Are your servers vulnerable to Shellshock?

I’ve put together a simple script to check your Linux systems for vulnerability to the BASH “Shellshock” exploit.

Specifically CVE-2014-6271, CVE-2014-7169, and CVE-2014-7186.

SSH into your server and run the following commands;

chmod +x

To patch your system, if you are running Debian “Squeeze” you will need to add the following to your /etc/apt/sources.list;

deb squeeze-lts main contrib non-free
deb-src squeeze-lts main contrib non-free

Then run the following;

apt-get update
apt-get install debian-archive-keyring

If you are running Debian “Wheezy” or above, simply do;

apt-get update
apt-get install --only-upgrade bash

Then run “” again to check that all is patched.

Quickly setup Click to Dial via VoIP SIP PBX on Windows

Here’s a super quick way to get click to dial working on Windows, via your VoIP/SIP phone system (in-house, or hosted).

Before you start, you will need the SIP domain, outbound proxy, and extension credentials. These are the same details you would typically need when configuring a physical SIP phone or soft phone.

Start by downloading my Click2Dial installer, all I’ve done here is packaged the various components you will need to get this working into a single installer file.

  • Hamlesh’s Click2Dial – 32bit – 694KB – Download
  • Hamlesh’s Click2Dial – 64bit – 709KB – Download

You will need to reboot your computer, the modules won’t be loaded until you reboot.

Once you’ve rebooted, go into Control Panel, then Phone and Modem.

You will probably get asked to configure your regional dialling settings – just specify your area code and click OK.

  • Select the Advanced tab and click Add
  • Select the “SIPTAPI Service Provider” option and click Add
  • You will return to the provider list, select SIPTAPI and Configure

  • You will need to configure your extension details, just like configuring your desk/soft phone
  • Click Apply and Ok, and return to your desktop

Assuming the details you’ve specified are correct for your phone system, making calls should now work.


You can either use Dialer.exe built into Windows, or the command line dialler that my Click2Dial package has installed for you (this method is far more slick).

Using Dial.exe to initiate calls

Click Start > Run > “dial PHONENUMBER“, you can either specify another extension or any normal number you’d like to call. Your desk phone should start to ring, answer and your phone system will begin to dial the PHONENUMBER you’ve specified.

Creating shortcuts to quickly initiate calls

Next create a shortcut on your desktop, right click on your desktop, New > Shortcut, type in “dial PHONENUMBER“, Click Next, and name the shortcut something relevant eg: “Call Bob” (if PHONENUMBER is Bob’s). Double click shortcut, and your desk phone should start to ring.

Now, you can further tweak things, right click on your new shortcut, select Properties, Change Icon, Browse, and in your C:\Windows\ directory you should see dial_home, dial_mobile, and dial_work icon files, pick one, Apply and Ok.

Calling directly from Outlook

You can also trigger calls directly from your Address Book in Outlook.  There are issues with Outlook 2013 and the “People” view, which I haven’t found a work around for, however opening the contact card via the Address Book will work.

If you’ve found this post useful, please post some feedback.

I’ve only tested this on a 64bit system – if you’re on a 32bit system, I’d appreciate some feedback, either post a comment or @hamlesh on twitter.

OpenVPN on iPhone iPad without jailbreaking

Earlier this morning the guys and girls at OpenVPN announced that their “Connect” app has finally been approved by Apple and is available in the App Store!

Screen Shot 2013-01-17 at 17.30.40

Its long overdue, but finally those of us that don’t like the idea of jailbreaking our devices (or don’t want “faff”), can finally connect to OpenVPN end points from our iOS devices :)

This is such good news, that I felt it should be shared :)

Ofgem warn of UK power shortage

In a report released today, Ofgem (the UK regulators for the energy industry) forecasters are warning that the spare energy capacity in the UK is likely to fall to just 4% in three years.

What does this mean?

The UK currently, at any given time, has a headroom/margin of around 14% on its energy creation/delivery capability.  To simplify what this means, if we imagine all of the energy being consumed in the UK right now (gas and electricity) as a figure of 100 energy units, we could cater for another 14 energy units worth of demand right now.

Another way to think of this, if your weekly food shop budget is £100, and you need to buy something extra one day, you only have an extra £14 available to spend in your bank account.

So what?  Why should I care?

Our operating headroom as it currently stands, 14%, isn’t great!

This leaves us in a precarious position as a nation, should we need more energy.  Especially as this margin decreases to just 4%.

We already have a complex system in place to bolster our electrical grid with power from our French neighbors, this can be turned on and off as required.  The national grid utilises this relationship almost daily, the older soap watching generation are the main reason for this arrangement being in place.  Historically the grid could never cope with the demand for power caused during a Coronation Street ad break for example.

We don’t need to rely on this “power bridging” for our usual/ongoing demand, and in principle its a brilliant safety net (think of it as an overdraft, nice to have it there for those little emergencies).

However getting electricity delivered in this way is very very very (keep saying very till you get tired) costly.  This cost is passed on to consumers in the form of our utility bills.  However if we only need the boost in power from time to time, its not such a big deal.

What we are starting to see now (and have been for a while), is that this power bridging is starting to happen on an-ongoing basis.  Think of this as living in your overdraft.  Your outgoings a month are now outstripping your income, and you are having to constantly use your overdraft (which is costly money).  In this same way this energy is costly, and we shouldn’t rely on it.  The bank can withdraw/cancel your overdraft facility at anytime, what happens if this energy capacity is withdrawn?

As we start to run out of capacity, we will fully utilise the power available to us via this bridge, to cater for our normal demand levels… What then?

I haven’t talked about how we manage our gas reserves, there’s a similar arrangement in place to import gas, and one of the reasons our gas prices are so high is that we import most of the gas that we use as a nation.

Potential impacts

Our national energy stability is at risk.  As we are no longer generating the majority of the energy we consume, our prices will be determined by external parties/suppliers, our demand will outstrip supply (in a more noticeable way).

  • Energy reliability will start to waiver – we’ll see an increase in power spikes
  • Energy costs will increase (a lot more than the mainstream media are reporting)
  • Businesses will find it harder to obtain new power allocations (it was impossible for datacenters to get more power in London pre-olympics!)

What can I do about this?

For the most part, there isn’t a lot we can do as consumers, contrary to what energy action groups and the mainstream media would have you believe.  Voting with your feet and moving your utility supply to another company WHEN your prices increase, is pointless, its not the solution.

Power generation and supply in the UK is a centrally controlled monopoly, by design (and it used to be a sensible way of operating).  This means that the energy “supplier X” is selling you, is the same as “supplier Y“, longer term you’ll end up paying the same price everywhere (just like petrol).

The only thing you can do is reduce your power consumption.  If every household (and business) in the UK became more energy efficient we would buy ourselves more time to solve this problem.  The utility providers need to use this time to build new power plants and energy distribution capacity.

I would also recommend protecting your sensitive appliances with surge protectors.

So we need more power stations?

Yes and no.  Traditional power stations are not the solution.  We need smaller, decentralized, NUCLEAR power stations.  I know nuclear power is still a “hot topic” and that people (wrongly) believe it to be unsafe.  The main problem with nuclear power is the waste products cannot be disposed of readily with our available technology level.

However, smaller, distributed, region specific nuclear power plants are a viable solution.  A small scale facility providing power to 2 or 3 towns will last hundreds of years, before we have to tackle the nuclear bi/waste-products issue.  In comparison, a single large scale facility catering for the whole of the south, would only last tens of years.  The extra time would allow technology the time it needs to evolve, and people will find solutions to the “energy crisis”.

Renewable energy is not the solution either (not yet).  I haven’t seen any proof (gathered in the UK) to show that renewable energy sources can consistently deliver for our level of demand.  Its pointless looking at the electrical output of a solar farm in Dubai for example.  We need to invest more time and resources in developing renewable energy sources, but they are not the solution to this problem, short or mid term.

If we carry on the way we are going, as a nation of “broken thinkers“, we won’t have sufficient electricity to light, and gas to warm, our homes within the next 10-20 years.

Only the wealthy will be able to afford stable energy, and this disparity will lead to civil unrest and chaos…  Some of you will read this and think I’m being overly dramatic, however, if you think about the problem totally unemotionally, and keeping the big picture in mind, you’ll see the sense of this line of reasoning.

If we continue to look at renewable energy as the solution, we will run out of time.

Small scale, distributed, nuclear power stations are the only viable short to mid term solution!

I would love to hear your views on this.

Using oDesk to get more done

oDesk (and other such sites) are not new, however I’ve recently started using oDesk in a particular way, and I’d like to share some of the thinking and strategy around that in this post.

I’ve noticed most entrepreneurs, especially those who’ve been involved with numerous startups, tend to fall into the “endless to-do list” trap.  Not sure what I’m talking about?

Your task/to-do list has these jobs on it, usually towards the bottom of the list.  Every time you do some house keeping on your to-do list, you move them from one list to the next, they seem to follow you around for months and months.  They aren’t quite urgent/important enough to be done right now, but they still to be done.  The “I need to do that, its a quick/simple thing, I’ll do it later” jobs.

If you recognize the above, you’re already in the “endless to-do list” trap!  Perhaps you knew that, perhaps you’re the mayor of the bottomless to-do list.

As with anything we want to improve, first we have to address why this happens.  Entrepreneurs are can-do-ers by nature, we tend to absorb information, and more importantly in this context, new skills, very quickly.  This means when jobs and tasks come up that we can/could do, but don’t quite fall under the pervue of what we should be doing, we take them on anyway.  This is how it starts.

Of course, in startup world, we have to keep an eye on the costs, more so in lean/bootstrapped startups (as most of mine tend to be).  We can’t simply go out hiring people to do x, y, and z, as much as we would love to.

I’ve recently started using oDesk to get these simple/quick jobs done.  Firstly I had to recognize that it was more effective on my time to pay someone else to do these jobs, and that someone else could probably get the job done quicker – especially if its what they are experts at.

So you’re ready to post your first listing… here are some tips, which I had to learn the painful way.


Break the job down

The smaller the job, the simpler it will be for you to articulate and clearly explain what you would like to get done.  This will make your dealings with contractors applying on your listings a lot smoother.  Depending on the type of job, you may receive a lot of applications from India/Bangladesh/Philippines etc.  This is a good thing, the people applying will be hard working, and want to earn money, for themselves and their families – just like the rest of us.  Keep this in mind when posting the job, English may not be the applicants first language, so keep it clear, concise, and well articulated.  Simplest way, break the job down.

“Its too complex to break down“, don’t be ridiculous, everything can be broken down into smaller parts.  If you’re really stuck, ping me a message, I’m happy to help.


Be clear about who should and shouldn’t apply

State this clearly (and fairly) in your job posting.  oDesk has some powerful tools to limit the skills and competency level of the people you want to be able to apply for the posting.  Most jobs get a lot of applications, save your time (the whole purpose of doing all of this), by being clear.  On a recent listing, I stated that the applicant must live in London, as an element of in person interaction is required.  I still received 30 odd applications from Pakistan/India/Dubai.  These were promptly marked as “Spam” on the oDesk system, which gives the contractor a warning to not simply blanket everyone without reading the requirements.


Set a clear deadline for applications

In your application, state the deadline for applications, and at that time, mark the job private so that it no longer displays.  I recently posted a listing that received 74 (qualified) applications within the first hour.


Set a time to review applicants and make decisions

If you’ve been specific, and clear with what you need doing, you should have proposal type messages from applicants, telling you how long it will take them to do the job, rather than “Can you please clarify xyz” messages.  Decide on a time when you can review applications (and put it in your calendar).  Sit down, take an hour or so, go through the applicants, and make quick decisions.


Qualify applicants in the listing

If you can, set a qualification test in your listing.  I recently needed someone to configure a CISCO PIX 515E firewall in a particular way, a job that I can do, but shouldn’t do.  I wrote the listing with all of my requirements clearly outlined, and simply changed the model of the firewall to a PIX 501 (instead of a 515E).  The 501 cannot be made to do what I had asked for, and I knew this.  I received a load of applications, from people clearly keyword searching for CISCO and applying for the job.  There were only 4 people who identified it wasn’t possible with the 501.  They were the ones I messaged/interviewed, and ended up hiring one of them.

Another job was to crop/cut out a series of images, so I included one of the images on the listing and asked for the cropped version to be sent in with the application – those that didn’t have the image attached to the application were dismissed.  It was also a very good way to see what I was going to get and the quality of the work.  A contractor was hired, and 12 hours later all 15 images had been cropped (at a cost of USD 15.00), bargain.


Hopefully you’ll find your task list shrinking, by outsourcing specific tasks.  If you have any questions or thoughts, please ping me a message, I’m always happy to help.

Happy growing :)