Frank Leonhardt's Blog

Alternative Voting

I’ve just had a very nice chap on the ‘phone asking me if the AV campaign could count on my support in the forthcoming referendum. I told him that would be premature.

AV is attractive, but so is the existing, tried and tested system that has done us fairly well for nearly a century. Prior to that we had a similar system, except that women weren’t allowed to vote. This was probably wrong, but made sense at the time as women haven’t always been as clued up as in modern times (which was definitely wrong). Going back further we’ve had systems where (crudely put) only the best educated in society have had a vote, to various extents.

The idea that democracy is good, and therefore more democracy is better, doesn’t really hold water. Democracy was popularised by the ancient Greeks in Athens, but even back then they could see the problems (Plato’s Republic is an interesting read, and Socrates was a smart guy with a solid handle on it).

The good thing about democracies is that they allow you to boot out a bad government, which is why we must keep them. But do they get you a good government? I’d say, based on the evidence, that the more democratic you get, the worse the worse decisions the government is likely to take.

The AV camp keep pointing to Australia as a working example. If this is the best they can come up with, we’re in big trouble. Just take a look at Australian politics in action and you’ll see what I mean.

Another of their arguments, to quote the Electoral Reform Society, is that it “Penalises extremist parties, who are unlikely to gain many second preference votes.” They don’t back this up with research, so here’s an anecdote about the BNP (argue amongst yourselves as to whether they’re what was being talked about).

In the 2010 elections, talking to voters (especially in the less well-off and looser-tongued areas) the subject on the BNP came up. “They make a lot of sense and I’d vote for them if I thought it would do any good…” was a message I got quite frequently, in spite of the pariah status imparted to the BNP by the media. This was followed by “but I don’t want Gordon Brown to get back in.”

And there’s the rub. The AV camp believes people will vote positively with AV: vote for who they really want. What they don’t realise is that, at present, a lot of people are voting against who they don’t want, more than anything else.

So how will “extremist” parties fair under AV? Pretty well, I suspect. People would have voted for the BNP with their first choice, and against Gordon Brown with their second. The Electoral Reform Society idea that extremists will be disadvantaged needs some justification.

It’s not just me that thinks this, however. Take another minority extremist party, the Greens (they want to do some pretty extreme things with the economy); what do they reckon? Well their conference voted to back AV and they’re actively campaigning for it. If the Electoral Reform Society is correct then surely the Greens would be wiped out. That scenario doesn’t seem to bother them overly.

On the other hand, the sake-up that minority parties could bring might be just what we need as a society. Remember, you don’t need end up with an MP from such a party, but the realistic threat they might get in is bound to influence the policies of the main parties. For example, in the general population there is a majority to bring back hanging (never mind the issues involved with multiculturalism). The educated liberal elite in the main parties are always putting the brakes on the death penalty when the idea comes up, but if AV really does give the people a purer voice, things may get interesting on this any many other issues.

10-March-1120-March-11

No Fly zone in Libya is a bad idea

EU Foreign Ministers are planning a No Fly zone for Libya to protect anti-government protesters, and Russia has decided to stop selling the Libyan government arms. No one should have been selling arms in that part of the world, but “no fly” zone?

Let’s be clear – a no fly zone involves either words (which won’t work) or attacking Libya to enforce it.

The Libyan government is fighting armed protesters/rebels and fighting back. It’s their prerogative. A no-fly zone would obviously help the rebels because they don’t have an air force. The UK government is doing various things to ingratiate itself with the rebels, probably because they’re close to the oil fields. But is this wise?

Gaddafi’s lot are as odious as they come, but we now seem to have an agreement to leave them alone and they’ll leave us alone. Blair decided this in 2004, visiting the Mad Dog in Tripoli and making peace (forgiving him); to their credit the Conservatives weren’t so keen. But is anyone stopping to think what the rebels might be like? Based on previous experience, they won’t be terribly friendly if they win.

This is something the Libyan people need to decide. If we get a “no fly” zone it means attacking Libya and taking sides in what could turn out to be a civil war. We should be careful what we wish for.

17-February-1128-October-11

Seven Blunders of the Internet World

I’ve been involved with web hosting since the early 1990’s, and every week some hopeful bright spark comes to me with a great idea about making a fortune as an Internet entrepreneur. Whilst I hate to rain on anyone’s parade, a quick reality check is in order. Just because Amazon can make a fortune selling books on-line, doesn’t mean they can. Amazon got there first and they’ve got a slick, well organised operation. In short they can buy the books cheap, store them efficiently and, most importantly, stuff them into envelopes and post them quickly and cheaply. This doesn’t mean it’s impossible to compete with Amazon, but they were there first and have a massive advantage. If you decided to by a Cessna and try to compete with American Airlines on the London to New York run everyone would (rightly) say you were nuts, so why should it be a surprise to learn the same applies on-line.

Whatever you do, remember the ease of starting up on the Internet works for you and the competition. You need a unique selling point; a barrier to entry that only you can cross. If you don’t have one you’re competing with the rest of the world.

Here are seven popular but doomed ideas I’ve seen time after time…

Auction Sites. eBay’s doing well, but they’re a bunch of *****s so you want a slice of the action. Unless you’re selling something very specialised (i.e. that eBay can’t handle) then you’re wasting your time. Why should anyone list items with you when you can’t match eBay’s user base? Whatever you think of eBay’s business methods, items auctioned to millions of potential buyers are going to fetch a better price and sellers know that.
Social Networking Sites. So you want to be the next Facebook? Ask yourself why anyone would network their social life through you when there are bigger networks on Facebook (for home users) and LinkedIn (for professionals). Google is, I believe, planning to muscle in. They’re going to find it tough, but they’ve got almost limitless funds they can afford to speculate with, and their developers know exactly what they’re doing (well their top ones do). They’ll still need one hell of a good unique selling point.
Blogging sites. Get someone to provide the content while you rake in the advertising revenue. How many mugs do you think you’ll find? People can either run their own site (and keep the advertising revenue) or use Blogspot.
Directories. If your bright idea is to create a directory of business and get them to pay for a listing, I have to tell you it’s been done. If every business paid to be in every such directory they’d go bust in no time – they’re wise to it. They know that people will find them through Google, not you. There are ways this can sort-of work with advertising support but you’ll be lucky if they cover hosting costs this way.
On-line shops. These do work if there’s a real shop behind them. If you’re plan is to buy a copy of Actinic or download a free copy of Zencart or one of the dozens of on-line shops, put something up and see who bits, forget it.
Selling on-line you’re competing on price, order-fulfilment and uniqueness of stock – if people can get it cheaper and quicker somewhere else, they probably will. If you’re selling “unique” artefacts such as antiques or objet de art you’re competing with eBay or the artisans producing them, who would need a good reason not to set up their own web site and sell direct. If you’re thinking producers will pay for you to list them, ask yourself why they’d pay you rather than eBay or Amazon, where they’ll get far more exposure.
Web Design Company. Great idea! Download some web template generator for Joomla and make a fortune creating web sites for… well your friends, family and then what? The problem is that there is very little barrier to entry and the market is flooded with the unemployed (and possibly unemployable) looking for a work-from-home job without getting their hands dirty. The real web design companies have real programmers and cater for customers with specialist needs. If you’re thinking of using Joomla you’re not in that league. Sorry.
Internet multi-level marketing seller. Anyone can be a web hosting company, telephone company, ringtone provider or what-have-you – it’s easy! Just sign up to an affiliate programme, choose your branding and sell, sell, sell – along with thousands of others selling exactly the same thing. If it was easy to sell the provider would be selling direct, wouldn’t they?
All of the above are tried and failed businesses. If you’ve got a plan that doesn’t fall foul of any of the above it’s either completely crazy or it might just work – in which case give me a call. There are some ideas that might just work, but I’m hardly going to reveal them here

3-February-1125-March-11

Sally Bercow

I’m riding home on the tube with my complimentary copy of the Evening Standard, looking at a photo of Sally Burcow (New Labour activist wife of the Speaker) wearing “nothing but a sheet”, accompanied by an interview concentrating on how “sexy” the office of Speaker and politics in general cab be.

This is either part of a plot to deliberately discredit her nominally Tory husband, or perhaps she really is that naive. If it’s the latter, you’d have thought he’d know better, at least.

Actually, I don’t think John Berco needs any more discrediting – it’s time for him to go.

Incidentally, it’s not the choice of sheet that bothers me personally, it’s the nature of the interview.

2-February-1112-January-12

Egypt – be careful what it wish for

Obama (and the British government, to an extent) seem to have the knives out for President Mubarak at the moment. It’s called populism, and theyre trying to make themselves popular with certain sections of the middle east. Mubarak seems to have been a pretty good ruler given the standards in the region, but he’s got the skids under him already so they’re toadying up to his opponants.

Of course, when meddling in the internal affairs of another country they need an excuse. In Iraq it wasn’t regime change, it was weapons of mass destruction. In Egypt the best they can come up with is democracy. The Egyptions deserve democracy and Mubarak isn’t letting them have it. He’s given them peace and stability, but apparnetly democracy is more important.

I’m not so convinced. Failing third world countries are seldom helped by it. Where they have it, it’s left over from colonial days and tends to be used to get a new dictator in place, often with disasterous results. Look at the exmaples – Rodeshia, India, Pakistan, Ivory Coast – pick a third world country and try to find ways democracy has helped. I’ve been trying hard and I can’t think of any exanples. How about Russia? They threw off the corruption that developed under communism and replaced it with…? Okay, there’s East Germany – they’re probably better off in all respects.

Mubarak and his clan are hardly squeeky clean, but its a matter for the people of Egypt and the west is never thanked for interfering , but we never learn. Our leaders might find themselves stuck with embaressing “friends”, and the people of Egypt may end up blaming them.

27-January-11

Scrapping fuel duty is the right thing – a greenie writes

George Osborne is listening to those who want to scrap the fuel duty increase that New Labour said was a good idea. Any tax that can be called green was fashionable to the New Labour Islington set and therefore considered a good idea.

It’s hardly a secret that I’m somewhat anti-car. There are far too many of them, most used for frivolous purposes and government policy has always pandered to the motoring lobby rather than good sense. However, motoring taxes are not the way forward. Why? Because the only people they affect are the poor, people in rural areas and those for whom motorised transport is a necessity. Blair and Brown thought it a good wheeze to tax the poor back on to bicycles.

Taxing cars based on fuel consumption or engine size is also anti-poor. The rich can and do buy new cars frequently, and therefore avoid the effect of the taxes. It also encourages car production, wasting natural resources (although promoting jobs/votes in the motor industry). Those using second-hand cars are the ones that suffer. If you can’t afford a new lower-energy car you’re hit with the taxes; if you can, you’re not. If you make do with an old car, helping the environment by not scrapping it but repairing and reusing it, you get taxed for your trouble.

Perhaps the poor don’t deserve to use a car. That appears to Blair/Brown/Milliband’s idea. I wonder how they’d like it if their cleaner couldn’t get to work, or the nurses at the hospital or the teaching assistants at the schools in the affluent areas in which politicians live, but the low-paid workers have to commute to. Its good to see a Conservative chancellor forgoing a good chance to make a quick buck in the name of being green and looking after the people.

5-January-1114-February-13

Christmas Hackers 2010

The 2010/2011 cybercrime season has been one of the most prolific I remember. There have been the usual script-kiddie attacks, wasting bandwidth. These largely consist of morons trying to guess passwords using an automated script, and they’re doomed to failure because no serious UNIX administrator would have left guessable passwords on proper accounts. And besides which they’re guessing system account names you only find on Windows or Linux.

What seems to be a bigger feature this year is compromised “web developer” software written in PHP. This is set up by designers, not systems people, and they really don’t understand security – hence they’re a soft target.

This year it appears that phpMyAdmin has been hit hard. This seems to be a vulnerability caused by poor installation (leaving the configuration pages up after use) and using a weak version of the code that was actually fixed a year ago. When I looked I found several copies of the old version, still active, and dating from the time when the web designer had initially commissioned the site.

The criminals appear to be using a mechanism that’s slightly different from the original exploit documentation, but is fairly obvious to any programmer looking a the setup.php script. It allows arbitary uploads to any directory that Apache has write access too.

The nature of the attacks has also been interesting. I’ve seen scripts dropping .htaccess files into all likely directories, redirecting accesses elsewhere using the mod_rewirte mechanism. This appears to intended as a simple DoS attack by overloading target servers (homelandsecurity.gov and fbi.gov being favourite targets).

That this is the work of script kiddies there is no doubt. They’ve left botnet scripts written in perl and python all over the place on honeypot machines. Needless to say this makes them really easy to decode and trace, and you can probably guess which part of the world they seem to be controlled from.

My advice to users of phpMyAdmin (a web based front end for administering mySQL) is to learn how to use SQL properly from the command line. If you can’t do that (or your hosting company won’t let you, which is a problem with low-cost web hosts), at least secure it properly. Upgrade to the latest version, keep it upgraded and remove it from the server when not in use. If you don’t want to remove it, at least drop a .htaccess file in the directory to disable it, or make it password protected.

30-December-1014-February-13

chkrootkit finds bindshell infected on port 465

The current version of chkrootkit will throw up a warning that bindshell is INFECTED on port 465 in some circumstances when this is nothing to worry about. What it’s actually doing (in case you can’t read shell scripts, and why should you when there’s a perfectly good ‘C’ compiler available) is running netstat and filtering the output looking for ports that shouldn’t be being used. Port 465 is SMTP over SLL, and in my opinion should very definitely be used, but it is normally disabled by default.

As to whether this should worry you depends on whether you’re using secure SMTP, probably with sendmail. If you set up the server you should know this. If someone else set it up and you’re not too familiar with sendmail, the tell-tail line in the .mc file is DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl. Note the ‘s’ on the end of smtp.

Assuming you are using SMTPS, you can easily stop chkrootkit from printing an error (or returning an error code) simply by modifying the bindshell() subroutine to remove 465 from the list of ports to check. It’s on line 269 on the current, 0.49, version of the script.

I’m not so convinced that chkrootkit is any substitute for an experienced operator, but it’s out there, people use it and its better than nothing.

15-December-1014-February-13

FBI hacks every VPN on the planet

Can VPN’s be trusted?

I got wind of an interesting rumour yesterday, passed to me by a fairly trustworthy source. I don’t normally comment on rumours until I’ve had a chance to check the facts for myself, but this looks like it’s going to spread.

Basically, the FBI paid certain developers working on the OpenBSD IPsec stack to and asked for back-doors or key leaking mechanisms to be added. This occurred in 2000/2001. Allegedly.

The code in question is open source and is likely to have been incorporated in various forms in a lot of systems, including VPN and secure networking infrastructure.

Whilst I have names of the developers in question and the development company concerned, it wouldn’t be fair to mention them publicly, at least until such code is found. If you’re using the IPsec stack in anything might want to take a good look at the code, just in case.

However, if the code has been there for nearly ten years in open source software, how come no one has noticed it before?

10-December-1010-December-10

Prince Charles’ attackers lucky to be alive

At about quarter past eight this morning, on on Radio 4’s Today programme, the head of the Metropolitan Police (Sir Paul Stephenson), remarked that the protection officers in Prince Charles’ car had “shown restraint” last night when the Prince and his wife were attacked by anarchists. The presenter (Sarah Montague, I think) picked up on this, and asked what he meant by “restraint”, sensing he might be implying that the armed officers might have shot some of the rioters. He declined to spell it out. So, in spite of it being obvious, I will.

The bodyguards to the heir of the throne (and, come to that, the Prime Minister and various other establishment VIPs) are there for one purpose – to protect him from those that would do him harm. They’re carrying guns, not pea-shooters. So, faced with a situation where a bunch of enthusiastic republicans are smashing through the window of his car and shouting that they wished to kill the occupants, what are SO14 officers going to do? Well if the rioters were a credible threat, get out of the car, or get off their bikes and shoot them before they get a chance to kill or injure their intended victim. They’d already broken a window – if they’d got any further into the car I’d have said they were a credible threat.

Sarah Montague, and the rioters, need to grow up.