The Pi who loved me: Licensed to SSL

Wherein Verity is troubled by a curious spam


Stob "Hi, I am James Bond (Business Development Manager). We specialize in re-designing and re-developing websites if you are considering any of the following projects. Please let us know in case you are interested." – Spam email received by the author

Bond stepped out of the lift on the ninth floor and strode rapidly down the corridor, frowning as he went. He snatched open the green baize door to the suite of rooms that housed M. and his entourage, and almost collided with the Chief of Staff, who was going the other way.

"Sorry, Bill," said Bond. "In a world of my own. Any idea what the old man wants?"

The Chief of Staff rolled his eyes. "You'll have to ask him yourself. I've got my work cut out finding security-cleared cover for Moneypenny. See you down the firing range later on?"

Bond grunted assent, and was about to back it up with some suitable small talk when a gruff voice called out: "Get in here, 007, and shut the door. We haven't got all day."

Bond walked through into the inner office. M. sat behind his large red leather-topped desk, fiddling with his pipe and surrounded by a thickish fug.

M.'s room is one of only five government offices where smoking is still permitted. The Secret Service achieved this privilege by, in a shrewd reversal of usual expectations, designating that area of the building to be considered for legal purposes a virtual annex to the British embassy in Madagascar. A serendipitous side effect was that M. was excused from participation in fire practice.

"Sit down, 007, and wait while I put this into the thingumajig. Aitch, tee, tee, pee, ess, colon, oblique – where's oblique, dammit? Oblique again..." Bond squirmed with embarrassment-by-proxy as his boss typed one-fingeredly into his laptop with all the felicity and assuredness of a Great Yarmouth great-grandmother taking her first faltering steps as a silver surfer. Surely, thought Bond, M. had people to do this for him?

"By the way, sir, where is Moneypenny?"

M.'s lips pursed. "Been given a spot of sick leave."

He cleared his throat and said: "Be sure to put me down for 10 guineas towards the Get Well present, sir."

M. puffed furiously at his pipe several times, producing a great cloud of smoke that concealed his expression. "Yes, yes. Never mind about that now. Tell me what you make of this site." M. pushed the computer across the desk.

Bond clicked around for a few seconds. "Pretty old-fashioned for the most part, and such a ramshackle mess. Part static, part JSP, part Vue.js with Bootstrap. And to top it all off, the damn thing is ugly."

"We believe that this site is a front for a new international organisation: S.P.L.O.S.H."

"S.P.L.O.S.H. sir?"

"Sinister People Like Obnoxious Spying in Homes. We think they have outrageous plans to put electronic recording bugs into every household in the world."

"But... but... but..." Bond thought.

Instead he said: "So where do I fit in, sir?"

"Excellent question, 007. As you said, they seem to need help with their website."

* * *

The Q Branch is housed in the basement of the Secret Service building. Air-conditioned to eyeball-rasping levels and white and gleaming in the strip lighting, its large tables are strewn with a fantastic array of electronic equipment. There are almost more Raspberry Pis on display than in the average middle-aged programmer's attic.

Laid out in the reception area, where Bond was standing, were half-a-dozen mixed Windows 10 laptops and desktops. Bond watched Major Boothroyd, the department's head, wander from one machine to the next, starting up copies of Excel, Word and Skype Business on each.

Impatiently, Bond said: "So what have you got for me, Boothroyd?"

Boothroyd held up a small device, which looked suspiciously like an Arduino project box with a button mounted on its side. He pressed it. Instantly, all six Windows machines abandoned their half-edited spreadsheets and in-progress video calls, and switched to identical fullscreen displays, with the universally dreaded caption:

Configuring Windows Updates
0% Complete.
Do not turn off your computer.

Despite himself, Bond was impressed. "That's quite brilliant, Boothroyd. I can imagine causing real havoc in S.P.L.O.S.H. headquarters with this gadget. What's its range?"

At that moment, they were interrupted by the approach of one of Boothroyd's young assistants.

"Excuse me, major," he said, "but I thought you'd want to know I've finished the repair. Should be all systems go. If you want to show Commander Bond the demo, I can go and turn on the Windows Update Initiation Ray now..."

He tailed off. Boothroyd seemed to be having difficulty meeting Bond's eye.

* * *

On his bedside table in his Chelsea flat, Bond's phone emitted a subdued "ping" into the quiet of the night and lit up. Instantly awake, he reached over and grabbed it off the wireless induction charger and stared, blurrily. It was M. What the hell did the old man want at this time of the morning?

He swung out of bed and, moving softly so as not to disturb the still-sleeping girl, padded into the bathroom and closed the door. He splashed his face with water and took a swig of mouthwash before sitting down on the toilet to read.

M PERSONAL FOR 007 STOP CANNED MEAT EMAIL STRATEGY SUCCESSFUL STOP INTERVIEW FIXED TEN THIRTY FRIDAY SPLOSH OFFICES SHOREDITCH BRACKET SILICON ROUNDABOUT CLOSE BRACKET STOP GET THERE PROMPTLY SHRIEKSTOP ENDIT MAILEDFIST

Bond spat a mouthful of Listerine Original and a four-letter expletive into the sink. "Mailedfist" indeed. It really was time his chief broke the habits ingrained by years of using Secret Service cipher machines and learned how to use WhatsApp.

* * *

Two days later, Bond was once again on the supplicant side of a desk, interviewing for a Sass-rattling position at the Silicon Roundabout offices of S.P.L.O.S.H.

The pretty young woman sitting opposite had been introduced to Bond as "Dr. Busty McChutzpah, the scourge and fantasy of her DevOps team". Her tight-fitting shirt, in Bond's opinion, over-fulfilled the promise of her moniker. However, on her whiteboard a single, stark message was written in 1024pt lipstick – Manhattan Rose by Tom Ford. It said, simply, #MeToo.

Bond was receiving mixed signals. He decided to play things carefully.

McChutzpah perused Bond's CV. "So you've got a bit of PHP, a bit of HTML, a bit of JQuery, and you once wrote FizzBuzz in Python. Do you know anything about Git?"

Bond had spent six weeks being personally trained by Minjung Hyeung, the world-famous Korean Git-Meisterin. Part of her teaching regime required pupils to run naked through the snow while calling out the digits of an SHA-1 hash they had calculated in their heads from the briefly glimpsed text of an entry in the Obfuscated C competition. However, admitting this experience was incompatible with Bond's cover story.

"Git? That's a bit like a magic file system that lets you go backwards in time, isn't it?" He gave a weedy, Jeremy Hunt-style smile.

Busty sighed. "All right. Frankly you sound a bit wet behind the ears, but we'll give you a two-week tryout. Come on. I'll show you around." She got up and walked out of her office, Bond trailing in her wake.

"This is the router room" – she rhymed it with "grouter", like an American – "and this is the leezure area. They serve free shakes all day and... What's the matter? Are you lactose intolerant or something?"

Bond uncurled his lip. "It's not that. I just don't like the way that it's made."

Busty said, crossly: "Sheesh! So go tell the guy how you like it. And get me a strawberry-and-banana while you're about it. I just need to powder my nose a moment."

Bond walked past the table football, the darts board and the inevitable Space Invaders pinball machines up to the counter. "Two strawberry-and-banana flavour, please. Oh, and milk barista?"

The youth reluctantly raised his slovenly gaze from his phone to Bond's face. "Yeah?"

"I'd like my drink stirred, not shaken," said James Bond. ®

Verity Stob is the pseudonym of a software developer based in London. Since 1988, she has written her "Verity Stob" column for .EXE magazine, Dr. Dobb's Journal and, since 2002, The Register.

Similar topics


Other stories you might like

  • These six proposed bipartisan antitrust laws put Big Tech in the cross-hairs – and a House committee just OK'd them

    Well, it's a start

    The US House Judiciary Committee this week approved half a dozen major bipartisan antitrust bills aimed at clamping down on the growing power of Big Tech and its monopolization of some markets.

    The panel, led by Jerry Nadler (D-NY), debated for nearly 30 hours on Wednesday and Thursday to advance the wide-sweeping six-bill package. The proposed laws includes all sorts of measures to prevent companies like Google, Apple, Amazon, Microsoft, Facebook, and others from dominating their sectors of the technology industry.

    There was likely plenty of lobbying and other wrangling going on in back and foreground over the exact wording of the package. For instance, there was a concern by some lawmakers that Microsoft would end up avoiding certain provisions in the proposed acts that would otherwise hit Google and Apple. There was some debate over that, and tweaks were made – such as removing "mobile" from "mobile operating system" in the fine-print – to ensure Redmond couldn't wriggle out.

    Continue reading
  • You won't want that Linux bling if it comes from Pling: Marketplace platform has critical vulnerabilities

    No one wants to be pwned by a drive-by RCE

    A Berlin startup has disclosed a remote-code-execution (RCE) vulnerability and a wormable cross-site-scripting (XSS) flaw in Pling, which is used by various Linux desktop theme marketplaces.

    Positive Security, which found the holes and is not to be confused with Russia’s Positive Technologies, said the bugs are still present in the Pling code and its maintainers have not responded to vulnerability reports.

    Pling presents itself as a marketplace for creative folk to upload Linux desktop themes and graphics, among other things, in the hope of making a few quid from supporters. It comes in two parts: code needed to run your own bling bazaar, and an Electron-based app users can install to manage their themes from a Pling souk. The web code has the XSS in it, and the client has the XSS and an RCE. Pling powers a bunch of sites, from pling.com and store.kde.org to gnome-look.org and xfce-look.org.

    Continue reading
  • Would-be password-killer FIDO Alliance aims to boost uptake with new UX guidelines

    Throws a bone to complex enterprise deployment, too

    The FIDO Alliance, which operates with no smaller mission than to "reduce the world's over-reliance on passwords", has announced the release of new user experience (UX) guidelines aimed at bringing the more technophobic on board.

    Launched back in 2013 as the Fast Identity Online Alliance, the FIDO Alliance aims to do away with passwords altogether through the introduction of standards-compliant "authenticators" including USB security dongles, fingerprint readers, Trusted Platform Modules (TPMs) and more.

    While the organisation's standards, which were updated with the launch of FIDO2 in 2018, have enjoyed adoption in the majority of web browsers and with a range of companies, they're still seen as unusual and even inconvenient compared to the good ol' username and password combo – which is where the new UX guidelines come in.

    Continue reading
  • UK's Vodafone network runs trials on standalone 5G in London, Manchester and Cardiff

    These are networks that are not dragged down by LTE core

    Vodafone has launched 5G SA (Standalone) trials in London, Manchester, and Cardiff in its largest test of the technology yet.

    The commercial launch has allowed the carrier to experiment with new ways to commercialise its network, including network slicing – where a portion of network is dedicated to a specific customer for their exclusive use. It will also allow customers to test 5G SA devices on a live, public network.

    Vodafone selected Ericsson's dual-mode 5G core network as the dedicated provider for this trial. It follows trials at Coventry University in 2020, and a separate trial in Spain.

    Continue reading
  • What you need to know about Microsoft Windows 11: It will run Android apps

    The operating system they said shouldn't exist

    Microsoft on Thursday announced Windows 11, or tried to as an uncooperative video stream left many viewers of the virtual event flummoxed by intermittent transmission gaps in the opening minutes.

    The technical issues proved bad enough that Matt Velloso, Technical Advisor to the CEO at Microsoft, suggested trying the YouTube video stream as an alternative to the Microsoft-hosted one.

    But with some of the features already known as a result of a leaked build last week, the impact of the intermittent video dropouts was less than it might have been.

    Continue reading
  • Russia spoofed AIS data to fake British warship's course days before Crimea guns showdown

    Great powers clash while the rest of us sigh and tut at data feed meddling

    Russia was back up to its age-old spoofing of GPS tracks earlier this week before a showdown between British destroyer HMS Defender and coastguard ships near occupied Crimea in the Black Sea.

    Yesterday Defender briefly sailed through Ukrainian waters, triggering the Russian Navy and coastguard into sending patrol boats and anti-shipping aircraft to buzz the British warship in a fruitless effort to divert her away from occupied Crimea's waters.

    Russia invaded Ukraine in 2014 and has occupied parts of the region, mostly in the Crimean peninsula, ever since. The UK and other NATO allies do not recognise Ukraine as enemy-held territory so Defender was sailing through an ally's waters – and doing so through a published traffic separation scheme (similar to the TSS in the English Channel), as Defence Secretary Ben Wallace confirmed this afternoon.*

    Continue reading
  • Lego bricks, upcycled iPhone lenses used in new low-cost, high-res microscope

    Full instructions given away for free, to 'nurture natural curiosity'

    A trio of boffins at the Georg August University Göttingen and Münster University have put together a low-cost yet high-resolution microscope for educational users – using smartphone parts and Lego bricks.

    "An understanding of science is crucial for decision-making and brings many benefits in everyday life, such as problem-solving and creativity," said Timo Betz, professor at the University of Göttingen and co-author of the paper detailing the project. “Yet we find that many people, even politicians, feel excluded or do not have the opportunities to engage in scientific or critical thinking.

    "We wanted to find a way to nurture natural curiosity, help people grasp fundamental principles and see the potential of science."

    Continue reading
  • Romance in 2021: Using creepware to keep tabs on your partner or ex. Aww

    With this app, I thee stalk

    Online stalking appears to be as much a part of modern relationships as lovingly sharing a single spoon and dessert in a dimly lit restaurant or arguing over who should put out the bins.

    That's just one of the conclusions from antivirus merchant Norton's latest look at online trends which found that nearly one in 10 people in the US admit to using stalkerware or creepware to keep tabs on a partner.

    What's more, the threat of cyber snooping works both ways, with those involved in relationships increasingly resigned to the fact that their significant other might be stalking them – either now or in the future.

    Continue reading
  • Report picks holes in the Linux kernel release signing process

    Security procedures need documenting, improving, and mandating - though they're better than they used to be

    A report looking into the security of the Linux kernel's release signing process has highlighted a range of areas for improvement, from failing to mandate the use of hardware security keys for authentication to use of static keys for SSH access.

    The Linux kernel is at the heart of a wealth of modern technology, from embedded gadgets and network equipment all the way up to supercomputers. Its broad deployment makes it a tempting target for ne'er-do-wells, as was made all-too-obvious in 2011 when attackers gained root access to key servers used in its development and distribution.

    In response to that breach, traced back to a Trojan installed on a developer's personal machine which gave the attackers complete control over the affected servers for the 17 days before it was detected, a new release signing process was introduced. The idea: to minimise the trust placed in any given part of the Linux development infrastructure.

    Continue reading
  • British minister claims technology makes maritime cannibalism obsolete

    Even in a shipboard COVID lockdown, chowing down on ailing cabin boys is apparently no longer a thing

    A British government minister has claimed that cannibalism on the high seas should now be a thing of the past, as modern navigation and safety technology have made it very unlikely sailors will find themselves in circumstances where they might want to eat each other.

    This hopeful statement came during a debate in the House of Lords on human rights at sea when Baron Mackenzie of Framwellgate stood to ask a question of Charlotte, Baroness Vere of Norbiton, the Conservative government's Parliamentary Under-Secretary of State for Transport.

    The debate had begun with Baroness Vere answering questions about the government's policy regarding the many merchant sailors worldwide who found themselves stuck on vessels thousands of miles from home, sometimes without pay or current contracts, due to the effects of the COVID pandemic.

    Continue reading
  • In our digital future, IT is really all about experience

    Time to focus on people, not just SLAs

    Sponsored Experience is everything when it comes to delivering IT-enabled products and services. But it’s no longer about how many deadlines your team smashed, how often you’d exceeded service-level agreements (SLAs), or how many lines of code you’ve spat out.

    Rather it’s about how the services and products you deliver impact the rest of the organisation’s ability to do their jobs, increase productivity, deliver customer satisfaction and co-create value.

    “Experience” may be seen as subjective, even ephemeral, compared to the traditional IT metrics, deadlines and SLAs. But if you want proof of its importance, consider how ITIL® 4, the latest revision of the best practice framework for service management from AXELOS, focuses on improving user experience of digital services and how this enhances productivity right across the organisation.

    Continue reading

Biting the hand that feeds IT © 1998–2021