James D. Stallardblog

The London Olympic organisers have decided (dumbly, let face it) to build and then demolish a shooting facility at Woolwich, instead of using the National Shooting Centre at Bisley.

It's a dumb thing to do and without a shadow of doubt the decision was entirely political, rather than remotely sports related.

Olympic shooting disciplines only include Air-Rifle, Air-Pistol, Small Bore Pistol, Small Bore Rifle and Shotgun, at various distances and formats. Bisley is already fitted out for all these types of shooting, because it hosted the shooting sports for the Manchester Commonwealth games a few years ago.

However, this VERY small list of the available shooting disciplines is all catered for at Bisley in perhaps less than 5% of the overall acreage of the site. This means that although Bisley would be a far superior, and far cheaper venue to host the Olympic shooting, the money would only be spent in a relatively small space. Indeed, it is hard to see where the estimated £29m would be spent in actual tangible benefit to the site as a whole.

The BBC recently did a follow up article on the slow recovery of the Mynamar people from a cyclone. The BBC repeatedly referring to the country as Burma, apparently ignoring the change of name in 1989. What concerns is the fact that they interviewed a dozen or so children for the article, every one of which had had it's face smeared with mud, yet were sporting clean clothes, clean hands, clean arms and legs.

Some of the muddy faces had clear adult-sized-finger smear marks on forehead and each cheek.

Other than the clear and terrible squalor these children lived in (for which we must all feel guilt), they appeared well nourished, clean and fully clothed. So, none of the grinding pain of flyblown Ethiopian refugees or corpse-like malnourishment of Bangladeshi flood survivors. So, did the BBC deliberately smear mud on these childrens faces to sex-up their plight, or were they in turn taken in by the local aid agencies?

Have we become so inured to human catastrophe that we have to see bloated stomachs and flies-in-the-faces before we up our donations to charity?

...to recommending that we overwrite our hard drives with...a hammer.

And yet they completely fail to note the therapeutic aspects of beating the crap out of an old hard disk with a lump hammer. I did 2 myself recently and I recommend it to everyone!

Today I received an email from a buddy of mine, who unwisely uses the AVG (www.avg.com) antivirus software. On the bottom of his email was attached this signature:

Internal Virus Database is out of date.
Checked by AVG - http://www.avg.com
Version: 8.0.176 / Virus Database: 270.9.17/1847 - Release Date: 13/12/2008 16:56

So, all anyone has to do is work out which bits of malware are not covered by this version of the database and send it to him to virtually guarantee infection.

Clearly AVG are doing this to shame him into updating his AV; or in his case, purchasing a subscription to take him beyond the free trail received when he bought his new laptop.

Whatever the reason it is not a good idea to be publicising to the world that your AV is out of date and the version in use.

Today, I received notification from a chap in China that the ebay fodder I ordered during a fit of online retail therapy is on its way:

We are excited to inform you that our Ms. Pigeon has started off and covered 25% of its journey. As stated in the Delivery Note, it will take about 10-15 days during the delivery. Please be patient and wait for the arrival of your lovely item.

Fantastic! Here's hoping Ms. Pigeon (note, not Mrs) makes it before christmas!

Just upgraded this to the latest version of the excellent BlogX, and in doing so realised that there are precious few of us still hosting and running our own blogs. I still prefer to do it the old way, and while there is a case for outsourcing here, I just can't bring myself to deal with the security holes in the likes of WordPress. This blog runs on a Windows 2008 VM in my house, and there it'll stay for a while yet methinks.

In copying in the entries to the new database, the autonumber values have of course changed and will have killed the old perma-links. Use the search function to find what you were after, or drop me a line if you can't find it. Comments are back on and the usual Googlebomber attacks are expected (and will be stopped), so go for it.

It is often said that the people get the government they deserve. What is not often said is that the government takes it's revenge on the people in ever more Machiavellian ways. New Labour are particularly adept at this sort of thing, having created many thousands of new laws in the 11 years since they came to power.

Gary Glitter is the worst sort of human being, and it is right in every sense that he should have to pay dearly for his crimes. However (and as unpopular as the view may be), he has paid for those crimes and should be allowed to continue his life - albeit on the sex-offenders register. He should not be hounded and should not be prevented from travelling (it is a basic human right to do so) - although I can’t see many countries being interested in his brand of tourism. The problem, as usual with this government is knee-jerk over-reaction...

If we continue to hound Gary Glitter, the government will change the specific law designed to curb the behaviour of travelling football hooligans and impose a travel ban lasting years, not the six months currently on the statute books. Sure, it's a populist move and will look good to the screaming tabloids who will have something to feel satisfied about while they look for the next crusade. However, no one is thinking of the ramifications, and they are unpleasant indeed

For instance, following the Bichard Inquiry into the Soham murders in August 2002, the law was changed to allow Enhanced Criminal Records Bureau checks to include information that could never be challenged in court, essentially rumour and hearsay. Further, the list of occupations potentially requiring CRB checks has this year been widened to include around 20% of the UK workforce. As a result, a child or vulnerable person making an unsubstantiated accusation, that later is retracted, unproven or proven to be false will still see that accusation attached to the permanent CRB record of the accused. That accusation will taint the accused's life until they die. The recent case of John Pinnington shows that a previously unblemished character can be trashed by the system, without recourse or defence. The case of Jim McCullough, who slapped his 13yr daughter once for terrorising their neighbours is another excellent example. Mr McCullough is now effectively barred from working with children or the vulnerable and the community has lost their long-term volunteer and football coach because he (justifiably, and with the best intentions) disciplined his daughter for grossly unacceptable behaviour.

All these new laws and yet no fewer children hurt buy their abusers.

The worst example of inappropriately used legislation has to be the Regulation of Investigatory Powers Act 2000, which was brought in ostensibly to combat terrorism. The act allows for the interception and storage of all forms of communication, and has allowed the government to apportion the first of billions of pounds to be spent building a huge data silo where all your communications will be stored, and used against you. Hang on, I'm not a terrorist, why is my communication being stored?

The premise is that because the terrorists don’t play fair, we aren't going to either and we'll now be able to get them. Fine, except that for the most part, it isn’t the police or the secret services using these powers to keep us safe, it's the other 792 (as of 2008) agencies (including all 474 councils) using them to pad out their own databases of dog foulers and fly tippers and sell these details on to wheel clampers and junk mailers for a fast profit. Even worse, these personal details are being lost at the rate of 29,000,000 records a year, again without redress. The Data Protection Act has not been updated to keep pace with this massive proliferation and abuse of personal data, and no one is held to account for it's accuracy, misuse or loss

What we should be concerned with is how the populist reaction over Gary Glitter is going to affect us. Will the mooted five year travel ban be misused in years to come to stop those who haven’t built up enough carbon credits from flying to Majorca? Will the CRB occupations check list grow to include anyone who has access to an internet chatroom at work. Will parents have to be vetted before they are allowed to conceive?

The propensity for government to be driven by the loudest voices has resulted in a society where we are watched and controlled far more than anywhere else in the world, yet the crimes for which these laws were enacted have not reduced, and our fear of crime has only increased.

While investigating centralised automation of power management settings for Windows XP, I discovered that it is possible to use POWERCFG.EXE to create a new power management profile scheme with a name of greater than 32 characters. The resultant name cannot be enumerated by POWERCFG.EXE itself or the control panel applet POWERCFG.CPL, suggesting an unchecked buffer, with the possibility of a buffer overflow.

Issue concerns the following:
Windows XP SP3
POWERCFG.CPL v6.00.2900.5512
POWERCFG.EXE v5.1.2600.5512

The problem does not occur in Windows 2003 with the following file versions:
POWERCFG.CPL v6.00.3790.3959
POWERCFG.EXE v5.2.3790.3959

Recreate as follows (use a test machine):
. Command: POWERCFG.EXE /CREATE "012345678901234567890123456789012"
. Command: POWERCFG.EXE /LIST
. Note above command fails to enumerate the new scheme.
. Command: POWERCFG.CPL
. Note GUI fails to enumerate the new scheme.
. Go to HKEY_CURRENT_USER\Control Panel\PowerCfg\PowerPolicies to remove the new scheme, it will be listed under the ID of the highest number.
. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies and remove the key of the same ID as above.

I was developing a tool to perform central management of Windows XP Power Management Settings, to allow a client to reduce their carbon footprint (apparently there are awards to be had for this sort of thing). I had originally planned to create a new power management scheme with the required settings, but in light of the above have opted instead to change the profile of the builtin scheme "Home/Office Desk" as that is always referenced with the numeric ID 0 and already exists on all Windows XP machines. The project was a success and for those interested, further information is available here: http://www.leafgrove.com/news.asp?id=9&articleid=20.

It’s also interesting to note that each time a new scheme is created with the POWERCFG.EXE /CREATE command, it is assigned a unique decimal ID number incremented from the previous one, even if deleted. I'm therefore of the opinion that it might also be possible to overflow another buffer by creating enough new schemes to push the ID beyond the number that can be enumerated by the EXE or the CPL and potentially permanently break the functionality. It remains to be seen if this one will run as far as the malformed malicious ANI issue discovered in March 07 (BuqTraq ID: 23194).

For the benefit of the record, I am very pro-police and very anti erosion of privacy.

The clamour for removal of around 1,000,000 records from the UK national DNA database is a disaster for the police.

There are so many records in the database, and the Police are so bogged down in paperwork, that they have resorted to DNA as the first and almost the only line of enquiry. DNA has become the evidential panacea to the Police and public, when it is far more susceptible to tampering than almost any other kind of evidence.

This has of course resulted in an unacceptably large number of wrongful arrests and wrongful convictions as contamination during collection, analysis and processing is married to the significant number of inaccuracies in the source database itself.

The reasons for the disaster is as follows:

. Innocent people will no longer be available to accuse without actually doing some police work to go and at least check an alibi before arrest. The Police are so tied up with pointless paperwork and targets only a committee could have come up with, that they don’t have the time to go and be Policemen.

. There is a significant risk that inaccuracies in the source database will cause the records of the guilty to be thrown out with those of the innocent. Paradoxically, this will be used an excuse to keep the records of the innocent in the database.

The problems with a pervasive database of DNA are many and serious:
. You as an innocent party can (and will) be accused at any time of any crime, because a small particle of you, floating on the wind, happened to settle in an inconvenient place. Having been accused, the accusation will be kept on file for ever and will be made available to the criminal records bureau (even though you are innocent of any crime) who will silently and without recourse, bar you from any job involving contact (and potential contact) with children or other vulnerable members of society. It has been estimated that one quarter of all jobs in the uk will come under CRB checking, so you could be forced out of work for the rest of your life.

. No one in the civil service cares one iota about who gets their hands on our personal data, because they are not personally held responsible for it’s safety. History has proven time and again that no responsibility and no accountability, absolutely guarantees that sensitive data will fall into the public domain. If a criminal has your DNA records, who knows what they could be used for. Without exclusive access to the one thing that proves who you are, you have no way of resurrecting your identity after yet another security breach.

. This government has created thousands of laws criminalising various behaviours, but done nothing to stop the causes of those behaviours. It has passed laws to make it illegal for you to deny the Police a DNA sample on arrest (on the grounds of breach of privacy, for instance), but has done nothing to criminalise abuse of the records it collects. This has (as in every case) caused otherwise law-abiding people to be branded criminal for simply protecting their privacy in the most innocuous (and previously acceptable) fashion.

The day we are forced to contribute to a national DNA database of every citizen, is the day the innocent and law-abiding start to leave the country. To stop the bad-guys from escaping, would the last one out please close the door.

With the rising cost of fuel impacting everyone's bottom lines and the increasingly good PR to be had, one of my clients asked me to come up with a centrally controlled power management solution for their Windows XP estate of around 3500 machines.

According to a report prepared for the US Environmental Protection Agency "An organization can save $10 to $50 per computer annually by enabling power management features that place a computer monitor into a low-power “sleep” mode during periods of inactivity". In 2008, the US pays 5p per Kilowatt Hour on average, we pay almost double that at 9.5p (source: www.eia.doe.gov and www.uswitch.com), making the savings between £10 and £50 per monitor, per year give or take the exchange rate fluctuations.

Based on those figures, this represented savings of between £35,000 and £174,000 EVERY YEAR, just in power, just in monitors - not forgetting that those figures do not include the machines themselves and the savings in air-conditioning. Indeed, many businesses only require air conditioning to counter the heat created by all those machines and monitors being left fully powered up.

The big reason why Microsoft never implemented Power Management control via GPO is that GPOs are designed to deliver registry integer and string values and for some reason Power Management settings are held as binary values. This has meant that the only solution to date is a specialist application (and custom GPO template) that can perform the translation between GPO-based registry integer and string values, and the Operating System. It's a messy solution at best.

There is an application out there that does GPO based Power Management, but it requires the application to be installed on every machine and a poorly designed Group Policy template; and after testing it for my client I wasn't happy with the functionality or quality, or the number of times I had to reboot my machine after yet another a terminal Dr Watson failure. The only other solution I found is poorly written and requires a software deployment mechanism to get it beyond a limited pilot.

So, I designed and created a new solution.

The new solution is completely (and easily) centrally controllable by group membership and allows you to set as many different combinations of Power Management settings across your IT estate as you like (vastly more flexible than GPOs). The new solution allows you to centrally control Power Management on machines that are not logged on and for users after they log on. The new solution uses the built-in Windows XP APIs and applications to guarantee compatibility across all Windows XP Service Pack levels with no crashes or any unexpected behaviour. The new solution integrates totally into Active Directory on Windows 2000, 2003 and 2008 and is completely transparent to users. Although power management settings are, by default, only changeable by members of the local Administrators and Power Users Groups, a simple alteration can be made that allows this right for your non-priviledged users without further elevation or compromise of your security. A version that can handle Windows 2000 and Windows Vista will be available shortly.

How much is it?
. A one off consultancy fee to attend your site, install and configure it, and train your administrators. Two days is usually sufficient, more might be warranted in large enterprises with complex environments.
. A subscription fee based on a tiny percentage of the savings to be had, per seat, per year. Significant discounts are available for multi-year subscriptions and large numbers of users.

Please contact me at www.leafgrove.com or using the email link on this entry for more information and discounted pricing.