Dear Mr Huawei ..

 Computing, Humour  No Responses »
Sep 242015
 

2015-09-24 19.02.32

Your new phone turned up on my desk today. It's all very sparkly but there is one big problem with it.

The name.

If you are going to release a product named with an English-language word, then you may want to check the spelling of that word because spelling that word wrong is not very impressive.

Now Americans would have you believe that the word is spelt as you have spelled it – honor. However there is a clue to the originators of the language in the name; you should the spelling with the English.

If you ever release a version of the phone in North America, it would be reasonable to use their spelling of the word. But elsewhere in the world, please use the correct spelling.

It's a bit over the top to insist on a product recall for this, but please remember when it comes to releasing the next version of this phone that it should be called the "Honour 8".

Volkswagen: Fixing Emissions Tests, But What Else. And Who Else?

 Computing, General  1 Response »
Sep 222015
 

So it looks like Volkswagen has been fixing emissions testing in the US …

220px-Volkswagen_logo_2012.svg

It seems that they have probably built into the engine management software something that detects when the engine is being tested for emissions. This apparently detects testing conditions and switches to a test mode where the engine power is reduced sufficiently to reduce emissions below the legal limit. Real emissions are up to 40 times the legal limit.

Volkswagen are apparently very sorry about this, but probably more about being caught than anything else. It could be just a one-off aberation, but frankly it is more believable that this sort of thing only happens within a company that has a culture where deceiving the customers and regulatory authorities is seen as perfectly acceptable practice.

So what else are they up to?

In a Science Fiction story by Charles Stross (Halting State), auditors do a much more thorough job of checking companies for ethical behaviour and screening executives for sociopathic tendencies; Volkswagon's path out of this mess involves and up close and personal relationship with a savage group of auditors looking into the ethics of the company. 

But who else is using engines that lie to emissions tests? Not only do many other car manufacturers use Volkswagen engines, but other car manufacurers also have an incentive to do the same sort of thing. How much do we trust them?

How many Volkswagen engineers and managers involved in this "special" project have gone on to work for other manufacturers?

Regular Password Changes Considered Harmful

 Computing, Security  No Responses »
Sep 122015
 

According to the latest advice from CESG: "Regular password changing harms rather than improves security, so avoid placing this burden on users."

Wrong!

(Thanks to xkcd.com).

Most of the advice given is eminently sensible, and indeed forcing password changes on a frequent basis does more harm than good – when forced to change their passwords every 30 days (yes really!), people will commonly resort to sanity and use passwords of the form: someword-${month} (such as "happy-July"). However the advice to never force password changes was obviously written by someone who is under the belief that staff accounts have a somewhat limited lifetime – people change jobs, etc.

There is still a great deal to be said for changing passwords less frequently – say every couple of years. Or even a random number of days between 730 and 1,095, which will help to randomise calls to the Helpdesk. Amongst other things :-

  1. The concept of a strong password changes over the decades; allowing account passwords to remain the same for the lifetime of a staff account will mean that a considerable number of staff accounts will have weak passwords.
  2. There is such a thing as "accidental shoulder surfing" whereby someone acquires knowledge of part of your password by merely being present when you enter it. Over time they can acquire more and more of your password. 
  3. Only changing an account password when there is a suspicion it has become compromised means that there is no mechanism to lock stealthy intruders out. Whatever kind of anomolous account behaviour detection mechanism you have in place, there is always the chance that a compromised account can remain below the radar; periodic password changes do lock this intruder out.
  4. Less directly, but forcing regular account password changes on an infrequent basis does have the side effect that it allows the education of people that passwords can be compromised.

Of course every security person who read the CESG advice on passwords probably thought "Great. Now who is going to educate the auditors?". 

Are Drone Strikes Self-Defence?

 General, Politics  No Responses »
Sep 082015
 

The big story of the day is the news that a UK drone strike took out an ISIS terrorist in Syria; one who used to be a UK citizen. After all, ISIS claims to be a nation state and so their "fighters" (actually terrorists) could be said to have given up their previous citizenship.

Arguing about whether it was justified is completely pointless without access to all of the relevant information which we won't get. It would be a very good idea for someone sensible (i.e. not a sleezy politician) outside of the intelligence community to review that secret information and to be the one authorising such activities.

But is a drone strike self-defence? It may well be under military terminology or even under international law.

In terms of ordinary understanding of self-defence, it is not – in terms of someone assaulting you, it is self-defence to break someone's arm as they are striking you; it is not self-defence to break their arm because they have promised to assault you tomorrow.As ordinary people understand the term, a drone strike is not self-defence.

It might be somewhat less contraversial to call a spade a spade and term this attack a "pre-emptive defence againt an imminent mass terrorist act" (or whatever phrase would fit the facts). On the face of it, using a drone strike to kill two terrorists only who are about to launch a terrorist attack, is the least-worst action. 

That does not justify so-called "collateral damage" (in honest spade terms, that would be the indiscriminate murder of innocent civilians), and anyone who authorises drone strikes that results in murder should be prosecuted.

 Older Entries  Newer Entries