|
|
Recently I noticed that some parking spots in the city area are reserved for car sharing. There seems to be two car sharing companies operating.
Flexicar [1] costs $50 to join, has a $10 per month membership fee (which includes one hour of driving at a value of $12), and costs $12 per hour or $80 per day to drive a car plus $0.15 per Km if you drive more than 100Km in a day. They also have pre-paid plans which bring all the guesswork and complexity of mobile phone bills to car rental. Also they give discounts to members of the City Rewards [2] program which are greater than the membership cost, so anyone who plans to join them should join City Rewards first.
To use a car you phone up or use their web site to make a reservation. Then you find the car you reserved at it’s designated location and swipe your card across the windscreen to unlock the doors (presumably it’s an RFID card). The glovebox has the key for the ignition as well as fuel cards for any fuel you use a BP, Shell, and Caltex petrol stations (presumably if you run low on petrol when not near those ones you end up paying). All you pay is the rental rate and any tolls for toll roads you use.
When someone doesn’t return the vehicle to it’s designated spot on time there are penalty rates, which may include the cost of a taxi fare for the next person who had booked it.
It seems like a really good idea that can save significant amounts of money for people who live in the central areas (the costs of maintaining and insuring a car are significant, as is the depreciation on a new car as an asset).
The competitor is Charterdrive [3] which costs $25 to join (less than Flexicar but the same once you consider the discount), the same $10 per hour for 8:30AM to 5:30PM hours, and then cheaper rates for evenings and weekends. $25 for a night (5:30PM to 8:30AM the next morning) is good value if you want to drive home from work and then return the next day (if you work late then you might expect to pay $30 or more for a single taxi ride to get home). The weekend rate of $90 for 5:30 Friday to 8:30 Monday is also quite competitive, I expect that there are many people who only use a car on the weekend who could benefit a lot from this. $90 per weekend for 40 weekends a year (some weekends you would stay home or just use public transport) is $3600, insurance, registration, and basic maintenance of a car that you would want to own would cover most of that. Charterdrive does charge $0.20 per Km though for all journeys (with a discount rate of $0.15 per Km for long journeys on some plans), as opposed to Flexicar only charging $0.15 per Km for distances in excess of 100Km per day.
Charterdrive seems to be a newer company and has a far smaller presence. But it’s business model seems a little different and the focus on renting cars for people to drive home means that some people might benefit from being members of both companies. The $0.20 per Km makes Charterdrive more expensive more expensive for most city use, and the discounts offered for Flexicar seem to make it cheaper for use during business hours.
Charterdrive states that they have a deal with Red Spot Car Rentals [4]. It is not stated on their web site if you want to use one of their cars and they are all in use, I wonder whether a Red Spot car would be provided for the same price. Flexicar however claims that they aim to have a ratio of cars to members sufficient to make such things unlikely. Maybe it would be prudent to join both organisations so that if one had no vehicles available then you could use the other? In one city car park that I often pass the Flexicar and Charterdrive parking spots are adjacent so there would be no difference in convenience in terms of which one you use.
I wonder whether they will continue getting adjacent spots. If many people join both organisations then it would be more effective if they don’t get adjacent spots to get better aggregate coverage. I think that at the moment the main challenge for both companies is to grow the popularity of the car-sharing business. I expect that the real competition for who gets the biggest slice of that business will happen in a few years time.
Update:
There is another Australian car-share company in operation named GoGet [5], interestingly I discovered their existence when I reviewed the Google advertising on this post…
GoGet has a significant presence in Sydney, a small presence in Melbourne, and is only making a start in Queensland. Their hourly rates are significantly lower than the others (as little as $4.40 per hour) but distance rates are as high as $0.35 per Km. One significant benefit is that they have plans for two or three drivers which could allow an entire family to sign up on one account. If you drive less than 20Km in an hour (which would not be uncommon in city driving) then GoGet would be cheapest.
Today I happened to see a bio-fuel petrol station! I decided to check it out (even though I was traveling by tram in a part of town that I don’t normally visit so there was no possibility of any real purchase).
The station is Conservo [1]. Their main products are E10 petrol (10% Ethanol and 90% Petrol), B20 bio-Diesel (20% bio-Diesel and 80% Petroleum based fuel oil), and B100 (100% bio-Diesel). All the fuel that they sell has a biological based component. The prices for the fuel seemed a little lower than is charged by other petrol stations, but it’s difficult to tell as fuel prices can change rapidly.
I spoke to one customer who had just filled up his 4WD with bio-Diesel about his experiences. He said that he sometimes used B20 and sometimes B100. He had found no down-side to using such fuels but had noticed that when under hard acceleration the bio-Diesel fuel seemed to cause less dark smoke (IE less soot).
All the fuels that they sell are produced in Australia. There are issues with imported bio-fuels which are sometimes produced with slash and burn agriculture and often increase the prices for essential food items (such as corn in South America). As the fuel is produced in Australia such issues should not apply. According to a brochure they have facilities to allow people to deposit used vegetable oil which can then be converted to bio-Diesel.
Inside the store they sell a variety of organic foods and drinks, I bought a bottle of carbonated organic apple juice which was quite nice and at $3 was not outside the price range that I expect from a petrol station (which do tend to charge high rates for refreshments). It was not an unreasonably high price for an organic drink.
In the store they sell and promote a range of producthttp://en.wikipedia.org/wiki/Flash_points that are positive for the environment. They have a display about using algae to produce bio-Diesel fuel which has some interesting information but unfortunately didn’t list the productivity of algae fields in terms of the number of tons per hectare per year (or month or other time period).
One really interesting point I read on their web site concerns the flash point [2] of fuel. The flash-point is the temperature which allows enough of the flammable substance to evaporate to produce an ignitable mixture. Petrol is listed as less than -40C, fossil-Diesel fuel is greater than 62C according to Wikipedia (greater than 55C according to Conservo) while Conservo list the flash point of bio-Diesel as greater than 110C. Wikipedia lists the flash point of canola (rape seed) oil as 327C. This is described as being a benefit of bio-Diesel. While it’s obvious that this is a disadvantage for Petrol, I find it difficult to imagine a situation where a fuel tank could reach a temperature greater than 55C but less than 110C.
In their Good for the Environment [3] page they claim that the exhaust from burning bio-Diesel is less harmful to human health than that from burning fossil fuels. My previous post about Vegie Cars [4] is getting some comments suggesting otherwise. So far I haven’t found good references either way, but the discussion has raised some really good issues.
Update: Petrol’s flash-point is less than -40C not +40C.
I’ve read a lot about running Diesel vehicles on plant oil, but one thing that was never clear was why some people claim that you need special chemical additives.
The article about converting vehicles to vegetable oil on the VegieCars.com [1] site explains all this. It seems that if you want to produce fuel which can be used in unmodified vehicles then you need to add a mixture of methanol caustic soda. This is going to be difficult, dangerous, have some expense, and probably not be that good for the environment.
The other option (which they recommend) is to modify the vehicle to accept straight vegetable oil. This means pre-heating the oil before it enters the engine (to lower it’s viscosity and make it vaporise more easily) and to filter the oil to remove solid objects and water.
A possibility is to have two separate fuel tanks so that you can switch between plant oil and petroleum based Diesel fuel. This is an option if driving in a cold climate (probably not an issue in Australia apart from a few mountains) and if you are concerned about the quality of your plant oil (a bad batch could clog the filters and force you to use petroleum based fuel).
They also have an interesting cost-comparison page to show you how much money you might save by using plant oil [2].
Their site is very interesting and has some good technical information, even if you never plan to drive a Diesel vehicle it’s worth reading if you are interested in cars.
My cousin Greg Coker has created an eBay auction for Football cards with the proceeds going to a charity that protects animal welfare (I can’t remember the name – I’ll update this post later). He also has a bunch of other eBay auctions of football cards going which are not for charity.
The charity auction is held in association with SEN (Sports Entertainment Network – a sports talk-back AM radio station) [1]. This afternoon Greg was interviewed on SEN about football cards in general. He gave a good talk, he could probably do some professional radio work if he was interested.
Greg’s cards are from the VFL (Victorian Football League) before it became the AFL (Australian Football League) [2]. The cards used to be sold in “milk bars” (small stores that sold a variety of junk food and some essential food items including milk – most such stores are closed now as they have been replaced by petrol stations and supermarkets) and each pack of ~5 cards had some crewing gum included (which Greg often discarded because he didn’t like it – he should have given it to me, I was not so fussy). The back side of the cards had a jigsaw picture which I have never seen anyone complete (I expect that Greg has assembled at least one jigsaw as he has some sets).
Probably the way the cards were collected, traded, etc is very similar to sports based cards from other countries (such as baseball cards in the US).
On the animal front, I’ve had a mother cat and four kittens move into the shed in my back-yard. The mother cat has no collar and is not known by anyone in the area so she appears to have been dumped by her owner when she got pregnant. There are four kittens, one is ginger, one is black, and two are mottled part black and part ginger. They are all healthy and friendly and the kittens are all really cute. The kittens have become used to being patted and handled by humans so it will be easy to make them household pets.
If an owner is not found for them then they will probably all end up being put to sleep (unfortunately I can’t keep them so I’ll have to deliver them to the local council).
If anyone in Melbourne, Australia wants some free cats then I would be happy to deliver them. I’ll supply as many cats as desired. I can’t give away the mother until the kittens have been given away, so if you want the mother cat (dark coloured) then you may have to wait for a while.
Judging by the date that I first noticed them (when they were walking around, had their eyes open, and ate solid food) the kittens would have to be at least 7 weeks old. It’s recommended that kittens not be given away before they are 8 weeks old and given that it will probably take a week to organise anything I expect that anyone who reads I don’t think that there is any risk of giving them away too early.
Please let me know by email or a comment if you are in the vicinity of Melbourne, Australia and want a new pet (or several new pets).
The latest news related to the Beijing Olympic games is that Kevin Rudd (our Prime Minister) has said “It is absolutely clear that there are human rights abuses in Tibet. That’s clear-cut; we need to be upfront and absolutely straight about what’s going on,” – stating the obvious really. If that was all that happened then it wouldn’t be particularly interesting.
The paper version of “The Age” quotes George Bush as seconding Kevin Rudd’s statement. I believe that this is quite significant. Bush is well known for being stupid, the fact that he is now following the example of someone else who is doing good things is a very positive thing for the world. When John Howard was our Prime Minister we had an idiot (Howard) following an even bigger idiot (Bush) and the result was not good.
Kevan Gosper (an Australian IOC board member) said “They just take their hate out on whatever the issues are at the time, and that hate against the host country is being taken out on our torch“. People who are totally corrupt sometimes seem confused when other people are motivated by moral principles, maybe we have a culture clash between the corrupt IOC board and the attitudes of most people in the rest of the world (I can’t think of any other way to map Kevan’s statement to reality).
Mr Rudd has confirmed that Chinese “security guards” (soldiers) will not be permitted to operate in Australia to protect the Olympic torch from protesters, but the “security guards” have been operating in the UK.
I read about this on the web site of The Age, but I won’t link to them because they have a lot of broken links with the following explanation – I am not going to link to sites that are so transient in nature (linking to The Age would lower the quality of my blog). Incidentally does anyone know of a news service in Australia that has reliable pages which stay online?
We could not find the page you requested. This is often because older content has been removed from our site. In most cases you can still find the item via our archive service, News Store, where you can buy articles for a small fee.
It also has the following text which indicates that the most visible problem is probably transient, but the fact that they deliberately break links is unacceptable to me:
If you reached this page from a link on our site, please contact the webmaster (choose Technical faults) and tell us the address of the faulty page and the address shown for this page.
The MSN article about the meeting between Bush and Rudd also had an interesting quote from Nancy Pelosi (speaker of the house in the US congress) [1]. She said “As I said in India last week where I met with His Holiness the Dalai Lama, if freedom-loving people throughout the world do not speak out against China’s oppression in Tibet, we have lost our moral authority to speak out on behalf of human rights anywhere in the world” and that the IOC made a mistake in awarding the games to China.
Pelosi is not known for being left-wing (the US Democratic party is centrist/right by the standards of most democracies) so it’s interesting to see her take a stand on this issue.
Erich Schubert has written about this, he points out that the Olympics are not about sports [2]. Well of course the Olympics are about money, drugs, and sports-science!
I’m not sure that I agree with Schubert and Pelosi, the Chinese Olympics has focussed a lot of international attention on what China is doing – this has to be good for human rights. The Olympic games are a white elephant, running them costs a huge amount of money and there is no evidence that they actually make money for the host country once the opportunity costs are taken into account. Maybe we should give the Olympics to Zimbabwe or the Sudan next?
I believe that apart from some exceptions (such as “links” posts) each post should stand alone. A reader should be able to read a single blog post and understand the author’s point without needing to visit any external sites.
A common mistake is to write a post that can not be understood without following the links. This means that if one of the links gets taken down then the post can not be interpreted. Also if a reader has Internet access problems that deny access to the other site (which is not uncommon) they will be unable to find the original source and thus miss the point.
It’s quite common for people to download copies of blog content before going out of net access (I routinely load a Planet feed of the blogs I read before travelling). Some people read blog content via email, for such people reading blogs without net access will be even more common. If a blog post can’t be immediately understood then a significant number of readers will just skip it. If too many posts from one RSS feed (where “too many” is a subjective value that varies from reader to reader) have this problem then they may just unsubscribe from the feed.
Also even people who do have good net access will sometimes skip posts which require them to visit an external site. It takes more time and if they aren’t sure that the content will be of interest then they skip it.
Finally writing an explanation of your point tends to result in more clear communication. At the shallow end of the blog pool it’s quite common to see posts which link to web pages and express disagreement with them. If the web page which is referenced makes several points (it’s very rare to find pages which strictly make a single point with no sub-points and no chain of logic to support the point) then it can be difficult or impossible to determine what the blogger specifically disagreed with. A post which summarises a page and gives specific reasons for agreeing or disagreeing with it gives little potential for confusion or miscommunication.
Currently my SE Linux Play Machine [1] is running as a Xen DomU. So if someone cracks it they would also have to crack Xen to get access to directly change things on the hardware (EG modifying the boot process). As documented in my last post [2] a user of my Play Machine recently managed to change my password. Of course this was just two days after the vmsplice() kernel security flaw had been discovered [3]. Of course any machine that offers shell access to remote users (or the ability to run CGI-BIN scripts or other programs that users can upload) is immediately vulnerable to such exploits and while SE Linux has blocked local kernel exploits in the past [4] there will always be the possibility of kernel exploits that SE Linux can’t block or which can be re-written to work in a way that is not stopped by the SE Linux policy. So it’s best to assume that SE Linux systems are vulnerable to kernel exploits.
At the time that the vmsplice() exploit was announced there was a claim that it could be used to de-stabilise a Xen Dom0 when run within a DomU. It’s best to assume that any attack which can make some software perform in an unexpected manner can also be used to successfully attack it. So at the time I was working on the assumption that the Dom0 could have been exploited.
Therefore I reinstalled the entire machine, I firstly installed a new Dom0 (on which I decided to run Debian/Unstable) and then I made a fresh install of Etch for the Play Machine. There is a possibility that an attacker could compromise the hardware (changing the BIOS or other similar attacks), but this seems unlikely – I doubt that someone would go to such effort to attach hardware that I use for demonstrating SE Linux and for SE Linux development (it has no data which is secret).
If someone attacks my Play Machine they would have to first get root on the DomU in question and then crack Xen to get access to the hardware. Then the machine is on a separate Ethernet segment which has less access to my internal network than the general Internet does (so they would not gain any real benefit).
One thing an attacker can do is launch a DOS attack on my machine. One summer a Play Machine overheated and died, I suspect that the extra heat produced by a DOS attack contributed to that problem. But losing a low-end machine I bought second-hand is not a big deal.
When discussing the machine there are two common comments I get. One is a suggestion that I am putting myself at risk, I think that the risk of visiting random web sites is significantly greater. Another is a challenge to put the machine on my internal network if I really trust SE Linux, as noted I have made mistakes in the past and there have been Linux kernel bugs – but apart from that it’s always best to have multiple layers of protection.
My SE Linux Play Machine [1] has been online again since the 18th of March.
On Monday the 11th of Feb I took it offline after a user managed to change the password for my own account (their comment was “ohls -lsa! i can change passwordls -lsals -lsa HACKED!“). Part of the problem was the way /bin/passwd determines whether it should change a password.
The previous algorithm (and the one that is currently used in Debian/Etch) is that if the UID of the account that is having it’s password changed doesn’t match the UID of the process that ran /bin/passwd then an additional SE Linux check is performed (to see if it has permission to change other user’s passwords). The problem here is that my Play machine has root (UID==0) as the guest account, and that according to the /bin/passwd program there is no difference between the root account (for unprivileged users) and the bofh account (which I use and which also has UID==0). This means of course that users of the root account could change the password of my account. My solution to this was to run chcon on the /bin/passwd program to give it a context that denied it the ability to change a password. The problem was that I accidentally ran the SE Linux program restorecon (which restores file contexts to their default values) which allowed /bin/passwd to change passwords, and therefore allowed a user to change the password of my account.
The semanage tool that allows changing the default value of a file context does not permit changing the default for a file specification that matches one from the system policy (so the sys-admin can’t override compiled in values).
I have now fixed the problem (the fix is in my Etch SE Linux repository [2] and has been accepted for Debian/Unstable and something based on it will go into the upstream branch of Shadow. See the Debian bug report #472575 [3] for more information.
The summary of the new code is that in any case where a password is not required to change the user’s password then SE Linux access checks will be performed. The long version is below:
The new algorithm (mostly taken from the Red Hat code base which was written by Dan Walsh) is that you can only change a password if you are running as non-root (which means that the pam_unix.so code will have verified the current password) or if you are running as root and the previous SE Linux security context of the process is permitted access to perform the passwd operation in the passwd class (which means it is permitted to change other user’s passwords).
The previous context (the context before one of the exec family of system calls was called) is used for such access checks because we want to determine if the user’s shell (or other program used to launch /bin/passwd) was permitted to change other user’s passwords – executing a privileged program such as /bin/passwd causes a domain transition and the context is different) than the program that was used to execute it. It’s much like a SETUID program calling getuid(2) to get the UID of the process which launched it.
To get the desired functionality for my Play Machine I don’t want a user to change their own password as the account is shared. So I appended password requisite pam_deny.so to the file /etc/pam.d/passwd (as well as the chfn and chsh commands) so that hostile users can’t break things. The new code in /bin/passwd will prevent users from taking over the machine if my PAM configuration ever gets broken, having multiple layers of protection is always a good thing.
The end result is that the Debian package and the upstream code base are improved, and my Debian Etch repository has the code in question.
My Etch back-port repository of SE Linux related packages (which I documented in a previous post [1]) now has a complete set of packages for AMD64. From now on I aim to make AMD64 and i386 be my main supported platforms for SE Linux development.
There is a guy who may be able to give me a stack of well configured PowerMacs (2gigs of RAM), if he comes through with that then I may add PPC-32 to the list of architectures I support. If that happens then probably the machines will have their hard drives smashed for security reasons, so I’ll want to swap some G3 PowerMacs for hard drives.
|
|
