More Zonkyness

Blog

  • An Alternative Method of Gun Control

    Given the tragic shooting incident at a US primary school (what would be called an elementary school in the US), it is hardly surprising that the subject of gun control has come up yet again. Normally proposals suggest taking the more extreme types of guns (such as assault rifles) away, without banning all guns.

    This may be a mistake given the US Constitution and opposition to changing it. The relevant clause of the constitution reads :-

    A well regulated militia being necessary to the security of a free state, the right of the people to keep and bear arms shall not be infringed

    There are a number of interesting things that this does not say :-

    1. There is nothing in this statement about the right to bear arms to defend yourself (at least from criminals).
    2. There is nothing in this statement about the right to bear arms to go out shooting defenceless wildlife.
    3. Although the statement includes the right to “keep” arms, it does not say where such arms should be kept.
    4. Although it does not explicitly say so, it is very clearly defined that a person’s right to bear arms is in relation to a “well regulated militia”; in other words one does not have a right to bear arms unless under orders to do so.

    So rather than restrict what kind of arms a US citizen can own, perhaps it makes much more sense to restrict where arms can be held and how they can be used :-

    1. Any three or more individuals are free to establish a militia for the defence of the state or some other suitable purpose.
    2. The state is allowed to appeal to a court in the event of a militia it feels is set up for nefarious purposes.
    3. A militia must establish an arsenal which may not be a personal home. An arsenal must have an appropriate level of security.
    4. A militia or member of a militia is allowed to purchase any reasonable weapons, but they must be stored within the militia’s arsenal.
    5. Weapons may only be used by the members of the militia during training or during an operation sanctioned by the militia.
    6. No weapons may be used by an individual without supervision by another two members of the militia.

    Of course the real test for a proposal on gun control is whether the NRA like it or not. If they do, it must be wrong!

  • Aren’t Those Key Legends Dumb?

    Take a good hard look at your keyboard. Right Now.

    Ignoring the symbols themselves, although there’s a good long rant as to just why the pipe symbol (‘|’) has to be a shifted key, there’s quite a few oddities on the keyboard. At least if you get a chance to think about it. Not so much in what they do, but in their names.

    BackSpace
    If you are old enough to remember typewriters, printing terminals, or even certain exotic terminals which implemented “backspace” properly, this label is always a bit grating. Why? Because a backspace does not delete anything, but is a way of overwriting symbols to generate other symbols – you could always write a cent symbol by entering ‘c’ followed by a backspace and finally a ‘|’ to get a ¢What we see when we press the backspace key today could be more accurately described as ‘delete last character’, or rubout (as used on some old keyboards). So the backspace key should really be the “Rubout” key.

    Delete
    And whilst we’re in the region of deleting characters, what about the “delete” key? What is it supposed to be deleting? The character under the cursor ? The word under the cursor ? The line? The next line? Well we know what it is, but that is no reason not to make the key legend more explicit.What about “Delete Next” ? This gives an alternative for “Rubout” as “Delete Prior”.

    Enter/Return/Carriage Return
    Again, if you go back to the distant past and dig out an old clunky typewriter you will find a large key at the right of the keyboard that would cause the roll containing the paper that the letters were printed onto, to shoot back to the right [corrected] and move up one line. This was the carriage return. And of course it makes no sense for our modern keyboards to have a key labeled after a physical action that no longer exists.Some have a key labeled “Enter” in addition to “Return” (or sometimes instead of “Return”), but what does that mean? Enter what? The next line? There have been keyboards in the past with a more sensible “New Line” key, but that trend did not take.

    Does it not make more sense to label the key after what it does rather than it’s historical purpose? What do we use the “Return” key for these days? Well it’s either to start a new paragraph, or to do the command we have just typed (into a command-line shell). So what about “New Paragraph/Do” ?

    Alt Gr
    Also known as Alt Graphics which originally was a key for composing box graphics, but is now used for producing alternate graphemes from the keyboard such as ©, ™, Ä, etc.
    Or perhaps more explicitly, it produces symbols that be produced by the keyboard normally not available.So why not simply label the key after what it produces? Such as “Symbols” ?

    The “splat” (Windows)
    There are two problems with the Windows key. Firstly why is it an icon when the rest
    of the keys are text-based? It is not as if the other non-symbol keys do not have suitable “icons” such as ⎇ for Alt. Use either icons or text; personally I prefer text.Secondly there is the problem that the Windows key is specific to Microsoft Windows; even within Apple’s perfumed prison, the tendency has been to move from vendor-specific (open Apple symbol) to generic (“Command”).

    That is not to say that it is a poor idea in general – there is a lot to be said for a key to be used for generating short-cut commands to control the computer as a whole. A “computer command” key as opposed to an “application command” key (or “Alt”).

    There are a few other oddities too, and it is quite possible that I will get back and update this post with incoherent rantings about those too.

  • Information Security As Medieval Town Defence

    I have been thinking a fair amount about Information Security recently; probably because I am in the middle of a SANS course which is rather more interesting than most IT courses I have been on. As I was walking in this morning, I was pondering how I would explain what I do to a distant ancestor. Not exactly the easiest of tasks given that what we do involves what would seem to be magic to someone from the distant past.

    But an analogy did occur to me: What we do is somewhat similar to the militias that used to protect walled towns and cities in the medieval era; particularly during periods of the medieval era when central authority was somewhat lacking. Such as England’s “Anarchy”.

    In the distant past (and in some cases, not so distant past), towns could be at risk of being sacked by brigands for profit or for some “military” purpose. Those living in towns were obviously somewhat reluctant at this possibility, and in many cases would arrange for protection by hiring soldiers to protect them; the defences would often include city walls, a militia (paid or voluntary), etc.

    Which is somewhat similar to what we do – we’re the soldiers hired to protect the “town” (a company or some kind of institute), and we build town walls (firewalls), and other defences. Obviously it is easy to take the analogy too far – we don’t get to fire crossbows at our attackers. But neither is it completely inaccurate, or indeed uninteresting.

    Today we expect our central governments to arrange physical protection for us – we don’t expect to need to organise a militia to protect our cities; neither do we expect to held up at gun point to turn over our valuables. Yes there are exceptions, but they are sufficiently unusual that they are greeted with astonishment. And yes some companies with especially high value assets do arrange for additional protection over and above what is usually provided by the state.

    But when you compare physical security with information security, it becomes apparent that we are still in the medieval era when it comes to information security. States are only just beginning to look at “cyberwarfare” and offer little other than advice to individuals or organisations looking for protection; it is common to hear that the police are simply not interested in looking at an issue unless the costs are less than £1 million.

    If someone suffers financial harm through a phishing attack, our standard response is to blame them for being “stupid”. Whilst most phishing attacks do involve someone doing something stupid, it seems odd to blame the victim – who would blame the victim of a mugging?

    Similarly when an organisation has some attackers break in, steal a whole bunch of database files which in turn contain tons of clear text passwords, or hashed passwords, we blame the victim. How could they be so stupid as to not protect that data? After all, it costs more to be careful.

    So perhaps I could explain what I do as being an old warrior who has settled down in a town and runs the local militia.

    Now if you’ll excuse me, it’s time for bed – time to hang up the crossbow and take off this horrible chain mail.

  • The NHS DNA Database

    Today it was announced that the NHS would be mapping the DNA of cancer patients (with their consent) to be stored and used by researchers. Which on the surface seems to be a perfectly sensible thing to do.

    Of course there are those who are concerned with the privacy issue of the data being stored. Which is fair enough – any large storage of data like this is subject to privacy issues, and there are genuine fears that the data may be made available to private companies with no interest in health research.

    Amusingly one of the comments was that the data would be made anonymous by removing any personal data from the data made available to researchers. Amusing because with the most personal data and ultimate means of identifying individuals is the DNA sequence itself – nothing can be more fundamental in identifying an individual than their unique DNA sequence.

    On a more serious note, it is effectively impossible to make this kind of data completely anonymous. To be of any use the data in this database needs to include more data than just the DNA sequence – such as disease(s), treatments used, outcomes, etc. Whilst this may not be useful in identifying every individual taking part, it may well be enough to identify individuals with rarer combinations of disease and circumstances.

  • The Arrogance Of Leadership

    In the last week, we have seen two example of the arrogance of leadership; on both occasions David Cameron has unilaterally decided that the considered opinion of a group of experts is wrong and his snap judgement is right. Of course he is not the only example of this sort of thinking – most Prime Ministers of the past have committed the same sort of error of judgement.

    The two decisions in question were the response to the Leveson report, and today’s report on the future of recreational drug legislation. In both cases, people have gone to a considerable effort to consider what to do about certain issues. And of course have spent a lot of my money on doing so.

    I do not resent my money being spent on such things; what I do resent is that some puffed up politician is wasting my money by not spending an appropriate amount of time considering the report(s).

    A snap decision is necessary in some circumstances, but not in these circumstances! There should be nothing wrong with a political leader saying that they would like to spend some time considering the report – rather than respond with gut instinct to the report’s headlines.

    Ripping up a report within hours of it being released is contemptuous of the work that has gone into it, and wasteful of taxpayers’ money.

    It may well be that ignoring the report’s recommendations is the right thing to do, but to do so too quickly is definitely the wrong thing to do.