Website security

It seems strange to me that web servers don’t offer the highest levels of security they can by default, only stepping down to lower levels of security if the connecting client doesn’t support it.

Obviously if the server is running on an older platform, such as Windows Server 2003, they may not support newer security standards by default, but in a lot of cases patches have been released to allow support for the newer standards. So, what do you do if you you’re running a Server 2003 platform which is hosting websites that you can’t move for some reason, but you still want to be able to connect to securely?

Well…

  1. Firstly, visit Microsoft and install this Hotfix on your Server 2003 server: http://support.microsoft.com/kb/948963
  2. Click Start > Run
  3. Type regedit and click OK
  4. Navigate to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers
  5. In the AES 128/128 sub-key created a new DWORD called Enabled and set its value to 0
  6. Reboot the server

This will disable AES128 and cause your 2003 server to use AES256 by default instead, providing increased security to connecting clients.

2k3-regedit

So what about if you want to use a higher level of SSL/TLS, given that v1.0 of these protocols have been compromised, and so could potentially release secure information to a hacker?

  1. Click Start > Run
  2. Type regedit and click OK
  3. Navigate to HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
  4. Add the keys TLS 1.1 and TLS 1.2
  5. Within these two keys, add the keys Client and Server
  6. Within each of the four newly created keys, create the following DWORD values:
    1. DisabledByDefault – 0
    2. Enabled – 1
  7. Reboot the server

tls-12-regedit

After this, you may need to modify the security settings in your browser to take advantage of the new security protocols. In Internet Explorer click Tools > Internet Options and select the Advanced tab, ensuring that the required SSL/TLS options are selected:

ie-advanced-options

In order to do this in Firefox / Waterfox follow the steps below:

  1. Open a new tab and browse to about:config
  2. Accept the warning, if prompted
  3. In the search box type: security.tls
  4. Right-click the option security.tls.version.max and choose Modify
  5. Supply the required max supported version of TLS
  6. Restart your browser

waterfox-config

This will allow users to continue to connect to your website using up-to-date security protocols, and as a user you can be sure that your browser is connecting to other secure websites using the best security that it can.

I hope this helps site admins out there, but if there’s anything else, please feel free to leave a comment.

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email

Vial of the Sands

I play World of Warcraft. And I have for some time now had my sights set on obtaining a Vial of the Sands. Well, I now own one! One copper short of 38k, but money well spent, I’m sure you agree!

vial-of-the-sands

WoWScrnShot_092014_123518

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email

Portsmouth

I’ve always liked Portsmouth. I used to have to go there regularly in a former career, but I never got too much time to take in the sights and enjoy the city for the wonderful tourist attraction and monument to naval history that it is.

The Illusive Father has never been to Portsmouth, so we decided to drive down and take a long weekend to visit the city and take in the museums. We stayed at the Ibis Hotel at Winston Churchill Avenue in the city centre. The hotel staff were friendly and the place was lovely and spacious, and despite being in the city centre it was still very quiet. We arrived mid-morning on Friday, and after getting checked in, took the water taxi to the other side of the harbour to visit the museum of naval fire-power and one of the last remaining WWII-era submarines. There were a lot of parts to the Explosion museum that we didn’t get to see because of a wedding that was taking place, but even so, there was still a lot to get round.

The submarine was also very impressive: massive and yet somehow cramped and small at the same time. It was hot, humid and horrible just walking through it: it would have been amplified enormously if the sub was under the water. I would have liked to have gone round the sub again when there were fewer people walking through it – the cramped conditions inside weren’t really conducive to being able to take many photographs, or to investigate too closely.

Dinner that night was at the Old Customs House in Gunwharf Quays. I always enjoyed sitting outside there when I was in the city: guaranteed a good pint, it was always nice and cool, and the views across the docks were amazing.

The next day it was time to visit the ships: HMS Warrior, HMS Victory and HMS Mary Rose. A quick cruise around the harbour was also on the agenda: there are certain things that you just can’t see from the land and the docks.

HMS Warrior was a Victorian ironclad. She had a steam engine as well as conventional sail, and her hull was iron plated. Despite having more weight than other ships of her class and time, her steam engine made her faster and more manoeuvrable than any other ocean-going vessel of the time. Historical records show that she could end engagements by merely arriving in theatre: she never fired a shot in anger – her reputation and her power ensured that enemy ships simply surrendered. Visitors can visit all areas of all her decks, and talk with role-playing volunteers who are all experts in her history to get a sense of what life would have been like as a crewman and an officer on board this mighty ship.

HMS Victory was Admiral Nelson’s flagship, and again visitors can tour almost all of all her decks, though the lower decks are somewhat cramped, so do take care if you’re tall or prone to banging your head on low beams! Again, the ship is impressive: the sheer feat of engineering required to take all that wood and rope and fashion an ocean-going vessel is amazing. It was in pioneering such endeavours that the English became masters of the seas.

The star of the show, however, had to be the Mary Rose. She was the flagship of King Henry VIII, and was sunk in the Solent during a battle with a French fleet. There was always some debate about how she came to sink so quickly, but historical records, examinations of the wreck itself and computer reconstructions seem to point to the fact that after firing a broadside, she was coming about for another volley when the wind took her sails, pitching her into the swell of the water, allowing her gun decks to take on water through the still-open gun ports. She sank in seconds, taking 500 souls with her to the bottom of the ocean. She would spend the next 437 encased in mud, until she was raised in 1982. The remnants of her hull and decks are still being treated and preserved, so close approach is not possible. However, the museum containing her hull has been designed in such a way to allow you to see her decks on three levels, and the museum forms the other “half” of the ship, as it might have been had it survived in entirety. The number of artefacts on display is breathtaking – the amount of history that has survived equally so. I very much recommend leaving this museum until last, or doing it when you have the most time, as this certainly contains the most to see.

I hope you enjoy the photos below: I’ve done some HDR treatment on a few selected photographs, too.

And the HDR pictures:

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email

Public Folders

Public Folders are the bane of every Exchange administrator. They’re quite nice to have, from the point of view of a user, at least, but keeping control of them can be a serious pain. It would be so much easier if these things could be just picked up and lifted straight from Exchange and dumped into SharePoint, but until we can do that, we have to manage them.

Some times, important details can be held in the Description field on the Public Folder item, however you can’t get this information using the built-in Get-PublicFolder or Get-PublicFolderStatistics using the standard Exchange Management Shell. So how to get this information without having to check each folder manually?

Well, if you have Visual Studio at your disposal, create yourself a new C# Console Application project, add a .Net reference to Microsoft.Office.Interop.Outlook - this will require that Outlook is installed on the machine you’re using.

When done, you can use the code below to get your information. This starts at the root of the public folder tree and enumerates through all accessible public folders, obtaining key information about them, before writing out to a semicolon-delimited text file. This requires that the user running it has a MAPI profile and access to the public folder tree. Any folders you don’t have permission to access are skipped and not included in the enumerated results.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using Outlook = Microsoft.Office.Interop.Outlook;

namespace Public_Folder_Info
{
    class Program
    {
        public List<PublicFolder> AllFolders = new List<PublicFolder>();
        private static void Main(string[] args)
        {
            Program p = new Program();
            Console.Clear();
            Console.Title = "Outlook Public Folder Scanner";
            p.EnumRootFolder();
            p.OutputFile();
            Console.WriteLine("\nScan complete.");
            Console.ReadLine();
        }

        public void EnumRootFolder()
        {
            Outlook.Application app = new Outlook.Application();
            Outlook.Folder root = app.Session.GetDefaultFolder(Outlook.OlDefaultFolders.olPublicFoldersAllPublicFolders) as Outlook.Folder;
            EnumerateFolders(root);
        }

        public void EnumerateFolders(Outlook.Folder fldr)
        {
            Outlook.Folders childfolders = fldr.Folders;
            if (childfolders.Count > 0)
            {
                foreach (Outlook.Folder childFolder in childfolders)
                {
                    Console.WriteLine("Scanning: " + childFolder.Name);
                    PublicFolder pf = new PublicFolder();
                    pf.FolderName = childFolder.Name;
                    pf.FolderPath = childFolder.FolderPath;
                    try
                    {
                        pf.ItemCount = childFolder.Items.Count;
                    }
                    catch
                    {
                        pf.ItemCount = -1;
                    }
                    pf.Owner = childFolder.Description;
                    AllFolders.Add(pf);
                    EnumerateFolders(childFolder);
                }
            }
        }

        public void OutputFile()
        {
            Console.WriteLine("\n" + AllFolders.Count.ToString() + " public folders scanned. Writing to file...");
            StreamWriter file = new StreamWriter(@"C:\Pubfldrs\PublicFolderOwners.csv"); // Change the path here to suit your needs.
            file.WriteLine("Folder Name;Folder Path;Item Count;Owner");
            foreach (PublicFolder pf in AllFolders)
            {
                file.WriteLine(pf.FolderName + ";" + pf.FolderPath + ";" + pf.ItemCount.ToString() + ";" + pf.Owner);
            }
        }

        public class PublicFolder
        {
            // Several properties are included in the Class which are not returned. Feel free to add the necessary code, or delete them from the class if required.
            public string FolderName { get; set; }
            public string FolderPath { get; set; }
            public DateTime Created { get; set; }
            public DateTime LastAccessed { get; set; }
            public DateTime LastModified { get; set; }
            public int ItemCount { get; set; }
            public int Size { get; set; }
            public bool MailEnabled { get; set; }
            public string PrimarySMTPAddress { get; set; }
            public string Owner { get; set; }
        }
    }
}

I hope this is useful for your all. If you have any comments, please feel free to let me know.

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email

Competative Quartet

A musical quartet with a difference – I bet these ladies are amazing live!

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email

SQL Server database backup times

It seems to be a common issue for those in charge of databases. How to check when a database was last backed up.

Well, you could always check the location of the backup files (if using SQL Agent jobs to create flat-file backups) or check the recovery points available in your backup software (such as Microsoft’s DPM). You can also check the properties of the database itself in SQL Server Management Studio. This is fine if you only have a couple of databases in your instance, however in large instances hosting many databases, its often time consuming and tedious to do it this way.

Using the script below you can get the last date and time a log and full backup was taken (as well as recovery model information) for each database in a SQL Server instance:

DECLARE @dbname VARCHAR(200)
DECLARE @lbackup VARCHAR(50)
DECLARE @fbackup VARCHAR(50)
DECLARE @recmodl VARCHAR(20)
DECLARE @bckuptbl TABLE(DBName VARCHAR(200), logbackup VARCHAR(50), fullbackup VARCHAR(50), recovmod VARCHAR(20))
DECLARE c CURSOR FOR SELECT name FROM master.sys.sysdatabases
OPEN c

FETCH NEXT FROM c INTO @dbname
WHILE @@FETCH_STATUS=0 BEGIN
      SET @fbackup = (SELECT CONVERT(VARCHAR(50), MAX(backup_finish_date)) FROM msdb.dbo.backupset WHERE database_name = @dbname AND type = 'D')
      SET @lbackup = (SELECT CONVERT(VARCHAR(50), MAX(backup_finish_date)) FROM msdb.dbo.backupset WHERE database_name = @dbname AND type = 'L')
      SET @recmodl = (SELECT recovery_model_desc from master.sys.databases WHERE name = @dbname)
      IF @fbackup IS NULL
            BEGIN
                  SET @fbackup = 'Never'
            END
      IF @lbackup IS NULL
            BEGIN
                  SET @lbackup = 'Never'
            END
      INSERT INTO @bckuptbl (DBName, logbackup, fullbackup, recovmod) VALUES (@dbname, @lbackup, @fbackup, @recmodl)
      FETCH NEXT FROM c INTO @dbname
END

CLOSE c
DEALLOCATE c
SELECT DBName, fullbackup, logbackup, recovmod FROM @bckuptbl ORDER BY DBName ASC

When run you should expect to see something like the output below:
sql-results

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email

Making your websites more secure

Most web administrators will be familiar with the concept of certificates. Essentially, these are digital ID tags that clients and servers use to ensure the identity of communication partners, as well as the integrity of transmitted data. They are also responsible for the cryptographic exchanges which form the backbone of our secure digital communications.

Most key exchanges carried out over the internet use a public-private key pairing, and shared keys are passed between clients and servers using an encryption algorithm called RSA. I won’t go into too much detail about how these things work, as they are pretty complicated and knowledge of their underlying mechanics isn’t required for what I’m going into in this post.

You may notice when you bring up the properties of a website that you have navigated to, you’ll get some details about the strength of the cryptography that the server you’re connecting to uses. One of those properties (depending on the security method used) will be the length of the RSA key that you’re using.

cert-properties

I’ve gone into the differences between various key types and the benefits of longer keys in other posts, but given that 768-bit RSA keys have been compromised, website admins who offer their sites over secure connections should be looking to upgrade the bit lengths of their RSA keys to at least 2048-bit.

As you can see from the screenshot above, the example site is secured using a 1024-bit exchange, which could do with upgrading.

If you get your website certificates from a vendor, they should do this for you automatically as part of their service, however if you run your own certificate authority (CA) on an internal domain, for example, you will have to get a new certificate from the CA.

The problem you may encounter, especially if the websites are hosted in Internet Information Services (IIS) is that IIS will always request the WebServer certificate template from the CA, and will complain if that template is ever removed from the list of published templates. You will also find that superseding the WebServer template with a duplicate also lacks the desired effect.

So, how do we get a new certificate with an increased bit length which we can use to better secure our connections? Easy: just follow the steps below…

Note that mucking about with anything relating to cryptography or certificates is likely to require elevated permissions.

Firstly, log onto the CA, open the Certification Authority MMC snap-in and select Certificate Templates:

cert-authority

In here you’ll see all the templates that your CA is configured to issue. There are plenty of others, so seeing additional ones and, indeed, not having all the ones shown above is perfectly normal.

Right-Click on the Certificate Templates folder item in the left-hand pane and choose Manage from the context menu. This will open up the Certificate Templates Console.

cert-templates-console

This console shows all the templates that are available to your CA, including those templates that it is not configured to issue. Find the Web Server entry in the list and right-click on it, choosing Duplicate Template from the popup menu.

web-cert-menuIn the popup window, choose which compatibility level you want for your new template. More recent Server versions offer additional functionality, but keep in mind that you may need to be more backwards compatible for some older clients which could be on the network. Naturally, if all the clients are reasonably up-to-date then choosing the most recent version of Server available is the way to go.

cert-server-version

The next screen shows you the properties of your newly created certificate template.

new-cert-properties

On the General tab, complete the Template display name, Template name, Validity period and Renewal period fields as required. On the Request Handling tab ensure that Purpose is set to Signature and encryption and that Allow private key to be exported checkbox is selected. On the Cryptography tab, select the required Algorithm name and (where required) the Minimum key size. At the bottom of this tab, select the method which will be used to hash requests in the Request hash field.

cert-crypto-properties

Remember when completing these details that larger bit-lengths are more secure, but there is a possibility that not all clients will be able to connect using higher grade encryption: make sure you choose values that are appropriate to your environment and needs.

Next, head over to the Security tab. This works the same as standard NTFS permissions on the filesystem. You’ll need to ensure the computers which will be using this certificate have their accounts added in here: if multiple computers are likely to be using it, it will probably be worth your while creating a group within Active Directory to hold their accounts.

add-server-perms

The server account or group should have READ and ENROLL permissions set. After adding these, click OK on all open dialog boxes to return to the Certificate Templates Console. Your new certificate template should be listed and visible.

Return to the Certificate Authority console, and right-click the Certificate Templates folder in the left-hand menu, and choose New > Certificate Template to Issue.

add-new-cert-issue

Find your new template in the list and click OK. The template will now appear in the list of certificates available to issue.

Now on to the next part: getting the new certificate into IIS. To do this, you need to log onto the web server in question, and open a basic MMC console. When open, click File > Add/Remove Snap-in. From the list of available console, choose Certificates and click Add, choosing Computer account when prompted.

add-computer-account

Click Next, then ensure that Local Computer is selected before clicking Finish. Click OK to close the add snap-in screen and return to the MMC.

Expand Certificates > Personal > Certificates to see all the personal certificates assigned to this computer’s account.

cert-store

Right-click Certificates in the left-hand menu and choose All Tasks > Request New Certificate to open the request wizard. Click Next on the first screen, then select Active Directory Enrollment Policy and click Next.

cert-enrollment-1

After a few seconds, a list of all available certificates will be displayed, and your new template should be one of them.

cert-enrollment-2

If you see the message saying more information is required, as shown above, click the message to enter specific details relating to the name and organisation on the certificate. When completed, click OK. If all the required information has been entered, the message will be removed from this screen, and the Enroll button will be available after the certificate is selected.

If the process completes successfully, the following screen will be displayed, otherwise the Enrollment process will tell you what has gone wrong and you’ll have to start this part of the process again.

enroll-success

Click Finish to complete the process.

Next we need to add this into IIS so we can apply it to the website binding. Start the IIS console by clicking Start > Administrative Tools > Internet Information Services (IIS) Manager.

Select the server (not the website) from the left-hand menu and double-click the Server Certificates icon in the central pane.

iis-central-pane

The certificate we enrolled the web server into in the previous part of this process should be listed in this section.

iis-server-certificates

If everything is OK here, expand the Sites folder and select the website whose bindings need to be changed to use the new certificate. If the new certificate isn’t present, try closing and re-opening the IIS console. If this doesn’t work, perform an IIS reset and try again.

With the website selected, choose Bindings from the right-hand action menu.

site-bindings-action-menu

In the Site Bindings screen, select the entry for https and click Edit

bindings-main

This will bring up the properties specific to that particular site binding. In the SSL certificate field, your new certificate should be a selectable option from the drop-down menu.

ssl-cert-field-expanded

Select it, and click OK on all open dialog boxes to return to the main IIS admin console. The next time you browse to that particular website and check the properties of the page, you’ll see that your new certificate has taken effect and that the newer, longer keys are being used to provide increased security for your visitors.

cert-properties-newIf you have any problems following this guide, or if there’s something you’d like some help or advice on, feel free to contact me and let me know what it is, or leave a comment here on this post and I’ll do my best to help.

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email

Money is the drug

No one can have missed the news recently regarding the attempted takeover of AstraZeneca by Pfizer. For anyone that may have missed it, some crazy sums have been offered for AstraZeneca, with some news agencies reporting figures in the $60bn region.

Naturally this takeover bid has polarised the political community, with various MPs and ministers coming out either in favour of the takeover and the benefits it could bring to the UK economy, or against the bid, citing the risks and uncertainty of having UK drugs research and development no longer in the hands of UK citizens.

One of those coming out against the merger was Ed Miliband, the leader of the Labour party. He would like major pharmaceutical companies treated in the same manner as the corporations which produce a lot of our military materiel, with national interest assessments carried out and the government having the power to block any mergers or takeovers which didn’t pass the tests.

From a certain point of view, this seems like common sense: after all, why put the manufacture, research, development and provision of your infrastructure in the hands of a country that you have no control over?

Why should this be a concern now? Well…

Back in 2007, after becoming Prime Minister, Gordon Brown appointed a lady called Shriti Vadera to the post of Parlimentary Under-Secretary of State within the Department for International Development. However, as she was not an elected MP or a member of the House of Lords, she was created a life peer as Baroness Vadera of Holland Park on 11 July 2007.

When she left politics in 2010, she was appointed to the board of AstraZeneca as a non-executive directory. She went on to donate £4,402 to Ed Miliband’s office for “venue hire and catering costs for evening events”.

One might think that, a former Labour party politician who was made a life peer by that party, who went on to become a director at a major pharmaceutical company, who then subsequently donated cash to the leader of the party she used to work for and who made her a peer, who himself then waded in so publicly in such a high profile event in favour of the company in question could be considered to look a little dodgy…

Just saying.

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email

New car

Its taken me a while to get around to posting about this, but I’ve been riding around in some new wheels for the past couple of weeks.

The Barge (my Volvo S80) which has served me faithfully these past (nearly) 8 years has been traded in, and in its place, I have The Beast: a Jaguar XF, looking resplendent after a wash and polish. She has the requisite 3.0 litre V6 diesel engine and all the fancy toys (some of which I’m still learning about even now…). Black leather interior with walnut wood trim finishes the look.

car-wash-hdr-edit

As the advert says, its good to be bad!

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email

UKIP and why I’ll be voting for them

Those of you who don’t live in the EU have probably escaped the fact that on May 22, a large proportion of us are going to vote for our representatives in the European Parliament – our MEPs.

I have been asked on several occasions how I plan to vote, and why. I plan to vote UKIP, and these are my reasons why.

UKIP is the party of choice

Labour, the Lib Dems and Greens aren’t interested in giving anyone a choice about membership of the European Union (EU), or the creeping autocracy we find ourselves increasingly living under. These three parties stand for increasing amount of EU interference in our daily lives, with more power for EU officials and departments.

The Conservatives have some good rhetoric regarding the EU, but that’s all it is – empty words. David Cameron has a demonstrable track record of not delivering on promises regarding Europe (anyone remember his “cast iron” guarantee?) and he has already stated in a small and overlooked (at least in the UK) part of the Spanish press that if the UK electorate did vote to leave the EU he would simply ignore the result. His noises about Europe are born out of fear of UKIP’s increasing popularity and the prospect of rebellions and defections from his own more Eurosceptic back-benchers and grass-roots members.

Even if we assume that David Cameron plans to make good on a small part of his pledge to “reform” the EU in the interests of the UK, he has no power to actually deliver on his promise. Changing the way the EU operates requires majority agreement of the member states, and I don’t see the other countries simply allowing Dave to change things as he wills. The Conservatives have been a spent force in Europe since Thatcher was ousted from the party back in the early 90s – a vote for Dave is a vote for the status quo.

One of UKIP’s major arguments is that we have never actually had a referendum on membership of the EU. Those with their feet firmly rooted in the campaign to remain part of the EU are quick to point out that we voted in 1975 to remain part of the European Economic Community (the EEC) which we had joined in 1973. This is true, but what they don’t point out is that the EEC as it was in the 1970s is a very different animal to what the EU is now. The EEC was, essentially, a multinational trade agreement for disestablishment of borders across the continent, allowing freedom of trade in a single Europe-wide market. This was a sensible idea, and one that even the most staunch anti-EU people would probably still vote in favour of today. The EU is a supra-national government and political organisation, passing laws on a daily basis that affect hundreds of millions of people across the continent and the world at large.

No one in the UK has ever voted to be a member of the EU: membership is simply something that mutated over time. Considering the EU likes to say that it stands for democracy and freedom, and that its representatives like to trumpet that line as often as possible, you’d think they’d be more willing to listen to dissenting voices, rather than try to stifle criticism of their organisation.

If you want to actually have a meaningful choice about whether to stay in the EU, UKIP is the only political party with the resource and the will to deliver it.

UKIP is not racist

There have been a number of incidents reported in the press recently regarding some badly chosen words by UKIP members and representatives, which the more mainstream political parties have tried to spin (with the aid of the mainstream media) into a story which portrays UKIP as institutionally racist. This is nonsense.

I’m not going to deny that there are a few “bad apples” amongst UKIPs members, and that some of those may eventually pass through to stand for the party as a potential candidate. However, UKIP is a growing political party that, as yet, does not have the networks and resources that the larger parties have which enables them to “weed out” these more undesirable individuals. Even so, there are still a few that make it through the filters of even the Conservatives, Labour and Lib Dems:

These are just a handful of stories that have been in the press recently: if you’ve a mind to go looking, there are other examples. You might not have seen too many of them, though – it’s as though only stories which discredit UKIP and its candidates and members make the mainstream media; those which affect other parties never make it past the sidelines.

I’m not seeking to defend those people mentioned in the links above, nor those people who purport to represent UKIP with their unsavoury rhetoric and ideals. I’m simply pointing out the double-standards in the reporting of these incidents.

A lot of the racism claims that are levelled against UKIP come from their policies relating to increased control of immigration. This has long been a staple response of those on the left of the political spectrum: whenever anyone mentions controlling immigration in any way, they point their fingers, their mouths all frothed in rage and scream “RACIST!”.

This is nonsense.

It has never been racist to acknowledge the fact that migrants have an impact on the country they move to, both positively and negatively. It is also true that, due to the UK economy being stronger than a lot of the other countries in Europe, we are a more attractive prospect for migrants looking for work or a new start, and this is evidenced in statistics:

migration-chart

The chart above was generated using statistics from an ONS report (PDF) and shows the levels of migration over time (in thousands), along with a trend line for net migration: more people are now arriving in this country than ever before. When these people arrive they are going to need:

  • To get about – this will have an impact on our already over-burdened road networks (if they drive) or our public transport networks (if they don’t)
  • To look after themselves – this will have an impact on our already overstretched GP surgeries and A & E departments in hospitals
  • To find work – this will place an additional burden on the labour markets, potentially driving down wages and removing competition from employment markets. Those that can’t find work will need benefits or support, placing further burdens on our overstretched benefits systems
  • To send their children to school – the competition for school places is already fierce, and there aren’t enough to go around, without adding extra people to already oversized classes and placing further demands on our education system and its support staff and teachers
  • Somewhere to live – in most cases, people arriving in the country won’t have the resources to buy their own houses, meaning they will either be renting (driving up demand for rental accommodation, and hence prices) or they will need social housing, driving up demand for this already scarce resource, and placing additional burdens on the local authorities whose job it is to support them. Those that can’t buy, rent or get social housing for some reason will probably become homeless and live on streets, which will have an impact on crime levels, as well as have complications for their health

It is not racist to want answers to these issues, and to have mechanisms in place to allow those people newly arriving into the country to integrate into society as quickly and seamlessly as possible. Stifling debate about these issues only serves to further the duration and level of their impact, both on those newly arriving into the UK and those people already here who have to help deal with the situation.

UKIP is not about shutting the doors and stopping people coming into the UK. It is about placing a moratorium on migration to the UK to allow us to address the issues we already have with those that are already here, and make preparations for those that want to come here, before opening the doors.

At present, the only people we can control coming into the country are those citizens from countries outside the EU: we have no control over how many EU citizens can move to and live in the UK, and this strikes me as being very strange. Control over your own borders is the right of every sovereign state, and one of the primary duties of any government, no matter what colour rosette it wears.

Let’s stop this nonsense relating to wanting to talk about immigration being racist and start answering some of the questions that immigration poses us. You can’t deal with a problem by brushing it under the carpet and pretending it isn’t there, and that’s all the other parties seem intent on doing.

UKIP is the only party that treats people like responsible adults

No one can have missed the constant, creeping nanny-state mentality that we had to endure under the 10 years that Labour were in charge of the country, both under Tony Blair and Gordon Brown. Far from slashing red tape, Dave has continued to introduce nannying rules, some from EU legislation and others of his own making.

Just this past week, Labour have said that if they win the next general election (to be held in 2015) they will introduce legislation to force people to get fit and control what they can eat and drink. In the last decade the political classes have stopped viewing the electorate with the fear and respect they should be viewing us with (we control their fates with our votes, after all) and instead have shown nothing but disdain and disrespect towards us. We are not intelligent people, capable of rational thought and our own decision making processes, we are dumb cattle who must be herded along and told what to do for our own good.

UKIP does not stand for this brand of politics. UKIP treats voters with the respect they deserve: if you want to go down the pub and have a pint, that’s fine; if you want to eat a pizza while watching the football, that’s fine; if you want to nip outside for a quick cigarette, that’s fine. The electorate doesn’t need more control and more shepherding, it needs more freedom from government and nanny state interference in our daily lives. UKIP are the only party that will give you that: the other parties simply insist on furthering their own surveillance of you and your daily life, and furthering their regulation of you and your daily life.

This is not how a free country should be.

UKIP is not the party of fear, it is the party of optimism

There have been several reports in the mainstream media recently, featuring sound-bites from pundits and politicians stating that UKIP is the party of fear. This is, again, simply not true.

We are all exposed to fear every time we see an advert in the press or on TV: if men don’t keep their facial hair a certain way, women won’t find them attractive; if women don’t wear a certain brand of make up, men won’t find them attractive; if you don’t use a certain type of tooth paste, you won’t have nice teeth; if you don’t wear designer glasses, people will think you’re a social misfit. The culture of fear is all around us, and its what drives us to consume.

Politically, these people are saying that UKIP’s desire to leave the EU is spreading fear about the future: I say this isn’t true. While it is certain that we do conduct a large amount of business and trade within the EU, that is largely because we are restricted by EU laws preventing us from trading elsewhere without going through the EU first. A withdrawal from this arrangement could see us trade more freely with emerging economies in India, China, Japan and the rest of Asia, as well as with the Commonwealth and the United States. Any trade conducted with the EU would still be there – after all, if the market for our goods and services is as large as we’ve been told, it won’t simply disappear by magic overnight.

A withdrawal from the EU will free us up to trade as we want with who we want, and remove reams of red tape from those companies that don’t trade within the EU but still have to meet their exacting regulations and standards. This will allow those business to grow and develop, getting larger and moving to new markets and increasing productivity, wealth and employment. Leaving the EU does not mean mass job losses, it means mass job creation!

Far from being the party of fear, UKIP is the party of optimism: the other parties are the parties of fear – they want you to be afraid of the change that UKIP stands for because they want you to help them maintain the status quo and their own control over the machinery of government.

In conclusion, if you want a proper, meaningful choice in how this country is governed and the direction it should go in, vote for UKIP. Because they are the only party with the will and the means to give you that choice.

ukip

Share and Enjoy:
  • Digg
  • StumbleUpon
  • Technorati
  • del.icio.us
  • Twitter
  • blogmarks
  • HackerNews
  • Tumblr
  • Posterous
  • email