Wednesday, 16 September 2015


Given there are more and more things that want to take over your computer to do whatever they what,  whether it's to send spam,  steal bank and/or credit card details or in more recent cases ransom-ware like Cryptolocker and Cryptowall which prevent you from accessing your files unless you pay lots of money to decrypt them. 

Not all of them will be practical for everyone and is definitely not an exhaustive list of things you can do and there are plenty of other websites which will have similar recommendations. 

This is separated in to three parts, at your internet router, at your computer and finally a general section for things you can do to try and protect you from common issues on websites. 

Internet  Router

Firstly, if you have not already changed your routers login password from its default then change it. There are things that have been around for a few years which know how to log on to many routers and change the configuration on it so that nothing you do on any computer behind it can possibly be secure.  
At this point run a scan from's Shields Up service. A good result would be that there are no open or closed ports and all are stealth apart from those you have explicitly opened. 

While you are in there then consider changing the DNS servers from the ones your ISP has given you. A good example would be OpenDNS which you can configure it to prevent programs finding where their command and control servers are. Google also has DNS servers you can use. OpenDNS can also block other classes of sites so you can filter out inappropriate sites. 

If your router gives you sufficient control over firewall rules,  consider blocking or redirecting all DNS access other than to whitelisted DNS servers that you explicitly chose to use in the previous step. 

Turn off Universal Plug and Play in the router. This will prevent programs and malware from changing the firewall on their own without your knowledge. If you have devices like XBox which require it to be on then you may have to leave it on. 

Ensure encryption is WPA2 with a strong password.  It should not be WEP unless you have a device that cannot connect using the stronger WPA2. If necessary stick the password on a CD or USB Stick. 

Turn of Wifi-Protected Setup - it has numerous issues that mean it's not very secure. 

If your router allows you to segregate devices on their own network port then look at splitting things into different networks,  e.g. Guest network for friends, another for any "Internet of things" devices and another for your own devices like your computer, printer and phone. 

Update the firmware regularly to ensure that any security problems in the firewall that are fixed by the vendor are fixed.

Consider replacing router every few years if you haven't been getting updates to the router to fix security problems.

On Computer

Look Run as an un-privileged user for everything.

Install a decent anti-virus e.g ESET Nod32/ESET Smart security and keep it up-to-date.

To try and prevent things like cryptolocker then look at cryptoprevent. 

Keep all software up-to-date.  Windows Update.  Secunia PSI etc.

Uninstall/Turn off Flash
Remove java plugins in browsers

If you have the time and most of your software is signed with authenticode consider creating a Software Restriction Policy which prevents software that isn't whitelisted from running.

Consider running web browsers (and email clients) under sandboxie and explicitly limiting what the browser can read/write directly to.

Consider running an ad-blocker. Even if you don't care about adverts there are frequent reports of advert networks distributing adverts that have infected lots of computers.

If running Firefox consider running no script. 


Where a website provides two factor authentication use it - sites like Microsoft, Google, Facebook, Twitter, Linked in etc do and will send you a text message for you to enter when you log in.

If you have a Facebook 'Page' consider setting up another admin user as an owner that has a secure password etc so you can disable your main user if it gets compromised.

Have a different password per site - consider using a password manager like LastPass to keep track of your passwords so you can use a strong password that is harder to guess.

For sites like Facebook and Twitter which allow you to log in to other apps and websites then review the list of connected apps and revoke any that you do not recognise. Additionally if an app you are connecting is demanding to post on your behalf then until you trust it then set it so that "only me" is set as to the visibility of the posts. 

Wednesday, 26 December 2012

Desert Island Books

Appeared in the ACCU magazine CVu, Vol 24 Issue 4, Sept 2012

Its difficult to choose which technical books I'd want to take. I have a library of books that I've collected over the years, many of them are becoming increasingly obsolete. I have no intention of taking Petzold's Programming Windows 3.11 no matter how useful it was at the time. Just thinking about the segmented memory model and the complexities of near far and huge pointers just makes me feel ill. And that’s before trying to wrap my head around the craziness of Hungarian notation.

My first real computer was an Acorn Electron. My brother taught me BBC BASIC and started off writing games in that. After a while ran into issues of both speed and code size so started learning 6502 assembler and slowly switched to using that. It was here where my first book, 'The Advanced User Guide for the Acorn Electron' became incredibly useful. I remember spending ages looking at the memory maps finding where there was space to put code when in the graphics modes and when attached the floppy drive where code could be put that would survive a reboot, so that could get around the copy protection on some tape games and re-save them out to the floppy.

Skipping forward to my first job programming in C++, here there are quite a few books and it is more difficult to choose which one to pick. Stroustrup's C++ Programming language, Meyer's Effective C++ and its sibling More Effective C++ and Sutter's Exceptional C+++ and More Exceptional C++ rank highly in terms of teaching me things. of the three I probably gained the most out of Exceptional C++. To this day the models of exception safety the books introduced me to serve well in other languages.

Skipping forward many years, and changing more to a mixed C++ and C# world Chen's The Old new thing provided lots of valuable insight into why things in Windows work the way they do and how much goes on behind the scenes for compatibility purposes.

For current its a lot more difficult. There is no book that stands out. The Effective C# and More Effective C# books while good aren't as good as their c++ counterparts. JavaScript the good parts, I couldn't find the good parts. Working with legacy code was good, but largely overlaps various other books that I have.

Am tempted to pick something I haven't read, so will learn something new while on the island. This is more difficult as I'd ideally want something that will be useful. Perhaps a book on raft building, or planning. Growing object orientated software guided by tests would be an interesting one that has been recommended by many and has been sat on my desk waiting to be read for months. I would go for something that would allow me to learn a new language, but without a computer that could get quite frustrating, so something that I can do without a computer, but with endless drawings in the sand. On this basis, I'll take Schneier et al's Cryptography Engineering: Design Principles and Practical Applications so can work through the examples, and be in a better position to know if what I'm working on makes sense or is fundamentally flawed.
In terms of novels, this is the easiest choice of the lot - Good Omens, written by two of my favorite authors Terry Pratchett and Neil Gaiman. Novels written by either I enjoy, but this one written together has me laughing from start till finish.

Given I've got two albums I think I'll partially cheat and get an album that’s long that I've loved for years - Pink Floyd's The Wall, which feels at least as relevant as it was when it first heard it. As I've also seen both the film version and live with the Roger Waters tour in 2011, I can remember/re-live the different experiences I have had of it.

The second album I've found difficult to choose and at one point was thinking of flipping coins to choose one as there's no one album where I really like everything on it. Two Pink Floyd albums would be too much to take. Counting crows, Madness, Ke$ha, Nelly Furtado, Queen all out as I have to be in the right mood to listen to. Perhaps I should pick something so abhorrent so that it forces me to build a raft and get off the island as soon as possible rather than lying back and relaxing. Although a Justin Beiber CD would fit this it might be too much and I would try swimming without the raft. Wish I could have remembered to pick up my MP3 player stuffed full of music and this wouldn't be having this problem.

In the end I'm going to settle for Seven Mary Three's Rock Crown. Their other albums may have sold better, but of their albums this is the one I like the most.


The Advanced User Guide for the Acorn Electron
Adrian C. Dickens BA, Mark A. Holmes BA
ISBN-10: 0947929037
ISBN-13: 978-0947929039

Effective C++: 50 Specific Ways to Improve Your Programs and Design (2nd Edition)
Scott Meyers
ISBN-10: 0201924889
ISBN-13: 978-0201924886

The Old New Thing: Practical Development Throughout the Evolution of Windows
Raymond Chen
ISBN-10: 0321440307
ISBN-13: 978-0321440303

Cryptography Engineering: Design Principles and Practical Applications
Bruce Schneier, Niels Ferguson, Tadayoshi Kohno
ISBN-10: 0470474246
ISBN-13: 978-0470474242

Good Omens: The Nice and Accurate Prophecies of Agnes Nutter, Witch
Terry Pratchett, Neil Gaiman
ISBN-10: 0552137030
ISBN-13: 978-0552137034


The Wall
Pink Floyd

Rock Crown
Seven Mary Three

Sunday, 29 July 2012

Oops Something Went Wrong!

In the web 2.0 world where everything now is in html and javascript and if lucky a mobile application, we have lost something very important on the way.

Reliability over low quality networks.

When everyone had to use unreliable modems, lots of people use to run their own email servers and other things which would store the email locally and send in the background when there was a better connection.  Now using web based clients, the network goes down for any reason you loose the email.

Messaging and chat clients would store and forward messages whether or not the person the other end was online.  Now in msn messenger can't send to offline people... and Facebook's messaging frequently says "oops something went wrong" for no obvious reason.

Mobile apps fare little better. They seem to mean mobile, with a perfect internet connection.  Many applications just die or disappear if lose connection, sadly just walking a few miles shows that there are many places that there isn't good enough data signal to do anything. And there is no real difference whether that is in a town or in the countryside.  Even apps that should have no need for internet access sometimes fail because its not there.  As an example, The Kindle app on Windows Phone 7 will freeze if you are silly enough to try and read a book when on the tube as it cannot synchronize with Amazon.

So, as developers what do we need to do? Should we be following Google's example and providing offline versions of our web enabled content?  Googles offline documents and email are ok, but it needs to be seamless, and ideally not need to both set something up to be able to work offline and then remember to go to a special page like Docs when shared are shared to the on-line version, not the offline version.

Before broadband became ubiquitous in the towns and cities where most developers live or work, I remember using traffic shaping devices to explicitly set up test and development environments so we could experience things how our users would and know when we'd started doing things that would make things unbearably slow for users.

Certainly with the Windows Phone development tools and I presume with both iPhone, Android and other mobile platforms the development/test environment is on a normal desktop or laptop machine, which will usually have pretty good access to the internet. We need an equivalent of the traffic shaping systems ideally built into the test\emulation environment which also add optional poor internet connectivity to expose these issues.

Saturday, 28 April 2012

ACCU 2012 Getting into git

.git/config - may need to edit as global config stuff, e.g. for aliases

git fetch origin
git merge origin/master

rather than

git pull origin

ACCU 2012 Data-flow Parallelism

Data Flow Library - Parallel Pixie Dust

Mid 50s first parallel computer

How to implement multi-threaded debuggers - very difficult - uses difference states, but not complete answer.

PPD - for general purpose threading.

for_each - best to make linear and avoid locks
accumulate needs to be both comutative and associative.

Consider: swap pointers not actual data items. also std::move in C++11.

Need to look at the design or algorithms mainly so they can be parallelized.

ACCU 2012 C++ threading

#include <future>
#include <iostream>

int main()
   thread_t t(...);

   // needs to join or detach othewise std::teminate

void hello(std::string const & x)
   std::cout << "Hello " << x << std::endl;
int main()
    std::string s = "world"
   // hello could also be a lambda
   auto f=std::async(hello, s); // passed by val. use std::ref or std::cref to pass by ref

  // may also need to wait or may/may not get executed.
  // if hello returns a value can retrieve it using f.get().

  // invocation decided at time of creation, based on launch policy - which can be based on what is going on e.g depends on how many, or hard coded by compiler
With std::async exceptions also passed back to invoking thread is either same or copied type. may also be something like std::bad_alloc, if cannot copy the exception. msvc copies the exception. gcc ref counts exception internally. will lose exception context on tfr back.

With std::thread will terminate program if uncaught in thread.

Can use a std::promise to get values back. calling promise.get_future().get() will get the value. will block until the promise has been promise.set_value(42). cant set_value multiple times.

shared_future - last one in scope will wait, if nothing has waited before.
locking multiple locks

order of multiple locks at one time, use std::lock. e.g order of locks wiill be same for std::lock(l1,l2,l3) and std::lock(l3,l2,l1) then need to do:

std::lock_guard<> lock_from(l1, std::adopt_lock);
std::lock_guard<> lock_from(l2, std::adopt_lock);

Thursday, 26 April 2012

ACCU 2012 Making Jenkins Better

Clock skew can be problem in Jenkins with regards to source control/building.

Modify build to integrate better with jenkins too
  • -> to take advantage of exsiting things e.g. graphs of tests
  • plot compiler warnings etc
Add custom job templates for common things. by default gives options for everything under the sun. -> create plugin to fill of everything
-> pull out branches
-> where to deploy to overnight
-> list of current jobs etc

-> add release notes to builds pulled from source control with details from bug tracking system etc. open/completed etc

Plug ins for doing release e.g build number, tag branch, email, deploy

Not radical step - like writing a make file, but for jenkins.

Plugins use maven as config
-> needs to have the jenkins plugin for maven -> pointing at the jenkin ci repositories. see jenkins website

mvn hpi:create

-> groupid of plugin - package name
-> artifact - plugin name

creates in folder <artifact> in current dir
with pom.xml and a src folder with a builder (

mvn hpi:run to run -> spins up jenkins creates a job step "say hello world"

Builders build and run in defined sequence
Publishers publis in whatever sequence jenkins decides internally

Plugin is a package and extensions are within that

publishers are what you write most of as most builders are already written.

When publishing you need to create a build action and add to project.