With the latest revelations of huge severance payouts and outrageous holiday payments for the departing of the Princess Redford staff, combined with the "private penthouse" for the Princess (not even done and some $21 million over budget), I think its safe to say that the PC Alberta party has firmly over cooked their own goose.
The burnt and fried carbon remnants of the party will probably have their butts kicked out of provincial politics, with only a few people getting re-elected in the next Provincial election.
Clearly, the Wild Rose will probably form the next government, given their standings in the polls. For whatever polls are worth, of course.
With that said... it is time for EVERY Alberta party to jump on the band wagon, and take the concept of the "sunshine" list, and put some numbers next to what each job listed, will pay. For the most part, all of those jobs need a huge reduction in wages.
More importantly, any "contracts" created by the "new" government, must eliminate these huge severance payouts. What is happening now is WAY out of line with what the private sector does. I recall hearing, for example, that the AHS head side of things, will get 1 months severance for every month worked, up to a maximum of 12 months. Something in excess of a half a million dollars.
What's more appropriate would be one months severance for each year worked. With no "holiday pay" payout.
Even more critical in all of this, is the requirement for recall legislation. It is the ONLY tool the taxpayers have at their disposal, to force the elected politicians into keeping the promises they made, On top of that, we need to make sure that a promise is also practical.
The people have had enough with the lies. And even more than enough of the costs.
Post created March 28, 2014 . . . updated May 6, 2014
Please note, I am personally not leaning towards or against any party at this time. I'm not sure that I have any form of trust for any of them, and THIS is their opportunity to stand out and shine. It's really pretty easy.
1) Pick some of the top jobs from the sunshine list, and put dollar values on them.
2) Guarantee there will be no fancy contracts with huge payout clauses.
3) Define what an appropriate severance would be, generically, like above.
4) State your stance on recall legislation.
It's not that hard to do, is it? I will take any "failure to respond" as a signal that your party will continue on in the ways of deceit, manipulation, and distrust.
May 8th update
Public service should be about serving the public, not about taking a job for 4 years and expecting to retire off of the taxpayers backs. No offense, just saying. Elected officials are one thing, staff for them is a totally different issue. I personally can't see any job staff would do, that would qualify for more than about $150k a year. I know we are not the "USA", but consider the White House Chief of Staff, one of the top jobs. And the pay for that. I would suspect that job is a lot more detailed than anything we would be doing here in Alberta. Maybe I'm wrong, I honestly don't know. Your thoughts on this would be appreciated, I'm always willing to learn. :)
May 23 update
If you don't want to post a full out reply here then at least respond with a link to your party's website with the appropriate details.
Getting back to some basic common sense values for life, politics and justice. Encouraging honesty, integrity and accountability within all levels of Government, along with the transparency of the processes used to reach the decisions made.
Friday, March 28, 2014
Tuesday, March 25, 2014
When good service turns bad
Last month I did a blog post on good service. Sadly, sometimes good service turns into a disaster. I have sat and pondered the circumstances for over a week now, because I wanted to give my frustration level a chance to simmer down.
After leaving Derrick Dodge from the original trouble shooting they performed (which was covered in my previous post listed above) on the Cirrus, I returned home and spent a few days going over the information. Following the advice of the shop foreman, I had a friend come over to assist in isolating out the various sensors. According to the diagnostics done by Derrick Dodge, they stated that the 5 volt sensing line appeared to shorted out, so the hunt was on to find either a bad sensor or damaged wiring.
After spending considerable time testing the sensors and the 5 volt line, we got down to the last sensor in the system. No faults were found, and during the entire process, the 5 volt line was always there, never missing. So the information provided by Derrick Dodge was not accurate. An email was sent back describing the events, and I had asked for additional suggestions. The response sent back was basically "we gave you the free time so if you want more, bring it in and pay for it"..
Sigh. Ok, I understand but.. what I was told wasn't right. I wasn't too thrilled with the idea of spending more money based on an inaccurate diagnosis, so over the next few days I was able to determine that the issue was more than likely a faulty PCM (power train control module) unit. I was able to track down a replacement, and once that was installed, all of the components "signaled" properly, and the annoying "check engine" light and other fault lights disappeared. Success!!
Arrangements were made with Derrick Dodge once again, to take the Cirrus back in for an outstanding warranty recall notice, and to get the required insurance inspection done for the insurance company. I was told they had to work on the shifting console area on the floor, and that section had to be removed for them to do the recall work. Since this was going to take several hours, their shuttle folks gave me a ride back home.
I received a phone call, stating their were problems. Apparently the car died when they were moving it into the shop. They were only able to get a portion of the recall work done, but they did complete the inspection. I was told that both front wheel bearings needed replacing (very strange) but other than that, the rest of the car was in mint condition (at least as far as the insurance inspection was concerned). They had to do a diagnosis on the "dead" problem, which of course, was going to cost me. Naturally, I had no choice but to authorize that.
I was contacted later, and told that a sensor had failed, which would not allow the car to start. Their parts and labor costs were insane, so I asked if I could replace it myself, on their lot. They agreed to allow that. So I acquired the part for free, and took the necessary tools with me to jack up the car, support it, and do the work. I figured 15 minutes, since the sensor was only held in by one bolt, and could be easily accessed from under the car. And the weather that day was wonderful. When I got to their lot however, I found that they parked the car in a location in the lot, that was on a severe slant. I cautiously jacked up the car, put a jack stand under it for support, and crawled under. The height I had it at wasn't dangerous at all, but the fact it was parked on a slant, on ice, and that it was on a corner in the lot where all other traffic went by to get out, was a major concern. I thought about moving the car, and I tried to start it "just in case"... but, there was nothing. I mean total dead battery nothing. WHAT THE... This was a brand new battery put in just 2 months ago. I went back into the service reception area. Admittedly I was not in the best of moods. Why they choose to park the car in the worst spot possible, was beyond me. And of course, "they" did nothing to cause the battery to die but they did immediately offer to diagnose it, at a cost of course. Something which made me even more upset. I declined their kind offer to charge me more, and asked to have someone come out to boost it.
I had to get the car on level ground. I needed another 3 or 4 inches in height off the ground, to be able to gain access to the sensor. The boost battery came out, and of course, the car refused to start. I got out of the car, frustrated. I told the kid with the boost battery to forget it, and he disconnected it. I pondered on how to move the car and pushing it was the only option. So I went to get back in and... the car was locked. And... they keys were inside. The removal of the boost battery caused a spike which locked the car doors. I was not impressed. And I was getting cold. Almost an hour into a 15 minute job, and I couldn't take any more. So I put the car back on the ground, packed up the tools and went back inside to the service reception. I gave them the replacement sensor, told them the car had locked, and left it up to them to figure it out and to replace the supplied sensor. At which point, I left... frustrated and cold.
I picked the car up the next day, having to pay for the insurance inspection and the "dead diagnostic" time. Just over $160. I talked with the inspection mechanic, who was ecstatic about the great shape the car was in.I asked him to explain the "test" for the bad bearings, and asked if there was any objection to used parts instead of new ones, and he said that was no issue. They also completed the warranty repairs but.. and yes, there is another but... they couldn't get the key removed from the ignition. They were more than happy to charge me to find out why, but I declined that. I did pay another $104 for them to replace the sensor.
While in the dealers lot, I tried to check the key issue out. The key would not even move to the position for removal, it was blocked by the transmission interlock assembly. Frustrated, I took it back home so I could figure this out. And of course, being pot hole city, the ride back was bumpy. When I got back home, I put the car in the garage, turned it off, and pulled the key out. WHOA.. say what? Yup, I took the key out.
It seems there is an interlock cable that links up to the floor console shifter unit. (you know, that area they had to work on for the warranty recall stuff) Whatever it was they were working on, this cable or mechanism was bent or kinked or out of place. And the bumpy ride home moved it around enough so that it allowed it to work properly again. I tested this theory out, by putting the key back in again, and not "quite" putting the car back into park, after moving the shift lever. Sure enough, the key was stuck in the same position, not allowing it to turn far enough to get to the position to remove it. By pushing the shift lever firmly into the park position, I heard the locking mechanism release, and the key was allowed to turn the rest of the way to remove it. And to think Derrick Dodge wanted to pull my steering column apart because THEY figured a pin or spring inside the ignition lock had failed. Well, if THAT were indeed the case, then the key would have turned all the way to the removal position.
Anyway, it was time to concentrate on the bad wheel bearings. I tested the passengers side and noted a small wiggle. I then checked the repair book and found the nut holding the bearing in place was supposed to be torqued to 180 foot pounds. Our impact air gun would only do about 130, which is what I had used to tighten it last time it was worked on a few days back. So out came the torque wrench, and it was snugged up. The wiggle disappeared. I then checked the drivers side and found NO wiggle at all. To be safe, I used the torque wrench on that, and it would not budge any more.
I made arrangements, and booked another appointment to "re-test" these 2 bearings. A simple 5 minute job to put it back up on the hoist, jack up the front tires, and "wiggle" test them. That was at 1 pm. At 4 pm, I was told the car was done, and that it had passed the inspection. I was then told "oh, didn't we tell you there would be an additional charge for that... another $35 please".
Um.. NO.. you never said that. As a matter of fact, when I paid for the insurance inspection, I stated at that time "so all he has to do is a quick re-test of the 2 front wheel bearings, since I already paid for the inspection, yes?".. And "yes" was the answer. Why did it take 3 hours to do a 5 minute job? Why was I not told when I brought it in at 1 pm that there was going to be more charges? Why wait until after?
Anyway, I paid the additional fee, got the paperwork I needed for the insurance company and left.
Nice to know I didn't have to pay in excess of $550 to replace front wheel bearings, when one side simply wasn't tightened enough, and nothing was wrong with the other side at all. Maybe the inspection fella felt that if one was bad, then probably the other one should be replaced just to be safe.
What I find most strange is... I generally didn't have "problems" until after Derrick Dodge had the car. It started fine all the time, even before the PCM was replaced.
The inspection fella said he thought maybe the nut might not be tight but he did a quick check and it seemed ok.
The battery was brand new, but they never did anything to make it go dead. Yet they were more than happy to offer to diagnose it, for a fee.
And they were more than happy to offer to pull apart the steering column to fix the key issue. Which was never once an issue before.
I will, on my own time, pull apart the shifting console, and properly fix the adjustment so the key doesn't get stuck again. It still has an issue if I don't "firmly" put it into park. Their own notes on my service invoice state they in fact did this exact step.
It seems like every time I took it in for "one thing", another problem magically appeared. Perhaps coincidence. I'm not saying they created some "make work" projects at all, but the circumstances are certainly strange. I do have to add in however, that a new "clunk" is now there, that was never there before my last visit. Turning the wheel, and backing up now gives this new noise. I think I will find that and fix it myself.
While I am grateful for the staff labor rate charged, the appearance of the additional work that needed to be done, including the offer of being charged to fix their own mistakes, has turned having stuff done at Derrick Dodge from a dream into a nightmare.
p.s. No, I'm not looking for any refunds etc.
After leaving Derrick Dodge from the original trouble shooting they performed (which was covered in my previous post listed above) on the Cirrus, I returned home and spent a few days going over the information. Following the advice of the shop foreman, I had a friend come over to assist in isolating out the various sensors. According to the diagnostics done by Derrick Dodge, they stated that the 5 volt sensing line appeared to shorted out, so the hunt was on to find either a bad sensor or damaged wiring.
After spending considerable time testing the sensors and the 5 volt line, we got down to the last sensor in the system. No faults were found, and during the entire process, the 5 volt line was always there, never missing. So the information provided by Derrick Dodge was not accurate. An email was sent back describing the events, and I had asked for additional suggestions. The response sent back was basically "we gave you the free time so if you want more, bring it in and pay for it"..
Sigh. Ok, I understand but.. what I was told wasn't right. I wasn't too thrilled with the idea of spending more money based on an inaccurate diagnosis, so over the next few days I was able to determine that the issue was more than likely a faulty PCM (power train control module) unit. I was able to track down a replacement, and once that was installed, all of the components "signaled" properly, and the annoying "check engine" light and other fault lights disappeared. Success!!
Arrangements were made with Derrick Dodge once again, to take the Cirrus back in for an outstanding warranty recall notice, and to get the required insurance inspection done for the insurance company. I was told they had to work on the shifting console area on the floor, and that section had to be removed for them to do the recall work. Since this was going to take several hours, their shuttle folks gave me a ride back home.
I received a phone call, stating their were problems. Apparently the car died when they were moving it into the shop. They were only able to get a portion of the recall work done, but they did complete the inspection. I was told that both front wheel bearings needed replacing (very strange) but other than that, the rest of the car was in mint condition (at least as far as the insurance inspection was concerned). They had to do a diagnosis on the "dead" problem, which of course, was going to cost me. Naturally, I had no choice but to authorize that.
I was contacted later, and told that a sensor had failed, which would not allow the car to start. Their parts and labor costs were insane, so I asked if I could replace it myself, on their lot. They agreed to allow that. So I acquired the part for free, and took the necessary tools with me to jack up the car, support it, and do the work. I figured 15 minutes, since the sensor was only held in by one bolt, and could be easily accessed from under the car. And the weather that day was wonderful. When I got to their lot however, I found that they parked the car in a location in the lot, that was on a severe slant. I cautiously jacked up the car, put a jack stand under it for support, and crawled under. The height I had it at wasn't dangerous at all, but the fact it was parked on a slant, on ice, and that it was on a corner in the lot where all other traffic went by to get out, was a major concern. I thought about moving the car, and I tried to start it "just in case"... but, there was nothing. I mean total dead battery nothing. WHAT THE... This was a brand new battery put in just 2 months ago. I went back into the service reception area. Admittedly I was not in the best of moods. Why they choose to park the car in the worst spot possible, was beyond me. And of course, "they" did nothing to cause the battery to die but they did immediately offer to diagnose it, at a cost of course. Something which made me even more upset. I declined their kind offer to charge me more, and asked to have someone come out to boost it.
I had to get the car on level ground. I needed another 3 or 4 inches in height off the ground, to be able to gain access to the sensor. The boost battery came out, and of course, the car refused to start. I got out of the car, frustrated. I told the kid with the boost battery to forget it, and he disconnected it. I pondered on how to move the car and pushing it was the only option. So I went to get back in and... the car was locked. And... they keys were inside. The removal of the boost battery caused a spike which locked the car doors. I was not impressed. And I was getting cold. Almost an hour into a 15 minute job, and I couldn't take any more. So I put the car back on the ground, packed up the tools and went back inside to the service reception. I gave them the replacement sensor, told them the car had locked, and left it up to them to figure it out and to replace the supplied sensor. At which point, I left... frustrated and cold.
I picked the car up the next day, having to pay for the insurance inspection and the "dead diagnostic" time. Just over $160. I talked with the inspection mechanic, who was ecstatic about the great shape the car was in.I asked him to explain the "test" for the bad bearings, and asked if there was any objection to used parts instead of new ones, and he said that was no issue. They also completed the warranty repairs but.. and yes, there is another but... they couldn't get the key removed from the ignition. They were more than happy to charge me to find out why, but I declined that. I did pay another $104 for them to replace the sensor.
While in the dealers lot, I tried to check the key issue out. The key would not even move to the position for removal, it was blocked by the transmission interlock assembly. Frustrated, I took it back home so I could figure this out. And of course, being pot hole city, the ride back was bumpy. When I got back home, I put the car in the garage, turned it off, and pulled the key out. WHOA.. say what? Yup, I took the key out.
It seems there is an interlock cable that links up to the floor console shifter unit. (you know, that area they had to work on for the warranty recall stuff) Whatever it was they were working on, this cable or mechanism was bent or kinked or out of place. And the bumpy ride home moved it around enough so that it allowed it to work properly again. I tested this theory out, by putting the key back in again, and not "quite" putting the car back into park, after moving the shift lever. Sure enough, the key was stuck in the same position, not allowing it to turn far enough to get to the position to remove it. By pushing the shift lever firmly into the park position, I heard the locking mechanism release, and the key was allowed to turn the rest of the way to remove it. And to think Derrick Dodge wanted to pull my steering column apart because THEY figured a pin or spring inside the ignition lock had failed. Well, if THAT were indeed the case, then the key would have turned all the way to the removal position.
Anyway, it was time to concentrate on the bad wheel bearings. I tested the passengers side and noted a small wiggle. I then checked the repair book and found the nut holding the bearing in place was supposed to be torqued to 180 foot pounds. Our impact air gun would only do about 130, which is what I had used to tighten it last time it was worked on a few days back. So out came the torque wrench, and it was snugged up. The wiggle disappeared. I then checked the drivers side and found NO wiggle at all. To be safe, I used the torque wrench on that, and it would not budge any more.
I made arrangements, and booked another appointment to "re-test" these 2 bearings. A simple 5 minute job to put it back up on the hoist, jack up the front tires, and "wiggle" test them. That was at 1 pm. At 4 pm, I was told the car was done, and that it had passed the inspection. I was then told "oh, didn't we tell you there would be an additional charge for that... another $35 please".
Um.. NO.. you never said that. As a matter of fact, when I paid for the insurance inspection, I stated at that time "so all he has to do is a quick re-test of the 2 front wheel bearings, since I already paid for the inspection, yes?".. And "yes" was the answer. Why did it take 3 hours to do a 5 minute job? Why was I not told when I brought it in at 1 pm that there was going to be more charges? Why wait until after?
Anyway, I paid the additional fee, got the paperwork I needed for the insurance company and left.
Nice to know I didn't have to pay in excess of $550 to replace front wheel bearings, when one side simply wasn't tightened enough, and nothing was wrong with the other side at all. Maybe the inspection fella felt that if one was bad, then probably the other one should be replaced just to be safe.
What I find most strange is... I generally didn't have "problems" until after Derrick Dodge had the car. It started fine all the time, even before the PCM was replaced.
The inspection fella said he thought maybe the nut might not be tight but he did a quick check and it seemed ok.
The battery was brand new, but they never did anything to make it go dead. Yet they were more than happy to offer to diagnose it, for a fee.
And they were more than happy to offer to pull apart the steering column to fix the key issue. Which was never once an issue before.
I will, on my own time, pull apart the shifting console, and properly fix the adjustment so the key doesn't get stuck again. It still has an issue if I don't "firmly" put it into park. Their own notes on my service invoice state they in fact did this exact step.
It seems like every time I took it in for "one thing", another problem magically appeared. Perhaps coincidence. I'm not saying they created some "make work" projects at all, but the circumstances are certainly strange. I do have to add in however, that a new "clunk" is now there, that was never there before my last visit. Turning the wheel, and backing up now gives this new noise. I think I will find that and fix it myself.
While I am grateful for the staff labor rate charged, the appearance of the additional work that needed to be done, including the offer of being charged to fix their own mistakes, has turned having stuff done at Derrick Dodge from a dream into a nightmare.
p.s. No, I'm not looking for any refunds etc.
Thursday, March 13, 2014
Alberta Politics comes crashing down
With all of the dirt flying from the Redford team, I think it's pretty clear that the people don't want her as Premier anymore. The PC's need to toss her out.
I find little point in stating all of the reasons, because the list is endless. The question is, what to do now, and what to do at election time.
I will say at this point, I trust no party, and no leader. The political grandstanding by them all, has been shameful. And I'm honestly sick and tired of hearing what will be done just to get elected, and then coming up with excuse after excuse to not do things. At the same time, the "other hand" is doing all of the crap behind closed doors.
Iveson pulled the same bullshit, and of course we have Harper... all of it is enough to make one scream.
What I would like to see, is for a party to stand up to the plate and make some sound promises. In writing. I want to see recall legislation implemented within the first 100 days, to force some integrity back into the system. I want to see the ruling party bring in 1 or 2 members of the other parties into major meetings, and to sit back and listen to the ideas from ALL of the parties.
Time after time after time, many excellent suggestions have come from other parties, and the ruling government has snubbed their noses in the air at them, because THEY didn't think of it.
That has to stop.
We elect people to represent US, not to represent a party or party politics. Those who get voted in MUST have the freedom to represent the people that elected them. And if those people are saying "don't do this", then those members MUST express that vote in the legislature.
Enough is enough.
I'd also like to see some form of legislation that requires those elected, to hold regular town hall meetings of some type. Certainly when major bills are being discussed, or perhaps every 9 months or something. I don't know what a good time frame would be, all I know is, its time those elected started listening.
If you want MY vote, and you want to be trusted by the PEOPLE... then you need to make these promises in writing, and you need to do it NOW.
I find little point in stating all of the reasons, because the list is endless. The question is, what to do now, and what to do at election time.
I will say at this point, I trust no party, and no leader. The political grandstanding by them all, has been shameful. And I'm honestly sick and tired of hearing what will be done just to get elected, and then coming up with excuse after excuse to not do things. At the same time, the "other hand" is doing all of the crap behind closed doors.
Iveson pulled the same bullshit, and of course we have Harper... all of it is enough to make one scream.
What I would like to see, is for a party to stand up to the plate and make some sound promises. In writing. I want to see recall legislation implemented within the first 100 days, to force some integrity back into the system. I want to see the ruling party bring in 1 or 2 members of the other parties into major meetings, and to sit back and listen to the ideas from ALL of the parties.
Time after time after time, many excellent suggestions have come from other parties, and the ruling government has snubbed their noses in the air at them, because THEY didn't think of it.
That has to stop.
We elect people to represent US, not to represent a party or party politics. Those who get voted in MUST have the freedom to represent the people that elected them. And if those people are saying "don't do this", then those members MUST express that vote in the legislature.
Enough is enough.
I'd also like to see some form of legislation that requires those elected, to hold regular town hall meetings of some type. Certainly when major bills are being discussed, or perhaps every 9 months or something. I don't know what a good time frame would be, all I know is, its time those elected started listening.
If you want MY vote, and you want to be trusted by the PEOPLE... then you need to make these promises in writing, and you need to do it NOW.
Wednesday, March 12, 2014
Computer Security, Big Brother and the Cloud
I suspect I may be biting the hand that feeds me, because in essence, this post will contain some observations about Google, and of course the "blog spot" site this blog is on, is a Google product. This post is also about a lot more.
Some time back I did a blog post here, on routers, router hacking, back door commands, and other interesting things. I was doing some emailing with a friend in Germany and I wanted to hunt that post down for him. Yet for some reason I can't find it. I know I didn't delete it. I have never deleted any of my blog posts, no matter what the topic or results have been. Yet .. .. .. it's gone. With that said, I'm going to post this information again, with a bit more detail and advice. :)
I've been around the block with computers. 35 (or so) years of building, supporting, and programming them does give me a little insight on how they operate. I myself am certainly not a "hacker" per say. And I don't profess to be a real security "expert". I know enough to know some of the simple things to watch for, and how to go about protecting against them, to the best of my simple abilities.
Back in the summer of 2012, I did a screen shot of a program I use called WallWatcher. This program monitors my router, and reports in real time, all of the incoming and outgoing connections, the protocols used, the remote and local IP addresses involved and port information for all of the packets sent, or attempted to be sent. It also reports attempted connections in both directions.
I was having a terrible time with internet stability, and quite often... just going to Google Dot Com, my system would freeze up. My router would at times, go into an infinite loop of cold starts, which made all forms of communications impossible. Other times, there would be a "hiccup", and some stuff would come back. I realize some of you are going "huh?" so let me explain.
Within the configuration pages of your router (most people have one of those now) are places where you can do things like port forwarding, and allowing certain ports to be open that normally would not be. If you are a gamer, you are probably aware of what I mean. :) When you make a change in one of these configurations and hit the "save" button for it, the router stores those changes and then sends out (whats refereed to as) a "warm start" command. This allows the changes to be applied, usually without affecting any other things you have going on. Kind of like plugging in a USB device with your computer system running. A cold start, is essentially the same thing as taking the power away from the router. No power, no communications.
Anyway, I checked my WallWatcher program, and took this screen shot of what happened back in June of 2012.
The entries in yellow, are the router reset commands being performed. If you notice that really long entry in the message area, you can see that it's going to some absurdly weird place at google. And immediately, it went into a cold start. I did nothing more than opening a web browser, and went to google. I did no search, entered nothing in the search area, pressed no buttons. .. .. and my router was attacked. I say "attacked" because doing a remote cold start is something restricted to higher end routers, and should by all definition of security, only be allowed by a top level system administrator that has been authorized to do those functions. My router is not "high end", and sure as hell Google is not authorized for anything of this nature.
I also use another program called PeerBlock. It's great "open source" software, that I use to stop annoying advertising, and other such things. Anyway, over several months, I have built up a list of many IP addresses that I have (painfully) encountered, of many MANY other sites that also send out weird code to cause my router to cold start. They ALL have that same form of really long weird name, and for the most part, those IP's belong to systems that are a part of "the cloud" network.
When clouds first started appearing on the internet many years back, hitting one of them would at times, bring up a pop-up box with legal terms about what a cloud is, what you are allowed to do, etc. One of the things mentioned in that agreement, was that cloud servers by default, are allowed to control ports in your computer, supposedly in order to enforce the rules of the server. And around the same time in technology, newer routers began appearing on the market, replacing older models.
Older routers had a feature where you could enable "remote logging", which allowed the router to report what it was doing, to an internal port on the system. This is the feature that WallWatcher and other log reporting software uses, to display "in english" what is going on. A super powerful thing to have, for those wanting to know whats happening. All of the newer routers have had that feature removed.
Oh sure, you can still get a log report, the manufacturers tell you. But you have to open your router configuration page, go to the report page, and open the report, which appears in a web browser. And it only shows a few things, with the information being 'static', not in real time. In order to get the current information, you have to refresh the webpage. Hell, if you refreshed the page even every 5 seconds, you could easily miss thousands of "hits". So all of the router manufacturers have essentially left you in the dark. On purpose.
Why? Well, with the cloud now being out, they didn't want to cause people any worry about their ports being accessed, and a real time log display couldtend to spill the beans cause concern for end users. After all, what you don't know, won't hurt you.
If you think cloud servers are still cute, then open your router log webpage and note the information. Then go to a known cloud server webpage in a new browser window. Go back to your router configurations, change or make up some port setting changes, enable them (you can clear all this later) and save the changes. Go back to your router log file and look at the new entries. I'm betting you will find additional probing, just from sitting on a cloud server. You see, it SAW those changes made, and it was curious what the heck you were doing. Of course, much of this depends on how your router logs work. By the way, even the desktop version of TweetDeck appears to have some minor cloud association with it. I've notice a few minor probes coming from them, when I make my own router changes. ... 2 or 3 tiny queries of some kind. Where as many other sites can send out requests 20 or 30 times.
And for me... I have to say... THIS is MY computer. What I do in the way of router changes is NONE of your business! If your website or cloud server is SO poorly programmed that you "can't take a chance" on what I did, then ... grow up.
As for the "security of the cloud", well... here are my thoughts. Yes, by all means, if one server goes down, the rest of them in "the cloud" can still probably serve your internet request. Some cloud servers network within the same data center, and some network amongst other data servers in other locations, which could be 100's of miles (or more) away. After all, this is the internet. :)
One would tend to suspect that if one of those servers could be hacked (and it happens) ... just think of the huge amount of data... OR monitoring ... that could be accessed or watched over.
There are a lot of people out there, that do a lot of bad things. There is a lot of spying going on. Draw your own conclusions on who may be accessing what, and ask yourselves what about the bigger picture down the road. Will there be back door commands that will eventually allow those "big brother" types to gain access to your system?
On the plus side, all is not lost. There ARE places where you can get great 'open source' firmware to restore and upgrade your router operations. WARNING! If you choose to take this route, then search and read and re-read everything you can about exactly the steps you need to take. If you fail to do this properly, you can "brick" your router. At which point you may have to toss it. Just saying...
I recommend the DD-WRT site for the firmware and TONS of information, including forums and wiki stuff... and for an example, check out this PCWORLD article for some general information.
Some time back I did a blog post here, on routers, router hacking, back door commands, and other interesting things. I was doing some emailing with a friend in Germany and I wanted to hunt that post down for him. Yet for some reason I can't find it. I know I didn't delete it. I have never deleted any of my blog posts, no matter what the topic or results have been. Yet .. .. .. it's gone. With that said, I'm going to post this information again, with a bit more detail and advice. :)
I've been around the block with computers. 35 (or so) years of building, supporting, and programming them does give me a little insight on how they operate. I myself am certainly not a "hacker" per say. And I don't profess to be a real security "expert". I know enough to know some of the simple things to watch for, and how to go about protecting against them, to the best of my simple abilities.
Back in the summer of 2012, I did a screen shot of a program I use called WallWatcher. This program monitors my router, and reports in real time, all of the incoming and outgoing connections, the protocols used, the remote and local IP addresses involved and port information for all of the packets sent, or attempted to be sent. It also reports attempted connections in both directions.
I was having a terrible time with internet stability, and quite often... just going to Google Dot Com, my system would freeze up. My router would at times, go into an infinite loop of cold starts, which made all forms of communications impossible. Other times, there would be a "hiccup", and some stuff would come back. I realize some of you are going "huh?" so let me explain.
Within the configuration pages of your router (most people have one of those now) are places where you can do things like port forwarding, and allowing certain ports to be open that normally would not be. If you are a gamer, you are probably aware of what I mean. :) When you make a change in one of these configurations and hit the "save" button for it, the router stores those changes and then sends out (whats refereed to as) a "warm start" command. This allows the changes to be applied, usually without affecting any other things you have going on. Kind of like plugging in a USB device with your computer system running. A cold start, is essentially the same thing as taking the power away from the router. No power, no communications.
Anyway, I checked my WallWatcher program, and took this screen shot of what happened back in June of 2012.
The entries in yellow, are the router reset commands being performed. If you notice that really long entry in the message area, you can see that it's going to some absurdly weird place at google. And immediately, it went into a cold start. I did nothing more than opening a web browser, and went to google. I did no search, entered nothing in the search area, pressed no buttons. .. .. and my router was attacked. I say "attacked" because doing a remote cold start is something restricted to higher end routers, and should by all definition of security, only be allowed by a top level system administrator that has been authorized to do those functions. My router is not "high end", and sure as hell Google is not authorized for anything of this nature.
I also use another program called PeerBlock. It's great "open source" software, that I use to stop annoying advertising, and other such things. Anyway, over several months, I have built up a list of many IP addresses that I have (painfully) encountered, of many MANY other sites that also send out weird code to cause my router to cold start. They ALL have that same form of really long weird name, and for the most part, those IP's belong to systems that are a part of "the cloud" network.
When clouds first started appearing on the internet many years back, hitting one of them would at times, bring up a pop-up box with legal terms about what a cloud is, what you are allowed to do, etc. One of the things mentioned in that agreement, was that cloud servers by default, are allowed to control ports in your computer, supposedly in order to enforce the rules of the server. And around the same time in technology, newer routers began appearing on the market, replacing older models.
Older routers had a feature where you could enable "remote logging", which allowed the router to report what it was doing, to an internal port on the system. This is the feature that WallWatcher and other log reporting software uses, to display "in english" what is going on. A super powerful thing to have, for those wanting to know whats happening. All of the newer routers have had that feature removed.
Oh sure, you can still get a log report, the manufacturers tell you. But you have to open your router configuration page, go to the report page, and open the report, which appears in a web browser. And it only shows a few things, with the information being 'static', not in real time. In order to get the current information, you have to refresh the webpage. Hell, if you refreshed the page even every 5 seconds, you could easily miss thousands of "hits". So all of the router manufacturers have essentially left you in the dark. On purpose.
Why? Well, with the cloud now being out, they didn't want to cause people any worry about their ports being accessed, and a real time log display could
If you think cloud servers are still cute, then open your router log webpage and note the information. Then go to a known cloud server webpage in a new browser window. Go back to your router configurations, change or make up some port setting changes, enable them (you can clear all this later) and save the changes. Go back to your router log file and look at the new entries. I'm betting you will find additional probing, just from sitting on a cloud server. You see, it SAW those changes made, and it was curious what the heck you were doing. Of course, much of this depends on how your router logs work. By the way, even the desktop version of TweetDeck appears to have some minor cloud association with it. I've notice a few minor probes coming from them, when I make my own router changes. ... 2 or 3 tiny queries of some kind. Where as many other sites can send out requests 20 or 30 times.
And for me... I have to say... THIS is MY computer. What I do in the way of router changes is NONE of your business! If your website or cloud server is SO poorly programmed that you "can't take a chance" on what I did, then ... grow up.
As for the "security of the cloud", well... here are my thoughts. Yes, by all means, if one server goes down, the rest of them in "the cloud" can still probably serve your internet request. Some cloud servers network within the same data center, and some network amongst other data servers in other locations, which could be 100's of miles (or more) away. After all, this is the internet. :)
One would tend to suspect that if one of those servers could be hacked (and it happens) ... just think of the huge amount of data... OR monitoring ... that could be accessed or watched over.
There are a lot of people out there, that do a lot of bad things. There is a lot of spying going on. Draw your own conclusions on who may be accessing what, and ask yourselves what about the bigger picture down the road. Will there be back door commands that will eventually allow those "big brother" types to gain access to your system?
On the plus side, all is not lost. There ARE places where you can get great 'open source' firmware to restore and upgrade your router operations. WARNING! If you choose to take this route, then search and read and re-read everything you can about exactly the steps you need to take. If you fail to do this properly, you can "brick" your router. At which point you may have to toss it. Just saying...
I recommend the DD-WRT site for the firmware and TONS of information, including forums and wiki stuff... and for an example, check out this PCWORLD article for some general information.
Monday, March 10, 2014
Do you program in Dot Net or Mono?
I've been kicking the programming can now for 35 some odd years, and I have done so much, in so many different languages, I've forgotten just how many...
So much of what I do, I just take for granted. Experience is a great teacher, of that there is no question. And of course, the tools for programming have come a really long way, especially when it comes to ... dare I say ... being lazy. The assortment of RAD (rapid application development) applications is just HUGE. I use many different ones of course, for each has their own purpose.
One of the tools I use from time to time, is Microsoft Visual Studio. It works pretty slick, and I can configure things the way I want them, especially when I build a DLL or some other object. And from time to time in the past, I've also done the odd "dot net" platform programming.
Dot Net has issues of course. One of the largest is that when you compile your code down to an EXE level, you can still dis-assemble the program back to the full source code. I know Visual Studio does have stuff in it, that will do some very simple protection, but to get your code completely protected, you need to purchase some rather expensive "options".
Do note, there is no "slight" against what MS includes, but you should be aware there are other options. For a lot less cost.
Many years back, I discovered the EZIRIZ site, and over the years I've followed the dedication that Denis has put into not only wanting to do things right, but to do them for a fair price. He has amassed a huge number of corporate users, including Xerox, Bosch, Corel, and even Microsoft.
If you develop in this environment, and you need a great product with awesome service, and a "more than fair" price, then I suggest you give them a try. They support Windows, multiple web languages, Silverlight, various smart devices, and more.
So much of what I do, I just take for granted. Experience is a great teacher, of that there is no question. And of course, the tools for programming have come a really long way, especially when it comes to ... dare I say ... being lazy. The assortment of RAD (rapid application development) applications is just HUGE. I use many different ones of course, for each has their own purpose.
One of the tools I use from time to time, is Microsoft Visual Studio. It works pretty slick, and I can configure things the way I want them, especially when I build a DLL or some other object. And from time to time in the past, I've also done the odd "dot net" platform programming.
Dot Net has issues of course. One of the largest is that when you compile your code down to an EXE level, you can still dis-assemble the program back to the full source code. I know Visual Studio does have stuff in it, that will do some very simple protection, but to get your code completely protected, you need to purchase some rather expensive "options".
Do note, there is no "slight" against what MS includes, but you should be aware there are other options. For a lot less cost.
Many years back, I discovered the EZIRIZ site, and over the years I've followed the dedication that Denis has put into not only wanting to do things right, but to do them for a fair price. He has amassed a huge number of corporate users, including Xerox, Bosch, Corel, and even Microsoft.
If you develop in this environment, and you need a great product with awesome service, and a "more than fair" price, then I suggest you give them a try. They support Windows, multiple web languages, Silverlight, various smart devices, and more.
Subscribe to:
Posts (Atom)