Joint venture

In 1999, while learning to ski, I dislocated my right knee in a fairly dramatic manner. Knees are infuriating things because – once weakened – they are never entirely trustworthy. Then, in late December of 2010, I slipped on a ludicrously friction-free piece of rubber flooring right at the end of a jetway in Heathrow T5, inches away from boarding a flight to Stockholm, and, as if in fear, my right kneecap ran and hid around the back of my leg again.

For the whole of 2011, I could feel that my abused right knee wasn’t meshing properly, so I did some reading into methods for strengthening the joint, allowing for the fact that the anterior cruciate ligament is stretched all to hell. Rule number one was: plenty of exercise. Rule number two was: no high impact exercise. So that rules out jogging and running entirely, and makes even walking a bit questionable.

Many sources recommended elliptical cross-trainers as a good way to build up the damaged joint without any significant impact, and at the same time provide a good whole-body cardio workout – just what a fat sedentary bastard like me needs! So I bought one, at considerable expense.

It took a long time for it to be delivered. I ordered just before Chinese New Year, and the shop forgot to send the order to the delivery people, and then I was travelling….. but some six weeks after I handed over the money, I was the proud possessor of my own computerised elliptical cross-trainer.

On Thursday morning, ready for work, I went to throw away the huge slab of cardboard that the cross-trainer was packed in. The floor in the corridor outside my front door was soaking with condensation (it was the first day of spring; the humidity had leapt to about 100% overnight). I was wearing Rockport shoes. I slipped, went down like a fat sedentary bastard, and sent my kneecap scurrying for safety again. If I hadn’t bought the cross-trainer, I’d still be walking.

The hospital authority did good work, and the A&E staff at Princess Margaret were more than a little amused that I’d turned up with my own crutches (I knew I’d be using those again). The A&E doctor listened to my tale of multiple medial dislocations, caused by the smallest forces, and demonstrated the depth and sophistication of his training by telling me, “It’s not supposed to do that”. Then he made me an appointment with a specialist, who may consider opening things up and seeing if there are any bolts that can be tightened.

So here’s what I was supposed to be doing right now: I should be about half way to San Francisco, snoozing in an extra-legroom economy seat with a bellyful of red wine, on my way to the SF Security B-Sides conference for two days of talks, social networking, and catching up with old chums.

Since I was declared “not fit for air travel”, here’s what I am actually doing: trying to find somewhere comfortable to put my leg. Which apart from the swollen soccer-ball knee joint, also has a $2 coin-sized crater in it because the largest knee-brace the hospital had was a little on the small side. And because I couldn’t get out to the shops, I ordered a pizza, which has given me food poisoning. The elliptical cross-trainer is looming behind me, and I can hear it laughing quietly to itself.

Can’t complain, though. Irene the physiotherapist at PMH is cute as a button, and I have a follow-up appointment next week.

Been a while…

Blogging has its own momentum. Sometimes it’s easy to write every day, perhaps more than once a day. But occasionally you hit a dry patch; I suppose I could blog every day: “Got up, caught MTR, worked until after dark, went home, teased cats with laser pointer” – but what’d be the point? Don’t get me wrong; life is far from boring – but I can’t write about what I do at work!

So combine this dry patch with excessive travel and a tendency to be too busy to write and suddenly – after just a month or so – you have an “ex-blog” on your hands. Sure you could resurrect it, but it might turn out to be a zombie and eat your brains.

The longer you leave it, the more you’re aware than when you do eventually make another posting you’ll either be inundated with people saying “I thought you’d given up blogging”, or – worse – hear nothing but silence broken only by the chirping of crickets, because all the subscribers will have given up long ago and deleted you from their RSS readers.  So even when you do feel the urge to blog once more, you shrink from breaking the silence.

Still, I have stuff to write about, so better late than never. Will I hear the crickets chirping?

Department of Redundancy Department

RAID 1 is useful. If you didn’t understand that sentence, stop reading here; this posting is not for you. My new desktop PC makes use of a 40Gb SSD for the operating system, and a pair of 1Tb drives in a RAID 1 array for the home directories and other dynamic content. Frustratingly, Ubuntu 10.04 desktop edition doesn’t have an option to install with RAID (unlike the server edition), so I had to do it by hand. Here’s the solution, because it’s not terribly difficult, and because it might be useful for someone.

On my system, I created partitions on the SSD for the root, /boot, /usr and swap, and intended to partition my 1Tb RAID volume up for the /home and /var folders. Hopefully what follows should be clear enough that you can easily adapt it for your own partitioning preferences.

Boot from the Ubuntu live CD and choose to “Try without installing”. Let it boot into the desktop environment.

Create your partitions. You can either use fdisk if you’re old-fashioned, or GPartEd from the System/Administration menu on the desktop. The partitions that you’re going to use as components of the RAID array must be exactly the same size on all volumes. Assign file system types to your non-RAID partitions (if you have any) but not to the RAID partitions. We’ll do that later.

Become root:

$ sudo su -

Install the RAID tools:

# apt-get update
# apt-get install mdadm

(For some reason, the mdadm installation includes postfix. Just tell the postfix wizard that you’re local, and it’ll not matter.)

Now for the important bit: creating the RAID array. I have to do this twice: once for the /home partition and once for the /var partition:

# mdadm --create /dev/md1 --verbose --level=1 --raid-devices=2 /dev/sdb1 /dev/sdc1
# mdadm --create /dev/md2 --verbose --level=1 --raid-devices=2 /dev/sdb2 /dev/sdc2

(This should be pretty self-explanatory; –level=1 says I want to use a RAID 1 array, –raid-devices=2 says there’s two drives in the array, and /dev/md1 is the name of the RAID pseudo-device that’s created out of /dev/sdb1 and /dev/sdc1.)

Now we can create the filing system and format the array:

# mkfs.ext4 /dev/md1
# mkfs.ext4 /dev/md2

If you’re planning on using a different filing system (caution, ReiserFS may cause you to murder unsatisfactory mail-order brides) then just use a different mkfs instruction at this point.

Now to install Ubuntu. Run the installer (it’s right there on the desktop) and run through the usual question-and-answer process until you get to “Prepare disk space”. Choose to specify the partitions manually, and set the RAID array md devices where appropriate. (By way of example, I had /dev/sda1 for /, /dev/sda2 for /usr, /dev/sda3 for /boot, /dev/md1 for /home and /dev/md2 for /var.) Continue with the installation Q&A and then let the OS install itself.

Once it’s all installed don’t just go rebooting, because if you do, you’ll regret it. Problem is, Ubuntu desktop doesn’t include the RAID array manager mdadm in the default installation. Reboot now and your new OS won’t know how to access the RAID volumes. So before you reboot, you need to install mdadm into your new OS.

You need to mount your new installation and then tell the OS to treat that mount-point as the root. If you’ve got everything in one partition, that’s pretty straightforward. I had to do several mount operations to get all my partitions in place. If your partitions are simpler, adjust the mount operations accordingly. You must do the /dev, /proc and /sys mounts though:

# mount /dev/sda1 /mnt/
# mount /dev/sda2 /mnt/usr
# mount /dev/sda3 /mnt/boot
# mount /dev/md1 /mnt/home
# mount /dev/md2 /mnt/var
# mount --bind /proc /mnt/proc
# mount --bind /sys /mnt/sys
# mount --bind /dev /mnt/dev
# chroot /mnt

Install mdadm just like before (even the postfix), only this time it’s permanent:

# apt-get update
# apt-get install mdadm

For me, this was the end of the process. If your root volume is not part of a RAID array (mine wasn’t) then pop the CD out, reboot now and enjoy the fruits of your labours! However, if your root volume is part of a RAID array, then you’ll also have to fix the grub boot-loader, which will only be installed on one of the disks in the RAID array. For example, if your root volume is on /dev/md1 and that device comprises /dev/sda1 and /dev/sdb1 then you’ll need to do this, just to be on the safe side:

# grub-install /dev/sda
# grub-install /dev/sdb

Reboot, and cat /proc/mdstat or run the Ubuntu Disk Utility (on the System/Administration menu) to check that your RAID devices are syncing.

Nuisance calls

Direct marketing: a euphemism for “spam” and “nuisance calls”. I had my own personal brush with “direct marketing” recently. A local company here in Hong Kong (VirtualTech Consultants, if you’re interested) got my e-mail address from somewhere (they wouldn’t tell me where) and I started receiving marketing e-mails on behalf of their customers.

(You may be receiving e-mails from VirtualTech too; the way to tell is to look at the unsubscribe link at the foot of the message; if it’s a link to a web page in the domain then it’s a VirtualTech message.)

Now, here’s why the VirtualTech e-mails started to get on my flabby man-tits. (1) They’re broadly untargeted, selling things that I am not interested in (baby supplies? magical healing herbs?); (2) they’re mostly in Chinese; and (3) the unsubscribe button only removes you from that one single e-mail campaign. Nowhere do they provide the option to have your e-mail address completely removed from their master list.

Last week I ran out of patience, and called the owner of the company on his personal mobile phone. (How did I get that number? It’s at the end of the whois record for… just in case anyone reading this also wants to give him a call; after all, his own business model shows that he’s all in favour of unsolicited communications.) He noted my e-mail address and agreed to remove it from his list. A few days later I had another e-mail from VirtualTech. I called him again. He promised to remove my address from his list. Later that same day, another e-mail, another phone call, another promise… Now, I’m happy to play this game; I will cheerfully telephone the man every time I receive an e-mail for as long as he wants to send me e-mails. Really, it’s no problem. I think he’s going to give up first.

But imagine if you don’t have this opportunity for sporting redress. A letter in today’s SCMP really spelled out the amount of cognitive dissonance and disdain for the consumer in the direct marketing industry. The letter is from a Mr Eugene R. Raitt (who claims to be the Chairman of the Hong Kong Direct Marketing Association; if you’re reading this, Mr Raitt, please click on your name for an important message). The letter is about the Octopus company selling off personal information about people who signed up for its reward scheme. But that’s not the bit that stands out. Mr Raitt says:

Additionally, Mr Cramb has the option any time he receives a call he does not want to inform the calling company that he wishes it to remove his name from its call list, and it will gladly do so.

And as I read this, my blood boiled. Here’s the reality of the situation: I receive an unwanted sales call. When I answer the phone, the caller – hearing my English – immediately hangs up. Or says, “Sorry, wrong number” and hangs up. Or asks, “Do you speak Chinese?” and when I say, “Please do not call this number again” repeats, “Do you speak Chinese?” How, Mr Raitt, am I supposed to “inform the calling company”? Any suggestions?

Mr Raitt goes on to say:

The last thing any company wants is to spend money needlessly contacting people who clearly do not wish to be contacted.

Then where is our do-not-call list, Mr Raitt? Why are the direct marketers not at the front of the queue of people lobbying for a do-not-call list? All we have right now is a list to register our objections to recorded-message sales calls. See, this is exactly the same situation as I have with the VirtualTech Consultants: even if I can get myself removed from one company’s call list, it’s not going to prevent the next company from calling me, or the one after that. I do not wish to receive unsolicited sales calls, and Mr Raitt’s disingenuous claims do not address that at all.

Contrast Mr Raitt’s cynical distortions with the nice guy who runs VirtualTech Consultants. Mr VirtualTech knows he’s in a dirty business that wins you no friends, and yet is unfailingly polite whenever I phone him up to tell him I’ve received another e-mail from his company. I almost feel bad about pestering him. Mr Raitt, on the other hand, tries to pretend that he represents fine, upstanding, honest businesses, and comes across either as someone for whom shameless lies are part of the daily round, or the only inhabitant of a happy fantasy-land populated by community-minded telemarketers.

Will they find the black box?

If you haven’t already read Flying Low and Flying Low II: Ground Proximity Alert, you should start there.

The Aviator has crashed and burnt! It’s been deserted, darkened, with a bike lock through the door handles for some weeks now. The varnish outside is flaking away. The whole place dragged out of the sky in a stall induced by epic fail.

But how could this happen in a busy, highly-populated area like Tung Chung, where there are so few other bars to choose from? Could it be:

  • that they never, ever changed their tedious and bland menu?
  • that their food and drink were recklessly overpriced, especially given the quality?
  • that their beer selection was minimal and consisted of the same brews sold everywhere else (if I wanted Carlsberg I’d get it from 7-Eleven; sell me something interesting!)?
  • that their buffet was covered in flies?
  • that their staff had been taught a special facial expression of greeting (best described as “oh crap, here’s another one”)?
  • that the place had the atmosphere of a food court, and did not encourage lingering (more like The Autopilot, quite often)?
  • that the service was incredibly slow, and you’d often spend as long waiting for your pint as you would spend drinking it?

Or perhaps it was just bad luck. Who can say.

Moving on, fingers crossed that something actually good replaces it. Not just another chain restaurant/bar. Something with the pizzas of Wildfire, the beer selection of the East End Brewery, and prices from the Mainland. Not a chance, obviously.

We’ve replaced this hooker’s regular herpes with the Win32/Wisp.A BackDoor-EMN virus. Let’s see if anyone notices…

The headline: “First human ‘infected with computer virus‘”.

The truth: oh lordy, it’s Captain Cyborg’s protege.

Captain Cyborg is Kevin Warwick, loopy professor of cybernetics at Reading University, who has been inserting bits of electronics under his skin for some years and making extravagant claims about the implications. He is most famous for taking advantage of the Soham murders by offering to implant an electronic tracking device into an eleven year old girl, (an offer that I think should earn him a place on some register or other).

Gasson is Warwick’s sidekick, although it seems the major lesson he’s learnt from the Cap’n is how to be a media whore.

So what about these claims he’s infected himself with a computer virus? I had a few concerned friends forward me the URL, seeking comment. Well, if I put a pregnant rabbit inside my PC case and then issued a press-release: “Computer Gives Birth To Bunnies!” – that would be about the equivalent to Gasson’s little achievement. (Full disclosure: that analogy is not mine, but it is far too superb not to share.)

Gasson, in short, has repeated a fairly dull RFID experiment. But before doing so, he wedged the RFID under his skin. He could equally have poked it into a sausage, or up his arse, and the results of the experiment would have been just as meaningful, but he’d not have got the press exposure because people would have been laughing at him instead, which would be the right response.

Of course, underneath the trashy sensationalist journalism and craven publicity-seeking there is a serious implication to this experiment: implants (pacemakers and such) that are integrated into the human body may become vulnerable to attack using technologies not dissimilar to RFID, and it is incumbent on the manufacturers to bear this in mind.

But the key word there is “integrated”. You achieve the status of cyborg when the technology has been actually integrated with your body, not merely inserted into it. You do not become a cyborg by placing electronics under your skin, even if you then scurry off outside looking for Sarah Connor. Although the whole concept of humans being infected by computer viruses is specious at best, you’d assume that this kind of integration would be a prerequisite.

So, in response to the concerned e-mails I received: you do not need to install Norton Anti-Virus on yourself. Not just yet.

Not even…

Earlier in the month I gave a talk at the Info-Security Conference in Wanchai, defending the PCI DSS against claims that compliance is worthless and does not improve security. At around the same time, I had an article published that contained essentially the same argument (read the PDF here; original article here).

Every day, dishearteningly, I see more and more examples of the kind of businesses to which my presentation and article were referring. Specifically, the ones that are culpably negligent in terms of information security.

Check out, for example, this news story. Nothing particularly unusual about it, but I thought the merchant’s statement was especially illustrative of the kind of attitude of which I see so much. They portray themselves as utterly innocent victims of a “senseless” attack. Bullshit! A senseless attack is when someone randomly punches you in the face while you’re walking home from the pub. Heisting a load of cardholder data makes huge amounts of sense: it’s valuable. And they’re hardly innocent. Wearing a short skirt does not mean you are asking to be raped, but leaving your payment card database hanging out most certainly does mean you’re begging for someone to come along and make a copy or two.

But it’s okay: “authorities” say the attack wasn’t the result of any “wrongdoings” by staff or management. Bullshit again! Management are responsible for securing their data. They neglected to do so. That’s a good, solid piece of wrongdoing right there.

Now, I really don’t mean to single out this one small restaurant, but I see attempts to substitute investment in security with affronted and unconvincing protestations of innocence like this all too often, and that was what sparked my pro-compliance presentation and article.

I sometimes consult for businesses that have got sub-par security. The fact that they’re addressing their poor security absolves them of negligence. Businesses like the aforementioned restaurant are in a whole different league of shame. And so I’m proposing a new terminology for them. Based on Wolfgang Pauli’s dry observation that something can be “not even wrong“, I am choosing to label the security negligent as “not even incompetent”. After all, you can only be incompetent at something if you’ve tried it.

Sadly, this does not surprise me

Wikileaks recently released a video showing incriminating footage of an attack by an American helicopter gunship in Baghdad. Many were killed, including two Reuters journalists, and children were seriously wounded. The Americans claimed this was all within the rules of engagement, but the video footage tells a very different story.

But that’s not what this posting is about. It’s about Facebook’s censorship of this very important subject matter.

The web site Collateral Murder was set up to ensure that the video could reach a wide audience. But interestingly, if you try to post a link to Collateral Murder on Facebook, you get:

“Blocked Content”? Now how did that happen?

The chef? He’s from Barcelona

Incredible. Simply months since the last update. I bet you thought I’d given up blogging. In fact, I’ve been torn between masses of mundane stuff (not worth blogging about) and some interesting stuff that I’m damn well not going to blog about (mind your own business!)

So here, just to kick things off again, is a restaurant review. La Comida, Staunton Street, the Spanish restaurant and Tapas bar. I was there last night and was confounded by the gap between their good dishes (amazing) and their bad (a practically inedible travesty of cooking).

In summary, if you go to La Comida stick to the tapas which were, without exception, bloody marvellous. The calamari with aoli were perfectly cooked and not at all chewy, enclosed in a firmly textured crust of tasty crumbs, and the aoli itself was an ideal match. The asparagus with parmesan was the ultimate vegetarian comfort-food. The sardines were crispy-skinned, full of flavour and enhanced by a dash of olive oil (always available on the tables).

Then comes the tactical error: instead of ordering more tapas, my companion and I tried for some of their main meals. She had salmon with dill sauce and french fries and it was not too bad. A generously-sized portion, but unfortunately with only the most stingy splashing of sauce; certainly not enough to actually allow it to be tasted.

I chose the rack of lamb with mashed potato and green salad and it was universally awful. The lamb itself was properly cooked (I like mine rare and they complied with that reliably) but the cut of meat was cheap, clotted with fat and sinew, and much harder to eat than lamb rack ought to be. The mash must have been instant as it had no taste at all, and was dry and had a suspiciously uniform texture. The salad had been dressed apparently with pure brine and was far too salty to eat. Nothing on that expensive plate gave me any pleasure at all. Luckily my companion had filled herself up with tapas so I ate her salmon and found it quite agreeable.

They also serve the roughest rioja in the world as their house red. Avoid at all costs.

Would I return? Yes, for the tapas, without any hesitation. I’ll never be ordering off the main course menu again.

What’s in a name?

Sino Land are working on a new residential development near my office. It’ll be six tightly-packed blocks of 40+ storeys each, with lots of tiny concrete-box apartments per floor. It’s on the edge of Mong Kok and Tai Kok Tsui, which is widely held to be one of the most densely-populated places on the face of the Earth.

And what have they decided to name this habitat? Human-hive? The Sardinecan? Pod City? No, they’ve opted for The Hermitage.

Perhaps it’s not standard apartments at all. Perhaps it’s over 40 floors of bijou columnettes, for the urban Stylite-about-town.