Monday, 24 July 2017

Revising My Computer Security

A few weeks ago one of our in-house digital security people gave a presentation. He was not singing the usual tunes and had some interesting things to say, so I looked again at my security and privacy arrangements.

The public discussion about privacy is about keeping the prying eyes of the government and advertisers away from what you're up to. That's because no-one wants to say that the privacy you really need is from your wife, children, extended family, friends, and housemates. That doesn't sound sharey-carey-trusting-loving, but until the day the last person who likes to embarrass their mates is swinging from a tree, we're going to need that privacy.

I'm a single-occupancy household, so I don't need to lock my computers against my fellow trusted dwellers. On the other hand, I take two devices, the phone and the iPad, out with me most days, so those should have security enabled.

Also, I should do my bit to maintain herd immunity. Herd immunity happens when a high enough proportion of a group of animals has immunity from a disease that it can't spread. Maintaining herd immunity is why mothers who refuse to get MMR jabs for their darling ones are not exercising personal choice, but being irresponsible. If the word goes round the amateur villain chat boards that they have to steal twenty phones to find one that has no security and can be exploited, they will decide the odds aren't worth it.

For a long time I didn't do my part. There was nothing on any device I took out of the house that could be used to steal from me. Then along came PayPal, banking apps, Apple Pay and password managers.

I lock my work laptop every time I step away from my desk, and that's in a reasonably secure corporate environment. However, that's what my employer insists I do, and there are folk whose job it is to wander around spotting unlocked, unattended computers: it's part of my job, and I'm being paid to do it.

But then, I don't mind being locked out of my work thoughts. I do mind about being locked out of my personal thoughts. If that makes sense.

Anyway, as a result of the guru's advice, I made a few changes.

Apparently, advertisers put all sorts of tracking gizmos and other crapware on our machines. Some of it for people who have postcodes in Kaliningrad. I want to avoid that, so I put Adblock Plus on both my iOS devices, which improved the browsing experience as well. I have it on all my laptop browsers already.

I put my serious passwords into LastPass and have that on the devices I use to run my life. Caveat: LastPass doesn't sign you out after N minutes of inactivity. Signing out is manual. This is a mistake on their part. If you don't sign out, anyone who can get into your phone has access to the password manager that's still open because you forgot to sign out. As soon as you put a password manager on a device, you must activate the physical access security on that device. And sign out of the password manager anyway.

So I trained my phone to recognise my thumbprint, giving me a HTF (Do They Do That) moment. Folklore says it can tell if the Mafia cut off your finger and are using that. I'd like to know how that's done.

The guru has F-Secure on his phone. I met Mikko Hypponen, on a flight to Helsinki back in the day. He's a great ambassador for his company, but I still don't like active scanners. I use the default Windows Defender and the default Windows or OS X firewalls. I don't run McAffee, Norton or F-Secure. On iOS there's no point because of the way iOS sandboxes apps. On Windows or OS X, scanners are an operational overhead with little benefit. I read somewhere that the pros don't do use any. Instead they practice safe computing:
Don't visit dodgy websites, ignore any website that tells you your computer has viruses or your files are corrupt, and anybody who wants your passwords. Don't open e-mails from people or companies you don't know, and only download from the original supplier. Here I will tell you nothing have to do on sites which English not best used.
I clean out browsing history, caches and other stuff with CC Cleaner on Windows, and Clean My Mac for OS X. Cache cleaners for iOS are still lacking in functionality.

Just because I've cleared the cache or deleted the file, doesn't mean it's gone. Deleting is one thing, shredding is another. Here's the thing: file shredding and free / slack space wiping works on conventional hard drives (HDDs) but is iffy, if not discouraged on modern SSDs. It's not even clear what 'secure delete' in means on an SSD. There are encrypted drives that use a key which gets wiped, and unless the NSA or the Chinese are after you, guessing at the key is going to be computationally unfeasible. Most SSDs are not encrypted.

If you want to store large amounts of personal or private data, do it on a conventional hard drive. The you can shred-and-wipe, and it's gone. As soon as an SSD gets involved, you can't be sure the data won't still be there.

On Windows I use CC Cleaner to shred files in the Wastebin after deletion. Every now and then, I over-write the spare space on the drive as well. A three-pass wipe will do fine. The disk recovery people can work wonders with a physically damaged drive. The stuff they have works at bit-level. If you have, however, written random bits all over the drive, all they will get back are random bits. And no, on a modern 2.5-inch multi-gigabyte drive, all those tricks invented in the 1980's don't work.

My work laptop encrypts my Documents folder, but leaves the rest alone, which is sensible. On my personal computers, I'm not so sure. I might forget the password.

Encrypted files on personal computers are a red rag to anyone who wants to pick a fight. Encrypted files will be assumed to be the worst thing the person finding them wants them to be. Why else you you encrypt the stuff if it wasn't stolen company data / classified government documents / illegally-downloaded movies / whatever. Anyway, unless you are a journalist, very rich or have high-profile lawyers, you can be compelled to de-crypt it all by US Immigration, the Police, an Anton Pillar order, your wife, anyone with a gun... you get the idea.

(It occurs to me that the most secure personal laptop is one of those Lenovos or Dells that only corporates buy, dressed up with a corporate logon and two layers of passwords. Create at least two other user profiles and fill them with encrypted junk, suggesting that you are the third person to be using this computer. Make sure none of the software is within two releases of the latest version. Put on an old VT terminal emulator, McAffee, and make IE9 the default browser. Add a sticky label declaring that the Asset ID is BG788453TD, remove one of the keys (say Z) on the keyboard, and everybody will assume you work for a large financial services company and this is your work computer.)

While we're talking about encryptions, the guru suggested using Signal to communicate, or WhatsApp, which uses the Signal protocols. Use any end-to-end encrypted communication, as long as it is well-known. The quickest way to get GCHQ interested in you is to use fancy e-mail encryption, or a program known only to people who have attended Black Hat more than twice. I have WhatsApp, use the regular message app on the iPhone, and have a totally boring life.

All this stuff is free, by the way.

Thursday, 20 July 2017

Sticky Whimsy


These were on the seats on my station one morning in June 2014. People don't do things like that anymore.

How am I doing in my relentless drive to avoid anything political? Not too bad? I feel I'm about half-way through the detox. The longer essays on various but non-political subjects will return.

Monday, 17 July 2017

Never You Done That and Other Songs by Dave Wakling

Dave Wakling was the man behind many of the best songs of The Beat and General Public. He is, in my not-so-humble-opinion, one of the finest songwriters this Isle of Fine Songwriters has produced. Why he has not been inducted into Rock ’n Roll Halls of Fame is something that cries out for explanation.

I was listening to The Beat’s second album, Special Beat Service, recently, and as always was surprised and enchanted by this track:


The lyrics are wonderfully ambiguous. "She said to leave it till the end of the party / Do it now, you know there's never a next time / How come the feeling that it's only just started / Pull back your cover, I could love you for all time / But do it now, you know there's never a next time". Which exactly gets the ambiguity of what I and many others felt, back then in the Naughty Eighties, when meeting someone at a party for the first time and experiencing that immediate attraction. No-one else gets this the way he does.

He is the author of the best single lyric I know: “Each time we kiss you’re the perfect stranger”. You either know exactly what that means, or you won’t understand the explanation. Here’s the song.


This is about the perfect love. “Well who would have guessed, well I guess I should / The second night would be as good”. There are a zillion writers who tell us that sex gets better with intimacy and familiarity, and I have to say that was never my experience. The first night was always the best. Other nights may have many good and different moments, but a good first time is a moment unto itself. And Dave Wakling was the only songwriter (I’ve heard) who has spoken about this.

But maybe, as a commentator at a lyric site suggested, the song was about booze. (Drugs are never as good the second time, I am reliably informed. Booze can be. Each time I sipped a glass of Jack Daniels, it was the perfect stranger.) There’s nothing in Wakling’s biography to suggest he had a drinking problem. But even if he wrote it as a love-song to a woman, maybe my inner drunk heard it as a song about drinking?

In the end, do I care? These and others are wonderful songs, like no other written by anyone else. If you haven’t heard his stuff, go listen.

Thursday, 13 July 2017

But The Feltham Line-Man Is Still On The Line

This is one of the rarest sights you will see: a BT / Openreach engineer up a pole and replacing the drop wire into a house. In this case, mine.



It's important to thump the base of the distribution pole a few times with a hammer: this is to make sure it sounds, well, sound, as opposed to rotten. Don't want to strap yourself on and then fall backwards as the pole breaks.

The engineer tested the wire from my house and the magic box found a fault 17.4 metres from the termination box. It has to do with the fact that signals are reflected back from a physical fault in the wire.

The wire they ran into the house is less than a millimetre thick, far thinner than the original cable. This is because, as you will recall from your physics classes, while power is transmitted via current (amps), signals are transmitted by a change in voltage. You need heavy cable for power, but changes in voltage can be transmitted by the flimsiest of wires.

This was but one episode in the long-running saga of my crap internet connection from Talk-Talk, about which I will write more when it is eventually resolved.

Monday, 10 July 2017

Summer Algae, St James' Park


The Algae. 

St James's Park, 20:00 Sunday evening.

Thursday, 6 July 2017

Somewhere in a Hotel In Somerset


Is a piano-body in a garden. The rest of the hotel was pretty fancy as well and the lunch was excellent. Well worth the diversion on the way down to the north coast of Somerset. This was several years ago.


Totally forgotten the name!

Monday, 3 July 2017

Real Men Do NOT Text In The Gym

At my gym, I'm seeing more and more young men sitting on weights machines, texting or flicking through their music collection, because I really hope they are not flicking through Facebook.

Oblivious to all around them, they need to be shifted by a tap on the shoulder and a request to work in. At that point a lot of say they have 'one more set', or just get off and move to another machine.

 I suspect these young men are not running on a full tank of testosterone.

Dom Mazetti agrees with me. Though he uses different words.