Tuesday, December 16, 2008

Santa Ahoy!

Rachelle's Mum and Dad arrived safely on Friday to join us for Xmas and new year. I think Mandy in particular was a little shocked about the heat and humidity. We did warn them about coming to Brisbane in Summer!

On Sunday we all went to Rach's boat club for Sunday lunch and the kids Xmas party with George, Julie and Reyce. In typical aussie style the xmas party was a little different, with Santa arriving by boat...

IMG_0214.JPG

IMG_0220.JPG

It really was a dismal attempt at a Santa. Lauren was not convinced, or impressed.

Most of the kids dressed up in fancy dress, and so did some of the adults...

IMG_0226.JPG

By this time I'd already had about 4 beers and half a bottle of wine, so things were getting a little surreal.

After the party we all went back to ours where we sat out and watched the sunset over a few drinks.

The sky looked amazing...

IMG_2013.JPG

IMG_2017.JPG

Today, Mandy and Steve have took Lauren up to Noosa for a couple of days with Cath and Bonny. This is the first time that Lauren has been away without us since we arrived in Australia. Last Friday she finished Year 2 so she's now into her 6 week summer holiday. It's Rach's last day today and I finish up for xmas on Thursday. We're both back to work on the 5th Jan so we've got a nice 2 week break to look forward to!

More photo's on Flickr.

Sheraton Gold Coast

A couple of weeks ago we spent a night away in luxury at the 5 start Sheraton Mirage Resort and Spa Hotel on the Gold Coast, courtesy of a hotel voucher from Rach's boss in thanks for Rach selling one of the Marina berths. Rach has already blogged about this on her own blog so I won't repeat it here. Suffice to say that we had a great time, right up until the point where I got burnt to a crisp.

It's 2 weeks later and my legs are still sore. A little tip for any blokes (and women) with hairy legs like me: if you use the spray-on sunscreen, make sure you rub it in thoroughly!

Wednesday, December 03, 2008

Quantum of Solace

Being a rather geeky James Bond fan I was very much looking forward to the Quantum of Solace.

After the re-incarnation of James Bond in Casino Royale, which kept pretty much authentic to the original plot and character in Ian Fleming's novel, I had high hopes for QoS.

What a disappointment.

Unlike the edgy, exhilarating and well-shot action scenes in Casino Royale, the action scenes in QoS were a bit far fetched at best, and for most parts, completely unwatchable at worst. Unfortunately, it seems the Director and Editor had taken the comparison with the Jason Bourne films to heart and decided to follow this latest ridiculous trend of shooting scenes with a shaky hand-held camera and over-editing the scenes so much that the angle of shot changes with nearly every frame. The result is you can't make out what's going on.

I can imagine that in 10 years time we'll look back at this period in film-making and think 'what was that all about? Who on earth thought it was a good idea to shoot big blockbuster action scenes with a hand-held camera and switch between cameras angles so fast that it gives the viewer motion sickness?'. I think Paul Greengrass is a good British directory, and both the last 2 Bourne films which he directed and United 93 are great films, but they'd be even better if we could actually make out what's going on in the action scenes! Please, please, stop it. There's a time and a place. For instance, it kind of works in films like Cloverfield. In Cloverfield there's a reason it's shot with a hand-held camera. It's part of the plot, and, it does add something to the reality of the scenes.

Besides the bad editing, QoS also suffers from a rather thin plot. The film is based on a short story written by Fleming, and fleshing a short story out into a feature movie was always going to be difficult. But this just feels like treading water. Bond travels from one exotic location to another with very little rationale for why he's going there, except to chase down baddies. It was as if the producers picked a few nice locations they wanted to visit in advance of making the film, and then wrote the script to fit around the locations.

One of the best things for me in Casino Royale was the quick and witty dialogue, especially between Bond and the love interest - Vesper Lynd. There's hardly any of that in QoS. The non-stop action leaves very little time for character building. There's not much of a love interest either - not a classic one for bond girls! Bond does get his end away with one civil servant, who incidentally meets a sticky end covered in oil, reminiscent of that famous scene in Goldfinger. Her death is obviously a reference to Goldfinger where the character 'Jill Masterson' is killed and covered in gold paint. The bond franchise seems to be trying to send a message - the currency of power in the early Bonds was gold and diamonds, whereas in 2008 the currency of power is oil. QoS is that un-memorable that I can't even remember if he kisses the bond girl who survives to the end.

Don't get me wrong. It's not a complete disaster. QoS is still better than the average action film. Daniel Craig makes a great James Bond and Judie Dench continues to do a good job as 'M'. The action scenes where the camera stays still for a few seconds are really good. It's certainly better than the later Pierce Brosnan bond films where some of the action got preposterously far-fetched. Mind you, surviving a fall out of an airplane where his parachute only opened 10 metres off the ground, and running through a building engulfed in flames without getting even his eyebrows singed, was pushing it a little in QoS.

In summary, watchable, but not a classic.

Brisbane Storms

It's tropical storm season here at the moment and this year it has been particularly bad. Tonight we've been treated to yet another fantastic lightning storm after a very hot day, but it was rather mild compared to what happened on Sunday 16th November when we had the worst storms for 30 years.

Luckily we escaped the worst of it where we live on the south side of the Brisbane river. No such luck for those in the northern suburbs, especially The Gap where my boss lives.

This YouTube video shows how bad it got in The Gap. In particular watch what happens from 1 minute and 30 seconds in:



My boss's house was without power for 4 days after this.

On Thursday the 20th November we had another big storm, and this time I got caught in it. I was working in the city at a client site and left a little early to go to my office for the first of our 2 Xmas parties - this one being the one where clients were invited. In the office, we had the weather radar up on one of the Plasma screens so we could watch the storm coming in. When we realised it was heading straight for us many of us decided to leave to try and get home before the worst of it reached us, particularly after what had happened the previous Sunday. So I set off walking to the train station (as my usual bus didn't run that late) and got half way there when the heavens opened, and as is typical, I'd happened to have left my umbrella at the client site.

The rain was coming down so ferociously that I decided to take shelter in a shop entrance and wait until the worst of it was over, thinking that it would only be a short one. Twenty minutes later it was still horizontal rain so I thought bugger it and set off again on a brisk walk.

Near the train station there is an area where I need to cross two major roads with a traffic island in the middle. I crossed the first road and just as I got to the traffic island the hailstones started. I couldn't believe it. Whilst waiting for the traffic lights to change, in a very short period of time the hailstones started coming down faster and in increased size. I was watching them fall all around me - the size of golf balls. The thing is, for that short period of time I had absolutely nowhere to hide. I was stuck, and the hailstones were coming down that hard I thought to myself if one of these hits me smack on the head I'm going to be in trouble. Yet, the unbelievable part is that none of them hit me. They were falling all around my feet yet I managed to stand through it for a good 2 minutes before the traffic lights change, and then run across the road to shelter without a single one hitting me.

Talk about lucky!

Tuesday, November 04, 2008

The End of Darkness?

In just a few hours time, after what's been the longest, most expensive, and perhaps most exciting presidential election ever, we'll know who is going to be the 44th President of the United States.

Being a political news junkie, I've been following the race fairly closely for the last 18 months, and, like pretty much the rest of the world outside of America, I'm praying (figuratively speaking given I'm an atheist) that Barack Obama wins.

The world can't handle another 4 years of a Republican administration in the White House.

A while back I read Bill Clinton's autobiography - 'My Life', and he stated that although history will ultimately judge his presidency, his own view was based on a simple mental list he kept:- jobs created, increased access to healthcare, increased funding for childcare, number of people lifted out of poverty, etc.

Now lets apply that principle to George W. Bush. Here's my mental list:

  • Over 4,500 coalition troop deaths in the Iraq War and hundreds of thousands civilian casualties resulting from a war, lest we forget, which was sold to us based on the threat of weapons of mass destruction which never materialised;
  • The trampling of human rights and civil liberties via the Patriot Act, Extraordinary Rendition, Water Boarding torture, Guantanamo Bay, Abu Ghraib, and other such terms we had all never heard of before 2001;
  • The failure to sign the Kyoto Treaty, and furthermore, the continual effort to block and hamper the fight against climate change;
  • The abysmal failure to act or show any leadership in the immediate aftermath of Hurricane Katrina's devastation of New Orleans;
  • The complete wipeout of the federal budget surplus and creation of America's biggest ever budget deficit;
  • etc, etc.
Maybe I'm being a bit unfair. On the plus side he did give records amount of financial relief to AIDS riddled countries in Africa, and was the first US president to acknowledge that a two-state solution was the only way to resolve the Israeli-Palestine issue.

However, on the first, the amount of money given to the fight against AIDS ($30bn if I remember correctly) now seems a pittance in comparison to the $1 trillion spent on the Iraq War to date and the $700 bail-out of the banks (a figure which looks like it could double). And on the second, what progress has been made? We seem no closer to a solution now than 8 years ago. At least 8 years ago there was no wall built around the West Bank. Given what many people believe are the root-causes of 9/11, you'd think that pushing the middle-east peace process would be right up there with catching Osama Bin Laden. Yet both seem to have took a back seat to what I believe is Bush's number one priority - 'Energy Security'.

I remember a few years ago visiting the White House website to see what his administration had to say about climate change. If you go there now there is a section titled Environment but a few years ago no such section existed. Yet there was a section titled Energy Security.

Some cynics may say that Energy Security was the entire basis for the invasion of Iraq. After all, we all know that the Bush family's links to the oil companies are long and well documented.

The last 8 years have been a disaster and George W. Bush will probably be remembered as one of the worst and most unpopular American presidents ever.

So, will we see an end to this darkness?

I'm not naive enough to think that America will completely change its foreign policy and stance on climate change overnight if Barack Obama wins.

Lets just hope it is a new direction and an Obama win will go some way to reverse the damage inflicted by 8 years of the Neo-Cons in charge.

As for John McCain, I had a lot of respect for him before this process began. I've read about his 6 years imprisonment and torture during the Vietnam war, and his refusal to be released ahead of his compatriots. He truly is a war hero. But the way he has fought this campaign has surely undone a lot of the goodwill many people had for him.

Some political analysts say that he has simply learnt from his 2000 campaign to become the Republican presidential nominee against George Bush. In that campaign he mainly refused to go negative and resort to nasty tactics. Bush on the other hand had no such qualms and many Americans, bombarded with adverts and push-poll phone calls, fell hook, line and sinker for the Bush campaign's smear tactics.

McCain has clearly taken some political campaigning lessons from Karl Rove and thrown his morals out of the window. At every step he has attempted to dumb the campaign issues down to the lowest common denominator; painting complex issues as black and white, and virtually labeling Obama as everything from a terrorist to a socialist.

The soundbites coming out of the McCain team over the last few weeks since the economic meltdown really has represented a low-point in intellectual debate. How many times did McCain quote Obama as using the words 'share the wealth', insinuating that Obama is somewhere to the left of Karl Marx with his policy of reducing income tax on the middle tax, as opposed to McCain's policy of cutting corporation tax for big business. It amazes me how that word 'socialist' is used in american politics. It's as if no american has ever visited Western Europe and seen the balance between economic growth and state welfare that has given a high standard of living with free(ish) health care for all.

Obviously I'm making grand generalisations here. It's mainly commentators on the right side of politics in America (right as in opposite to left, not right as in opposite to wrong), such as the state news channel that is Fox News that have done the most to brainwash some Americans into believing that all the issues are black and white; free-markets - good, regulation - bad; religion - good, atheism - bad; etc.

I sometimes play a little game. I put on the Bill O'Reilly show on Fox News and see how long it is until I want to throw a brick at the TV or start laughing uncontrollably in an effort to hide the tears of frustration at the ridiculousness that is the pompous, egotistical Bill O'Reilly. It's been particular amazing to hear his rants lately against the democratic bias of the MS-NBC news channel. Talk about 'pot this is kettle'.

Anyway, speaking of black and white, some commentators are looking out for the purported Bradley Effect to see if the polls are wrong and McCain can clutch victory from the claws of defeat. The Bradley Effect is a theory that many voters tend to lie in polls when asked if they voted for the black candidate because they don't want the pollster to think that they are racist. I guess we'll find out in a few hours time whether there are truths to this theory.

I've been watching the Emmy award-winning drama John Adams over the last few weeks which is currently showing over here. I wonder what Adams, Washington, Franklin, et all would make of the circus that now exists as a result of Article 2 of the United States Constitution? Whatever happens, these are certainly interesting times we are living through.

Playing the Tour Guide

Our latest set of visitors arrived safely on Friday - Frances and Rob - so we had a busy weekend playing tour guide.

Friday evening we took them to the Manly Harbour Village Halloween Street Party. Loads of people dressed up (kids and adults) and joined in with the 'spooky street parade' at dusk. There were kids rides, live entertainment, dancers, street performers, and all in all it was a great atmosphere.



We'd booked a table at the Boats restaurant which overlooks Manly parade so we had a great view of proceedings as we were waiting for our meal to arrive.



We later went to Rach's work (boat club) for a drink before proceeding home, and we came out of the club just in time to see the closing fireworks. A pretty good welcome to Australia for Frances and Rob I reckon.

On Saturday, which turned out to be one of the hottest days so far this Spring, we took them down to South Bank and spent some time on the city beach and in the lagoons. We later returned home and went in the pool, before finishing the evening off with a customary barbie and a few beers.

On Sunday I managed to get some work done while Rach and Lauren took them to SeaWorld.

Frances and Rob have now gone up north to the Great Barrier Reef for a few days. If they think it's hot in Brisbane they're in for a shock up there!

Monday, October 27, 2008

Stevie Wonder

On Saturday night we went to see Stevie Wonder in concert at the Brisbane Entertainment Centre.

Being one of my all-time favourite artists, this was a rare treat, and he didn't disappoint. Both Stevie and his band were magnificent.

There were a couple of small let downs. First, while he got through most of his hits, he didn't do some of my favourite songs, such as 'Do I Do' and 'Blowin' in the Wind' (yes, I know that last one was a Bob Dylan cover), instead choosing to sing some more obscure songs which I, and everyone else judging by the lack of reaction, didn't know. They were still good though. Second, he let some 14 year old competition winner go up and sing 'I Just Called to Say I Love You', and she killed it (not in the good way).

He did a few jazz numbers, which is always fine by me, making use of the wide range of instruments in his band. He even started off with a Miles Davis number, showing off his skills on the harmonica.

All in all it was a really good night - 2 and a half hours of great music.

Maybe, Just Maybe

As the Chelsea v Liverpool game was on at midnight our time last night I recorded it and watched it before work this morning.

With Chelsea being unbeaten in the league at Stamford Bridge for 86 games, I was expecting yet another goalless or 1-1 draw between the two sides.

Incidentally, the last team to beat Chelsea at home, 4 and a half years ago, was Arsenal, and they went on to win the title.

You never know, you just never know.

Friday, October 17, 2008

I've Got Brain Ache

I'm very busy on the work front at the moment, both in my day job and with the internet business.

In my day job I'm involved in a major, very complex, government PKI project. PKI stands for Public Key Infrastructure and is basically a set of systems that can be used for issuing and signing digital certificates that can be used for encryption, authentication and other security type things. The thing about PKI is it's all about trust. If you're going to use a digital certificate to encrypt your communications, or use it for authentication (such as to gain access to a website, or even to a building by putting the certificate on a building access card) both you, and the owner of the systems, need to have confidence that the certificate hasn't been compromised in any way.

What this means is that every aspect of how the certificate is created, issued, renewed, revoked, used, and stored has to be managed in a way that covers all the potential security risks.

My job is to create a framework of rules around the entire PKI, covering everything from the physical security of the buildings and servers which will host the PKI, the security procedures for the operation of the PKI, the HR procedures to ensure the people operating the PKI can be trusted, to the technical security controls of the particular systems.

The framework has to be specific enough so it covers all the risks, but generic enough so that the PKI can be future-proof and used for multiple different purposes.

I've also got to write the audit procedures so that they can get an outside auditor to come in and carry out annual audits of every Certificate Authority that wants to operate under the PKI (of which there may be many covering multiple government agencies) in accordance with the procedures I've written.

To say it's making my head hurt is an understatement. There's particular international standards that I need to make sure it complies with, as well as fitting in with government standards around authentication and identity management.

My little brain is struggling to cope!

As for our internet business. IPChitChat is doing pretty well. We've had some good feedback on the new site, and most importantly, revenue was up for last month considerably from Sept 2007. We're still some way from making a full-time living out of it but it's growing, slowly but surely.

We've also launched EzeeQuit, which is more of an experiment than anything else. Probably won't be a long term venture but it demonstrated we can now react to new opportunities and get an e-commerce site up relatively quickly.

We've also changed the name of our company. We originally registered the company as Autonomy Business Solutions Ltd when we had the idea of creating an IT Managed Service for medium to small businesses. Our business model has changed considerably since then and we're now concentrating on building internet-based brands.

We're really interested in the whole new phenomenon of cloud computing, the whole idea of applications moving away from the desktop to being purely web-based. With that in mind we've now changed our business name to NetCloud Ltd, which we believe better reflects the ethos of the business. We couldn't get netcloud.co.uk so our domain name for NetCloud Ltd is www.netcloudgroup.co.uk. This is ok as NetCloud will effectively be a group of companies under the netcloud banner. There's not much on that website yet but it will grow as our underlying businesses grow.



So our existing websites are keeping us busy, there's day-to-day management of the site, marketing and development of more features, as well as troubleshooting the odd issue that comes up here and there. I'm currently putting together the next newsletter for IPChitChat which you can sign up for on our site.

And of course there's the development of our next sites. The social networking site I've mentioned previously has been completed (to some degree) by the developers we hired in India, and I'm now working on developing features and content. Not sure when we'll get this one off the ground as it's a major project but it's certainly an exciting prospect.

We also have a couple more ideas for e-commerce sites that we're investigating.

All in all life is busy on all fronts.

Who's Got My Go Card?

Yesterday when I went to get on the bus to work I realised I'd forgotten my Go card, which is basically an electronic card you can use with the Brisbane transport system - I can top the balance up online and simply touch on and off buses and trains, and it automatically gets deducted (it's basically an RFID card like the Oyster system in London).

Anyway I had a look round for it this morning and couldn't find it, so I went online to check the last transaction. It seems some cheeky twat has been using it for the last 2 days. I can see that he/she got on a bus this morning on my route and got off in the city, obviously using my card to get to work and back.

I've rang up and cancelled it but of course, it's not as simple as cancelling the card and sending me a new one. I have to order a new one (which will cost $10), and then complete and post a form for them to transfer the balance of the account from the old card to the new one. All of which will probably take weeks knowing how council departments work.

I'm not sure whether I lost it or someone pick-pocketed me. I've realised it must have been Wednesday evening. I remember Wednesday evening because we had a monsoon. I got off the bus to walk the remaining distance home and got caught up in absolutely amazing freak weather conditions. Apparently during that brief storm, which lasted about an hour, we had over 3000 lightning strikes.

I've never seen anything like it. Only muggins here was stupid enough to be outside walking the streets in it. I remember having this gut feeling that I was going to be struck by lightning any second, as everyone else was inside or in their car (apparently your car is the safest place to be during lightning). Also, living in sunny climes I didn't have a jacket or umbrella with me so I was absolutely drenched by the time I got home. At least it was warm rain.

According to this Brisbane Times story it dumped down nearly 60mm of rain in that 1 hour and 32,000 homes lost power.

Wednesday, October 08, 2008

Introducing EzeeQuit.co.uk

I am pleased to announce the launch of our latest website - www.EzeeQuit.co.uk

You may have heard news stories, such as featured on the front page of bbc.co.uk/news today, about the revolutionary Electronic Cigarette. This product is win-win for smokers and non-smokers alike as it allows smokers to beat the smoking ban in pubs, whilst it offers no risks from passive-smoking as it doesn't emit smoke, like a traditional cigarette.

We have Electronic Cigarette Starter Kits in stock now and depending upon the interest we'll be looking at adding other related products.

Tuesday, September 23, 2008

Bribie Island

Continuing our quest to discover Brisbane and the surrounding areas, on Sunday we spent the day at Bribie Island. Bribie Island is approx an hour's drive north of Brisbane and the only Island close to Brisbane that is connected by a bridge.

We started out at Bongaree which is on the South East of the Island. Being on the sheltered side of Bribie this is a lovely little village that is ideal for young kids, as there's virtually no surf. There's a small beach with a pier, which is surrounded by parklands with plenty of BBQ areas and children's play areas.





From Bongaree you can get a view of the bridge back to the mainland. Also, you'll have to take my word for it because I forgot to take a photo but to the left of this image there would be a view of the Glasshouse Mountains in the background..



After having lunch at Bongaree, we then drove 7km straight across to the west side of the Island to Woorim. Whereas Bongaree is ideal for the small kids, Woorim is great for the big kids (me), as there is plenty of surf to play in but nothing too scary..



Although Lauren is like a fish in the pool she's still wary of the ocean...





More of our photo's on Flickr

Strange Coincidence

Back in Sydney again. Just a flying visit this time (24 hours). At the airport I heard the announcement "Darren Gough please proceed immediately to Gate 39". Of course I had a look round to see if, unlikely as it would be, it was THE Darren Gough. The strange coincidence is that when I got to my hotel and turned on the tele, Sky News came up and scrolling across the bottom in the news ticker were the words "Darren Gough retires from Cricket"!

Could Darren Gough be celebrating his retirement with an holiday down under?

By the way the Hotel I'm staying in now is the same one that the Australian Idol contestants stayed in. Not that I watch that drivel :-)

Tuesday, September 09, 2008

An Englishman Abroad

Typical Englishman abroad. Steve McClaren has only been in Holland 6 weeks and he's already doing the pigeon English thing. They should put this stuff in a Rough Guides guidebook. If you are an Englishman on holiday in a non-English speaking country, simply speak slower and louder at Johnny Foreigner. Failing that, try speaking in the accent of your host, that's bound to work, the non-English speaker will understand you perfectly!

Monday, September 08, 2008

Father's Day at Icon

Yesterday it was Father's Day here in Australia, and so for a treat we went for Lunch with George, Julie and Reyce to Icon at Raby Bay.

We'll definitely be returning to Icon again. The food was fantastic, especially given it was a buffet. Usually at buffets you end up getting the cheap cuts of meat, but not so at Icon. It was only $30 per head for adults and $15 for kids and the quality of steaks, salmon, prawns, etc was superb. After sharing a bottle of wine and a few beers we made our way home to continue drinking in the garden. Back to business as usual for Sundays then!

Some pics...




More pics on Flickr

Sunday, September 07, 2008

Manly Harbour Festival

Yesterday, Rach said she wanted to get some spring cleaning done so I took Lauren down to the Manly Harbour Festival. Here's a few pics:

A little something for the adults...


And a little something for the kids...





This is a view of the rear of Rachelle's work. You can see two cranes - one is dredging and the other is pulling out piles - making ready for the new extension to the marina...


We also had a drive round the corner to Wynumm so Lauren could have a swim in the Wading Pool. This is the first time we've been there since it has been refurbished. I didn't realise how huge it is...


Lauren was the only one brave enough to take a swim. It's still too cold for the Aussies (and me)...



I'm really jealous of Rach getting to work here (certainly beats my view of office blocks)...


I couldn't believe how quiet it was. It was a bit windy but was still a beautiful day - we definitely needed the sun tan cream.


More photo's on flickr

Friday, September 05, 2008

Brisbane RiverFestival Weekend

A few of our pictures from last weekend...

On Saturday we had planned to go on board HMB Endeavour - the replica of Captain Cook's ship which visiting Brisbane for a few days, but we got there a little late as Lauren attended a friend's birthday party in the afternoon. Plus, we couldn't be arsed to queue for an hour so instead we spent some time on Portside Wharf where HMB Endeavour was berthed.


On Saturday night Rach went out with the girls whilst myself and George babysat for the girls, and watched the RiverFire fireworks on telly. Seemed very different watching it on telly after being there last year.

We were both feeling a little rough on Sunday morning, but nevertheless we got up and went down to South Bank for the free breakfast BBQ that was being held on Goodwill Bridge.


Afterwards, we walked across into the CBD and checked out Brisbane Library. Very funky indeed. There's more computers and Plasma screens than books!


We then walked over Victoria Bridge back to South Bank and went to the Brisbane International Boat Show being held at the convention centre.



Afterwards, we went for a late lunch at a greek restaurant in South Bank.

More photo's on flickr

Wednesday, September 03, 2008

The Aussie Immigraton Map

Gettingdownunder.com has a handy immigration map for anyone wishing to emigrate to Australia...

Google Chrome

Google has finally entered the Internet Browser market with the release of Google Chrome. Only time will tell to see if it can compete with Internet Explorer in terms of market share. For me, Firefox is the best browser out there but it still only has a 20% share of the market - even IE6 which is ancient in Internet years has a bigger share of the market than Firefox.

Will Google be able to leverage its search engine dominance to make Chrome bigger than IE?

I've downloaded and tested Chrome. My first thoughts were I like the clean look and feel. Secondly, it's clearly faster than both Firefox and IE, which is a major bonus. I also like the fact that each tab acts as its own 'sandbox', so that if a website causes the browser to crash, which happens a lot in IE and Firefox, it will only cause that tab to crash and not the entire browser.

So does that mean that I'll ditch Firefox and start using Chrome? Not likely yet. The biggest draw for me with Firefox is the plugins. There are currently no plugins or extensions for Chrome. That means no easy del.icio.us bookmarking, no stumbleupon toolbar, no Better Gmail, no GTDInbox for gmail, and no Firebug, to name but a few of the plugins I rely on. As Chrome is open-source I'm sure it will only be a matter of time before the plugins start appearing.

Also Chrome is only currently available for Windows, although a Mac version is in the works.

Hopefully by the time the Mac version is released they'll also have some decent plugins, in which case Google Chrome it will be.

Monday, August 25, 2008

A Games to Remember

It was only 4 years ago, yet I can remember very little about the 2004 Athens Olympics. Some of the sporting achievements stick out, such as Kelly Holmes winning 2 Gold Medals, the Men's 4x100 team winning Gold, and the discovery of Amir Khan. However, I can hardly remember a thing about the 2004 opening and closing ceremonies.

I'm sure I won't be saying the same about the Beijing Olympics 4 years from now.

China certainly pulled all the stops out to make this probably the most enjoyable Olympics ever. Of course, it's not so hard to pull off an amazing show when you can throw unlimited money at it; the cost of the Beijing Olympics was over twice the budget for the London Olympics. I guess it's easier to raise the funds when you've got a single-party political system.

I've certainly never been as engrossed in the Olympics as I was this time round. There were so many amazing moments. It helps of course that Team GB did outstandingly well, and I also had the bonus of being able to support the Australian athletes.

It will be good to get an early night tonight after staying up most nights after midnight following the coverage. I'm glad I did though. It wouldn't have been the same watching Usain Bolt break both the 100m and 200m world records in a replay the day after.

Last night's closing ceremony certainly lived up to expectations after the amazing opening ceremony. I'm not too sure about the 8 minute London contribution though. They were never going to be able to compete with the grand majesty of what Beijing were offering, nor should they. But to say that 8 minute segment alone cost £2.5 million, I was expecting a little more. Perhaps I was expecting David Beckham to kick the ball 200ft into the air only for it to explode with a thousand Union Jack parachutes descending into the stadium? Seriously though it wasn't so much what they did, it was the general theme that I found a little disappointing. Please, give it a rest with the stereotypical stuff (it doesn't always rain in London (thanks to global warming), and not everyone goes to work on a red London bus). Also, give it a rest pushing London's cultural diversity down our throats. Yes, we know London is a conglomerate of lots of different ethnic communities, but so is Sydney, and New York, and Paris, and most other major capitals around the globe these days.

I really hope that in 2012 they try to be less funky and concentrate more on celebrating British history and culture. Britain's got an amazing story to tell - think Shakespeare, Newton, Darwin, Raleigh, Drake, The Battle of Britain, The Beatles, the countless inventions and discoveries, and not forgetting the sports that Britain gave to the world - football, cricket, tennis, golf, rugby, even Table Tennis, to name but a few.

Don't get me wrong, I did enjoy the London handover bit even though it was a little cringeworthy. I thought 'Whole Lotta Love' went down pretty well, and although it's getting a bit tired dragging Beckham out each time for these events, it probably was appropriate given his involvement in the bid as well as the fact that he is bigger than Jesus in Asia. Not just Asia, he draws a crowd everywhere. LA Galaxy are playing in Brisbane later on this year and you can bet that the stadium will be completely sold out.

Roll on 2012. I tell you though, if the opening ceremony of 2012 involves a thousand mixed-race kids wearing bowler hats and singing in cockney accents I'll happily surrender my British passport for good!

Wednesday, August 20, 2008

Aussie 'Sour Grapes'

I've just been watching this video on the BBC website about supposed Aussie sour grapes over the success of team GB. If you get any Aussies throwing out the same line that 'it's not England, you can only beat us if you combine your countries', just point out to them that most of Australia's golds have come from Queenslanders. In fact, my home town of Brisbane is doing pretty well. Brisbane's Stephanie Rice is bringing home 3 gold medals. We're all very proud!

Actually, the Aussie sour grapes aren't as bad as the UK media makes out. The news reporters over here have expressed surprise at how well team GB as done, but I have found when I've watched the games that if Australia isn't represented in a particular event they do get behind the Brits. I've even heard the words 'the Brits are awesome this year' come out of the TV.

It's all to do with the Commonwealth you see. I think I've heard the word 'Commonwealth' mentioned more times in the 15 months I've lived in Australia than the entire 32 years I lived in the UK. I thought the 'Commonwealth' was pretty much a dead term only to be brought out for the Commonwealth games, until I arrived here. Not so, the antipodeans love it. Australian federal law is even known as Australian Commonwealth Law, which is passed in the Australian Commonwealth Parliament.

I wonder if the Commonwealth would be more important to Britain if GB wasn't part of the EU?

I'm happy to support both GB and Australia in the Olympics, which, as the time of writing, puts my personal Gold tally at 27 - more than the US!

UK National Risk Register

The UK Cabinet Office has now made public information from the previously classified UK National Risk Register. This is available at http://www.cabinetoffice.gov.uk/reports/national_risk_register.aspx.


This seems to backup what many scientists have been saying. The greatest risk to the UK is not terrorism, or even global warming. It's an Influenza Pandemic.

Monday, August 18, 2008

US Media 'Spins' Olympics Medal Table

I find it pretty cynical that whilst the rest of the world's media is following the IOC official Medal Table, i.e. ranking countries by Gold, then Silver, then Bronze, which currently puts China at the top, the big US media companies are instead ranking countries by total medals won, which of course puts the US in the #1 position.

Come on American, face up to it, the world order is changing. The 20th Century may be known as America's Century but things are quickly changing, and I'm not just talking about sport. The Olympics medal table as always been a good indicator for the general world order - and all the indicators point in the direction of the US heading south. Just look at the decline of the US dollar.

Now I'm not a proponent of the European Union forming an EU olympics team, but just imaging if they did, I can't be bothered to count up the total medals of the 25 EU nations but a quick glance at the medals table tells you that a EU team would have more than twice the amount of medals as the US. Now there's an idea, albeit not a good one.

With most of the Athletics events still to come there's a good chance that the US will still finish at the top of the table, using both methods of ranking, given that China's medal hopes come mainly from non-Track and Field events. It would be nice though if China did end up with more Golds and more total medals than the US. How would ESPN, NBC, CNN/SI, etc manipulate the tables to put the US top then?

Wednesday, August 13, 2008

IPChitChat is now LIVE!!!

I am pleased to announce that after months of development, our new website - www.ipchitchat.co.uk - is now live!

We originally hired a web developer to build this site but it didn't work out too well. His work turned out to be really shoddy. It's our own fault, we should have done better due diligence when choosing the developer.

After getting rid of the web developer there was so much work to do to try and get the site looking the way we wanted that we decided it would be quicker to start again. I'd learnt so much trying to fix the work he had done that I had confidence that I could do a better job myself. I'm not sure I'd do it again. You wouldn't believe the amount of hours work it takes to create a site such as this, particularly when it's all open-source (using free software) to save money. If we'd have spent a fortune on a top e-commerce system then I'm sure it would have only took half the time.

Anyway, it has taken a lot longer than planned to get this site up and running, and there may still be the odd bug or two that we need to iron out, but I'm happy with the results.

So how does this differ to our old site - ipchichat.com, you might ask? Well, it's like comparing a Mac to a ZX Spectrum. The old site was completely built by hand using html. None of the site is database driven and we had to use a third-party to provide our shopping cart and checkout.

In the new site, the whole site is run using a proper content management system. Everything is database driven, making it much easier to manage and make changes to the site on the fly. We've integrated a proper shopping cart system, and now have our own SSL certificate so users can checkout within the site. We've got a blog, a download area - where users can download user guides, firmware, etc. Users can properly manage their account information on the site, and see their order history. We've got different account types for regular shoppers, corporate accounts, and resellers; meaning that users will automatically get discounts on products depending on their account type. We've got an help-desk system where users can submit support requests, and they will receive a support ticket, which is managed through our Customer Relationship Management (CRM) system. The list goes on. We've also greatly extended the range of products we offer.

Over the coming months we've also got plans to introduce even more features.

Check it out at www.ipchitchat.co.uk - you can even sign up to our e-mail newsletter.

Friday, July 25, 2008

Evolution of Wedding Dance

First there was the Evolution of Dance. Now there's the Evolution of Wedding Dance. I nearly pissed myself watching this....

Sunday, July 20, 2008

Christmas in July

There seems to be a load of christmas movies on TV at the moment. Apparently it's quite traditional over here - Christmas in July.

It is the middle of Winter but it's still a bit strange watching White Christmas when it's 23 degrees C outside!

Thursday, July 17, 2008

Finally on ADSL

After 14 months of trying, we've finally been able to get ADSL. Hooray!!

I've been applying fairly regularly ever since we arrived in Oz but kept receiving the same reply - "no available ports on the exchange".

However, after being told ADSL had been activated for my line (it only took a couple of days), getting it working wasn't without a few hiccups. I spent about 5 hours on the phone to my ISP over the weekend trying to get it working. I'd configured my router exactly as instructed, and I could see from the logs that ADSL was active with the correct link speeds in both directions, it just wouldn't connect to the PPPoE Server at the ISP.

The first idiot that I spoke to at the ISP was certain that it must be a problem with my router. I new it was't, but they wouldn't escalate the call any further until I tried out another router. So I had to go out and buy a second router. I got it home, plugged it in and configured it and of course, still wouldn't connect. So I got on to my ISP again and then for about 3 hours they kept swapping me between customer services and technical support; technical support passed me to customer services because they thought the line hadn't been activated because they couldn't see any codes on the line (even though I could see it was activated from my own logs), and customer services passed me back to technical support because they had confirmation from Telstra that the line was activated. I got passed back and forth 3 times. I swear they do it on purpose to rack up the cost of my call to their premium number support line.

Eventually they realised it must be a problem on the line and they would need to escalate it to Telstra (similar to BT in the UK).

The next day, I discovered that my phone line was completely dead - couldn't even get a dial tone. So I got in touch with the ISP but they couldn't do anything and told me to ring Telstra. The thing is, Telstra aren't my phone company, my contract is with Optus. If I were to ring Optus and mention the problems I had with ADSL they would surely just tell me to ring my ISP as it must be related to that call. If I were to ring Telstra they would just tell me to ring Optus as I'm not a customer of Telstra. I decided to just wait and see what happens.

2 days later the phone line is still down, so I'm just about to ring my ISP when I hear on the news that the entire Optus network (phone, internet, mobile) is down in Queensland and parts of New South Wales. As it turned out a digger had cut through a fibre optic core line on the Gold Coast. It caused havoc - even to the point where Brisbane airport had to shut down operations due to no communications. What about the backup line you may ask, where was the resiliance? Well, this incident happened at exactly the time when their backup line was also down due to a completely unrelated hardware failure. A one in a million incident according to Optus.

When the Optus network came back up, I went home, checked my line and low and behold I had ADSL!

I've now ended up with 3 wireless routers. The third one is one I bought a couple of weeks ago after discovering that my Mac couldn't connect to my original wireless router due to a conflict between the chipsets. I still wanted to use my original router because it's a good one (Draytek Vigor 2600g) so I just went a purchased an extra wireless access point that I new I'd be able to connect to - an Apple Airport Express. What I discovered this week though, and I really don't know why this didn't dawn on me in the first place, is that just as my Mac can't connect wirelessly to my Draytek router, the Apple Express can't either because it uses the same chipset. The money I've wasted this week is unreal.

They other 2 routers won't go to waste though. I've decided on a configuration like this if I can get it to work:

Telephone connected into my Dlink wireless router downstairs.

Draytek router upstairs acting as a wireless client. This will have have a fixed ethernet connection to my spare PC (that I use for extra storage). It will also have a fixed ethernet connection to my SIP Voice over IP Phone so that I can make free calls to the UK. Furthermore I'll be able to plug in my printer to the USB port on the router so that I can do wireless printing.

As for the Apple router, this will also be a wireless client on the network and I'll be able to use the USB port on this to plug in my external hard drive so I'll have another wireless storage device. I use this in conjunction with Time Machine on my mac which automatically backs up my data every hour.

All very well in theory...

Let the torrent downloads commence (only for legal distributions of course :-})!

Saturday, July 05, 2008

Google Street View

Google is facing a tough time when it comes to privacy. Only 2 days ago Google lost a court case with Viacom (the parent company of MTV and Paramount Pictures) where the judge ruled that they must hand over the log files detailing everyone who has ever accessed a YouTube video. This ruling could set a dangerous precedent. It effectively forces one company to hand over personal user information to another company (Viacom is a company after all, not a federal agency) containing personal information related to millions of users around the world. Google is appealing the decision and requesting that it be allowed to anonymise the data.

We may have the Privacy Act in Australia, and the Data Protection Act in the UK, but that means absolutely nothing when your data is hosted on a server in the US. It's clear to me that there's now a desparate need for international laws governing data privacy.

In another blow to Google, Google's plans to launch Google Street View in the UK is being referred to the Information Commissioner. Google Street View is criticised by privacy advocates because it could potentially show the faces of individuals. Google can remove the image on request, which it has done for many instances in the US, but in the UK there is an argument that this could breach the Data Protection Act because they're not getting the user's consent before using the image.

Google is currently trialling facial recognition software in the hopes of being able to automatically pixalate the face of anyone that might show up in it's images.

By the way, you may not have seen the following picture. Google have taken this down now but the original photo (below) accidentally caught someone pulling a gun out on a kid at the side of the road.



I personally think Google Street Views is amazing and I can't wait for it to come to Australia. If you thing Google Earth is good check out Google Street View!

BBC - Google Faces Street Views Block
BBC - Google Must Divulge YouTube Log

Jaxtr - Making International Calls Easy

I've finally found the perfect service for the Expat. Jaxtr is a service which makes international calls easier, cheaper and much more convenient. It basically means that I can now make calls to the UK from my Australian mobile phone at a cheaper rate than calling from my home phone - even cheaper than using a calling card!

It works by assigning you a local number in your country that you can call, which is then switched through jaxtr's VoIP network to the destination number you have assigned overseas. So for instance, I simply go in to Jaxtr and enter my Dad's phone number in the UK, it then assigns me a local Australian number that I can use that will get forwarded to my Dad's number. Calling UK numbers from Australia using Jaxtr costs 1 jax per minute, and you can purchase 1000 jax for $10 US, so basically it costs 1c per minute. Of course you still have the cost of ringing the local Australian number, but on my Vodafone plan I get $150 worth of call for $29 so that's also really good.


Jaxtr works with most of the countries around the world and from my tests the call quality is really good.

http://www.jaxtr.com

Home for a Short Weekend

I'm currently sat in the departure lounge at Canberra airport with a 3 hour wait for my flight. Luckily I'm sat at a table that's near a bar, and also has a power socket I can use, so the combination of my laptop and Crown Lager should see me through. It feels weird travelling home on a Saturday though. There won't be much of a weekend left when I get home.

I'm glad I stuck around for today's exercise as it was really enjoyable. The hacking exercise was a lot harder than I expected. The goal was to capture 4 flags. These were basically text files called flag1.txt, flag2.txt etc that were stored on the each of 4 servers on the target network. Each of the flags had a 'phrase that pays' and the end goal was to get the full phrase that pays and be the first person to whisper it into the ear of the instructor. Two of the servers were Windows servers and two were Linux. I was fairly confident I'd be able to handle the Windows Servers (I did used to be a Microsoft Enginner after all) but it was the Linux Server that worried me. My Linux skills are quite rudimentary and there were some really experienced techies in the class who I new I had no chance of beating. Suffice to say I didn't win the competition. Nor did I manage to get all the flags in the alloted time. I did manage to get 3 out of the 4 though.

The Windows servers turned out be fairly easy to exploit. The first one that I managed to connect to had the old null sessions vulnerability so I was able to connect to it using an anonymous account. Once I had a netbios session I was able to enumerate the accounts and grab a copy of the SAM password list. I then used a password cracker to crack an account that had admin privilages and then simply mapped a drive to it. Easy peasy.

The other servers weren't that easy. One of the servers had some firewall or routing restrictions so it was only accessible from one of the other servers. So I had to compromise one server and then use that has a launching pad to compromise the other server. To make things trickier still, it turned out that one of the flags.txt files was hidden. There's a thing called NTFS Alternate Data Streams on Windows where it's possibly to hide a file in the data stream of another file or directory. So when you browse the file directory it's completely hidden. You can't even use file comparisons to detect the hidden file has it doesn't affect the file size or checksum of the file that it's attached to. After a few hints I did manage to find it using a tool that discovers these hidden data streams, and also found a few other hacking tools hidden within the same directory that I could use to compromise one of the other servers.

One of the other servers had a buffer overflow vulnerability so I used Metasploit to exploit that server and get a command shell.

That's about as far as I got. 3 out of 4 isn't bad but I didn't get the full phrase. After the instructor explained how to do it I realised I could have been at it for days. One of the exploits was ridiculously hard. It involved carrying out a cross-site scripting attack (XSS), but it wasn't as simply as launching the attack from my PC against the server. No, it involved compromising one server, generating traffic from that server to another server, and then sniffing the traffic off the network to grab the session cookies and then using the session cookies as part of the attack. That would have took me days to figure out!

Anyway, the day was very geeky but thorougly enjoyable and challenging. The 6 days course has been great but no one can really come out of a 6 day course and become a professional hacker or penetration tester. We've covered dozens of hacking tools in the 6 days so of course there's a limit to the depth that you can go into for each tool given the alloted time. Now I have the fundamentals I'll need to dig into the tools and techniques in detail and keep practicing to hone my skills. Luckily these days with VMWare I can easily do that by simulating an whole network on my laptop. All week I was running Windows XP and Red Hat Linux in virtual machines as guest operating systems whilst still using my Mac OSX Leoopard operating system as the host, and didn't have any problems - basically running 3 different PC's on my one mac.

One of the things that I'll take away from this course is that it doesn't take the latest and greatest malware (viruses, etc) to compromise a system. Some of the best hackers simply use the in-built administration tools already resident on the systems. That way there's little danger of triggering off the anti-virus software or intrusion prevention software. For instance, the WMIC (Windows Management Instrumentation Command-Line) tool resident in all modern versions of Windows is a fantastic legitimate windows scripting tool that can be manipulated to do all sorts of nasty stuff.

Anyway, hopefully I'll be able to put some of these new skills into practice on some real clients some time soon.

Thursday, July 03, 2008

Hacking in Canberra

This week I've made my first visit to our nation's capital - Canberra - for a 6-day course in Hacker Techniques, Exploits and Incident Handling.

Canberra is a strange little city. It seems to me to be a cross-between Washington and Milton Keynes, in that it's clearly a Government town; the Federal government being the largest employer in this capital city which has only a population of 300,000. Yet like Milton Keynes, Canberra has an artificial feel to it. You can see the planning and design - it's not a city that has grown organically like most others. It's even got some of the same 60's carbuncles as Milton Keynes!

I've come to Canberra completely ill-prepared for the freezing temperatures. It's about 13 degrees C in the day but it drops down to zero at night. I new what the temperatures would be before I arrived and I thought I'd be ok, after all I am from the UK! However, I didn't realise how much I've acclimatised to the Queensland weather over the past year. 13 degrees C feels to me like -5 did in the UK! All I've brought is a thin jacket and some jeans and t-shirts. I didn't even pack a jumper.

Because it's so cold, tonight has been the first evening that I've dared to venture out. I had a gander around the city centre (which isn't much bigger than Doncaster town centre) and then went to the flicks to watch Hancock. I had planned to see the Indiana Jones film but the timing didn't work out very well, so then it was a toss-up between Hancock and Sex and the City. No contest - I couldn't bear the thought of sitting through 2 hours of self-obsessed women talking about shoes and Prada handbags.

I was pleasantly surprised with Hancock. I thought it was just going to be just another dumb superhero movie but it was actually really good. Of course the action scenes and special effects were good, that's a given, but this added in a really funny script, as well as some character development and a few twists and turns to boot. Definitely one I'd recommend for 90 minutes of pure escapism. I plan on seeing Indian Jones tomorrow night, If I can be brave enough to go out into the cold again. I'm not expecting anything great from Indian Jones and the blah blah whatever-it-is as most of the reviews I've read have been pretty damning. I'll try and keep an open mind.

Being holed up in the National Convention Centre each days means I haven't had chance to take in any of the sights of Canberra. All the things I'd like to see are only open during the day. I'll probably come back here sometime in the future with Rach & Lauren. In particular I'd love to take a tour of Parliament House and the National Museum of Australia.

As for the course, i've really enjoyed it. Over the past few months I've been quite dissolusioned with my career and frankly have been getting bored to death of doing security compliance work. This course has re-awakened the geek inside me and allowed me to get back to my technical roots. Learning the technicalities of how to break into systems is much more fun that just learning how to defend them!

As much as the content of the course has been really good and up-to-date, the best bit about the course so far has been having access to the knowledge and experience of our tutor - Bryce Galbraith. Bryce is very much an expert in this industry and is a contributing author to the bestselling book 'Hacking Exposed: Network Security Secrets & Solutions'. He has worked with a ton of Fortune 500 companies and has also worked on Foundstone's world renowned Attack and Penetration team.

Of course I had a decent knowledge of hacking before I came on this course (you're not much of a security consultant if you don't know how the bad guys exploit the vulnerabilities you're telling companies to fix), but this course has significantly enhanced my knowledge and brought it up to date with the latest exploits and attack vectors. I'm looking forward to Saturday when we get to put all we've learnt into practice with a live 'capture the flag' exercise - where we all compete to hack into a system.

I tell you, there's some scary stuff happening out there and there's a good reason to be paranoid about your computer security. A lot of the myths around security have been dispelled this week. Do you think I can't get around your personal firewall? Think again! Do you think I can't sniff your traffic on a switched network? Think again! You think your wireless network is secure because you've enabled WPA2 instead of WEP? Think again!

It's a shame this damn code of ethics prevents me from using my knowledge for evil. I could be rich in no time!

Thursday, June 26, 2008

PCI QSA

This week I've been in Sydney on a training course to become a Qualified Security Assessor (QSA) for the Payment Cards Industry Data Security Standard (PCI-DSS).

The PCI-DSS is a standard jointly devised by VISA, Mastercard, American Express, JCB and Discover that details the security controls that must be in place to protect credit card data from electronic or paper theft. Any company that processes, stores or transmits credit card data is now obliged to be compliant with PCI-DSS, and any company that isn't compliant are at risk of losing their merchant status (ability to accept credit cards) and suffering a fine. As you can imagine, losing merchant status would mean end of business for many companies so this is a very big thing.

As a QSA I will be carrying out audits of the larger merchants and providing a Report on Compliance (ROC) to their aquiring bank to testify whether or not they comply. This is something I have to take very seriously because if I report that a company is compliant and then they get hacked, any fine incurred by the merchant could be passed on to my company if it can be proven that my report was innaccurate. So any company that choses me as their QSA should not expect to get an easy ride!

Only the larger merchants have to be audited by a QSA; smaller merchants can submit a completed Self-Assessment Questionnaire (SAQ) to their bank. However, if the bank is unhappy with the answers in the SAQ they will tell the merchant that they are non-compliant, as many merchants are now discovering.

It's not just merchants that I'll be able to audit either. The banks themselves, classed as Service Providers, and other companies that process payments up the chain from the merchants could also be subject to my microscope.

The requirements of PCI-DSS are quite stringent and for smaller merchants can be highly complex. In the last couple of years I've been helping companies implement compliance programs to meet the requirements of PCI-DSS and accurately complete their SAQ. Becoming a QSA takes me to the next level and authorises me to audit companies on behalf of the Payment Card Industry Security Standards Council. Although I'm a QSA I only retain my status as a QSA whilst working for a QSA Company (QSAC). Vica-versa the company I'm working for will only retain their QSAC status whilst it has QSA's in its employment, which at the moment is me and one other.

I'm not quite there yet, I've sat the course and met all the other requirements, and yesterday I sat the exam, from which I'll get the results in the next 2 weeks. I'm also waiting for my police checks to come back. I'm not expecting any problems (I'll have some explaining to do to my company if I've failed either of them!).

The course itself was quite interesting. I was already familiar with a lot of it as I've been working with the standard for the last 2 years but it did help clarify a lot of questions I had over the grey areas in the standard. I also learnt a few cool tricks such as how to find credit card numbers and a formula that can be applied to discover whether or not a number that you're looking at is in fact a valid credit card number or not. Quite a nice party trick (for a very geeky party!).

I'm on a 6-day hacking course in Canberra next week so that knowledge combined with my PCI knowledge should make me a valuable resource for the Russian Mafia. Just kidding!

Wednesday, June 11, 2008

Taking a Bite of the Apple

I'm now the proud owner of a new Apple MacBook Pro. It's actually the first computer I've bought in about 8 years as I usually just use the laptop provided by work. But now that I'm doing web development work, both at home and at work, I needed something that I could rely on and a machine that wouldn't start dying after having half a dozen windows open.


It's also the first time I've used a mac. After using Windows ever since Windows 3.1 it takes a bit of getting used to because everything is different, but, in most cases I've got to admit it's better on the mac.

The macbook is expensive but I've managed to a deal with work where I get it through salary sacrifice. Doing it this way I don't have to pay GST (10%) and it gets paid out of my pre-tax salary, meaning all together a saving of approx 35%. what's more I can pay it over 3 months. This is the first company I've worked for where they have a policy where you can use your personal laptop as your work laptop (as long as it meets the security requirements) so it works out really well. They've allowed me to purchase a copy of VMware on expenses which means I can now run a copy of Windows XP in a virtual session on my mac, so I can still use the Microsoft Office applications without having to fork out for a copy of Office 2008 for the Mac. Funnily enough, Windows now runs faster on my mac with a load of Mac applications open at the same time than it ever did on my last XP laptop.

Now I'm considering the ultimate accompaniment to my mac - the iPhone 2, which was announced on Monday and is headings it way to Australia on July 11th. I watched Steve Jobs' keynote speech where he announced the worst kept secret of the year. The new iPhone does look pretty good, and finally at a reasonable price ($199).

Sunday, May 25, 2008

Grant is Gone

Who would be a football manager? It seems that coming second in the Premier League and making the final of the Champions League (something Mourinho didn't manage for Chelsea) isn't good enough if you're a manager for a club that's owned by a billionaire.

Sadly, it looks like the top clubs in the EPL are going to start suffering the same fate as Real Madrid and Barcelona, with a constantly revolving door ushering in a new Manager each season. It pains me to say it being a Liverpool supporter, but you've got to admire Manchester United. Alex Ferguson achieved tremendous success in the 90's but in the last few years when Man Utd played second fiddle to Chelsea and Arsenal the board at Man Utd kept faith with their manager. It makes you wonder how many more seasons Wenger could last in the current climate if he doesn't deliver the Premiership trophy for Arsenal again.

I'd be embarrassed to be a Chelsea fan right now. Where is the heart and soul of the club? How can you support a club whose formula for success is to pour hundreds of millions of pounds into the club and then sack the Manager if he doesn't achieve miracles within months of joining?

It's a sad state of affairs.

Saturday, May 24, 2008

A Year Down Under

Yesterday was the 1st anniversary of our arrival in Australia. I was going to do a big blog post to mark the occasion but I can't be arsed - too busy working on my website. Suffice to say it's been a fantastic first year - everything we hoped for and more. There are lots of positives and very few negatives.

We do miss everyone but there's definitely no going back!

Thursday, May 22, 2008

AusCERT 2008

On Wednesday I attended AusCERT 2008. AusCERT is an annual conference for the IT Security industry organised by the Australian Computer Emergency Response Team. Held at the plush surroundings of the Crown Plaza Royal Pines Resort on the Gold Coast, the event is a chance for vendors such as Check Point, Microsoft, Symantec, CA, and the likes to show off their wares, and also a chance to hear presentations from industry leaders, as well as get some free training to boot (although it's not free). Representatives from such luminaries as the US Department of Homeland Security and NSA were also in attendance.

The event is similar to an annual event I used to attend in the UK - InfoSecurity Europe - which is held at the London Olympia. Although AusCERT is not nearly the size of InfoSecurity Europe.

I was pretty disappointed by AusCERT 2008. I thought I might have made a bad choice with the presentations I attended but after speaking to others the general consensus was that it was pretty crappy all round. There were a couple of gems in their but mostly it was presenters telling me stuff I already new. A lot of the presentations were too high-level to be of any value.

Every year you find that there's a new theme - a new subject which is getting the industry in a flap. This year it was web 2.0 security. This is not surprising really with the amount of stories you hear about privacy issues around Facebook, MySpace and other similar social networks that are able to harvest vast amounts of personal data. I advise everyone to be very careful about what information they put on social networks. Even if you set up your privacy settings properly it doesn't necessarily mean that your data is safe.

A combination of factors means that your data could still be at risk. The look and feel of Facebook is slick because it uses AJAX - a web scripting language for which hackers keep finding new vulnerabilities. Also, many of the applications that you may add to your Facebook, such as FunWall, aren't built by Facebook, they are built by third parties. Meaning that these third party applications, that Facebook has little control over, is also accessing your private data and could be doing anything with it, as this BBC article explains.

The one presentation that I did find interesting was presented by the Standard Chartered Bank and was an overview of their project to roll-out two-factor authentication for their customers across 15 countries. I know many banks have been trailing this for a while now but not many banks have actually implemented it due to the cost and administration issues around issuing and managing tokens. However, this is set to change as they slowly get over the issues; and as the take-up of internet banking continues to increase, so does the risk of internet fraud.

So if you use internet banking you're probably likely to find that the way you log-on is set to change in the next couple of years.

Two-factor authentication means that when you use internet banking, instead of just presenting your username and password, and maybe some secondary information like the 1st and 4th character in your PIN (this is all classed as one-factor authentication - something you know), you will also require a second factor of authentication, such as something you have, or less commonly, something you are (biometric identification such as fingerprint, face scan, retina scan, etc). The most common implementation of two-factor authentication is using a token that creates a One-Time-Password. The bank would issue you a token which displays a randomly generated number, This number is usually either generated when you press a button, or it's a number that constantly changes every 60 seconds or so. By entering the number displayed on the LED screen on your token, you're proving that the person authenticating to internet banking is the person that was issued the token, i.e. you, or so the theory goes. Obviously it's not fool-proof, but it does add another level of security to the process.

Many companies use two-factor authentication for employee remote access to their networks. One of the big issues with token-based two-factor authentication is the cost of the tokens and the management of them. This is particularly a problem when you're using it in a business to customer (B2C) environment like a bank, when you may have to issues tokens to 1 or 2 million customers.

To get around this, another option is to use the customer's mobile phone as the 'something you have' device. So for instance, when entering internet banking a text message could be sent to your mobile phone with a random number that you would enter into the internet banking login screen. Alternatively, there's a thing called IVR callback, which basically means that you would receive an automated phone call from your bank which would say something like 'Someone is attempting to log on to your internet banking account, if this is you, press 1'.

None of these methods are fool-proof - they all have an element of risk. For instance, when it comes to using mobile phones for two-factor authentication you're then relying on a third party - the telecommunications provider - as part of the process.

Anyway, the findings from their surveys were quite interesting, as was the story the presenter told about banking fraud in Malaysia.

Some of the other presentations were dire though.

One presenter, who was doing a presentation about the security risk management lifecycle, I swear must have based her presentation skills on David Brent in The Office. At one point, to the amazement of all of us, she actually picked up a bag full of some stupid plastic keys that they were handing out to everyone with their branding on it, and dramatically threw them across the stage. As they scattered everywhere across the stage she shouted 'You see people, how on earth can you get a grip of your network if you're having to manage that many applications' or something like that. I was gobsmacked and had to stop myself from laughing out loud. What did she think she was proving by that display? Didn't she feel a bit stupid that she now had to go and pick all of those keys up?

The good points about the day was 1) we got served a really nice meal at lunch time, and 2) I came home with some freebies, although one of these was a Microsoft t-shirt which has the words 'Microsoft: Our Security Rocks' printed on it, which I thought was a bit ironic given the awful reputation of Microsoft's security.

End of Recorded Programme


As the Champions League Final was on in the middle of the night our time I recorded it on Foxtel IQ (same as Sky+ in the UK) to watch when I got home from work tonight. What a game. The first 20 minutes were cagey but the rest of the game was gripping. When it entered extra time I new this game was set on for a penalty shoot-out - it was just too close to call. I was on the edge of my seat in extra time - both teams had a number of chances and you could see they were giving it all they had even though cramp was setting in and they were all struggling with the awful pitch, made worse by the weather conditions. Then in the 114th minute it all kicked off, a big fracas erupted but there was so much going on you couldn't really see who was doing what. And then... 'End of recorded programme'. God, Foxtel pisses me off!

It kind of took the excitement out of the penalty shoot-out when I had to turn to the Internet to find out what happened.

Sunday, May 18, 2008

The Commission


I've just finished reading 'The Commission: The Uncensored History of the 9/11 Investigation' by New York Times reporter Philip Shenon. This fascinating book gives a behind the scenes insight into the 9/11 commission's investigation, and provides a context for the well-documented omissions and distortions in the final report that continue to fire the 9/11 conspiracy theories.

The book itself is a gripping read. Many of the chapters read like a novel; particularly in the first chapter which tells the story of how Sandy Berger, former National Security Advisor to President Clinton, stole classified documents from the National Archives.

The main point you get from the book is that because of the bi-partisan make-up of the commission, and the determination of the Commission's Republican Chairman and Democrat Vice-Chairman to produce a report that rises above partisan politics and does not assign blame, some of the significant facts found during the investigation, which would certainly have damaged Bush and his top echelon, were merely assigned to footnotes in the final report.

The chapter that amazed me the most was the one that covered the emergency response to the World Trade Centre attacks in New York and in particular the acts of Rudy Giuliani - the Mayor of New York on Sept 11th 2001.

If you remember, Rudy Giuliani became a local and national hero after 9/11. Seen by the public as the great leader who led New York, and America, through the tragedy of 9/11 while George Bush fled to the skies in the safety of Air Force One.

As it turns out, according to Philip Shenon, Rudy Giuliani's hero status was a fortunate consequence of his own inept actions. In 1998 Mayor Giuliani was building a forty six thousand square foot Emergency Command Centre for himself and his senior staff dubbed "The Bunker". The press at the time had a field day lambasting the project, criticising the cost of the construction as an example of Giuliani's oversized ego. The press also criticised the planned location of "The Bunker". The command centre was going to be built in, of all places, the World Trade Centre complex - the site of a terrorist bombing only 5 years earlier and what was still regarded as top of the list on many terrorist's target lists. The building would be built in WTC building 7 - directly across from the twin towers. Not only that, even though it was dubbed "The Bunker", the command centre was actually to be situated on the 23rd floor, with panoramic views out to lower Manhattan.

So as Philip Shennon points out in the book, what was to happen on September 11th was all too predictable:

"Giuliani never managed to get to the command center in the chaos of the attacks that morning. By about 9:30am, before either of the twin towers collapsed, everyone in the command center was ordered to evacuate to the street because of fears that more hijacked planes were heading for Manhattan. The crisis center was shut down because there was a crisis. In a final bit of irony, it was determined that a fire that later destroyed WTC 7 on September 11 was probably caused by the rupture of the building's special diesel fuel tanks; the tanks that had been installed to provide emergency power the mayor's command center.

On September 11, with the command center shut down, Giuliani and his top aides were left with no obvious place to gather away from City Hall. That left the mayor on the street, resulting in the heroically iconic image of the soot-covered Giuliani leading hundreds of other New Yorkers to safety as he walked north through the gray clouds of debris unleashed by the collapse of the Twin Towers."

On May 19th 2004, the Commission had the opportunity to tackle Giuliani about this in the commission's public hearing which interviewed Giuliani and the chiefs of the emergency services. However, the commissioners wimped out because of what happened the day before. On the 18th May the commissioners interviewed the chiefs of the emergency services and heavily criticised them for the disastrous crisis plan and mis-management on the day of the attacks. The overt criticisms galvanised the press and public, as the hearings were being held in New York, to lambast the Commission. How dare they criticise 'our hero's of 9/11'. So after the scathing attacks back at them, when it came to interviewing Giuliani in the public hearing on May 19th, instead of criticising Giuliani and challenging him, the Commission heaped praise on him for being a great leader.

That response on May 19th was evocative of the entire handling of the investigation and the final report; no one was to be assigned blame.

The area that the book focuses most on though, and the story which I believe has had most criticism since Philip Shenon published this book, is Philip Shenon's portrayal of Philip Zelikow - the Executive Director of the Commission - and his obvious conflicts of interest and his attempts, in Shenon's view, to manipulate the investigation and the final report into avoiding any criticisms of the Bush presidency and his senior staff.

The conflicts of interest are obvious and according to Shenon, it was due to a lack of proper background checks on Zelikow by the Commission's chairman and vice-chairman, that meant his conflicts of interest were unknown to the commission when they appointed him as Executive Director. The conflicts of interest were made even more significant due to the way Zelikow ran the investigation. As much as the 10 commissioner's (5 Republican, 5 Democrat) were the public face of the commission, it was ultimately Zelikow who ran the investigation; deciding who was to be interviewed, what line the investigation would take, and ultimately what was to be included in the final report.

It comes as no surprise then that the final report lacked any criticism of Bush and particularly, Condoleezza Rice, when you learn that not only was Zelikow a close friend of Condoleeza Rice, but he was also on the transition team when Bush took office in the White House, and was the main contributor the to paper that changed America's National Security Strategy, which for the first time introduced the doctrine of pre-emptive attacks. These facts are significant and, according to Shennon, help explain why Zekikow:
  • Broke the Commission rules and repeatedly telephoned both Rice and Karl Rove, Bush's chief advisor', behind the back of the commission.
  • Attempted to steer the commission into making links between the 9/11 attacks and Saddam Hussein even though there was no evidence to support the links.
  • Managed to shield Rice from criticism in the final report even though there was clear evidence that, as Bush's National Security Advisor, Rice received clear warnings from the CIA in the months leading up to 9/11 about an imminent attack by Al Qaeda against America, yet did absolutely nothing to act on those warnings. Including the now famous August 6th PDB (Presidential Daily Briefing) which warned of possible terrorist hijackings of commercial airliners and intelligence that terrorists were carrying out surveillance on buildings in Manhattan.
Other revelations in the book included: the fact that the commission left the investigation of the the NSA's vast archives until the last minute and therefore only managed to read a fraction of the intelligence; how Dick Cheney, as the Vice-President, gave a shoot-down order on the morning of 9/11 which was unconstitutional (Dick Cheney claims that he was acting on behalf of Bush but there was no evidence to corroborate Cheney's assertion); and how the final report failed to fully emphasise the abysmal failings of the FBI largely because the new FBI Director managed to schmooze the commissioners into believing that he could change the FBI for the better and there was no reason to break it up, which was certainly in the minds of the commissioners when they first learned of the FBI's bumblings.

All in all the book is a fascinating read and I highly recommend it if, like me, you're intrigued by everything surrounding 9/11.