Airline Gripe Sheet

I was just randomly looking through my personal webspace on this server, and found something that’s obviously been sat there a while – an airline gripe sheet :D . It’s a damn good laugh though :D

I tried a quick search to see where I’d got it from, but I’ve discovered it’s done a fair amount of circulation on the internet.

Here it is, in full:

After every flight, airplane pilots fill out a form, called a “gripe sheet,” which tells mechanics about problems with the aircraft. The mechanics
correct the problems, document their repairs on the form, and then pilots review the gripe sheets before the next flight.

Never let it be said that ground crews lack a sense of humour. These are claimed to be actual maintenance complaints submitted by pilots and the
solutions recorded by maintenance engineers.

(P = The problem logged by the pilot.)
(S = The solution and action taken by mechanics.)

P: Left inside main tire almost needs replacement.
S: Almost replaced left inside main tire.

P: Test flight OK, except auto-land very rough.
S: Auto-land not installed on this aircraft.

P: Something loose in cockpit.
S: Something tightened in cockpit.

P: Dead bugs on windshield.
S: Live bugs on back-order.

P: Autopilot in altitude-hold mode produces a 200 feet per minute descent.
S: Cannot reproduce problem on ground.

P: Evidence of leak on right main landing gear.
S: Evidence removed.

P: DME volume unbelievably loud.
S: DME volume set to more believable level.

P: Friction locks cause throttle levers to stick.
S: That’s what they’re for.

P: IFF inoperative.
S: IFF always inoperative in OFF mode.

P: Suspected crack in windshield.
S: Suspect you’re right.

P: Number 3 engine missing.
S: Engine found on right wing after brief search.

P: Aircraft handles funny.
S: Aircraft warned to straighten up, fly right, and be serious.

P: Target radar hums.
S: Reprogrammed target radar with lyrics.

P: Mouse in cockpit.
S: Cat installed.

The worst possible way to guard against SQL injections

I shouldn’t need to stress the importance of sanitising user input on web forms. I also shouldn’t need to stress this importance of government websites being secure.

I also shouldn’t need to stress the insecurity of client-side code.

However, it seems Cadw (“the historic environment service of the Welsh Assembly Government”) seems to be stuck a bit too far in the past before people started exploiting websites for fun or profit, as I recently discovered from this tweet:

Now, don’t get me wrong – JavaScript is a really useful way to make websites look better and provide cool interactive experiences.

However, all too often I see JavaScript being used in one or both of the worst possible uses for it:

  1. Security
  2. Adding functionality

Both of these points obviously need exploring further.

Adding functionality

JavaScript is commonly used to add functionality to websites without problems. For example, JavaScript is used to provide most editing toolbars on web-based editors like Google Mail, Wikipedia, and WordPress. This functionality is “extra”, not critical to the operation of the site – you can survive and use the site properly even on a non-JavaScript capable browser (these days, it’s mainly screen readers which fall into this category).

However, when you start adding functionality which doesn’t have a non-JS fallback, such as Facebook (just try using it with JavaScript disabled in your browser), the site becomes completely unusable to some people – a huge discrimination against those who are not as able as others to browse the web (for example, those with screen readers). Therefore, using JavaScript to add critical functionality is a very bad idea if you want your site to be open to all and actually usable.

Security

More importantly, JavaScript code is downloaded to the client computer, and executed there.

The client has the option to execute it or not, or even to modify the code first then execute it (with a little know-how).

This means any security checks you put into the page with JavaScript CANNOT be relied upon to actually work.

As the source code of the above site is sanitising user input with JavaScript in a rather poor way, there are several potential ways around this. Let’s take a look at their web site’s source code:

Several things immediately spring to mind:

  1. SQL keywords and syntax in a “bad list”:
    "select", "drop", ";", "--",
     "insert", "delete", "update", "char(", "`", "varchar"
  2. Weird stuff, possibly passwords or other language constructs?
    "/", ":", "?", "|", "declare", "convert", "@@",
     "2D2D", "4040", "00400040", "[", "]"
  3. “xp_” – perhaps a computer name prefix for systems running Windows XP?

Addressing the points in reverse order, a quick bit of poking (just a standard HTTP HEAD request!) the web server reveals:

Trying 62.254.243.215...
Connected to www.cadw.wales.gov.uk.
Escape character is '^]'.
HEAD / HTTP/1.1
Host: www.cadw.wales.gov.uk

HTTP/1.1 200 OK
Date: Wed, 30 Mar 2011 04:29:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 20796
Content-Type: text/html; Charset=ISO8859-1
Set-Cookie: ASPSESSIONID......GDEM; path=/
Cache-control: private

(I’ve removed the actual cookie set :P)

Ooh look! We’re running IIS 6.0 as the web server. This gives is two likely suspects for the operating system of the server: Windows Server 2003 (aka WinXP server edition), or Windows XP Professional x64 Edition. Basically, XP.

With only talking to their web server, I’ve now got a likely prefix on machine names – chances are the names are just numbered after that, and given their network is running Windows servers, it’s likely to be on a Windows domain. That simple knowledge gives me the hostname of a large number of workstations: xp_1.cadw.wales.gov.uk (or maybe xp_01.cadw.wales.gov.uk or xp_001.cadw.wales.gov.uk, or perhaps even xp_01.wales.gov.uk etc). It would be trivial to find out which of these naming schemes existed – probably by just pinging their DNS server.


At this point, this information is getting scary. I’d like to remind my readers that everything I have done so far, I have documented here. I have done nothing else. I’d also like to remind folks that this is a government computer system, and any vulnerabilities I find I am not going to touch, as I don’t have permission to do so. Information I have found so far is either public information that they may or may not have inadvertently published (such as POTENTIAL machine names), or information that would be retrieved by software such as web browsers every time you loaded the site. Getting that information manually by simulating a (poor and slow) browser just happens to be easier than messing around inside my browser (chrome) config at the moment (for firefox users, the extension Firebug will nicely show this information for you). If you choose to use the information I have published here, then you do so at your own risk. My aim in this is to point out bad security practice in the hope that others will heed the warnings and not make the same mistakes.

The weird stuff which makes up my second point could be anything, a bit of googling might tell you why they’re dangerous, or explicitly prevented.

Lastly, the first point. Let’s take a look at the main items from the SQL-specific part of their “naughty words”:

"select", "drop", ";", "--", "insert", "delete", "update", "`"

(I’m going to quickly point out they convert the words to lowercase to check them against the list.)

So, we can’t retrieve or modify the data. We can’t delete data from the table, but truncate table isn’t restricted. We can’t use comments. We CAN use quotes, but not the table-style backtick quotes. We can’t drop tables or columns, but we could add new tables and columns if we wanted.

The fact that only the backtick (`) is in the list could be an indication of a style of quoting, which we could make use of.

Of course, this is all before we make the obvious suggestion: “IT’S JAVASCRIPT! Turn it off!”.

Oops, did we just turn off all protection against SQL injection attacks on your database for ourselves, with a simple checkbox in the browser settings? How inconvenient of me!

Usability for tech noobs

One last point just to round off the whole thing, one on usability.

Let’s say I want to search their site (using their tiny search box) for “how do I select a place to visit?”, my search query gets cut off at “…vis”. Assuming the user is smart enough to realise the computer doesn’t like long searches, they might rephrase to “how do I select a place?”.

This is the error message I get:

Would you understand it if you were a tech noob? I doubt it. After all, what’s wrong with “select”?

Conclusion

YOU’RE DOING IT WRONG.

xkcd.com - Voting Machines

CADW: If you ever see this post, fire your web developer, and take your site offline until it can be fixed by someone who’s actually competent.

Please, please, PLEASE let this be a lesson to other people how sanitising user input is a Good Thing™.

xkcd.com - Exploits of a Mom

I only hope that the Government in Westminster hasn’t made the same mistake, or this could be very costly… it appears someone has filled in the census form in a rather interesting way…

“Robots gave us six extra seconds of co-operation!”

Humans cannot be trusted.

Apparently, robots can’t be trusted either. At least I now know that I can trust a Aperture Science robot for 6 more seconds than I can an Aperture Science employee. Though I wouldn’t like to put it to the test against GLaDOS…

I seriously can’t wait for Portal 2 to be released. Unfortunately, it’s right before the exams, so I’m either likely to fail the exams or fail the exams playing Portal 2!

Cuts protesters claim police tricked them into mass arrest – Guardian

Cuts protesters claim police tricked them into mass arrest

EDIT: Some of the language in this article has been toned-down from when it was originally published.

According to the article, a peaceful protest in a public place (a shop) with no restrictions to other people, where the protestors were asked to leave, and even tidied up after themselves and were then kettled and aggressively arrested, meanwhile other protesters who were actually being violent and causing trouble elsewhere went unchecked. In my opinion, this is one way to start off violent anti-police protests.

The protesters were even apparently lied to, being told they’d be able to leave quietly, without being kettled or held in any way – thus making the police seem to be lying, cheating thugs. This sort of reputation is only going to raise anger amongst those affected, which happens to be practically any citizen who has ever peacefully protested in this country – anger against the force designed to keep the peace and uphold the laws of the land. Acts like this only go to highlight how maybe they aren’t quite doing it right.

xkcd.com - Voting Machines

Given that there were literally hundreds of thousands of people there (estimates range from 250 to 500 thousand people) protesting against the cuts that the ConDem government is putting us through, the Government isn’t getting a very good image as it is, and as the Police are giving this image too, it reflects even more badly on them.

What’s more, this isn’t the first instance of heavy-handed policing in recent times – protesters at Glasgow University who had been staging an occupation of an unused university building for seven weeks, when the university decided they didn’t want them there any more, so called in police to evict them, which turned into students being dragged from the building. Eventually, the students decided to occupy the main services building of the university instead, causing havoc to the operations of the university. Eventually, the university struck a deal with the students allowing them to return to the unused building just to get them out of the way.

In all seriousness, the police and the government need to take a good long hard look at themselves, and decide if this is the way they truly want the country to turn out – and with calls for a national strike, I don’t think it’s going well for the government. We seem to be seeing a resurgence of the Thatcher years, with all protests and strikes there, although I doubt David Cameron has the backbone for it – although when supported by his best friend (and seemingly puppet) Clegg, they might be able to keep up the traditions of the Iron Lady.

EDIT: Some of the language in this article has been toned-down from when it was originally published.

Old blog posts!

I’ve found my old blog posts, archived away in facebook! These posts were from the blog I had but didn’t maintain so deleted, over on blogger.com

I’ve recovered most of the content, no idea if I got all of it (probably not), but it made some quite interesting reading and reminiscing of times gone by (a year and a half?!).

I’ve put them all under the Archive category if you want a laugh, especially at some of the french wedding stuff. You might have seen it before, I don’t know – worth a look anyway.

I also dug out the correct dates from the facebook archive, so the posts should also be dated correctly(ish)

Archive

NUS Reclaim Your Voice 22/03/2011

It’s been too long since I’ve been on a good protest march!

I got the chance to change that, and fight against the introduction of tuition fees in Scotland with about 4000 other students from across Scotland today on Edinburgh’s Royal Mile, finishing up outside Holyrood and the Scottish Parliament, as part of the Reclaim Your Voice campaign

There were a few speeches, unfortunately my phone messed up (probably an id=10t error on the part of the operator) recording, so I lost the Green Party speech, and the first bit of the Lib Dem speech, and another one too.

Mike Russell (Education Secretary):

Des McNulty (Scottish Labour):

Margaret Smith (Scottish Lib Dems):

I’m annoyed I lost the Green Party speech, as it had a brilliant bit in it where the guy (Patrick Harvie) said “I can’t promise you that I won’t vote to increase tuition fees, but you can promise me something – I want you to promise to sack me if I ever vote for tuition fees!”

The Guardian also has an article about this, and there are quite a few pictures on flickr.

Minecraft and the towers

So, I’ve wasted a considerable amount of free time building what was at first a tower, then a few towers, then an aerial walkway, canal system, boatlift, and now is a fully fledged quadrangle.

The towers themselves are really impressive, the basic structure being a 5×5 square tower with a hollow inside, then building a double helix in the centre:

glassglassglassglassglass
glassairairairglass
glassglassglassglassglass
glassairairairglass
glassglassglassglassglass

glassglassglassglassglass
glassglassairairglass
glassairglassairglass
glassairairglassglass
glassglassglassglassglass

etc. The bottom is slightly more fancy, in that it started out like that, but I added a walkway through the middle, and sealed off the bottom. Hence:

  • Layer 1:
    glassglassglassglassglass
    glassglassglassglassglass
    airairairairair
    glassglassglassglassglass
    glassglassglassglassglass
  • Layer 2:
    glassglassglassglassglass
    glassglassglassglassglass
    airairairairair
    glassglassglassglassglass
    glassglassglassglassglass
  • Layer 3:
    glassglassglassglassglass
    glassairairairglass
    glassglassglassglassglass
    glassairairairglass
    glassglassglassglassglass

There’s nothing special about the top, you just need to stop building the glass spiral when you don’t want to go any higher, and stick a lava source in one side, and a water source in the other. If all goes to plan, you should end up with zero cobblestone, zero obsidian, and a nice tower that looks something like this:

water lava tower by day

or by night:

water lava tower by night

I ended up building a glass staircase around the outside edge of the tower to aid getting up and down. Alson if you’re fast enough, you can get down the tower before the lava has finished forming (jumping down into water helps!), and you can watch it form:

2011-03-12_17.57.55

Now, I decided to go to the top of the world. Then I decided that wasn’t enough, so I moved 100 blocks and built another. And another. And another.

Here’s three of the towers, the other one hadn’t been built yet (I’m actually stood halfway up it while building it)

2011-03-12_17.36.22

Four fancy looking towers still didn’t seem good enough, as I seemed to be able to rattle off new ones far too quickly, so I built a walkway between them right at the top, then a few blocks down a canal system:

2011-03-13_00.11.07

… which in itself was starting to look really cool from the ground:

2011-03-13_00.11.51

Add a fair amount of water…

2011-03-13_01.01.22

2011-03-13_01.07.42

I ended up building an extra ledge onto the outside wall of my canal system, and flooding that too to form water curtains:

2011-03-13_15.12.27

2011-03-13_15.28.39

A 1 block deep trench directly underneath the fall path of the water ensured no unintentional flooding, except for the one time I forgot about doing that…

2011-03-13_15.45.45

I decided I ought to make a few “portals” through the curtain so others on the server could easily come and go to their respective bases, so using the 1 block trench idea, I created a very simple doorway with the trench on top:

2011-03-13_14.58.37

I also added a boat lift, which is essentially just a column of water, and a drop into a 3-block deep area of water, with a current driving you off the edge. It works really well, assuming you can get the boat to move where you want it to!

2011-03-14_01.50.43

2011-03-14_01.53.20

More photos can be found here

All in all, I’m pleased with the result, though I’m not so sure about the water curtains.

If you want a look around for yourself, take the backup dated midnight on the 14th from here, and have a look around!

Nationwide and the mortgage answer phone message

On Thursday I got a rather interesting and worrying thing happening, I got this message on my answer phone:

Hi this is _____ calling from Nationwide, I’m the mortgage consultant for West Bromwich branch.

Er, I’ve got an appointment booked to see you tomorrow morning at 09:30 in the Birmingham Bennets Hill branch, now I just wanted to have a chat with you about what you were looking to do and what you need to bring along with you – and if you give me a call back when you get this message that would be fantastic erm my mobile number is 07________, that’s ___________.

I’ll speak to you shortly, thank you, bye!

<handset put down>

(hidden bits for privacy)

While I do have a few accounts with Nationwide, I’ve never had and never even indicated in any way that I wanted a mortgage, so this was slightly concerning. It’s also been a couple of years since I was last in Birmingham, so this was also weird.

The fact that I was supposed to call them back on a mobile number was also suspicious.

A trip into the local Edinburgh branch revealed nothing had happened with my account recently – no appointments, no contact, etc, and because they didn’t mention anything about me specifically in the call, and that the number was withheld, it seems likely that it was a scam. (Outgoing calls from Nationwide apparently set the caller ID to some 0845 number)

Another mystery solved :)