Not Another One!

Enhanced AIB Security?

2009-06-17T20:17:52Z

Just after logging into my AIB Internet Banking account, and I spotted the following security notice:

From June 23rd you will be required to enter two codes from your AIB Code Card in order to complete the following actions on AIB Internet Banking:

This is only required for certain transactions, but it still seems to be a useless change. If someone has one code, the odds are extremely good that they have the code card. If not, the second code can probably be obtained using exactly the same method as was used to get the first.

If they really wanted to enhance their security, they might be better off deploying something like Rabo Direct's Digipass. I believe they already have something similar for their Business Banking. Unfortunately, this probably won't be done due to cost.

To go slightly off topic, the new AIB Internet Banking site is a vast improvment over the previous incarnation.

Nokia Divide By Zero Error

2009-01-22T14:47:23Z

I think the Nokia Beta Labs need to do a bit more QA, their Enhanced Calculator for the the N96 has a slight issue:

This can be replicated by installing the app, opening it and hitting the button in the middle of the directional pad.

An Post Doing Something Right?

2008-08-06T11:54:34Z

I'm pretty amazed! I sent a normal letter from the main Post Office in Carlow to Kerry at 5:45PM yesterday. Got a text at 12:30 this afternoon to say that it had arrived! It's nice to see that at least one public service in this country is doing something right.

Grannymar Toyboy?!

2008-07-14T14:11:33Z

Seemingly I'm now an official GrannyMar Toyboy. I've been given the badge and informed that I have to be photographed wearing it!

However, I didn't want the poor camera broken, so I got a dodgy shot of my super sub with the badge instead.

The Folly Of Audiophiles

2008-07-07T23:31:11Z

What's the point of even worrying about whether clothes hangers are better than monster cables, when in most cases we can't even hear the stereo as intended?

Of course if you're really worried about the files from itunes, you can get the uber Denon AK-DL!

Reinventing The CLI Wheel

2008-05-06T20:39:18Z

As part of my day to day work I spend a lot of time on the command line. In the vast majority of cases this means ssh into devices as diverse as Linux Servers, Cisco Switches, Juniper Routers and Fortinet Firewalls. While in some cases there will be a GUI available, it's a lot easier to document, script and backup what is being done on the CLI. Ssh also the advantage that it can be accessed on anything from a mobile phone to a perl expect script.

I have had the chance to play with a Dell MD3000i over the last few days, which is basically a rebadged LSI/Engenio SAS Raid Array. It's a nice bit of kit however Dell have seen fit to use the SMI interface for managing the array. The SMI interface is great idea which means that there is a nice "object-oriented, XML-based, messaging-based interface" (buzzword overload!) for doing day to day managment.

There is a CLI interface to this in the form of SMcli. In the case of Dell, this is a java app which requires sacrificing goats and/or virgins in order to get running on anything other that Windows, RHEL or SLES. So much for Java allowing platform independence!

What annoys me is that people have gone to the trouble of creating SMcli, so why not use it as a shell on an ssh server running on the array itself. This would all of sudden mean that they gain a lot more platform independence, and therefore a larger potential market. The other technologies needed in order to setup the MD3000i are iscsi and dm-rdac which are already a solved problem and relatively easy to setup.

Am I mad in thinking that it's in Dell's best interests to put as few obstacles as possible in the way of setting up their products?

Useful New Filter Technology

2008-03-27T01:23:55Z

I'm just after coming across the Stupid Filter project. Now I'm waiting for the Spamassassin and Support Desk plugins!

Fixing RHEL Up2date Package Already Installed Issue

2008-03-13T12:57:00Z

I had an interesting issue today where up2date was complaining because a package was already installed. The error showed up as follows:

Fetching Obsoletes list for channel: rhel-i386-es-4...

Fetching rpm headers...
########################################

Name                                    Version        Rel     
----------------------------------------------------------
e2fsprogs-devel                         1.35           12.11.el46.1     i386  
gd                                      2.0.28         5.4E.el46.1      i386  
krb5-devel                              1.3.4          54                i386  
krb5-libs                               1.3.4          54                i386  
openssl                                 0.9.7a         43.17.el46.1     i386  
openssl-devel                           0.9.7a         43.17.el46.1     i386  
perl                                    5.8.5          36.el45.2        i386  
tzdata                                  2007k          2.el4             noarch


Testing package set / solving RPM inter-dependencies...
########################################
RPM package conflict error.  The message was:
Test install failed because of package conflicts:
package perl-5.8.5-36.el45.2 is already installed

Running "up2date -u --force" just gave me the same error. The eventual solution after much head scratching and wandering down deadends was to run the following commands:

up2date --get perl
rpm -Uvh --force perl-5.8.5-36.el4_5.2.i386.rpm

Once this was finish, "up2date -u" happily went about it's business again.

Solution To "Enhancement" Spam

2008-03-08T21:43:14Z

Just after having a rare look through my "High Spam" folder, and there is a massive amount of the usual Male Enhancement spam there. The spammers aren't sending all this just for fun of it, so there has to be idiots in the world who happily click on the links and buy the product.

I wonder how ethical it would be for ISPs to send out a fake spam to customers with a link to an ISP controlled site. If they click on the Pay button and enter credit card details, have the confirmation page tell them something like:

"We know who you are and we have your account details. If you click on a spam like this again we will list your name and address on a public list of idiots. Your credit card has been charged a €5 stupidity fine".

It would probably break more data privacy and trade description laws than I know exist, but it could dry up one form of spammer income in a hurry :)

Wishful thinking?

Golden Spiders Like Security Through Obscurity

2007-11-06T23:59:55Z

I went to vote at Golden Spider's public vote page. First of all they have this gem:

In this years Golden Spider awards, the judges will select the winners from all twenty categories, including the Best Blog and Best Social Networking site categories. We would also like to get YOUR opinion on the best Blog and social networking site categories. Choose from the nominations below, enter your email address and submit your vote.

This me reads very much like "Our judges know best, but we want you to feel loved". I submitted my vote anyway and got the lovely "Your Vote has been cast. Thank you for voting on both Categories." page. Out of boredom I viewed the source, and spotted the following:

<div class="display_none">
<form name="PublicVoting" method="post" action="publicvote.php" onsubmit="return validatePV();">
.....

I disabled CSS, selected two different options, entered a different email and it gladly accepted the new details. They do actually check to make sure that the email address you enter is used only once, but I have an infinite number of email addresses to use as they don't seem to verify the emails.

To the developers of the Golder Spiders Website, please go and read the Wikipedia article on Security Through Obscurity. Not everyone uses CSS, prime example being blind people who use screen readers!

PHP Manual Open Search For Firefox 2 And IE7

2007-10-25T12:05:00Z

I created a quick Opensearch file to add the PHP Function search to my search bar. If anyone is interested it's available here.

Update: To make life even easier, use ctrl-k to select the search box, ctrl-up and ctrl-down to select the different search providers.

DHL Tracking Madness

2007-10-23T18:15:50Z

I ordered a nice new toy from Komplett over the weekend and got a email with a "Track And Trace" code for DHL Europlus. I went to www.dhl.ie, saw a nice DHL Fast Track search box on the top right and entered my code. I got a page entitled "Tracking Good Afternoon" (at 6 in the evening) and search boxes all over the place. Besides not looking well in Firefox, it didn't show the code I had just entered anywhere.

I put my code in the top search box (Air Express), pressed search, and up popped a box saying entitled "DHL Road Express Shipment" telling me:

You may have entered a DHL Road Express Licence Plate Number / Identcode Number.

Please use the European Road Express Parcel Tracknet below to track this shipment.

The main page also had a section entitled "DHL Road Express Parcel Tracking", so out of interest I tried the code there and got the same popup. I then clicked the European Road Express TrackNet as they wanted, and figured out how to add my code and submit as needed. The tracking as it turns out is pretty dire. According to them, my package is in Tilberg, NL since yesterday morning. It better be wrong!

The point of this rant? Their system was smart enough to realise that the code I entered was a European Road Express TrackNet code. Why didn't it simply redirect to the proper page from the main page rather than carrying me into a page with multiple search boxes? Instead of a popup explaining where I need to go, why doesn't it redirect to the right page? Or even a link to the right page in the popup? Was there any UI testing done at all on the site?

I was talking to someone who once worked in a company bought by DHL. I was told that their biggest problem is that as they are buying up smaller local companies to do local deliveries, they are aren't integrating the new IT systems properly. This does explain why the tracking mightn't as great as it should be. However it doesn't explain why they can't add a small bit of intelligence to their site.

Whois Tip

2007-10-08T21:21:53Z

alias whois='whois -H'

Put that in your .bashrc (or equivalent) and get rid of the legal disclaimers which usually mean that you have to scroll up two pages to get the actual results! I should have looked at the whois man page ages ago.

Eircom Wireless SSL

2007-10-07T05:29:02Z

I'm in Heuston Station for a while and I have had to use Eircom wireless to access to the internet. What was disappointing was that the login page for Eircom's wireless does not have a valid SSL cert.

I logged in anyway (naughty, I know) as the IP it was pointing at was an eircom ip, and I am stuck. I am surprised that Eircom can get away without using a valid SSL cert for pages that have to handle credit card details.

I would have thought that one of the requirements for Credit Card processing would be having a valid SSL cert!

Blog Post Of The Year

2007-10-03T11:11:18Z

For those of you who have been following the Monster Spam saga, Grandad's summary of it is a must read!