SeeIT Consult

I have now been using the product for 3 weeks and have 21 days worth of upload, download and ping data. The latest graphs have been added to the end of the post: Imagine Wi-Max: One Week On.

This is a follow up to my initial review of the Imagine Wi-Max product 2 weeks ago.

Updated on 2010-06-15 (see end of article for 3 weeks worth of test data).

Warning: do not host your DNS with BT Ireland.

Hard to believe, but get a load of BT Irelands policy on DNS changes…

1. Fax a request into them on company headed paper (“for security, don’t you know?!”)
2. Wait for 24 hours (“we only reload our DNS twice a day”).

In fact they are so protective of their DNS servers that they will not break their 2-reloads-a-day rule even in cases where they have made a mistake.

Exercise for the reader:

Figure out how to spoof a DNS change request to BT Ireland using nothing but a PC, a screen grabber and an Internet connection (you shouldn’t even need a physical fax machine).

The ultimate irony: Security guru Bruce Schneier is the Chief Security Technology Officer for BT (but I bet he doesn’t know about the fax-on-headed-paper security initiative)!

Update on getting stale DNS entries removed:

Four days! After becoming frustrated with tech support drones, I had to escalate it to the complaints department.

Last weekend I received a Wi-Max box from Imagine to replace my current DSL connection. Here are my initial thoughts on the device, the set-up and configuration, performance and some serious reservations about how Imagine have crippled the modem.

Continue reading ‘Imagine Wi-Max Initial Review’ »

In October 2007 Electric News reported that a vulnerability had been discovered with Eircom supplied DSL modem/routers. This was based on some clever investigative work by Kevin Devine in September of that year. It allowed an attacker to deduce the password used to encrypt traffic between a PC and the Wi-Fi access point.

To be fair calling it a vulnerability is being overly generous – the method used to generate the passwords was totally flawed. I would expect more from a 16 year old script kiddie with a Corn Flakes packet code wheel.

As an academic exercise and to publicise the vulnerability we converted some Perl scripts to PHP and published them to our web site. Believe it or not, almost four years hence, there are still a load of routers that are vulnerable. You can even get an iPhone app for it!

If you suspect you are affected, then follow the link below and see if we can deduce your password. If you are affected contact us and we will be happy to help. You can also find DIY instructions on how to secure your Netopia router here.

Go to the Eircom WEP password cracker page here.

Time to revisit this post-Lisbon…

Did you know:

Eurolinux collected over 400,000 signatures supporting a petition for a software patent-free Europe

• That petition has now expired and they need your support
• Our own EU-Commissioner, Charlie McCreevy, is completely misinformed about software patents
• The EU-Commission is now obliged (post-Lisbon) to present a legislative proposal when a critical mass of citizens demands it

I strongly urge you to read on and see what the EU patent office is approving – your support is needed.

In April 2009, Oracle announced that it had agreed to acquire Sun. Since Sun had acquired MySQL the previous year, this would mean that Oracle, the market leader for closed source databases, would get to own MySQL, the most popular open source database.

Read about it here…

…or watch out for the Muppets…

Again and again get a very similar request:

Can you move/fix/migrate/upgrade our web site please?

… and every time I get a similar reason for the request:

There was a bloke who used to look after us, but he’s gone now…

This is (un)commonly known as SFO Syndrome – Supplier Fecked Off!

Cleaning up after SFO is a service we regularly perform for clients, and sometimes it is quite shocking to see the mess that a previous supplier has left behind. (I am often led to muse that the provider may have disappeared because they may have realised that the game was up!) I have written before about this (see ‘Open Source and Open Standards’) but it is worth restating:

If a quote is to good to be true, then it usually is!

Continue reading ‘SFO Syndrome – The Hidden Menace’ »

Recently we were asked by a client to migrate a web site from one server to another. The web site in question was built on a Content Management System (CMS) called Joomla – a CMS written in PHP and using MySQL for database storage.

I am not fond of Joomla, but that is my personal opinion and don’t let it colour yours. As a programmer I find it heavyweight and overly complex. Lots and lots of code means frequent discoveries of bugs and frequent updates. As my friend Alan Kennedy says “every line of code is a liability” and he is spot on. However we aren’t all programmers and for someone who wants an “out of the box” experience Joomla may well fit the bill. Personally I prefer the excellent Wordpress – it may be a ‘only’ a blog system, but it is fantastic for static web sites too and uses a much simpler database schema, although it doesn’t have the extended functionality of Joomla.

Open Standards – your data, your way

Where am I going with all this? Well what happens when the person you used to create your web site disappears, or when you just want to migrate? If you are stuck into a commercial, closed source and/or proprietary model, you are at the mercy of whatever commercial provider will take you on. If, on the other hand, you are using open standards, then at the very least you have access to all the code and data in your web site.
Continue reading ‘Open Source and Open Standards’ »

A long overdue of SeeITs’ website. My colleague Simon Stewart in CIC made the very valid point that a web programmer should show something more on his website than a page of largely static text and a broken contact form. (In fairness the contact form brought me nothing but spam and Asian software companies trying to get me to outsource my coding jobs to them, so it was no great loss to me.)

One pleasant surprise was how modern browsers behave with standards compliant HTML and CSS (as long as you don’t get too funky with your layout).
Continue reading ‘A Reluctant Web Designers Journey’ »