Trusting the Internet

In light of recent events (heartbleed and *cough* NSA *cough*), we now live in a world where the people you thought you could trust aren’t as trustworthy as we expect them to be.

One of the things that we lay our trust in every day are Certificate Authorities. These are the people with the power to issue SSL certificates, which are used when you use online banking, search google, access your email and other sensitive information over the internet. It can be identified with a either a padlock symbol, or simply ‘https’. You’ll notice that my blog is encrypted, and you can get details of this by clicking the padlock in the top right in Chrome and Firefox, or the padlock at the end of the address bar in internet explorer.

For this example I will use Firefox:

SSL Overview

You can see that the connection is secure. Wonderful!

What good is it however to have an encrypted connection, when it could be anyone in the world.
That’s where the trust part comes into it.

You can see that the certificate has been verified by GoDaddy.com, Inc. Clicking ‘More Information…’, ‘View Certificate’ and going to the ‘Details’ tab will take you to this screen:

SSL Overview

Here you can see the trust tree. This is the chain that lets firefox know that the certificate is one that it can trust.

Think of it this way, you’re having a party, and a guy enters. You don’t know him, and therefore don’t want him in your house, but he says he is friends with another guy, who you don’t know and ring up, but he says he’s friends with another guy, who you don’t know and ring up, who says he’s friends with one of your close friends, who confirms that he is indeed his friend, and he can vouch for his friend, his friend’s friends, and his friend’s friend’s friend who is at your front door.

From this you can trust all of his friends into your house. If one of them steals/breaks/otherwise vandalises your house, you can go back to your friend and either say ‘these guys did bad things to my house’, and he will revoke their friendship, or you can choose not to be friends with this guy who let idiots into your house anymore.

In this case, the guy at your door is ‘*.wordpress.com’, his unknown friends are ‘Go Daddy Secure Certificate Authority – G2′ and ‘Go Daddy Root Certificate Authority – G2′, and the friend you trust is ‘Go Daddy Class 2 CA’

This root level of trust is built into the web browser (or in the case of Internet Explorer, Windows itself), and you can choose to revoke or add authorities at your will, but be warned: revocation is a drastic measure which will limit access to a number of sites and compromise your security at the same time. If a website does something bad, the best course of action is to take it up with the certificate authority which issued that website’s certificate and let them revoke it. Details for this can usually be found under the page linked in the ‘Subject’ field

Subject field

Visiting the site will usually give details on what to do if you suspect a certificate has been compromised or if the legitimate owner is performing malicious activity with it

Next up will be how to run your own certificate authority!

Turning off Lid Close Standby on Ubuntu Server 14.04 LTS in three easy steps

Let’s say you’ve turned your old laptop into a server. Great choice! It’s smaller than a full size tower, uses less power, is quieter (most of the time) and if you can’t access it you can tab right in on the physical keyboard and screen.

However, open laptops take up more space, so you’ll want to close the lid, right? On Ubuntu Server, closing the lid will put your server in standby, which is… unhelpful, to say the least.

Well, here’s how to stop that from happening, for all version of Ubuntu from 13.10 onwards (13.10, 14.04 LTS, 14.10 as of January 2015)

Step One

First, open /etc/systemd/logind.conf with a text editor

sudo vim /etc/systemd/logind.conf

Step Two

Find the line with HandleLidSwitch and change it to

HandleLidSwitch=ignore

Step Three

Save, exit and restart the daemon

sudo service systemd-logind restart

Et Voila! Your server is now happy about running with its lid closed!

How to lock down your Windows 7 machine like Fort Knox

I like security. There’s a fact for you

Imagine you’re going to sleep, and you suddenly realised you’ve left the front door wide open, with the keys still in the lock.
How would you react? Anyone with the right state of mind (and who doesn’t have a fully trustworthy 24/7 security team to pry the keys from that lock, close the door and secure the premises for you) would get up, go to the front door, close it and lock it, before proceeding back to bed with the confidence that an unwanted person won’t be getting in.

Your computer wide open like that proverbial front door, and even so if you use your administrator account for your day-to-day, and let’s face it, who doesn’t these days when you can have a computer each?

I decided to write this article after I read about a tool which claims to break bitlocker drive encryption, and one of the described methods was to get a hold of the computer whilst it was unlocked on an administrator account, install the software, then do evil.

This is done by using the default UAC (User Account Control) settings to gain applications privileged access without the need for actual administrator input.

Not on my computer, heres how:

Part One – Telling the computer what to do when evil brews

In this part we will fiddle with some of the darkest depths of security settings available to make administrator privilege requests (UAC elevations) much harder for an evil person to make a computer do evil stuff

Step One

Open up the Local Security Policy by going to Run and typing secpol.msc
Hit enter and it should open up the local security policy (if you are requested to allow it privileges, click yes. Notice how you just get a yes or no, and anybody with access to your computer can click ‘yes’ or ‘no’ for you (to do very evil things)).
Turns out that by default you don’t get this prompt. Evil people could be changing them for you!

Step Two

Navigate to Local Policies/Security Options and scroll to the bottom of what should be a long list of stuff

Step Three

Find these three entries entitled User Account Control, and check they are set to the following, if not set it to them by double clicking the option and selecting it from the drop down menu:

User Account Control: Admin Approval Mode for the Built-in Administrator account
    Default: Disabled
    Setting: Enabled
User Account Control: Behaviour of the elevation prompt for administrators in Admin Approval Mode
    Default: Prompt for consent for non-Windows binaries
    Setting: Prompt for credentials on the secure desktop
User Account Control: Behaviour of the elevation prompt for standard users
    Default: Prompt for credentials
    Setting: Prompt for credentials on the secure desktop

Part Two – Telling the computer to be more picky

Now that we have prevented evil people breaking past privilege requests without an administrator present, we need to make it so that the computer calls for an administrator more often. Doing this also prevents an evil person undoing all the good we did in part one.

Step One

Go to Start, open up Control Panel and in the search box, type ‘UAC’ and click ‘Change User Account Control Settings’

Step Two

Click ‘yes’ to the UAC prompt (the last time you’ll ever click yes) and set the slider to ‘Always Notify’, as seen below
UAC Notification Selection Screen


Your computer is now protected from evil people at the cost of you having to enter your password every time you do something administrative, which shouldn’t happen with average day-to-day computer usage.

If you do get the UAC prompt, before you enter your password, think: Why am I doing this?
The UAC is there to tell you that you are doing something that is potentially dangerous, so take the time to take a step back and ensure that you are making the right decision

Stay Safe and have a Merry Christmas everyone!

Adding your Timetable to your Calendar in Outlook 2013

I stopped procrastinating for once and went through my list of things to do, and one of those was to put my school timetable into my calendar.

Sounds simple, right?

Not quite so, we’re talking a total of six periods a day, each week (30 periods) for a two week timetable (60 periods). Some of those are single periods, and some doubles. Oh, and some after school stuff as well.

It’s actually quite complicated when you look at it. Each period needs to be added, and contains:

  • a Subject
  • a Location
  • a Start Date/Time
  • an End Date/Time
  • a Description (Dirty class name and Teacher’s name, e.g. 10X/AB1 – Mrs Ann Example)
  • a Reminder set for the start of the period

There’s a lot to it, and in the past I’d to go through each period inputting each of these variables myself. Fancy User Interfaces are great n’ all, but when you need to do mass data input, they can be somewhat… limiting. At least until now

Spreadsheets are great for mass data input because of the speed you can input large amounts of data, however you need to know what goes where without a handy label telling you. UIs are great because they show you what goes where, but try to enter more than a dozen entries and it’s really, really boring. Like really, really, really boring. Like listening to politicians giving us false promises sort of boring.

The trick to this is that many calendar clients allow you to import csv (comma separated values) files which contain event details and import them into your calendar.

Step 1 – Making the events

Start out with a new excel document and insert this header row:1
Subject | Description | Location | Date | Time | EndDate | EndTime | Reminder | ReminderDate | ReminderTime

From there, start by entering all of the subjects. If you have an event which has a break in the middle, i.e. I have a double period of Chemistry, with a period of lunch in the middle, then enter the subject twice – this can be seen on lines 5, 6, 9, 10, 14 and 15 of the image below
Various subjects inserted under the subject heading

Next, add their descriptions and locations. In this case, I want to keep my classes, teachers and classrooms anonymous (to protect me from fellow students and my teachers from you), so they’re blurred :)
Class names and Classrooms added

After that, insert the start dates, start times, end dates and end times. I do one day, copy and paste it into the appropriate start dates and end dates, increment it and do it for the next and so on. After that, I go back and do the start times, then go back again and do the end times. It’s not as complex as it sounds
Start Dates/Times

The last step for this document is to add the reminder. In this case, I want a reminder to go off at the end of a lesson to tell me where I want to go next, so that makes the reminder really simple to set up. For each one, we need to set Reminder to 1, the date to the date it happens, and the time to the time it starts. This can be done by setting every cell in the reminder column to ‘1’ and copy/paste the start dates and start times into the reminder dates and reminder times:

So, first set the entire column to 1. Do this by setting the first two cells to ‘1’, selecting those two cells, then double clicking the little square in the bottom right of the selection (we do the first two cells to stop it doing a number increment, i.e. 1,2,3,4,etc.)
Set the first two cells to '1'  After double clicking the square, the entire column will be set to '1'

Afterwards, select the all of the start dates and times and copy them using Ctrl+C
Columns selected and copied

Then paste them into the reminder by selecting the top left reminderDate cell and hitting Ctrl+V
Select the top-right cell of the reminderDate cell  Paste the dates and times in

Once that’s done, your file should look something like this
The subjects, descriptions, locations, start times, end times and reminders all set up

Save that file as a comma delimited CSV (and as an xlsx if you have multiple worksheets)

N.B. If you have various holidays you want to work around, copy/paste the work you have already done and do a find/replace on the two weeks for the first two weeks of that ‘non-holiday block’. You will then end up with a bunch of events with dates just after the last holiday

Step 2 – Importing the events

Make sure you have closed Excel before continuing, or Outlook will complain it can’t open your csv

Open up outlook, click ‘File’, Click ‘Open & Export’ and click ‘Import/Export’. You should see this
Outlook Import Window

Click ‘Import from another program or file’, click next, then click ‘Comma Seperated Values’ and click next again

Select the csv you made in the last step and click open. Select ‘Allow duplicates to be created’ and click Next
Outlook Import Window and duplicate option selected

Select the calendar you want to import to. In this case I’m using my ‘Timetable’ calendar on my school email
Choose the calendar to import to

You will then be presented with a window asking you to check the actions to be performed. Check the Checkbox next to ‘Import “yourcalendar.csv” into folder: yourcalendar’. When you click the checkbox, a window will open allowing you to map the fields. If a window doesn’t open, click the ‘Map Custom Fields’ button on the right. This is the window you’ll be presented with:
Field Assignment Screen

Next, click and drag the items from the left box to their appropriate partners on the right. If you used my template, it should look like this, albeit your box won’t be so tall (this image took so long to construct in paint!)
Field Assignment Screen, with options set

Once you’re happy with the assignments, click OK, then click Finish. Your calendar will then be imported into outlook and you can look at the events and be happy
The Calendar

Notice that they only appear once, and don’t repeat bi-weekly? Neither Outlook imported calendars or CSV calendars support recurring events, so we have to do that bit ourselves, but it’s easy, really.

First, find the date you want the calendar to repeat to, like the next holiday. In my case for the june calendar, that half term ends on Wednesday, 22nd July 2014. Open notepad, word, or even the start menu and type in the date you finish that set on, then select it with Ctrl+A and hit Ctrl+C to copy it
Start Menu with 22/07/2015 typed into the start menu

Afterwards, go to through each event in your calendar (I use work week view, because it spaces them not too close, but not too far) and set up the recurrence using the recurrence button. You can’t select them all and do the recurrence at one! I wish you could, but Outlook doesn’t support that.
Calendar with Recurrence button highlighted

When you open the recurrence menu, you’ll see this:
Recurrence Menu with Default Settings

Set it to recur every two weeks, and paste the end date into the ‘End By’ Box. Once you get into the swing, use shortcut keys to get around further, specifically: Alt+C, 2, Alt+B, Tab, Tab, Ctrl+V, Return.
Recurrence Menu with custom settings

Once you’re done, you should be able to scroll through your calendar and see all of the events, along with distinct gaps for the holidays
Calendar with events


  1. You can download a header template in XLSX format 

DNS woes on OS X 10.10 Yosemite

Today I spent the better part of two hours setting up a BIND9 nameserver on my raspberry pi server, and I quickly ran into an issue:

The DNS cache on OS X was not updating. There are two methods circulating of solving these, which are:

dscacheutil -flushcache
sudo discoveryutil udnsflushcaches

So, I had to find another way.
And I found one. The super easy way of fixing this is to lower your TTL in your zone file, do the ping, and set it back again (or leave it)

e.g. take this here:

ben.local. IN SOA server.ben.local. hostmaster.ben.local. (
        1               ; serial
        5H              ; refresh
        4H              ; retry
        4W              ; expire
        1D              ; minimum
)

In this case, the TTL (refresh) is set to 5 hours. You won’t be able to get a lot of work done in that time, so set it to 5 to force a refresh every 5 seconds, i.e.

ben.local. IN SOA server.ben.local. hostmaster.ben.local. (
        1               ; serial
        5               ; refresh
        4H              ; retry
        4W              ; expire
        1D              ; minimum
)

Oh, and you don’t need to change the serial unless you have slaves waiting for an update. Make the changes, then run sudo service bind9 restart to restart the nameserver, and voilĂ ! You can get back to work.

In future, if this is a private nameserver which only receives a few queries a second, then feel free to set it to something reasonable, like a minute. or five. or ten. Keep the five hour TTLs for high load servers where you need to cater for tens of thousands of DNS requests a second

Floating Spam

I am bored, and therefore I intend to transfer my boredom to the internet.

Whilst looking from my spam folder (I really was that bored), I noticed that there were a bunch of messages at the top which had been there since I last looked (a long while ago)

At first, I dismissed it as my spam filter not working, but upon closer inspection, it appears that they were sent in October…

October 2018, that is. 4 years from now.

I therefore conclude that a type of spam designed to bug you to open it is what I have dubbed ‘floating spam’. That is, spam which was sent to you from the future. It will appear in your inbox if you perhaps run a small business, and are using a cheap mailserver to server you mail without a built in spam-filter and you only access your mail through webmail. If it’s all poorly put together, you will theoretically end up with these spam messages stuck at the top, hiding your other mail.

Of course, for me, the fact it was sent 4 years from now indicates to my spam filter that I am either involved in some Doctor Who plotline involving complicated timey-wimey stuff and email, or I have been sent some spam. It’s pretty obvious which one it is.

BE WARNED! FLOATING SPAM IS AMONG US!

Oh! Ye who hast been scrapped!

Today’s going to be an interesting article for those of you who take an interest in cars.

The Governmental People released a list of all the cars they’ve scrapped through the Vehicle Scrappage Scheme. Today I intend to go through the top 5 cars scrapped, to celebrate the hunks of junk we all stuck it to.

  1. Ford Fiesta – 13,622 Scrapped
    So, Britain’s officially best-selling car is hitting the scrapheaps in their tens of thousands.
    Something leads me to suspect that they are either Mk4 or Mk5 Fiestas, because let’s face it. Nobody really wants one anymore.
  2. Nissan Micra – 11,808 Scrapped
    This car deserves nothing more. Most likely scrapped was the Mk2
  3. Vauxhall Corsa – 10,453 Scrapped
    If I had the choice, I’d take the Corsa C over the Corsa B any day, which is why I suspect that the Corsa B was worse off in those figures
  4. Volkswagen Polo – 8,432 Scrapped
    I’m sorry, but the Polo has nothing going for it. I bet you most of those were either Typ 6Ns or Typ 9Ns.
  5. Vauxhall Astra – 8,066 Scrapped
    I suspect 3rd or 4th Gen. These cars were simply terrible

That’s it. I’m going back to work, and I suggest you do the same before someone catches you.
I’ll do a proper post sometime soon