Comment spam from Volumedrive

Comment spammers aren’t the sharpest knives in the draw. If they did their research properly they’d realise that spamming here was a stupid as trying to burgle the police station (while it’s open). You’ll notice there’s no comment spam around here, but that isn’t to say they don’t try.

Anyway, there’s been a lot of activity lately from a spambot running at an “interesting” hosting company called Volumedrive. They rent out rack space, so it’s not going to be easy for them to know what their customers are doing, but they don’t seem inclined to shut any of them down for “unacceptable” use. For all I know they’ve got a lot of legitimate customers, but people do seem to like running comment spammers through their servers.

If you need to get rid of them, there is an easy way to block them completely if you’re running WordPress, even if you don’t have full access to the server and its firewall. The trick is to over-ride the clients Apache is prepared to talk to (default: the whole world) by putting a “Deny from” directive in the .htaccess file. WordPress normally creates a .htaccess file in its root directory; all you do is add:

Deny from bad.people.com

Here, “bad.people.com” is the server sending you the spam, but in reality they probably haven’t called themselves anything so convenient. The Apache documentation isn’t that explicit unless you read the whole lot, so it’s worth knowing you can actually list IP addresses (more than one per line) and even ranges of IP addresses (subnets).

For example:

Deny from 12.34.56.78
Deny from 12.34.56.89 22.33.44.55
Deny from 123.45.67.0/24

The last line blocks everything from 123.45.67.0 to 123.45.67.255. If you don’t know why, please read up on IP addresses and subnet masks (or ask below in a comment).

So when you get a a load of spammers from similar IP addresses, look up to see who the block belongs to using “whois”. Once you know you can block the whole lot. For example, if you’re being hit by the bot using Volumedrive on 173.208.67.154, run “whois 173.208.67.154”. This will return:

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

NetRange: 173.242.112.0 - 173.242.127.255
CIDR: 173.242.112.0/20
OriginAS: AS46664
NetName: VOLUMEDRIVE
NetHandle: NET-173-242-112-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Allocation

<snip>

If you don’t have whois on your comptuer (i.e. you’re using Windoze) there’s a web version at http://www.whois.net/.

In the above, the CIDR is the most interesting – it specifies the block of IP addresses routed to one organisation. I’m not going in to IP routing here and now, suffice to say that in this example it specifies the complete block of addresses belonging to volumedrive that we don’t want – at least until they clean up their act.

To avoid volumedrive’s spambots you need to add the following line to the end your .htaccess file:

Deny from 173.242.112.0/20

If this doesn’t work for you the the web server you’re using may have been configured in a strange way – talk to your ISP if they’re the approachable type.

I have contacted Volumedrive, but they declined to comment, or even reply; never mind curtail the activities of their users.

This isn’t a WordPress-only solution – .htaccess belongs to Apache and you can use it to block access to any web site.

Perhaps there’s some scope in sharing a list these comment spambots in an easy-to-use list. If anyone’s interested, email me. This is a Turing test :-)

Why and how to hack a mobile phone

Anyone outraged that News of the Screws journalists have been “hacking” in to mobile ‘phones needs to get a grip on reality. They’re investigative tabloid journalists; what do you expect them to be doing?

To call it “hacking” is grossly overstating the case anyway – what they did required no technical knowledge other that that available in any playground in the country. All you need to do to retrieve people’s voice mail messages is dial their number, and when you get through to voice mail, enter the PIN. Most people leave the PIN as the system default.

You might argue that this is a gross breach of privacy and so forth. But it’s no more so than camping out on someone’s doorstep to see who goes in and out, following them, or tricking them into telling you something they wouldn’t if they knew your were a journalist.

New Labour was very keen to suppress the traditional liberties of the population in general and passed various dodgy laws to protect the lives of the guilty from prying journalists. In 2000, listening to other people’s voice mail was made a specific offence. “And quite right too!”. Wrong! It’s just another example of those in power making it difficult for us to check up on what they’re doing. We have (or had) a free press with a tradition of snooping on politicians, criminals and anyone else they wanted to using whatever means, as long as it was “In the public interest”.

Journalists are also out to sell papers, so the “public interest” defence is often strained to its limit, or broken. However, it should remain as a defence in a court of law and people should be able to argue their case there. It should be all about intent. But New Labour had other ideas.

People are uneasy about voice mail because it’s technological, so lets look at another example.

Suppose a journalist was camped outside someone’s house, noting down who came in and out. Another invasion of privacy, but right or wrong?

Well that depends – if it’s some innocent person then the journalist will probably end up throwing the notes away, so no harm done. If someone uses information collected in this way in the pursuance of a crime (e.g. Blackmail), that’s another matter, but journalists don’t do that.

Now supposing the journalist is investigating a suspected terrorist, and checking up to see who they’re associating with – or even a politician associating with a known crook. Clearly this information in the public interest.

It’s all about intent.

You could argue that investigations of this nature shouldn’t be carried out by private individuals but should be left to the security forces. That argument doesn’t bear scrutiny for more than a couple of seconds. The public needs the right to snoop as well as the government agents – anything else is known as a ‘police state’

As to the current difficulties – anyone who knows anything about the press will tell you that these and many other tricks are employed as a matter of course, although journalists won’t make a big noise about using them. It’s conceivable that an editor like Andy Coulson would neither know nor care exactly what his investigation teams were doing to come up with the information; you don’t ask. It’s also inconceivable that only the hacks on the News of the World had thought of it. Sources need protection.

It’s clearly a political stunt by old new Labour. Could they be upset that the press, including Mr Coulson’s old rag, turned against them? They used to be friends with the News of the World. At the time of the original scandal, it appears that the first politician to call Andy Coulson to commiserate with him about having to resign was none other than Gordon Brown. Apparently he went on to suggest that someone with his talent would soon find another job where he could make himself useful. (Source: Nick Clegg at today’s PMQs).

In defence of TalkTalk

The ICO has just had a go at TalkTalk for snooping on their customers. Hmm. I wouldn’t be a TalkTalk customer if they paid me so I’m not bothered on that score. But I’m also not worried because I can’t see they’ve actually done anything wrong in this instance.

What they’re accused of is harvesting the URLs of web sites visited by their punters. Reality check: networks log traffic anyway. It’s necessary for maintenance and optimisation. All managed networks do it, all the time. The system the ICO is making a fuss about simply collects the URLs and then sends a malware scanner to the site to check for dodgy stuff so it can blacklist the URL in future.

You can’t scan the whole web for malware; it’d take too long by a spectacular margin. Scanning the relatively small subset of URLs your customers are actually accessing is as good a way of directing your effort as any.

So why’s the ICO making the headlines? Just to show they’re on the ball, I suppose. And TalkTalk makes an easy target. This is probably the first time ever I’ve defended them on any issue.

DVLA tax disc renewal problems

Like most New-Labour government computer systems, the DVLA is broken. I don’t just mean it’s propensity for making mistakes – I mean it’s systemically flawed.

It goes something like this…

You buy a car in March and keep it for, say, four years (i.e. until it requires an MOT). The Tax Disc will expire at the end of February, as does the MOT and insurance. You’re expected to buy a new tax disc in advance – it should let you buy one from the 5th day of the month it’s due to expire. But it won’t – it says your MOT and insurance are about to expire (which is true, they’re bound to). So you get your MOT a couple of weeks early (wasting a couple of weeks of MOT time) and persuade your insurance company to insure you for eleven months instead of one year, or some such fiddle, to get the renewal dates out of alignment.

Why should you be forced into this performance? Life’s too short to argue, but any fool can see the system is flawed.

Couple this with the fact that they can’t organise a computer system properly and you have big problems – as I do now. The DVLA computer reckons my car isn’t insured. My insurer (of fifteen years) says it was renewed as usual at the start of the month, and can’t understand why the DVLA is having problems registering it.

You can call Swansea on 0300-7906802 if you actually need to speak to a person, although they’re not keen on giving this out, preferring the premium rate automated system numbers. I did this and was advised that I couldn’t drive my car now that the tax had expired, and that the government computer system responsible for the error wasn’t their responsibility. I could, if I wished, drive to the nearest post office issuing manual tax discs and they might be able to help – apparently they can now take faxed documentation but I bet they don’t know that! Anyway, how am I supposed to drive to the nearest Post Office if I don’t have a car.

To cap it all, they said they wouldn’t actually fine me for not renewing or declaring the vehicle off-road for 14 days. That’s big of them!

I asked about who to appeal to concerning DVLA problems and got the email address for their customer services department. I don’t I’ll get much satisfaction. My MP shall be hearing about this, although he’s not morally responsible for New Labour computer systems.

I think it’s time something was done about the DVLA, and would be interested in hearing about people having similar problems.

NHS Direct is unwell

NHS Direct has the skids well and truly under it. Vandalism! Cutbacks! Distruction of the People’s NHS cries Labour.

But what was it all about? If you were ill, you were supposed to call NHS Direct and they’d tell you what to do about it – generally “Get the down to A+E or your GP service to check it out.” If you, or your child are ill, this is what you’re going to do anyway.

Having an telephone helpline for discussion of medical matters is a good thing, especially for anyone without any books on the subject or access to the Internet. Apparently this is just what we’re getting instead – it’ll be cheaper than having medically qualified on the end asking the questions and then suggesting a personal visit anyway. “Civilians” cand do that, as long as they’re briefed not to overstep their remit.

GPs came out against NHS Direct yet again in June, so presumably we’ll be hearing they’re pleased with the result. No one I know has every had much joy in calling them, although the “worried well” may have had some comfort – or had their hypochondria fueled. It’s just New Labour, upset that the new government has stopped paying for their gimmick. As to the staff that’ll be made redundent, apart from the management consultants they’re generally qualified nurses answering the ‘phone. Don’t we need more nurses actually nursing to the extent we’re importing them from the third world? I don’t see a problem with them being redeployed.

Intel has just bought McAfee

Intel has just bought its neighbour in Santa Clara.

Well there’s a surprise. According to today’s Wall Street Journal it’s a done deal at $48/share (about £5bn). Paul Otellini (Intel’s CEO) has been saying that “security was becoming important” in addition to energy efficiency and connectivity. This lack of insight does not bode well.

I’ve been expecting something like this since Microsoft really got its act together with “Security Essentials”, its own PC virus scanner by another name. Unlike other PC virus scanners, Microsoft’s just sits in the background and gets on with the job without slugging the PC’s performance. Why would anyone stick with McAfee and Symantec products in these circumstances?

Whether PC virus scanners have much benefit in today’s security landscape is questionable, but at least the Microsoft one does no harm.

Intel has (apparently) paid about £5bn in cash for McAfee. I wonder if they’ve paid too much. It’ll generate revenue while lusers and luser IT managers are too scared to stop paying the subscription, but as anti-virus becomes built in to Windows this is going to dry up. I suspect McAfee was aware of this situation ad was moving on to mobile device security – not by developing anything itself, but by buying out companies that are.

When McAfee bought Dr Solomons in 1998, it was basically to pinch their technology for detecting polymorphic viruses and close down their European rival, which they did – everyone lost their jobs and the office closed. (Declaration of interest: Dr Solomons was a client of mine). Whether McAfee has any technology worth plundering isn’t so obvious, so presumably Intel is buying them as a ready-made security division.

McAfee does, of course, have some good researchers in the background – we all know the score.

India’s $10 laptop joke

There was a time when “Made in Hong Kong” was a byword for a cheap and nasty knock-off of the real thing, that didn’t really work. This was in the early 1970’s, and was pretty much true. In the late 1970’s I was horrified to discover that I’d bought a piece of electronic equipment “Made in Hong Kong”, but as it turned out, it was of really good quality and still works flawlessly today.

Hong Kong has now been assimilated by mainland China, and it seems that everything is made there – and is often none the worse for that. India has taken over Hong Kong’s mantel, although in this time of political correctness you don’t hear comedians joking about it.

But why is this? India seems to be a country desperate to be taken seriously – it has a space programme for no other reason than this. But artefacts manufactured in India tend to be either rough and ready, or inferior and semi-functional knock-offs of something made better elsewhere.

While still musing on the above I was sent this:

Apparently this thing, which looks like an iPad and runs Linux, would soon be produced for as little as $10. This in incredible. (Not credible). India’s Education Minister knows nothing about electronics or computing, and has announced this in spectacular style to the world. Apparently it was designed by the Indian Institute of Technology, and the Indian Institute of Science. Apparently they’re “elite” and “prestigious”. Their spokeswoman, Mamta Varma, said the device was feasible because of falling hardware costs. What they actually are, if this is anything to go by, is a laughing stock.

Of course, most people don’t know much about computing devices, but generally they have the good sense not to pretend they do. For the benefit of this majority: There is no way you can put a processor, colour touch-screen display and enough memory into a box for $10. It’d cost that for the battery and power supply.

Apparently this marvel has the facilities for video conferencing (i.e. a fast processor and a camera) and can run on solar power. Hmm. You’d need more than $10 worth of solar cells, for a start.

However, this won’t be “Made in India” – Sibal stated they were in discussions with a Taiwanese company about manufacturer. For $10? I don’t think so!

If India doesn’t want to be treated as a joke it needs to start by muzzling its ministers.

No Justice for Ian Tomlinson

The CPS isn’t going to prosecute anyone over the death of Mr Tomlinson at the G20 protests following an unprovoked attack by a police officer (Simon Harwood). They say that he was definitely assaulted, but they can’t prove the link between the assault and his subsequent death. “There is no reasonable chance of a conviction” because of this. Two pathologists though he was killed because the injuries lead to a heart attack, one thought it was a heart attack that might have been from natural causes.

Actual Bodily Harm was also ruled out because, apparently, there’s dispute as to whether the internal injuries caused by fall lead to his death, and the appropriate charge would then be manslaughter – and you can’t have both.

Common assault (from the baton attack), which caused a less serious injury, can’t be pursued because the six month time limit has expired.

The Director of Public Prosecutions (Kier Starmer QC), Steven O’Doherty and Tim Owen QC are responsible for this decision. Kier Starmer (named after Keir Hardie) is, of course, closely associated with the Labour party and the previous government (appointed in 2008) .

This is a disgrace. There’s nothing more to say.

Raoul Moat was a dangerous killer

Am I missing something here? Raoul Moat, a established life-long violent criminal, went on a rampage with some guns and shot three people, killing one of them. The police finally corner him, and at great risk to themselves, try to talk him into surrendering. When he finally gets around to shooting himself, the next thing we hear is that the Police Complaints Commission is going to investigate, and BBC journalists are wringing their hands and talking to his friends and relatives, who are moaning and wailing about their tragic loss. What about the relatives of the people he murdered or seriously injured?

Good riddance! The only reason I can think of for the police not to have shot him on sight (once identify had been established and he hadn’t relinquished his weapons) was so that he could hang later – but that’s wishful thinking.

I wouldn’t normally approve of the police shooting criminals, but in this case the facts appear so clear cut – no misidentification, and clearly armed and dangerous. Whoever got close enough to fire a Taser at him deserves a medal for bravery. I can only hope it hurt like hell.

Andrew Lansley and Jamie Oliver

Health Secretary Andrew Lansley and media personality Jamie Oliver are on a collision course, if you read the headlines. But they’re both right.

Jamie Oliver headed a campaign a couple of years ago, the thrust of which was that we shouldn’t be feeding children junk, and school dinners were a prime example of junk. Andrew Lansley said it wasn’t the business of the establishment to go lecturing people, and to do so was counterproductive. This isn’t the same as saying Oliver’s point was wrong.

Statistics are now being bandied about, the latest being that the uptake of school dinners has risen slightly. Very slightly. Yesterday’s statistics were used to suggest that less children were eating school dinners than before the campaign.

This is missing the point – it’d still have been a success if the numbers had halved. Apparently about 40% of pupils have school dinners. This means that over the last couple of years, 40% of pupils have stopped eating junk and are now eating something decent. Result!

Lansley is also right – there’s no point in lecturing idiots. Intelligent people can, and will, review the evidence and make a good choice. You don’t need to lecture them. We will always have idiots, too, and they’ll always fly in the face of the facts – more so if you keep mentioning them. Whatever the solution to the junk food problem is, lecturing idiots is not the answer.

Speaking of statistics, I’ve recently heard the one about life expectancy being much reduced for lower social classes being trotted out, especially by New Labour types. It’s true. Someone living in an inner-city dump in Scotland lives on average 10 years less (in rough terms) than someone classed as “affluent” and living in London. However, if you look at these figures alongside the smoking and alcohol consumption rates in the same areas you’ll see it has nothing to do with disposable income or educational level. More people die young in Glasgow because more of them smoke. This is nothing new, but it’s not mentioned by “social” politicians trying to get a bigger handout for their part of the country. Attenuate these statistics with diet too, and I suspect the death rate disparity will disappear altogether.