Archive for the ‘begging’ Category

Good post from Jeff Atwood about cross-site request forgery (CSRF) attacks. One thing that comes to mind is that this is an example of the best kind of security exploit – one where the exploit depends on the target system doing the right thing. A Web server is meant to respond to URL requests, and determine its response according to the browser credentials and any arguments passed in with the URL.

A CSRF attack essentially consists of arranging things so that users cause this to happen without being aware of it; for example, placing an object on some other Web site that carries a link to the target URL, or a button that causes an HTTP POST to a target URL as well as whatever it’s meant to do. As a refinement, you could so arrange things that the request was passed through something you control, so you can snarf the credentials and perhaps also the reply.

Rough; but it’s precisely the fact that you can do this sort of thing that lets you do all sorts of Web-application magic. What happens when you call a third-party API (or even just an image hosted somewhere else) from within the browser? That’s right, the user loads your Web page and incidentally loads the third-party service’s URL with their browser credentials.This is how the feed in my sidebar (on TYR 2.0) gets there. Oh noes, no YouTube or embedded GMaps, or a whole lot of other useful stuff.

Oh well, enough of that. Does anyone know of a Firefox extension or similar that lets me submit comments I leave on other people’s blogs to a service like I specifically don’t want a blogging tool, I just want to keep the comment URL, the URL of the related post if separate (i.e. haloscan style), and the text of the comment, and perhaps some tags.

Oh bloody fuck. He’s at it again. George Osborne is in his white coat, on the stage, flogging his snake oil. All he needs now is a gospel choir. I think we’ve pointed this out before, but here goes. The Bank of England was nationalised in 1946. It’s part of the State. The money in it is as much public money as the money in the Treasury. It is fundamentally dishonest to pretend that you can take the assets of a failing bank onto the Bank’s balance sheet without any cost to the Government budget.

And George Osborne thought the Bank’s balance sheet was composed of public money back in the autumn of 2007. We were told that the loans to Northern Rock were regrettably unavoidable but also a terrible risk taken with our money. Here he is at ToryKennel:

“The question we now ask of the Chancellor is simple: has he been honest with taxpayers about the risks that they face, and has he told the whole truth? …[snip]

The Chancellor will not tell us the size of the facility, when he expects it to be repaid or the terms of the repayment, even though much of that information is an open secret in the City. Indeed, the Governor of the Bank of England wants to publish the letter that he sent to the Chancellor to set out those terms.

Suddenly, after nationalisation, this statement became inoperative. The Bank of England had become a kind of charitable institution, nothing whatsoever to do with the Government, devoted to acting as a hospice for dying banks. Strangely, its Governor appeared unaware of this change.

Of course, this is a teachable moment about the Tories and the voluntary sector. As Boris Watch wisely points out, they are obsessed by the idea that Britain is full of charities who all have inexhaustible resources of their own, topped up regularly by squadrons of flying ponies. Poor old Gideon; what a nasty surprise to learn that the Bank is a public sector agency staffed by Daniel Davies’ past colleagues and notably deficient in ponies.

Further, does the Bank even have the capital to digest a whole failed bank on its own hook, without having to turn to the Treasury, or print money? Well, we could always look at the sodding books, couldn’t we? Bringing the Bradford & Bingley’s mortgage book (about £41bn) onto the Bank’s balance sheet would imply a Bank with one-and-a-half times the current level of assets, but no more capital than it presently has. Its current net worth is only about £2bn. Now, B&B’s liabilities were about £51bn, of which £22bn was made up of deposits, which have been taken over by Banco Santander; so for the rest, assets exceeded liabilities by some £12bn. However, for public sector accounting purposes, net debt/credit is defined as liabilities less liquid assets, and the whole point is that the mortgages are far from liquid. To put it simply, the Bank of England would have had a negative net worth several times as great as its existing capitalisation.

We would have successfully replaced an actually quite well capitalised bank with a desperately undercapitalised central bank. This isn’t that big a problem; central banks are weird financial institutions anyway. But the vast bulk of the Bank’s assets are loans to other banks, as you’d expect, and the last thing we want it to do under current circumstances is to stop lending to other banks.

Now, the whole point of this crazy exercise is to save the Treasury’s books. But it’s literally insane – and inane – to behave as if the taxpayer was on the hook for some sort of huge debt. The problem isn’t on the liability side of the banks’ balance sheets; it’s on the asset side. Now, how bad do you think the problem is? Shall we assume that the housing market will go down 50% from the peak, a crash of epic proportions? Well, that would still leave the Treasury sitting on £20.5bn worth of assets (or a bit less than one-third of the Bank of England’s assets), with no hurry to liquidate them. And the Treasury has essentially got it for nothing. It’s also fundamentally dishonest to pretend that literally every mortgage at the B&B is worthless.

However, Osborne insists on arguing that the total numbers involved are incredibly high, and also that the Bank of England’s puny capital base is sufficient to handle them without cost to the general Government budget.

I notice that Vince Cable, as usual, is talking sense.

Vince Cable, the Liberal Democrat Treasury spokesman, said that ideally a private buyer would have been found for B&B, but he recognised that part-nationalisation was the “only other way forward”. Mr Cable said the deal could even benefit taxpayers. “They have got a lot of bad loans, they have got the buy-to-let mortgages, they have got the self-certified mortgage arrangements,” he said.

“But it may that in the long-term, having acquired this for virtually nothing, the Government will be able to sell it and perhaps either cover itself of probably even make a profit.” Mr Cable contrasted the situation with that in the US, “where the taxpayer is actually paying to buy up bad loans.” He said: “here the Government is effectively getting them free, and depending on the competence with which they are managed, it may prove to be a relatively successful deal for the taxpayer.”

Not so Osborne. From the same article:

George Osborne, the shadow chancellor, said: “I don’t think the taxpayer should pick up the bill that really should be borne by the City.

“What is really being saved here are not the depositors or the jobs – it is the large institutions that lent lots of money to Bradford & Bingley and made money out of that when times were good, and now that times have turned down, are asking every single person in the country to pay more in their taxes to bail out this bank. “Under nationalisation, the taxpayer steps in and says ‘We are going to give you your money back’. I’m not sure that’s fair.”

The bill *has* been borne by the City; the shares have gone to zero, the bank has been broken up. In fact, the “large institutions” lose out badly, if by that he means the major clearing banks; they ended up stuck with most of the £400m in new shares issued a couple of months ago, which are now worthless.

Here’s a little extra for you (hey, I had a Halifax savings account when I was a little boy and they had branches in Dales villages); Osborne, and the entire Tory party, were very horrified by the bill for the nationalisation of Northern Rock because they claimed it contained provisions for the takeover of more banks, and only an evil socialist plot might explain this, as this would never be needed again. Clearly, when Gideon says they’re all being alarmist, it’s time to go short.

Update: The numbers in an earlier version of this post were based on B&B plus NR assets and liabilities, which was far from clear in the text. I’ve recast it to take account only of B&B. You can, of course, add the NR numbers…

Despite all the promises, the Government is still achieving nothing with regard to its Iraqi employees. Leave aside, for the moment, the considerable numbers who are being rejected. Even the accepted – in so far as this category means anything yet – are still in Iraq, still on the streets, and still in danger. “I am still in Iraq…I hear nothing from your Government yet!”, wrote one of them to Dan Hardie.

Over at Dan’s, you can read about the fact that according to Bob Ainsworth MP, this man has been accepted; but the Borders and Immigration Agency, the final arbiter, is still doing nothing. You could read about the man who, according to the Government, worked at the Shaibah Logistics Base for two years – and they should know, as he lived on the base itself after being threatened by (as they say) unidentified gunmen until he was served notice to quit before the camp was shut down last year. He’s now in Syria.

But don’t imagine this is anything new. Three days ago, the Second World War secret agent Pearl Witherington died, after a life that included more than a year on the run in occupied France organising the STATIONER resistance network. She had to take over command of the organisation at one point; eventually they were ready in June, 1944 to set the German rear ablaze. She was refused a military decoration, and more importantly (to her) parachutist wings, until the RAF relented in 2006 and issued the badge. But that’s not why I’m dragging her in.

It wasn’t any different in June, 1940, either:

At the time of the German Blitzkrieg into northern France in May 1940, she was working as an assistant to the Air Attaché in the British Embassy, but through being “locally enlisted” was not included in the official evacuation scheme and had to make her way to England through the Vichy-controlled zone (which initially avoided German occupation) then via neutral Spain to Portugal, from where she boarded a coaster to Gibraltar.

And she was a British citizen.

Apparently, part of the delay is because the Home Office – of course, inevitably, them – is responsible for finding accomodation for anyone evacuated. They, in turn, are blaming local authorities. The Foreign Office’s offer of cash looks better and better, frankly; at least it’s actual, immediate assistance.

Well, you know the rules: Please write a letter to your MP. His or her address is The House of Commons, Westminster, London, SW1A 0AA. If you don’t know who your constituency MP is, go here and type your postcode in. When you’ve sent a letter, follow it up with an email: his or her address will normally be – for example

Two or three days after you have written the letter, call the Parliamentary switchboard on 0207 219 3000 and ask for your MP’s office. Repeat your concerns to the secretary or research assistant you speak to (and be nice: most of these people work damn hard for little reward), check that your letter has been received, and politely request that the MP ask questions of Ministers and reply to you. In your email, your letter, and your phone calls, you must be courteous: insulting an MP or a research assistant will discredit this cause.

Full talking points are over here. But here’s one more of my own; if it’s the local authorities who are the problem, let’s find out which ones. Why not call your local council member for housing too? And tell us all about it.

Dear Lazyweb – can anyone work out why I can’t get useful data out of this page with BeautifulSoup and Python 2.5?

The information is in an HTML table, enclosed by td tags nested in tr tags, and governed by three CSS classes, “flight-data”, “data-head” and “data-row2”. The latter pair are used only within the first. So you would think something like this would work:

for item in soup.findAll('td', {'class': 'flight-data'}):

The ellipsis is there to make the indentation obvious in this post. Where soup is naturally an instance of BeautifulSoup that’s been fed the webpage as a file-like object. But it doesn’t; it does grab some of the data, but it also grabs much of the webpage as raw html, including the header and a gaggle of javascript. And it’s slow, dammit. I can’t be too far off beam, because I’m successfully parsing another very similar website using a near-identical parse command.

I’ve tried various interlocking restrictions, and searching for both data-head and data-row2, but these usually find nothing.