Author Archives: Max Hemingway

Stringing along the Scammers

16 Thursday Mar 2017

Posted by in Security

Leave a comment

Tags

PadlockIts always great when you get a phone call saying “Hello, I’m calling from Microsoft and we have noticed a problem with your computer”. My inner kid springs to life and its time to string on the scammers.

Unfortunately my fun was cut a bit short after the first couple of questions when I was asked what key was next to my Ctrl key on the keyboard. They are evidently looking for a Windows key and they hung up when I gave them the keys of an Apple Mac Keyboard.

The worrying part is that this practice is still going on and people fall for it giving out information and going to web pages that will hack their machine and cost them money.

There is some good advice at this page on not being caught out and what to do if you are:

http://www.pcadvisor.co.uk/how-to/security/microsoft-phone-scam-dont-be-victim-tech-support-call-3378798/

 

Basic Input – Then and Now

28 Tuesday Feb 2017

Posted by in Uncategorized

Leave a comment

I spent part of today helping to run a STEM (Science,Technology, Engineering and Mathematics) session with some pupils from a local school. One part of the day involved programming in Python and I set a project of a simple higher or lower game based on a random number generated.

Running the session took me back to when I was at school reading my weekly copy of “Input Magazine” and programming a ZX81. A lot has changed between then and now in terms of computing, however some things haven’t with pupils having access to “Magpi Magazine” and programming a Raspberry Pi. (OK one was BASIC and the other is Python – but hopefully you get what a mean).

input

The ability to save and load has certainly got a lot easier and you don’t have to worry about pressing down on the keyboard too heavily and accidentally moving/dislodging the 16k RAM Pack placed into the back of the ZX81!

zx81_sinclair_research_advert

Sources:

Site Reliability Engineering by Google

03 Friday Feb 2017

Posted by in Digital, Productivity, Programming, Tools

Leave a comment

Tags

, , ,

learnHaving read this book previously its good to see that it is now available from Google on-line for reading/reference. The book itself is a collection of articles and essays on how Google run and maintain their computing systems by their Site Reliability Engineers.

The book can be accessed at  https://landing.google.com/sre/book/

List of the Table of Contents showing the articles and essays in the book.

Table of Contents
Foreword
Preface
Part I – Introduction
Chapter 1 – Introduction
Chapter 2 – The Production Environment at Google, from the Viewpoint of an SRE
Part II – Principles
Chapter 3 – Embracing Risk
Chapter 4 – Service Level Objectives
Chapter 5 – Eliminating Toil
Chapter 6 – Monitoring Distributed Systems
Chapter 7 – The Evolution of Automation at Google
Chapter 8 – Release Engineering
Chapter 9 – Simplicity
Part III – Practices
Chapter 10 – Practical Alerting
Chapter 11 – Being On-Call
Chapter 12 – Effective Troubleshooting
Chapter 13 – Emergency Response
Chapter 14 – Managing Incidents
Chapter 15 – Postmortem Culture: Learning from Failure
Chapter 16 – Tracking Outages
Chapter 17 – Testing for Reliability
Chapter 18 – Software Engineering in SRE
Chapter 19 – Load Balancing at the Frontend
Chapter 20 – Load Balancing in the Datacenter
Chapter 21 – Handling Overload
Chapter 22 – Addressing Cascading Failures
Chapter 23 – Managing Critical State: Distributed Consensus for Reliability
Chapter 24 – Distributed Periodic Scheduling with Cron
Chapter 25 – Data Processing Pipelines
Chapter 26 – Data Integrity: What You Read Is What You Wrote
Chapter 27 – Reliable Product Launches at Scale
Part IV – Management
Chapter 28 – Accelerating SREs to On-Call and Beyond
Chapter 29 – Dealing with Interrupts
Chapter 30 – Embedding an SRE to Recover from Operational Overload
Chapter 31 – Communication and Collaboration in SRE
Chapter 32 – The Evolving SRE Engagement Model
Part V – Conclusions
Chapter 33 – Lessons Learned from Other Industries
Chapter 34 – Conclusion
Appendix A – Availability Table
Appendix B – A Collection of Best Practices for Production Services
Appendix C – Example Incident State Document
Appendix D – Example Postmortem
Appendix E – Launch Coordination Checklist
Appendix F – Bibliography

Digital Tools- Voice Activated Assistants

20 Friday Jan 2017

Posted by in Digital, Innovation, Productivity, Tools

2 Comments

Tags

, , , ,

blogger-336371_640Does the Voice Activated Assistant have a place in the business?   Yes it does. There are lots of voice activated assistants available to help us with our daily tasks. Some are built into mobile devices and some are purchased as specific items. The key is that they all respond to commands and can interact with other devices in our lives.

These devices are already within most business today, but may not being used to their full potential.

“<Insert Name of Assistant> turn on the lights” – providing that the assistant has been linked to the lighting system it will turn on the lights as requested.

Voice programs and activation have been around for along time, but have only recently become more mainstream with the advancements in the speech algorithms and technology to recognise the various dimensions and variants of the human voice. Also the ability to respond in a human voice. Brings back memories of playing around with Dr Spaitso (https://en.wikipedia.org/wiki/Dr._Sbaitso) or watching the film War Games and wanting a talking computer “Would you like to play a game….”.

The biggest market at the moment is the consumer market with devices such as the Amazon Echo being used to connect a myriad of devices and services to build a connected home. There are a number of other assistants out there on devices that can do the same, such as Siri, Cortana, AVIC, and Google Now on the market. There are lots of others available as well.

There are also lots of projects and wishes to have an AI Assistant similar to J.A.R.V.I.S from Marvel’s Iron Man. Such a project is being carried out by Mark Zuckerberg. https://www.facebook.com/notes/mark-zuckerberg/building-jarvis/10154361492931634/

For some having devices around that are constantly listening can be a security issue, however in the main having a voice activated assistants are becoming more common place in every day lives.

“Google says 20 percent of mobile queries are voice searches” http://searchengineland.com/google-reveals-20-percent-queries-voice-queries-249917. This figure will be higher including all the assistants.

This trend is already seeing businesses building web based services to be voice friendly and allow access to data by looking at the type of natural questions someone may ask. Typically a voice search will take longer than a typed search as there is an additional processing step around the voice translation to search, however this is speeding up with the advancements in the programming and algorithms used.

Another example of a business application for voice assistants is where an operator is working with their hands and needs to get a part delivered or get answers to a question about the task they are doing.

In an office the assistant could be used to raise a ticket on the help desk AI, which in turn will try to solve the issue before raising a ticket for a human operator to assist.

Voice has been around for a long time and the future will see it mature to be a more personalised assistant with the ability to interact by recognising the user and have the ability to be called different names, removing the current standard activation names. Linking voice, business systems, data science, AI and machine learning will see a future of being able to ask natural language voice questions to the device about the business/data and obtain a natural language response from the system.

 

 

 

How secure is your home in the digital age?

06 Friday Jan 2017

Posted by in Digital, IoT, Security

Leave a comment

Tags

, ,

censorship-610101_640Reports from CES 2017 is seeing some great advancements in consumer tech coming out in the journey to digital. Coupled with some recent reports from around the web I have been thinking about the question “How secure is my home in the digital age?”

There are several ways into your home in the digital age. These could be grouped as several main areas:

  • Physical
  • Electricity/Power
  • Comms ( Landline & Fibre/Broadband/Wifi)
  • Mobile
  • Media (Things you bring into your home)

The below is some food for thought on some recent highlights in the news.

Physical

Physical security is a thing we normally take for granted these days. Good front and back doors with locks. Fences, gates, spiked bushes as well as house alarms make us feel fairly secure in our castles (homes).

There are some considerations though to physical security though as these days you can purchase a lock picking kit off amazon for £10.00. These are mainly for the purposes of learning and taking part in a growing hobby of lock picking for fun (There are national competitions for this) and I am certainly not suggesting any type of activity that is against the law.

Makes you stop and think though! I have taken the steps of upgrading my locks to anti-bump, anti-pick and anti-snapping ones just to be safe.

Most dwellings now have alarms. Some smarter than others as alarms can now be connected through wifi and connected to voice services such as Alexa.

https://www.cnet.com/uk/news/scouting-out-a-security-system-that-talks-to-amazons-alexa/

I’m in two minds about this level of connectivity – “Alexa, disable the house alarm” shouted through the letterbox could be a valid command on some systems.

Electricity/Power

Electricity is the lifeblood of the Digital Age. Without power to devices they are not really going to work.

Batteries and Energy Harvesting aside the main focus area for homes is the smart meter. This is usually placed inline before the electricity cable enters the home.

This is probably the most difficult for a home user to secure against a hacker coming in and from recent press probably the most worrying at the moment.

Hackers can attack smart meters and cause significant damage

http://www.theregister.co.uk/2017/01/04/smart_metres_ccc/

There is still someway to go to ensuring protection from this type of hack in the future.

Comms

Connectivity into the home is common place with routers and a level of firewalls in place. With the rise of connected devices, consumers may need to think about increasing their security and firewalls to cope with the increasing number of devices wanting connectivity back to the web.

LG are going to be putting wifi into every appliance it releases in 2017

http://arstechnica.co.uk/gadgets/2017/01/lg-wi-fi-in-everything/

Its essential to ensure any wifi used is secured and encrypted and router settings are changed from defaults where possible.

Mobile

I could have grouped this into the comms grouping, however the mobile is becoming more a personal control hub for our environments.

Android malware can manipulate your router

http://www.zdnet.com/article/this-android-infecting-trojan-malware-uses-your-phone-to-attack-your-router/

Good practices and checking the validity of apps can help against downloading malware. Also a good security app on the device will help.

Media

In this grouping I am classing anything that you bring into your home outside of the internet and connect it to a device. There are still a lot of USB sticks used and other media so anti-virus and malware checking is essential.

With these things in mind, the consumer has a lot of things to consider as they allow their home to become more connected. Following good security practices needs to become second nature and perhaps more communication to the person on the street on security when an item is purchased.

Raspberry PI on the PC & Mac

27 Tuesday Dec 2016

Posted by in Open Source, Raspberry Pi

Leave a comment

Tags

,

PIRaspberry Pi have released a desktop/Laptop version of their PIXEL running on Debian Linux – bootable via DVD or USB Stick, once you have downloaded and built the media.

Its good to see a lot of people enthused with installing Linux onto their old hardware sitting around.

I decided to try this myself on an old laptop (Celeron 1.2Ghz, 256Mb with a 20GB Hard Disk). Yes its a bit old, but does currently run Debian 8 (a bit slowly).

I downloaded the software ISO and burnt this to a DVD to run from. The machine booted okay, however the screen did have some issues with displaying the windows, however the backdrop did load okay.

This could be down to a few things, such as hardware (Memory) and not using a USB memory stick to boot from (DVD was doing a lot of reads). Perhaps an install onto the Hard Disk may have been a better option. One to try next.

pixel.jpg

I’m now moving on from this device to a bit more up to date hardware where this does run and in a virtual desktop.

What is good though is having a universal desktop on your PC/Laptop and Raspberry PI.

Reading through the comments on the Raspberry PI Blog, there are a few machines having issue, but it does work on the majority of devices.

The posts include instructions for installing on to a Hard Disk and also into VirtualBox mounting the ISO image.

Hard Disk

How to: Install to HDD (as the only OS)

Assumptions:
– The USB Stick you boot from is /dev/sdb
– The internal HDD is /dev/sda
Commands are given in double quotation marks.

1. Boot it from USB/DVD
2. Transfer the entire stick to your drive:
2.1. “sudo bash”
2.2. “dd if=/dev/sdb of=/dev/sda bs=1M”
3. Reboot without the stick, should boot from internal HDD_
3.1 “reboot”
4. Resize the Partition:
4.1. “sudo bash”
4.2. “fdisk /dev/sda”
4.3. print partitions with “p”
4.4. write down the beginning of partition 2
4.5. delete partition 2 with “d”, then “2”
4.6. create a new parition with “n”, primary partition, starting at the location from 4.4
4.7. write with “w”
5. Reboot:
5.1. “reboot”
6. Resize the filesystem on /dev/sda2 to fill the disk:
6.1. “sudo bash”
6.2. “resize2fs /dev/sda2”

Source:  Egon Rath

VirtualBox

In VirtualBox I have mounted the iso as an image.
To install to disk change the following:

Replace “dd if=/dev/sdb of=/dev/sda bs=1M”
with “dd if=/dev/sr0 of=/dev/sda bs=1M”

Source: Menno Harzing

Source for comments: https://www.raspberrypi.org/blog/pixel-pc-mac/#comments

 

Chronodex 2017 (Jun-Jun)

23 Friday Dec 2016

Posted by in Productivity, Tools

Leave a comment

Tags

,

ChronodexThe first half of the 2017 Chronodex has been released by Patrick Ng.

Available at:  https://app.box.com/s/rcthk406yjp0obd3263nwsphk53h4nyk

There is still a place for a manual diary and journalling using a pen rather than a blog post as discussed here No Batteries Required: My Personal Journal. I am now on my 19th Journal and still going strong.

IoT Best Practice Guidelines – Many more out there…

13 Tuesday Dec 2016

Posted by in IoT, Security

2 Comments

Tags

,

ThingsThe IOT Security Foundation has released three best practice guidelines on:

  • IOT Security Compliance Framework
  • Connected Consumer Products
  • Vulnerability Disclosure

I am currently reading through these with interest, especially the paper on Vulnerability Disclosure. Something that some companies do well and and some not so. I can see companies legal departments advising on this one, however it is an important topic for the industry to address.

These best practices provide one lense to look through on the issue of IoT Security as the industry still has a journey to complete with providing as set of universal standards due to the number of Groups and Communities publishing best practices, guidelines and standards. Some are specific to products and services and some are generic.

I have previously listed a number of IoT Groups in a previous blog post on IoT Standards

Links below from that blog post to some of the Groups/Communities

I had not listed the IoT Security Foundation on that original list so have added above. There are probably groups and comitties not listed here. Please comment below if you know of any others.

Choosing to follow best practices is a good thing. Choosing which best practice to follow can be a harder choice to make.

Until such time as a couple or even one set of standards, a hybrid Best Practice may present a good approach, picking the synergies between the best practices and standards, then bringing in the other ones needed.

These latest best practice standards do state that they are generic and up to the indivudal to adopt.

 

 

Flying D.R.O.N.E Safe

25 Friday Nov 2016

Posted by in Digital, Drone

Leave a comment

Tags

,

droneWith Christmas just round the corner and the uptake of drones the UK drone code has been upgraded to make it easier to understand.

  • Don’t fly near airports or airfields
  • Remember to stay below 120m (400ft) and at least 50m (150ft) away from people
  • Observe your drone at all times
  • Never fly near aircraft
  • Enjoy responsibly

The Drone Safe Website (http://dronesafe.uk/drone-code) has also had a revamp to cover the rules and make it easier to understand the rules which is supported by Airports, Airlines and some electronic suppliers.

The main issue will be getting drone owners to understand that the code exists. Some of these are simple, however how many people actually know how high 120 meters is. Perhaps drones should contain an Altimeter to help drone users keep under this height. Possible market for a clip on drone Altimeter/phone app going forward.

Tiny computing – VoCore2

06 Sunday Nov 2016

Posted by in Development, IoT, Open Source, Programming

Leave a comment

Tags

, , ,

split1.pngSearching round on the crowdfunding sites for things that are coming, I found the VoCore2 on iniegogo.

https://www.indiegogo.com/projects/vocore2-4-coin-sized-linux-computer-with-wifi#/

VoCore has already had an v1 early release and is now heading for a v2 release in January 2017. The cost of this board is $4, although as you start to add the additional boards the cost can go up to around $50.

VoCore2 is a open source linux computer and a full functional wireless router but its size is smaller than a coin. It can perform as a VPN gateway to secure your network, an airplay station to play loseless music, a private cloud to store your photo, video and code. Benefit for its small size and low power consume, it can be easily mounted in wall, help you boost wireless signal in every room or setup house based mesh network.

What I do like about this design is that its small and compact and can be used for a lot of different purposes:

  • VPN Router
  • IoT/Appliance Control
  • Music Player/Streaming
  • Wifi

Its ability to be added to an existing ethernet socket and add heaps of functionality to the socket and its open source makes this device interesting for me, as well as its ability to then act as a wifi extender from that socket.

I would like to look at what could be done with it to provide additional IoT Security to a device plugged in/connected to a network utilising this board. So looks like another board on the wish list to have a go on.

Pin Outs for the board:

vocore

Source/Pics: https://www.indiegogo.com/projects/vocore2-4-coin-sized-linux-computer-with-wifi#/