Category: InfoTech

Anything relating to information and communications technology – including programming, networking, gadgets.

Never share your personal details with companies that call you.

dunxdLeave a comment

Phishing for personal details is a common approach taken by scammers to gain access to victims bank accounts and other online services. They may call up random phone numbers claim to be from a large company or service provider. If you happen to be a customer, they can then proceed to “check details for security” and gain postcodes, dates of birth and possibly bank account details, credit card details, even passwords.

One reason this is often a successful approach is that it is exactly what some banks, mobile phone companies and ISPs do. They will call you about something to do with your account, and go through the security procedure to confirm they have called the right number or whoever answered the phone is indeed the person they need to speak to.

This seems quite legitimate, but how can you tell it isn’t just a very convincing con artist who called you? They don’t give you an opportunity to confirm their identity.

As well as this imbalanced approach to security, legitimate companies who perpetuate this practice are making the job of scammers easier by normalizing handing out of personal information to anyone who calls and sounds convincing.

Companies who value security really need to think harder and change how they validate who they have called.

Until they figure out creative ways to do a better job, my advice is to challenge any caller who seeks your personal details about this, and refuse to share them. Instead you can call them back on a publicly available contact number, and go thorough the process.

This might seem over the top, but note that victims of scammers who handed over their personal details are always held responsible and rarely refunded by their banks, service providers. It’s their fault for doing what the same companies systematically all thousands of customers to do every day.

Advertisement

Google Keyboard accents and other special characters

dunxd8 Comments

I’m starting a new job. My new boss is from an East European country, and has accented characters in her name (ž to be exact). I would like to be able to use the correct diacritics when writing her name. Easy on my Mac (long key press to show all diacritics for a letter), but less so on my Android phone.

While the android language setting is set to English (UK) this character isn’t available via a long press (as it would be for è, â and ç). To make it available, I need to add a language that includes it (Croatian for example).

Here’s how:

  • Settings > Language and input
  • Virtual keyboard
  • Gboard
  • Languages
  • Turn off use system locale to allow selection of multiple languages
  • Enable your home language and the additional language that has the characters you need.

Now the accented options are available on a long press of the parent letter.

I also noticed that the gboard suggestions now includes the accented characters when before it didn’t.

Fixed.

Bitcoin Experiment

dunxdLeave a comment

After reading an excellent article about Bitcoin in the London Review of Books, I have become interested in cryptocurrencies.  In order to learn more I decided I needed to get some practical experience, so I bought some Bitcoin.  Here are my experiences and observations, which I hope will save you some time and energy if you are looking to buy a small amount of Bitcoin from the UK.

TL;DR

If you want to get your feet wet with Bitcoin from the UK, use Circle to buy up to £200 a week worth of Bitcoin.

Registration woes

Buying Bitcoin proved to be quite complicated, partially due to banking requirements known as AML/KYC (Anti Money Laundering/Know Your Customer) which means setting up an account with a bitcoin exchange can be quite arduous.  They all require proving your identity, and different exchanges take this to different levels. This can mean you will have to wait up to a week before you can buy any bitcoin.  Even more frustrating is other costs and delays aren’t always apparent until after you have completed the registration process.  You can waste an awful lot of time going through a registration process only to find the exchange isn’t worth using in your circumstances.

Transfer fee woes

When buying a small amount of Bitcoin, you don’t want to lose much in fees when you buy them.  This can occur in a couple of places.  The exchanges may charge transaction fees – usually a small percentage of the transaction value.  In many cases this may not be a problem, since those Exchanges may offer a better exchange rate – depending on your volume this difference may more than make up for a fee.  Do your maths!

A bigger obstacle is that a number of exchanges no longer operate UK based bank accounts and don’t accept debit cards in GBP.  This means using international bank transfers.  Even within Europe this is going to mean your bank charges you for SWIFT or SEPA transfers – Nationwide charge £20 for this.  So buying £100 of Bitcoin this way is going to cost you £120.

If you are buying a small amount of bitcoin avoid exhanges that don’t accept credit cards.

Bitcoin exchange rates

The website bittybot.co gives relatively up to date rates for most exchanges and marketplaces, as well as other information including which places accept UK bank transfers or credit cards.

Summary

The following table summarises my experience with different exchanges.

Exchange Registration difficulty Transfer fees Transaction fees
Kraken Straightforward – upload scan of ID and proof of address  SEPA or SWIFT transfer only  Yes
ANX Lengthy.  Registration isn’t too bad, but they send a code by mail to confirm address which means up to a week before you can buy. SEPA or SWIFT transfer only, and conversion to CAD or HKD  Yes
Uphold  Relatively straightforward – accept upload of scans or photos of ID documents. SEPA or SWIFT transfer, or credit/debit card with 2.75% fee
Solidi Currently in Beta, so you have to get accepted into the Beta before you can register.  On acceptance simple upload of scanned ID and address docs gets you verified.  No fee  No fee
Circle Very simple upload of scans/photos of ID docs gets you verified in a single session.  UK credit/debit card accepted with no fee  No fee
Coinbase Horrible – they use a video system based in Germany where you video chat with someone who may not speak English who tries to take a clear photo of your passport via a webcam – this failed every time for me, till I gave up.  Their Android app can be used to take a photo of your drivers license, which is better, but you need to disable any screen dimming apps like Twilight for the app to work. However, after going through this it turned out they don’t allow bitcoin purchase from the UK – frustrating!  3% fee for credit or debit card, but unclear if you can use UK debit or credit cards.  Their app says you can’t.

I ended up using Circle for buying my bitcoin.  The registration process was simple and quick, they accept account top-up via UK debit card with no fees from them or my bank up to a limit of £200 per week.

I’m sure there are reasons to use any of the other exchanges listed above – but for experimenting with small amounts of Bitcoin Circle is the one I would recommend.  At some point I may do the maths and figure out what is the most cost effective way to buy Bitcoin for different spending levels.

Ditching Static IP for DHCP assigned addresses

dunxdLeave a comment

We took the decisions to make all devices in our country offices other than the internet gateway automatically get their IP settings via DHCP, including servers, printers and wireless access points.  This goes against the grain for a lot of people, where static IP addresses are the rule for anything other than client PCs, but I think we managed to get a few benefits from doing this, which I shall outline in this post.

What was the main driver for going for this change?  Deploying printers – we’d often find that local contractors would just assign a local IP address to new printers that they connected to the network, sometimes conflicting with other devices on our network, and often failing to leave any record of the address they had used, meaning we could deploy equipment with addresses that conflicted.  Those basic problems created more work than we wanted to be spending troubleshooting such things, so I wanted to find a way to bring it under control.

The key – a feature rich DHCP server

What really enabled this for us was updating our core network infrastructure in all offices with Meraki Security appliances. These had more DHCP features than the previous Cisco ASA 5505.  The main thing that was missing from DHCP on the ASA 5505 was being able to assign fixed IP addresses by MAC address.

This has made it easy to take control of IP address assignment in our remote offices.

Designing the subnet

Some people don’t really care about which IP addresses are used for what, but since we occasionally want to share printers with other organisations, but don’t want their devices accessing everything on our subnet (or VPN) having a well thought out subnet helps write access rules.  If you put all your printers in a part of your subnet that can be defined by CIDR notation, then you can write a routing rule that allows access to and from this portion of your subnet very easily.

All our country office subnets are /24.  We subdivide those into a bunch of smaller /27 groups that can be addresses using CIDR. These aren’t strictly speaking subnets – you can use the first and last address – but they can be used in routing tables the same way.

  • 10.0.0.0/27 – Unused (a buffer for future use) – addresses 10.0.0.1 – 10.0.0.31 (the first address in this case isn’t usable since it is the start of the 10.0.0.0/24 subnet)
  • 10.0.0.160/27 – Servers – addresses 10.0.0.160 – 10.0.0.191
  • 10.0.0.192/27 – Printers – addresses 10.0.0.192 – 223
  • 10.0.0.224/27 – Network devices – addresses 10.0.0.224 – 10.0.0.254 (the last address can’t be used as it is the broadcast address for the 10.0.0.0/24 subnet.

So by assigning printers with addresses between 10.0.0.192 and 223 it is possible to write an access rule allowing traffic only to and from printers to devices in a connected subnet using 10.0.0.192/27.

Enforcing the subnet organisations

By creating reserved ranges in the DHCP page, it is possible to both record the organistation of your subnet, and ensure that the DHCP server doesn’t allocate any PC clients an address in the ranges you’ve specified:

Meraki DHCP Reserved Range

Anything addresses haven’t specified (10.0.0.32 – 10.0.0.159 here) is available for allocation to any client added to the network.

Collecting the MAC addresses

Some devices have the MAC address printed on a label on the device, which makes it easy to pre-assign the address.  That isn’t always the case.  However, if you can identify a newly connected device in the Meraki dashboard client list, you can get its MAC address – or even faster, assign it an address from the client page:

Meraki Address Assignment

Super easy.

Config is the documentation

Now if we want to find out what address was assigned, we can just look in the DHCP config page to get a list of Fixed IP assignments:

Meraki DHCP Fixed Assignments

That is always up to date, compared to the spreadsheets we maintained before (or didn’t – they were often out of date).

Assigning and Changing IP addresses

Most devices are shipped configured to get their IP settings via DHCP, so it is easy to deploy new devices in remote locations – local staff don’t need to do much more than plug the device into the network.

If we want to change an IP address (or assign the same IP address to replacement hardware) we can just connect the device to the network, change the DHCP settings, then power cycle the device to pick up the settings.  That is very easy to communicate to local staff than walking them through configuring IP settings on a printer.

Everything is configured to use DHCP (apart from the DHCP server itself of course) and life is a little bit simpler.

Bonus tip – Option 15

If you need to enable “naked” internal hostname resolution for clients, don’t forget to set DHCP option 15 to add your domain suffix – e.g. example.local.  If you have multiple internal domains that need to be resolved you can also use option 119 to list a comma delimited list for clients to search through.

Christian Aid Meraki Roll Out Complete

dunxdLeave a comment

Managua Meraki Today our Regional ICT Service Manager for Latin America and Caribbean, Jose Carlos Valdivia completed the roll out of Christian Aid’s Meraki managed network to our country offices outside of Europe, by installing the final pieces of equipment in our office in Managua, Nicaragua.

Finally we are able to manage our networks in all overseas offices without as much need to travel, and effectively manage our bandwidth use across all offices.

My colleagues in the UK are also approaching their roll out to UK offices, with only a small number to go.

This means that Christian Aid will have a consistent network implementation across all its offices, including VPN, WiFi and traffic management.

We aren’t going to rest there however.  We have plans to implement 802.11x secured WiFi access to Christian Aid owned devices across all offices – we are hoping to achieve this with cloud based RADIUS servers.  We will also probably have to start looking at implementing different devices in some offices that have grown in size both in headcount and area covered, since the roll out began – replacing MX60W (which has limitations) with MX64 and MR access points.  I’ll write more on that in a future post.  We’ve other plans too, which I’ll share as we develop them.

I’ll leave you with our Overview map – something I am increasingly proud of!

Christian Aid International Meraki Network Oct 2015