Gun Control (Again)

 Politics  No Responses »
Oct 022015
 

In the wake of yet another senseless slaughter in the US perpetrated by a supposedly anti-Christian mindless thug, it is time yet again for the US to contemplate a sensible level of gun control.

The US does not have a problem with gun control; it has a problem with mindless violence. There are other countries in the world where gun ownership is at the same level or even higher than in the US – such as Switzerland.

But gun control is a sensible measure to take whilst the real problem – a tough problem to tackle – is dealt with. The fact that the US constitution protects gun ownership is a red herring; as the name implies (the Second Amendment), the US constitution is amenable to amendment.

And even that is a bit of a red herring – the second amendment does not protect gun ownership for the purposes of self-defence, playing with guns at a gun range, or murdering innocent animals,  It protects gun ownership for the purposes of making up a well-regulated militia :-

A well regulated militia being necessary to the security of a free state, the right of the people to keep and bear arms shall not be infringed.

Gun control regulations that do not prevent gun ownership by members of a well regulated militia are not in breach of the second amendment.

If for example the US brought in laws which required gun owners to be members of a well regulated militia (which as a minimum should ensure that militia commanders are subject to stringent checks), store their weapons in a militia armoury, and only be allowed to use those weapons under the supervision of militia officers, it would go a long way to preventing senseless slaughters.

The main aim with that is to ensure that gun usage is subject to collective decision making – crowd-sourcing the decision to use the weapons if you like.

If gun usage is controlled by collective decision making, there is less chance of a murderous maniac slaughtering innocent victims.

You may think that as a UK citizen, this is none of my business, but I dispute that. The victims of this latest senseless slaughter were my fellow humans, and as a human I have the right to stick my oar in.

Dear Mr Huawei ..

 Computing, Humour  No Responses »
Sep 242015
 

2015-09-24 19.02.32

Your new phone turned up on my desk today. It's all very sparkly but there is one big problem with it.

The name.

If you are going to release a product named with an English-language word, then you may want to check the spelling of that word because spelling that word wrong is not very impressive.

Now Americans would have you believe that the word is spelt as you have spelled it – honor. However there is a clue to the originators of the language in the name; you should the spelling with the English.

If you ever release a version of the phone in North America, it would be reasonable to use their spelling of the word. But elsewhere in the world, please use the correct spelling.

It's a bit over the top to insist on a product recall for this, but please remember when it comes to releasing the next version of this phone that it should be called the "Honour 8".

Volkswagen: Fixing Emissions Tests, But What Else. And Who Else?

 Computing, General  1 Response »
Sep 222015
 

So it looks like Volkswagen has been fixing emissions testing in the US …

220px-Volkswagen_logo_2012.svg

It seems that they have probably built into the engine management software something that detects when the engine is being tested for emissions. This apparently detects testing conditions and switches to a test mode where the engine power is reduced sufficiently to reduce emissions below the legal limit. Real emissions are up to 40 times the legal limit.

Volkswagen are apparently very sorry about this, but probably more about being caught than anything else. It could be just a one-off aberation, but frankly it is more believable that this sort of thing only happens within a company that has a culture where deceiving the customers and regulatory authorities is seen as perfectly acceptable practice.

So what else are they up to?

In a Science Fiction story by Charles Stross (Halting State), auditors do a much more thorough job of checking companies for ethical behaviour and screening executives for sociopathic tendencies; Volkswagon's path out of this mess involves and up close and personal relationship with a savage group of auditors looking into the ethics of the company. 

But who else is using engines that lie to emissions tests? Not only do many other car manufacturers use Volkswagen engines, but other car manufacurers also have an incentive to do the same sort of thing. How much do we trust them?

How many Volkswagen engineers and managers involved in this "special" project have gone on to work for other manufacturers?

Regular Password Changes Considered Harmful

 Computing, Security  No Responses »
Sep 122015
 

According to the latest advice from CESG: "Regular password changing harms rather than improves security, so avoid placing this burden on users."

Wrong!

(Thanks to xkcd.com).

Most of the advice given is eminently sensible, and indeed forcing password changes on a frequent basis does more harm than good – when forced to change their passwords every 30 days (yes really!), people will commonly resort to sanity and use passwords of the form: someword-${month} (such as "happy-July"). However the advice to never force password changes was obviously written by someone who is under the belief that staff accounts have a somewhat limited lifetime – people change jobs, etc.

There is still a great deal to be said for changing passwords less frequently – say every couple of years. Or even a random number of days between 730 and 1,095, which will help to randomise calls to the Helpdesk. Amongst other things :-

  1. The concept of a strong password changes over the decades; allowing account passwords to remain the same for the lifetime of a staff account will mean that a considerable number of staff accounts will have weak passwords.
  2. There is such a thing as "accidental shoulder surfing" whereby someone acquires knowledge of part of your password by merely being present when you enter it. Over time they can acquire more and more of your password. 
  3. Only changing an account password when there is a suspicion it has become compromised means that there is no mechanism to lock stealthy intruders out. Whatever kind of anomolous account behaviour detection mechanism you have in place, there is always the chance that a compromised account can remain below the radar; periodic password changes do lock this intruder out.
  4. Less directly, but forcing regular account password changes on an infrequent basis does have the side effect that it allows the education of people that passwords can be compromised.

Of course every security person who read the CESG advice on passwords probably thought "Great. Now who is going to educate the auditors?". 

 Older Entries  Newer Entries