Feeds

* Posts by Graham Cobb

110 posts • joined 13 May 2009

Page:

Hackers' Paradise: The rise of soft options and the demise of hard choices

Graham Cobb

PCs are not the battleground any more

Unfortunately this piece misses the point. PCs are not the important concern any more. It isn't even tablets and phones. The area to be concerned about is the Internet of Things.

The first reason is scale. PC's are well below one per person. Phones come in at around 1 per person. IoT devices will be tens per person or more. If you are worried about "Unfortunately, it seems that it is only after such an event that something gets done" then it is these devices which will have the most opportunity to cause chaos.

The second reason is that many (not all, of course) IoT devices are going to be in either safety-critical or, at least, seriously-inconveniece-causing environments. They may be controlling important household functions (locks, heating, lighting). More importantly, they will be working in offices, factories, railway stations, etc. Putting threatening messages up on the departure boards at Waterloo station in the rush hour may cause more loss of life than causing a car to crash.

The third, and most important, reason is that these devices need to be cheap. Really cheap. Designed and built down to a cost. And those which are not truly safety-critical (nuclear power station controllers) will not be regulated at all. Their hardware may be simple, their RTOS may not be designed for security, their interfaces will be wide open to simplify (make cheaper) integration, and their software will probably be crap -- more concerned about whether it is selecting and displaying ads correctly than whether it is functioning.

We already see serious security issues in SCADA controllers. We already see serious issues in vehicle engine management systems. Both those might get targetted by regulators. But will non-safety-critical IoT devices ever be safe to use?

0
0

Three floats Jolla in Hong Kong: Says Sailfish is '3rd option'

Graham Cobb

Re: Maturity is beginning to appear

I have a Jolla with a physical keyboard Other Half, which I use as my daily phone. A bit bulky but nice to have.

Unfortunately the keyboard was a limited run project by a community developer and hasn't been taken up by Jolla.

0
0

HTTP-Yes! Google boosts SSL-encrypted sites in search results

Graham Cobb

Re: Silly question

No, it isn't necessary to use SSL on sites which do not have logins. But it is the friendly thing to do. Part of the point is not just to protect your traffic, but to move to having most Internet traffic routinely encrypted to make the job of hoovering up all data by tapping backbone links harder. It also reduces the chance for the spooks to say "ah, his data is encrypted -- he must be a terrorist".

And, it makes it safer when you later decide to add a hidden page to Foofie's web site to make the Anarchist's Cookbook available -- no one can watch your traffic to see whether people are reading the poodle's page or the secret page.

3
0

UK.gov eyes up virtual currencies, fingers red tape dispenser

Graham Cobb

Re: The problems with bitcoin, as seen by governments

Sorry, Martijn Otto, you are fantasising. I am a strong proponent of privacy (see my other posts) and I am a strong supporter of both cash and bitcoin, but I am realistic about bitcoin.

1. The government most certainly can regulate it. As you said, they can regulate exchange. They can also require people to declare bitcoin usage -- and most legitimate users will comply. Bitcoin is much more traceable than cash (although it is easier to anoymise than other financial networks). Money laundering is a serious concern for governments and if large amounts of money are laundered through bitcoin, governments will get very heavy handed with it. You certainly can block a bitcoin transaction: put the participants in jail.

2. Financial institutions have plenty of opportunity to make money from bitcoin. Do you think that the needs for loans and savings accounts go away with bitcoin? Do you think that bitcoin credit cards will have transaction fees any lower than todays credit cards? Banks make a lot of money helping people and businesses handle cash today and they will make just as much money from bitcoin. The only people who could be disintermediated by bitcoin are money transfer networks: but they will find plenty of value to add in making transactions easy, handling taxation and reporting, providing escrow and insurance, etc.

3. You certainly can seize bitcoin. Most user's bitcoins are held in third party wallets, which are easy to seize. Even if they aren't, it is easy enough to order the holder to transfer the bitcoin to a government-controlled wallet.

Bitcoin is certainly very useful, but it doesn't undermine either governments or financial institutions!

5
0

UK.gov wants public sector to rip up data protection law

Graham Cobb

Surprisingly honest document

According to the article, the cabinet document says "Removing barriers to sharing or linking datasets can help Government to design and implement evidence-based policy – for example to tackle social mobility, assist economic growth and prevent crime".

Those seem like reasonable goals. However, the document then moves on to talk about the real goals... "checking if bus pass claimants are still alive, tackling illegal immigration or sharing information about teenagers involved in gangs". None of those are reasons to ask everyone in the country to sacrifice the right to privacy. None of those are at levels where they are causing the country serious problems, and there appears to be no evidence that they would be reduced by data sharing.

So much for "evidence-based policy".

10
0
Graham Cobb

Re: Not Good

I'm very sorry to hear about your friend's serious assault. However, why should social workers be treated specially? It could have been the milkman, or a neighbour, who was beaten up.

If a violent criminal is living there, and is likely to assault people, that is a matter for the police to deal with. Unfortunately, some people commit violent acts -- taking away everyone else's human rights is not the solution to that. Of course, we could virtually prevent that sort of thing by keeping everyone locked up under house arrest all the time, but we wouldn't have a functioning society if we did that. The same would be true if every local government official had access to everyone's criminal, health, social care and tax records!

16
1

Plug and PREY: Hackers reprogram USB drives to silently infect PCs

Graham Cobb

Re: Where's my Windows update to fix this?

It's a bit harder than it might appear. Adding and removing keyboards to laptops is very common in a corporate environment -- I am always plugging and unplugging keyboards as I move my laptop between desk, conference rooms, carrying it over to someone else's desk to show them something, etc. Several times each day (particularly now that we work in a full hot-desk, open plan environment where you can't even have a phone call without disturbing people so have to go a "phone booth" room each time you get a call). And I typically have the laptop closed while I am doing it and I wouldn't want to open it just to acknowledge a pop-up (and presumably acknowledging it from the new keyboard would defeat the point).

I think there may be more success for a popup if the keyboard seems to be combined with another function -- although plugging in hubs with keyboard, mouse, external disk pre-connected is also common so that has to still be allowed.

I certainly hope Microsoft are working on a way to counter this, but it is not as easy as it may seem.

0
0
Graham Cobb

Re: I call semi-bollocks

I think you are missing the point. As an earlier commentator said, what this does is turn today's USB sticks into the equivalent of the old infected floppy.

In the business world today, USB sticks are routinely exchanged between people (in the same company, or between companies). When I meet a customer, it is very common that we will exchange documents on a USB stick (they may want a copy of the presentation I have just given, or I may want a copy of the RFP that his purchasing dept will send me in a few days time). If the customer's PC has been infected, this attack allows them to infect my PC as well, even if I use my own USB stick and without actually opening any documents from the stick.

As for those who mention non-Admin accounts, VMs, or keeping assets separate: I am talking about the business environment. That is completely geared up for doing business -- not for security. I have been in sales/marketing for many years now and have NEVER worked for a company (big or small) where my normal work account on my laptop does not have local admin rights -- locking down the PCs, particularly for home and travelling users, is just too hard (i.e. expensive in support resources and expensive in lost time for the user). Despite best intentions, the company ALWAYS ends up making the tradeoff that all field people accounts have admin access on their own laptop.

That may or may not be a good idea, but it is the way of the world. This attack is very serious in the world of business users in the field.

5
1

Adam Afriyie MP: Smart meters are NOT so smart

Graham Cobb

Re: Which devices are using resources?

@Ledswinger

I note your claims that the industry didn't ask for this, but I find that hard to believe. Of course, I don't think they asked for it to make life easier for consumers, or to help them save money. What the industry wants is remote control. That is the single biggest benefit to the suppliers.

There is no need for smart meters to include remote control: it increases cost, decreases reliability of the meter and massively decreases the reliability of the electrical supply when billing and admin mistakes are included. When I last switched suppliers, the new supplier forgot to take the direct debit and also forgot to send me any bills or even any letters saying I owed them any money. The first I heard of the problem was a phone call at 7AM from a debt collector accusing me of owing money! The supplier accepted full responsibility for their mistake, and paid me compensation for my trouble. But if I had had a smart meter, the first I would have heard was a power cut of, presumably, several days duration as I arranged for them to use the direct debit thay had on file.

I replied to the government consultation saying that the "remote control" feature should be able to be overriden with a physical (purely mechanical) bypass by the consumer, unless they were on a pre-payment tariff, and that under no circumstances should the supplier be able to cut anyone off without sending someone on-site (as well as all the other protections required today). The supplier could offer me cheaper tariffs if I was willing to leave the remote control available, but I would always have the choice of bypassing the remote control (possibly automatically switching to a higher tariff).

I live in a rural area and my electricity supply is unreliable enough already without introducing additional points of failure (physical and administrative).

2
0

Feel free to BONK on the TUBE, says Transport for London

Graham Cobb

Unregistered Oyster

Only two posts here about privacy? And both with 0 upvotes and one downvote (they both have one upvote now)?

I do not work in London but go there occasionally. I have an anonymous (unregistered) Oyster card. I top up with cash and, if I could be bothered, I could swap unregistered Oyster cards regularly with my friends.

There is no way I am ever going to pay for travel around London with a traceable instrument like a credit or debit card. Freedom to travel is a right, and it must be available anonymously in order to protect the basic human rights of freedom of expression, freedom of peaceful assembly and right to privacy.

I would object very strongly if anonymous travel cost more money than tracked travel -- that is why Oyster provides anonymous cards. Does anyone know how many unregistered cards are in use?

0
1

ICO: It's up to Google the 'POLLUTER' to tidy up 'right to be forgotten' search links

Graham Cobb

Re: No re-writing history?

@cored

It's not insane -- although it can be very confusing if you don't think in the way that data controllers (under EU legislation) are supposd to think.

1. Facts are facts. In general, you won't get a fact removed from somewhere like a newspaper (if it is true). There is no right to be forgotten.

However, Google is not a data store (as you point out). Google is processing data to provide a service: you type in a search term and Google collects information about that subject and tells you. That is where the legislation kicks in. If the data relates to a person, there are laws about processing it. They certainly aren't perfect but they protect us every day from people abusing information about us.

Amongst those laws are implictions on using data processing to create a profile of someone. As search engines were not envisaged in the laws, it has taken legal arguments to decide what the restrictions are on a profile created by searching the web (and it is perfectly reasonable to believe the decision is wrong -- but it has been made). The decision is that it is similar to other commercial companies which create profiles, like credit reference agencies. They are not allowed to include irrelevant or obsolete data, except in cases where dropping that data would be against the public interest (for example, someone standing for parliament is not likely to be able to get data about criminal offences dropped, even though the offences have expired -- they may be able to get them removed once they stop being a politician, however).

2. Your point only matters for well known people, where it is more likely that there is a public interest argument for retaining the data anyway.

3. Yes, old data can be useful. Lots of things could be useful which are not allowed. In the case of data about people, data protection overrides utility. Get over it.

4. Yes they are. Once Google stop moaning, they will put in place a process, using advice from data protection experts. A few more cases may go to court to get some grey areas sorted out. Then the process will just work.

This issue isn't publishing data, it is processing the published data and creating profiles of people. Google searches do it automatically. What I don't know is whether the same rules would apply to manual data processing. For example, if you were to look at all my postings on El Reg, gather some personal data from those (maybe I have said where I live or how old I am or something), create a Wikipedia page for me and publish that information, would I have the right to get old or irrelevant data permanently removed from that page? I don't know.

2
5
Graham Cobb

Re: Yes, there are several years of case law.

Yes, that is exactly what they will do. Just like every other business who handles personal data has to.

2
4
Graham Cobb

Re: I can see why Google should pay

Robert & Donn, you may not agree with laws about censorship and about having to remove factually correct information from dossiers, but that is the law in the EU. I realise it is not the US way, but in the EU personal data is strictly regulated and being "fair" to people trumps freedom of speech -- not the other way around. For example, it is a true fact that a person who lived previously in my house went bankrupt. However, as that person is in no way related to me, credit reference agencies are not permitted to record that information, even though it is true, as that might adversely affect my credit score.

If that information was on the internet, and someone did a Google search of my name and used that information when making a decision to give me credit, shouldn't I be able to prevent Google making that visible? If not, wouldn't that allow Google to compete unfairly against regulated credit agencies?

Today, the credit reference agencies know the rules and apply them: they make the decision, not a court, unless you disagree and sue them. Google will need to set up a similar process -- after a few borderline cases are decided by the courts, it will all settle down.

3
1
Graham Cobb

I can see why Google should pay

There are businesses in the EU who create or hold information dossiers on people (credit reference agencies, headhunters, etc). Those businesses are subject to strict laws about personal data processing (including rights to have old or incorrect information removed from the dossier), which create non-trivial costs for them.

The decision seems to be based on the interpretation that a Google search of a name creates, in real-time, a similar sort of dossier on a person. You can argue whether that is a sensible interpretation, but I do have some sympathy with it: I can see a future (with some smarter Google algoritms) where a Google search could replace a credit reference check.

If that interpretation is valid, then clearly Google need to be subject to the same data protection laws and processes that the other dossier-makers are subject to. Including the right to have false or old information left out of the dossier. And they should clearly have to bear the cost of that, just like the credit reference companies do. Just because their process constructs the dossiers in real-time instead of cumulatively over the years, doesn't change the rights of the subject of the dossier.

2
9

NEW, SINISTER web tracking tech fingerprints your computer by making it draw

Graham Cobb

Surely this is illegal under Computer Abuse and Data Protection laws?

If I have set Do Not Track, and I disable or regularly delete Cookies then I am making an unambiguous statement that I do not permit tracking. Any company trying to workround that (whether using canvas, or flash cookies, or anything else) is then abusing their access to my computer. I have not given permission for that. The deliberate action is illegal, whatever the technology. They are, of course, welcome to deny me access to their website if they wish -- but they are not permitted to hack me.

Many companies claim that creating URLs which are not published links and which leak information is illegal hacking of their website by users. If that is the case, then mis-using browser features to track me when I have explicitly refused permission is also illegal hacking.

Why haven't the data protection authorities made a clear statement that any sort of web tracking not based on cookies is illegal and that companies will be prosecuted under data protection laws.

1
0

Remember when Google+ outed everyone by their real names? Now Google's sorry

Graham Cobb
FAIL

Doesn't seem to work

I just tried creating an account. It still says "Are you sure you entered your name correctly?".

It also still wants a date of birth, and a gender. Neither of which am I willing to supply to any sort of social networking.

1
0

UK's emergency data slurp: IT giants panicked over 'legal uncertainty'

Graham Cobb

Re: try thinking ahead, assholes

In my view, data retention is the modern equivalent of putting a tail on someone: the tail can't hear what you say but they record everywhere you go, how long you spend there, who you talk to, which shop windows you look in, which buildings you enter. 64 million police tails. 24 hours a day.

One newspaper report said MI5 are expecting 500 returning jihadists from Syria. 500. Apparently that makes it proportional to tail 64 million people, 24 hours a day, because of 500 potential terrorists. Even if all of them managed to radicalise 100 other people, those 50,000 would be less than 0.1% of the population.

There is no way that jihadists (or even all terrorists) can be any sort of justification for blanket data retention.

Of course, the spooks and police know this. So what is the real reason? Apparently 10% of the population (6.5M) are trade union members -- maybe it is them who the government really want to track?

2
0

Super-snoop bid: UK government hits panic button on EU data retention ruling

Graham Cobb

Police state

May is hopeless -- and her merging of snoops and police access doesn't help her or anyone else wanting a sensible debate on this subject.

NCA's Bristow, on the other hand, is much more concerning. He seems to be a sensible man, and the arguments in his speech are well made and effective.

Those of us who disagree with him need to be equally good in our arguing against his vision of a police state. In my view, the public don't understand what using Communication Data means. Collecting Communication Data is exactly the same as placing a police tail on you: the tail can't hear what you are saying but they track exactly where you go, who else is nearby, who you talk to (and for how long), what posters you stop and read, what shops and other building you go into. If the Snooper's Charter was in effect, the tail can follow you into the buildings and video everything you do there.

Unlike a real police tail, this is not reserved for criminals or even suspects. The tail is put on EVERYONE. Even children. 24 hours a day. At home, work, out and about. Just in case you turn out later to have been a paedophile.

Having a permanent tail on everyone seems like the clearest example of a police state that I have seen.

I, for one, am very willing to sacrifice some protection to avoid living in that police state.

30
0

Vodafone: SPOOKS are plugged DIRECTLY into our network

Graham Cobb

@AC -- you are quite right about people not understanding why freedom from surveillance is critical. My "road to Damascus" monent came when looking around the Stasi museum in Leipzig and realising just how close the Stasi came to being able to stop the "Monday demonstrations" (which led to the fall of the Berlin wall, https://en.wikipedia.org/wiki/Monday_demonstrations_in_East_Germany) due to their mass surveillance -- and they were using manual processes not computerised processing and tracking. The people at those demonstrations were not rebels or activists -- they were ordinary people who's emails "no one would be interested in".

Imagine if a small party (like UKIP, or the Greens -- whichever is your particular demon) was able to hold the balance of power after the next election, formed a coalition, acquired a strong, charismatic leader and started forcing through policies "for the country's good". All very sensible, honest and decent, no doubt. But isn't there a risk that real debate and substantial protest would not be allowed once they had got the national security apparatus to believe they were doing the right thing for the country?

5
1
Graham Cobb

Re: Err...

I suspect this really means, "If we receive a demand we can issue a quote and make sure we get paid for granting access"

That is a start. After all, the closest thing to democratic oversight of security agencies is budget control. Making sure that excessive surveillance costs considerable money would help to limit it.

5
1

REVEALED: GCHQ's BEYOND TOP SECRET Middle Eastern INTERNET SPY BASE

Graham Cobb

Re: Said it before

Just exactly what do you expect out intelligence services to do? How do you expect them to do it?

I expect them to stop mass and untargetted surveillance. Surveillance within the UK should require a warrant, issued by a court not a politician, and be limited to a named target person. Surveillance of our allies should be exceptional -- it should require authorisation from the Prime Minister (who would bear responsibility for authorising it when it eventually came out, as all secrets do). Surveillance of non-allies would be more routine and would not require warrants but it should still be limited and focused on specific targets or purposes: there should be a robust and effective programme for making sure that non-relevant data is destroyed, not archived and certainly not shared with others (so that, for example, the CIA cannot use this to get round their own government's restrictions). All of the above policies should be publically debated and published, with oversight from parliament.

Unfortunately, it is unlikely we can directly enforce these restrictions. They should be in place, with very visible punishments for senior management when they are inevitably ignored (on the basis that whistleblowers will expose some proportion of abuse). However, the only real lever we, the people through parliament, have is money: GCHQ and MI5/6 budgets need to be cut substantially as a public response to the Snowden revelations, and there needs to be continuous effective oversight of their budgets. BT & Vodafone will not work for free, and other MoD agencies will be unkeen on hiding spy budgets within their budgets, so there is an opportunity to limit their activities at least in some way through money.

The budget, and the activities, of the intelligence services should be proportionate to the real threat and very focused on the most critical threats to public safety. It certainly doesn't include "serious financial fraud"!

4
2
Graham Cobb

Re: TRAITORS

Do you seriously think that anyone at GCHQ has the time, or interest, to look into the average El Reg commentard's extra-martial philanderings?

Are you being deliberately difficult or do you really not realise what the issue is with allowing untargetted data collection?

Of course GCHQ is not intereted in your, or my, email or our personal failings. Not unless we become a "person of interest". For example, write an exposé article for El Reg, or get our MP to ask an embarassing question, or investigate corruption, or campaign for or against abortion, or animal rights, or organise a national strike. At that point, it would be very convenient for the government if they could look back at everything we (and our friends and family) ever did or wrote and try to find some way to discredit us.

I am not worried for myself, I am worried for investigative journalists, campaigning lawyers, radical politicians, or anyone else who should be being given the full protection of the law but instead are being shafted by it. Government ministers are the last people who should be able to authorise wide surveillance powers -- that should be an emergency power, only used in time of overwhelming national need, authorised by parliament and made in public.

2
1

For your next privacy panic, look no further than vending machines

Graham Cobb

Re: Of all the privacy violations to worry about

I was talking to someone at a conference the other day who is selling facial recognition (and other things like gait recognition for when it can't get a clear view of your face) to supermarkets to add to the ubiqitious cameras they have in the shops and feed information into their already massive big data business intelligence systems. The supermarkets plan to not only link it to their loyalty card databases but also track you as you walk around the shop to see what route you take, which displays you stop at, etc. And not just statistically -- you.

This isn't the future -- the cameras are here now, the recognition software is here now, and the SI companies are looking forward to big contracts connecting it all together.

1
0

Kid crims don't need to skim: Paywave cards lead fraud rise

Graham Cobb

Re: Wavey-wavey cards lead to fraud?

Haven't you missed the point -- or am I confused? [Or maybe both]

What the policeman seems to be saying is that the fraud amounts may be tiny in financial terms, and well within the budget the banks have planned, but that it is causing an increase in very visible crimes (burglary, mugging, etc), particularly among children. I can certainly imagine that if kids have worked out that they can often use these cards for small purchases (say £10), then they may have become very popular, even though the banks are also perfectly happy to cover their customer's losses because it is only a very small total amount of fraud.

That seems to be an unexpected impact on society that could be quite important.

0
0

Still using e-mail? Marketers say you're part of DARK SOCIAL

Graham Cobb

Re: How much would you pay to Like my stuff?

If Google just punted total bollocks stats to all their customers, how many would actually notice?

My company tracks how many visitors come from various Google adwords, so we would notice. As far as I know, we have no idea how many ads are served (if we are told that we don't use the information) but we do look at how many visits happen, month-by-month (and sometimes, for specific campaigns, day-by-day). We then decide if what we are being charged is worth continuing with (and, by the way, it generally is -- when compared with other methods of getting visitors such as email marketing or newsletter advertising).

0
0
Graham Cobb

Re: Telephone Tracking

Ken, despite your scepticism, this is indeed a real technique.

In my experience it is not used for the big phone number that appears at the top of the page (and which you might remember or write down and call later) but for specific applications. It is routinely used for "click-to-call", where you click on a button and your phone dials a number -- in that case the number can be allocated knowing that the call is happening immediately.

It is also used for some other cases where numbers are likely to be either called soon or not at all -- things like customer service. The re-use times are measured in minutes, and a pool of 1000 numbers are likely to be plenty.

In all cases, the caller is queried to make sure the details automatically appearing on the agent's screen along with the call are correct -- so it isn't the end of the world if the matching doesn't work properly sometimes.

0
0

It's Google's NO-WHEEL car. OMG... there aren't any BRAKES

Graham Cobb

Re: I don't want one

@imanidiot: THAT is why they need to change the word. Of course you don't want to give up your car. I am not sure I do either. But there are so many benefits to society that governments will make it MUCH more favourable for you to use your "pod" for more and more things (commuting, going on holiday, ...) that eventually you will find you haven't driven your real car for three months. At that point you might decide you don't need your car any more.

But to get that point, they need to first sell you a "pod" as a supplement to your car, not as a replacement. Maybe first of all for commuting, where a 25MPH speed limit is fine because most of the commute is spent in traffic jams, and so you aren't worried about safety because the speeds are low, and it is great to be able to drink a cup of coffee and look at the sports pages on the way into work.

1
0
Graham Cobb

Stop calling them "cars"

What we need is to stop calling these "cars". The future is clearly driverless cars -- we all want all the benefits of personal, door-to-door transport, without the hassle and danger (and inefficiency) of human drivers.

But, to be successful, the industry has to stop calling them "cars". We all have to stop thinking about them as cars -- they are just more sophisticated versions of the people movers at airports.

People don't want someone telling them "you can't drive your car any more". And legislators need to make different laws for these new things -- you can't ask a person to take any responsibility if they have no controls, nor if they are not actively involved second-by-second -- anyone would lose concentration after a few minutes.

Keep cars as what they are now and give these new, driverless things a new name -- for example "pod". Eventually people will stop bothering with cars, governments will make cars less and less attractive (pods won't need personal insurance, only pods will be able to use motorways, go into central London, use bus lanes, ...).

Oh, and we need to get someone to take over from Google. I am looking forward to not having to drive, but I will pay extra not to need to tell any commercial company where I am going.

5
0

Son of ACTA pours fuel on IP trade fire

Graham Cobb

Policy laundering

"On investor-state dispute provisions, it states that countries can still pass their own legislation: “at most, it can lead to compensation being paid”"

No, at worst it can lead to policy laundering and disenfanchisement. Policy laundering (of policies the government want to enact but which will be unpopular) used to be done through the EU ("Oh look: the EU have required that we make interfering with DRM illegal. What a shame. Oh well, I suppose we had better get on with it"). But nowadays, blaming the EU is off the table: it creates votes for UKIP. So, having an "important trade treaty" that means that some wet-dream policy has to be implemented "because otherwise we can be sued by major multinationals" is ideal.

Unfortunately, every government (of every country, and of every political persuasion) benefits from having someone else to be able to blame for unpopular policies so that is how these things get agreed.

0
0

You know all those resources we're about to run out of? No, we aren't

Graham Cobb

Re: Ahem.

Sorry, Earl, I didn't make myself clear. I am not interested in "discussing the controversy" -- as you say, that is the opposite of science, used only by the most disreputable.

I am, however, interested in articles which are not just polemic (interesting, informative but polemic), but ones where I can have some way to make a judgement on the validity of the claims: the BBC certainly do make mistakes in science journalism but you have to have your supporting evidence clear if you are going to make that claim. In the academic world this is usually by citing references, pointing to supporting material. However, in the popular world it is normally by a trusted, independent journalist explaining whether there is any serious disagreement, if so by whom, what credentials and evidence the disagreeing parties have, etc.

Tim's article was educational and interesting. However, for a reader with no experience in this area, it gave no information as to where his claims lie on the continuum between "bleeding obvious to everyone" to "credited only by the tinfoil hat brigade". It was an opinion piece. I would like an analysis piece as well.

7
0
Graham Cobb

Re: Ahem.

Tim, It is a good, informative and interesting article. Definitely good science journalism. Thank you.

But that is only half of the picture. It isn't an investigative or independent review article. And I wouldn't ask you to write one precisely because you are a subject matter expert, with your own opinion. Where are the other good science journalists, who can investigate the (possibly divergent) views of experts, present the arguments for and against, and help us come to a conclusion?

Both aspects are needed: informative, educational articles about a subject area, and investigative, analytic articles to help us draw conclusions. I am not sure El Reg is the right forum for that, but I don't know where is nowadays.

4
7
Graham Cobb

Re: I would argue the situation was even worse

I would encourage you to still vote. We have serious problems with our politicians but I don't believe the "cash-for-policy" is anything like as bad as it will get if the public continue with apathy. Just look at the US, where the corporations really are in complete control, to see how bad it could get!

A caring and engaged electorate, even if largely powerless, may give politicians and their corporate sponsors some pause. And maybe we can actually encourage some genuinely useful candidates to stand in future elections.

21
0
Graham Cobb

Re: Great Article.

I agree it is a great article -- very persuasive. However, I know nothing about the subject matter and can't judge whether the assertions are correct, or whether there are any counter-arguments. What I am even more worried about, than the fact that some incorrect analysis is going around, is that we don't seem to have a good way for claims like these to be tested and debated and trustworthy conclusions to be drawn.

What has happened to the good science journalists? Presumably this is an effect of our unwillingness to pay for journalism any more. How do we get the BBC to rescue Horizon from the pit it has fallen into and start using it for serious science journalism like this?

Some topics, like climate change or string theory, are extremely hard to analyse and there can be genuine expert disagreement (although vested interests don't help!). But I would have thought that this topic was something which some genuine experts could all agree on in their lunch break.

22
0

Rubber-glove time: Italy to probe TripAdvisor over 'fake reviews'

Graham Cobb

False negatives are the hard problem

I tend to mostly ignore the positive reviews. I read them to find out factual information but I pay more attention to the less positive reviews. Mostly because people may love places that aren't our sort of place (maybe we are looking for value for money, or luxury, or quiet, or beach or ...) but things people don't like are often likely to apply to us as well. Also, it does help to guard against false positive reviews.

Of course, that does mean I am open to false negatives. Unfortunately, that is a real problem for the owner: it doesn't do me much harm to miss a fantastic place because of a false negative review (compared to the risk of selecting a bad place based on a false positive) so I am always going to be more open to false negatives. All they can really do is encourage people to keep submitting reviews and hope the false reviews are drowned out by real reviews.

3
0

Get cracking on STARTTLS says Facebook

Graham Cobb

Re: STARTTLS checker?

I use http://checktls.com for testing my configuration

0
0

EU: Let's cost financial traders $400m a day, because EVIL BANKERS. Right?

Graham Cobb

Re: Article sounds like a rant

Surely trackers only have to trade when the composition of the underlying index changes (a company enters or leaves the index)? Sure, the trackers need to trade, but orders of magnitude less frequently than many other traders. I don't see this putting up the costs of trackers significantly.

7
1
Graham Cobb

Try harder

Sorry, Tim, you have not managed to get your argument across (to me, at least).

I still don't see the need for HFT. Sure I like low spreads and high liquidity but higher spreads just means I have to make fewer trades and keep stocks longer. Lots of trading may be good for investors but you haven't shown any evidence at all that it is good for the companies issuing the shares or the economy as a whole.

I know that trades bring information to the market. But the HFT algorithms are bringing very, very little information -- they are just arbitrage machines. I am willing to be convinced by real evidence but, for now, I still believe HFT is a drain on real finance and that either a Tobin tax or something like a minimum hold period (say, an hour) would make real improvements to stability and the ability of the market to gather, hold and process information, and provide information to the economy as a whole. HFT makes so much noise that the "information" in the market is being lost completely.

Of course, I agree with you that the attempt to have regulators approve algorithms is stupid -- obviously written by someone who does not understand software development.

15
1

Slip your finger in this ring and unlock your backdoor, phone, etc

Graham Cobb

Re: But it's still pointless.

I don't think it is completely pointless, but it isn't quite there yet. It needs to be no bigger than a wedding ring, tough, passive (no charging!). But if it was, then I think the unlocking phone/house use case might be useful.

Personally I don't set a PIN code on my personal phone at all -- I have never lost one or had it stolen (and I have had a mobile phone since the analogue days) so I choose convenience over security. I would use security which didn't require me to do anything to use the phone! And a ring is much less likely to be lost than a set of house keys in my pocket.

I am yet to be convinced about the bitcoin wallet use case, though!

2
0

Hearthstone: Heroes of Warcraft – A jolly little war for lunchtime

Graham Cobb

Thanks but no thanks

After I completed the training, they wanted my real name, an email and my age to continue. I won't provide those -- that price is too high for a casual game. If they had just asked for a nick and an email address I would have continued some more.

Back to Clash of Clans for me.

0
0

No, Minister. You CAN'T de-Kindle your eBooks!

Graham Cobb

If you bought a good old fashioned dead tree book written in English, would you expect to be able to translate it into a dead tree version in French for free?

Yes -- why not? Of course, I would expect to pay the translator, if I didn't do it myself, but why would I pay the author or publisher anything? If the translator offered their services for free (such as Google Translate) then the answer to your question is a resounding yes.

Of course, if I buy a French translation of a book, then I would expect that some of my money goes to the translator and some to the author.

2
0
Graham Cobb

Parody is handled fine elsewhere --- there may need to be a few cases to establish some principles, but no court is going to be fooled by scribbling in the book.

As for ebooks -- DRM on ebooks is just stupid anyway. The market and volumes are tiny compared to things like movies, and the sort of people who read a lot are unlikely to heavily pirate. It is just costing them business. Unlike some other commenters, I don't remove DRM -- I will not pay money to any publisher (of any media, in any format) who only sell DRM-encumbered content. I just limit myself to purchasing books which are available DRM-free. I still have many more books in my bookreader than I can read in the foreseeable future!

2
0

Spooks vs boffins: MIT bods say they've created PRISM-proof encryption

Graham Cobb

Re: better than nothing

Not just "better than nothing" -- an important capability which needs to be widely adopted.

Of course, this doesn't stop all attacks, but it does stop one important attack: you can't just serve the provider of the service with a demand for the key (and an instruction not to tell anyone). The service provider doesn't have the key. This stops the Lavabit-style attack.

Sure, it doesn't stop a determined attacker from moving on to other things. But those things may be more expensive, more targetted (always a good thing), more risky, possibly illegal, less likely to get co-operation from 3rd parties and courts, etc. Anything which makes dragnet surveillance more expensive is good.

Ultimately, it isn't law which restricts the actions of spooks, it is cost. That is why, in the days when surveillance meant having a human being follow someone around, they didn't just follow everyone around. We need to do everything we can to make surveillance as expensive as possible, so it will be used in a limited way, on high-value targets.

0
0

Research bods told: Try to ID anonymised data subjects? No more CASH for you

Graham Cobb

Re: Research vs commercial interest

Doesn't sound very ethical to me. Basically, you want deluxe low coverage for a known shite car.

I strongly recommend reading Tim Harford's "Undercover Economist". Whether it is ethical or not depends on whether you know you are at increased risk (and whether you are taking out the policy because of that knowledge). Unfortunately, that is not easy to determine!

Harford explains the complexity of this (serious) problem very well. Unfortunately there is no good solution. The best solution for now seems to be for the health insurers to agree to deliberately forgo knowing much about you -- that has a chance of evening out the risk (and the premiums), at least until people become generally much better informed than they are today about what they are at risk of. At that point, the health insurance business will collapse altogether.

0
0

ISPs CAN be ordered to police pirates by blocking sites, says ECJ

Graham Cobb

Re: Next up.....

This is like informing a courier that they may no longer deliver parcels from a particular company

No it isn't. This is like informing a turnpike operator that they may no longer permit drivers to use their road if they say they are going to collect parcels from somebody who is known to distribute pirated materials. There is no commercial relationship between the (alleged) pirate and the turnpike operator/ISP. And it just encourages people to lie about where they are really going "oh no, I am not going to those nasty pirates, I am just off to see my friends at VPN Inc".

8
0

GitHub probes worker's claims of hostile, sexist office culture

Graham Cobb

Re: Hmm

A manager has to treat people differently. Different people react differently and must be managed differently. Any professional manager understands that.

If your goal is a dressing-down sufficiently serious to bring someone to tears then you are going to have to be much harder with some people than others. If your goal is not to bring someone to tears then don't.

And public feedback like you describe in your previous post is just bullying, whomever is the target -- it has no place in the work environment.

5
1

It's BANKS v TELCOs: Mobe payments systems go head-to-head

Graham Cobb

Identity, not payments

This article seems to confuse payments and identity. They can be related but they are very definitely not the same thing. My understanding about Mobile Connect is that it is purely about Identity: it is a way to use your mobile phone number as a "token" with a website or app -- just like you might use a Facebook login on a non-Facebook website. The website might be, for example, The Register comments section: El Reg really doesn't need to know who you really are, it just wants to know that when you log in again the next time you can access your previous comments. Your mobile phone number is fine for that.

A mobile operator may choose to link the Mobile Connect identity to their M-Payments system, of course, but that would just be an example of an app (M-Payments) using the Mobile Connect identity (just like Amazon or Google or a bank can, if they want to).

[Full disclosure: I have been involved in marketing Digital Identity for a company not mentioned in the article, but these comments are my own view]

0
0

Court allows EFF to keep donor list secret from patent troll

Graham Cobb

Re: i am sure spotify has done this before the application was even made

What The Register needs is an option to read comments with all ACs removed.

1
1

Bugger the jetpack, where's my 21st-century Psion?

Graham Cobb

Re: Well we almost had it

I don't think that is entirely true. Sure, the N900 only sold to geeks (like me) but my wife is a normal business user and she really dreads the day she is going to have to stop using her Blackberry with its usable keyboard, and go to a touch keyboard. I still think the problem is that Blackberry really screwed up, lost its business customers to the (shiny) iPhone and collapsed in market share. Now no one is willing to buy Blackberries (no apps, end-of-life could happen any day, no one has a BES any more) even though a lot of the business users would really like a keyboard.

2
0

Page: