s been written is on the negative side: things not to do!  This seems to be a question that dovetails well with my original plan, so I decided to try and tackle it in my article.  This became the longest section of the article, and may hopefully prove useful to someone out there!

Sadly I was recovering from a nasty lurgy at the time I was writing it, and I can’t help feeling that the prose falls short of my most inspired efforts.  I’ve avoided repeating Apache Way orthodoxy that’s been spoken and written before by many of my colleagues, but in doing so I may have left too much unsaid for a more general readership.  At times I may have done the opposite and blathered on about the perfectly obvious.  Ho, hum.