Service packs, senators and civil liberties
The bulging postbag gives up its secrets
Letters Let's get this out of the way, then. Imagine you have to take a plaster (band-aid) off your shin. Best to get it done quickly, right? Well, think of this the same way.
Feels better already, doesn't it?
Okay, okay. MS has made a mess of things and over 200 applications and games are broken by SP2. Cue the Linux fans once again drunk with pleasure.
But let's be realistic a minute here. If SP2 hadn't broken anything, would we be hearing mounds of praise heaped upon the Seattle altar from critics awed with the top-level fud so displayed ?
Nope, we'd be getting article after article of SecurityFocus guys gutting the update with remarks like "it is impossible to secure IIS without breaking it, so SP2 is just another blanket over our eyes". Well, IIS -is- broken (good riddance).
And it seems to me that that is the single, most important token that MS may indeed be finally taking security seriously.
Unfortunately, many businesses are not seeing this in the same benevolent light, since their web servers depend on this unsecure piece of crap to continue garnering customers (and unwittingly exposing their financial details). So they're not installing it. What a pity.
And what a shame that an important portion of connected PCs will never get SP2 either. All those 95, 98, Me and NT boxes don't even know about it. And those 2k servers are not going to get it either. That means a lot of "legacy" weakness in the Internet for years still to come (until the hardware fails and the home owners have to buy a new PC).
Oh well, we can still imagine that, in ten years from now, most of the connected PCs will not broadcast their ports any more. Think of it : whole generations of skiddies will be stillborn, poor things.
And spam may even suffer a slight setback, although I have a hunch that some far asian hosts will certainly try to do something for those <sarcasm type="HEAVY">poor, benevolent Samaritans</sarcasm>. Meanwhile (rubbing hands together), lets see just how long the list can get.
That's as long as we plan to spend covering this one in letters, so please try to restrain yourselves. We know you'll mail anyway...
Time for a couple of comments about the original pack glitches:
It's saying a lot when the largest number of SP2 conflicts are with Microsoft-developed software. It's so reassuring to see that Microsoft produced a service pack that results in MSN, Excel, Outlook, Word, Powerprint and just about everything else of use that M$ produces "behaving differently". Is this doublespeak for "This will break most of your current Microsoft programs so we suggest you fork out a wad and upgrade to our latest shiny new software."
Is there a way to turn off the built-in firewall after installing SP2 if that's the thing that's causing the most problems?
My boss sent an email out to the IS team regarding this very issue, and he used the greatest subject line I've ever read:
What XPsp2 Breaks So Far.xls
To truly appreciate this, say it with the following emphasis:
"What XP SP2 Breaks, So Far.... dotxls"
The file extension is something of an afterthought, but it's like pouring salt in the wounds. Sure, it's stupid irony, but I got my giggle for the day.
Now, from Microsoft to the public sector in one short hop, and some reaction to the comments made by one of the striking IT workers from Swansea:
I recently made the move from the Private to Public sector (in my case the NHS) and I can completely sympathise with the sentiments expressed by the Swansea IT worker.
While I am sure that some will read what he had to say and dismiss it as 'idealistic twaddle' (a phrase I have heard used in regards to my feelings on the subject) I can only second what he says. I deliberately chose to make the move to the NHS not for financial or career reasons (both of which would have been better served by remaining in the private sector) but because I wanted a job where I felt my actions were amounting to more than just making my employer that tiny bit richer.
It may be indirect but here in the NHS I get the satisfaction of knowing that what I do is motivated by the desire to provide better patient care and in turn, hopefully, makes peoples lives a little better. It is a large and complicated beast and as the gentleman points out it can sometimes more than a little frustrating but at the end of it all it is the patient and not profit that drives us.
I can only wish the gentleman in your article and his colleagues the best of luck in trying to preserve the people (as in the regular citizen) driven service they provide rather than the profit driven service that is likely to replace them.
Yours, Ben Price.
The comments made by the un-named Swansea IT striker ring many bells here at BBC Technology, where I and 1400 of my colleagues are shortly to be sold out to Siemens. He hits the nail on the head when he says ' We don't want to work for a company where profit comes before doing a proper job for the community we live in.'
There seems to be a move towards a small group of huge companies managing and selling staff (er, sorry, I mean 'resources') to many other companies without the consent of those staff. Is this a leap forward to the 21st century? Or a great leap back to the days of slave trading? I know which it feels like from where I sit...
And from the opposite point of view:
"That's just wrong. I feel cheated, betrayed, by the council. Which is why I'm determined to stand by my colleagues and fight for what we believe in. I'm prepared to stand there and take whatever the weather might throw at us. I'm prepared to suffer the loss of earnings that a prolonged strike will entail. I want to provide a public service, not line the pockets of shareholders."
What your source forgets, is that there's also several layers of management above him, whose primary concern is reducing the headcount on the council which has the effect of reducing the top line costs, creating an excess in the pension pot and an opportunity for giving oneself a fat bonus for a job well done and incidentally getting rid of the geeks. Hoorah! Pass the port and cigars. plus ca change.
Standing around in the cold is *not* the right way to beat privatisation, the right way to beat privatisation is to demonstrate categorically that it is more cost effective for the IT services to remain in-house, engage them, don't fight them. It's not hard to show that PFI is over-priced, it's not hard to demonstrate that outsourced consultants are there to line thier own pockets rather than provide an assurance of quality of service.
Wake UP, IT is a commoditized business, the local council can employ four of you for half the price, and then they get to dictate *exactly* what they want done, instead of having to fight you constantly because they've got a tiny budget and you've got your eye on a shiny new 8 way Linux IBM blade server.
Frankly, your correspondent should be outsourced immediately, preferably as an 'advisor' to an indian call centre set up to handle the support calls from his local council which will go through the roof once CG get hold of it. He might then get an idea about how IT works in the rest of the world and then be able to go back to the council with a better offer than CG (and experience thrown in to boot). Maybe he should look at why they're going to CG, and why the internal team wasn't offered the chance to tender (tender whassat?).
No doubt some of your readers would find this view harsh and unsympathetic, but then hey, I work in the private sector, where the sword of outsourcing is used regularly to sweep companies clean of dead wood in entrenched positions, everybody gets antsy about it, but usually the dead wood goes, the outsourcer disappoints, the company in-houses for business critical projects and business advantage projects and new blood comes in and livens a place up a bit, eventually the outsourcing contract runs out and the wheel starts turning again.
It possible to avoid that outcome completely, by simply skipping the outsourcing bit. IT is not a service standing on its own island; it is a consequence of the drive for efficiency and co-ordination right across the rest of any organisation, come out of the ivory tower and jump straight to the 'business focused' and start providing the kind of costs saving innovative 'wheel greasing' that they should be doing, instead of being unsullied by the drive for profit, and the council might start thinking "why are we outsourcing? the hot-shots in the computer room are always right on the money with their service, let's go talk to them about what we actually need before we do anything else, they may have a better answer"
We also reported that the poor Canadians may soon be faced with a 25 cent surcharge on their monthly telephone and Internet bills to cover the growing cost of telephone taps. What place now, you wondered, for satire:
Have you ever seen Terry Gilliam's nightmare comedy, "Brazil"?
A Big Brother-style state invoices families for the investigation, arrest and torture of their loved ones under the banner "information retrieval". It even has credit arrangements to allow the poor to afford the charges on their incarceration.
I wonder if the Canadian police could consider invoicing narks directly?
Back in the bad old days, didn't condemned criminals sometimes have to pay the executioner's fee for chopping off their own heads? Oh, I knew there was a contemporary echo of that practice - the guy who was released from prison recently when the authorities finally decided they had been wrong to find him guilty of something, so long ago everyone has forgotten or died. Wasn't he billed for the cost of his room and board while inside?
Well, I suppose the taxpayer ends up paying for everything anyway. Makes me yearn for that society I read about in an Sci-Fi story, where the first thing that happened to a newly-elected leader was to be fitted for an explosive collar. Then every citizen got a remote-controlled detonator for it...
Speaking of politics...how about the ditzy database that put Ted Kennedy on the terror watch list:
We have a few alternatives open to us after reading this article:
1. Ted Kenedy is a terrorist
2. Political influence can be used to allow terrorists to fly [well Ted called Tom Ridge and got to boord the plane]
3. CAPS is subject to change by use of influence - you can change your CAPS rating if you know the right people, Ted did but HLS won't tell joe citizen how to achieve reversal of a false rating.
4. HLS/CAPS make preposterous errors [although on some interprtetations of item 1, some will say "not so"]
And besides all that, how can Ted prove who he is anyway? He can only prove who some [influential people] people think he is. That's the silly thing about identity systems, their content is meaningless unless identity is assigned unambiguously and unchangeably at the moment of birth!
Oh to be a US Senator, where identity is assured.
On second thoughts, I'll stay "down under" and watch our swimming team bring home the gold.
PS: You write that last week the Equal Opportunities Commission (EOC) began carrying out a http://www.theregister.co.uk/2004/08/13/eoc_study/ "major investigation" to discover why there are so few women working in the ICT sector.
An investigation? Isn't it obvious? Women are smarter than men!
Graham Sydney, Australia [35 years in IT and the scars to prove IT]
As we have utterly failed to find a seamless and witty way to link the last letter into this one, bear with us as we switch course abruptly instead, and ask that you cast your mind back to the news of a hoax mobile phone virus that turned out to be a viral marketing campaign for a computer game.
A variety of reactions:
Isn't the English language just fantastic :) In your article about the Resident Evil marketing campaign you write:
"...in which players defend themselves against zombies by blowing their heads off with a shotgun."
This left me wondering how the player could defend themselves by blowing off their own head with a shotgun - until I re-read it a couple of times! Still, I suppose blowing your own head off has to beat being turned into a mindless zombie yourself :)
Thanks for the chuckle...
Dear Mr Leyden,
I believe this marketing ploy is at best unethical and at it worst, completely irresponsible.
Their marketing campaign had incurred cost on AV companies who have to deal with concerns from customer. As such, I hope CE Europe is sued.
If we allow this type of marketing techniques, someone one day will come out with hoax terror warning that will cause widespread hysteria, e.g., do you want to take the chance of staying if you receive this message: "Warning: a bomb is going to explode near you. Contact 99999 for more infomration"
I think the company is violating Oftel rules on advertising via SMS because of the offer to text them for more information. If I receives such an email, I will complain to Oftel as I think this type of marketing should be stop right dead in the track. I will also complain to Advertising Standard Agency on the grounds that the advertisement is irresponsible.
There are boundaries that you don't cross, and this is one of them.
Thanks and best regards, Cinly
Now, hold fire on your complaints, ladies and gentlemen. Someone has confessed to the whole thing:
As one of the technicians responsible for the recent T-Virus outbreak, it’s with some amusement that we have watched the "investigations" of Sophos, whose diligent technicians "tracked down" the website the messages came from - is it possible they may have noticed the URL at the bottom of each T-Virus message? The cynic in me also suspects that any opportunity to instil fear into mobile users about the possibility of viruses occurring on their phones may be commercially useful to Sophos. As for "unsolicited messages" these are forwarded to friends by friends in much the same (completely legal) way as used by Lycos, O2 and Yahoo amongst many others.
And if Sophos’ redoubtable technicians have investigated the T-Virus properly they should also now be accumulating a fair number of points, in which case they will be in line for copies of the game, T-shirts and other splendid, free Resident Evil merchandise.
That should put an end to that one, then. And we'll let that shameless plug go by, but only because it's Friday.
Right, a brief diversion, referencing last week's letters bag, we think, in which a reader asked why anyone not about to embark on a life of crime would mind having an ID card. This list of suggestions came from an unlikely source: a copper:
I've been following the discussion of ID Cards and it seems to me that some are missing the point. What are we afraid of?
1. The government with a track record of restricting civil liberties going still further with an unprecedented grasp on the individual.
2. A government (not only this one) with an appalling record of wasting huge amounts of public money on vast IT schemes which don't work. The cynical might ask just who is pushing for all these schemes?
3. The Europeans who don't object have never known anything else.
4. But the question not addressed so far is - what use will it be anyway? Can anyone tell me a set of circumstances in which an ID card would be of use to the authorities?. Anyone who thinks you can ID someone just from a card is dreaming. I've been a policeman for over 20 years and would never accept a card as ID. An ID card scheme is a method of creating a fake, stolen and borrowed card industry. The only street-readable biometric is a photo and they are useless, especially for young males who are statistically the most likely offenders and who change appearance so quickly at that age, And if you are not doing it on the street and can use iris or fingerprint scanners, what do you need a card for? You would be connected to a central register anyway.
Going with the civil liberties flow, Norwich Union's per mile car insurance pilot did, as expected, cause eyebrows across the land to twitch:
Pay-per-mile insurance sounds great for people who use their car on an infrequent basis, perhaps just to do the shopping.
But with all that GPS data being collected, surely the instantaneous speed of the car is an obvious statistic that the insurance company will want to collect. And what's to stop the insurance company refusing to cover your vehicle in an accident if you were speeding at the time?
In fact, why should they even cover the 3rd party vehicle? I haven't seen anyone detail the capabilities of this location aware device which Norwich Union is trialling but there are most definitely questions that need to be asked before the programme is rolled out to the general public.
"Drivers will be tracked by a 'black box' which will record data about their journeys, and charge them according to how risky any particular journey is"
What an excellent idea! If the black box reveals that the car crashed, then clearly that particular journey was *extremely* risky, and the driver should be charged the full cost of any repairs.
Incident-free journeys, on the other hand, should obviously attract a zero-cost premium.
Can someone remind me again why we have insurance?
So are NU going to surcharge people who exceed the speed limit and/or report them to the police? Could the police subpoena the records? The possibilities are frightening.
I would hope the boxes contain more than GPS for position information, it's particularly poor in urban environments between tall buildings. Or in tunnels and multi-storey car parks.
It seems to me that the ntion of PAYG car insurance undermines the first premise of ANY insurance, ie the payment of a premium based on what MIGHT HAPPEN. Surely, any premium based on what HAS HAPPENED is a complete nonsense - why pay insurance for a claim that you DEFINITELY won't be making? You might very well drive into a high crime area, play chicken with the police for five hours and then leave your keys in the ignition while you go and watch a film, but if nothing happens that you need to make a claim on, your behaviour is untterly irrelevant to the insurance company providing your cover.
Me? I'd be quite happy to go with PAYG car insurance as long as the monthly premium was ZERO for months in which I hadn't made a claim, any other premium is surely outrageous?
What interested me was the Big Brother element, but even more so that the device monitors your speed, as well as location.
This would mean not only do the insurance company know if you are speeding (which they would probably use to get out of a later claim "insurance voided because you were speeding 9 days ago"), but it would also open up the door to the goverment who want to place these exact same devices in cars to pay for future road tolls and automaticaly issue speeding fines.
Thats all - just my 2 cents ;)
Finally, no letters bag would be complete without someone out there explaining to us how we goofed up this week. Cue this response to the (no doubt shocking) news that office phones harbour more bacteria than do toilets:
Dear El Reg -
Thank you for doing your bit to save the environment - recycling old news stories prevents wasting perfectly good new stories. The "Toilets are cleaner than computers" article on Monday was a great example of this, as you'd already reported this back in March, but in these modern times of text messaging, sound bites and goldfish-like attention spans I'm sure no-one noticed.
Paul Russell Santa Cruz, CA
By the way - we don't know if any of you heard, but there was this great research recently that found that office phones are covered in more germs than toilets are! Disgusting isn't it? We should probably do a story, or something.
Enjoy the weekend! ®
Sponsored: Today’s most dangerous security threats