Not Another One!

Just after logging into my AIB Internet Banking account, and I spotted the following security notice:

From June 23rd you will be required to enter two codes from your AIB Code Card in order to complete the following actions on AIB Internet Banking:

This is only required for certain transactions, but it still seems to be a useless change. If someone has one code, the odds are extremely good that they have the code card. If not, the second code can probably be obtained using exactly the same method as was used to get the first.

If they really wanted to enhance their security, they might be better off deploying something like Rabo Direct's Digipass. I believe they already have something similar for their Business Banking. Unfortunately, this probably won't be done due to cost.

To go slightly off topic, the new AIB Internet Banking site is a vast improvment over the previous incarnation.

I think the Nokia Beta Labs need to do a bit more QA, their Enhanced Calculator for the the N96 has a slight issue:

I'm pretty amazed! I sent a normal letter from the main Post Office in Carlow to Kerry at 5:45PM yesterday. Got a text at 12:30 this afternoon to say that it had arrived! It's nice to see that at least one public service in this country is doing something right.

Seemingly I'm now an official GrannyMar Toyboy. I've been given the badge and informed that I have to be photographed wearing it!

However, I didn't want the poor camera broken, so I got a dodgy shot of my super sub with the badge instead.

What's the point of even worrying about whether clothes hangers are better than monster cables, when in most cases we can't even hear the stereo as intended?

Of course if you're really worried about the files from itunes, you can get the uber Denon AK-DL!

As part of my day to day work I spend a lot of time on the command line. In the vast majority of cases this means ssh into devices as diverse as Linux Servers, Cisco Switches, Juniper Routers and Fortinet Firewalls. While in some cases there will be a GUI available, it's a lot easier to document, script and backup what is being done on the CLI. Ssh also the advantage that it can be accessed on anything from a mobile phone to a perl expect script.

I have had the chance to play with a Dell MD3000i over the last few days, which is basically a rebadged LSI/Engenio SAS Raid Array. It's a nice bit of kit however Dell have seen fit to use the SMI interface for managing the array. The SMI interface is great idea which means that there is a nice "object-oriented, XML-based, messaging-based interface" (buzzword overload!) for doing day to day managment.

There is a CLI interface to this in the form of SMcli. In the case of Dell, this is a java app which requires sacrificing goats and/or virgins in order to get running on anything other that Windows, RHEL or SLES. So much for Java allowing platform independence!

What annoys me is that people have gone to the trouble of creating SMcli, so why not use it as a shell on an ssh server running on the array itself. This would all of sudden mean that they gain a lot more platform independence, and therefore a larger potential market. The other technologies needed in order to setup the MD3000i are iscsi and dm-rdac which are already a solved problem and relatively easy to setup.

Am I mad in thinking that it's in Dell's best interests to put as few obstacles as possible in the way of setting up their products?

I'm just after coming across the Stupid Filter project. Now I'm waiting for the Spamassassin and Support Desk plugins!

I had an interesting issue today where up2date was complaining because a package was already installed. The error showed up as follows:

Fetching Obsoletes list for channel: rhel-i386-es-4...

Fetching rpm headers...
########################################

Name                                    Version        Rel     
----------------------------------------------------------
e2fsprogs-devel                         1.35           12.11.el46.1     i386  
gd                                      2.0.28         5.4E.el46.1      i386  
krb5-devel                              1.3.4          54                i386  
krb5-libs                               1.3.4          54                i386  
openssl                                 0.9.7a         43.17.el46.1     i386  
openssl-devel                           0.9.7a         43.17.el46.1     i386  
perl                                    5.8.5          36.el45.2        i386  
tzdata                                  2007k          2.el4             noarch


Testing package set / solving RPM inter-dependencies...
########################################
RPM package conflict error.  The message was:
Test install failed because of package conflicts:
package perl-5.8.5-36.el45.2 is already installed

Running "up2date -u --force" just gave me the same error. The eventual solution after much head scratching and wandering down deadends was to run the following commands:

up2date --get perl
rpm -Uvh --force perl-5.8.5-36.el4_5.2.i386.rpm

Once this was finish, "up2date -u" happily went about it's business again.

Just after having a rare look through my "High Spam" folder, and there is a massive amount of the usual Male Enhancement spam there. The spammers aren't sending all this just for fun of it, so there has to be idiots in the world who happily click on the links and buy the product.

 I wonder how ethical it would be for ISPs to send out a fake spam to customers with a link to an ISP controlled site. If they click on the Pay button and enter credit card details, have the confirmation page tell them something like:

"We know who you are and we have your account details. If you click on a spam like this again we will list your name and address on a public list of idiots. Your credit card has been charged a €5 stupidity fine".

It would probably break more data privacy and trade description laws than I know exist, but it could dry up one form of spammer income in a hurry :)

Wishful thinking?

I went to vote at Golden Spider's public vote page. First of all they have this gem:

 In this years Golden Spider awards, the judges will select the winners from all twenty categories, including the Best Blog and Best Social Networking site categories. We would also like to get YOUR opinion on the best Blog and social networking site categories. Choose from the nominations below, enter your email address and submit your vote.

This me reads very much like "Our judges know best, but we want you to feel loved". I submitted my vote anyway and got the lovely "Your Vote has been cast. Thank you for voting on both Categories." page. Out of boredom I viewed the source, and spotted the following:

<div class="display_none">
<form name="PublicVoting" method="post" action="publicvote.php" onsubmit="return validatePV();">
.....

I disabled CSS, selected two different options, entered a different email and it gladly accepted the new details. They do actually check to make sure that the email address you enter is used only once, but I have an infinite number of email addresses to use as they don't seem to verify the emails.

To the developers of the Golder Spiders Website, please go and read the Wikipedia article on Security Through Obscurity. Not everyone uses CSS, prime example being blind people who use screen readers!