Text Size
Uncategorised

Uncategorised (3)

Thursday, 13 February 2020 21:14

Dangerous Southern Rail Trains

Recently I went to board a train at Arundel station on a Sunday, where there is a service every hour if you fancy a trip out. As usual it turned into a disaster and down right danger. I have put in italics the amusing "sorry, not sorry " parts.

Dear southern rail
On the 1559 Arundel to Chichester. I Walked with my dog along the platform towards front 4 carriages and guard saw  me along with about 5 other people .
The Guard then got back on train, but the dog then decided to pooh on platform, I scooped it up in a bag and I was about a foot from door.
I turned round and train doors were locked, I was pressing the button and it pulled away while I was pressing button and very close to train (inside the yellow line)
There was No call from guard and driver didn't check clear safe platform. Not even shout and i was in the train danger zone and it left.
The Woman in ticket office said i can complain but wont do any good. She said the Driver is in charge not guard and to wait for next one as I missed it.

Monday, 27 June 2016 12:45

cookie control policy

Written by

What Are Cookies

As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or 'break' certain elements of the sites functionality.

For more general information on cookies see the Wikipedia article on HTTP Cookies...

How We Use Cookies

We use cookies for a variety of reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies.

The Cookies We Set

If you create an account with us then we will use cookies for the management of the signup process and general administration. These cookies will usually be deleted when you log out however in some cases they may remain afterwards to remember your site preferences when logged out.

We use cookies when you are logged in so that we can remember this fact. This prevents you from having to log in every single time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in.

This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.

When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.

In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.



Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Analytics page.

The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you.

For more information on Google AdSense see the official Google AdSense privacy FAQ.

In some cases we may provide you with custom content based on what you tell us about yourself either directly or indirectly by linking a social media account. These types of cookies simply allow us to provide you with content that we feel may be of interest to you.

Several partners advertise on our behalf and affiliate tracking cookies simply allow us to see if our customers have come to the site through one of our partner sites so that we can credit them appropriately and where applicable allow our affiliate partners to provide any bonus that they may provide you for making a purchase.

We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; twitter,faceboook, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.



More Information

Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren't sure whether you need or not it's usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. However if you are still looking for more information then you can contact us through one of our preferred contact methods.

Saturday, 19 March 2016 21:12

comvel

Written by

Internal Notes on the VEL API

This is intended as a short summary of what I have done with the API. Feel free to argue with any points, if you feel that I have got it wrong.

I have prepared some short documentation on the VEL API which we can make available to users (see vel-api-documentation.html), which explains how to access it. This purpose of document is to explain to us how to use it.

The fields actually included in the public feed are these ones:-

Format of the Feed Items

  • id: the id of the listing
  • title: the name of the listing, usually the extension name plus vulnerable versions
  • description: includes information that cannot be easily put in other fields, eg if version numbers do not correspond to standard version conventions this can be explained here
  • status: 1 = live, 2 = resolved
  • jed: url of jed listing if any
  • cve_id: CVE and/or other vulnerability tracking database IDs
  • cwe_id: CWE vulnerability classification IDs
  • risk level: eg low, medium, high
  • recommendation: this field is used to give recommendation to the end user how to handle the subject extension, eg to update
  • cvss30_base: cvss 3.0 base vector string see https://www.first.org/cvss/calculator/3.0
  • cvss30_base_score: cvss 3.0 numeric score
  • start_version: starting extension version where vulnerability is present, will be empty if all previous versions are likely to be vulnerable
  • vulnerable_version: most recent version known to be vulnerable
  • patch_version: version where vulnerability is patched, will be empty if no patch available
  • update_notice: url of developer's update notice, if any
  • install_data: json fomatted installation data from extension installation manifest, including name, type, creationDate, author, authorUrl, copyright, version and group (for plugins)
  • created: ISO8601 creation date of the listing
  • modified: ISO8601 modification date of the listing
  • statusText: "Live", or "Resolved"

Adding a New Item to the Feed

It is pretty straightforward, go to components->VEL, click 'new'.

I hope that the feeds are fairly self-explanatory. Note that we can add internal notes to the internal description field, these will not be made public. We can link the entry to a joomla article if we want, that might be useful in future, it will provide a way to link items to the current VEL articles.

You must change the status to live or resolved for it to show up in the feed.

The vulnerability type field is for our use only, and is not included in the feed, we don't have to use it but might find it useful to keep track of the vulnerability types in our database.

We can upload the extension manifest, then the data from the manifest will be automatically parsed, to give us the following:-

  • name,
  • type,
  • creationDate,
  • author,
  • authorUrl,
  • copyright,
  • version
  • and group (for plugins)

Accessing the Feed

It will be accessed at https://vel.joomla.org/index.php?option=com_vel&format=json. There will also be a verification hash at https://vel.joomla.org/index.php?option=com_vel&format=json&task=verify. The verification hash updates when the feed updates, so plugins can use this to check whether it is necessary to fetch an updated version of the feed. Note that com_vel does not output anything else.

Caching

Com_vel has its own cache, which should cache the feed for up to a year, if nothing changes. Whenever a new item is added, or one is deleted (if that ever happens), or one is edited, the cache will be automatically cleared, and a new cached page will then be generated. Similarly the verification hash will be updated. So it should be quite efficient.

Additional Fields

There is always the possibility of adding additional fields if we decide that they are wanted, and actually there are several more that exist as fields in the database but are not currently included in the feed, mainly in order to keep things simple.

However they are all still there in the database, making it easier to include them in the feed later if we want. The main ones that have been dropped for now are the CVSS 3.0 temporal and environmental scores, as we discussed previously they probably do not add anything significant, and it would be fine to use just the base score. However the CVSS temporal and environmental scores do exist as fields in the database so can quite easily be added if we ever want to do so.

I have come round to the idea that including the CVSS 3.0 base score and vector string is a good idea, and actually much better than saying what type of vulnerability (eg SQL injection) it is. I have kept a field for the vulnerability type available to us in the admin, it might come in useful, but the vulnerability type is not included in the public feed.

There is also the possibility of crediting the discoverer of the vulnerability, if they want to be publicly credited, again it is a field in the database but not currently in the feed.

At the moment which fields are public is hard-coded into the extension (in models/items.php), there are some advantages to keeping it that way, at least it means that a mis-configuration will not accidentally make public any internal data. Still I may look at improving that at some point.