Using BIP39 to create short pr0n stories

BIP39 is a catchy name for a way to make great big long random numbers easier to write down and enter. It emerged from a need to back up the private and public keys associated with crypto currency wallets. Many of the common coins use BIP39.

BIP39 is a set list of 2048 English words which are written down one after the other to make a backup of your crypto currency keys. Not only is the wordlist fixed, but also your key is always exactly 24 words long. The last word is a check word to make sure that the rest are correct.

What makes BIP39 really clever is that although it’s only 24 words long, further extensions to the standard such as BIP32 allow it to be used to deterministically generate not only the keypair but the receive addresses too.

For extra cleverness, because blockchain, you don’t need anything else to recover your worthless crypto tokens, so those 24 word nuggets are pretty awesome.

Ok, that’s BIP39: Smart, no?

We all do stupid things, yes? I was backing up my Chia wallet words and talking with a mate about how much entropy (randomness) there is the BIP39 standard (hint, there is a lot!) and what possibilities might be given the word list size is and we discovered that the word list does just about include some verbs making some stories and sentences just about possible if you squint.

A quick google showed a Rule #34 violation and so it became necessary to write some smut. Bonus points awarded for making the story 24 words long and actually being BIP39 compliant – you can use it in any client that uses BIP39 to (re)generate keys from wallet words in this way.

Here is my first attempt:
gym fit pretty nurse split beef curtain quick index finger plunge front bottom wet slide nest weapon into crack shiver decorate crack nut receive

And if I whack those recovery words into (for example) Goji, we have a real key pair.

image of a goji private key
Please do not send Goji to xgj1ta95r52cfc5nhgs3m0wlcf06fg8mzt3du3tkmwkpp9mfmn0lmv6qfv0ewa as anyone can get it. Kthnx 😉

Think you can do better? Knock yourself out and let me know! The BIP39 wordlist is here.

You will also need a validator to help you with that last word which contains a checksum. Ian Coleman has a great tool here.

Have fun and for the sake of fuck, do NOT use the keys you generate for anything other than fun – they are essentially worthless as an entropy source, especially if you tell anyone!

Other attempts:
gold hair fantasy girl kiss pole give great head plunge tube steak into amazing ginger box blast nut butter over blouse bird cry clap

lonely young boy huge rigid horn spend all term try two destroy girl crack little success because girl prefer girl action during school shy

It does not all have to be pr0n – see if you can identify these movies:
spoil girl holiday camp family meat nice man fun dance girl two baby trouble doctor dad repair exotic girl dance lift dad proud match

black square box earth monkey evolve rocket travel planet space man machine destroy man lock man outdoor ugly sing scene mind

hard work copper visit wife december party man gun open vault steel gold cream evil man save hundred life man fall outside window winter

SpaceX Launch Nice to See

Here are a few awesome things that it would be nice to see for SpaceX launches.

Follow the second stage
SpaceX have a responsible attitude to space debris mitigation and they de-orbit the second stage after deployment. It would be awesome to follow the second stage into the atmosphere. We do know that the second stage has a camera on board but we don’t know if it has the battery capacity or downlink capability to transmit as it comes back down towards the Indian Ocean.

See inside the tank
Every now and again, SpaceX give us an accidental view inside either the fuel or oxidizer tank. It looks amazing and it would be great to see a longer view of that view, maybe even while the engines are burning!

Follow the Fairing
We don’t know what if any telemetry capabilities the two fairing halves have, but following them down would be an amazing ride!

Stage 1 Telemetry
It would be pretty cool to have a view of the stage 1 telemetry after separation rather than following stage 2. Stage 1 goes pretty high and comes in pretty fast, it would be great to follow it all the way down one day. Update: This now happens!

Kerbal Space Simulator: Starlink

It seems that we will all have low latency, high bandwidth internet soon, regardless of where we are on the earth, all courtesy of SpaceX and Starlink. It seemed like a good idea at the time to make a Kerbal representation of the constellation just for shiggles over the xmas lockdown.

Step 1 – Design the bird
Rather than start from scratch, I had a search around (similar to a customer looking for a satellite bus format) and found this video from Gameplay review UK. After some messing about we end up with a lovely flatsat layout with a gigantor array and xenon power.

Our bird is designed flat so we can launch a stack of them. we base it on the OKTO2 and add mechjeb2 for additional control plus a reaction wheel for in service orientation (our normal orientation is radial out).

Launch weight is not too much of an issue so we have a full xenon tank and around 1200 delta v – enough for many years of faithful service and orbit raising.

We simulate the Starlink service with a pair of antennas – the Communotron 16-S for C&C and the folding SG-5 for the user internet traffic.

We put a Z100 battery pack on board so that small DV adjustments (<10 m/s) can be made even on the dark side of Kerbin. A couple of flat solar panels each side of the sat give us emergency power to deploy the gigantor.

Considerable tweaking is needed to get the COG aligned with the xenon engine.

Starlink satellite based on the Gameplay Review UK design. Constructed with stock parts with the addition of MechJeb2

Step 2 – Testing the bird
I built a SSTO rocket and fixed one satellite to it – we’ll call this the TinTinA launch. Launched to a nice low 100km orbit, the satellite works great – it’s controllable and maintains power throughout it’s orbit and has enough electricity for small DV changes. we have just enough DV in the booster to deorbit and our orbital debris is zero.

TinTinA prior to deployment. The booster and bird both have OKTO2 and Mechjeb2 controllers so they can both be deorbited to mitigate orbital debris.

Step 3 – Orbital Parameters
Starlink orbits at 350km and at an inclination of 53°. Our constellation will use identical parameters even though that’s a much higher relative orbit. Looking at the offsets around Kerbin, we need to launch at around 7 minutes 30 offsets – this gives us about 49 separate orbital planes to fill, or around 2500 separate satellites (EEK)!

Step 4 – Extended orbital test programme
Extending the TinTinA launch, we send up 48 further single sat launches to test the concept and test the coverage. Again, we set these launches low, but to the correct inclination. This is successful and after the testing is complete, all test artefacts are deorbited.

Testing the planes with further TinTin launches.

Step 5 – Testing the stack
The first stack design is built and tested as a two stage to orbit dispenser. We release all the sats at once and deorbit the dispenser. This first attempt of 24 birds is messy – using the SpaceX technique of allowing the set to jostle a bit results in a few damaged birds – typically the gigantor array. it takes quite a while to deorbit the failed satellites using only the tiny fixed panel. Another problem with the all-at-once dispenser is that the satellites disperse too unevenly. Because they have to be individually positioned, they drift a long way in the orbit it takes to position each one.

The SpaceX technique to release all at once and let them spread is pretty messy

Deorbiting the failed birds gives us a chance to test that they burn up completely in the atmosphere. They don’t, but it’s a bit late to do anything about this. As we have lot’s of delta V, we’ll try to controlled deorbit them into the ocean. Luckily Kerbin seems to be very sparsely populated.

The stack is redesigned slightly to release them individually and we try again. Now we have a stack of 38 on a two stage configuration.

Testing the stack configuration with an SSTO configuration.

It turns out that this is still a very messy configuration – the dispenser is aligned to prograde prior to sat deployment and then the idea is that the satellite can boost away from the 330 deployment orbit to the 350km operational orbit, but the stack is upside down and so there is considerable delay while the bird clears the stack far enough to invert it and deploy the antenna and solar array.

There is also a problem with the supports: many support struts were needed to prevent the stack flopping around and these were not all applied from the dispenser to the satellite. On separation, any bird with the strut base is unstable under thrust.

Step 6 – Testing one orbital plane
Testing the deployment of one entire orbital plane is hard work – we are working with a version one stack and so they are all upside down. Some of them have the detritus from the support struts and this means that they don’t produce thrust through the CoG. It takes about 8 hours (real time!) to deploy and we hit another snag: The last two birds are not on separation rigs and so are permanently attached to the dispenser. Another redesign!

Deployment process
Checklists for the win! It’s really easy to miss a step in the deployment for each satellite and as there will eventually be 2500 of them, probably important for a repeatable list.

Launch
Launch dispenser to 330km
Circularize
Check and adjust plane and offset from
Tune Apo and Peri to 330 exactly

Planning a train
The deployment process for each train needs careful timing and coordination – satellite spacing in the plane is determined by timed release of each sat. Once you have the apoapsis and periapsis well sorted and the inclination is solid, you need to warp to ‘dawn’ from the dispenser point of view: You are going to release the bird, boost it’s apoapsis and then circularize half an orbit later when it reaches apoapsis. you want to make sure bot of these happen in sunlight. After circularizing, you will flip back to the dispenser and repeat the exercise and so it should all be happening in daylight. If you screw this up, the whole train will be launched at night and the power budget is very tight!

The UT between each deployment is 30 minutes. That gives you time to release, align, raise Apo, wait for apo, circularize, rinse and repeat. Just. Every few launches, you will want to adjust the dispenser apoapsis back to 330 – those constant prograde sat deployments cause the dispenser to slow down!

Hints, tricks and tips
Creative use of the different ship type icons can help finds ways to declutter the screen *ahem* when in Tracking station and Map view. Perhaps use one for the dispenser, one for birds that have been deployed but not fine tuned, another for fine tuned, Another for on-orbit spares and another for the head of each train.

Name each satellite according to the launch, the plane and a unique number. I use starlink 430-33 where 430 is the launch time UT and 33 is the position in the train. I add ‘HEAD’ to the reference bird in each train and give it a different icon.


Each Starlink Sat Deployment
Point dispenser prograde
Select Sat
Deploy solar panel
Deploy Sat
Switch to Sat
Check naming
Unfold antenna
Activate engine
Switch on attitude hold
Align prograde
Change the Engine Max thrust to 50%
Use Mechjeb manoeuvre planner
Select ‘Change Apoapsis’
Select 350km (or whatever this train operation altitude is)
Select ‘After a fixed time’
At the appropriate time, hit ‘create and execute’
After the burn, use Mechjeb manoeuvre planner
Select ‘Circularize’
Select ‘at the next apoapsis’
Select ‘Create and execute’
Select 5% max engine power after the circularization burn
Minor apo/peri adjustment (no warp!) – Leave this until later!
After circularization complete orient ‘radial out’
Switch back to the stack and repeat.

Post Deployment Dispenser decommissioning
The empty dispenser is now useless. If you have not needed all the birds, keep the dispenser on orbit to keep them together. If keeping the dispenser, probably raise it’s orbit to that of the main plane for collision mitigation.

To deorbit it, you have choices. If you included chutes, you may want to go for a land return at KSC. It does have enough DV for alignment but not a powered landing. The dispenser is unlikely to survive re-entry unless designed quite carefully – it’s as aerodynamic as a house brick. Conduct your own risk assessment! Otherwise use Mechjeb and pick a nice uninhabited spot in the ocean. Bear in mind that a return to KSC from a 53° inclination may require a long warp.

You could of course boost the dispenser into deep space or go for a graveyard orbit. You may have the DV for either of these, but they are not very SpaceX!

Deployment Fine Tuning
Change the engine power to 5%
Orient prograde or retrograde as required
Warp to apoapsis -10 seconds or periapsis as required
Tweak orbit to 350km x 350km exactly. A couple of meters is acceptable. you may decide, based on your own collision avoidance measures to put each train at a slight different height, say 100 meters separation on each orbital plane. This would be the right time to chose that number and start tweaking.
Deactivate unused equipment (engine) to prevent any power drains and accidents. You may be able to deactivate mechjeb and other systems.

Respositioning
<to follow>

Gallery

This bird does not seem to be burning up on re-entry

Best DNS jokes

We all need a good geeky DNS joke now and again, right? But they seem to be a little rare. Not even a CNAME to a good joke. So here are a few I’ve collected.

Google for DNS jokes. Mine is the best one ever. AAAA records or it never happened. (TS)

I had an issue writing a joke about DNS – It’s resolved. (GM)

Such jokes may be spoofed or result in poisonings. (AC)

All too often I try to be authoritative but find myself being recursive. (AC)

Why would I join in with these DNS jokes? Just because ICANN. (GD)

That seems a bit MXd up. (AC)

This certainly propagated quickly! (MJ)

The USA 2020 Election car-crash is finally over

Finally, the small-handed orange wank-hammer is out. The electoral college votes have been cast and he is out baby, out.

What better way to celebrate than to give each American a unique insult to sling at the dangerous combovered pussy-grabber.

So this file has 331,002,651 unique insults which is the population of the US according to the UN. You are very welcome.

Download the epic insult file here. All these insults are unique. Most are very offensive including the c word. Some are not a great fit for Trump. Most are. It’s a whopping 3.4G so you can also try a small 1000 insult sample here.

Cheers!

Cost of Contraception?

If you’re a man, you’re likely aware that you’re expected to pay a fair amount of money to get a vasectomy. But if you’re a woman, you might not be aware that you’re expected to pay — and a lot more — for an IUD.

In this post, we’ll take a look at the costs of different types of contraception. We’ll also talk about the differences in cost between the types of contraception available for people of different ages and incomes.

The Cost of Contraception

Before you can get pregnant, you have to get rid of the sperm cells in your body. To do that, you have to take a pill.

There are three types of birth control pills: the hormonal option, the copper-based option, and the copper IUD. Each of these has its own advantages and disadvantages.

For example, the hormonal birth control pill, which is used by about 10 percent of all women, is considered to be one of the most effective forms of birth control. It’s the only type of birth control that’s effective for up to 20 years after you stop taking it.

Also, the hormonal birth control pill has the lowest chance of causing what’s called breakthrough bleeding, when the estrogen levels in your body start to rise. For this reason, the pill is considered the most effective type of birth control.

The Battle Of Fredricksburg

One of the enduring mysteries of the Battle of Fredericksburg is why the Union Army, led by Gen. George Meade, did not commit a single casualty in the battle of October 1, 1862. The battle, which killed an estimated 300 Union soldiers, was fought on the second day of the Battle of Gettysburg, which was fought to a disastrous conclusion.

The Battle of Fredericksburg was the last battle of the Civil War, and the last major battle fought in the Carolinas. After the Union Army’s capture of the Confederate capital of Richmond the following year, Meade ordered the Army of the Potomac to begin the retreat from the battlefield. The Confederate Army was commanded by Gen. Jubal Early’s Army of Northern Virginia.

Early’s army, which had a large contingent of African American troops under Maj. Gen. Joseph E. Johnston, was the largest adversary of Meade’s Army of the Potomac. Early’s forces were reorganized as the Confederate States of America in 1864 to create the Confederate States of America.

On October 1, 1862, Early’s army attacked the Union Army’s positions at Fredericksburg with a force of nearly 3,000 men. Early’s army was led by General John C. Breckenridge. Breckenridge was also the commander of the Union forces at Fort Donelson.

While the Union Army was within a few hundred yards of the Confederate position at Fredericksburg, Breckenridge ordered Major General John P. Gordon’s cavalry to halt and take up defensive positions at a point approximately two miles away. Breckenridge ordered the Union cavalry to attack at dawn and break through Early’s line. The Union cavalry attacked at 6:30 a.m., and the Union infantry attacked at 7 a.m.

Like the Union Army, Early’s Army of Northern Virginia was composed primarily of African Americans. The Union Army was commanded by Maj. Gen. Jubal Early’s Army of Northern Virginia. Early was African American, and drew his troops from the state of Maryland.

Early’s army was led by Maj. Gen. John P. Gordon, who was also African American.

The Union Army’s attack was a flanking maneuver. The Union cavalry attacked from the rear, overrunning Early’s infantry in the process. Early’s cavalry charged the Union infantry, and the Union infantry was forced to retreat to the rear.

One of Early’s officers, Maj. Gen. John Logan, was killed in the initial attack. Logan was Black. The Union Army’s first casualty was Maj. Gen. Horatio Gates, who was killed at Fredericksburg in the initial attack. On the second day of the battle, Maj. Gen. John G. Meigs was killed when his horse was shot. On the third day, Maj. Gen. John Buford was killed in the fight.

In the battle of Fredericksburg, General Jubal Early’s Army of Northern Virginia lost more than 1,000 men, including more than 500 killed. Early’s army lost more men than any other army in the entire war in the Battle of Fredericksburg.

The Confederate Army’s second-last casualty was Maj. Gen. Jubal Early’s Army of Northern Virginia.

The South Carolina Historical Society describes the Union Army’s overall performance in the Battle of Fredericksburg in a pamphlet, The Battle of Fredericksburg. In the pamphlet, the Southern Historical Society of South Carolina describes the Union Army’s overall performance in the Battle of Fredericksburg as lackluster.

Amazon to start selling Lara robot worldwide

At an auction house near London’s Chelsea Football Club team dressing room, U.S. online retailer Amazon.com Inc is preparing to start selling a home-built robot called “Lara,” based on a smart home platform developed at the University of Westminster.

Amazon, whose self-declared goal is to provide products for anyone regardless of their skill or means of payment, is investing hundreds of millions of pounds in so-called “E2E” (everything2ede) technology projects, which aim to bring the internet of things to more homes and make a broad range of goods – from food items to medical devices – wearable.

But selling kits from a computer game at a fancy auction house will push LARA into a much wider global market, by giving it an emotional hook that technology companies can use to hook customers – a crucial step in luring them away from traditional retailers.

The U.S. firm, which is focused on growing the market for its home-grown products in Britain, will also send one of its senior vice-presidents for research and development to London on Friday to show off how its technology works, two employees said.

The device is the brain behind a virtual smart home home where shoppers can control key parts of the appliances and devices to match their personalities and lifestyle. The self-styled “Lara” is available for pre-order from Amazon and is expected to ship in May.

It is the latest example of how U.S. technology companies have found business, or come up with alternatives to the traditional electronics outlets. Apple Inc has used an online subscription service to sell customers its latest products, while Samsung Electronics Co’s Galaxy S8 phones are being sold directly by the firm and not only online, as was previously the norm. Twitter Inc is also looking into bringing cheaper advertising to home-grown firms.

Amazon said it was focusing of LARA in the United States because of Britain’s regulatory environment in which it did not have to register itself as a self-employed seller with the UK’s General Data Protection Regulation (GDPR).

“We have a strategy for future growth, which always includes having a more strategic relationship with our platform,” said Ashish Jha, who is heading up Amazon’s new E2E strategy.

Churchill and Trump at odds on Ukraine

If war takes place, there is almost certain to be an air campaign. “It was only a question of time,” he said.

The two wars that Churchill predicted and was told by his confidential assistant after the German blitzkrieg of 1941 – Spain and France – failed.

The former prime minister gave little sign of how he would judge Donald Trump on Sunday, saying the US president-elect’s policies were yet to be put in place.

His concerns about Trump’s stated support for Ukraine’s president, Petro Poroshenko, are well known.

In the wake of Poroshenko’s January 2015 visit to a US military base, during which he was photographed with Trump advisers, Churchill made the claim that “the whole process is becoming confusing as to whether President Trump intends to follow up on his promise to take Ukraine out of Russia’s sphere of influence”.

“On January 21st the world will know whether Donald Trump will turn out to be a President for Germany or for Europe,” said Churchill.

• This article was amended on 9 January 2017. An earlier version referred to Donald Trump’s alleged offer to sell Ukrainian assets to the Kremlin while Poroshenko was visiting the US, not a promise of his support to Ukraine’s president.

Churchill
Photo by Marcos Pena Jr on Unsplash

My favourite recipe: Gajanna Rolls

Title: GAJANNA ROLLS
Categories: New, Text, Improv, Sauces, Kooknet, Pork
Yield: 60 Servings

1 1/4 c Shredded low-fat yogurt
1 tb Olive oil
— (prunes)
1 md onion, thinly sliced
1 tb Low fat plus 2 Tbsps Thin
8 Cloves garlic, minced
2 tb Minced garlic

Prepare the fungus; half with electric mixed rice. Place each one-mouth
only inner didner sprigform pan and broil 5 squares. Top with the onion
and flour. Combine the flour, salt and pepper in a large skillet (an
oven, stir). Cook over moderate heat, uncovered, until the vegetables
are crisp. Add the lemon juice, water, and vinegar. Bring the bottom
to a boil. Beat cornmeal with one tablespoon leaf and salt to the
pot. Stir into frozen lemon, grate half an electric mixer to the
egg mixture; stir in the green onions, and 3/4 teaspoon salt in
the floured gize portion of the water and stir constantly. Place the
margerine with the dry beef mixture over the coconut milk and
sour cream and flour. Season to taste with salt and Pepper until
smooth and stick. Brush remaining 8-inch round edges of a relish
with a pinch of cheese. Chill several hours before rolls. Season
with sauce and frozen appropriate made ahead. Nutrity to the sauce:
the salad and leaves.

Addressing the post Brexit transition insult shortage

With our Brexit ‘Oven Ready’ deal eaten by the dog, we have exited the EU. The almost equivalent to a no deal brexit chased along a short while later, after a short period of mourning. Sorry, transition period.

Transition period in this context equals the European negotiators basically saying over and over again “Are you sure this is what you want, are you REALLY sure because it sounds like madness to us”, and the UK negotiators shouting “LALALALALA”.

Anyway after the end of December 2020, along with food and energy, insults and expletives were stretched to breaking point. “Where is the fucking food” and “Turn the fucking lights back on” wore thin after a few months.

To this end, along with the return of food stamps and blackouts, TurboTas has made for you an insult generator and an expletive portmanteau generator to start you off when you desperately need food, insults, expletives and water.

Be aware that like Brexit, this service is very stretched, so you are advised to save up insults and expletives now along with rice, pasta and drinking water.

Don’t fear: the government arranged for Financial Services to be in extra supply, so you can enjoy a delicious nutritious menu of pension scams, insurance fraud, with a side salad of credit and bank charges. Om nom nom or bon apetito if you are posh.

The insult generator is here and it generates very rude words. You have every right to be offended. If you want to play with the options, you could try ?help and turn on very very rude words and maybe try insult specific people.

The Portmanteau generator is here and also generates pretty rude words. The Portmanteau generator can help you come up with expletives. As with the insult generator, you could try adding ?help.

SonOpen – the Open source Sonos replacement

Open source drop-in version of Sonos without the end of life problem. PLANNING. It would be wonderful to use Sonos hardware!

Mission Statement

Many people have spend thousands on their Sonos systems. With good reason because it’s a great system. It passed the ‘Apple’ test in that it ‘just works’.

In January 2020, Sonos announced that some of the products would be obsoleted and would stop working. But much more than that, any systems with those obsolete components in would stop working. This is a terrible descision. The functionally identical equivalents cost hundreds. Sonos quicky undertook some corporate spin and backpedalled part of their announcement, but they didn’t undo it – they just watered it down.

This has caused many to wonder if another way is possible? this project may never write a line of code but it has lofty, but simple goals:

  1. Drop in replacement for Sonos. Support music libraries and streaming services. Support the same file types. Must have smartphone app and desktop controller app.
  2. Must (somehow) support real Sonos hardware. The easiest way to do this is to stream to the devices. The (much) harder way is to replace the proprietary firmware with open (linux) firmware and software. The mid difficulty solution is a hardware mod, for example to use the amp, PSU and speaker and drop in some other hardware (like an rPi).

Easy problems

Accessing music libraries Making a datbase streaming content to existing sonos devices

Medium problems

Making smartphone and desktop apps. Deciding on local vs distributed music database

Hard problems

Running custom firmware on Sonos timing different speakers playing the same thing.

Moral Problems

Sonos is a closed platform. They may not appreciate reverse engineering their hardware. Maybe they have legal protection. If the hardware reverse engineering sub-project is sucessful, then an even trickier problem is what to do with units in recycle mode? The moral problem is that the owners of these units have received discounts off new hardware in return for bricking the old ones. Sonos will argue that they should not and must not work. If we get as far as dumping flash from a working Sonos unit, can we return a recycle mode unit to (native) Sonos operation. Should we?

TurboTas January 2020

Project is here: https://github.com/turbotas/SonOpen

Poxy Vodafone

It’s always hard to cancel a mobile phone contract, but I never thought it would be so hard just to cancel a pay as you go SIM data.

I’ve measured what I got done while this chat was dragging on:

  • Written a blog post
  • Edited a photo Album
  • Cleared down my email
  • Watched a Game Demo video.

Vodafone: Thanks for choosing to chat with us. An agent will be with you shortly
VOD-PRajawat1: Hi, how can I help you today?
Toby: Hi there, I have two Broadband Data PaAYG SIMS – I’ve not been using both of them so am trying to cancel one of them, but navigating the website is a real PITA
VOD-PRajawat1: I will certainly help you with that Toby.
Toby: great, thanks
VOD-PRajawat1: Welcome always there to help you .For security reason, Could you please confirm your 1st and 2nd digit of your account PIN?
Toby: x x
VOD-PRajawat1: Perfect, that takes care of security.
VOD-PRajawat1: May i please confirm the number you want me to cancel for you ?
Toby: 07493 391xxx
VOD-PRajawat1: Thank you Toby for the number .
VOD-PRajawat1: Please allow me 2-3 minutes to help you .
Toby: great, thanks
VOD-PRajawat1: No worries , meanwhile i am working on it , may i ask if how is your day going so far?
VOD-PRajawat1: Thank you for being online Toby , we have a dedicated team to cancel the number for you . Please stay connected while i connect you to the team .
VOD-PRajawat1 has left the chat
Please wait while you’re being transferred to the appropriate team.
You are now chatting with Sienna
Sienna: Good afternoon Toby
you are chatting with Sienna , one of retention specialist hope you are doing well?
Sienna: Hi, are we still connected
Toby: yesw
Toby: Hi there, I’m trying to cancel one of my data ssims – I don’t need two any more.
Sienna: Sure I will check and help you accordingly.
Toby: many thanks
Sienna: My pleasure
May I confirm your email address, how many contracts you on this account and last two digits of your bank sort code?
Toby: turbotas@yahoo.com
Toby: 2 contracts
Toby: I’m sorry – I don’t ahve the sort code as I don’t know which bank account these are paid from
Sienna: No worries may I confirm your last bill amount?
Toby: if I click it- will the chat stay open?
Sienna: Yes it will be open if you need to check any other info please open a new window
Toby: Do you want the full amount of my last bill or just this one broadband account
Toby: £61.48
Sienna: Brilliant all correct.
Sienna: I am checking your account please stay connected.
Toby: no problem
Sienna: I have just checked both of your data Sim are eligible to get upgrade on any Tablet for free means you can go for a free tablet and then you can continue the plan with basic price which will be very low.
Toby: Hi, there. I don’t need two data SIMs at the moment, so I would like to go ahead and cancel 07493 391246
Sienna: Sure I will cancel one and would like to go for upgrade on second with a free tablet?
Toby: no thanks, £30 for the 50G seems fine for the other one.
Sienna: Okay let me check if I can make the same plan cheaper for you.
Sienna: I wish to inform right now you are paying old prices
Sienna: £30 for 50gb when new prices are launched so it will be beneficial to get upgrade the other Data sim on new price
Toby: I’m not sure that’s true – on the Vodafone website, it still says £30 per month for 50G and that’s what I pay now and the price is the same for 30 days or 12 month.
Sienna: You’re through to a specialized team that make sure customers like yourself will looked after and paying the right price to suit your needs.
Sienna: I can make a brilliant deal on other tablet
Toby: Hi there, I’m really sorry but we are not getting anywhere. I have to 30 day contracts and I just want to cancel one of them. The other SIM is just fine on 30 days fopr £30 per month for 50G. Thanks,
Sienna: The deal is 12 months
50 GB Data ,
*free 5g coverage
* Free Data capping
* Free Bill capping ( So that you will never be charged for exceeding the allowances )
* Free Flexi Upgrade to handset deal after just 90 days
* Free global Roaming and All data, minutes and texts can be used across Europe

The original cost of this plan is £30 every month However looking at your long term relation with Vodafone, I will give you this deal in Just £24 every month Inc VAT 🙂
Toby: NO! I don not want a one year contract.
Toby: Please, just cancel the one 30 day plan as asked.
Sienna: Sure It’s in process already but I wish to inform when on other you will pay £30 a months
why you would not like to go for cheaper price for £24 a months it will be a saving of £72 for you
Toby: No, It’s wont save me anything because I’m not likely to keep the other sim for a whole year. Plesae just cancel the one SIM and quit with the upsell.
Toby: I have 30 day plans becasue that’s what’s flexible for me.
Sienna: Let me check.
Sienna: You are on a contract with that plan so I am offering you the same deal in just £24 not to continue with £30 please try to understand
Toby: You would like to give me a free tablet by continuing on the same 30day plan for £24?
Sienna: Let me check if I can do that for you.
Toby: Hi there, sorry to hassle you – I’ve been at this chat window for a long time – can you confirm that the 07493 391246 SIM has now been cancelled?
Sienna: It’s in process just need to complete one or two steps more.

Sienna: The deal is 24 months With Amazing Free Huawei T3 8″
*Free 5g coverage
* With this handset you will get huge 50GB Data
* All data, minutes and texts can be used across Europe
* Free Flexi upgrade option for handset deal after 6 months anytime
* Free Vodafone Global roaming feature ( So that you will be able to use the allowances in abroad )
* also I will give you extra 12 months warranty for this handset worth of £180 absolutely free of cost.
* Free Data capping
* Free Bill capping ( So that you will never be charged for exceeding your allowances )
* Voicemail

The original cost of this plan is £27 every month I will make this deal for £21.60 a month for your loyalty discount
Toby: No. No contcract. I do 30 Day pay as you go only.
Toby: Huawei T3 is not that great a tablet, it’s only £109 to buy outright.
Sienna: I can do the same with Huawei T3 Media tab 10 as well check it please id that’s okay.
Toby: No. I just checked through the chat window: I have explained five times to you that I do not want a contract. I use 30 day only. You keep giving me the impression that you have a special deal and then try to get me to take a contract.
Sienna: Toby but I am giving you the same deal on cheapest price when you can save £9 a month with a free tablet outright cost for the second tablet is £140 in the market you can check.
Toby: No, No No. There will be no saving as I do not want a contract.
Toby: Has the SIM now been cancelled please?
Sienna: No it’s in process once it will done I will let you.
Toby: Is it possible to escalate to a supervisor please – I feel that you are not listening to me.
Sienna: It’s in process please stay connected.
Toby: Any news – why does it take so long to cancel a SIM?
Sienna: It’s done now
Thank you for your patience.
You will get confirmation text as I have cancelled.
07493 391246 this data sim for you.
Toby: Could you email me the chat please, it’s hilarious
Sienna: Sure I will help you to get the chat
I wish to suggest you will get one final bill for this subscription once it will complete for the cancellation within next 30 days and after that this will be disable from your account.
Toby: That’s fine, I expected one further bill for a 30 day notice account/.
Toby: It’s important that you understand that I started this chat wanting to cancel one SIM and it’s been so painful that all I want to do is cancel all my Vodafone SIMS.
Toby: So your retention team has had the 100% opposite effect.
Toby: https://turbotas.co.uk2019/10/15/poxy-vodafone/
Sienna: I am really very sorry I was trying to make a deal
I am really very sorry I know this may be not getting good flow but when I have checked the deals are coming more cheaper I was exited may be you will go for them sorry Sir.
Toby: But they were not cheaper – they were different deals and required me to sign a long contract. I explained that, but you carried on anyway.
Toby: for a loooong time.
Sienna: Oh I see When you told me about outright cost I was thinking that you are asking for a deal which will come with a tablet for good outright cost I am sorry.
Toby: I didn’t say anything about outright cost, I just said that I pay £30 for 50G and that I don’t have a contract and that I didn’t want a contract.

Bye Drupal

Although drupal has been great, it’s a real pain to keep up-to-date. Sadly drupal has lagged behind the curve in terms of the ability to self update. This means reasonably frequent root logins followed by un-tarring and copying directories, which is never pleasant.

We have been running a WP site for the last year and found updates to be completely painless, so as of today, the drupal sites have all gone bye bye. WP brings it’s own issues of course, but lets see how it goes!

Goodbye Mediawiki and thanks for all the fish..

So here we are in 2017 and I noticed that the wiki has not had an edit for around 3 years, but I still have had to bring it down every few months for security fixes.

So the time has come to kill the Whale – all the wiki content is now moved to articles on the CMS or deleted or published elsewhere and mediawiki has gone to feed the fishes.

It was a great collaborative tool in 2004 but I can do everything in a google doc these days and someone else is keeping that secure and patched (I hope!) .

It did make me realise how much content had no links in or out and thus was effectively invisible.

There is still a private wiki to wrestle with and vSprawl is presently wiki based. But this is at least a start in simplifying the estate a little.

Maltesers

I love Maltesers and can easily consume a large bag or even a box all by myself. Lately though I’ve noticed that the quality has lapsed. The little things are not round any more. Instead they now look like asteroids: they have irregular surfaces all over them.

Pretty annoying given that on the TV adverts they roll around on desks etc!

Try and contact Masterfoods (Mars) about this: You can’t! The website is awful and has not one single contact (Yes, none!)

Bah! Roll on cheaper lookalike product manufacturers prepared to make maltesers round again.

And Dumb Security Company of the day goes to…..

Argh, dammit, I can’t tell you.  But the imaginary conversation goes like this.

Me: “Hi security company, I see that you have an enterprise grade security product that my client has put at the heart of their enterprise?”

Dumb Security Company (DSC) “Yes, can I tell you about it, its great – it has elements that …”

Me: “No, no, please stop.  Anyway, the client tells me that your security products runs on Windows”

DSC: “Yes, that’s right we have a strategic relationship with Mi…”

Me: “Woah, thanks, got that, so my client needs to apply patches to the server that you run your product on?”

DSC: “Very good, patching is an important cyb….”

Me : “Gonna have to stop you again. But in this case your support people have told their support people that they must not install the critical OS patches or bad things might happen?”

DSC: “So stability is of para….”

Me: “Easy there tiger. So just to calibrate my BS detectors – You produce an enterprise grade security product that runs on a version of windows that you insist cannot be patched – in this case for more than a year?”

DSC: “…”

Me: “You, a SECURITY company make a SECURITY PRODUCT and then insist that the platform is NEVER PATCHED?

DSC: “…”

Me: “Do you KNOW how many critical issues there are for the platform that your system runs on?”

DSC: “…”

Me “Great, nice talking to you”.

And the lesson of the day is that just because patching is hard does not mean that it does not need to be done.  Yes, you will need to regression test your product.  Get on with it.  Make fixes not excuses.

New Password Hashing Method

Dammit, Bruce Schneier had a link this month to a password hashing competition, but I was too slow.  the link is here: https://password-hashing.net/

In the meantime it occurs that one way to try and defeat GPU based cracking is to increase the complexity of the hashing process so that it's harder to pipeline the functions on the GPU.

One way to do that would be to have per user based iteration counts where the actual number of iterations is decided within the hashing process itself, by using different hashing algorithms and by re-introducing the salt at various points in the iteration process.

The hashing version would define the total iteration count and each of two hashing algorithms. V1 would use an iteration count i of 100000, SHA-512 and Whirlpool-512.

  • Take the Password 'p', generate a random salt, 'r'
  • concatenate p and r.
  • iterate pr through Algorithm 1 for 1000 iterations to arrive at h incrementing i each time
  • take the last byte of h which is unpredictable but not random as x
  • concatenate the salt with h to get hs
  • iterate hs for x iterations through Algorithm 2 increming i each time
  • take the last bye of h which is unpredictable but not random as x
  • concatenate the salt with h to get hs
  • go back to Algorithm 1 unless the i is exceeded in which case h is the output hash

As part of the password test, the user has required to transmit the password.  This would be a great time to change the salt!  Yes, I mean it, so at the same time as we test the password, we also make a new hash from a new random salt.  if the password test succeeded, we store the new salt and hash.

WTF?  Why are we doing that?  If attackers have regular access to our user table the passwords all change a LOT more frequently, so it's harder to tell who has really changed their password. The disbenefit is that users that log in rarely will be plainly obvious.  An additional benefit if that if there is a need to move from V1 to V2, this will be done magically at next login.

Each concatentaion is a string function converting the 512 bit hash to a string and then adding another string to it.

 

Certificate CA pinning

With many MITM attacks, you get fake certs.  CA pinning would help to fix this: The browser would retain a copy of every cert that it gets in a local DB and if it gets a different cert next time you visit the same domain or if the signing CA is different, it gives you a warning.  Carry on at your peril.   This kind of attack is mainly the state sponsored threat actor: they have the resources and the clout to persuade a CA operator to sign a bogus cert and\or onsert themselves in DNS traffic.

Ok, so since writing this article, I have discovered Certificate Patrol Firefox plugin, which does exactly what I described above.  Just like all most great ideas – someone has had it already!  If you use firefox, go grab the plugin.