* Posts by RW

1101 posts • joined 23 Apr 2007

New banking code cracks down on out-of-date software


Ring ring: two real-life incidents

Incident One:

One delightful day I got a mail from my bank (Royal Bank of Canada) informing me that online banking was now enabled on my accounts. I immediately phoned them and told them to disable online banking on my accounts.

"But why, sir?"

"It's insecure."

"Oh, no, it's completely secure."

"No, it isn't; one of your marketing wonks enabled online banking on my accounts without my permission."


Incident Two:

ring ring

"Hello, this is Statistics Canada, we have some questions about your census return."

"That's nice but how do I know you are who you say you are? Is there a telephone number that is listed in the telephone book whereby I can validate your identity? We live in a world full of scams, phishing, identity theft and so on, and I would be irresponsible to simply believe you without verification."

"Yes, phone 1-800-555-1212."

"Sorry, but that's not in the telephone book under Stats Canada."

Ultimately he gave up and marked the form as not answered due to concerns about confidentiality. I pointed out that the real reason was that his identity could not be validated, but alas! the form he had evidently had no such box on it to tick.

I once took a course in survey methods from Stats Canada, and in those days they did have verification phone numbers that were listed in the telephone book. No more, evidently.

BOFH: The London Underground vending machine conspiracy


Truth is stranger than -- or as amusing as -- fiction

Many many years ago when I was a wee lad studying at Caltech, one of the guys in the student residence (a native of Texas) was fond of playing obnoxious country music on his radio at top volume with the door to his room open.

Another denizen was something of an electronics whiz and was using a nearby storeroom to build an RF induction heater for some company in the LA area. About a kilowatt, iirc. Old school electronics with *big* vacuum tubes and a largish induction coil.

Eventually the scenario arose where the music lover would do his thing and the electronic whiz kid would simply tune his induction heater until the radio was jammed. Music lover would retune to another station, shortly to be followed by the jammer.

Highly illegal, I s'pose, but I don't know the range of the jammer. We all had a good laugh at Mr. Music.

There is nothing new under the sun.

US cybercrime losses reach $240m


$240 million? Is that all?

That's less than $1 per head on average. Equivalent to 1% of the population losing $100 once a year to "cybercrime." Or one out of a thousand citizens losing $1000 annually.

Sounds like chickenfeed to me.

Somebody refresh my memory: what's the aggregate cost so far of the Iraq and Afghanistan incursions?

UK.gov will force paedophiles to register email addresses


Re: Keep them off the Net

If our esteemed moderator (moderatrix?) will forgive me posting a second comment...

Isn't it time to turn the whole thing about children and the net on its head and stipulate that no part of the net is safe for children unless specifically so classified? And then bar under-18s from all but the kiddies' sections. (Somehow this reminds me of the Howdy Doody show from ancient US television.)

After all, the net was built by adults for adults and only limited portions are intentionally aimed at youngsters. Why are youngsters given free run of an adult institution?

No, I'm not so foolish as to think that kids wouldn't know to fake their ages if they wanted to get into the adult areas.


There's two kinds of stupid

1. Good ol' plain down-home stupid that knows it's stupid.

2. Stupid that doesn't know it's stupid.

Today's pop qvizz:

What is the name of a female government minister who falls into category 2? (Hint: her initials are J and S.) Be sure to explain your reasoning.

Somebody tell me, do these idiots *ever* use the intertubes on their own? If so, how can they be so blindingly unaware of the holes in this scheme? Or is use of the intertubes considered an elitist intellectual practice not permitted to the higher echelons of the leaders of the proletariat? "You! You over there! You've used email! No ministry for you!"

Taking a cue from other comments, the icon of the day is our sad-looking little penguin, 'cause sadness is the only viable emotion in the face of such cluelessness.

BT and Phorm secretly tracked 18,000 customers in 2006

Jobs Halo

The Spirit of L. Ron Hubbard Lives On

"We think it is unethical of the Register to ..."

Sounds like a scientologicalistical double-curve counterattack to me. Accuse your accusors of precisely what they are accusing you of.

Are there any known links between Phorm and Scientology, "the most ethical organization on earth" (except when their moles are stealing government records)???

As for violating RIPA, seems to me that the executive officers and directors of both Phorm and BT need to do some serious jail time. Nothing else will draw their attention to the criminality of their actions. Something like having to hit a mule with a 2x4 to get its attention.

A hefty fine in the tens of millions (pick your currency) would add a certain piquancy to the proceedings.

Note: not criminal conviction of the corporations, but of those controlling them. Big diff.

Why is there no L. Ron Hubbard icon? I had to use someone else with a fake halo as a substitute. (That is Ballmer, no?)

Only Ubuntu left standing, as Flash vuln fells Vista in Pwn2Own hacking contest


I think I'm obsessed and I know I'm confused

I don't consider myself an MS basher, but lordy, lordy, they keep setting themselves up for...for...for...for "adverse comments". Yes, that's it, adverse comments. Definitely adverse comments!

Something caught my eye in this news article:

"new page protections added by Microsoft's security team [via SP1] prevented the exploit from properly executing."

"Macaulay and Sotirov fashioned some javascript to circumvent the new measure, a feat that effectively allows them 'to render that protection ineffective'"

So MS tinkers with page protection,which is presumably down in the depths of the kernel somewhere, and it's circumvented by JS, which is up in the user-app stratosphere. Does this strike anyone else as more than a little odd? That an interpreted, user-level script can suborn kernel functions in some way?

Or does MS have its own usual strange interpretation (and implementation) of page protection?

Help! I'm confused!

MPs pile pressure on ISPs over Phorm


"BT's integrity questioned"

No question about it: they have none at all.

Just like every other corporation, or so it seems.

T5 opening turns into Airplane 3.0

IT Angle

@ Mr Cheese

"I bet the project managers had an oh-so-useful MBA... why this is even mentioned on the HSMP-requirements ahead of engineering, I'll never know. Maybe a politician thinks they're all that's required for industry."

Ahhhh! The sweet sound of those magic initials, EM BEE AYYYY!

Probably the world's least useful educational qualification. AFAICT, MBA programs teach that the working stiffs are all totally fungible, interchangeable cogs you can swap around with no penalty. Expertise, education, experience, and intelligence are irrelevant to achieving organizational goals.

Example: many years ago my idiot MBA-bearing department head was doling out the workload at a staff meeting. Item N on the list was a statistical analysis spreadsheet of something or other that I no longer remember. The job wouldn't have been at all difficult if you knew what you were doing. The MBA wiggled her pen and finally pointed it at her pet secretary, who got the assignment. Said secretary had at best a high school education and was probably one of those people who found calculating an arithmetic average a challenge.

For several weeks I amused myself by noting said secretary sweating bullets as she struggled with a task far beyond her abilities. What the MBA-ess thought of it all, I do not know.

I experienced great schadenfreude, but more important was the realization that The Boss evidently had no appreciation whatsoever that every one of her underlings had specialties they were better at than anyone else in the office. (The secretary's skillset comprised being nasty to those on her s***list, changing the toner in the copier, and sending faxes.)

It has since become clear that this is a common characteristic of MBA possessors, along with the idea that all management is the same and any MBA-holder can manage anything, using a fixed set of techniques.

Politicians being extremely gullible types, they have fallen for this, hence delights like T5. <chuckle>

Mozilla plugs 10 security holes in Firefox


Detection of holes

How many of these fixes were to holes spotted by reviewing the source code and how many by sad experience?

I have to wonder if the entire modern approach to design and construction of programs is fundamentally flawed. TCP/IP stack implementations seem to be pretty much bug-free; is that because of the carefully layered abstraction of the stack scheme? Is a similar approach possible with application programs?

Big cheeses rolled into Vista-Incapable lawsuit


@ David Bell

"we go from the optimism of advertisers into the borderlands of fraud."

All advertising is fraud.

The Guardian ditches Phorm

Paris Hilton

The Global Village Bites Back

Now that the interwebtubenetthing has converted the earth's population (or a sizable fraction thereof) into a single e-connected village, one of a village's characteristics now has global scope: your reputation, which becomes common knowledge and can't be shaken off.

If the scum behind Phorm didn't have a demonstrable track record as spywaremeisters, there's a pretty good chance their system would have been quietly brought online with no flap a'tall. But Mrs. Jones told Mrs. Brown over the back fence, beware, he's a bad 'un, 'll stick spyware on your 'puter if you turn your back...and Mrs. Brown told Mr. Smith who told Miss Emily, and now the entire village knows.

It's like word-of-mouth advertising, immensely valuable, but cannot be bought at any price. (Except for attempts by sleazy marketing liars who attempt to salt social networking sites with fake praise for the junk they peddle.)

Paris because she's only sexually amoral afaict. And she seems to be honest.

US government cools on Real ID threats



"making it harder for terrorists and immigrants to illegally stay in this country"

This makes absolutely no sense at all. A terrorist isn't a terrorist until after he/she has committed a terrorist act, seems to me.

And besides, didn't the 9/11 gang all have a legitimate presence in the US anyway? How would ultra-snoop ID have prevented that???

Seems to me that all the law enforcement types (FBI, CIA, NSA, local police forces, assorted snoops and busybodies) who've always dreamt of a total surveillance state in the US have just jumped on the anti-terrorism bandwagon. Old and busted: it's to protect the children; new and hot: it's to prevent terrorism.

The sad part is that there is a very real terrorist threat in the US, but all this cops'n'robbers nonsense means that enormous resources are being pissed away on ineffective preventive measures.

You don't need to institute a police state to prevent terrorism. Besides, if there's a real threat, maybe some loss of lives and property (as at 9/11) is simply a price that has to be paid for freedom. The 3000 or so deaths at the World Trade Center in this view are martyrs to the cause of civil liberty and freedom, not victims.

Sad prediction: Islamic terrorists will strike again in the US, and afterwards it will turn out that elementary policing methods had been neglected in favor of the gee-whiz, total surveillance approach. Moreover, the next successful attack will use a vector that does not involve aircraft at all, so all the air passenger screening in the world won't stop it. Remember, you read it here first.

I weep for the US, with those ignorant bozos in charge who are primarily interested in lining their and their friends' pockets instead of looking after the common welfare.

US Wi-Fi piggybacking won't put you in pokey


@ Chris Iverson

Mine's bigger than yours is: 75 ft.

House, too, I bet. In the immortal words of Berk Brethed's Opus the penguin, "pffffffffffffft!"

AJAX patent threat to giants under the hammer


Sideband not an extra socket

"Sideband" is a technical word in radio technology and relates to the modulation of the signal. Since our beloved intrawebnettubesthingie uses God-knows-what kinds of modulation schemes at different levels, perhaps not using sidebands at all, it's hard to believe this so-called pseudo-invention has any relevancy.

What puzzles me is the mix between hardwareish details that would be down at the bottom of a tcp/ip stack and applicationish details that would be up near the top. Since the whole point of organizing comms via a stack is to provide layered abstraction, this Does Not Make Sense. Oil & water do not mix, and this pseudo-invention is a pile of horse crap.

Has somebody devised a patent generator that assembles buzzwords in arbitrary, but grammatically correct, sequences and fires them at the US patent office? Rather like throwing shit at a wall to see if any sticks.

Footnote for the linguistically impoverished: "pseudo" = false, "quasi" = "as if". There will be a pop quiz on Wednesday.

Online banking payment system aims to reduce fraud


3 strikes and you're out

Strike 1: Windows only.

Strike 2: IE only.

Strike 3: ActiveX

Evidently news of persistent insecurities in all 3 of these facilities has failed to reach Down Under. Someone, somewhere, who doesn't know their technical/security ass from a hole in the ground, said yes to a technical proposal that on the surface looks very dangerous.

Oh, dear, time to repeat one of the important mantras: "Windows is a consumer grade operating system and as such inherently unsuitable for mission-critical applications."

I can remember years ago when I worked for one of the Seven Dwarf computer companies and trying to make headway against IBM's superlative sales people was an endless uphill battle. They seemed to have mesmerized decision makers with prospects of cradle-to-grave system support. Just what lure Microsoft uses to achieve a similar monopoly is interesting to speculate, given that MS's products are well-known to be difficult to use without risk. Sex? Drugs? Rock'n'roll?

PS: Wasn't it an Australian navy ship run by Windows that got a BSOD and floated around rudderless until damaged by grounding? Don't the decision makers of Australia even read their own newspapers?

"Go" because that's what this Poli will do once the phishers have taken it to town.

Ex-MS staffer to demo Vista smart card hack


@ Phil Rigby

"is it possible to prevent buffer overflows by changing the design of the hardware, say something on the cpu rather than in software?"

Yes, and it was done a good 50 years ago. The Burroughs (now Unisys) "Large Systems" have a stack-oriented, tagged-memory, architecture with descriptor-based memory references. The memory tags allow the hardware to distinguish code and data, code being read-only. The descriptors result in array references being boundary-checked by the hardware.

Rather like wearing a belt and suspenders ("braces" to UKoids): not only can you not overwrite code, you can't even run off the end of an array and overwrite other data.

I believe there have been other hardware designs with similar feature sets, thinking of Honeywell, GE, Philco, and Bendix. Don't have personal knowledge of those so I'll leave them to the cyber-historians.

However, on reflection, it isn't clear to me how resistant such an architecture would be to a determined attempt at subversion. A mainframe presents a totally different environment from a personal computer where the owner is also the sysop.

Spooks want to go fishing in Oyster database


@ Sillyfellow

"we, the citizens of the UK, must be the percieved 'security threat'. it is us, the 'general public' that our 'authorities' fear."

Don't be silly, fellow! Of course that's the case. After all, the citizenry of the UK shows an amazing and inexplicable resistance to NuLabour's schemes to create "The New British Man" via brainwashing and propaganda, and must therefore be forcibly instructed in Proper Behavior Befitting The System. Or something.

I wonder if the yobs are unwittingly protesting regimentation and thought control when they kick some innocent to death. Is there some kind of sociological principle that the more you try to control every detail of life, the less control actually ensues?

BT admits misleading customers over Phorm experiments


Yes, yes, yes, it's definitely malware: BT says so! (plus rant at no addtional cost)

BT: "customers whose DNS requests were being redirected must have a malware problem."

So even BT agrees that Phorm's system is malware. There you have it folks, straight from the horse's mouth.

Deeper thoughts: once again the malaise that infects business worldwide appears: the idea that you can do anything you want in the pursuit of profit (or shareholder value) as long as there's no explicit law against it. IANAL, but my understanding is that statute law is only part of the law, and a minor one at that, that common law is in fact the main part of law. Plus there's the old concept that the courts must seek justice, without being held to the restrictions of both statutory & common law: a legacy from the good old days of the Courts of Chancery.

Time for a new legal principle to be promulgated: business must act ethically, responsibly, honestly, morally, and openly at all times in all ways, never mind the impact of profit or shareholder value. Behaving honestly and morally, sensu *very* latu, simply becomes a condition for doing business at all.

As for the scumbags at Phorm and BT, we need a new legal penalty as well: do something dishonest, and you are issued a sort of ASBO that precludes you ever again being involved in business in any kind of responsible capacity. Perhaps tattoo the word "dishonest" across the foreheads of those found guilty? Think of it: no more directorships, no more management jobs, no job involving money or confidential data, nothing much but a being a salaried grunt at the lowest level of the hierarchy: the janitor or the guy who cleans the toilets, for example.

And make sure that even consultancies are out of the question.

Vengeance is mine, sayeth the Lord!

MPs and Lords turn on government over data protection

Paris Hilton

Whitehall's p.o.v.

The bureaucrats don't see anything at all wrong with their carelessness with personal data.

From their p.o.v. it's the news getting out that's the problem.

You can expect another draconian NuLabour law classifying news of data-loss snafus as official secrets and muzzling of reports of the many further losses yet to happen.

"Openness and transparency" my eye!

Paris because she's the only icon with closed eyes; she sees no evil, therefore she speaks no evil: from the Whitehall p.o.v. the ideal news reporter.

US woman spends two years on boyfriend's toilet


@ AC @ Everyone

I know El Reg's readership comprises a sarcastic, unsympathetic bunch of SOBs, but for once it's time for the entire readership (including the editors) to practice an emotion called "compassion."

It's obvious that both this woman and her b.f. are a few bricks shy of a full hod, but such is life. Amongst us, there are innumerable sadsacks, usually floating along below radar level and managing to lead their lives satisfactorily by their own lights. Sometimes, as in this case, they are exposed to the glare of publicity, but when that happens remember the old adage "there but for the grace of God go I."

Yes, laugh, snicker, point fingers at, and verbally abuse the pretentious, the publicity hungry, the über-rich, and those who should (and do) know better, but remember some people do not know better. They are to be pitied, not sneered at.

Heart because even techies sometimes have to show some.

10 ways to improve your code


Tests first: wisdom of the ancients

"1. Write the tests before writing the code."

Not new, not novel. In fact, old hat.

A variation on this, or perhaps it's a refinement, is that test cases must go hand in hand with the predicted results. None of this "let's do this and see what happens" nonsense. If you don't know what's supposed to happen, then you don't understand the software well enough to be testing it.

A virtue of this refinement is that the results of any test are either what you expected or aren't. But of course "results not what was expected" doesn't necessarily mean there's a bug. It may be that the specification on which test cases are based is ambiguous or incomplete or contradictory or just plain hard to understand. Whichever it is, if the testers can't get it right, you can be pretty sure the progammers had trouble too.

Heart, because I love being retired and not having to do this stuff for a living anymore.

UK government data protection is a shambles

Dead Vulture


Model: the Eye'o'Sauron database is created by merging 6 existing databases. Everyone in the country is represented in all 6 databases. The error rate in all 6 is 10% and the errors occur independently.

Conclusion: 47% of entries in Eye'o'Sauron will be in error.

[Probability of a given database being correct: 90%. Probability of all 6 databases being correct: 0.9^6 = 53%. Probability of at least one database being in error: 1-0.9^6 = 47%.]

If each database comprises 10 separate fields, a 10% overall error rate implies an error rate of 1.1% for each field. If there are 100 fields, the per-field error rate implied is 0.11%. If you want your 100-field database to have an overall error rate of 0.1%, the error rate on individual fields has to be 0.001%: 1 error in 100,000 entries.

IOW, the overall error rate in a database is surprisingly sensitive to the number of independent fields each record contains; the more fields, the more records in error, to the point that a reasonable overall error rate is simply unobtainable. Nobody can enter data at an error rate of only 1 in 100,000. And at the end of the day, all data can be traced back to an error-prone human being entering it.

[Refutations of that last assertion welcomed.]

Reminds me of when I went out looking for a house to buy, and compared each property to the facts on file at the tax assessor's office. Fully half the places I looked at turned out to have errors of fact on those records. Most of the errors were unimportant, but at least one implied the property owner was paying $ hundreds a year more in property tax than he should have.

Has anyone studied the question of information errors, how they arise, how they can be prevented (or their number reduced), how they can be detected? ISTM that without a thoroughgoing understanding of these matters, any attempt to establish any large database is doomed to be riddled with innumerable errors large and small. Just as they are in practice!

Dear ISP, I am not a target market


Psychiatric certification of corporate directors

Can't offer a reference, but I'm sure I've read of psychiatric/psychological studies done of corporate honchos at the higher levels.

A significant fraction of those studied turned out to be true sociopaths: utterly amoral, disinterested in anyone else's needs or wants, lying, manipulative SOBs who would murder their grandmothers if it got them what they want. (That's not much of an exaggeration, btw. Them's very scary types.)

If you imposed psychiatric certification on corporate board members, the board rooms of the world would be emptied toot sweet.

Until the sociopaths suborned the psychiatrists, that is.

PS: from what I've read, it seems that sociopaths are born, not made, and are incurable. Their brains don't work like normal people's.

Microsoft partners cosy up on interoperability


Unintended Consequences?

Supposing MS manages to get OOXML accepted as an ISO standard, hasn't it then lost control of that very standard to the ISO? And will then find themselves in a very odd position when the ISO issues v.2 of that very standard?

Phorm launches data pimping fight back



Didn't Google do a study and demonstrate that the only webpage adverts that *work* are very short, simple ones like those Google puts alongside your search results? Where does this leave the brightly colored, flashing, moving, singing ads marketdroids continue to push down everyone's throat? IOW, targeted or no, online ads are not particularly effective.

It also strikes me that this whole uproar is due to business once again taking the point of view "if there's no explicit law against action X, action X is okay." This philosophy is one very short step away from thinking "if the motive is profit, any action whatsoever is justified." Sorry, mac, think again.

More and more, I think it's time to fundamentally reform the law as it affects business so that they are required to act honestly, honorably, and ethically, in the broadest possible sense. And at the same time, prohibit unilateral changes to contracts such as BT seems to be contemplating.

As some have suggested, perhaps letters from innumerable people to their ISPs (snail mail at that) stating that they do not have your consent to tap your web browsing and referring to the relevant laws would at least put a few speedbumps in Phorm's path.

The snail mail part is important because a piece of paper cannot be destroyed by just pressing the delete key. As a former toiler in the bowels of a bureaucracy, I can assure everyone that written letters are not easily dismissed by the recipients, unlike email.

Flame, because I'm getting fed up with corporate self-importance and total disregard for the basics of human society.

Home Secretary in ID card gaffe



Are these people serious? Does this Jacqui Smith person even understand the words she reads off the papers handed to her by her spin doctors? I want some of what they're smoking!

What we're seeing is due to several pernicious habits the NuLabour crowd have become addicted to. First, a near-absolute refusal to ever admit they're wrong about anything. Second, trying to micromanage technical matters they know nothing about. (The endless interference with schools and the NHS over the most minute details exemplifies this. Folks, leave the technical details to the technicians!) Third, they adhere to that corny saying "optics is everything" and think a good sizzle will do as well as a good steak. Thus the incessant spin doctoring. Fourth, the same problem that, to my mind, affects Microsoft, namely confusing a superficial familiarity with a body of knowledge with true understanding and expertise.

Of course these habits are not isolated. They're deeply intertwined. So much is obvious. In fact, one might summarize all these as a love of meddling based on urban legends.

But there remains an issue I have seen no explanation of: who is it that is pushing so hard for the national ID database? What individual demands it? Maybe I'm naive, but I can't understand how, in the face of repeated, trenchant, reasoned criticism, NuLabour continues to stick to their guns on this. Even given their inability to admit being wrong, something smells funny. I wonder just what powerful person cannot be denied in this matter, what gray eminence lurks within the Labour party.

It's rather like our Canadian laws against porn. They forbid the importation of porn that's completely legal to manufacture, possess, and sell within the country, and are selectively enforced against gay bookstores. One concludes that somewhere in the bowels of government there is a powerful homophobe who dictates policy based on personal prejudice. [This sounds a little like J. Edgar Hoover, but the fact he was a closet case is irrelevant to my argument.]

It would be very interesting if El Reg were to quietly investigate and see if they could identify the prime mover behind this insane scheme. If the results come complete with incriminating emails and memos, so much the better.

Or is it all nothing more than that the IT vendor for the national ID system has already been selected, and he/she/it is a big Labour supporter?

One has to wonder. Nothing would surprise me.

The penguin, because it's lovable and NuLabour isn't.

Government set to 'destroy' UK radio astronomy

Paris Hilton

Sad but true to form

Sitting here in Canada and reading the headlines from Britain, I can only shake my head. What a bunch of muppets you guys have in government!

Sometimes it seems like Those In Charge don't understand that there's a wide gulf between true expertise and what one learns from a quick scan of the latest "For Dummies" book. Unfortunately, "they" probably do understand the difference, but intellectual elitism (i.e. brains) is one of the political errors that must be stamped out; otherwise, how will the New British Man arise from the ashes? (Cue the Bolsheviks and their New Soviet Man. Precisely same kind of thinking as far as I can tell.)

Maybe what British universities should do is simply shut down their sociology departments and thereby shut off the flow of idiots into public life. Any takers?

What's going to happen to Britain when everyone's on the dole and no one is actually working?

Paris because (a) I love using the Paris icon and thinking up spurious excuses to do so and (b) she's got more gumption in her little finger than all of NuLabour's mandarins have in their collective braincases.

Microsoft officially 425 years behind the times

Paris Hilton

@ heystoopid

That this bug even exists says volumes about Microsoft's internal disorganization, but regrettably those volumes are akin to the Sibylline Books and impossible to interpret with any certainty.

How'd it slip past? Perhaps because at Microsoft NO ONE IS IN CHARGE. Everybody's charging around doing their own thing. Cute in a way, all that wonderful empowerment, but not when it results in extraordinary snafus like this one. Maybe the manager that should have caught it was away that day on a course "First Principles of Throwing Chairs"?

Or maybe the DLL's for handling dates system-wide got rewritten recently and since, as everyone knows the new is always better than the old, no one bothered to verify their function.

This bug *is* extraordinary. Staggering. Amazing. And inexcusable.

PS: Lotus 1-2-3 R5 from 1994 doesn't have this bug.

Paris because she probably doesn't have problems with *her* dates.

Data pimping: surveillance expert raises illegal wiretap worries


That Ernst & Young Report

It's just disinformation commissioned in order to muddy the waters.

Accounting firms are like lawyers: they tell the clients what the clients want to hear.

You have been warned.

IE8 to follow web standards by default



I simply don't think Microsoft is capable of writing a standards-compliant browser, no matter how much the brass may push for one.

1. They'll misconstrue the standards left, right, and center, thanks to...

1a. inexperience in following standards (poor reading comprehension)

1b. a tendency to jump to conclusions and think they understand something when they're actually still at the "for Dummies" level (pride & arrogance)

1c. the MS philosophy of dumbing down the computing experience so Joe Sixpack never has to think: the point and drool interface IOW.

2. It'll be full of programming errors thanks to...

2a. persistent use of programming platforms that do not automagically check array bounds. Lotsa buffer overflows! Lotsa security holes!

2b. improper modularization so inter-module interfaces are way too w---i---d---e. The KISS principle (keep it simple, stupid) seems to be an illegal philosophy in Redmond.

2c. retention of old, buggy code from previous versions of IE. More buffer overflows! More security holes!

3. Some of these misconstructions and errors will be deeply embedded in the architectural foundation of the beast and impossible to correct without a complete re-write.

Prediction: IE 8 will only be available for Vista, in order to coerce customers into adopting that much-maligned OS. This strategy will backfire because Firefox & Opera already provide XP-diehards with standards-compliant browsing, and once someone has dipped a toe into the deep waters of open source and 3rd-party software, there'll be no holding them back. Linux, here we come! Open Office, here we come!

Heart because I love Microsoft: they're *so* predictable!

Ofcom stands up to Information Commissioner

Paris Hilton

Corporations aren't persons

But there's a legal fiction that they are, a legal fiction that has greased the wheels of commerce for centuries, to the general benefit of society.

Time to temper that legal fiction with limitations, including one that says "but they have no right to privacy." Including cellphone network operators.

Make 'em just like our gal Paris, no privacy at all, not even about the privates.

Microsoft's data center offensive sounds offensive


Doomed, we're doomed, I tell you!

Given Microsoft's unenviable record for getting things wrong, missing the point, confusing their hallucinations with the customers' real requirements, and general unreliability, they'll be fighting an uphill battle for market position.

Google, whatever its faults, generally gets things right, and in general seems to be a much more nimble, flexible organization that actually provides useful functions. Maybe no more trustworthy than Microsoft, but at least their stuff works pretty much without a hiccup. I'm always in awe that Google Maps works flawlessly on my dirty ol' Win98 box running Netscape 7.2.

[I'm tempted to go back and apply ManFromMars capitalization but will refrain.]

Microsoft cuts Vista price


Oses that suck

Sitting on the sidelines reading the endless "Vista, Shite or Gold?" debates, I have concluded that the #1 issue with Vista is that it doesn't solve the user's problems.

Just like a bad website! (vide http://www.webpagesthatsuck.com)

That this should be the case is no surprise. Some years ago I was yakking with a dude who did contract work for Microsoft, and one of his remarks has stuck in my mind: namely that Microsofties are "incredibly arrogant."

Between their arrogance and their company's monopoly, it seems like Vista was designed to impose Microsoft's concept of "what the users need" on the world, while getting in bed with the media companies and implementing retrogressive DRM throughout the system.

Did would-be users want more DRM? No. If anything, they wanted less DRM, preferably none at all.

Did potential users want their computer to piss away endless CPU cycles validating drivers 60 times a second? No. They wanted, if anything, an OS that made the highest possible fraction of CPU power available to applications.

It's going to be interesting to see how this all plays out. AFAICT, Microsoft still thinks they can force their customer base onto Vista, but as long as there is any kind of escape hatch (Mac, Linux, FreeBSD, etc) this time-honored strategy is at great risk of failing.

After all, if your old, expensive, perfectly functional software won't run under Vista, nor will a lot of your old, expensive, perfectly functional hardware, nor can Vista read your old, expensive, important documents created in old word processors and spreadsheets...after all, if this is the case, one might as well bite the bullet and switch to a system that is less coercive in its outlook.

Flame because, yes, I'm ranting.

How Phorm plans to tap your internet connection

Dead Vulture

@ Stu and "Will it actually work?"

Stu: "Why is everybody being opted IN in the first place?"

The answer is obvious: because no thoughtful person would ever opt in.

Maybe it's just me, but reading these comments made me wonder if Phorm & BT actually know what they are doing. Is there any chance that when this spyware cum snoopamatic thingie gets turned on, BT's internet service will simply stop working? Sort of like a dinosaur with terminal constipation?

Or is this just wishful thinking on my part?

Another tactic that no one has mentioned is for those holding BT stock to write the president and ask why they are taking steps that will seriously erode the value of their trademark, alienate customers, and very likely break a number of laws.

Corporate hotshots HATE to get letters of complaint like that, esp. from shareholders.

Might be worth buying 1 share of BT just so you can say "I am a BT shareholder."

7000 Leap Year Babies attack Steve Ballmer


That Lotus Bug

Lotus has had the 1900-is-a-leap-year "bug" as long as I've been using it, since release 3.1 for DOS, and the most recent version I've used is the same.

AFAIK, Excel has always recorded dates the same way simply for compatibility purposes, but these days the compatibility would be with older versions of Excel, not with Lotus.

What I don't know, and perhaps some El Reg reader with cyber-antiquarian interests can enlighten us on, is whether this "bug" originated with Lotus. Or was it a deliberate effort to make Lotus compatible with Visicalc or some other pre-Lotus spreadsheet?

The use of 1 Jan 1900 as the reference era for spreadsheet dates, presumably due to hardware issues relating to internal representation of numbers, is an interesting example of failure to foresee possible future uses for software. If the Julian date had been used instead, it would be dead easy to record any historical date in a spreadsheet because the Julian date refers to an era about 4700 BCE, which afaik predates recorded history.

As matters stand (or stood, for a long time -- does any spreadsheet implement Julian dates?) if you want to record arbitrary historical dates in a spreadsheet, you have to roll your own.

Ofcom to clamp down on 'unfair' charges

IT Angle

Law? Greed? Regulation?

In the United States, every dollar bill carries the statement "legal tender for all debts, public and private." Here in Canada it's "this note is legal tender."

IANAL, but I'm pretty sure that the effect of such statements is that cash MUST be accepted for payment of debts.

I'm not 100% sure of my facts, but United Parcel Service drivers used to refuse to accept cash for COD charges, but now they do. I suspect someone got after them and pointed out that they were required by law to accept cash if offered. [Their justification was that it made the drivers subject to robbery.] [I may be wrong in saying they now accept cash.]

The conclusion seems inescapable that British telcos are doing this kind of thing merely to charge more money, whatever way they can. They have captive customers so they see no problem with sucking blood out of them at every opportunity. They can -- and do -- get away with it because the government is too supine to bother with legal fundamentals like "the law governing the payment of debts."

There remains the simple fact that certain types of business are public utilities: water, sewer, electricity, and, yes, internet connections, and whether they are monopolies or not it is simply damned Thatcherite foolishness not to regulate their rates and charges: dictate what they can charge under what circumstances, and that only after public hearings: just like any of the gazillions of "Public Utility Commissions" in the US and Canada.

Information wants to be free... except at UK Customs


"Ignorance of the law is no excuse"

But what if the details of the law have been deliberately withheld by HM govt?

Want to snoop on your neighbors? Come and work in Wisconsin


Why so much information?

Sounds like the real issue is that the database contains way too much information in the first place. Is this another example of marketing wonks over-extending their reach? That seems to have been a lot of the reason TJX was hanging onto too much information for way too long and ended up losing 50 million CC numbers. (Or was it 100 million?)

And why weren't individuals with access restricted as to what data they could retrieve and for which customers? Sounds like everyone had 100% access to everything.

Was this system designed by experienced professionals or did they find the design as a prize in a box of Cracker Jacks?

Two truisms:

1. Your systems ***will*** be hacked, no matter what you do, and data stolen from them.

2. Anyone who has legitimate access to your systems ***will*** misuse that access.

UK rattles 'three strikes' filesharing sabre (again)


Vampire Bats and Penguins

Tim: "...the kind of weak-minded, inexperienced social sciences graduates who form the bulk of our junior ministers."

Richard: "It always amazes me how naive those in charge are around technology."

Holy dripping vampire bat feces, Batman, there's The Explanation of The British Political System: it's C. P. Snow's two cultures at war, with the soft-centered social scientists winning and in the flush of victory doing their best to suppress intellectually elitist bodies of knowledge like mathematics, chemistry, physics, astronomy, biology, and (ta da!) technology.

Okay, I'm being silly, but when I read those two remarks (thank you, Tim and Richard!), it was like fitting the last piece into a difficult jigsaw puzzle.

Still at sea, still wondering if I've gone to the Martian side? Let me try again:

cause: degree in social sciences

effect: naivety about technology

Der Penguin 'cause he's the closest icon to a vampire bat and penguin feces are pretty stinky too.

EU wants RFID tags turned off


Marketing Wonks Strike Again

Firefox tells me I've used this title before, but it's a good one so here goes anyway:

I don't know whether to laugh or weep over the ceaseless efforts of the MW's (marketing wonks) to psychoanalyze us via data mining. They think that if they can fully log all the online ads you click on, the web pages you visit, and the products you buy, the inner details of your loathsome psyche will be dragged kicking and screaming into the daylight, the better to force unwanted further purchases on you. Or brainwash you into voting for Huckabee (are RFID's biblical?). Or something.

The TJX mess appears to have been due to marketing wonks hanging on to personal information, but I suspect TJX has learned a lesson: buying a couple of bags of coffee beans at my local TJX outlet the other day, I mentioned TJX's security woes to the cashier; she replied that they no longer keep any personal information on file at all.

Marketing wonks = stupidity, nosiness, and unsubstantiated snake oil.

Question: has anyone ever had anything effectively marketed to them via this kind of strategy? I suspect that there are very few positive results, but of course the MW's won't admit it and then have to go get an honest job selling their bodies or digging ditches.

Microsoft opens APIs and protocols to all


Oh, Goody!

"30,000 pages of documentation surrounding Windows client and server protocols."

Thirty thousand pages to document the protocols? Am I just ignorant or is this a reasonable volume of documentation? Sounds way out of line to me, pagecount-wise if nothing else.

As others have commented, opening the APIs is probably going to reveal a lot of security holes. Rumor has had it for years that Windows' memory management is so poor that Excel, Word, and other applications have trap doors into the Windows kernel so they can do their own memory management, otherwise performance takes a significant hit. Sounds like institutionalized rootkits to me, just waiting to be exploited by scammers, phishers, and their ilk.

I anticipate that El Reg will feature a long series of articles on Windows APIs and the various incompetencies, stupidities, and inefficiencies they reveal.

Unseen 'Marilyn Monroe' nude snap wows US expert

Paris Hilton

A Common Failing

Many self-designated experts in document authentication are no such thing and are very easily fooled. This makes for easy exploitation of the gullible by the cunning: "See, I had this handwritten diary of Hitler authenticated."

Same thing happens in the art world, vide the recent scandal of the English family who scammed a number of big museums with fake antiquities.

Or search for "mormon murders" (sans quotes) at Alibris for several books relating to faked documents in Utah.

IT angle: be sure to authenticate your data!

Paris, because it's hard to tell if she's a fake airhead or an authentic one.

Opera CTO: How to fix Microsoft's browser issues


Analysis: Wherefore art thou so buggy, MSIE?

Reasons pour le bouggienesse from reading the entrails:

1. Business model: establish monopoly via proprietary software in order to lock in and coerce customers to continue using MS software.

2. Corporate culture: internally, MS has no dedication to standards of any sort so no matter what their stated intentions. Even if the intentions are genuine at the smoke and mirrors level (i.e. Ballmer, spin doctors, etc), the working level grunts don't pay much attention.

3. Lack of expertise and experience: too much turnover in the grunts writing the code. Why? I don't know. Perhaps someone who's worked at MS can tell us. Some might call this "sheer incompetence". Perhaps the main reason is that IE 7 was left more or less untouched for so long that most of the programmers who understood it have long since moved on to greener pastures so IE code is written by greenhorn rookies with little experience.

4. Reuse of old code with old bugs unfixed: IE's original base was the long-gone Mosaic. I'll bet a jelly donut that the guts of IE8 still includes some of that code. Cue the fairly recently discovered bug in WMF rendering, a bug that turned out to have existed from Windows 3.1 on, iirc. It's quite clear that MS hangs on to elderly, bug ridden code.

5. Enforcing the MS monopoly: Andrew Carnegie, the great Scottish-American steel magnate, had the nasty practice of driving his competitors out of business by selling steel railway rails below his cost of production. Since his enterprise was large and extensive, he could target one hapless bastard after another for destruction simply by dicking them over in their more localized market.

In a way, the various types of software comprising a modern desktop computer (OS, wp, spreadsheet, db, media player, web browser, email client, etc) are analogous to these local markets. MS uses the profits from Windows and Office to subsidize IE in the same way, though bundling IE with Windows is a tactic Andrew Canegie had no equivalent to.

I should add that American anti-trust law specifically forbids Carnegie-like price undercutting…except in software!

6. Failing to charge a reasonable price for IE: The MS beancounters undoubtedly view IE as nothing but a cost center, since the profits from it are diffused across that vague entity "monopoly". Hence, IE development is chronically strapped for money, to the point that software quality suffers. If MS started charging realistic prices for Outlook Express, IE, and various other "free" parts of the Windows package, the quality of IE would go up—unless, of course, there was a mass flight to other browsers, cutting off the income stream.

It appears to me that in the face of this kind of institutional inertia on the part of MS, the only way to break the logjam would be for some major web destination to announce it's going to begin adhering to standards strictly.

Suppose Ebay, Amazon, Yahoo, MySpace, Facebook, YouTube, or Google did this, and emblazoned their pages with "works okay in standards compliant browsers, here's Ballmer's phone number to register your complaints".

If that happened, you'd see a sudden upturn in use of non-MS browsers. I speculate that if this happened, MS would be so far behind the 8-ball they would be unable to upgrade IE before its market share collapsed. But this isn't going to happen unless there's some kind of plot to torpedo MS amidships.

This explanation is so wordy only an extraterrestrial could love it.

HMRC blows £1.4m on two-word slogan

Paris Hilton

@ Christoph

Don't forget Scott Adams' "Dilbert" as another analysis of management stupidity to set alongside "Parkinson's Law".

There is an extremely amusing account in Adams' "The Joy of Work", pp. 233–237, of consultant-led development of a mission statement that arrived at a result almost as soft-centered as the new HMRC slogan.

It appears that HMRC has forgotten one of the yardsticks by which the "goodness" of a tax system is measured, how much does the collection of the tax cost relative to the total collected? Every nickel spent on frippery automatically reduces the quality of the system. "HMRC Ambition" is definitely frippery.

The worst part is that the participants in these exercises in nonsense-generation have neither any shame about their participation nor awareness of how silly and wasteful it looks from the outside. For all the good the new HMRC slogan does, the participants might as well have been sent on a John Cleese Silly Walk Seminar.

However there is worse: the government of British Columbia once came up with the management guideline "visible frugality", apparently missing the point that this slogan implied that wastefulness was acceptable as long as it was well-hidden.

Paris because while she pretends to be an airhead but seems to be financially pretty astute, the villains in this case are genuine airheads with no financial astuteness whatsoever.

Nanny agency hacker fined



Perhaps it's apocryphal urban legend, but I'm sure that sometime during my long and misspent life I've read that if you turn the doorknob on an unlocked door and enter the premises within, you have committed the crime "break and entry", but if the door is wide open you haven't.

Whether you then commit theft, murder, or mayhem is another legal issue altogether.

Seems to me that true justice would mitigate the seriousness of this nanny's crime on the basis that the victim failed to take even the most elementary of precautions. Perhaps it's time to bring back the Court of Chancery and get true justice without reference to precedent and statute?

Not-Paris because I'd like to use Paris but the troops are complaining that she's no longer funny.

Enraged vegan spitroasts Reg hack

Dead Vulture

A Living, Breathing, Walking Stereotype of Nutritional Madness

As soon as the old eyes focussed upon the opening words of the rant, I wondered if the ranter was actually a rantress (or is that rantrix?), as these types seem to be predominately female.

And, oh, dear God, yes, she is! A genuine certified Earth Mother in full throat and in spades. And then came the bit about "dies a slow death as his colon struggles to expurge his over burdoned [sic] diet of meat and dairy products", so to top it all off we have an Earth Mother Who Believes In The Colon Cleansing Fallacy. Betcha she takes a high colonic regularly—and, sadly, subjects her kids to it too, thereby permanently f'ing up their digestive tracts and temporarily disturbing their electrolyte balance.

[Feeding your kids a strictly vegan diet sounds like a really bad idea. Perhaps someone should point this out to the child welfare authorities? No, wait,wouldn't work -- *their* ranks are infested with Earth Mothers who wouldn't see the issue, PC again trumping common sense.]

Don't the authors of these rants realize how utterly silly they make themselves look???

Side issue: Mankind, carnivore or not? If I recall my anatomy correctly, our teeth and digestive tract give us away as omnivores: canines & incisors for meat, molars for veggies, long digestive tract that efficiently extracts the goodness from nutrient-poor foodstuffs, i.e. veggies. True carnivores are distinguished by very short digestive tracts as their usual diet is so nutrient-rich; vampire bats with their exclusive diet of blood have exceptionally short tracts.

These anatomical details coincide nicely with the picture of our ancestors wandering the savannahs of eastern Africa as hunter-gatherers primarily of roots, seeds, fruits and other veggy truck, but sometimes hitting it lucky by finding a good chuck of carrion or even killing an animal. Moral, for those who care: the ideal diet is near-vegetarian, supplemented by small amounts of meat.

And what about lactase? Tony Barnes: "People who don't have sufficient lactase - i.e oriental, black, etc - due to not having domesticated cows, and their genes for lactase shutting down in adolescence..."

The natural human condition is for lactase production to shut down once a child is weaned. Those of us with adult lactase production can thank many generations of distant ancestors who found milk a convenient and nourishing food, thereby providing an evolutionary advantage over those who couldn't digest the stuff. I am curious how many generations it would take for the adult-lactase gene(s) to spread as widely as they have in milk-drinking populations: any guesses?

Dead vulture because what delicious carrion it would make.

5,000 NHS records vanish with latest lost laptop


Work at home?

I keep seeing the lame excuse "I needed that data so I could work at home."

And what, pray tell, is the difficulty with doing your job during normal working hours at your normal place of work? *Especially* when the data is so sensitive? One suspects that it's just an ego-stroking exercise: look at me, how important I am, *I* have to use this laptop full of Important Data while I travel." To use a charming old Briticism, bollocks.

Color me "not convinced."

At least some of this carting data by hand around the landscape must be intended only to justify a seat in first class "so they can work in peace and quiet."

An anonymous coward wrote "Doctors and such are often working at sites where they don't have access to the main NHS network."

What sites are these where they don't have network access? And what kind of work is it that requires so much data that it can't be transferred via a good old-fashioned PPP dialup, available anywhere there is a phone line. For that matter, you could do PPP over a cell phone, no? [Excuse me if my technology is out of date, but I'm retired and no longer fret over details. The rest of you can just suffer.]

If the volume of data is too great for dialup to handle, then that doctor (or such) is doing too much work in the wrong place—precisely the same issue all over again.

PS: and what are these "and such" folks who are categorized with doctors?

It smells like a lot of ego-masturbation going on, the laptop full of Important Data being the new status symbol, never mind the potential consequences of forgetfulness, stupidity, or sheer bad luck.

Pr0n baron challenges Google and Yahoo! to build better child locks

Thumb Down

A Complex Issue

It's time to turn the issue of protecting kiddies from pr0n on its head and instead of walling off unsuitable parts of the internet from the little dears and precious snowflakes, restrict them solely to those parts that are explicitly deemed suitable for them. After all, the internet wasn't built for chlildren: it was built for adults.

If Wikipedia doesn't designate itself as suitable, why the tikes will just have to find some other source of information to crib their school work from.

Of course, the cry "it's for the children" is a smokescreen for the prudes, whom Chris C. has so nicely holed amidships. The prudes in turn are patsies for right-wing control freaks who want to institute a police state in which we all learn to love Big Brother or they'll know the reason why.

El Reg readers with a controversialist frame of mind may want to try out, when next arguing with some fundie "nudity, inherently dirty or not?" the dialectic "But man was created in God's own image. The Bible says so. Are you telling me that God Himself is inherently obscene?"

And finally a historical note: the extremely prudish American attitude towards sex and nudity is very much a holdover from the earliest Puritan days, unfortunately given a new lease on life when William Jennings Bryan first played the religion card as part of a political campaign.

Big Climate's strange 'science'

Paris Hilton

@ Jonathan McCulloch

"Climate change is a big money-spinner for the vested interests... and it's balls."

Uh . . . no. The big money involved is in areas like automobile manufacturing, the oil industry, and such. The climate change folks are very small minnows in a lake containing some very large—and voracious—fish.

Yes, absolutely right about vested interests, but just follow the money and you'll see which vested interests have theirs knickers in knots about climate change: those self-satisfied ones perfectly happy to assume life will always be just as it is now and damn the consequences of believing so. George Bush and his buddies in the oil industry exemplify this outlook.

Paris because...well, because it's nearly spring and I'm thinking of Paris in the springtime.

Biting the hand that feeds IT © 1998–2019