So, which is more satisfying in today’s election results? A bloody nose for Mrs MegaloMayniac? Or a kick up the backside for the Labour party Establishment who loathe Corbyn as much as they hate democracy, and have spent a year and a half in civil war? All without delivering the other hypothetically-possible disaster of a Corbyn government.
A fly in the ointment is what the Coalition of Chaos that now looks likely may do to Northern Ireland. The DUP will want their price, and the Tories’ desperation will surely strengthen the hand of the more extreme elements in the DUP. Talk about setting a match to a powder keg!
(The title derives from here).
I was as surprised as anyone when our prime minister called a surprise election. OK, with Libdems knocked out in 2015 and Labour tearing themselves apart, she has no opposition in most of the country: she’ll walk it, right? But just after setting the clock ticking on brexit??? Good grief, how can we afford the time for this nonsense? Her policy platform looked like the progeny of an unlikely match of Farage and Miliband, with a touch more of Blairite authoritarianism that either of the main parents would seem likely to favour.
To state my own prior position, I was a strong supporter of Mrs Thatcher in my youth, but have become much-disillusioned with her successors, as browsing this blog (e.g. here) will reveal. I had hoped that the Libdems might come to the election with a positive programme I could support despite inevitable elements of gratuitous Political Correctness and the Loony Left, but they were quick to disappoint. Once again, I say None of the Above.
The justification seemed dodgy from the start, raising a strawman argument about being frustrated by … well, in fact, an exceptionally supine parliament. A couple of outright lies put my back up somewhat. But anyway, the Chattering Classes soon came up with some ideas: she wanted a personal mandate; she needed a big majority to stand up to the loony fringe of her own party. Really?
I live in a very marginal constituency, so I expected to be on the receiving end of some campaigning. The first I received on the doormat some weeks ago was a large glossy from which a mugshot of Jeremy Corbyn stared up at me. Interesting: Labour have got into gear commendably fast? Nope, this was Tory literature, featuring a bogeyman as its most important message.
When the (less-glossy) actual Labour leaflet followed, the only mugshot in it was the candidate himself. And a set of policies that read like a checklist of opposing everything the Tories are trying to do right. Ugh. No mention of Corbyn: is this candidate trying to dissociate himself from his own leader?
A second Tory letter – this time in an envelope – calls for a mandate not for my candidate, nor for the Party, but for Mrs May herself. Well, sorry, I can’t vote for that. Even if I wanted to live in Maidenhead (her constituency), I’ll never be able to afford it, so I don’t get the chance to vote either for or against her. But the message is becoming clearer than ever: we are to dispense with Parliament, relegate them to something more like a US-style electoral college, and crown our Supreme Leader. This cult of personality is not entirely new: perhaps we should be glad that she’s being more open about it than in the past? But coupled with her authoritarian leanings and secrecy over her agenda beyond the coronation, it scares me.
No more leaflets until last Friday, when a sudden flurry brought one each from the Libdems, UKIP, and an Independent, plus three more from the Tories for a total of five from them (good grief)! Only the Greens missing (perhaps they practice what they preach?), and sadly our Green party is solidly Loony Left. The Independent candidate actually has an anti-party platform I could strongly support (it’s distantly related to my own), but sadly falls down on other issues. And neither the Libdem nor UKIP feature their respective party leaders, so maybe I was being unduly cynical about Labour doing likewise.
But I’m getting ahead of myself. Surprisingly, her bogeyman doesn’t seem to be doing the job of annihilating himself. Indeed, Corbyn is looking the most statesmanlike of a dreadful bunch, and his own party have suppressed their hatred for him and moved from attacking him to ‘clarifying’ what he says. The “strong and stable” and “coalition of chaos” slogans have come back to bite her as it becomes painfully clear she herself is more chaos than strength, and the latest image of Corbyn “naked and alone“(!!!) with all those Eurocrats sounds almost like panic. It’s obviously nonsense: brexit negotiations will be conducted by Sir Humphrey’s civil servants regardless of who wins the election. In the still-inconceivable event of Labour beating the tories, I expect their political master would be Sir Kier Starmer, KCB, QC, not Corbyn himself.
So Corbyn has momentum. How far can it take him? Not into government, but perhaps far enough to upset the master plan. We need a bigger rallying point than that mugshot. What do people respond to, fast? Not any new promises: messing with the manifesto is just more egg on the face. It’s got to be a real threat. Big enough to grab the headlines and the national conversation. And preferably focus attention on matters where We Beat Them in public trust.
Where can we find such a threat? Given the tight timescale, we’re never going to make it with a foreign power. But there are a fair few alienated idiots in Blighty, susceptible to being inspired by heroes like the biblical Samson. We’re told our security forces have thwarted no fewer than five terrorist attacks in two months between the Westminster Bridge attack (March 22nd) and the Manchester one (May 25th – being more than a month into the election campaign). That’s more than one a fortnight, so it’s unlikely to be long before a next attempt. If one of those gets through, we have our threat and out enemy to rally against, and of course security is precisely where both the parties and their leaders individually are very clearly differentiated!
With that in mind, it seems an extraordinarily convenient coincidence that Manchester happened when it did: surely the security theatre of raising the threat level and deploying troops on the streets would kill that momentum and distract the media from the manifesto fiasco? Against all expectations, it didn’t! Then we had London Bridge, and this time a firm No Nonsense message: playing directly to traditional strengths.
Of course suggesting a connection is deep into conspiracy theory. But for the security forces – who routinely prevent terrorist attacks – to have failed twice in such quick succession – is extremely unlikely to be purely random. Did someone quietly send 007 on a wild goose chase – like for instance looking for Russian influence in the election – and leave Clouseau in charge back home? No, that’s a bit far-fetched. A botched information system update disrupting communication among anti-terrorist forces would make far more sense. And since all the people concerned work on a need-to-know basis and only see small parts of the overall systems, no individual would actually know what was going on!
And just to add icing to the conspiracy, what if the botch messed with third-party systems that must access the anti-terrorist information system, like an airline’s passenger information? What unlikely account might the airline be able to give of it if they were unable to operate? No, ignore that, it’s too far-fetched: BA is much more likely to have been hit by their own botch, perhaps with the aid of the big thunderstorms we had on the Friday night.
This Sunday, May 21st, we’re performing Bach’s B Minor Mass at the Guildhall, Plymouth. This work needs no introduction, and I have no hesitation recommending it for readers who enjoy music and are within evening-out distance of Plymouth.
Tickets are cheaper in advance than on the door, so you might want to visit your favourite regular ticket vendor or google for online sales.
Minor curiosity: the edition we’re using was edited by Arthur Sullivan. Yes, he of G&S, and an entirely different era and genre of music! It’s also the Novello edition used in most performances in Britain.
PGP is not broken. It has long been the best framework most of us have for digital identity, and a secure means of communication.
Sadly the same cannot be said for certain popular PGP tools, nor for vast numbers of tutorials out there. The usage we enjoyed and became accustomed to for a quarter century will now lead at best to confusion, and at worst to mistakes that could defeat the entire purpose of PGP and leave users wide open to spoofing. That applies both to longstanding users who understand it well, and to the newbie who has read and understood a tutorial.
The underlying problem is that 32-bit (8 hex character) key IDs are comprehensively broken. The story of that is told at evil32.com, by (I think) the people who originally demonstrated the issue. It’s developed further since I last paid attention to it (and drew my colleagues’ attention to the need to stop using those 32-bit key IDs), in that an entire ‘shadow strong set’ has now been uploaded to the keyservers. Those imposters were revoked by the evil32 folks, but with the idea being out there, anyone could now repeat that exercise and generate their own fake identities and fake Web of Trust. And when a real malefactor does that, they’ll have the private keys, so there’ll be no-one to revoke them.
Let’s take a look at a recent sequence of events, when I rolled a release candidate for an Apache software package, and PGP-signed it. Bear in mind, this is all happening in a techie community: people who have been happily using PGP for years.
[me] Signs a software bundle, upload it with the signature to web space.
[colleague] Checks the software, comes back with a number of comments. Among them:
- Key B87F79A9 is listed as "revoked: 2016-08-16" in key server
Where does that come from? I take great care of my PGP keys, and I certainly don’t recollect revoking that one. To have revoked it, someone needs to have had access to both my private key and my passphrase, which is kind-of equivalent to having both the chip and the PIN to use my bank card (and that’s ignoring risks like someone tampering with my post on its way from the bank). This is … impossible … alarming!
Yet this is exactly what happens if you RTFM:
% gpg --verify bundle.asc gpg: Signature made Sun 16 Apr 2017 00:00:14 BST using RSA key ID B87F79A9 gpg: Can't check signature: public key not found
We don’t have the release manager’s public key ( B87F79A9 ) in our local system. You now need to retrieve the public key from a key server.% gpg --recv-key B87F79A9 gpg: requesting key B87F79A9 from HKP keyserver pgpkeys.mit.edu gpg: key B87F79A9: public key "Nick Kew <me>" imported gpg: Total number processed: 1 gpg: imported: 1
That’s a paraphrased extract from a real tutorial (which I intend to update, if noone else gets there first). It was fine when it was written, but now imports not one but two keys. Here they are:
$ gpg --list-keys B87F79A9 pub 4096R/B87F79A9 2011-01-30 uid Nick Kew <niq@apache...> uid Nick Kew (4096-bit key) <nick@webthing...> sub 4096R/862BA082 2011-01-30 pub 4096R/B87F79A9 2014-06-16 [revoked: 2016-08-16] uid Nick Kew <niq@apache...>
Both appear to be me; one is really me, the other an imposter from the evil32 set. It’s easy to see when we know what we’re looking for, but could be confusing if unexpected!
The problem goes away if we use 64-bit Key IDs, or (nowadays strongly recommended) the full 160-bit (40 character) fingerprint. It is computationally infeasible anyone could impersonate that, and indeed, they haven’t.
$ gpg --fingerprint B87F79A9 pub 4096R/B87F79A9 2011-01-30 Key fingerprint = 3CE3 BAC2 EB7B BC62 4D1D 22D8 F3B9 D88C B87F 79A9 uid Nick Kew <niq@apache...> uid Nick Kew (4096-bit key) <nick@webthing...> sub 4096R/862BA082 2011-01-30 pub 4096R/B87F79A9 2014-06-16 [revoked: 2016-08-16] Key fingerprint = C74C 8AA5 91CB 3766 9D6F 73C0 2DF2 C6E4 B87F 79A9 uid Nick Kew <niq@apache...>
The imposter’s fingerprint is completely different from mine. It’s not PGP that’s broken, it’s the use of 32-bit/8-character key IDs in our tools, our tutorials, and our minds, that’s at fault.
However, the problem is a whole lot worse than that. It’s not just my key (and everyone else in the Strong Set at the time of the evil32 demo) that has an imposter, it’s the entire WoT. Let’s see if WordPress will let me present these side-by-side if I truncate the lines a bit. The commandline used here is
$ gpg --list-sigs [fingerprint] |egrep ^sig|cut -c14-50|sort|uniq|head -5
which lists me:
010D6F3A 2012-04-11 dirk astrath (mo 02D1BC65 2011-02-07 Peter Van Eynde 0AA3BF0E 2011-02-06 Christophe De Wo 16879738 2011-02-07 Markus Reichelt 1DFBA164 2011-02-07 Bernhard Wiedema
010D6F3A 2014-08-05 dirk astrath (mo 02D1BC65 2014-08-05 Peter Van Eynde 0AA3BF0E 2014-08-05 Christophe De Wo 16879738 2014-08-05 Markus Reichelt 1DFBA164 2014-08-05 Bernhard Wiedema
The first field there is the culprit 8-hex-char Key IDs for my signatories and their evil32 doppelgangers. The only clue is in those dates, which would be easy to overlook. Otherwise we have a complete imposter WoT. Those IDs offer no more security than a checksum (such as MD5 or SHA) if used without due care, and without a chain of trust right back to the user’s own signature (which is something you probably don’t have if you’re not a geek).
There are a lot of tools and tutorials out there that need updating to prevent this becoming yet another phisher’s playground. Tools should not merely stop displaying 8-character key IDs, they shouldn’t even accept them. I don’t think mere disambiguation is enough when an innocent user might thoughtlessly just select, say, the first of competing options.
I’ve already been diving in to some of those tutorials where I have write access to update them, but the task is complicated by having to work in the context of a document that deals with more than just the one thing, and without adding too much complexity for readers. So I decided to work through the story here first!
I’ve just taken delivery of my first physical bitcoin. I hadn’t realised it was topologically single-sided: you think of more complex shapes like the Möbius Strip or Klein Bottle as being interesting, but seeing it in this simply-connected coin came as a surprise to me.
Tom Stoppard was ahead of his time. Rosencrantz and Guildenstern didn’t need an Infinite Improbability Drive to toss 92 consecutive Heads (or whatever it was): it was a single-sided bitcoin, and every toss is heads. Impressive to have written about that 50 years ago.
And so much for all the hype around the new British pound coin!
Enough of that. The genre of April 1st jokes has gone distinctly stale in our times, as the mass of weak and contrived stories fail to fool anyone. Especially online, where most readers of anything I write will be seeing it outside today’s time window. Even those who get it by live feed or aggregator.
Every comment bears the grinning troll icon!
This is clearly just for today or this morning, depending on how they interpret the tradition (maybe it’s really elaborate, and sniffs your timezone for a best guess of when to display them)? But the ingenious thing is that this applies not just to the feeble joke article, but every article, through the history of El Reg. Suddenly the Reg every day is April 1st tradition really comes into its own, as tall stories like yesterday’s one about World Backup Day display all grinning trolls.
And suddenly the seeds of doubt are sown over all the serious stories. This is surreal, and turns it into a brilliant new twist on an old tradition!
Today’s terrorist attack in London seems to have been in the worst tradition of slaughtering the innocent, but pretty feeble in its token attempt on the more noble target of Parliament. This won’t become a Grand Tradition like Catesby’s papists’ attack.
But if we accept that the goal was slaughter of the innocent, then today’s perpetrator made a better job of it than most have done, at least since the days of the IRA, with their deep-pocketed US backers and organised paramilitary structure. His weapon of choice was the obvious one for the purpose, having far more destructive power than many that are subject to heavy security theatre and sometimes utterly ridiculous restrictions. Even some of those labelled “weapons of mass destruction”.
The car. The weapon that is available freely to everyone, no questions asked. The weapon no government dare restrict. The weapon that kills more than all others, yet where it’s so rare as to be newsworthy for any perpetrator to be meaningfully punished. Would the 5/11 plotters have gone to such lengths with explosives if they’d had such effective weapons to hand?
With this weapon, the only limit on terrorist attacks is the number of terrorists. No need for preparation and planning – the kind of thing that might attract the attention of police or spooks – just go ahead.
And next time we get a display of security theatre – like banning laptops on flights – we can point to the massive double-standards.
Just noticed: Sunrise 06:25 Sunset 18:26. Starting today, we are into the season of daylight!
We’ve had some spring weather too, though nothing dramatic. What is looking impressive is the wide range of spring flowers and blossom all around. Not just the Usual Suspects like daffodils and primroses, but even later flowers like the tulips in the front garden are peeping through. And we have the appearance of other spring wildlife, like the bumblebees servicing the flowers in the garden.
Also mildly bemused by the white heather at the bottom of the garden. I’ve seen heather ranging from red/pink through to blueish, but pure white is new to me.
OK, no big deal: just a few minutes of my time. Dumb bots attack websites all the time. Whatever vulnerabilities my server has (and I’m sure there are some), that kind of bot probing my contact form is no threat – except insofar as it could become a DoS.
This morning, another 740 messages. From an even briefer probe: all at 03:59 and 04:00. Checked the IP they all came from, and firewalled it off. With a DROP rule, of course. If it recurs from elsewhere, I’ll have to take a view on whether this approach can be extended or is useless.
If I can be arsed, maybe I’ll stay up and tail the log tonight, starting 03:50 or so. Wonder if the perpetrator can be pwned while in action? On second thoughts, maybe not at that hour, doubly not after the couple of pints I regularly enjoy on a Thursday evening.
Some months ago, Apache PR (aka Sally) launched a monthly series under the generic title “Success at Apache”, and solicited volunteers to write articles on topics of relevance to the Apache Way and how things work. I was one of many to reply, and she put me down for this month’s piece. A few days ago it went live, here.
The original proposal was to discuss the Just Do It and Scratch Your Own Itch aspects of Apache projects and how, with the checks and balances provided by the meritocratic and democratic elements of project governance, that Just Works. Some (linguistically) very ugly words for this have been floating around, so I’ve made an attempt to improve on them with a new coinage to avoid muddling English and Greek. Pratocracy: the Rule of the Makers.
Sometime before I started writing, a question came up on the Apache Members list about any guidelines for companies looking to get involved with an Apache project. It appears most of what’s been written is on the negative side: things not to do! This seems to be a question that dovetails well with my original plan, so I decided to try and tackle it in my article. This became the longest section of the article, and may hopefully prove useful to someone out there!
Sadly I was recovering from a nasty lurgy at the time I was writing it, and I can’t help feeling that the prose falls short of my most inspired efforts. I’ve avoided repeating Apache Way orthodoxy that’s been spoken and written before by many of my colleagues, but in doing so I may have left too much unsaid for a more general readership. At times I may have done the opposite and blathered on about the perfectly obvious. Ho, hum.
I didn’t make it to FOSDEM last weekend.
This time I could perfectly well have done so: there was nowhere else I had to be, no deadline I was pressed to meet, no travel difficulties. No such excuse. I just didn’t go.
My loss. Certainly in terms of who I didn’t meet (old friends and new), what I didn’t learn, how my mind didn’t get stimulated, what projects and ideas haven’t excited me. Damn.
So what kept me away? Obviously it’s that bit harder work than higher-budget conferences. The venue is a bit hit-and-miss, with some of the rooms being quite an ordeal. On the other hand, the big lecture theatre with the keynotes and the smaller ones where most talks happen are perfectly good, the room with the “lightning talks” (always a good default place if there’s a time when you have nothing scheduled) likewise, and the better project rooms are good for a session – at least when there’s something in that limited space of interesting but not too overcrowded and stuffy.
No, what really put me off was the prospect of once again running the gamut of the smokers. The stench of it in the lobby and corridors, exhibition space and coffee area, coupled with the crowds that prevent getting from A to B on a single breath. The good reasons to go to FOSDEM are at an intellectual level, but the feeling of a descent into filth when I think about going is overwhelming at a basic, Proustian level.
On that analysis, I may never go again. That’s sad.