Category: Anything you want

Using Your Photocopier to Share Data…

Via Charles Arthur’s Overspill, an interesting story about Digital Photocopiers Loaded With Secrets, telling a tale of how you can buy scrapped photocopiers for their hard drives and then trawl them for data, as you might do with old office computers, or phones…

A quick skim of the Xerox website turns up a photocopier product line listing that includes details of whether a photocopier includes a hard drive, along with some general guidance information:

Security Features

Jobs may be written to nonvolatile memory (e.g. to a hard drive) during processing. Generally, when a job finishes, this data is deleted, but may still be recoverable using forensic tools. Image overwrite is effective at eliminating this job data from the hard drive once the data is no longer needed. Xerox also scrambles the data with the user data encryption feature.

This further protects data at rest from unauthorized access. Xerox recommends that the following features be enabled.

Fortunately, countermeasures are built into products to reduce this risk.

• Immediate Job Overwrite or Immediate Image Overwrite is a feature that deletes and overwrites (with a specific data pattern) disk sectors that temporarily contained electronic image data. Products that use hard disk drives to store job data initiate this process at the completion of each job. … This should be enabled (and is by default on many products).
• On Demand Image Overwrite is a manually initiated (can also be scheduled) feature that deletes and overwrites (with a specific data pattern) every sector of any partitions of the hard drive that may contain customer job data. The device will be offline for a period of 20 minutes to one hour while this completes. [Makes me think of coffee machine self-clean cycles, –Ed.]
• Disk or User Data Encryption is a feature which encrypts all partitions of the hard drive that may contain customer job data with AES encryption. This should be enabled (and is by default on many products). Encryption can be used in combination with either overwrite feature.

Hard Disk Drive Retention Offering

If the security features built into Xerox products do not meet your security requirements, Xerox offers another alternative.
Hard Drive Retention Offering is a service that can be requested by a customer who wants to retain a hard drive for security reasons. A Xerox technician will remove the hard drive and leave it with the customer.

Things to Remember
• Not all products have hard disk drives.
• Some products have hard disk drives, but do not use the hard disk drive to save document images.
• If a Xerox product is powered off before an Overwrite operation completes, there may be remnants of data left on the drive. A persistent message will appear on the device indicating the incomplete overwrite operation. In this event, it is recommended that an On Demand Image Overwrite be performed.
• Image overwrite features are available for hard drive equipped devices only. Currently it is not possible to overwrite images on solid-state nonvolatile memory.

• NOTE: Xerox strongly recommends the default Administrator password be changed on all devices to prevent unauthorized access to configuration settings.

Xerox does not offer sanitization or cleansing services for returned disk drives.

Many photocopiers nowadays are intended to be accessed over a network (they double up as network printers), and may incorporate a webserver to facilitate that. Which means they may also be a network security hazard. Which is why photocopiers should be regarded as part of the IT estate so that IT can be responsible for regularly checking a vendor’s photocopier security bulletin. (As computers, photocopiers are also susceptible to hardware/processor vulnerabilities.)

PS think also connected vending machines ?!

A Couple of Days Out Attending the Corbeau Seats Rally, 2018

This time last week, I was waiting for a boat in advance of heading off to Clacton for the weekend. The event? The Corbeau Seats Rally, 2018, England’s first closed road rally (which is to say: #firstontheroad)…

…made possible as a result of changes to law last year. Here’s a copy of the permission granted:

Part of the service area was along the sea front, which was closed to public road traffic, but open to pedestrians, for the duration of the event:

Scrutineering was also on the front and lasted for much of Saturday, just down the road from Rally HQ, which was also doing a sideline in tea and cake. (I’m starting to think rally events are a bit like library events: they’re equally friendly, and there always seems to be cake available:-)

On Saturday evening I went to find my hotel for the night, checking out the special stage I was marshalling on beforehand. The special stage itself had already been prepared.

The MSA Blue Book, the de facto regulatory handbook for motorsport in the UK, goes so far as to define what sort of tape to use:


I also found the FIA Rally Safety Guidelines a fascinating read too… (Whilst there were a couple of official spectator areas, viewing on most of the special stages was unofficial – local residents standing away from the road at the end of marshal controlled footpaths, for example. One of the key learnings I think that can be taken away from the event is sighting where spectators unofficially congregated with a view helping more people see more of the rally safely in future.)

Fortuitously, the hotel was only 15 minutes or so from the special stage start, where I had to sign on Sunday just after 7am on Sunday morning. Knowing the likely special stage locations beforehand might be useful when booking my hotel next year.

Several competitor groups as well as officials were in the hotel I was in, and also in the local pub that night for dinner where the bar staff were quizzing drivers about the event and then passing on that information to locals.

I imagine one of the arguments made for the rally to the Tendring local council was the economic benefit the rally would bring to the area. A Clacton Gazette piece on the rally, Motor rally unveils maps of 5 stages around Tendring also picked up this cause:

Mr Clements [event director] said the event is set to bring in hundreds of thousands of pounds to the Tendring area.

He said: “There will be 120 competing teams with each team having a driver, co-driver and support team of three or four people.

“We probably have 50 senior organisers and between 500 and 1000 marshals coming in, spending money and maybe staying over night.

“Just from the organisers side of things we have calculated that the spend will be £150,000 to £250,000.

“In addition, our best guess is that we will have five to ten thousand spectators coming.”

He said they could bring in about £250,000 to £350,000 through paying for parking, food, drinks and accommodation over the weekend of the rally.

It will be interesting to see what the final estimated economic contribution was. My spend in the area was of the order of £100, for example.

(If you search for academic papers around motorsport, you often find economic impact analyses.)

And so to rally day, and sign on, where I was given a briefing pack for my post showing where to park and where to stand,  the special stage schedule, a can of pop and a Mars bar, and an official whistle (for warning others of an approaching car when the stage was live). I’m gutted I forgot to collect an official rally T-shirt though…

The post itself was at then end of a straight run:

…just before a slight S:

…with a no-go area alongside a footpath:

…and a couple of concrete blocks to stop cars from flying up an slight earth ramp just before the corner entry:

So then it was time to sit down and wait…

After an hour or so, an incoming text message that brought a tear to my eye (honestly!) announced the start of the rally proper:

The view from my chair, watching the officials and safety cars go by, an then the full speed rally cars themselves…

Unfortunately, I don’t have any photos of those – so here’s a picture of the view from my chair, watching out for incoming vehicles. It looks like there could be some really nice walks and bike rides around there…

As to why no photos of the cars: cameras are distracting and accidents can happen quickly. Here are the tyre tracks left from a wobbly incident by car 73 on their first run through the stage:

Between stage runs, there were a couple of hours to kill, so I wandered up and down the stage to chat to folk on the posts next to mine. Up the road, Anthony Concannon of the Southern Car Club, who organise the rally stage at the Goodwood Festival of Speed (I need to sign up for that…) mentioned that they had been working with the Isle of Wight Council to run the first closed road rally when the change in legislation was originally proposed, but that delays in the legislative process had led to it falling through. It would be great if the plan to bring a closed road rally to the island could be revived though. I’d certainly help put some hours in…

After over 8 hours on post, with three runs of the stage completed, it was time to help clear away tape and signage in the vicinity, and head off. Along the way, chats with supportive local residents, several of whom we’re interested in how to get started marshalling. It struck me that post event advertising by the likes of GoMotorsport making people aware of how to get involved might pay dividends. As might giving marshals fliers and recruitment promo materials that we could hand out to spectators who might be interested in getting involved.

I’d like to thank the sponsors, organisers, local council and local residents for helping make this event possible: it was a great day out. And as for my fellow marshals: I’ll see you around…

If you are interested in getting involve, check out the GoMotorsport or Volunteers in Motorsport websites and sign up for the (free) MSA online rally marshals’ training. And definitely sign up for a Rally Marshal Taster Event if you spot one running.

PS this weekend, it’s back to my automated race / rally data journalism hacks… For example: F1Datajunkie Azerbaijan 2018 F1 Race Weekend Review or the RallyDatajunkie WRC Argentina Rally Review.

Equal Access…

One of the arguments often used against innovation in developing OU courses is that some particular technology choice may exclude certain students even if alternatives are available. Flippantly (and perhaps unfairly – but I am trying to caricature the position), if you have a fast computer, we’ll try to make sure we design things in such a way as to downgrade your experience so that it’s equivalent to someone running a minimum specification machine, because that’s only fair…

I’m not sure I agree, but at some point I really need to clarify why (to myself, at least) I believe that…

In the meantime, here’s a quote from a High Court judgement (Adath Yisroel Burial Society -v- HM Senior Coroner For Inner North London) on a policy relating to a coroner’s hearings that has been deemed unlawful: scheduling hearings around deaths in “taxi rank” order rather than in a way respectful day-of-death burial traditions of certain religions:

[T]o treat everyone in the same way is not necessarily to treat them equally. Uniformity is not the same thing as equality.

Fragment – TM351 Services Architected for Online Access

When we put together the original  TM351 VM, we wanted a single, self-contained installable environment capable of running all the services required to complete the practical activities defined for the course. We also had a vision that the services should be capable of being accessed remotely.

With a bit of luck, we’ll have access to an OU OpenStack environment any time soon that will let us start experimenting with a remote / online VM provision, at least for a controlled number of students. But if we knew that a particular cohort of students were only ever going to access the services remotely, would a VM be the best solution?

For example, the services we run are:

  • Jupyter notebooks
  • OpenRefine
  • PostgreSQL
  • MongoDB

Jupyter notebooks could be served via a single Jupyter Hub instance, albeit with persistence enable on individual accounts so students could save their own notebooks.

Access to PostgreSQL could be provided via a single Postgres DB with students logging in under their own accounts and accessing their own schema.

Similarly – presumably? – for MongoDB (individual user accounts accessing individual databases). We might need to think about something different for the sharded Mongo activity, such as a containerised solution (which could also provide an opportunity to bring the network partitioning activity I started to sketch out way back when).

OpenRefine would require some sort of machinery to fire up an OpenRefine container on demand, perhaps with a linked persistent data volume. It would be nice if we could use Binderhub for that, or perhaps DIT4C style infrastructure…

R HTMLWidgets in Jupyter Notebooks

A quick note for displaying R htmlwidgets in Jupyter notebooks without requiring pandoc – there may be a more native way but this acts as a workaround in the meantime if not:


m = leaflet() %>% addTiles()
saveWidget(m, 'demo.html', selfcontained = FALSE)
display_html('<iframe src="demo.html"></iframe>')

PS and from the other side, using reticulate for Python powered Shiny apps.

Guacamole and Wine – Running Small Legacy Windows Apps Via a Browser

A sketch some time ago of Accessing GUI Apps Via a Browser from a Container Using Guacamole.

Today, we’re faced with trying to keep an old, old Windows app:

a) running;
b) across various platforms

for another couple of presentations / another year of a course…

So what to do?

I had a look at the dockerfile from the above sketch, installed wine, and tweaked the launch script as per the embedded gist at the end of the post. Image is on dockerhub for now as psychemedia/robtolab/.

Here’s it running on Digital Ocean via DockerCloud…

First select the app (I need to figure how to allow selection of different ones…)

Then run it…

And in action…

UPDATE: out of the can, images for changing the simulator background can be found here: Z:\opt\Apps\RobotLab\images

So… University of the Cloud, right?!

PS the next step is to see if I can get something like the above running via binderhub under nbserverproxy eg as per See maybe