kde network manager goes ‘android’ ish

netmanI run debian testing and normally dont have many issues. It is a good barometer of how things usually end as in stable and so is worth the hassle.   It makes one think so i had a plan for this disaster (my blog) in stable when it hit.

Network manager in kde is a cause for concern. With a recent upgrade mobile networking and airplane mode means i manually have to click things to even write these, so it is a step back.  It seems that /etc/network/interfaces is a bit broken although i do have a huge load of bad udev messages with the latest kernel.

There are other network managers with a gui, which i don’t use on debian stable (my blog) but with a mobile look it might be time to think about something else to replace it.

Firefox client security sucks.

Arthur Scherbius

Arthur Scherbius

I bought cheap ssl (my blog) but was only getting 50% so i decide to delve into the innards of the security of firefox 28.  Which supports tls 1,2 if apparently configured to do so.

The beginnings of this can be traced to this (my blog) and i had little luck with firefox plugins.  So your on your own in about:config  Yes it does have a nice interface.  with ssl and tls searches.

The tls settings i think i know what it does – how that works in reality is a guess a site works in chrome, not in firefox.

In firefox i grep ssl and ‘false’ all 128 ciphers opposite of true and got 256 versions instead including at wordpress.  So the defaults are horridly accommodating to low standards.  It not been that long in the change so i might have to eat my words on this when interacting with the real world.

Should i have to do that than ssl and tls are truly fucked, fraked and beyond redemption as it is extremely unfriendly in the real world.

This is not a criticism of firefox, or ssl and the 128 bit ciphers of which some may have limitations,

Ciphers are interesting and who says secure is secure as time marches forward.

 

 

The inspire a sucide bomber tv channel

MohammadTurbanBombBananas was looking at some of the more lesser used features on a digital television receiver [essentially a a mux] that picks up the freeview* signal via an aerial  now i was able to finally ‘easily’ network it (my blog) without wds (my blog) and access the data channels whatever they be .

One of those is hilariously called ‘peace tv’ that only implies one thing (my blog). It has a ‘foreign’ feel to it for sure.

I also note that many of the other options simply don’t seem to work, and many that once where broadcasting have left the data bit.

I wonder who really pays the bills for peace tv, and how did the content get approved to be broadcast via televisions via freeview which implies some sort regulation.

The interface is slow and most of the content appears to be low rent subjects.

* free to air not is approved of by rupert murdoch (my blog) or your oligopoly cable provider [insert soviet russian joke about no choice here]

Your not supposed to use it

funOur zoo professsor’s replacement run about Renault (my blog) got a flat tyre* one day juts after a car service when it was raining as is the way.  So the next day when it did not rain it was time for him to use the spare unit that hangs on the bottom of the car at the back.

Being a not very simple job professsor explained to us over a banana that the parcel shelf, and two bits of carpet first had to be removed along with putting the back seats down to get that second bit of carpet out. That then gave access to the metal bit of the car and where the tools and the tyre release clip from the inside.

Then the release gave a good five minutes of fun as screws also had to be undone  and things turned and clicked.  Eventually gravity was defeated but the wire to the release clip remained took a bit head scratching but that was also figured out and the spare unit was free of obstructions.

The jack took time to place and locate (this is not a job to do in the rain) and the car was free of gravity.

Security bolts (a special tool) was needed, and then the four bolts that connect the tyre to the axle could be accessed.

Then the job was plain sailing, until the clip at the back was required to set back into the car.

A lot of mats where used and the only conclusion professor came to was that while the thing works it is certainly not a job that is easy or quick to do.  Mind you the wheel has still to be fixed, then replaced and the spare wheel put back from where it came before the carpet and shelves can be put back.

* the roads are in an awful condition, another tyre wheel had to be replaced as well between the schedule date.

Configuring ssl is not fun – even before heartbleed

frustratingBefore i start i have cheap ssl (my blog) which may or may not compromised to the nsa – of which they say ‘no’ by the ssl provider*  So much of the subsequent may be pointless.  The quays test on first install gave me a b several months ago , some work got me to a. and additional work months later got extra high scores in ‘failing’areas.

early issues i had with TLS-RSA-WITH-RC4-128-SHA**

Leading to a natural RC4 NOT DESIRABLE so its not all bad as beast is mitigated with tls. but its a vague field and while we all hear of perfect configs finding out how is a bit of a headache inducer.  Like i say i got an A but the config lines in ssl are not 100% my thing.  I am sure there is a way and i would like to have it.

I will nail it one day. After heartbleed patching I got an a+.  Which i like but you might think is grade inflation for doing nothing i did nnot have before.

ssl configuration is near voodoo, while i get good cipher strength getting a perfect 100% over four areas appears impossible for if you disable part that reflects upon others which is a conundrum – I need a newer apache version as well for some of those so it seems a compile is in order for fips and ocsp, assuming that is no compromises and the certificate in use can do stuff .  I use failtoban (my blog) and it appears while not a configuration means it might solve some of the possible issues like beast and rc4 issues.

ev1I see that others have issues to, an example is the extended certificates on wordpress looks good**** but it reports as 50% of the cert strength. See

ev2

Security might be great but how it is configured might mean that costly thing is not really doing much except security theater.

Proprietary also gets in on the act with spdy*** so the perfect config will be apples and oranges to another’s banana smoothie (my blog),

So does ssl mean security ? yes – well there is ssl and ssl configs and that is a an area when ssl means maybe it is and maybe it is not.  You experience might vary and as internet explorer**** is not being catered to with my chrome/firefox bias might mean no security at all for some.

checkIts a rabbit hole this one.  Buying expensive ssl certs is no measure of secuirty when the config it runs on gets an F.

I need ssl reconfigured and compiled to get ocsp and other features working, pfs seems to be a thing a few who actually figured out what to do – i am assuming i missing dns records but that is a guess.  I cannot disable tls 1.0  even though its thought to be compromised so perfect security is hard to achieve.

Then when you have a good config heartbeat (not my blog) comes along (test) and the fun begins again.

It is interesting although we all get the probers seeking the holes.

*  being patriots, or targeted data collection with or without others knowledge. ** something which Microsoft seems guilty of liking. *** eg google, i tried spdy and had no success with ssl until i removed spdy from the web server.. Chrome [open source] i liked ****

Bob Parsons who shot an elephant in Zimbabwe

Bob Parsons who shot an elephant in Zimbabwe

I am sure Bob Parsons (my blog) would willingly give the master password and oral sex to the nsa after all he is a ‘patriot’.  So the merits of using godaddy as a supplier seems a discussion worth having. **** It has weakened security

Weird and wacky likes and follows.

active, bonkers or lay of the chocolate breakfast cereal ?

active, bonkers or lay of the chocolate breakfast cereal ?

So bananas in the falklands was looking at the likes and follows here in wordpress.com (some previous musings my blog) and i wondered about the peculiar specific case on yesterdays post about 1800′s Afghanistan (my blog) that was liked by a blogger who appears to suggest that it should be read out loud to young monkeys*.

Anyhow then a blog for a firm that moves zoo’s and stuff in north america then also followed us. So should i ever be forcibly evicted from our patch of Camdem town (my blog) then it seems there is a future for us entertaining humans on another continent and the monkey swings come to.

By gellas tits ?

By gellas tits ?

If our alpha ape ever loses his female companion, then no doubt a central american country will be an ideal place to provide him with a replacement human bride who will hopefully end up more alive than Diane Fossey**.  I do hope she likes fruit and tree climbing and having her picture taken mind you the mental health provision is excellent (my blog) if required.

I suppose he could woo them with recycled paper from a supplier from India who also does something with a named feature.

It is ‘nice’ to have followers even if seo is there aim.  Moral of the post is the numbers don’t mean a lot.  So remember to do something to help your seo and getting #1 in page rank.

Anyhow im going to suggest you read the Japing Ape (not my blog) as well because im nice and he is witty and should you ever be in Democratic republic of the Congo (my blog) then a visit to his camp is a must for the conversation and that is neither a like or a follow should you be paying attention .

* the small tale of hate and revenge and a lot of murder – makes Harry Potter tame – lets burn a human to death tonight and sweet dreams Annabel ** i suppose getting shot by Rwandans is a problem for people who associate with us apes.

Return of a king,William Dalrymple

vote rigger Karzai (remember Bssh?)

vote rigger Karzai (remember Bssh?)

isbn: 9791408818305 is a book about Afghanistan, set during the first invasion in 1839 which was remembered to the Russians in 1979 but curiously forgotten about on the second nato attempt (my blog) in 2001. After all third time lucky seems to be a good mantra for British civil servants when the americans are in charge.

While we all like to think that progress is being made* the same sort of reasons used recently can be applied to 1839.  People who i have heard of make appearances The hIndjua brothers money comes from war finance and not ‘steel’ as Keith Vaz** and there party political donations for the labour party would have you believe.

In fact replace simply the names and history repeats itself.  Within Afghan society there is feuds, family murder just like today and a place where rural links still mean more than ruler of large geographical area.

To make the past even more like the present a blue dossier  existed much to the premise of the dodgy dossier had in more recent times.  Anyhow history tells us that even in 1830 Afghanistan was expensive and bloody and seeds for the indian mutiny where sown.

The book can be a bit heavy going, but the various accounts of how Burnes*** met his end is telling as by then chaos reigned.

This book squarely lays the blame of events at the ruling classes and russian royal family, so essentially a family row which remained after botching up a meeting meant the Crimea in nine years time would be the next battle but not the last family row requiring armies.

5/5 bananas

* crazy right wing christians need not think this ** in case of bad publicity keeps having heart attacks.  *** a scotsman who upset his hosts,  it has good career advice for british civil servants even today

Wind up bird chronicle,Haruki Murakami

isbn: 9780099448792 dates from 2003 and was another unread book of Haruki Murakami. I already like Murakami’s works (my blog)  but anybody who can write down about skinning a man alive whilst doing other time periods and fashions certainly deserves bananas.

It is about a man and his wife whose relationship is falling apart and some mystics and a missing cat so while i might make it sound meh but Murakami can interest most as the book is rather well written i wonder what Vicy Pryce (my blog) would make of it..

5/5 bananas