A fun musical interlude with Henry Cluney, XSLF

Post gig, apparently we were supposed to be serious!
Post gig, apparently we were supposed to be serious!
On Sunday 26th April, the venue was The Wheatsheaf pub in Oxford, for a mid afternoon round of musical merriment organised by Purple May. Dee and I had arrived early, so managed to get a good spot. The special guest of honour was the legend that is Henry Cluney, one of the founders of Stiff Little Fingers, and now touring with an ex bandmate, Jim Reilly, as XSLF. Henry was playing on his own for the day. For those who don’t know, SLF are my all time favourite band: I’ve been going to see them play ever since the Go For It tour reached Carlisle Market Hall in 1981.

Having seen Henry in the same venue last year, when he played in front of no more than 15-20 people, I knew some of what to expect, but it was also good to see quite a few more people had come along. It was great to see some familiar faces from last year’s gig. It’s hard to believe that one of my all time heroes was standing in the pub (did I mention the gig was free entry?) only a couple of yards from myself and the other fans. Essentially, it was a request show – after each song, we were asked what we wanted him to play and for the most part he obliged us. I won’t spoil things for those who haven’t had the pleasure of Henry’s company in a setting like this, but suffice to say that there was a lot of singing, and even more laughter. Henry was obviously having a ball, and the rest of us enjoyed it too. I have to say, I’m impressed that he was able to keep his place in the songs, as there was a fair bit of micky taking and loads of good natured banter. Dee reckoned it was a fantastic afternoon too – I’m glad I’ve been able to introduce her to some of the music and lyrics which helped shape my personality and morals.

I was delighted that I got a chance to chat to Henry after the gig, and to get a photo with him too. When XSLF come round my way, I’ll definitely be going to see them. And if there’s another solo performance – I’ll be there for that too!

Patching – what’s all the fuss about?

I suppose this falls under Security 101, one of the most basic things we’re all encouraged to do with our technology, but there’s always a reason to postpone it: 

  • My machine slows down while it’s downloading the latest patches
  • I’m worried that things won’t work afterwards
  • I keep having to reboot my machine, sometimes several times during one set of updates 
  • I’m busy just now, can I not just do it later?
  • I don’t use the Internet much, so my device can’t be infected
  • I’m not using Microsoft, so there’s no need to patch
  • ….and, well, you know how it goes on…. 

I’m sure you’ve got your own versions of these, but the point is that these are all just excuses for something that should just be part of your normal experience – in my opinion. 

Should we patch absolutely everything? I.e. should we install all updates for all products as soon as they’re available? No, I don’t think so. We should base our patching strategy on a risk assessment. If you find out about a patch for one software programme – let’s say Microsoft PowerPoint – but don’t have PowerPoint on your device, do you need to apply that patch? Not if it only addresses vulnerabilities in PowerPoint, as your device doesn’t have that vulnerability. But if the patch includes other packages which you do have installed eg Excel, then yes, you should. 

Why am I picking on Microsoft? Just in order to use program names that we’re most likely to be familiar with. The same principles apply equally to other vendors and other software packages. Software has vulnerabilities, it’s inevitable. If there are none on the day it is released someone somewhere will find some soon afterwards. And the more valuable the data you access through the software, the more likely someone is try to create an exploit for that vulnerability. 

In my opinion, you should patch regularly i.e. keep patches up to date. Apart from anything else, this lessens the amount of time spent downloading updates, as you’re keeping on top of things (in many respects, the same goes for antivirus updates too). Patch what you have to, but eg if the patch is for a Mac and you’re using Linux, why apply a Mac patch unless the patch also applies to Linux devices. 

Not using the Internet often is no protection either. The only truly secure device (from Internet attack anyway) is one which does not have any form of external interface (wifi, wired, serial cable, whatever) and which is never connected. Some well known legitimate websites have been targeted and have had malicious code embedded in them, infecting users who are only browsing (because no software is totally secure, right?). Botnets are out there looking (in an automated way) for vulernable machines, so you only need to connect once to run the risk of infection. It’s a bit like contraception – if you don’t ever have sex, you’re unlikely to get pregnant, but do it just once without any form of protection and pregnancy is a very real risk. 

If you’re only looking at your personal / home PC / laptop / tablet etc, then you’re unlikely to have a test environment. This is the best place to try out new patches, but if you’re a home user then you probably don’t have the luxury of testing things there. In any event, its notoriously difficult to configure your test environment to exactly match your real, live environment, down to version numbers of DLLs and other components, so you’re probably just testing in a representation of your live environment and there will still be some risk when you deploy for real. So what should you do?

This is where having a good, robust (and tested) backup regime comes in. More on that in a future post, so watch this space… 

The guy that speaks his mind

%d bloggers like this: