About fiona

Fiona Coulter is a musician and website developer.

Countering the Idiocracy

I was struck by this item of news recently, about the fact that Macmillan, the well-known cancer charity, have appointed someone to counter the myths about cancer being promoted online (see http://www.bbc.co.uk/news/health-41780776). It is sad that this is necessary, but it surely is. This is a subject that affects me personally, because I have had cancer twice. It was my experience that mentioning this in conversation acts as a kind of beacon for the deluded: like the well-meaning person who insisted on telling me about the woman in Bristol who had “cured herself” of cancer (presumably she also diagnosed herself in the first place); or the person who solemnly assured me that it could be cured with lemon peel.

I decided early on in my treatment that I would ignore the idiots, and accept that the doctors treating me were exactly what they seemed to be: humane and intelligent people, who would not recommend a treatment unless it was actually likely to of real benefit. So I had surgery, and chemotherapy and radiotherapy, and yes, it is quite brutal, it is not an experience that I would recommend to anyone looking for a laugh. But the thing is that it actually works, and I am still here several years later.

Of course it is not a new thing that some believe that their ill-considered opinions are as valid as those of people who have spent years of their lives studying and researching a subject. But it is only recently that the internet has given them such a powerful platform, so at least the harm that they could do was more limited in the past. There is something particularly pernicious about promoting myths about cancer, it can quite literally kill people who are gullible enough to believe them. I have noticed that those who do so, while being all too quick to condemn “Big Pharma”, usually gloss over their own interests in promoting dubious “cures”.

There is no conspiracy among doctors and drug companies to suppress some safe and “natural” cure for cancer, whether it be vitamin C, or green tea, or magic beans for whatever. Why? Conspiracies just do not work because most people are absolutely terrible at keeping secrets. And the biggest reason is because doctors are human beings too, they get cancer too, and so do their husbands, wives, lovers, parents, children, brothers, sisters and friends. If such a cure existed they would want it to be developed, and would want to use it.

I called this post “Countering the Idiocracy”, but in truth I don’t know what the solution is. I still think that the internet is (on the whole) a force for good, and that there is no morally acceptable way of preventing idiots from having access to it. I think that the best thing that we can do, at least on an individual level, is to try not to be one.

And don’t be these people: http://www.thebeatlesneverexisted.com/

Painting: Broadmoor Lane, Bath

This is a painting of Broadmoor Lane near where I live in Bath, where I often walk the dog.

One of the good things about Bath is that it is very compact, it only takes a few minutes walk from the city and you are in open countryside and farmland. This is working farmland, there are often cows in the lane.

Painting – Kennet and Avon Canal

I’ve finally got around to doing some more painting recently.

This is the Kennet and Avon canal near Limpley Stoke. I was trying to capture the patterns of intense light and shade caused by the sunlight falling through the trees.

Kennet and Avon Canal near Limpley Stoke

Canal near Limpley Stoke

 

It’s not 100% successful but I think I did manage to get the feeling of walking down a tunnel of trees that you get along the canal. It’s a lovely place to walk and was particularly magical on the day last autumn on which this picture is based.

I am also pleased with the colours. I did try and paint the canal once before, it ended up looking very brown, which I avoided this time.

 

How to Deal with Mean People

Some time ago I had the novel experience of being abused on social media by a member of the Joomla! community (novel for me anyway, although I think not that uncommon in the Joomla world). It was a bit of a surprise, mainly because I don’t normally bother much with social media.

But unfortunately one of my previous blog posts went unexpectedly viral and clearly annoyed this person. At the time I was a bit shocked and upset at his response. I did think about responding in kind, because actually I enjoy insulting people as much as the next person when they are the ones that start it. But really I could not foresee anything good coming out of exchanging insults with him.

Then I realised something important: I actually just did not care.

I regard this as real personal growth: there was a time when I was abnormally sensitive and probably would have been crushed at someone saying mean things about me. It’s a huge relief, to realise that actually I don’t really care very much any more about what people think or say about me.

What I mainly put it down to is this. I have had cancer twice in the last four years. That’s an actual problem, it is something that matters. I don’t bang on about it, because it is private, but dealing with it has been really tough. But I have, and I am OK.

By contrast, a civilly-challenged person abusing me on social media matters very little. I have no intention of identifying him by the way, I really am over it. I do not even feel any ill will towards him.

So my advice on how to deal with mean people is this: if you find yourself caring about what someone says about you on Twitter, Facebook, Reddit or whatever – just get a grip. It is not important. Go and do something that does matter: hug your children, or your spouse; take the dog on a lovely long walk; go out and have tea and cake with a good friend; paint a picture; play an instrument. Do anything that expands your life rather than contracts it.

There are a few people in the Joomla community who unfortunately seem to think that it is OK to indulge their own feelings of frustration by abusing others on Twitter and elsewhere. They are wrong, it is not. But they are like the mean kids at school, my mum always told me to just ignore them, and she was right.

 

Improving Quality Control in Joomla Code

Since writing my previous blog post, in which I explained how a coding error had protected older versions of Joomla from the serious security vulnerability which was patched in Joomla 3.6.4, my friend Bernard Toplak has been doing some research into how it came about that the coding error in the vulnerable user controller was fixed.

It seems that a user called lecoeurlou joined Github on 30 August 2015, submitted a patch for the faulty function call to $model->validate() to the Joomla CMS project that same day, which was accepted without question and has never had any activity on Github since.

You can see the activity here: https://github.com/lecoeurlou?tab=overview&from=2015-11-01&to=2015-11-30&utf8=%E2%9C%93

Now this may in fact be innocent, but to my mind it is at least possible that someone had noticed the potentially vulnerable controller in the code, had experimented with it and found the coding error. Then they realised that if they could quietly fix it, they could open up a critical vulnerability in one of the world’s most popular content management systems, which they could then exploit.

I think that the lesson is that there needs to be more quality control on patches submitted through Github, because unfortunately there clearly is scope for a malicious actor to wreak havoc.

Update

Since I wrote this yesterday, I have been astonished at the level of interest. I expected it to be read by a dozen people at most, and to provoke no reaction whatsoever. Instead it seems to have been read by several thousand people and to have annoyed quite a few of them.

But there was a serious purpose to the article: when something goes seriously wrong, then I think it makes sense to look at why it happened rather than burying our heads in the sand, carrying on as normal and pretending it can’t happen again.

I will deal quickly with a few of the points that have been raised:-

Firstly, I am definitely not trying to point the finger of blame at any individual. I have no idea whether lecoeurlou is an evil genius or just a helpful person trying to fix some code. The problem is that we have no way of knowing.

Secondly, I am not suggesting any kind of conspiracy. Frankly it hardly required a conspiracy. If the code patch was malicious, it was far more likely just opportunism.

Thirdly, yes I really did think of saying all this by myself, I am not being used by anyone.

I am saying it because I think that it matters. Open source software is a wonderful thing, and so is the Joomla project. I would like to see it thrive. But I think that is more likely to happen in the long run if we are honest with ourselves about what the problems are.

I don’t know what the solution is. I certainly don’t want to discourage anyone from contributing to an Open Source project, quite the contrary. But we are really kidding ourselves if we think that every single person who does so does it from the purest motives, because that I am afraid is just not human nature.

I think that these are issues that need to be discussed, and if I have upset a few people by encouraging that then I can live with it, though that was not the intention.

Joomla Security Release 3.6.4: Breaking the Code by Fixing It

Many people will have noticed (including a lot of bad guys) that there is a security release of the Joomla! content management system.

Previous versions contain a vulnerability which allows a malicious person to register a user account on a Joomla site by carefully crafting their own html form, even when user registration has been turned off, and also to manipulate the user group. This is done by accessing a vulnerable controller in components/com_users/controllers/user.php, which includes a register task that does not check the site configuration or properly validate the data.

The controller has been around since Joomla 1.6, so it has left a lot of people wondering if older versions of Joomla are vulnerable, such as 2.5 which is still widely used. In fact the good news is that older versions are not.

If you try to submit a crafted html form to a Joomla 2.5 site, you get the following fatal error:-

Warning: Missing argument 2 for JModelForm::validate(), called in components/com_users/controllers/user.php on line 114 and defined in /libraries/joomla/application/component/modelform.php on line 258 Fatal error: Call to a member function filter() on a non-object in /libraries/joomla/application/component/modelform.php on line 261

Or something similar depending on your exact version. The reason for this is that the user controller includes a coding error, it uses

$return = $model->validate($data);

 instead of
$return = $model->validate($form, $data);
so that it fails because the data object is null when the model is called to register the user.
Then in Joomla 3.4.4 someone helpfully fixed the coding error in the controller without asking themselves what on earth the controller was doing. I am sure they meant well, I think it would be unfair to blame only the person that fixed the code, these things are supposed to be tested. But still, it opened the CMS up to a serious vulnerability.

Web Security: An Example of How Not To Do It

Quite a few news sites are reporting this story at the moment, about hackers hitting online stores using the Magento E-commerce system: http://www.bbc.co.uk/news/technology-37643754. The reports seem to originate from this site https://www.magereport.com which has been set up to help owners of Magento sites scan for vulnerabilities in their store for free.

A nice idea you might think, and it is. The problem is that those behind the site don’t really seem to have given much thought about verifying who is doing the scan. Anyone can use it. It is easy to find sites that use Magento online, for example Googling ‘inurl:/checkout/cart/’ will bring up a nice crop. Then run the scan, it will bring up a nice handy guide to what vulnerabilities the site suffers from.

The makers excuse themselves by saying:

The MageReport tool only tells you what is wrong, not how to exploit it

However this is really not good enough in my view, once you know what the weaknesses are, it is the work of a minute or two to find the exploit online, my dog could do it.

The only way to protect against this is apparent to block the “magereport” user agent in the site robots.txt file, I would suggest that owners of Magento sites do this, but if site owners do not know that they have vulnerable software on their site, are they really going to know that they should do that?

New Painting: The Hills Near Bath

This is a new painting of the hills near Bath.

The hills near Bath at eveningThe thing about Bath is that it is surrounded by hills, so nothing necessarily extraordinary there. What I particularly liked about this view was the colours of the early evening in winter. The leafless trees have a rather ghostly, ethereal shape, which made it an interesting scene to paint.

The picture above is in oils. Before I began it, I tried a sketch in oil pastels:-

Bath hills, in oil pastelsThe sketch concentrates on the broad shapes of colour, and light and shade, and was quite successful I felt. I don’t always make a sketch before beginning a painting, but I do find it helpful sometimes. In this case it encouraged me to paint the scene.

Some recent paintings

Some new pictures that I have completed in the last few months.

View of Weston

View of Weston

This painting (in oils) is a view of Weston (where I live), from the nearby hillside. It has some good points, although I don’t feel that the colours all work. They individually make sense, but somehow don’t quite come together.

Lake view

Lake view

I actually prefer the background in this picture, I kind of wish that I had left the foreground out, and kept it as an atmostpheric view across a misty lake.

Roses

Roses

Well, it is a picture of some roses. I actually like it more than I expected to. I like flowers, but it is difficult to paint them in a way that does not look a bit twee.

Moonlight

Moonlight

This is another of my brooding, Bath at night pictures, and is my favourite of my recent pictures. I was trying to get the effect of moonlight and also illumination by streetlight on a row of houses, I think it works very well, there is a nice contrast between the warmth of reflected streetlight on the houses, and the much colder light of the moon.

 

 

Chuckles Coulter: A Dog’s Life

It is with a great sadness that I announce the death of Chuckles, my much loved dog. She passed away peacefully on 17 November 2015.

Chuckles Coulter

She was probably a Lakeland Terrier (mostly). Not much is known about her early life, she was adopted by my father at about the age of 18 months, towards the end of 2001. She had been found as a stray, very thin and scared, wandering by herself on bonfire night.

Whatever the difficulties of her early years, it did not dampen her enthusiasm for life. As a young dog she had seemingly boundless energy, and was something of a little hooligan. Her best friend was a young Beagle called Millie, whom she adored. They used to chase each other at breakneck speed around the town ramparts of Berwick-upon-Tweed, where my father regularly walked her.

She liked cats, although it has to be admitted that she also enjoyed chasing them. However it did not seem to be motivated by ill-will, but simply because it was fun. She lived for many years quite amicably with my father’s cat Min.

As well as chasing things, Chuckles cultivated an interest in chewing things; squeaky toys (which she enjoyed killing), and sticks. Unfortunately she never got the hang of fetch, taking the view that if you threw a stick away you could hardly expect to get it back again, and it was therefore hers. She was never much interested in balls, unless the ball belonged to another dog, or occasionally a golfer; then she would enjoy grabbing it and running off with it. She always had a keen sense of mischief, which made her a fun, though occasionally embarrassing companion.

She was also an enthusiastic scavenger, and adopted an “eat everything” policy towards anything even remotely edible that she found on her walks, no matter how disgusting it might look and smell. I won’t turn my reader’s stomach by supplying details. She never seemed deterred by the occasional tummy upset this caused her.

In later years, she calmed down a lot (as do we all), and took up sniffing things as her main interest, which she could do happily for hours on end. She still loved walkies, but at a much more sedate pace.

I know that my father loved her dearly, and she was a loyal friend to him in the last years of his life. Sadly my father died in March 2013, and I adopted Chuckles. She was a wonderful companion for me at a very difficult time, particularly when I was undergoing chemotherapy, when she was a great source of support. I had some of my treatment at home, and, in a particularly touching gesture, she would sit and guard me while the nurse administered the medication. It was very healthy for me to have a reason why I had to go out every day for a walk, even when I really did not feel like it at the time. More than anything, her presence did a lot to help me keep my spirits up.

There are some people (nasty, bitter and twisted people: people who don’t like dogs) who imagine that a relationship with a dog is just an inferior substitute for a human relationship: but they are wrong, I think that it is something unique and valuable in its own right, and can be very profound. Dogs have a joyful simplicity and directness in their response to life, they are masters of living in the moment. They give their love without reservation, with a glad heart. They can teach us a lot, particularly people who don’t like dogs.

So when I say that Chuckles was a good dog, I mean it as no small thing. As Dad once said of her, she was everything you could want in a dog, in a conveniently small package. She was a true friend, and I will miss her with all my heart.