Spam emails

On Sunday morning I started receiving a large number of mail delivery notifications for bounced spam emails being sent to random people using my email address as the return sender. I’ve had some emails from (justifiably) angry people about this. If you received one of these emails and followed the domain to end up here then please understand that I did not send these emails to you, nor did they come from any of my computers.

The reason this is happening is that email spammers will find a legitimate email address and use it to send spam from their networks of compromised computers called “botnets“, because the return address is legitimate this helps them bypass spam filters.

If you received one of these emails though, do not follow links they contain and do not open any attachments they might have, doing so will confirm your email address is valid and result in you receiving more spam and attachments often contain viruses that might recruit your PC into the botnet or worse. If you do reply to them it will be to me, not the spammer and I do not have anything to do with them other than that they are using my address without my permission.

I don’t know why they chose my email address, but I know it won’t last long before they will switch to another and carry on trying to make email just about useless for everyone, I just need to ride this one out and delete the backsplash.

The end of XP

Be honest now, are you still using Windows XP? There’s no need to be embarrassed if you are, you aren’t alone, 12 years after it was released Windows XP is still the 2nd most popular operating system in the world with 17% of the market share.

For many years now Microsoft have been encouraging their users onto newer Windows versions such as Vista, 7 and 8, but a lot of people are still very happy with Windows XP and are refusing to budge.

The recession is no doubt partly to blame, new computers are expensive and Windows XP works well on older hardware so why change? Another reason is Microsoft’s own variable release quality, Vista was highly criticised, Windows 7 fixed Vista’s issues and became very popular, but Microsoft moved quickly onto Windows 8 with its new touch interface and bold colours that has put many people off.

However, the problem we now face is that on April 8th 2014 Microsoft will stop supporting Windows XP and many millions of users will be left out in the cold, but what does this mean?

The second Tuesday of the month is marked on many IT professionals calendars as “patch Tuesday“. This is the day when new updates are published to fix bugs and security vulnerabilities recently discovered in Windows operating systems. April 8th 2014 is the last patch Tuesday that will include Windows XP, after this date new vulnerabilities discovered in Windows XP will never be fixed and your computer will be exposed to these vulnerabilities until you upgrade to a newer version of Windows.

What is worse is that black hat hackers watch Microsoft’s movements in the security world with great interest. Often Microsoft are responding to exploits discovered “in the wild”, other times these vulnerabilities are discovered by Microsoft first and so have limited effectiveness against supported operating systems because many will be quickly fixed. However hackers can now look at what is being fixed in Windows Vista/7/8 and you can be guaranteed they will be testing Windows XP to see whether it too is vulnerable.

So what can you do? Ultimately, you will need to upgrade from Windows XP, ideally before April 8th 2014 lands. In some cases this won’t be possible so if you are stuck with Windows XP for the time being then you must be extra vigilant against security threats

Keep your anti-virus updated, make sure you are using 3rd party anti-virus because Microsoft is also ending support for XP in Windows Security Essentials.

Be extra wary of using software from untrusted sources either via downloads or physical media such as USB pen drives. These can carry viruses exploiting XP’s growing number of unpatched vulnerabilities.

Finally, bear in mind that your computer is now overdue for an upgrade.

Keeping Wikipedia going

I recently answered the call for donations splashed up on Wikipedia’s pages out of respect for the fact I’ve used the site for over 10 years and gained a huge amount of value from it pages without ever before giving back more than a few edits which is my bad really. My reasoning was really that simple but I received the following email back after the payment was confirmed.

Dear David,

Thank you for donating to the Wikimedia Foundation. You are wonderful!

It’s easy to ignore our fundraising banners, and I’m really glad you didn’t. This is how Wikipedia pays its bills — people like you giving us money, so we can keep the site freely available for everyone around the world.

People tell me they donate to Wikipedia because they find it useful, and they trust it because even though it’s not perfect, they know it’s written for them. Wikipedia isn’t meant to advance somebody’s PR agenda or push a particular ideology, or to persuade you to believe something that’s not true. We aim to tell the truth, and we can do that because of you. The fact that you fund the site keeps us independent and able to deliver what you need and want from Wikipedia. Exactly as it should be.

You should know: your donation isn’t just covering your own costs. The average donor is paying for his or her own use of Wikipedia, plus the costs of hundreds of other people. Your donation keeps Wikipedia available for an ambitious kid in Bangalore who’s teaching herself computer programming. A middle-aged homemaker in Vienna who’s just been diagnosed with Parkinson’s disease. A novelist researching 1850s Britain. A 10-year-old in San Salvador who’s just discovered Carl Sagan.

On behalf of those people, and the half-billion other readers of Wikipedia and its sister sites and projects, I thank you for joining us in our effort to make the sum of all human knowledge available for everyone. Your donation makes the world a better place. Thank you.

Most people don’t know Wikipedia’s run by a non-profit. Please consider sharing this e-mail with a few of your friends to encourage them to donate too. And if you’re interested, you should try adding some new information to Wikipedia. If you see a typo or other small mistake, please fix it, and if you find something missing, please add it. There are resources here that can help you get started. Don’t worry about making a mistake: that’s normal when people first start editing and if it happens, other Wikipedians will be happy to fix it for you.

I appreciate your trust in us, and I promise you we’ll use your money well.

Thanks,
Sue

I thought I’d share this because it makes some important points about the wider value of Wikipedia that I hadn’t even considered when I made my donation and this might encourage others to help maintain this important resource because it belongs to all of us and it’s made a significant positive difference in the world, maybe even up there with the worldwide web itself. Just food for thought.

Growing the root filesystem on Arch Linux ARM for the Raspberry Pi

Changes to the partition layout in the July 2013 image invalidate the information in this post, please see the comment section for details.

I run Arch Linux on my Raspberry Pi, this defaults to creating a 2GB partition for it’s data which I needed to extend to access the remaining space on my 16GB SD card. I’ll explain how I did this below but only do this on a newly installed Arch installation so if anything goes wrong you do not lose any data.

To start I’m assuming you’ve installed Arch on your SD card, if you haven’t follow this guide to show you how.

Boot Arch on your Raspberry Pi, log in as root on the console or via SSH, either way works fine. To start we will remove the partition containing Arch and replace it with another partition starting in the same location but ending at the end of the SD Card, this will vary depending on the size of the card you have.

[root@alarmpi ~]# fdisk /dev/mmcblk0

In fdisk,

  1. Press ‘p’ to print the partition table, take note of the number in the Start column of the row starting ‘/dev/mmcblk0p2’
  2. Press ‘d’ to delete a partition then enter ‘2’ to choose the second partition
  3. Press ‘n’ to create a new partition, all the default options are fine:
  • Choose ‘primary’ partition type
  • Partition number 2
  • The starting block should be same number you took note of in step 1
  • The default ending block should be the last available block on the SD card, this will vary depending on what size SD card you have

4. Press ‘w’ to write the new partition table and return to the bash prompt

Reboot now to force the kernel to recognise the new partition table.

[root@alarmpi ~]# reboot

After reboot we now we have the same two partitions we started with except that the second partition containing the root filesystem is now larger. However, the root filesystem is still only 2GB so we now need to resize the filesystem in order to fill the partition.

[root@alarmpi ~]# resize2fs /dev/mmcblk0p2

And there you go, you can now run ‘df -h’ to view your new partition sizes! Here’s mine…

[root@alarmpi ~]# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/root        15G  457M   14G   4% /
devtmpfs         51M     0   51M   0% /dev
tmpfs           105M     0  105M   0% /dev/shm
tmpfs           105M  260K  105M   1% /run
tmpfs           105M     0  105M   0% /sys/fs/cgroup
tmpfs           105M     0  105M   0% /tmp
/dev/mmcblk0p1   90M   24M   67M  27% /boot

Banksy Quote

People are taking the piss out of you everyday. They butt into your life, take a cheap shot at you and then disappear. They leer at you from tall buildings and make you feel small. They make flippant comments from buses that imply you’re not sexy enough and that all the fun is happening somewhere else. They are on TV making your girlfriend feel inadequate. They have access to the most sophisticated technology the world has ever seen and they bully you with it. They are The Advertisers and they are laughing at you. You, however, are forbidden to touch them. Trademarks, intellectual property rights and copyright law mean advertisers can say what they like wherever they like with total impunity. Fuck that. Any advert in a public space that gives you no choice whether you see it or not is yours. It’s yours to take, re-arrange and re-use. You can do whatever you like with it. Asking for permission is like asking to keep a rock someone just threw at your head. You owe the companies nothing. Less than nothing, you especially don’t owe them any courtesy. They owe you. They have re-arranged the world to put themselves in front of you. They never asked for your permission, don’t even start asking for theirs.

– Banksy

Fixing the non-moving mouse cursor in Chrome OS Vanilla builds for Virtualbox

I am able boot Hexxeh’s Chrome OS Vanilla builds in Virtualbox but I found the mouse cursor is stuck to the middle of the window.

I was able to solve this problem by selecting “Disable mouse pointer integration” from the Machine menu in Virtualbox’s display window.

You can also toggle this option using “Host” + I, the host is the right-ctrl button by default.

This problem seems to stem from Virtualbox’s feature that maps the cursor position from the host window, with this disabled you now need to click into the Window to allow the guest to capture the mouse and resume control from where you last left the cursor, which is not as nice but hopefully this bug will be fixed someday. However, if you find a better solution to the problem please leave a comment to let us know!

Fixing your preferred browser on (L)Ubuntu systems

I use Lubuntu on my trusty netbook, it’s become a nicely polished OS over the last few versions however it still has a few rough edges. One of which is defining a preferred browser.

The default browser on Lubuntu is Chromium, the unbranded version of Google Chrome. While it’s nice I’m still a hardened Firefox user and so I keep Chromium installed but I don’t use it unless diagnosing a browser-specific issue.

I have Firefox selected in “Preferences > Preferred Applications” as my default browser, however hyper-links in emails were still insisting on opening up in Chromium, which takes time as it’s rarely pre-loaded when I’m using the computer.

To fix this I ran this command in a terminal:

sudo update-alternatives --config x-www-browser

This provides some options for a preferred browser, I had two for Chromium and a third for Firefox, I entered the number for Firefox and from then on, no more closing unwanted browsers!

Un-friending Facebook

On Saturday morning a took a big step when after more than 5 years of continual use, I de-activated my Facebook account for the first time. Very likely not for the last time unfortunately but it is the end of the beginning of the end for me and Facebook.

This action was the latest step in my phased disconnection plan that I initiated a couple of weeks ago when I made the decision to leave. To summarise my reasoning it was on privacy grounds and the issues here are obvious and well covered elsewhere, just search the Internet for Facebook and privacy and you’ll dig up a lot of reasons, which I’m all on-board with.

To avoid social drama from my sudden disappearance, I posted my intentions on my wall so my friends wouldn’t assume it was anything personal, particularly because my security settings should make my disappearance fairly indistinguishable from an un-friending. There seemed to be a bit of support for the idea, hopefully not because they’re happy to see the back of me, but perhaps I will lead others to make similar choices in the near future.

The next steps were removing the app from my Android Smartphone, this was not possible because it came pre-installed so cannot be removed, but it can be disabled which has the same effect. After this I continued using the mobile site for some time, which gave me a better sense of privacy because contained within a browser there is only so much they can do compared with an installed app that demands a lot of direct permissions from the phone, how true this is is debatable but that’s inconsequential now, it was only ever temporary.

I attempted to download my data a few times, this failed on every occasion which really speaks volumes about their commitment to data portability, or lack of it. I managed to get my photos out via Trovebox however and frankly I don’t care too much about the rest.

Finally I came to the test disconnect so I de-activated my account to see what would happen…and so far it’s not much, although it has highlighted a few issues, which is the purpose of the test. The main one so far being that my address book is woefully out-of-date. I cannot trust that most of my contact details are correct for quite a few people who I want to keep in touch with, and the same goes for birthdays, punctuated when I was oblivious to a colleague’s birthday this week while everyone else clearly knew through Facebook. So I started building a new address book on my Owncloud, if I know you don’t be surprised if I ask for contact details at some point!

Once these issues are all behind me I will delete my account permanently and I won’t look back. The experience has been an eye-opener on how dependent we have become on Facebook for so many important things, I only hope that others will choose to see for themselves, it really is a red-pill moment that every one should have to understand why they need to leave Facebook and use the Internet properly how it was designed to be: decentralised, distributed and free.

Although I made my own plan, there are resources available online to help, if you know any other good sites, leave a comment and I’ll add them to this list:

Installing SpiderOak client on a headless 64bit Ubuntu server

SpiderOak is a fine example of secure cloud backup done right, I’ve been a happy paying customer for 3 years and run their client on all my computers but when I came to install it on a new headless server however I ran into problems. For the uninitiated, “headless” means there is no screen, I’m connected via a terminal which cannot handle graphics. Normally the SpiderOak client is a graphical application but it will also run from a terminal, which is a bit of a nasty bodge but at least it works!

When I first installed the Debian package using dpkg, then ran the application for the first time I got this error:

ImportError: libkrb5.so.3: cannot open shared object file: No such file or directory

This should be simple enough to resolve installing libkrb.5-3 from the Ubuntu repositories, but it’s not that simple because although SpiderOak supplies both 32bit and 64bit packages, the software in both packages is 32bit, so you need to install the 32bit version of libkrb5-3, like this:

sudo apt-get install libkrb5-3:i386

Once complete you can continue the SpiderOak setup. Be warned though, running the application without the –setup parameter however will error due to other missing libs, but these are only necessary for running the GUI version of the application.