Re: Poor guy - the bleeding edge of British Law...
They spent more than "a few minutes" doing just that.
Posts by Martin Milan
134 publicly visible posts • joined 22 Sep 2007
UK High Court split over Twitter airport bomb joke
Yahoo! fires! patent! lawsuit! at! Facebook!
Brit pair deported from US for 'destroy America' tweet
Top cops placed under Freedom of Info law
Tuesday 8th November 2011 13:21 GMT 
Network Rail
Another body that really should be on that list is Network Rail.
Aside from the scrutinty this would allow them to be held to in terms of complance with safety concerns etc, it could also be said that their financial management has at times been rather suspect. We are 40% less efficient than our continental cousins when it comes to rail maintenance...
FOI could be put to considerable use were it to be available as a tool with which to hold Network Rail to account - effectively a publicly funded body who should expect all the scrutiny that priviledge ought to entail...
Martin.
Prang finder site reveals accident blackspots
Friday 30th September 2011 11:38 GMT 
Hmm...
Well, the site seems to be down, so I can't comment from experience yet...
Still, I suspect it would prove an "enlightening" exercise were our government IT chaps and chapesses to compare and contrast both the results and the costs of both this and the crime data site.
If they look carefully there is probably a couple of lessons involving "overpaid consultants" and "letting people who know what they are doing manage the project themselves" to be had in there somewhere...
Ubisoft revisits Internet-at-all-times DRM
Friday 29th July 2011 09:43 GMT 
Ok Ubisoft - here's the thing...
Your online service sucks, and it sucks big. I recently bought Rainbow Six Las Vegas II, which is supposed to require me to log into a Ubisoft account if I want to play online with friends. Four of us bought the title, and all four have had various problems with your network not responding. It got to the point where we simply gave in - and when we play now we use Tungle and from the game's point of view host locally on a LAN.
Why are we having to work around your shite software though?
On the back of this experience, all four of us have sworn not to go near Ubisoft again...
Universal Music passwords exposed by Anonymous hack
Friday 8th July 2011 10:02 GMT
Oh dear...
Dear Anon,
OK - Security 101...
A hash cannot be easily converted back to a string that would generate it. You might, if you're exceptionallty lucky, get a "candidate" string, but you can't be sure it's the right one, and if you try and brute force it, you will get multiple false positives to contend with.
Now, not being able to get back to the original plain text is important, because many users have the annoying habit of re-using passwords. So, if you can get the password they used for their pop group fan site, you might just also have their Facebook, online banking, Twitter password etc... This bleed over from a compromised site is a common attack vector.
The reason I wouldn't store the password on a site I wrote, even in encrypted form, is simple - I don't need to take that risk. Using hashes will let me authenticate, but it scuppers a lot of things that might be done with my user database should some script kiddie ever get their mits on it - which they won't - but that's another story...
Salting the hash gives a huge improvement in security, because I'm no longer using a standard algorithm to go from the user's supplied password to the hashed value - which means brute forcing is out of the window, so long as you don't know my algorithm. My algorithm would also be include references to random bits of information that the user never knew was associated to their account as well - random data generated when they registered for example...
So, where are we now? If you want to get at the passwords for my users, you are going to need enormous computing resource (ok, you might be the NSA...), knowledge as to the algorithm I have used to salt my hash (ok, I might have a rogue developer turn bad or something...) and access to my Database - which is in turn protected by it's own security system.
And here's the thing - I'm NOT a web developer by trade. So if I know how to implement half decent security, how comes the fat consultants paid by the lads at Universal don't?
Ps. Of course I don't like the password stored as plain text - any numpty can see that is the case from my comment. The point is, I don't like the password stored AT ALL!
Has UK gov lost the census to Lulzsec?
8m health records go walkabout
Wednesday 15th June 2011 13:20 GMT
Wha?
Erm, no.
Find someone with a nice embarrassing condition - now then - how many people share that postcode? Let's say 20. How many are men? Ok, let's say 8. How many are 43 years old? You do see where I'm going here, don't you?
Or maybe you'd like something a little more sinister - Pick a celeb, start with postcode etc etc. Would anyone put this past the tabloid press?
Not feeling quite so smug now, are ya?
CPS: We won't prosecute over BT/Phorm secret trials
Saturday 9th April 2011 17:02 GMT
Their days are numbered.
I think we need start asking some very serious questions about the very existence of the CPS.
I immediately look toward their behaviour in both the Ian Tomlinson case and the Twitter Joke Trial, and what I see is a body that has no interest in justice as I understand the term...
How the hell can they argue there has been harm from this? I now have to encrypt my internet traffic (and pay for that) because I cannot rely on either the morals of my ISP or the laws of my country to defend me from a blatant invasion of my privacy! Many others I dare say have taken similar measures.
Maybe we need some sort of Public Prosecution Agency where we actually get a jury (not the trial jury, a seperate one) to act as the final decision makers on whether or not a prosecution is in the public interest.
Doing nothing, as the CPS seem to prefer, is most definitely AGAINST the public interest.
Martin.
USB key to 4,000 vulnerable people's front doors lost
Tuesday 22nd March 2011 15:19 GMT
No!
... You most definitely are not meant to take it that way...
If the data as encrypted, the third party supplier would have explicitly said so. The council would be screaming it from the rooftops.
The fact that they aren't anywhere near the roof tells me that this is most likely data in an obscure format. Knowing public bodies, probably Microsoft Works.
Someone needs to give these people a kick up the arse.
Bold as brass metal thieves disrupt rail, comms, electric
Monday 7th February 2011 09:57 GMT
Sense? From ACPO???
ACPO are not my favourite organisation (hey - I like liberty...), but they're not so far off the mark with this one. I would have concerns about senior police officers having the power to directly close buisnesses, but they're on the right lines (pun intended).
What's needed really are two things.
First of all, scrap metal dealers should be licensed, and rather than doing this at a buisness level, it should be done at the individual level - much as the security industry is governed today. This prevents the buisness simply doing a pre-pack, and opening up as a new buisness, with a whole new identity, the following week.
The scrap dealers are one place to focus your efforts, because evidentially, everything eventually congregates with them. If you can prevent scrap dealers from taking the stuff, then you remove the demand.
Secondly, the Transport Police need to go on the offensive, and actually start patrolling the track. PIR detection systems around infrastructure would help, but you'd need to deal with the issue of false positives from wildlife etc.
Last week I was stopped on a platform in Doncaster by a BTP PCSO and asked if I was aware of the problem of cable theft. Erm, Hello? I'm a bloody rail user - OF COURSE I'm aware of the issue!!! They need to stop doing pointless exercises like this, and actually address the problem directly...
John Barry dies at 77
ASSANGE ARRESTED in London - in court later today
Twitter 'martyr' takes airport joke case to High Court
Blogger faces terror charges for 'naming MPs'
Cyber cops crush plod-snapper site following Millbank riot
Tuesday 16th November 2010 12:39 GMT
Yeah, but...
Fitwatch are also concerned with the fact that the police (in the form of Forward Intelligence Teams) are also compiling a massive database on the activities of PERFECTLY LAW ABIDING members of the public engaged in peaceful protest. It's not just the nutters smashing windows and throwing Fire Extingishers that the police are going after.
When you can me labelled as a "Domestic Extremist" merely for attending a church meeting, then maybe the likes of FitWatch et al have a point.
As for advising people I lie in court, I haven't personally seen that advice, but if it truly does exist then there is absolutely no excuse for it. Tell the truth in court - not only is it the moral thing to do, it's also the SMART thing to do...
Twitter joke martyr loses appeal
Thursday 11th November 2010 23:37 GMT
No...
Really - apparently Stephen Ferguson, David Allen Green, Paul, Crazy Colours myself, and about 90% of the other people in the courtroom were wrong to think that this might, and i empathise MIGHT, be a joke. Oh no. Obvious, innit...
I'm personally convinced I have witnessed a miscarriage of justice, and it doesn't leave me with a warm fuzzy feeling...
Martin.
Thursday 11th November 2010 23:37 GMT
Not only that...
As Mr. Fergusson (defence barrister) described to her at some length, the only way she could find that Paul had such intent would be to decide that we was lying in his testimony in court today, in which he very clearly started he had no such intent.
Let that sink in for a minute... In order not to have reasonable doubt in her mind as to intent, she had to convince herself that he was lying. Now, for my money (and I was 20 feet away), he was actually very convicing in his testimony - he came across as precise what he is - someone who made a silly mistake and now regrets it.
Did the judge feel Paul was owed an explanation as to precisely how she had reached the conclusion he was laying? Nope! Not a word in justification. Not an argument, not a proposition... Not even so much as a vague hint as to where she dreamt that one up.
Martin.
DARPA, NASA team on '100-Year Starship' project
Twitter joke appeal adjourned
Monday 27th September 2010 13:30 GMT
My thought from the first day of the appeal...
This wasn't originally intended for here - so sorry for the descriptions of HTTP messages for dummies...
Well, I was in court for the first day of the appeal on Friday, and here's my view...
<b>Paul and CrazyColours</b>
Having followed Paul on twitter since this whole thing came up, he does have an over-active sense of humour, and he is a prolific user.
He's also, having met the guy in person, a thoroughly likeable, respectable chap. Strikes me as a generally responsible sort, who finds himself in his current position following an ill-considered tweet mixed with a dollop of Airport/Police/CPS inflexibility.
As for CrazyColours, well she's not on trial here - but for the record she struck me as a thoroughly pleasant young lady. She doesn't exactly fit the profile of a counter-revolutionary...
<b>The Tweet</b>
The tweet itself is, to my mind, clearly a joke. I formed that impression before the hearing – which is a good part of the reason I was actually at the hearing. Clearly Paul was not proposing to make the airport a little more accessible to planes at 37'000 feet.
<b>The Other Tweets</b>
There were, as I first learned on Friday, a couple of tweets before the main one. Both were clearly jokes (and didn't contain threats). Clearly the work of a man trying to impress a young lady with his good humour...
<b>Was the message threatening?</b>
No.
The content of the tweet clearly, in my view, marks it out as a joke.
Most people threatening to ensure an airport goes up in the world, one would think, are unlikely to be so obliging as to give a few days notice of their plans. I think I'm right in saying that the Airport Manager didn't notice the tweet until a couple / few days after it was written.
<b>Is the Airport Manager an idiot</b>
In my humble opinion, NO.
He has a number of duties and constraints he has to consider when going about his job, procedures that are laid down by bigger fish than he. Although he testifies that he was astounded to find the message in the public timeline, he also stated that it could well have been a joke. But, he is forced to pass the matter on to Security, who again, by policy, are forced to pass it on to the Police.
The procedures apparently do not allow for the flexibility for someone to say “The guy's a pratt. Message him back and tell him not to be so stupid...”. You might even feel that perhaps having someone from Security / Police give Paul a hair-dryer moment might not be unreasonable. Once we get into criminal prosecutions though, we've gone too far. How much has this case cost the public purse now? Would a “Don't be a pratt” message have been a lot cheaper?
There is evidence that everyone one in the chain thought this was a joke, with the exception of the CPS. You know, that well known champion of public freedom who never waste public resources whilst ensuring they can always be arsed to show up at trials having prepared their evidence in time... Those lads...
<b>Did Paul intend to threaten an airport?</b>
No. Really, he's just a plain ol' guy who, to reference Marcus Brigstocke, eats cheese like normal people.
<b>Did Paul foresee the potential reaction to his message?</b>
Given he sent it I would suggest the answer is No.
<b>Is Twitter a Public Telecommunications Network</b>
I've put some serious thought into this, and I have decided NO.
Let me explain...
Twitter is basically a web-application – something I'm familiar with as I happen to be a software developer. It works by receiving messages (technically called HTTP Requests) from people's computers over the internet, processing what the user is asking to do, and then sending content back to the user's computer in the form of a HTTP Response.
Twitter's infrastructure is both privately owned, privately funded, and I suspect located in a foreign country (The United States). Twitter itself is plainly not a Public Telecommunications Network within the meaning of the act.
You could argue however that the content of the HTTP Request itself is sent over the internet, and the internet (regardless of who you are using as an ISP / telecoms provider) does use the Public Telecommunications Network (ie BT's infrastructure).
However, does the HTTP REQUEST itself convey a threat? I would say no – it simply conveys a private instruction to the server, seen by no-one other than the server, which the server then decodes and works out what do with. The HTTP REQUEST (the bit using the Public Telecommunications Network) is not sent directly to the person who ends up reading the message – it is sent to Twitter's server. The end user only receives the content of the tweet perhaps days later when they log onto Twitter and check their tweets – and this is done by means a Completely separate exchange of messages. There is no single message that makes it all the way from the person who posted the tweet to the person(s) that receive it.
I don't actually think section 127 applies to any web application, as they all essentially work as detailed above. But then I'm not a lawyer – Stephen Fergusson is, so we'll leave it with him.
<b>In the end...</b>
I wish Paul and CrazyColours well... They are merely the unfortunates who managed to get caught up in this – because with the airport procedures as they were, someone was ALWAYS going to fall into this trap.
The fact that anyone could easily fall foul of this is precisely why the original conviction (aside from being unjust) cannot be allowed to stand. This has huge implications for everyone here, and Paul deserves everyone's support – not just from the Twitter community either. If you use Facebook, you're just as vulnerable.
Good luck guys,
Martin Milan.
Devil manifests in Hungarian bathroom
USB stick with anti-terror training found outside police station
Orange coughs to data network failure
UK.gov pledges licence fee 'rethink' over heavy catch-up use
Tuesday 27th July 2010 12:13 GMT
General taxation.
No - take it from general taxation.
This way, everyone pays according to their ability to pay.
I agree with you that one of the BBC's main strengths is it's independence - and that independence is easily protected by simply having a Select Committee of Parliament decide on the BBC's funding each year...
Next?
Cops taser Somerset chap's nether regions
Steve Jobs death-grips iPhone 4 reality
Tuesday 20th July 2010 20:47 GMT
Apple - Rotten to the core?
Personally, I used to have a lot of time for Apple - sure, their computers were very expensive, but that was fine, because they were also VERY good. As a company they seemed to take some pride in the product.
Having moved into consumer electronics however, they seem to have lost some of their shine... I know colleagues who have nightmare stories of Apple's customer support - we have the treatment of developers on the AppStore, and then all this iPhone4 stuff.
Jobs and friends have turned their products, which used to be the very essence of cool, "look at me I'm a techie who knows my stuff" brilliance into the sort of thing that no god fearing techie would go near now.
Not entirely sure if that was a good idea Steve...
UK.gov scraps stop'n'search terror power
HTC posts Android 2.1 update for Hero phone
Duff French missiles for Royal Navy finally fixed
Hack on e-commerce co. exposes records for 200,000
Saturday 5th June 2010 11:43 GMT
Injection
My first thought on reading this was "SQL Injection" - in common with i day say 99.8% of my fellow Reg Readers. After than, then next thought (probably around the same figures) was "Why are they using code like this"?
Whilst not forgiving, I can certainly understand startups going with the lowest bidder, and just trying to get the thing working and call it a day. It's wrong, it's shocking, but it happens...
However, once you've found commercial success and therefore presumably NOT got an idiot running your IT in your IT centric company, you would think whoever the lucky encumbent is would take a moment to code review what happened before his time - and especially on public facing aspects of the code.
Not good at all...
Martin.
ConLibs issue orangey blueprint for government
Exam board deletes C and PHP from CompSci A-levels
Thursday 13th May 2010 21:36 GMT
My apologies...
... I'm afraid I live in the real world, and in the real world A Level Comp Sci students are more likely to have Windows on their machine than any variant of Linux - not that having them work with Linux would be a bad thing, because it wouldn't...
Their school / college is likely to be running Windows as well - not many places at that level would have Linux support on tap...
But if they have Linux, or Windows, or just about anything else, then they still have the option of Eclipse for Java...
Thursday 13th May 2010 21:36 GMT
Oh really?
VB's not even a proper programming language eh? Erm, VB.Net is every bit as capable a language as C# and Java matey. VB6 is a bit lacking, but regardless was used to write half the world's GUI applications.
The VB you're refferring to is actually VBA (Visual Basic For Applications) - and the fact you could confuse this with proper VB perhaps might provide a hint as to why you were teaching programming fundamentals rather than being trusted to do anything meaty out there in the real world...
Martin.
Wednesday 12th May 2010 14:16 GMT
Erm...
Schools will not be able to get VB6 - it's out of support.
As for putting more shillings Micro$haft's way, how do you figure that? Give them a version of the DotNet framework (free), and a copy of the SharpDevelop IDE (also free) and leave 'em to it. This also has the advantage of giving them a set up they can easily replicate at home (being free) to further expand their learning and experience.
A very similar case could be made for Java with Eclipse.
Python and Ruby? Not sure I'd be making someone's first introduction into programming a dynamically typed language. Give the compiler a fighting chance in helping them out lol!
Martin.
Twitter bomb joker found guilty
Monday 10th May 2010 23:25 GMT
Hi Dodgey...
Don't I also know you from Bystander's blog? Anyway, moving on...
You ask what the actual level of terrorism threats are - and that's a good question. I agree with that I take you be your view that things are being exagerated to ridiculous levels, but on the other hand, the real threat is not zero either.
As to the specific threat to Robin Hood Airport, to be honest, I would have thought it makes quite a good target... It handles large passenger aircraft, it's security is a joke (it's easy to get onto the actual airfield), and I would imagine is a much softer target than Heathrow, Manchester or Gatwick. There is a credible threat - but you and I both know that this debacle has nothing to do with any genuine fear of actual terrorism. I've read in one account that the airport considered this as a joke, but reported it to the police anyway!
I like your point though - we've made a big mistake in letting security become an industry...
Biting the hand that feeds IT
