maniacmartin

Previously, I thought that that the cheapest way to travel from Market Rasen to Oxford and back was a Saver Return (Route not via London) with a Young Person’s 16-25 Railcard, costing £32.35.

However, that was before I learnt about Split Tickets. Basically, if on both your journeys, your train goes through a certain station, and the train makes a stop there, buying 2 tickets — one to this station, and one from that ticket to the destination — may be cheaper.

This is usually when traveling to a busy station from far away. Get a ticket to an en-route nearby small station, then a ticket from this station to your destination.

First of all, I needed to find an outgoing and return route that were the same, as previously I have taken previous outbound and return routes. Such a route exists, and it is:
Market Rasen → Lincoln → Nottingham → Birmingham New St → Oxford.

In this case, the greatest saving can be made by splitting around Leamington Spa, 2 stops up the line from Oxford. This also holds for returns from Oxford to Market Rasen.
The Saver Return with 16-25 Railcard from Market Rasen to Leamington Spa is £20.95, and from Leamington Spa to Oxford is £9.10, totaling £30.05, which is £2.30 or 7.1% less than a direct return ticket. Enough to pay for a sandwich en route

Note that if you buy these tickets, you’re committed to traveling via your split point on the return route. This is not a problem for me, as all non-London routes between Market Rasen and Oxford stop at Leamington Spa.

Also, on busy routes, 2 singles may be cheaper than a return. So, with split tickets, the cheapest way to do a return might involve 4 single tickets.

I have recently started using Opera for my day-to-day surfing, as Firefox 3 Beta 5 locks up now and again, and decides to use 100% CPU. This usually happens when I have a few tabs loading that have Flash video in them. However, Opera’s javascript engine isn’t quite like IE or Firefox’s.

This caught me out when I tried to login to Internet Banking at a certain bank. Like many other banks, they have some drop-down menus for you to select the requested digits from your security code, presumably to stop keyloggers. But unlike password entry fields, drop-down menus are much easier to shoulder surf, so they use Javascript to make the entry display an asterisk in the drop-down as soon as you’ve made your selection.

Of course, this caused Opera to fail to login, with a message along the lines of “You’ve got your account details or security details wrong, or you’re not registered for online banking“. So I tried again, and soon locked myself out.

Had they actually tested the site on a few browsers, this would have been easily discovered, and could have been fixed, or they could sniff the user agent and display a different page, or a message telling customers to use a different browser. That’s not ideal, I know, but it stops customers locking themselves out.

Of course, at the other end of the spectrum, Natwest sniff user agents, and reject virtually every browser, yet faking to be IE yields a perfectly working site anyway.

And then there’s HSBC. When their site eventually loads, has the first part of the login process on a non-SSL served page, which POSTs to an SSL page. Whilst this could be argued to be secure, it goes against what the banks have been telling Joe Consumer (”look for the padlock”), and its possible for a fake entry form to be sent through DNS poisoning or a man-in-the-middle attack, which POSTs elsewhere. People will not spot this as easily as a canned phishing email.

Maybe someone can enlighten me on why banks feel the need to reinvent the wheel. We have SSL. We have EV SSL certificates. SSL has been proven to work. Why do banks make sites that depend on Javascript, specific browsers, and bulky calculator-like devices that fit oh-so-easily in your wallet?

Of course, its their response to keyloggers and phishing emails. However, I don’t have a virus-ridden Windows box, nor do I believe the scams that drop into my inbox every day. I don’t see why I should have to waste time because someone couldn’t be bothered to sniff the user agent, display a warning or actually test some Javascript which was designed to safeguard users who’ll type their bank details into anything and open any attachment without a second thought. (Should people who pose such a security risk to their own account even be given internet banking?)

In fact, I don’t think the bank has any reason to need my email address at all, but it doesn’t stop MBNA sending official advertising emails from suspicious looking email addresses, with links to URLs that look equalling fishy. When you have real banks sending out these phishy emails, no wonder Joe Consumer falls for scam ones. (For the record MBNA didn’t reply when I emailed them asking why they engage in this practice.)

Something that’s been bugging me for a while is that when I updated my Wordpress install (using svn), file uploads ceased to work. Attempting to upload a file resulted in the message “An error occurred in the upload. Please try again later.”.

It seems that the latest Wordpress uses Flash to show a progress bar during the upload. This site details many possible solutions, but the easiest one that’s guaranteed to work is downloading the No-Flash-Uploader plugin. Simply drop it in your wp-content/plugins folder, then activate it in the Dashboard, and your uploads are fixed.

Having just put Windows XP back (in a dual boot configuration) I wanted to share the password manager that I have in the KDE system tray with Windows. I looked on the internet, and the only thing that has been ported is the pwmanager_dump program. However, combined with some the Windows ext2 driver, GNUWin32 tools (grep, awk, xargs etc) and a program that copies its command-line argument to the Windows clipboard, I have a hacked-up working pwmanager that syncs with linux.

I’m not 100% certain, but I think all of the tools I use are under the GPL, except for CopytoClipboard.exe, whose license I do not know. To get it to work, simply edit the first line of the bat file to point to your pwd file - of course you’ll have used the Windows ext2 driver to mount your linux partition to a Windows drive letter.

PwManager in Windows

Whilst I’m not one to cover a news story that’s already been covered elsewhere, TorrentFreak has a priceless quote from Virgin Media’s CEO: “This net neutrality thing is a load of bollocks”.

Virgin seem to have no problems in admitting that they are throttling sites that do not pay Virgin extra cash, despite the fact that these sites have already paid their own hosting providers.Read the full story here, and if you’re a customer, ring up, moan and consider switching

Lately people have been telling me about emails that I never received. A quick analysis reveals that these ended up in my Trash folder - meaning that SpamAssassin gave them a high spam rating.

After delving into Perl and examining Hotmail’s mail headers, it seems that Hotmail recently changed the structure of their headers (probably with the merge with Windows Live Mail), and as such the characteristic header style that SpamAssassin expects from Hotmail’s SMTP servers isn’t found, and it thinks that its a spammer is pretending to be hotmail.

Luckily, SpamAssassin 3.2.x has a new FORGED_HOTMAIL_RCVD2 header with the new hotmail header structure defined. But this version isn’t available in the stable Debian Etch. Version 3.2.x is, however, in the Debian Lenny repository, and being all Perl, installs and runs fine on Etch with no extra dependancies. All of your settings from Etch’s SA will still work (or at least they did for me).

To upgrade, simply type the following from a root console (The old version of SA will be removed automatically):
wget http://ftp.uk.debian.org/debian/pool/main/s/spamassassin/spamassassin_3.2.3-1_all.deb
dpkg -i spamassassin_3.2.3-1_all.deb


If you haven’t discovered the joys of Debian, I’m sure you can find a SpamAssassin 3.2.x package for your distro if you hunt hard enough.

I found the new version to be slightly slower, but more accurate, than the old version.

I have discovered a most annoying bug with Microsoft Publisher 2000’s BorderArt feature.

It all started when I was making a poster for dad on his Windows XP PC, using his version of Publisher 2000, the Office afterthought desktop publishing application. All of a sudden, dad’s PC rebooted instantly. That is to say it went straight from working to BIOS, with no errors and no visible shutdown sequence. Thinking it was probably a rural power blip, I just reloaded Publisher and remade the poster I had lost. However, by the third instant reboot, I began to see a pattern emerge, and tested it a final time to get some proof.

Dad has virtually all Office settings on the default for Office 2000 Small Business Edition, and rarely ventures outside of Thunderbird, Firefox, Word and Publisher. He never even got round to working out what Excel does. In Publisher, If you make a rectangle shape, then click Format, Line/Border Style, More Styles…, a dialog box will appear.

In the BorderArt tab, you can select one of many tacky picture borders for your rectangle.

Except on dad’s PC, once you scroll about two-thirds of the way down the list of possible BorderArt types, the PC will instantly reboot as if you’ve hit the reset button. No errors, no blue screen of death (thanks to SP2 suppressing one maybe), nothing.

Unfortunately I cannot do more extensive testing because the reboots are very annoying, and because I don’t have a pile of Windows boxes around to test on. However, I would be very interested to hear if this has happened to anybody else, and into any insights and possible fixes would be much appreciated.

It happens way too often. You’re in an msn conversation with someone who’s really cool, then the conversation runs dry. But you really don’t want it to end. You could be completely random like me, and change the topic if the previous topic runs dry.

/usr/share/dict/words contains a comprehensive list of wacky words (some that don’t look like real words to me, and many plurals that have apostrophes for no good reason). These could be potential topic ideas. It has many proper nouns, so first we must filter out words beginning with capital letters. Then take a random number, modulo the number of words, and find the n^th element in the filtered list

x=$RANDOM;let x%=`grep "^[:lower:]" /usr/share/dict/words | wc -l`; grep "^[:lower:]" /usr/share/dict/words | head -n$x | tail -n1

I was unfortunate enough to use resize2fs to resize an ext3 partition. The result, which at first appeared OK, was a corrupt filesystem.

Using SSHFS, I mapped ~martin on Andrew’s laptop to /media/sshfs on mine. I then told tar to make an archive of what was on my partition, and save it to the SSHFS. It errored out midway because of the severely corrupted filesystem, but I didn’t think it wouldn’t present a problem because the files in tars are simply stored back to back - it is a very basic archive tool.

After running badblocks, which was all clear, then formatting the partition to ext3 again, I attempted to extract the tar. GNU tar consumed CPU cycles for ages without writing any files, then complained about corruption. I assume it was walking the tar to check it wasn’t corrupt. This, as you can imagine, is not very handy. I perused the manpage looking for a switch that would disable the scan and just extract what it can, upto the corruption, but I could not see such a switch

I found a website that suggested finding where the last intact file in the tar ended, and feeding tar just that part of the file. They supplied a perl script to do the job.

The problem is that this perl script was unbelievably slow, and had probably only been tested on small files, not my 30GB tar, so Andrew wrote this python script to do the same thing, using information from Wikipedia and from BestSolution’s perl script. Andrew’s version started searching from the end of the tar, not the beginning, because we knew that my tar was corrupt at the end.

After a few minutes of watching it make a non-corrupt tar, we realised we were going to have to load the whole tar from the disk twice - once to repair it, and again to actually extract it. Surely a better way would be to just start extracting the truncated one, and give up when we get to the truncated file. Andrew’s Aerauntar does just that.

Usage:
python aerauntar.py archivename destinationfolder

So the moral of the story is not to tar backups from corrupt filesystems, always pay attention to errors and never assume that a program will operate as you think it will.

I needed to buy some train tickets today, after getting the times from National Rail. Of course, National Rail don’t sell tickets, instead referring you to the train companies themselves. Well, I know what you’re thinking - that I could just buy tickets from my station. My station doesn’t have a ticket machine, nor is it staffed. So I try a few train companies’ sites. It seems they all subcontract our to The Train Line’s buggy system. The Train Line is a horrid site to use. It relies heavily on sessions, needs you to register before it shows you prices and generally irks me all of the time.

By chance I stumbled onto GNER’s site. They have recently moved to their own custom-designed ticket sales system, and I must say they’ve done a very good job indeed. Not only does it have a Web 2.0 “feel” (being clean and intuitive), it clearly explains the difference between the ticket times, and has AJAX light-boxes displaying each route after you click the more info buttons on them.

Furthermore, it shows a list of prices and a list of possible route-times. Clicking the price you want greys out the routes you are then not allowed to use, and clicking the route you want will grey out the ticket types that can’t be used with this route. Details of train changes are updated in realtime using AJAX as you highlight different routes. It also managed to find a great deal more routes than The Train Line did, in less time. And what’s more, you can of course buy tickets for any UK train from any UK train company. In future, I’ll be buying all of my advance tickets online from GNER, as their website is much more intuitive than the others. Good work GNER!