Posts by dreamingspire 85 publicly visible posts • joined 30 Nov 2008
STORK is seriously about eID, not connected with the UK ID Card farce. And its DWP that's really doing the work. And and its meant to be useful - those few who have posted about that are quite right. Of course its useful to govts, intended to help them collect taxes, etc, by making it impossible for you to say you can't tell them what you are doing (and pay) because you are in another country and the on-line access doesn't work from there. (No. I'm not an insider, but do try to keep an eye on what's really happening.)
And this morning my business ISP serves me an email for which Kaspersky detects a worm. Its in an email from "The Post Office":
07/11/2009 10:27:46 Detected: Email-Worm.Win32.Mydoom.m Mozilla Thunderbird [From:"The Post Office" <postmaster@<my domain>>][Subject:report][Time:2009/11/07 10:18:44]/mail.zip/MAIL.BAT
It is one of those emails that claims it came from my domain's postmaster - they have been arriving all this year, but this is the first worm-ridden one (assuming K knows all).
The header says: Remote host 196.213.162.210 (4ways.sevens.co.za)
OK, I point, zoom and shoot on auto, prefer the viewfinder rather than screen, not as steady as I used to be (prefer available light photography - great stuff recently from a big church wedding where flash was banned), and some of my pics are great. Rarely print them 'cos we all look on the PC these days.This with a Minolta Dimage Z1 bought for £120 (factory refurb), autofocus getting a bit erratic now. Very occasionally on a Pentax P30 with zoom (bought for £30 to replace a top of the range late model zoom Praktica that was nicked), but the cost of running that! A mate and I (he with his £700 camera, which he uses for pics of flowers - I can't match him with that subject) were photographing preserved railways recently, and he was impressed.
Anyone know where I can get a lens cap for the Z1? The grip mechanism on the original broke.
The original Out-Law article is at http://out-law.com/page-10470
and the Directive is at
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:267:0007:0017:EN:PDF
The big clarification is in the definition of e-Money. Previously it was simply 'stored on an electronic device', and that led those storing the value on servers to say that the Directive did not apply - but Dominic Peachey of the FSA moved to say that it did apply. The new definition specifically adds magnetic storage - so we wait for someone to find a new storage medium and claim that they escape the regulations...
Surprised that only one Comment has mentioned the "Notice of underreported income" emails - I have had a slew of those this week. They came dribbling in, using just a small number of destination mailbox names (some valid, others invented but frequently seen in incoming emails).
Thankfully, when I last worked in a university (in the UK) we still only had Teletypes on Telex spec links, and were buying PDP-11s for stand-alone use in various departments. But I had seen the future, on a trip to the USA in 1971, including a visit to a UCLA campus that was running a monster 360/91 and a high speed terminal network.
The volume of phishing emails that I receive has gone up dramatically this month - multiplied by a factor of about 4 for the bank with which I bank, at least doubled for others, and new bank names appear in some of them. Only a small proportion of them are trapped (because of Trojans) or warned about and result in 'access denied' (because of links to known phishing sites) by Kaspersky. My bank also sends me occasional good and useful emails... Rather frightening when you think of all those people on-line without up to date (or any) IS. Maybe I should ditch the mailbox names that they use and start a new life...
There was to be a secure email system for police forces, using proprietary boxes.
Then there was to be a secure email system for local authorities, using (the same?) proprietary boxes. Last I heard of that they were scratching their heads over the usual problem: do we have a new CA or do we try to get LAs to trust each other (phone calls to say: "I'm sending you a secure email so that's my signature on the bottom of it").
Closer to this article: ukcrypto had a report recently that different govt depts have separate PKIs, not federated...
On my other system, used for archiving and a few online functions (but not anything that plays Flash stuff), I go the message when I updated Firefox. So I'm one who was flagged, but so what? Can a rogue push malware to Flash without my accessing a bad web site?
The O'Brien R4 interview and the Baroness Whatsit interview and the Reg story all show what a muddle this is - and thus how dangerous. Humph never got to find out that the CRB checks continue. The idea that the new vetting is a one-off is laughable - like the CRB, its a snapshot. How then will the new vetting certificate be updated as and when new "information" is garnered?
One thing was clear, though: if you are only volunteering, the new vetting check is free - cue a sudden realisation that the vetting authority can't cope, so the volunteers are left in limbo for months. And will your volunteer's certificate show that you got it as a freebie? Should you, like a police officer, have to wear it's serial number on your shoulder? Or produce it on demand? - yes, its an ID card.
I think that recently I have detected in my neighbourhood a more relaxed attitude by parents about their small children, but this new "service" will bring back the fear and guilt.
A few years ago I also left Orange, because the signal strength here dropped below working level. Much stonewalling but eventually it became obvious that, in this dense residential area (no significant business traffic, no school, etc, nearby), they had taken a cell out, no doubt because of shortage of spectrum capacity elsewhere. Happened to other places around this urban area, got rumbled by the press, I got out with no penalty and took my number with me, and in a well publicised case the customer was reimbursed and allowed (sic) to cancel the contract. Now use a smaller service provider that buys capacity from Vodaphone - excellent.
And now I out myself (a little) - I'm in Greater Bristol, Orange's HQ area. And the line of bad signal goes through my house, a mate's house and the pub (where we once collared an Orange employee and demonstrated the problem to his great surprise).
The merger just might improve the coverage - on TV I saw an industry expert refer to that in careful words.
My BY email retrieval (cable in an urban environment) was up and down (mostly down) for a few days, but a friend's virgin.net email (ADSL in a village not far away) continued OK. Now I read the Update, so that's what is was... A good system would have sent error messages when it failed to retrieve data from a disc, but it simply stopped - on one occasion it retrieved a few headers but then stopped when trying to retrieve the mail bodies.
But its not my main email ISP, although I kept the BY mailboxes and sometimes use them - but the spammers know all of them (and my mate tells me that the account name mailbox, which name I have never given anyone, is in fact public knowledge).
A one-time colleague told me about the effect of the Lightning. He had been an RAF radar operator, and said that they had regularly been spotting high flying incoming from the west, which always turned out to be Yanks who had failed to file flight plans - but we didn't have interceptors who could reach them. Then the Lightnings were deployed, and they did exactly what AC suggested: "Wasn't the Lightning primarily an interceptor, ie very fast, very high, for very short times". They went up and up and past the Yanks... After that, the Yanks filed flight plans.
Having had a GX3050N for over a year (replacing a colour laser that I transferred to my brother so he could use it for spares - he does a lot, I mean a lot, of printing), and admittedly doing less and less printing myself, recently I baulked at the ink cost when one of the colour cartridges ran out - all 3 of them were empty or nearly so, because every time you switch it on it gobbles ink, and if any cartridge is empty it will not print. Bought an HP networked inkjet (6940) for less than half the cost of a set of cartridges for the Ricoh. Now have better quality colour on ordinary paper...
Reminds me of a quick visit to Motorola Phoenix in Feb 1983, a stopover en route to SFO. The reason need not concern us, but Moto knew that I had been involved in CPU design (including an early MMU) and was by 1983 managing the design of an innovative product that used the 68000. After a very brief meeting in which they answered my question (an answer that had eluded Moto Munich and a UK agent), I was shown into a lecture theatre. The audience was very small, and they showed a video of a new CPU design. We then discussed not features but likely performance - which would be limited by memory bandwidth and the small size of on-chip cache then possible. No NDA. I left to drive to the airport - and it rained.
Some months later I received an invite to the London launch of the 68020. On attending, I realised that the video shown in Phoenix was not the 68020 but the next generation. The 68020 had an instruction cache, and received wisdom later was that its performance was not as good as hoped, and that the next one, the 030 with both data and instruction caches and on-chip MMU, went much better - but by then I was doing something different and never got to grips with the 68K family again.
Missing from this discussion is the need for securing on-line interaction with the public sector, something desired by the European Commission because of the ease with which large numbers of EU citizens cross borders, particularly to work. So our govt's Big Brother attitude, the EC, and M$'s commercial aspirations, are together threatening an unholy mess here. Passport technology isn't designed to work securely on-line, which is why a growing number of EU countries have signed up to an eID token.
And don't think that tracking our activity is just a UK idea...
There is a government policy called Information Assurance (Information Security and Service Quality), hatched in Cabinet Office's CSIA during those wonder years up to end 2004 when we were all going to move very soon to doing every possible interaction with the public sector on the internet (M Prodi wanted the eService model all across the EU). But IA never came out of the closet, and so is not implemented. It was revised in 2007, and what a muddle those docs are. It is now time to open up the cabinet, take it out, dust it off, make it better - and expand the Information Commissioner's remit so that he polices it.
Having just cleaned up a system for some friends because it was laden with viruses and trojans, and then installed Internet Security software (at a price, of course, for full protection), along with advising them to do the maintenance (I shall have to call round once a month to check on it), it is clear that a necessary next step is for all systems sold to have a full IS suite pre-installed with a one year validity, that maintenance and operation has to be a lot easier (invisible even), and that the end user annual cost has to drop down to OEM levels (drop by at least 75%).
We have a govt policy called 'Information Assurance'. Its a mixture of service quality and infosec. Needless to say, it has not been implemented within govt, so what chance of implementing it for bank transactions? It belongs to Cabinet Office - time to move it out to a Regulator, such as an enlarged remit Information Commissioner. (But beware: the latest incarnation, IA 07, is very woolly, as Ross explained when it was published for comment.)
Some 7 years ago my gas account with British Gas was stolen by another supplier in the name of a person who I have never had any contact with and am not even sure existed. The first that I knew of this was when BG sent me a letter saying 'sorry you are leaving us'. It turned out that BG had failed to contact me within the period under which, according to some very flawed legal rule, they had the right to stop the switch. A BG person then even went as far as telling me that they would lose their Licence if they complained after the deadline. A letter to the BG Chairman produced quick remedial action in that case.
For most SMEs and for personal users, this fix needs a tool to first analyse their system's Autorun function and patch status, and then guide them through the process of configuring Autorun. As a friend (a teacher) put it to me last week: I just want a system that I can use. But her daughter would be able to use a configuration tool.
The 2006 change to the ID card project merged ID cards and passports, with the IPS database dominant and the DWP database to gradually merge with it as identification data gets confirmed. The mistake was not to follow other EU countries and EC policy by making the ID card an eID card, namely for secure use across the internet - our ID card doesn't carry the necessary digital signatures. Many people outside HO tried to get HO to understand, but without success. They still don't understand. What a waste those HO people are.
Not that long ago I ditched Orange because of coverage problems and their fobbing off of my complaint that the signal strength along a line through my house, a mate's house and the local pub had all dropped dramatically. Then the local paper picked up a case the other side of town - and Orange had to refund a customer and cancel their new contract. It seems that they have taken out some cells in residential areas. Recently we found an Orange employee in the pub - and he discovered the poor signal level for himself. Short of spectrum capacity?
...get through Symantec protection, that is, usually if they are in a zip (I'm continuing to use Symantec until my subscription runs out). But several copies of MyDoom have been detected in emails this week - attached to messages claiming that my email 'could not be delivered'.
The airline receipts and fake contracts have been arriving here for some months, same as others report. And there have been some fake statements of account.
Well, in 1968 I designed the MMU on the 1904A (and fixed a bug in the 1906A hardware along the way) - and then it was 2 years before George 4 was finished... (and if you know my name, would rather you didn't publish it against the nickname that I'm using here).
As for the question about what the spec of the PDP-11s included, there were DECtapes (small, rugged spools of mag tape, even students could use them reliably - the unit was just another panel in the cabinet). There was a 64K fixed disc, then RK large diameter single platter removables (pretty good). Paper tape, of course (fanfold). Teletype, and also the DECwriter (console like a Teletype, but dot matrix).
ICL was a creation of govt, and through its creation ICT's engineering discipline and innovation was frittered away. But in the 1970s I don't remember a shortage of PDP-11s - I was in effect the buyer of them in a University that I will not name because the central computing service boss thought that users getting their hands on computers would diminish his empire. It did.
Having worked on CPU and MMU design 40 years ago, I continue to be amazed that we use basically the same CPU architecture (at least 50 years new) and, while running it so much faster and cramming more and more functions in, actually manage to make it work properly. We simulated the design 40 years ago and made it work first time, that skill was then lost for a while, and then it came back and delivers.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
