The world is full of blackberries this morning, and they always taste better when picked straight from the bush. I’m sure this can be traced back to our hunter-gatherer roots somehow. But as an effect, or as the cause?
An interesting bit of data visualisation by Andy Kriebel gives some ideas.
I’d love to see how this varies for different countries/climates…
An intriguing article by Charles Duhigg, published a few months back in the New York Times magazine, talks about the value to large retailers of knowing when their customers are pregnant:
There are, however, some brief periods in a person’s life when old routines fall apart and buying habits are suddenly in flux. One of those moments — the moment, really — is right around the birth of a child, when parents are exhausted and overwhelmed and their shopping patterns and brand loyalties are up for grabs. But as Target’s marketers explained to Pole, timing is everything. Because birth records are usually public, the moment a couple have a new baby, they are almost instantaneously barraged with offers and incentives and advertisements from all sorts of companies. Which means that the key is to reach them earlier, before any other retailers know a baby is on the way. Specifically, the marketers said they wanted to send specially designed ads to women in their second trimester, which is when most expectant mothers begin buying all sorts of new things, like prenatal vitamins and maternity clothing. “”Can you give us a list?”” the marketers asked.
Well worth reading the whole thing. Gives a whole new ring to the phrase ‘targetted advertising’!
A good holiday is when you can't remember whether it's Sunday or Monday.
Most of you have probably heard by now about how the technology reporter Mat Honan’s accounts were hacked and how he lost his Google Mail, his Apple and Amazon account, his Twitter account and the contents of his iPhone and laptop. All in under one hour.
What’s fascinating about this story is that we know how it was done: there was no heavy brute-force attack on weakly-encypted passwords, no SQL injections on his company’s website. The hackers had no animosity towards him; they didn’t know who he was, they just liked his three-letter @mat Twitter ID. In other words, this could easily happen to you too!
If you haven’t heard the story, then I recommend listening to episode 364 of Security Now, which you can get from here or here. The discussion starts 30 mins into the programme.
You should probably listen to this if you, say, use the Internet…
“Can we arrange a time for a conference call with you?”, said the enthusiastic email that landed in my inbox last year from some company’s marketing department. “We're very excited to tell you about our new viral videos!”
To which my response, of course, was that if they were really viral, they wouldn't need to tell me about them!
I thought of this while watching Euan Semple's keynote from the State of The Net conference in June, which, in contrast, has a gentle, understated style yet includes some nice ideas that come from years of careful thinking about corporate communications, both internal and external.
Euan Semple is the author of Organizations Don’t Tweet, People Do.
On Aug 5th, the Curiosity rover landed on Mars. I hadn’t really absorbed, at the time, just what a technical achievement this was: not so much getting the thing to Mars, but landing it safely and ready to roll shortly after it hit the Martian atmosphere at 13,000 miles per hour. It weighs nearly a tonne. The Jet Propulsion Lab had, of course, made CGI simulations showing how the process would work, in advance of the landing, but in this brilliant piece of video editing they intercut it with footage of the control team on the ground celebrating its arrival. I suggest you turn the volume up and watch it full-screen.
Rose’s aunt used to work at JPL, and, when I visited many years ago, one of the directors made an offhand comment which basically amounted to a job offer. At the time, it was all very quiet, and though I was interested in the work, the elderly rows of SPARCstations tracking satellites didn’t grab me as particularly thrilling. Now, however, there can’t be many organisations that could put together a recruitment video like this!
It would be terribly presumptuous to think that my readers, not satisfied with whatever I might burble about today, might want to go on to explore the Status-Q archives…
However, the fact remains that there are over 2200 posts here now, and I certainly can’t remember everything I’ve written, so it’s fun for me, at least, to browse a bit. The ‘related posts’ at the bottom of each entry’s page often pop up things I’d completely forgotten, but now I’ve added a ‘From the archive’ box on the right: a completely random selection of five posts from the last decade, updated every few minutes.
Go on – have a browse. Whatever you find is bound to be more interesting than what you’re reading now!
Well, my tweets last night were mostly either bemused or rather negative, so I should emphasise that there were bits of the Olympic opening ceremony I thought were rather good.
I liked the levers of the industrial revolution hoisting enormous smoking chimneys into the sky, though one gets the impression that nothing good came from this Saruman-style destruction except the forging of five giant gold rings to rule us all. A pleasing effect, but some other industrial achievements might have been nice: Stephenson’s Rocket, perhaps? The spectre of Voldemort hovering over children in hospital beds, until chased away by Mary Poppins, was quirky but amusing, though perhaps he was really hovering over the NHS? It, like so much of the ceremony, must have been completely bewildering to hundreds of millions of viewers.
I cringed at some of the inevitable political correctness, was proud of the music we used to produce until about 20 years ago, was pleased by Her Majesty’s involvement in the Bond escapade and felt sorry for her obvious boredom at having to sit through the rest of it. It’s good that Tim Berners-Lee finally gets appropriate global recognition, tweeting ‘This is for everyone’ from the middle of the arena; given his natural humility it must have been a challenge to get him to agree. And the cauldron was, indeed, very pretty.
To give a true history of modern Britain, I thought, we should have had a huge influx of Polish people at the end! And then I realised that they had probably been there all along, behind the scenes, making everything work. And work it did; it was certainly an impressive technical achievement, and it looks very good in the BBC’s six-minute edited highlights.
Then the athletes came in, and many of them looked like rowdy drunken yobs coming out of… well… a sporting event. Still, I suppose that’s something else that the world knows us for.
Now, I know I’m not the target audience for this stuff; I’ve made my feelings clear about the financial outrage that is the Olympics. For the same money we could have given a shiny new MacBook Pro to every schoolchild in the country. Or employed 1000 teachers for 400 years. Or… well… take your pick of better investments. So I tried to divorce my feelings about the ceremony from its association with the bigger picture. And as my friend Jeff Jarvis put it, to set the context for his tweets last night: “I cannot abide opening ceremonies or folk dances”.
And I’m also very out of touch with popular culture – I recognised about half a dozen faces last night: the Queen, Rowan Atkinson, Sir Tim B-L, Daniel Craig and Kenneth Branagh. OK, five. But it would have been six if I’d stayed awake long enough to see Paul McCartney. So I imagine there were probably lots of sports personalities, soap-opera stars, rap ‘musicians’ and winners of X-Factor that might have been recognisable to others.
So it’s probably better to rely on others’ commentary than mine. I liked:
Allesandra Stanley in the New York Times:
It’s hard to imagine any other nation willing to make so much fun of itself on a global stage, in front of as many as a billion viewers. It takes nerve to look silly; the cheesy, kaleidoscopic history lesson that took Britain through its past, from pasture through the workhouses and smoke stacks of the Industrial Revolution to World War I and, of course, “”Sgt. Pepper’s Lonely Hearts Club Band,”” was like a Bollywood version of a sixth-grade play.
But bad taste is also a part of the British heritage. The imagery mixed the glory of a royal Jubilee with the grottiness of a Manchester pub-crawl. Britain offered a display of humor and humbleness that can only stem from a deep-rooted sense of superiority.
…
The NBC anchors Matt Lauer and Meredith Vieira did their best to get in the spirit of British nuttiness, but at times their energy flagged, and their bewilderment became obvious. After a hospital sketch that morphed into a children’s nightmare — and a giant fake baby floating on a bed — Lauer said, “”I don’t know whether that’s cute or creepy.””
The whole show veered from cute to creepy and from familiar to baffling, including a pop music tribute to Tim Berners-Lee, the inventor of the World Wide Web. Most of all, it showed a love of movies that celebrate British eccentricity. “”Isles of Wonder”” seemed most inspired by a scene from the movie “”Love Actually,”” in which Hugh Grant, playing the prime minister, explains that Britain is still a great nation because it is “”the country of Shakespeare, Churchill, the Beatles, Sean Connery, Harry Potter, David Beckham’s right foot.””
Andrew Gilligan in The Telegraph:
Some of the rest was bitty and disjointed; the sub-mobile-phone advert style of the digital section was particularly weak. It was more political than I expected. Voldemort loomed over the NHS. Tonight marked perhaps its final transformation from a healthcare system into a religion. Dancers made up the CND symbol. The Royal Family looked bored, but the new Right-On Royal Family – Doreen Lawrence and Shami Chakrabarti – got to carry the Olympic flag.
The NHS segment in particular underlined how surprisingly parochial this ceremony was. The idea of the Health Service as a beacon for the world is, bluntly, a national self-delusion. Most other Western European countries have better state healthcare systems – and healthier people – than we do. Does the average Chinese person even know what the letters stand for?But I suppose the whole Olympics is in a broader sense parochial. Three weeks ago, I was in Libya witnessing that country’s first free election in sixty years: an end, or at least a beginning of the end, to decades of madness and tyranny which killed tens of thousands and blighted the lives of millions. To borrow the words of tonight’s over-excited TV commentators, that really was an inspirational and historic moment. Tonight, by contrast, was just a show.
One of my favourite podcasts at present is The Skeptics Guide to the Universe. Highly recommended, if you don’t know it. I liked this quote from a recent episode where they were discussing the Higgs particle:
“I read this great book about antigravity. I couldn’t put it down..”
The Telegraph reckons that it has inside information on what’s going to be included in the top-secret opening ceremony of the Olympics.
A stage backdrop of hills, streams, meadows and a thatched cottage will evoke Britain’s rural past. The landscape will be dotted with live animals, including 12 horses, three cows, 70 sheep, three sheepdogs and a horse-drawn plough, along with milkmaids, picnicking families, an Edwardian village cricket team in flannels, caps and braces, and people dancing around maypoles.
At one end of the arena will be a recreation of Glastonbury Tor, with an oak tree on top and a festival “”mosh pit”” at its foot. At the other end will be a space for crowds recreating the Last Night of the Proms.
It gets better…
…a third “”act”” of the ceremony will look at the post-war transformation of Britain, with models of Big Ben and other London landmarks, and a parade of dancing nurses and ancillary staff pushing hospital beds to represent the NHS and the Welfare State.
Oh good. Can’t wait for the dancing nurses.
…alongside 12,000 dancers, drummers, skateboarders, acrobats, and actors dressed as British historical figures, such as Emmeline Pankhurst, the suffragette, and the Caribbean migrants who arrived on the Empire Windrush in 1948…
I hope Emmeline Pankhurst will actually be on a skateboard.
I was just thinking that this could be a national embarrassment for which even the BBC’s reporting of the Jubilee River Pageant was insufficient preparation, when I suddenly realised that they must have a secret plan, because there is one way in which this could all be saved, could be put in the right context, and could turn the whole thing into a most enjoyable evening’s entertainment:
Get Terry Wogan to do the commentary.
This is the third and (probably) final post in my series about enabling IPv6 on your home network. The first, Banish Mavis and Connect to the Future, explains the basics and why I think this stuff is really important. The second, Tunnelling your way to the future, tells you how, if you have a Linux box on your network, you can give full IPv6 connectivity to all your machines, even if your ISP doesn’t support it yet.
This is all great fun, but at the end of the last article I pointed out that there were also security considerations associated with making all of your machines accessible to the ravages of the outside world, and it was only something you should do if they had a modern operating system, up-to-date security patches, and were running a firewall. This may, understandably, make you feel a little nervous, so in this final section I’ll show you how to implement a simple firewall on the machine that’s acting as your IPv6 gateway, so you can choose what traffic you want to let in, from where, and to which machines.
This is still, by the way, very much better than the old NAT-based world of IPv4, because you are separating policy from capability: you can choose to allow SSH and HTTPS traffic to two different web servers inside your network, FTP access to one of them, and plain HTTP to a webcam, and give them all proper DNS addresses, while still blocking incoming connections to anything else.
As a simple example, I’m going to explain how to set up a firewall that allows incoming HTTP, HTTPS and SSH connections over IPv6 but blocks everything else, so you’re not at risk when, say, enabling file sharing between your home computers.
If you set up your system as per my description in the previous article, your linux machine is connecting to an IPv6 tunnel provider, receiving the IPv6 packets for your network on a virtual interface we called he-ipv6
and routing them out to your network over the normal ethernet interface, eth0
.
Now, the way in which the Linux kernel routes data between interfaces is controlled by an internal table of rules, which is used to examine each packet and work out whether and how to send it on its way. These tables can be manipulated from the command line through a utility called iptables
, or ip6tables
for the IPv6 variant, and you could use these to set up the rules you need to let some stuff in and keep other stuff out.
It’s all very powerful, but unless you are part-robot yourself, trying to do much of this will make your brain hurt. This is the assembly-language equivalent of network configuration; you can make it do anything, and a very large number of the options you could choose will be the wrong ones. Eventually, you will get everything nicely set up, and all will be well until 18 months down the line when you have to change something and you have to remember what all those arcane lines of configuration were about.
So we’re going to use a system called Shorewall, which has a nicer way to describe what you want in a few simple configuration files, and then arranges all that iptables stuff for you behind the scenes.
We want the IPv6 version of Shorewall, so, assuming you’re on a Debian/Ubuntu-type system, you can install it with:
sudo apt-get install shorewall6
This will install both shorewall (the IPv4 version) and shorewall6, and will create configuration directories /etc/shorewall
and /etc/shorewall6
.
It will also put files to control the basic startup of each in /etc/defaults/shorewall
and /etc/defaults/shorewall6
. For our purposes, we can ignore the IPv4 version. There’s a line in each of these files that looks like:
startup=0
The firewall will not start up unless you change the 0 to 1, so do this in /etc/defaults/shorewall6
and leave the other one alone. The only other change you need to make to the defaults is to look for a line in /etc/shorewall6/shorewall6.conf
that says:
IP_FORWARDING=Off
and change it to
IP_FORWARDING=On
otherwise the machine will stop operating as a router.
OK. Now we’re going to create four configuration files. Four?, I hear you squeak. Yes, four, but trust me, they’re wonderfully brief and straightforward. We’re just going to create them from scratch because they’re so simple.
Here’s how it works:
These are done in simple text files called:
/etc/shorewall6/zones
/etc/shorewall6/interfaces
/etc/shorewall6/policy
/etc/shorewall6/rules
See? At least the naming is nice and logical. There are man pages describing these in detail if you want to know more – just run man shorewall6-zones
, man shorewall6-interfaces
, etc. I’m certainly not an expert, having tried this for the first time today, but the following files work for me.
/etc/shorewall6/zones
This is just a list of zone names and types:
fw firewall
net ipv6
lan ipv6
/etc/shorewall6/interfaces
Specify where these zones live:
#ZONE INTERFACE ANYCAST OPTIONS
lan eth0 - tcpflags
net he-ipv6 - tcpflags
/etc/shorewall6/policy
By default, data from the firewall or LAN destined for the outside world is accepted. Data from the outside world is dropped. Everything else is rejected.
#SOURCE DEST POLICY
fw net ACCEPT
lan net ACCEPT
net all DROP
all all REJECT
At this point, you can start up the firewall to test it:
/etc/init.d/shorewall6 start
And you should then find that you can make outgoing connections, for example to ipv6.statusq.org, but not incoming ones. If you don’t have easy access to an external IPv6-capable machine, try using a service like this one on mebsd.com to ping one of your internal IPv6 addresses. It should fail.
/etc/shorewall6/rules
Finally, in this file, let’s define some rules to let in ping, http, https and ssh.
# These rules apply to all new connections
SECTION NEW
#ACTION SOURCE DEST PROTO DEST PORT
# Allow ping6 from outside world to firewall or LAN
ACCEPT net fw ipv6-icmp
ACCEPT net lan ipv6-icmp
# Allow http, https and ssh from outside world to firewall or LAN machines
ACCEPT net fw tcp 80,443,22
ACCEPT net lan tcp 80,443,22
That’s it! Restart your firewall:
/etc/init.d/shorewall6 restart
And you should now find you can ping, ssh or get web pages from machines inside your network, but all other incoming connections will be blocked. If you want to allow access to a particular machine instead of all of them, change the rule line to include both the zone and the IP address:
ACCEPT net lan:2001:470:1f39:1824:fa1e:dfef::d5dc tcp 80,443,22
Well done! There’s an amazing amount more you can do with Shorewall – have a look at the man pages – but that at least should give you the basics and let you sleep at night!
Feedback and suggestions welcome, as always: I’m a novice at this too.
© Copyright Quentin Stafford-Fraser
Recent Comments