Sunday, September 20, 2009

Department of Arts and Malware

Google has a wonderful little tool called the "Safe Browsing Diagnostic", which notes the ocurrence of malware or viruses on web sites that it crawls. One such site that it reports is our own Department of Arts and Culture web site, www.dac.gov.za
According to the report, which can be viewed at http://www.google.com/safebrowsing/diagnostic?site=dac.gov.za/:
Of the 158 pages we tested on the site over the past 90 days, 32 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-09-15, and the last time suspicious content was found on this site was on 2009-08-10.
Malicious software includes 102 scripting exploit(s), 101 trojan(s), 98 exploit(s). Successful infection resulted in an average of 3 new process(es) on the target machine.
Malicious software is hosted on 6 domain(s), including game158.info/, a0v.org/, wowyesgo.info/.
2 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including a0v.org/, game158.info/.

Clearly the infection has since been removed, but the Windows Server hosting the site has not been properly configured. Here is an example of the kind of error message which would indicate a lack of best practise, shared by other web sites such as MTN, Internet Solutions and M-Web, who should all know better.
I would be interested in knowing whether the security lapse has been reported to the minister or the parliamentary committee. My guess is that it was covered up as quickly as possible, in the hopes that no one would find out, the way all government departments work.

Thursday, September 17, 2009

Mustang gets an Echo

I am trying an experiment, and I'd like your input. After all, it's a socal web (or something). I have created a web site that demonstrates how a database can be maintained on a web site. So far, very boring, unless you're a database developer.
But wait, there's more! Now I've added a comments section to the bottom of every page. You can leave comments, just like this blog, but they show up directly on the page. Please try it out and leave a comment at www.mustang.co.za. If the commenting system works well, I'll add it to some other web sites I run. The system is explained below, in case you are a webmaster somewhere. Once you sign up and pay $12 you get a simple code snippet to include on the page:
<div class="js-kit-comments" permalink=""></div><script src="http://js-kit.com/for/mustang.co.za/comments.js"></script>That's it. Let the comments begin!
Update Sunday 20 Sept: I didn't realise that the "Echo Live" service is still in a public beta, and that if I disable anonymous commenting then the wheels fall off. Apart from that it's working fine, and I'm generally quite impressed with the passion and dedication of the guys as JS-Kit..

Introducing Echo from JS-Kit on Vimeo.

Thursday, September 10, 2009

Post Office faster than Telkom ADSL?!

The 2009 Pigeon Race highlights yet another problem with Telkom's broadband disaster, also known as SAIX. In this race a pigeon flies a short distance to deliver 4GB data faster than a local-to-local ADSL line. It's sad that only the speed was tested in this "race". There is also the cost factor.
"Broadband" in South Africa is charged by the byte, whether sending or receiving. And there are usage caps. Most users in SA only get 3GB per month unless they pay an extra R100 per GB. So the cost of sending 4GB of data is R800.
My maths is correct, because the sender gets charged R400 for uploading 4GB, and the receiver gets charged another R400 to download the data. There is no discount for the fact that the traffic is local.
That's assuming the file is transferred directly between the two connections, and that the user has the technical know-how to set up dynamic DNS or a VPN such as LogmeIn Hamachi. If the user is less technically literate, the cost doubles again. If the file is stored locally on a FTP server or web site, then the site owner has to pay for 8GB of traffic as well as the hosting cost. Another R800.
Of course we haven't factored in the problem of regular disconnections and other reliability issues. ADSL connections are regularly disconnected and then reconnected because Telkom has decided to do it this way. The disconnect is at least once every 24 hours, even if the IP number does not change. Sometimes it's as often as every 6 hours. Sometimes the "service" stops altogether. So whatever transfer protocol you use, you'd better make sure it can handle disconnections and can resume the upload/download where it left off, because otherwise you'll never get the data to transfer.
I called Speed Services Couriers, that bastion of reliability and service who went on strike for a week, (followed by an illegal strike for a second week) and asked them the cost of door-to-door delivery of a CD. R151.94, excluding packaging. The parcel must be ready fefore 3pm and should be delivered the following day before 10.30am (19hrs 30mins). The cost was Joburg to Durban. Add in the cost of the DVD-R and padded envelope, and we can do it for less than R200 in under 24 hours.
Assuming a direct local-to-local connection, my upload rate on a good day is 128kbps. Assuming no packet loss and no error correction, I have to transfer 34,359,738,368 bits, and at 128kbps that's 262,144 seconds, or 4,369 minutes, i.e. 73 hours, i.e. 3 days. If I use an intermediate server then add another day for the download. (I just spent 3h31 mins downloading a 387MB audio book. Do the maths)
Of course a "business" would never rely on a 384kbps download/128kbps upload link. One of my customers has 3 ADSL lines, each the 4MB option, but the bottleneck is still the upload speed. 4MB is the download speed. The best upload speed is nominally 512kbps on a "4MB" connection, 256kbps on a "512" connection. In the "4MB" case the upload time will drop from 73 hours to 18 hours 15 minutes, assuming no disconnects or interruptions. So if Speed Services Couriers delivers before 9.15 am, they beat Telkom's ADSL, at half the price, excluding the cost of the ADSL line rentals, which are added to the cost of the data. In my case they beat Telkom ADSL by 2 days! In fact, I think snail mail might be faster.
The cost of the data is the same, irrespective of whether the data is sent locally or internationally. My www.mustang.co.za web site is much cheaper to host with WebHost4Life in the USA, because I get unlimited bandwidth and 100GB storage for $10 per month, which is the cost of up/downloading 1GB of data locally. If Telkom reduced the cost of local bandwidth, I wouldn't be tempted to upload the data to the USA, thereby clogging their precious satellite/undersea cable links in both directions. Right now I'm already using a non-local proxy server because the local one is faulty and unreliable. They even want to proxy my HTTPS traffic, which is really stupid. And of course they deny that the pigeon is faster. DUH! That's Telkom for you!
Update: I have just completed uploading a data file to my web site. Transfer time: 03:57:20 with 2 interruptions and restarts. File size: 155,630k. At that rate the upload time would be 108 hrs for 4GB.

Tuesday, September 08, 2009

Blade Nzimande's Wheels


BMW now has a new meaning: Blade Nzimande's Wheels. Our illustrious and dearly beloved leader of the Communist Party has grudgingly (not!) bought a 2009 BMW 750i as his "official" car, for a trifling R1,110,750. The list of ministers with new cars has outpaced the rate at which people are losing their jobs.
I guess the ANC's slogan missed out a few words, and should really read "A Better Life For All Cabinet Ministers" since they clearly have no regard for the needs of the toiling masses.
Personally, I could never understand why anyone would want to buy a vehicle that cost more than the price of a house. It's criminal to flaunt such extravagance when people are starving. And think about this: not even a millionaire could afford this car, unless of course he had an extra 11% and was willing to blow the entire fortune on a single purchase.

Warning: The NSA and 4 million other sick weirdos with "security clearance" have intercepted this page and know that you are reading it.