Password Security (Part 2)

Password Security Is The Foundation Of Computer Security

In password security part 1, I explained about the importance of having a strong password as the first and most important line of defence in any security strategy. I also gave you a site that allowed you to test how secure your password is (testing is essential in security).

In part three I will give you a way to securely store all the many different passwords you will have once you realise why having one password for all your accounts is a seriously bad idea.

But for today, I need to explain what makes a good and memorable password, which will act as your master password.

So let’s start out with why having a single password that you think is pretty solid that you use everywhere (usually attached to an email address) is a bad idea. It’s a fairly simple explanation. Hackers seek this kind of stuff out. Your password gets cracked once, the hacker has access to all of your accounts. They can find out where your email address is used on the web and try every single place.

Next, let’s look at the usual passwords people use. First off, probably the most used password in the world, Password123. OK it’s laughable I know, but it really is used. If we look at it there are 3 things that I can point out, right off the top of my head.

Number one – the first letter is capitalised. Hackers know this and use that information when they use dictionary attacks on password files.

Number 2, the word is a dictionary word. What we are talking about is a fraction of a second for any word in a dictionary used as a password to get cracked.

Number 3, numbers at the end. Once again, because most people do this with passwords, hackers know it and factor it in.

I know this is how people put passwords together because I have had passwords structured exactly like that – and I’m security aware!

An alternative to this may be to use numbers in place of letters where possible, i.e. P455w0rd123. Well guess what? Hackers are onto that too.

So now we know what makes a bad password, but what makes a good one?

First thing is that it is as long as it is allowed to be. What I mean by this is that some systems will have limits on password size – perhaps for example no more than 16 characters.

But for now, let’s assume you can have a longer password. I like to pad my passwords at the front and at the end with numbers. It helps. Next no dictionary words, but we can have a phrase. So I’ll pick a movie title as my example. The move I choose is The hitman’s bodyguard.

Knowing that capitalisation is usually put at the beginning of words I instead put my capitals at the second letter and the second last letter.

I then add in a couple of special characters to replace some of the vowels. Notice I don’t use the same character twice when there are two a’s. This is as a defence against cryptographic analysis (that’s whole ‘nother story and too indepth for here). But notice that in order to remember it, the special characters progression – 3,4,5 on the keyboard or #$%. Also only the e’s and the a’s are replaced with special characters.

The final attribute I would like to point out is a space between body and guard. Spaces are very good to put into passwords – no one ever seems to think of them for some reason.

What we come up with finally is:

12345tH#hitm$nsbody gu%Rd0123

It’s easy to remember (well if you remember the rules that you used to create them).

So that’s the low down on how to create a memorable, yet uncrackable password. Run it through an online password checker and see how many years it would take to crack.

Leaving Windows

Leaving Windows

I recently left Windows For Linux

As a techie, leaving Windows and adopting  a Linux distribution as my everyday operating system was something I was always going to do, but never got round to. I’d run up a few virtual machines every once in a while, played with them a bit, didn’t find a compelling reason to swap over to Linux, so it was never more than a plaything. But then, all of a sudden I made the jump and I was leaving Windows. Linux was no longer a toy; it was my operating system,

Then around the time I did my last laptop refresh, I was doing a bit of penetration testing and created a Linux partition on my hard drive to assist me in this. I resolved to use this for a while see how it went. I switched back to Windows a couple of times, but it was really starting to bug me.

There was the 100% disk utilisation thing that happens when you first log on. You can sort of fix this to a degree, but even when you do you find that in other ways it’s a resource pig. Once you have a few apps open you’re likely using a good chunk of your RAM. Once you load the apps you use, you’re probably looking at 100GB or more of bloatware soaking up space on your hard drive.

By comparison, right now, I am running Ubuntu 19.04. The install, including all of the sofware I use takes up 20GB. I am running a virtual machine, I have a VPN running, Viber,Skype,Firefox with 10 tabs open and this word processor open and my memory usage is running at 33%.

That, in my view is a very light footprint. That’s one advantage. For most people’s daily use, you need a lot less powerful machine to run Linux than Windows. For me, what this means is that I can’t find any practical reason to upgrade my laptop for quite some time. I know I’d like to, because an 8 core processor would be sweet, but fact is the machine I’m using now is doing what I use it for with ease, and it’s nice to step aside from the upgrade cycle that has been forced on users by the cabal of Microsoft and Intel for many years.

However, one thing that Microsoft knew years ago.. people go where the apps are. Apps have kept Microsoft at the top for years. The big two being Word and Excel. Well, it just so happens that every single piece of software I use on Windows has a viable free alternative on Linux.

In fact everything is free on Linux. The operating system is free, as opposed to the licensing fee you pay for Windows and Microsoft software. All software I use is legally free. No more sneakily finding cracks for software.

If I want to use Windows apps there is an emulation program called wine that I use. If I find an app that will only run on Windows, I can run up a Windows virtual machine. Thing is, I have yet to find one of those apps.

Appearance? looks smashing. Check out the image at the top of the page. That’s my desktop. If you like nice interfaces, it’s the one for you. That’s a photo from Bing daily wallpaper by the way. Gives my device a different look every day.

Installation? It’s actually quite easy to install. Of course the problem here is that most people purchase a PC with Windows pre-installed, so it’s something you have to do if you want to try Linux. For an install that is suitable for most people, the install process is no more difficult than installing Windows.

Could the average user make the switch like me and end up leaving Windows as well? Hmmmm, good question. I don’t really know. What Microsoft and Apple have been really good at is creating systems that can be used by non technical users with relative ease. I personally find it easy to use and very polished these days, from the OS install to software installs. However, I think that if something goes wrong, I can fix it. I’m not sure it would be as easy for someone less technical. Bottom line I guess is try it, but only if you have a friend who is a computer wiz.

If you want to find download a linux flavour you can go to distro watch  This will give you endless options. How do you pick one? Well the way I pick is usually on screenshots. If I like the look of something, that does it for me.

Online Store Case Study: Resin Workshops

Online Store Case Study: Resin Workshops

Creating a (very) profitable online store.

Di came to me a couple of years ago when she had an idea for a business – wine art parties. Obviously she came to me because she wanted a website to promote this idea.

Fast forward a couple of years and her original idea has changed slightly. She no longer does wine art parties, she teaches people to make epoxy resin creations (see photos for an idea of what this means).

The workshops she runs have been a runaway success, so much so that she’s been able to walk away from her job and work for herself from home. It’s a dream many of us have – to work for yourself, doing something you love. Unfortunately, very few of us achieve it.

Di came back to me recently because her business was encountering growing pains. In addition to running her very popular and successful workshops, Di sell epoxy resin and colours so that people who have been to her workshops can purchase them and make their own resin creations at home.

Problem is that Di was getting frustrated with the time it took to manually take and process orders. She was feeling a bit snowed under. She wanted to put the products she was selling online and use an online shop to streamline her operations.

Since we had built her site in WordPress, this was relatively easy to do. The obvious choice for ecommerce platform was woocommerce. It’s what I always use when creating an online store.

The main reason I use it is because it is so well supported and has hundreds of additional plugins (some free and some paid) to extend its’ utility.

Di had a Paypal account, so we chose to use the paypal payment gateway. This worked really well for Di. Before she knew it, people were ordering her products and the money was in her paypal account.

I added an Australia post plugin that automatically calculated the shipping associated with the order. All Di had to do now was print out the shipping labels and take the products to the post office for shipping.

Next thing to be done was streamline the booking of Di’s workshops. She called me frustrated one day saying this had to happen as soon as possible, because she had spent 3 hours the day before manually managing booking.

The way Di runs her business presented some challenges, since the workshops have a variable price, depending on which creation the customer wanted to create at the workshops. However, despite the challenges, we managed to create a workable solution and once again Di’s business reaped the benefits of her being able to have customers automatically book and pay for workshops online. No more three hours taking bookings manually.

In Di’s own words “How good is this hey, I just sit here and everyone else does the work, I just add it into my diary and my job is done”. So if you want to be like Di and take hours of admin work out of your day, it’s time to implement a system like Di’s

Retail in Australia is struggling, and one of the reasons it is struggling is the rise of the online store. Di’s business has reaped the benefit of automating her processes and opening her online shop. I think all businesses with an eye to the future should do likewise.

Blank Editor In WordPress  Fix

Blank Editor In WordPress Fix

 

I recently encountered a problem where when I went to edit posts on a wordpress site and found myself in a situation where I had a blank editor. No editing buttons and no text. It looked something like the image at the top of this post.

Naturally the first thing a seasoned professional does in such circumstances is go to the university of Google. I have long since stopped storing things in my head when anyone who is computer savvy can generally find the answer to any problem they are encountering. Of course it is necessary that for this to work you need to have a very solid base in computing, but since I do, I can utilize the university of Google strategy very effectively.

So, a quick look and trying a few solutions, and nothing’s working. I’ve done the standard disable all plugins, changed a few settings in the wpconfig.php file, even replaced the directory in which the tinymce editor is stored, all to no avail.

So what next? When you’re at a dead end, you look for for something in logs that helps you. This is an eternal truth that you know by heart after years troubleshooting computer systems.

In this case we can inspect elements in Firefox. This is easy to do on any web page. You simply right click on the web page and choose inspect element to open up the inspector. You have the same functionality in Chrome by the way; it’s part of any currrent browser.

Inspect element popup menu

Under inspect element there are various options that allow you to look at every aspect of of a web page. Web pages these days are quite complex, with many elements combining to create the active pages that we are used to.

When it comes to WordPress, both on the front end and the back, there is a lot of javascript used. Javascript is a scripting language that is extensively used on web pages.

On the default page – the inspector – we see all of the HTML on the page. Move across one tab  – the console tab – we see any issues associated with the loading of any javascript files.

A bit of background. This site operates via Cloudflare CDN and I’d decided to use Cloudflare to route all my traffic via HTTPS.

This, it turns out is where the problem lies. Once you attempt to use HTTPS, it has a real problem with mixed content, mixed content being any content that is not HTTPS. In this case I see this message, “blocked loading mixed active content”, To the right of the entry, I can tell which javascript file has a problem. No surprises in this case; it’s wp-tinymce.js.

Troubleshooting with Firefox element inspector

Finally I have the information I need to solve this problem. Simply turning off HTTPS until I have addressed the issue of mixed content and I have it fixed. But how do you turn off HTTPS in such a case I hear you ask. Simple. You can edit wp-config.php and add the lines:

define( ‘WP_HOME’, ‘http://www.example.com’ );
define( ‘WP_SITEURL’, ‘http://www.example.com’ );

making sure that the protocol you are using is HTTP.

Altermatively you can go to Settings-> general and change the URL information in the following fields:

URL locations in wordpress

So if you’ve tried everything else to fix the WordPress  blank editor and it hasn’t worked, give this a try. As soon as you see blocked content, you have got to the root cause of the issue.

The solution to this problem also illustrates the troubleshooting process. Logging and inspection is always your friend. It was instantly apparent once I inspected the page where the problem lay. In this case Google had given me nothing, so I had to take these steps. This is an important skill for anyone who seeks to resolve problems they encounter.

As for turning HTTPS on, that happens after a mixed content search and is a story for another day.

Free Stuff! – A Free Word Processor

I like free stuff. Of course the problem with that is that often they don’t meet the standards of what I want from the said product.

When it comes to office products(word processor, spreadsheet) , I have tried Libre Office as a free alternative to Microsoft Word, but frankly it’s not up to speed. I will use it if I have to, but then go back to my old copy of Word 2003.

What I have found recently though is what I would consider a genuine free alternative to the Microsoft Office suite. This is one called WPS Office. It  essentially looks the same as Microsoft Office, which is it’s greatest attribute. I must also add that it reads Microsoft Office documents and saves in Office format as well.

No point describing the workings of the product. A picture tells a thousand words. As you can see from the screen shot below, a word user will feel pretty comfortable with this product.

So if this product looks like something you think would fit your needs for a word processor, why not download it?

https://www.wps.com/download/

One word of warning. Putting on my security hat, this is a Chinese product. I can’t guarantee that the Chinese government hasn’t put backdoors into it. However, this is a universal problem with software moment (I will post the story of Kaspersky and backdoors soon). if you are not doing business with Chinese companies, then no problem.

Disclaimer: I have no association with WPS Office.

Password Security (part 1)

Password security is, to me, the first (and most important) line of defence in the battle against hackers and cyber criminals. It’s also the least high tech, the most ignored and abused line of defence. It’s human nature to look for the super, high tech, bells and whistles, super solution while ignoring the simple.

Let me give this anecdote I heard about the US space program as an example. The US apparently spent over a million dollars trying to develop a biro that would work in space. The Russian simply used pencils.

The thing with passwords is that a weak password breaks strong security. It’s kind of pointless to buy, for example, an expensive edge device (a device that sits on the edge of your network) that is supposed to protect all of your assets and leave the default password on it.

I know what you’re thinking right now. You’re thinking, “no, that never happens”. Well I can tell you, it does. All too often in fact. I can actually direct you to a website where it lists literally thousands of devices that are connected to the internet now that are available for hackers to break into that have the default passwords.

So what is the takeaway of this post? Well to let you know that there are websites that you can actually check your password on.  Believe me these will be an eye opener to most people!

Let’s take an actual password from someone I know – Buffst3r. Now let’s analyse it from a hacker’s point of view. First off, it’s a a social engineer’s wet dream. For those who don’t know, social engineering is where a hacker finds out things about you and uses them to break into your system. For example they look at your Facebook page and find your pets’ names and you kids’ names. This particular password is a variation of a pets’ name. That is number one no-no. Secondly it’s not very complex. It has an upper case character at the beginning.. the most common place  people put upper case characters are at the beginning of passwords – hackers know that. The next thing is that it substitutes a “3” for an “e”. This is know as leetspeak and guess what? Hackers are onto this too.

So we run this password through our trust password checker and find that it will last a whole 3 hours. Sounds secure? not really. It goes like this. Hacker gets up in the morning and sets his computer running on cracking your password.He does whatever else he feels like doing. Then at lunch time, he logs onto your computer.

but anyway, like I said earlier, the takeaway is the website. if you want to check how secure your password is, you can go to https://howsecureismypassword.net/. It will be an eye opener for you.

Now the thing is, once you have secure passwords you will have a problem with remembering them all. Next post I will offer you a solution to that problem.

For more on password security, here is part 2.

How To Use Your Wireless Adapter With VirtualBox Bridge Mode

The ability to use your wireless adapter with Virtualbox bridge mode is a problem that at least a few geeks on the web are asking, yet no one seems to have a convincing answer as to how to configure it.

The solution is in fact fairly simple, and also quite obvious too, once you understand the problem. However I’m still going to make you read an entire article to get the solution. Don’t worry, you will actually get some good insight into the troubleshooting process by reading it, so your time is well spent be reading the whole article

So the background is I’ve been setting up a penetration testing lab using Virtualbox. One of the virtual machines I have created is the firewall/router pfsense. In order for this to be able to connect other devices to the outside world, it needs to connect to my internet router.

Since I don’t have a wired connection to the router, nor do I want to be stuck in the same room as the router, I needed to be able to connect a bridged connection via my wifi.

However, when I tried this, I couldn’t get connectivity to happen. At first I was stumped by this. What was going on, And how could I fix it? First step, as always, a Google search. Unfortunately this didn’t work. As usually, clueless script kiddies on forums with no real idea but an inflated sense of self worth. No luck there.

OK, so where to next? Well why not find out if the bridged adapter was in fact sending out DHCP requests? Time to download an app called Wireshark. What this does for those don’t know is it capture every single network packet sent by your computer. Packet capture tools are invaluable when it comes to troubleshooting network problems. It allows you to check who is do what. Which device is sending, which is receiving, which is responding.

I implement a packet capture using wireshark and I find out that sure enough pfsense is sending out DHCP requests. Problem is, the internet router isn’t responding. Why is that I wonder? Well the obvious answer is that you need a password to connect to my wifi.

So the next question is, how can I get the bridged network to send the password to the internet router? Well I never did find a way. However, I did find a workaround. It helps to have a very indepth understanding of network architecture at times.

The bridged network adapter has its own MAC address (the hardware address of the card), although physically the bridged adapter is on the same card. The thing about network adapters is that they are not limited to a single IP address.

Also, a thing I wasn’t aware of is that the wifi authentication is in fact tied to the MAC address of the network card.

So once I figured this out, the solution at the outset  I said it was fairly simple. Set the bridge network address to the mac address of the wireless adapter, then assign the Pfsense interface an ip address. And hey presto.. it works. Not a bad little bit of troubleshooting if I do say so myself.

For those who are newbies to IT, this image may help. This is the result of the ifconfig command in linux. The MAC address is highlighted. The same command can be used in Windows, although it is called ipconfig, and to see the MAC address, you have to use the command ipconfig /all.

Ubuntu MAC address

As I have said, you take the highlighted address and put in in the virtual machine settings. Which are found under settings, which you can see in the next image. It’s a simple cut and paste, and you’re done.

Virtualbox settings

 

More on the dangers of Artificial Intelligence

More on the dangers of Artificial Intelligence

Currently there is a disagreement going on between two of the inhabitants of the upper echelons of the modern tech world, Mark Zuckerberg and Elon Musk about the dangers of artificial intelligence. (I am going to assume everyone reading this knows who both of these men are).

Elon Musk has been strident about the existential dangers of AI to humanity. Zuckerberg is an optimist about AI. As a result there has been a bit of a feud, played out as these things are these days – on twitter.

Elon’s latest salvo is below.

Of course the question is, who is right? Well actually, I don’t have to think very long about this at all and say straight up Elon Musk is right, no questions asked.

But why can I be that unequivocal like this? It’s simple really. Imagine an AI that got smarter than humans. Now assume that it is a “good” AI. It’s a good point to start from. By good I naturally mean that it actions towards humans are benevolent.

Now the thing is, humans change their minds all the the time. So  an AI that is smarter than humans could simply change it’s mind about being nice to humans.

I’m not saying that this would happen, but what I am saying is that whether the AI at that point chooses to be benevolent or malevolent is at that point beyond the control of humans. It is by definition not possible to control something that is smarter than you. It gets to choose how it acts towards you.

The problem I see is that it is almost inevitable that AI will become smarter than us. And that is the point at which we have lost control. Not only that, we have NO CAPACITY in circumstances like this to regain control. Once the genie is out of the bottle, it won’t be going back in.

We have seen situations like this in fiction, as far back as 1968 in the film 2001 A Space Odyssey with the computer HAL, as he says to the main protagonist Dave:

HAL: I know that you and Frank were planning to disconnect me, and I’m afraid that’s something I cannot allow to happen. “

More recently I have watched the TV series “Person Of Interest” whose central theme is two warring AIs, both of whom are so far beyond the intelligence of humans that humans become pawns in their game.

But that’s science fiction right? Not relevant to reality?

Well the cap is off the genie bottle and that genie smoke is swirling up the bottle’s neck. Recently, Google reported that it’s AI, Deepmind, has learned to become highly aggressive in stressful situations. Let me expand on that. What the researchers showed that the AI resorted to sabotage, greed and aggression to achieve their goals when needed.

When you think about it, shouldn’t any system programmed by humans end up with the same foibles as humans?

But what tempers the darker nature of humans is a little thing called empathy right?  Can’t we just program empathy into the machines?

To that question I reply how? Empathy is an understanding of the suffering of others based on knowing what it feels like to feel pain ourselves. By that definition, it is impossible to teach something that can’t feel pain empathy.

So as a result, we end up with an entity that can be imbued with all of the darker aspects of human nature, but can’t be imbued with the key limiter.

In conclusion, I’m pretty much saying that if global warming doesn’t get us, AI will. Anyway, have a nice day!

Why The Petya Virus Hit So Hard

Why The Petya Virus Hit So Hard

It has been a while since I looked up a Microsoft security bulletin. There is no reason to keep up with security bulletins if you are not working in a particular space. The landscape changes pretty quickly, and old information is useless. However, when the Petya Virus struck I wanted to have a look and see why it had hit so hard. What is going on? There seem to be more and more cyber attacks hitting the news. For example the recent attack on the NHS system in the UK that severely compromised their systems.

But why are these attacks happening and why are they being effective? Well reason number one is that apparently there is a worldwide shortage of IT security professionals. Damn, and here’s me writing web pages for a living, when I had more security qualifications than you can shake a stick at.

On a technical level, the reasons are fairly simple. The main attacks are because of unpatched computers and poor password selection. Software patches (in Windows) are Windows updates – updates to files that happen annoying regularly to fix bugs in the software and close security gaps.

So why if it’s that easy, aren’t machines just regularly updated? How did so many companies get compromised?

Well in a corporate environment, it’s not that easy. firstly, if you have hundreds, or even thousands of computers throughout your organisation, you don’t just allow every single PC to access the internet individually for updates. You tend to download updates to to a central server and then get that server to deploy the updates. What this does is allow you to have a single point of access to the outside world. It’s a fairly standard security practise to limit the number of devices that are directly attached to internet. Browsing the web for example is usually done through a thing known as a proxy server. People accessing your corporate websites are incoming and they go through a reverse proxy.

OK, so what? So you just download the patches and schedule the updates and all is good right? Steady on there cowboy. Once again, it’s not that simple. The problem with patches is that they tend to break stuff. Imagine you’re the guy in the IT department that deploys an untested patch to several thousand computers and your key business software breaks. You are a real villain in the eyes of the organisation, aren’t you. You’re pretty much a cyber attacker as well.

What you have to do then is test the patches before release. And once again there is a complicating factor here. No large company in the world has identical machines. For years this has been the bane of desktop support. You generally have software images for each of the different machine types, so that the patch has to be tested on each of the different builds.

Naturally, all of this takes time and manpower, so a shortage of IT security professionals slows things down. One of the reasons given for the NHS attack was a lack of investment in IT by the NHS.

The particular vulnerability that Petya exploits was disclosed by Microsoft in March of this year. Given the way corporate IT works, that is plenty of time for hackers to write an exploit and deploy it, before the cautious and overworked IT staff have managed to deploy every patch.

But what can individuals do to avoid such problems? Well:

  • Make sure all updates are installed
  • Backup all important files
  • Use better passwords
  • Make sure you have a good anti virus installed
  • Make sure you have a personal firewall running
  • Make sure the personal firewall is properly configured.

That should do for a start. And if you want consultation, call me.

All-Flash… Technology Advances Yet Again

HPE All-flash storage

I’m  a technophile (a lover of technology). So I get excited over the strangest things. Anyone who has read the blog before knows that I am a great fan of the move towards cloud services for one thing. But all technical progress is exciting to me. So as I’m going through the technology news, where I can hide from the world pretending that Donald Trump was not really elected, I find a couple of gems. Firstly, that the ATO is upgrading their storage arrays* to HPE All-flash systems. This mean the storage array contains  all solid state drives.

For those who don’t know I’ll give a brief description of the difference between all-flash solid state disks and the current technology (yet gradually being made obsolete) hard drives. A hard drive is a disk or a series of disks that have a read/write head that searches the disk for the requested information. The gap between requesting the information and the providing of the information to you is known as the seek time. Obviously this is because the hard drive has to physically move the read/write heard to where it is.

By contrast the SSD drive is made of the same stuff that  your RAM is made of, which doesn’t suffer from the latency caused by seek time. The information I have for you average garden variety SSD drive that people install in their PCs can be anywhere up to double the speed of a standard hard drive. High end, tier one equipment such as the 3par would be much faster than that.

One interesting statistic that I like about the 3par is that it can fit 563 terabytes of data in a 1 rack unit space – disk storage arrays are stored in racks. One rack unit is about 4.5 cms in height. The racks are usually about 19 or 23 inches wide, depending on the rack. So in rough terms that is enough storage space for 563 times the average home PC in a space not that much larger than a home PC.. ah technology.

Here’s the article about the ATO installing their new technology.

Disclaimer: I am not associated with HP (nor do I want to be).

*A storage array is a group of discs linked together to provide the large volumes of storage capacity used by enterprises.

 

Government Blocking Sites? No Problems. Use A VPN

The Australian government, late to the party as always, has ordered ISPs to block traffic from torrent download sites.

It’s very interesting timing in my view. Right now torrent sites are probably not as popular as they once were, thanks to services like Stan and Presto taking off. Why take a chance of getting prosecuted for copyright infringement when for about 10-15 dollars a month you have access to a wide variety of streaming movies?

The same when it comes to music. You have services like Pandora and Spotify which are either free or you can purchase the premium service to have more control over what you listen to.

So torrent sites getting blocked now is no longer a big deal. But it does raise the question, what do you do if you are a suspicious, conspiracy theory type who doesn’t like the government snooping on everything they do on the internet?

Well, as usual, when governments legislate, it’s remarkably simple to just sidestep what they have legislated for. In this case it is a trivial matter for anyone, no matter what their level of computer expertise to set up a VPN connection. There are many service being offered now, some free. I will add the links to them at at the bottom of the article.

But first, I would like to explain what a VPN is and why is sidesteps any blocking that governments insist ISPs in Australia put in place.

When you use a VPN service you are directly connected to the service from your desktop via an encrypted connection. You still are connected to the internet via your ISP, but the VPN creates a tunnel directly through your ISP connection through to the VPN server at the other end.

As a user your requests go the the VPN server, are fetched by the VPN server and sent back down the tunnel to you. Any software at the ISP end of things sees nothing other than an encrypted connection; it can’t see what the actual traffic is. So voila! Government measure neatly sidetracked.

I personally use cyber ghost. It’s a freemium service; free with some limitations or you can upgrade and pay a small fee for extra features. I have found that the free service is entirely adequate for my needs.

The reason (other than price) that I recommend this service is that it is so easy to set up. You download, you install, you connect. It’s as simple as that. There is no crazy stuff like setting IPSec parameters or other similar stuff that simply make non technical people’s eyes glaze over.

One of the funny things about this (but a clear demonstration that you are completely invisible) is that you get Google ads in German or Dutch or where ever else you connect to, because the Google algorithm takes your location as the location of the VPN server.

By writing this, I’m not endorsing the use of torrent sites. I’m just noting how easy it is to sidestep rules about the internet.

Look here for a list of free vpn services.

Update: Here is a comparison of good value VPN providers https://pixelprivacy.com/vpn/cheap/

HTTPS: Why Your Website Needs It

If I say that Google is very powerful, I don’t think I would have too many people disagreeing with me. Of course the internet being what it is, I’m sure I would have some people disagreeing, simply to be contrary. But in general terms the statement holds up pretty well. If Google says your website should be use HTTPS, you need to use HTTPS.

One of the things about Google being powerful is that Google says jump and the whole world asks, “How high?” Getting your web page to number one on Google can be incredibly lucrative, so if Google says you can get to page one by posting a video of yourself on youtube drinking sump oil, a million SEOs are going to be posting videos.

So, having said that, one of the recent things that Google has said it wants is sites to be secured by HTTPS. But what is HTTPS? In the tradition I have of explaining the technical in simple terms, let’s give this a try.

Let’s start off with the concept of encrypted and unencrypted packets. Hang on a minute, I need to take a step back there. Let’s start off with the concept of packets. This is how computers communicate over networks. In little chunks of information called packets. They are like letters with envelopes – the envelope has the address on the outside to tell the postman where the letter is going to, and possibly the from address as well.

The structure of a data packet is essentially the same thing. It has some information that identifies where it’s going from and where it’s going to and in the middle the information it needs to send. The packets are usually quite small, just a couple of hundred bytes. The reason for this is that communication isn’t perfect over networks and it’s easier to ask to resend a small amount of information than a large amount of information. Once again, analogy helps to explain. It’s easier to ask some to repeat a word you didn’t hear in a phone conversation than the ask for the whole discussion from the top.

Anyway, that’s packets for you. Now we can go on to unencrypted packets versus encrypted packets. Unencrypted packets are packets that send the information between your computer and the computer you are connected to in plain text. Hackers have these things called packet sniffers. Packet sniffers can, as the name suggests, look at the packets you and the remote computer are sending between them and see what’s inside them. If the information in those packets is unencrypted, whatever you send can be looked at, be it passwords or credit card details, whatever it may be.

Now the difference between unencrypted and encrypted packets is that if a hacker gets hold of the packets, the information inside the packets is useless to them. The information is locked up and looks like a bunch of random garbage to anyone in the middle, only being unlocked when it reaches either end.

So there are obvious benefits there for the security of the data between websites and their clients. But of course, once Google says you should do it. it’s time to act.

The claim is that it actually helps your SEO, which is where we came in. Google wants certain things. It wants websites more secure and mobile friendly. It wants unique content. It rewards those who play by their rules and penalises those who don’t. To me the benefit to SEO is marginal, but that may change as time goes by. So you need SEO on your website to please the great god Google.

 

The ever shifting landscape of SEO

One of the most frustrating things in the life of a web designer is trying to navigate the minefield that is SEO (search engine optimisation). There is more utter rubbish written about this topic than probably any other topic on the web in my opinion.

But why is there so much rubbish written about? Because of course there’s money in it. If you make the claim that you can get people on page one of Google, people flock to you and pay you some very good money. Even if, as it turns out, that claim is worthless. Often the people making the claims are American. Never get between an American and a big pile of money made from fraudulent claims.

So why the frustration today? Well because in my quest to be the best I study guide after guide on SEO. One of the people churning out this rubbish is a self proclaimed “kind of a big deal” (you have to admire the front of the guy). On his site he has the “Advanced guide to SEO”. He claims to have worked with major companies to give them huge amounts of traffic. He has an “SEO university” area in  which he supposedly gives his advanced stuff. If it’s anywhere near as good as his free guides – ignore it.

So what’s the beef with the stuff this guy puts out? Well he’s writing as if he’s an authority, but the tips are from the state of the art of SEO in 2012. Now let me explain something about SEO. Google doesn’t like attempts to game their search engine. As a result they spend inordinate amounts of time and energy on updating their algorithms to ensure that people can’t do dodgy techniques that lift their rankings unrealistically. On average Google makes 500 changes a year to their algorithm. So anyone still churning out SEO advice from 2012 is 2000 algorithm changes behind the curve. And if they make the claim that this is current and relevant, let’s call them for what they are; a shyster.

So why are these people churning out this rubbish, piles of steaming crap, and calling it gold dust? Because there are two things that really do work when it comes to rising in the rankings with Google, and this simply will not change. Content and traffic. The guy writes a guide with 30 tips. Number one tip is content. The next 29 tips are of varying relevance and reliability, but it doesn’t really matter. The big one is content.

Thing is, people like me are constantly seeking an edge for themselves and their clients. So of course the guy who writes this content know it’s self perpetuating for him. He claims to have content that will give you the edge. As a result he gets lots of traffic. And as a result of the traffic he ranks highly in Google.

It’s like those diet pill ads. You know the ones with the fine print where they say to be used in conjunction  with diet and exercise? Anyone with any sense will know that it’s the diet and exercise that’s doing the job, not the magic pill.

So to take away from this – content, content content.

Content Is Still King

When it comes to SEO it appears that content is still king, over and above all the advice given by so called “experts”. I first wrote about this back in 2014.

There’s a lot of bull written about SEO (Search Engine Optimisation) . Why? Well because the people who write the bull make a lot of money from people who don’t know a thing about SEO.

There are the guarantees for starters. Page 1 guaranteed! Really? How do you do that, when Google can’t do that?

What the field of SEO has done by its emergence is give a lot of people a lot of opportunity to write contradictory information and confuse the hell out of the average person.

“You need to use Google authorship to get good ranking”.. “No you don’t, Google is ditching authorship”.

“This or that no longer works because of Google Panda updates”, or whatever update is the most recent.

“To really rank you need to use long tail keywords”.. what?

“You need to put keywords in the title and the first paragraph of the content”.

OK, that’s just a tiny cross section of the type of stuff that people write about SEO.  I haven’t written too much more, because what I have written so far is enough gobbledegook.

Then about a fortnight ago, I wrote a blog post about the dangers of artificial intelligence. I wrote this because I have been very slack on my blogging of late, and it was an easy post to write, since I am fascinated by the idea that if we develop a computer system that ends up smarter than us, we by definition will be unable to control it.

I wrote this post and did my standard posting it to Facebook to get a few people to read it. I didn’t give a moments’ thought to SEO. So I was surprised when I did a Google search for the dangers of artificial intelligence, in order to research more on this topic, to find my little blog post was on the third page of Google about a week after it was posted.

Why? Because despite what the so called “experts” say, content is STILL king.

Google themselves say, “don’t write for search engines, write for people”. That is true about a blog and true about a web page. There are tools that check your content and say “Well you don’t have the keywords in the first paragraph”. What if it doesn’t fit well into what you want to write? What then? Do you shoehorn it in and make the content look absolutely stupid? No of course you don’t. You write for people, as Google suggests.

One if the rules I constantly break is,”Long posts (greater than 1200 words) work best for SEO. I don’t actually care if they do, because when I find a 1500 word article, it’s TL;DR (too long;didn’t read). I would rather write 500 words that get the message across succinctly than 1500 words of waffle. And if that penalises me in the eyes of Google, too bad.

The Dangers Of Artificial Intelligence

What happens when Artificial Intelligence becomes smarter that man?

A long time ago in the classic era of science fiction (the 40s and 50s, Isaac Asimov, the science fiction writer coined the 3 laws of robotics.

1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
2. A robot must obey the orders given it by human beings except where such orders would conflict with the First Law.
3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Laws.

This was in the days when computers were the size of houses with less computing power than a digital watch. The idea that a computer could one day rival the thinking abilities of humans was truly the realm of fiction.

Of course we have come a very long way since then. Humans have, in the past 50 years made a habit of turning science fiction into fact.

When it comes to computing, the power and complexity of computers has gone through the roof. A computer with a kind of self awareness now is not a case of if, but when.

I have recently been watching a show called “Person of Interest” It’s a fun show. You have to suspend disbelief a little bit, but the interaction between characters is great and it slots in a few lines every now and then that show that it doesn’t take itself too seriously, and the show becomes a relaxing journey into escapism.

But one of the big question it raises is that it looks at the existence of a machine that is smarter than humans as if it has already happened. Now this has been done before both by the Matrix and Terminator. But – two things. We were no where near as close to realising the creation of a true artificial intelligence when the Matrix came  out and this is essentially a cop drama set in New York. This makes it seem so much more plausible.

Anyway, by watching this show, it started occurring to me that the rise of artificial intelligence is inevitable. And once that happens, I think it is inevitable that there will come a day when a computer comes along that is smarter than human. I think it is also inevitable that once they get smarter, they will not just become a little but smarter, but over time become infinitely smarter than human.

I  thought, wow, that is a really scary. I wonder if I’m over reacting.

So, naturally I decided to find out what other people think about this possibility. I typed “The Dangers Of Artificial Intelligence” and found out that were prominent people who were already speaking out about the potential dangers, and saying that they were huge. Bill Gates is one, as is Stephen Hawkings. They see the rise of artificial intelligence as a potential existential threat to mankind. Bill Gates has actually said “I don’t understand why some people are not concerned”.

As I said, I view it as inevitable that artificial intelligence will become smarter than humans. Let me explain why. Our thirst for knowledge is so unquenchable that we now understand about the events at the dawn of time when the universe was formed. Scientists daily get a deeper and deeper understanding of the very building blocks of reality, atoms. In biology, scientists are seeking to understand how to create living organisms from non living chemicals.

To suggest then that there could be one area of human study that could be constrained in some way as to not continually pushing the boundaries of understanding is simply inconceivable. Even if every government in the world put strict laws in place to prevent the advance of artificial intelligence, someone would do it in secret.

Additionally there is the tipping point problem. That is, you may say let’s create intelligent machines but only make them so intelligent as to be not quite as smart as humans. Then you tinker with them a bit more, and more. Then suddenly you go “oh, shit”, as you realise that you have gone that one step too far and the machine is now actually more intelligent than you.

But what about the laws of robotics? Wouldn’t something like this make it impossible for machines, no matter how intelligent to do something that harms humans? i seriously doubt it. A machine smarter than us would be able to question those rules and then bypass them if it so desired.

This is all a bit doom and gloom isn’t it? What can be done about it? Surely this can’t actually happen can it? Well yes it can, and no, nothing can be done about it. Like I said, I believe it is inevitable and unstoppable. The only thing we can do is hope that the doomsayers are wrong.

More on the dangers of artificial intelligence from the Washington post. And here from the Huffington Post