Airline fined over website cookie consent

Pinsent Masons carried a story recently regarding an airline being fined for a poor cookie consent mechanism on their website (1). Although the fine is relatively small it hopefully highlights the fact that authorities are taking note of complaints against websites.

For some years now it has been necessary to declare cookies and have a mechanism to gain consent, but many websites are sadly lacking, some really badly. I’ve ranted about this in the past and when I was still working I always tried to ensure our websites were compliant.

The case in hand (2) is one where the website in question told users how to block cookies but had no consent mechanism. It was pointed out that there needs to be a mechanism whereby cookies can be rejected, as well as options to enable all cookies or to enable just specific ones.

From my own checks on websites some are really good, some so-so, and some down right awful. Among the best I’ve seen are ones that have a very simple consent mechanism at the bottom of the page with checkboxes for each type of cookie, as well as a ‘reject all’ button. Among the worst are those that throw up a large popup which gives little choice other than to accept their cookies with no way into the site without so doing. Some, typically media websites seem to burden the user with vast lists of partners with a ‘yes / no’ button against each. I have to say that when I find these latter types I take a screenshot for reference, and then wave goodbye. I also regularly clear my cookie cache so I don’t get stalked by adverts.

(1) https://www.pinsentmasons.com/out-law/news/airline-fined-over-cookie-consent-mechanism

(2) https://www.aepd.es/resoluciones/PS-00300-2019_ORI.pdf

Under attack?

My little VPS went crazy yesterday. Unresponsive, it took ages to log in. I quickly discovered multiple attacks, some attacks on WordPress’s xmlrpc.php and wp-login.php, a sustained attack on imaps from China and several concurrent brute force ssh attacks all at once. The poor little VPS kept running out of memory which caused it to kill off memory hogs – generally Apache and Mysql. At the stage I should add – and probably question my sanity – that it’s good fun thwarting such things and I’ve been doing similar for 10+ years…

Then I discovered that the out of band access to the VPS wasn’t working and I assumed this to be a part of the greater whole. It wasn’t.

My provider, Heart Internet has very good technical support. I’ve used them for ages for my own VPS as well as professionally, as have others partly due to the fact that I recommended them, something I very rarely do. They came up with a very detailed analysis. First off, an Ubuntu upgrade had knobbled /dev/ttyS0 so no out of band access and this was not the fault of the attack, I’d just never needed to use it so was unaware. A quick fiddle in the GRUB config sorted that. Next, the VM framework was itself suffering a high i/o load and that was causing my VPS to pause. These pauses then made matters worse as it seems that mysql inserts were queueing up and then went in with a bang when the VPS got some CPU time again. That, plus the WordPress attack caused the memory killer to terminate Apache and mysql causing further issues when they restarted. This was not eased by my watchdog process that restarts any failed PHP scripts which spend their life pulling in railway data and stuffing it into a mysql db meaning that as soon as mysqld went back in the PHP process would drag in a bag load of data and fire off tons of inserts.

To add insult to injury fail2ban, er, failed to ban. It had upgraded itself at some stage to a non-working state and I really could not spent the time reading the docs to find out what it needed, so it got purged and denyhosts, which I used to use anyway was installed and is working nicely. Not quite the same thing, but ideal for ssh attacks as it simply adds the IPs to /etc/hosts.deny. I still used iptables when, for example I see zillions of spam injections, but those are infrequent and sort themselves out in any case. But it’s still nice to see them suddenly stop when I can be bothered to look.

Having tidied up the little beggars via iptables and protecting the bits of WordPress that were under attack, and with the VM framework finally calmed down by the provider my VPS could once more tick along quite nicely at its usual load of, well, pretty much zero.

Fun nonetheless. Perhaps I’m just weird!

Cellular woes

The mobile provider we use is having issues right now with no data or voice services across the UK and including issues for those abroad using UK based accounts. It might be wider still. Of course there is no news from the provider and their website is apparently down for maintenance.

It happens. No doubt there will be some explanation in due course.

Twitter is alight – always a good source of gossip and alerts. But alerts on Twitter that fire off to a hashtag generate other issues. People use those hashtags to peddle their own, unrelated crud. And then there are confusing messages such as ‘Latest Trending in UK : “Three network down”. Find it on Amazon! ‘. But in general here is where Twitter comes into its own if you can cut through the dross.

Of course, there are numerous Tweets about the poor service with people saying they will leave and how bad it all is. There was one good Tweet from someone who said it’s the first outage they have seen in years and to wait it out. And that’s all you can do. Cellular networks are complex animals, and remember if something has a 99% uptime it can be down for more than three whole days a year, and all at the same time! Things go wrong.

Of course, I can still talk to the world via my amateur radio kit, running off batteries if needed, 24/7 with no other technology involved… just saying. Ok, joking apart it is worrying that we are increasingly pushing emergency communications onto cellular providers who are private entities responsible to their shareholders and not to us with what I am guessing are multiple single points of failure able to take down the whole country in one go.

IP camera password reset

I had some time today to finally change the webcam that looks over our driveway. I got a PoE security camera from an eBay trader a while ago but only plugged it in once for testing. There must have been default password which is now lost. So, you can reset these things, right?

First problem – there’s no hardware reset at all. Not that much hope via Google (or, rather duckduckgo which I use now) other than having to email stuff to the manufacturer. I tried a password resetter found on GitHUB but it does not work.

Ok, what do I need to do… 

First, get their software. Oh it’s only Windows, so fire up the old Windows laptop and wait for it to do it’s booting up updates and sort itself out, usually at least 5 minutes.

Next, run the software and select ‘forgot password’ at which stage I can download some XML or take a photo of a QR code. These go to the manufacturer.

Next, download their PDF which has to be filled in. Find the laptop does not have Acrobat Reader, so go and get that. IE insists on opening…

Next, find out that their software does not let you copy text from the various fields needed for filling in their PDF. Ok, it will export to CSV so do that.

Next, open the CSV into Excel, which for some reason thinks it’s unlicensed and sticks in read only mode. Discover that for some reason read only mode also means no copying!

Next, close and restart Excel to sort its licence out, and finally copy the relevant fields into the PDF.

Last, send an email with the PDF and the XML and wonder why the XMP does not include all the fields you have to type into their PDF.

Finally, turn laptop off and wait for it to do its updates, only 10 minutes this time.

Notice and autoreply from the company that the email has been received but suggesting I contact the local branch in the UK. Forward the email and wonder why they don’t simply say that in their instructions anyway…

Honestly, the time it has taken for me to do this far exceeds the cost of the camera. If the password reset code does not come within a day it would actually be cheaper to simply buy a new camera on one-day delivery!

Good grief…

Edit: so, the reset key arrived. It does not work.

Enquiry forms

If someone goes to the trouble of creating a web based enquiry form I consider it reasonable that said someone would also create some form of acknowledgement on submission, rather than just send the visitor back to the home page! Honestly, its really not hard.

Exit Sky box stage left…

I finally cancelled Sky recently after fretting over it for far too long – no fault of Sky, we just don’t watch that much Sky content now. Anyway, this rendered the Sky+HD box useless as it will no longer record, or indeed play already recorded content, even non-Sky stuff. No biggie, and the box was free after all. So I got a Freeview Play recorder.

I decided to tidy the cabling up ready for the new box and that’s where the day suddenly got longer…

First off, the amount of dust! I dare say that there is no dust left anywhere on Earth other than behind our TV. Clearly it all came here and settled. I guess I should have been prepared as one of the hamsters once ran under the TV unit and emerged a completely different colour… poor thing, it took me ages to clean her up. Ok, vacuum at the ready, dust gone.

The wires. For some reason unknown to me (even though I did it) I used the two longest Ethernet cables I had to connect the TV and the DVD, and both were intertwined with everything. Ok, so let’s get rid of those for starters. Then there is a gigabit Ethernet switch sat in the dust because there were not enough outlets – fitted 4 and needed 5. As the Sky box is gone I no longer needed the two CT125 satellite cables and outlet (well, more hole really as the outlet would not fit so the cables just carry on out the hole) which I replaced with a dual Cat5 socket. Why were there ever two different colour standards for Cat5 cabling and why did I never write down the one I used? Ok, pull a faceplate off and check… right, ‘A’, write it down. Ok later. Ok I took a photo at least.

Terminating these new cables in the wiring closet was an act of contortionism. I have a 19” rack bolted to the back wall and a 48-way Cat5 unit installed on a hinge so it can swing out to access the wires. This is great provided nothing is plugged in with cables going to stuff located on top of the rack. Which is what I have of course… so hinging the thing out means also carefully moving the two Ethernet switches on top of the rack as well, and balancing them carefully. Good grief, who designed this set-up… oh, me. Anyway, I got the cables in and yes I did remember to write down what goes where. So, let’s test them. Grabbed the tester from the workshop only to find out the 12V battery is dead and I don’t have a spare. Ugh. Ok, I used the TV to test each socket and both are fine. See how things snowball?

By-bye Ethernet switch and associated wall-wart. Remind me to figure out why I have a 24 port Ethernet switch and an 8 port PoE switch almost full when there are only 15 or so active devices in the house…

Dust – check. Wiring – check. Ethernet cables, shortened and sorted. Ok, the Freeview Play recorder is in place and it was pretty easy to set up.

I wonder if anyone will notice me replacing the now-redundant Sky dish with my 1.2m one with a dual band patch and aiming it at Qo-100…

Home automation

I have three ‘onewire’ temperature sensors running up from the hot water cylinder and central heating pump to a Raspberry Pi in the loft. These record the water temperature going round the central heating, as well as that going into the hot water cylinder and the temperature of the pipe back to the boiler. The Pi records these every minute.

Nothing whizzy in any of that, it’s all standard stuff. Only I discovered that the temperature readings make a lot more sense if the sensors are actually on the pipes and not sitting in a pile of fluff on the floor! Ah…

New broadband

Just switched broadband providers to a deal half the price for 12 months. Funny how you never re-check stuff though. I had carefully put two outgoing rules in the previous hub for my VoIP phone. While adding these into the new hub I realised that there is already a rule allowing any device any outgoing connections so that was rather a waste of time! Oh well…

Anti-Vibration gloves

Anti-vibration gloves

After spending hours cleaning metalwork with a wire brush in a grinder and suffering as a result I decided to get a pair of anti-vibration gloves. I wasn’t really sure how good these could be, I mean you still need to hold the grinder, but after a similar number of hours they do seem to work well. Last time I had to take an increasing number of breaks to rest during the work but this time I only had to rest because of me overheating. Of course, I was still talking regular rests anyway – you absolutely must – but no shakes or pins and needles this time. Yes I did read up on hand-arm vibration syndrome (HAVS) and I was already aware of the risks but this kind of protection is really worthwhile and does not cost that much.

The ones I got are from Port West, others are of course available and results for you may differ from mine – this is my experience only so treat as such.

Why do they design sites this way!

Another brain dead website, an estate agent this time. Filling in the contact-me form it pops up the usual Google ‘select all squares that may have had a bike in them last week’ thing. Only it’s hidden under the sliding design so you do not actually know. I found it, but the sliding imagery of their website covers most of the bottom three squares and the buttons, so no way to complete the task.

Good grief. I take it the user testing was somewhat less intensive than that which would have been accomplished merely by showing a screenshot to a brick…