There’s something in your ear!

I almost fell for this scam in India. Two guys approached us and seemingly helpfully told me that he saw something fly in my ear and wanted to help. Before I could say anything he had grabbed my ear lobe and produced a metal instrument to which my wife shouted ‘stop’. I pulled away and adopted a somewhat defensive stance which made the guy step back but continue to say he wanted to help. After this we ignored them and carried on. I searched for this and it is a well known scam that I missed when doing my pre-trip research – typical! If you fall for it the magically produce something that was apparently in your ear and expect a tip.

Indian train ticket scammers

We came across an interesting scam while in New Delhi. The scammer approached me and told me first that our train as delayed by 6 hours – it wasn’t – and next that our tickets were invalid ad we had to go to the tourist office on the second floor. I played along here but there was no second floor. Another scammer, I’m guessing they worked in pairs, then told me that we had to go to the railway’s central office in town and get the ticket changed for a later train. At this stage I got my mobile out and told him I would ring our driver and he could explain to our driver why. Unsurprisingly we were told that the tickets were fine!

But I don’t understand the scam. All that they would have achieved is that we would miss our train, and given ticket sell out days or even weeks in advance we would not be able to buy replacements. So what do they gain personally? Strange people.

Since we returned I have searched and found other scams at railway stations too, including people standing by the x-ray desks and pretending to be railway workers. From memory we did not see anyone around that looked like a genuine railway worker other than the guards on the trains themselves so I would not readily be able to tell if someone was official or not. Some uniforms and IDs would be useful.

Anyway, just be careful. My mistake was I was holding our tickets and that made me a target.

Surgical masks

I do laugh sometimes at eBay adverts. I found one today for surgical masks with a large ‘UK stock’ banner on the main photo. So I had a look in more detail…

And it’s clearly bogus.

The item location is given as China. The listing says that it is a free (postage) service from outside the UK. The seller name is given in English but the address is all given in Chinese. The email (hotmail) account does not match the stated English name in any way. And, of course, the stated address is indeed in China with a full Chinese company trading name to boot.

And the expected date of arrival of these UK stocked masks given today is the 29th January? “Estimated between Tue. 24 Mar. and Thu. 2 Apr.” Oh, right, UK then!

Shunting

I attended an introductory shunting course recently which was great fun but left me with a lot to ponder. Not had a go with the real thing yet – that comes later in part 2. Moving stock around a model layout was both entertaining and quite an eye opener in that the logistics can go horribly wrong with far too many moves being made. It’s one thing to move models, quite another to make the poor shunter run miles round the stock being moved.

I can imagine on part 2 there will be wagons and coaches scattered all over the place, and for real! One thing I do know for sure, I really need more upper body strength!!

Buckeye coupler

Ferrites

Those lumps you see on PC monitor cables and other PC and related cables… yes we know what they are and what they do but here’s proof.

I got a DisplayPort to HDMI cable for a new monitor. It works fine via VGA but why not? Anyway, aside from why on earth the PC has a DisplayPort and not an HDMI, the cable duly arrived. It’s a nice cable in that it has a braided cover, feels well made and the connectors fit well and do not drop out. But no ferrites.

All worked fine with both monitors – one DVI and one HDMI connected – came on fine. But when I key up the FT450D (set to 30W) the HDMI-connected screen goes blank. Completely blank. Black. It comes right back when I de-key. Ugh, no ferrites.

I fitted a decent clip-on to each end with a whole turn of lead in each – no problems since. See? They do work!

Stupid connectors

So, new TV, empty space in bedroom, TV point and Ethernet points nearby, all I had to do was finish the wiring (left unconnected as it was not needed 15 years ago!) and scan for channels. Simple.

OK. So I had a splitter and then found a smaller one so used that. Stuck it to the wall in the airing cupboard, wired in the CT125 coming down from the loft and two TV coax runs to the two bedrooms, and connected the other end of the CT125 to the aerial distribution amp in the wiring closet. Turned the TV on and it began scanning. And found very little. Hmmm. Well, it found the HD channels but would not receive them.

Out with the meter. Connectivity fine from the splitter to the TV, so blamed the splitter and wired in the larger one. Rescanned. Same thing. Got a barrel connector and bypassed the splitter. No difference. Went to the wiring closet and checked the connection there… which I had plugged into the DAB aerial feed input, rather than a TV output!

Put the smaller splitter back in and fitted the cables again and all is well.

Ugh.

Signal box lever work

A lot of my work on the railway this year has been as part of a team building up all the components to make a 27-lever signal box frame. Components from two separate dismantled boxes were gathered from a variety of storage locations on the railway. Shown here are some of the segments prior to them being dismantled.

The various components are shown here placed side by side to ensure there are sufficient parts to make up the frame. Three base sections, the various segments along with segments supporting the locking trays (not shown), and the end castings were then all ready to be sent off for shot blasting.

Levers needed completely stripping down to their component parts. There were two types of lever, the differences being in the foot casting and the end of the catch rod. Each lever consists of a number of components: the foot, the lever itself, the catch rod, catch handle and pins, a spring housing and spring.

As can be seen, the shot blasting had a quite dramatic effect. Here are the levers as returned after being cleaned and primed. The two leftmost levers show the differences – each has a different type of foot and the stop for the catch rod – a square peg on one and round on the other are also different.

The spring housings, shown here on top of the cleaned and primed segments were not sent away and were cleaned by wire brush and files. New spring had to be ordered for these as the originals were mostly in a very poor state.

Assembly of the frame commenced after space was made in the workshop. We tried a few methods of assembly and in the end it proved easiest to place each lever without the catch rods or spring assembly and add those later. Despite losing a few nuts down various holes this work carried on that way.

Here, the first five levers are in place. Only 22 to go…

Assembly continued over a number of weeks, working one day a week. This photo shows the locking trays in place.

Finally, all the levers were in place fully assembled and adjusted to ensure that they moved smoothly. This proved tedious as numerous adjustments had to be made not just to the castings, but also catch rods, levers, and even some of the springs had to be shortened.

The next steps are for the frame to be marked up and dismantled. It will then be sent away for the locking to be built up before coming back to us ready for assembly in the signal box. This story is ongoing and will be continued!

Airline fined over website cookie consent

Pinsent Masons carried a story recently regarding an airline being fined for a poor cookie consent mechanism on their website (1). Although the fine is relatively small it hopefully highlights the fact that authorities are taking note of complaints against websites.

For some years now it has been necessary to declare cookies and have a mechanism to gain consent, but many websites are sadly lacking, some really badly. I’ve ranted about this in the past and when I was still working I always tried to ensure our websites were compliant.

The case in hand (2) is one where the website in question told users how to block cookies but had no consent mechanism. It was pointed out that there needs to be a mechanism whereby cookies can be rejected, as well as options to enable all cookies or to enable just specific ones.

From my own checks on websites some are really good, some so-so, and some down right awful. Among the best I’ve seen are ones that have a very simple consent mechanism at the bottom of the page with checkboxes for each type of cookie, as well as a ‘reject all’ button. Among the worst are those that throw up a large popup which gives little choice other than to accept their cookies with no way into the site without so doing. Some, typically media websites seem to burden the user with vast lists of partners with a ‘yes / no’ button against each. I have to say that when I find these latter types I take a screenshot for reference, and then wave goodbye. I also regularly clear my cookie cache so I don’t get stalked by adverts.

(1) https://www.pinsentmasons.com/out-law/news/airline-fined-over-cookie-consent-mechanism

(2) https://www.aepd.es/resoluciones/PS-00300-2019_ORI.pdf

Under attack?

My little VPS went crazy yesterday. Unresponsive, it took ages to log in. I quickly discovered multiple attacks, some attacks on WordPress’s xmlrpc.php and wp-login.php, a sustained attack on imaps from China and several concurrent brute force ssh attacks all at once. The poor little VPS kept running out of memory which caused it to kill off memory hogs – generally Apache and Mysql. At the stage I should add – and probably question my sanity – that it’s good fun thwarting such things and I’ve been doing similar for 10+ years…

Then I discovered that the out of band access to the VPS wasn’t working and I assumed this to be a part of the greater whole. It wasn’t.

My provider, Heart Internet has very good technical support. I’ve used them for ages for my own VPS as well as professionally, as have others partly due to the fact that I recommended them, something I very rarely do. They came up with a very detailed analysis. First off, an Ubuntu upgrade had knobbled /dev/ttyS0 so no out of band access and this was not the fault of the attack, I’d just never needed to use it so was unaware. A quick fiddle in the GRUB config sorted that. Next, the VM framework was itself suffering a high i/o load and that was causing my VPS to pause. These pauses then made matters worse as it seems that mysql inserts were queueing up and then went in with a bang when the VPS got some CPU time again. That, plus the WordPress attack caused the memory killer to terminate Apache and mysql causing further issues when they restarted. This was not eased by my watchdog process that restarts any failed PHP scripts which spend their life pulling in railway data and stuffing it into a mysql db meaning that as soon as mysqld went back in the PHP process would drag in a bag load of data and fire off tons of inserts.

To add insult to injury fail2ban, er, failed to ban. It had upgraded itself at some stage to a non-working state and I really could not spent the time reading the docs to find out what it needed, so it got purged and denyhosts, which I used to use anyway was installed and is working nicely. Not quite the same thing, but ideal for ssh attacks as it simply adds the IPs to /etc/hosts.deny. I still used iptables when, for example I see zillions of spam injections, but those are infrequent and sort themselves out in any case. But it’s still nice to see them suddenly stop when I can be bothered to look.

Having tidied up the little beggars via iptables and protecting the bits of WordPress that were under attack, and with the VM framework finally calmed down by the provider my VPS could once more tick along quite nicely at its usual load of, well, pretty much zero.

Fun nonetheless. Perhaps I’m just weird!

Cellular woes

The mobile provider we use is having issues right now with no data or voice services across the UK and including issues for those abroad using UK based accounts. It might be wider still. Of course there is no news from the provider and their website is apparently down for maintenance.

It happens. No doubt there will be some explanation in due course.

Twitter is alight – always a good source of gossip and alerts. But alerts on Twitter that fire off to a hashtag generate other issues. People use those hashtags to peddle their own, unrelated crud. And then there are confusing messages such as ‘Latest Trending in UK : “Three network down”. Find it on Amazon! ‘. But in general here is where Twitter comes into its own if you can cut through the dross.

Of course, there are numerous Tweets about the poor service with people saying they will leave and how bad it all is. There was one good Tweet from someone who said it’s the first outage they have seen in years and to wait it out. And that’s all you can do. Cellular networks are complex animals, and remember if something has a 99% uptime it can be down for more than three whole days a year, and all at the same time! Things go wrong.

Of course, I can still talk to the world via my amateur radio kit, running off batteries if needed, 24/7 with no other technology involved… just saying. Ok, joking apart it is worrying that we are increasingly pushing emergency communications onto cellular providers who are private entities responsible to their shareholders and not to us with what I am guessing are multiple single points of failure able to take down the whole country in one go.