etbe is currently certified at Master level.

Name: Russell Coker
Member since: 2001-02-19 14:53:50
Last Login: 2009-02-24 04:55:31

FOAF RDF Share This

Homepage: http://etbe.coker.com.au/

Notes:

I do general Linux programming and sys-admin work. I am mostly known for my work on NSA Security Enhanced Linux.

Projects

Recent blog entries by etbe

Syndication: RSS 2.0

Replacement Credit Cards and Bank Failings

I just read an interesting article by Brian Krebs about the difficulty in replacing credit cards [1].

The main reason that credit cards need to be replaced is that they have a single set of numbers that is used for all transactions. If credit cards were designed properly for modern use (IE since 2000 or so) they would act as a smart-card as the recommended way of payment in store. Currently I have a Mastercard and an Amex card, the Mastercard (issued about a year ago) has no smart-card feature and as Amex is rejected by most stores I’ve never had a chance to use the smart-card part of a credit card. If all American credit cards had a smart card feature which was recommended by store staff then the problems that Brian documents would never have happened, the attacks on Target and other companies would have got very few card numbers and the companies that make cards wouldn’t have a backlog of orders.

If a bank was to buy USB smart-card readers for all their customers then they would be very cheap (the hardware is simple and therefore the unit price would be low if purchasing a few million). As banks are greedy they could make customers pay for the readers and even make a profit on them. Then for online banking at home the user could use a code that’s generated for the transaction in question and thus avoid most forms of online banking fraud – the only possible form of fraud would be to make a $10 payment to a legitimate company become a $1000 payment to a fraudster but that’s a lot more work and a lot less money than other forms of credit card fraud.

A significant portion of all credit card transactions performed over the phone are made from the customer’s home. Of the ones that aren’t made from home a significant portion would be done from a hotel, office, or other place where a smart-card reader might be conveniently used to generate a one-time code for the transaction.

The main remaining problem seems to be the use of raised numbers. Many years ago it used to be common for credit card purchases to involve using some form of “carbon paper” and the raised numbers made an impression on the credit card transfer form. I don’t recall ever using a credit card in that way, I’ve only had credit cards for about 18 years and my memories of the raised numbers on credit cards being used to make an impression on paper only involve watching my parents pay when I was young. It seems likely that someone who likes paying by credit card and does so at small companies might have some recent experience of “carbon paper” payment, but anyone who prefers EFTPOS and cash probably wouldn’t.

If the credit card number (used for phone and Internet transactions in situations where a smart card reader isn’t available) wasn’t raised then it could be changed by posting a sticker with a new number that the customer could apply to their card. The customer wouldn’t even need to wait for the post before their card could be used again as the smart card part would never be invalid. The magnetic stripe on the card could be changed at any bank and there’s no reason why an ATM couldn’t identify a card by it’s smart-card and then write a new magnetic stripe automatically.

These problems aren’t difficult to solve. The amounts of effort and money involved in solving them are tiny compared to the costs of cleaning up the mess from a major breach such as the recent Target one, the main thing that needs to be done to implement my ideas is widespread support of smart-card readers and that seems to have been done already. It seems to me that the main problem is the incompetence of financial institutions. I think the fact that there’s no serious competitor to Paypal is one of the many obvious proofs of the incompetence of financial companies.

The effective operation of banks is essential to the economy and the savings of individuals are guaranteed by the government (so when a bank fails a lot of tax money will be used). It seems to me that we need to have national banks run by governments with the aim of financial security. Even if banks were good at their business (and they obviously aren’t) I don’t think that they can be trusted with it, an organisation that’s “too big to fail” is too big to lack accountability to the citizens.

Related posts:

  1. Football Cards and Free Kittens My cousin Greg Coker has created an eBay auction for...
  2. The Millennium Seed Bank Jonathan Drori gave an interesting TED talk about the Millenium...
  3. systemd – a Replacement for init etc The systemd projecct is an interesting concept for replacing init...

Syndicated 2014-04-12 00:25:39 from etbe - Russell Coker

Finding Corrupt Files that cause a Kernel Error

There is a BTRFS bug in kernel 3.13 which is triggered by Kmail and causes Kmail index files to become seriously corrupt. Another bug in BTRFS causes a kernel GPF when an application tries to read such a file, that results in a SEGV being sent to the application. After that the kernel ceases to operate correctly for any files on that filesystem and no command other than “reboot -nf” (hard reset without flushing write-back caches) can be relied on to work correctly. The second bug should be fixed in Linux 3.14, I’m not sure about the first one.

In the mean time I have several systems running Kmail on BTRFS which have this problem.

(strace tar cf – . |cat > /dev/null) 2>&1|tail

To discover which file is corrupt I run the above command after a reboot. Below is a sample of the typical output of that command which shows that the file named “.trash.index” is corrupt. After discovering the file name I run “reboot -nf” and then delete the file (the file can be deleted on a clean system but not after a kernel GPF). Of recent times I’ve been doing this about once every 5 days, so on average each Kmail/BTRFS system has been getting disk corruption every two weeks. Fortunately every time the corruption has been on an index file so I don’t need to restore from backups.

newfstatat(4, ".trash.index", {st_mode=S_IFREG|0600, st_size=33, …}, AT_SYMLINK_NOFOLLOW) = 0
openat(4, ".trash.index", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_NOFOLLOW|O_CLOEXEC) = 5
fstat(5, {st_mode=S_IFREG|0600, st_size=33, …}) = 0
read(5,  <unfinished …>
+++ killed by SIGSEGV +++

Related posts:

  1. Bizarre “No space left on device” error from Xen What should have been a routine “remove DIMMs and run...
  2. BTRFS Status March 2014 I’m currently using BTRFS on most systems that I can...
  3. Kernel Security vs Uptime For best system security you want to apply kernel security...

Syndicated 2014-04-06 11:55:48 from etbe - Russell Coker

Comparing Telcos Again

Late last year I compared the prices of mobile providers after Aldi started getting greedy [1]. Now Aldi have dramatically changed their offerings [2] so at least some of the phones I manage have to be switched to another provider.

There are three types of use that are of interest to me. One is for significant use, that means hours of calls per month, lots of SMS, and at least 2G of data transfer. Another is for very light use, maybe a few minutes of calls per month where the aim is to have the lowest annual price for an almost unused phone. The third is somewhere in between – and being able to easily switch between plans for moderate and significant use is a major benefit.

Firstly please note that I have no plans to try and compare all telcos, I’ll only compare ones that seem to have good offers. Ones with excessive penalty clauses or other potential traps are excluded.

Sensible Plans

The following table has the minimum costs for plans where the amount paid counts as credit for calls and data, this makes it easy to compare those plans.

Plan Cost per min or SMS Data Minimum cost
AmaySIM As You Go [3] $0.12 $0.05/meg, $19.90 for 2.5G in 30 days, $99.90 for 10G in 365days $10 per 90 days
AmaySIM Flexi [4] $0.09 500M included, free calls to other AmaySIM users, $19.90 for 2.5G in 30 days, $99.90 for 10G in 365days $19.90 per 30 days
Aldi pre-paid [5] $0.12 $0.05/meg, $30 for 3G in 30 days $15 per 365 days

Amaysim has a $39.90 “Unlimited” plan which doesn’t have any specific limits on the number of calls and SMS (unlike Aldi “Unlimited”) [6], that plan also offers 4G of data per month. The only down-side is that changing between plans is difficult enough to discourage people from doing so, but if you use your phone a lot every month then this would be OK. AmaySIM uses the Optus network.

Lebara has a $29.90 “National Unlimited” plan that offers unlimited calls and SMS and 2G of data [7]. The Lebara web site doesn’t seem to include details such as how long pre-paid credit lasts, the lack of such detail doesn’t give me confidence in their service. Lebara uses the Vodafone network which used to have significant problems, hopefully they fixed it. My lack of confidence in the Vodafone network and in Lebara’s operations makes me inclined to avoid them.

Obscure Plans

Telechoice has a $28 per month “i28″ plan that offers unlimited SMS, $650 of calls (which can be international) at a rate of over $1 per minute, unlimited SMS, unlimited calls to other Telechoice customers, and 2G of data [8]. According to the Whirlpool forum they use the Telstra network although the TeleChoice web site doesn’t state this (one of many failings of a horrible site).

The TeleChoice Global Liberty Starter plan costs $20 per month and includes unlimited calls to other TeleChoice customers, unlimited SMS, $500 of calls at a rate of over $1 per minute, and 1G of data [9].

Which One to Choose

For my relatives who only rarely use their phones the best options are the AmaySIM “As You Go” [3] plan which costs $40 per 360 days and the Aldi prepaid which costs $15 per year. Those relatives are already on Aldi and it seems that the best option for them is to keep using it.

My wife typically uses slightly less than 1G of data per month and makes about 25 minutes of calls and SMS. For her use the best option is the AmaySIM “As You Go” [3] plan which will cost her about $4 in calls per month and $99.90 for 10G of data which will last 10 months. That will average out to about $13 per month. It could end up being a bit less because the 10G of data that can be used in a year gives an incentive to reduce data use while previously with Aldi she had no reason to use less than 2G of data per month. Her average cost will be $11.30 per month if she can make 10G of data last a year. The TeleChoice “Global Liberty Starter” [9] plan is also appealing, but it is a little more expensive at $20 per month, it would be good value for someone who averages more than 83 minutes per month and also uses almost 1G of data.

Some of my relatives use significantly less than 1G of data per month. For someone who uses less than 166MB of billable data per month then the Aldi pre-paid rate of $0.05 per meg [5] is the best, but with a modern phone that does so many things in the background and a plan that rounds up data use it seems almost impossible to be billed for less than 300MB/month. Even when you tell the phone not to use any mobile data some phones still do, on a Nexus 4 and a Nexus 5 I’ve found that the only way to prevent being billed for 3G data transfer is to delete the APN from the phone’s configuration. So it seems that the AmaySIM “As You Go” [3] plan with a 10G annual data pack is the best option.

One of my relatives needs less than 1G of data per month and not many calls, but needs to be on the Telstra network because their holiday home is out of range of Optus. For them the TeleChoice Global Liberty Starter [9] plan seems best.

I have been averaging a bit less than 2G of data transfer per month. If I use the AmaySIM “As You Go” [3] plan with the 10G data packs then I would probably average about $18 worth of data per month. If I could keep my average number of phone calls below $10 (83 minutes) then that would be the cheapest option. However I sometimes spend longer than that on the phone (one client with a difficult problem can involve an hour on the phone). So the TeleChoice i28 plan looks like the best option for me, it gives $650 of calls at a rate of $0.97 per minute + $0.40 connection (that’s $58.60 for a hour long call – I can do 11 of those calls in a month) and 2G of data. The Telstra coverage is an advantage for TeleChoice, I can run my phone as a Wifi access point so my wife can use the Internet when we are out of Optus range.

Please let me know if there are any good Australian telcos you think I’ve missed or if there are any problems with the above telcos that I’m not aware of.

Related posts:

  1. Aldi Changes, Cheap Telcos, and Estimating Costs I’ve been using Aldi as my mobile phone provider for...
  2. Aldi Deserves an Award for Misleading Email Aldi Mobile has made a significant change to their offerings....
  3. Dual SIM Phones vs Amaysim vs Contract for Mobile Phones Currently Dick Smith is offering two dual-SIM mobile phones for...

Syndicated 2014-04-01 11:44:26 from etbe - Russell Coker

Links March 2014

Typing Animal wrote an interesting article about the dangers of stainless steel in a medical environment [1]. Apparently silver and copper are best due to the oligodynamic effect. Instead of stainless steel drinking bottles they should sell silver plated drinking bottles for kids, I’m sure that lots of parents would pay extra for that.

Mark Kendall gave an interesting TED talk about a replacement for the hypodermic syringe in vaccinations [2]. His invention can reduce the cost of immunisation while increasing the effectiveness and avoiding problems with people who have a needle phobia.

The TED blog has an interesting interview with Will Potter about the use of the “war on terror” to silence journalists and the invention of the term “eco terrorism” for non-violent people who are politically active [3].

The TED blog has an interesting article by Kate Torgovnick May about designing products for sustainability [4]. It links to an insightful TED talk by Leyla Acaroglu about some of the complex issues related to sustainability [5].

Manoush Zomorodi wrote an informative article about How one college went from 10% female computer-science majors to 40% [6].

Slate has an interesting article by Jamelle Bouie showing the way that support for capital punishment in the US is linked to racism [7].

The Southern California Public Radio blog has an interesting article by Josie Huang about Suey Park and her success in using twitter to oppose racism [8].

Andrew Solomon wrote an insightful interview with the father of Adam Lanza for the New Yorker [9].

Waleed Aly wrote an insightful article about George Brandis’ attempt to change the Racial Discrimination Act specifically to allow Andrew Bolt to be racist [10]. He describes it as “the whitest piece of proposed legislation I’ve encountered” which is significant in a country with as much racism as Australia. Really we need stronger laws against racism, there should be no right to be bigoted.

A German Court has ruled that “non commercial” licenses don’t permit non-commercial organisations to re-publish material [11]. This seems bogus to me, I’d be happy to have my non-commercial licensed work published by a non-commercial publishing organisation – just as long as they don’t run adverts on the page.

Professors Woolley and Malone wrote an interesting article about their research into group performance, apparently having more women in a group improves the collective intelligence of a group, but having smarter men in the group doesn’t [12].

Susie Hill wrote an article about the SPARX computer game that is designed to treat adolescent depression [13]. They are working on a “rainbow” edition for GLBT kids and a version for Maoris. Unfortunately their web site is down right now and the version at archive.org says that it’s currently only available to participants in a clinical trial.

Tim Chevalier wrote an insightful article explaining why people who campaign against equality shouldn’t be given senior positions in corporations [14].

Zeynep Tufekci wrote an insightful article about how French High Theory and Dr. Seuss can help explain gender problems in geek communities [15].

Hannah Levintova wrote an informative article for Mother Jones about how the US based hate group the World Congress of Families incites homophobic violence in Russia [16].

Josh Sanburn wrote an article for Time about people in the Deep South who claim to be Christian giving away guns to encourage people to attend church [17]. This is the same part of the world where people who claimed to be Christian used their “religion” as an excuse for supporting slavery. I’m quitting bourbon, too much evil comes from that part of the world and I’m not buying anything that comes from there.

Related posts:

  1. Links March 2013 Russ Allbery wrote an informative post about how to determine...
  2. Links February 2014 The Economist has an interesting and informative article about the...
  3. Links January 2014 Fast Coexist has an interesting article about the art that...

Syndicated 2014-03-31 10:55:42 from etbe - Russell Coker

The Aspie Accent

I am often asked about my “accent”. The most common guess is that it’s a “British” accent, while I lived in London for about a year I don’t think that my accent changed much during that time (people have commented on the way I speak since I was in primary school). Also there isn’t a “British accent” anyway, the Wikipedia page of Regional Accents of English has the first three sections devoted to accents in the island of Britain (and Northern Ireland is part of the United Kingdom which people often mean when they sat “Britain”). The Received Pronounciation is the main BBC accent and the accent that is most associated with Britain/England/the UK (which are three different things even though most people don’t know it) and I don’t think that I sound like that at all.

I’ve had various other guesses, the Netherlands (where I lived for a few years but mostly spoke to other foreigners), New Zealand (which I’ve visited a couple of times for conferences), Denmark (the closest I got was attending a conference in Sweden), and probably others I can’t remember.

If I actually had developed an accent from another country then it would probably be from the US. The amount of time I’ve spent watching Hollywood movies and watching US TV shows greatly exceeds the amount of time I’ve spent listening to people from all other countries. The fact that among all the people who wanted to try and guess where my accent supposedly originated none have ever included the US seems like strong evidence to suggest that I don’t have any sort of accent that really derives from another country. Also I have never had someone mistake me for being a resident of their own country based on accent which seems like clear evidence that all claims about me having a foreign accent are bogus.

Autism forums such as WrongPlanet.net [1] always turn up plenty of results for a search on “accent”. In such discussions it seems that a “British accent” is most common mistake and there are often theories raised about why that is – often related to speaking in a formal or precise way or by using a large vocabulary. Also in such discussions the list of countries that people supposedly have accents from is very inclusive, it seems that any country that the listener has heard of but doesn’t know that well is a good candidate. The fact that Aspies from outside the US are rarely regarded as having an American accent could be due to the fact that Hollywood has made most of the world population aware of what most American accents sound like.

Also if I really had some sort of accent from another country then probably someone would comment on that when I’m outside Australia. When I’m travelling people tend to recognise my accent as Australian, while it doesn’t please me when someone thinks that I sound like Crocodile Dundee (as happened in the Netherlands) it might not be entirely inaccurate.

This is Annoying

The way the issue of accent is raised is generally in the form of people asking where I’m from, it seems to imply that they don’t think I belong in Australia because of the way I speak. It’s particularly annoying when people seem unable to realise that they are being obnoxious after the first wrong guess. When I reply “no” to the first “are you from $COUNTRY” question and don’t offer any further commentary it’s not an invitation to play 20 questions regarding where I’m supposedly from, it’s actually an indication that I’m not interested in a conversation on that topic. A Social Skills 101 course would include teaching people that when someone uses one-word answers to your questions it usually means that they either don’t like your questions or don’t want to talk to you.

Social Skills vs Status

The combination of persistence and misreading a social situation which are involved when someone interrogates me about my supposed accent are both parts of the diagnostic criteria for Autism. But I generally don’t get questions about my “accent” in situations where there are many Aspies (IE anything related to the Free Software community). I think that this is because my interactions with people in the Free Software community are based around work (with HR rules against being a jerk) and community events where no-one would doubt that I belong.

I mostly get questions about my “accent” from random middle-class white people who feel entitled to query other people about their status who I meet in situations where there is nothing restraining them from being a jerk. For example random people I meet on public transport.

Related posts:

  1. I’m an Aspie I’ve recently been diagnosed with Asperger Syndrome (AS) [1]. Among...
  2. Aspie Social Skills and the Free Software Community LWN has an article by Valerie Aurora titled “The dark...

Syndicated 2014-03-26 23:44:35 from etbe - Russell Coker

1106 older entries...

 

etbe certified others as follows:

  • etbe certified etbe as Master
  • etbe certified wichert as Master
  • etbe certified cananian as Master
  • etbe certified hpa as Master
  • etbe certified nate as Journeyer
  • etbe certified bcollins as Master
  • etbe certified alan as Master
  • etbe certified JHM as Master
  • etbe certified taj as Master
  • etbe certified espy as Master
  • etbe certified clameter as Master
  • etbe certified davem as Master
  • etbe certified BrucePerens as Master
  • etbe certified esr as Master
  • etbe certified Skud as Journeyer
  • etbe certified branden as Master
  • etbe certified Joy as Master
  • etbe certified cas as Journeyer
  • etbe certified srivasta as Master
  • etbe certified rms as Master
  • etbe certified ajt as Master
  • etbe certified riel as Master
  • etbe certified paul as Journeyer
  • etbe certified mdz as Journeyer
  • etbe certified lupus as Master
  • etbe certified marcel as Journeyer
  • etbe certified Sam as Journeyer
  • etbe certified jaq as Journeyer
  • etbe certified dopey as Journeyer
  • etbe certified joey as Master
  • etbe certified rkrishnan as Journeyer
  • etbe certified Netsnipe as Master
  • etbe certified claviola as Master
  • etbe certified cjwatson as Master
  • etbe certified cmiller as Master
  • etbe certified evo as Master
  • etbe certified baux as Journeyer
  • etbe certified aaronl as Master
  • etbe certified cdub as Master
  • etbe certified kroah as Master
  • etbe certified neurogato as Apprentice
  • etbe certified omnic as Journeyer
  • etbe certified knghtbrd as Master
  • etbe certified hands as Master
  • etbe certified jooon as Journeyer
  • etbe certified zx64 as Journeyer
  • etbe certified slef as Master
  • etbe certified mirwin as Apprentice
  • etbe certified mentifex as Apprentice

Others have certified etbe as follows:

  • etbe certified etbe as Master
  • ajv certified etbe as Master
  • taj certified etbe as Master
  • faye certified etbe as Master
  • paul certified etbe as Master
  • Guillaume certified etbe as Journeyer
  • acme certified etbe as Journeyer
  • Joy certified etbe as Journeyer
  • claviola certified etbe as Master
  • walters certified etbe as Journeyer
  • mdz certified etbe as Journeyer
  • kmcmartin certified etbe as Master
  • srivasta certified etbe as Master
  • neil certified etbe as Master
  • kroah certified etbe as Master
  • cdub certified etbe as Master
  • rkrishnan certified etbe as Master
  • Sam certified etbe as Master
  • jaq certified etbe as Journeyer
  • jooon certified etbe as Master
  • dopey certified etbe as Journeyer
  • omnic certified etbe as Journeyer
  • zx64 certified etbe as Master
  • seeS certified etbe as Master
  • Netsnipe certified etbe as Master
  • cjwatson certified etbe as Master
  • LaForge certified etbe as Master
  • futaris certified etbe as Master
  • timriker certified etbe as Master
  • domi certified etbe as Master
  • byte certified etbe as Master
  • tc certified etbe as Master
  • pasky certified etbe as Journeyer
  • trs80 certified etbe as Master
  • fxn certified etbe as Master
  • joey certified etbe as Journeyer
  • ncm certified etbe as Journeyer
  • dwmw2 certified etbe as Master
  • lkcl certified etbe as Master
  • Pizza certified etbe as Master
  • mattl certified etbe as Journeyer
  • Mmarquee certified etbe as Master
  • slef certified etbe as Master
  • Funklord certified etbe as Master

[ Certification disabled because you're not logged in. ]

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

X
Share this page