Feeds

From Indymedia to the Moon: your musings in full

An eclectic postbag

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Letters It is Friday, so we'll kick off with a little more about the Indymedia server seizures, then get gradually dafter as the page progresses.

Earlier this week, we ran some correspondence from readers complaining that we were taking the whole thing too seriously, and should have more faith in the judgement of the FBI. Today's emails provide a counterpoint to that tune:

I read some of the letters you have received about the indymedia hard drive seizures. I must say that I am as dismayed as you are about the attitude people have regarding governmental abuse of power. They always seem to come in two flavors. The ones who think that anyone who doesn't think exactly like they do deserve anything they get and the ones who think that even though the government may have overstepped its bounds this time, they won't do it again. The former are the cheerleaders for dictatorship as long as they are part of the group in power. The latter are always surprised when the next governmental abuse of power surfaces. And the next. And the next.

Like you at El Reg, I realize how important it is to stand up for the rights of every person even when those people spout things that are distasteful. The government must be shown that the people will not allow the rights of anyone to be trampled no matter what the reason. If we allow the rights of the people who own indymedia to be abrogated without due process and without regard to the history of common law, all of us are threatened.

A note to those who cheer when someone they personally dislike gets abused by government. Though they need you now to get what they want, history has not been kind to the common man who betrays his fellow man to curry favor with those in power. Eventually, you too will be come a liability. Just ask those people who helped Stalin or Mao or Pol Pot or Castro.

Robin


The seizure of Indymedia servers is not at all OK with me. Boo-hiss to FBI for this. While I hope they catch their man, given the very open nature of IMC files, I don't believe wholly seizing the server was necessary. But they're not ones for subtlety, are they?

From my perspectives as a media activist who got his start with the Indymedia cell in Madison, Wisconsin (that hotbed of librul love), as a civil liberarian, and as a newspaper publisher ("The Wisconsinite" took pages from both IMC and El Reg!), this action was not good on any count. For one, the FBI craning its neck overseas or generally anywhere means something foul is afoot. While it is not wholly surprising for the FBI to come knocking and seizing a server on grounds as hollow as many they've used recently, it's very disquieting.

The old saying of course goes, "And when they came to seize my server, there was no one left to speak." I do wonder if that might not happen to me some day. I can rest a bit knowing my lawyers will be ready to bring it on.

Best, Jason Haas Madison, Wisc., USA (Canada South)


Sticking with the issue of political trust, Blunkett's most recent attempt to convince the UK that we need ID cards hinged on the notion that we should trust the nice government people. They are looking out for our best interests, see? And that nasty Immanuel Kant is to blame for all the horrible cynicism in the press:

Who is this Kant fellow? Somebody should seize his servers!

Rev Al


Hi,

Forget Kant and a (long) history of doubting governments intentions. Recent actions don't exactly inspire trust - WMD anyone? If Blunkett wants the British public to trust him about ID cards, he and the government should have started with not misleading to us about other things.

Erik.


Regarding the attempt at reassurance by Mr.Blunkett, I submit the following. The British government is untrustworthy. Before getting your knickers in a knot over the statements of some "bloody foreigner", I'm an American, who years ago, lived for a time in London, the government of my own country, be it Democratic or Republican is no more worthy of ones trust.

It's simply the nature of governments, and re this, I'm given to reconsider something offered by the late Lyndon Johnson, who during the Vietnam era, or part thereof, was President of The United States. On the subject of legislation or laws, Johnson offered the following.

Any proposal must be viewed as follows. Do not pay overly much attention to the benefits that might be delivered were the law in question to be properly enforced, rather one needs to consider the harm done by the improper enforcement of this particular piece of legislation, whatever it might be.

Alan


"We need these because otherwise going to America would mean having to pay for a $100 visa per person per trip, which is inconvenient, and expensive"

? I have never had any desire to go to America either now or in the future. Can I use this as a reason to not have an ID card or bio passport.

Bob H


The, by now, self-sustaining debate over employment of known virus writers in the security sector:

Hi

I have numerous previous convictions for organised car theft. Perhaps Erik Piper would like to employ me as a car parking valet at his company's headquarters. With my in depth knowledge of car theft I am sure I will be able to bring a fresh dimension to the role.

Graeme


"But how do Zoner's hosting clients know they are safe from the possibility that Benny might create a backdoor in systems? Zoner's Piper said that Benny was well aware that if he tried anything like this not only would he lose his job but he'd be unlikely to be employed in the Czech IT sector ever again."

I am a security professional and I do not worry that security companies employ people with histories.

What worries me is when a software company either does not have, or does not understand the value of, QA.

If they did the answer would be that they have "an established QA process that performs extensive code review and testing independently of the developer that would discover such things and that established controls protect the integrity of the code once it has been QAd."

Any body, not just known VXers, could add malicious code. If there is not proper QA or controls any code could be compromised at any point in the development process. After all someone managed to get a whole 3D flight simulator into Excel in one of the MS Office releases and backdoors tend to be slightly smaller than that.

Chris


The World Trade Organisation recently ruled that the US laws banning cross-border gambling break international trade rules. A reader says, so what?

You completely missed the story on the WTO judgment of the American-Antiguan dispute about online gambling. I have researched this issue myself, and so I see behind the misrepresentations that you are making. You should have talked about the actual treaty language at issue, whether America negotiated away its right to restrict international trade in gambling. By failing to address the actual issue of the dispute, you have disserved your readers.

The real story, which you _should_ know, is that the treaty wording speaks very generally, in terms of opening up "recreation" to international trade. It says nothing about gambling specifically. Considering the historic practice of gambling restrictions in America, usually left to the states, and in most cases outlawed, it is absolutely ridiculous that the WTO ruled against America.

The other major issue you completely missed was how America will respond to the WTO's "judicial activism," i.e. failure to comply with the letter and spirit of the international law which was supposed to be instituted. America will not change its gambling laws. Therefore, any attempt by a bunch of French fried eurocrats in Geneva to corrupt America are impotent. In which case, the WTO has overstepped its bounds, and is bound to suffer for it. America certainly won't.

John


Next up, the rather unexpected, but much welcomed news that Poland has withdrawn its support for the current form of the EU software patents directive. Apart from one email saaying that we should have used "scuttle" instead of "scupper" in our headline, the general feedback has been along these lines:

That's great news, and much better than what the UK's two faced elected representative have archived.

Can you give me the address of the polish minister for technology (or whatever) so I can send some fan mail.

Thanks.

David


I don't speak any Polish, but could you find someone who does and get them to send an email to the Polish government, saying 'bloody marvellous'.

Thanks, Phil


More trouble for the headline writers, now, about the news that a naval medic convicted of child porn offenses will be allowed to keep his job:

Re: Child porn navy doctor keeps job

I can't believe you missed the opportunity to put "Steer clear of the buoys"

Robin

A shocking lapse. Our headline monkeys will be whipped. Or possibly tasered.


Speaking of tasering, how many kids have you zapped this week? This refers of course, to the tale of a six year old tasered by Miami police when he threatened to cut his own leg with broken glass, and another youngster who was tasered just as she ran on to a main road.

Two schools of thought on this story: 1) what a great idea, lets herd the little buggers off to be tasered, and 2) the cops probably had some justification for their actions:

Obviously the parent in question thinks her little darling would not hurt a fly... these people need to wake up and smell the coffee. most kids in my area could use a good tasering, they are quite happy to throw stones at your car or burn down trees then stick fingers up at you and run away. Thats after some of the worst language i've herd in a long time and I'm an engineer. most parents dont care and the kids need sorting out.

PlanetCox


'Hey, here's a piece of candy, hey, here's a toy. Let the glass go."

As someone who's had some experience with "problem" children I wanted to point out that this sounds perfectly reasonable. Problem is, this kid is most likely not in a "reasonable" state of mind and his behaviour is probably going to be driven more by impulse than reason.

Projecting a rational, adult mind on a child in an irrational mental state can be the worst thing anyone could do and can be tragic.

Its very possible using the taser was the best thing to do under the circumstances. Having said that, I wasn't there and I don't know the kid (then neither did the police), so I'm going to reserve making any judgements.

Michael


Wow! You can safely Taser children?

I bet the little s**ts hanging about the streets of Edinburgh and Glasgow would be a lot less lippy to the currently unarmed cops with the threat of a 50,000 volt zinging. I think we'd all be amazed how frequently the Taser product "accidentally discharges" in the presence of Burberry caps and shell suits. Nick


You're not a parent are you ?

I've had kids jump away from me near busy roads, and it is bloody scary. Even my 3 year old can out accelerate me over a 5 metre distance, and some years back my 6 y.o old nephew got hit by a car when he got away from me. He wasn't seriously hurt, but if I'd had a taser, I'd have used it. The cop had a hard call, but are you seriously suggesting he should have let the 12 y.o run into traffic ?

Can you run so fast that you can snatch a fleeing 12 yo before being hit by traffic ? Do you have a S on your chest ?

The 6 y.o with glass is a bit more tricky. Sure sweets might work, but I'm not aware that US police have these as standard issue. I imagine you'd have been happy to slag them off with a headline "cops go to sweetshop whilst child dies", if that approach had gone wrong. Also look at the context, the situation was bad enough that the police had been called, this obviously is not where a child finds a bit of glass on the floor and plays with it, obviously it was a high tension situation.

Again as a parent I've seen kids do the most amazingly stupid things, even whilst I tell to stop, and I have the advantage of knowing them, a stranger would stand even less chance.

Tasering anyone carries a risk, but fast cars and glass shards aren't safe either. Have you ever had to make a real time judgement on a child's safety ? Doesn't sound like it.

Dominic


Seems we've been misleading you most egregiously. A story about a time bomb has offended one reader in particular:

Re your article "Say hello to the 'time bomb' exploit".

I think it's a disgrace that you're allowed to use such misleading headlines and you should be "struck off" (in a professional manner, not a lewd one) immediately.

I was shocked to find the article held no details of the adventures of talking devices capable of freezing time and passing the Turing Test.

Needless to say, I shan't be reading any of your "articles" again. Regards, Miffed of Salisbury


A sceptical response to a survey promising good times ahead for security professionals:

I find this kind of self-congratulatory survey appalling. They never reflect reality, and are the first things brought up in graduate level business stats courses as examples of biased statistics. And I suppose all of these $120,000/year security professionals have even made a dent in the SPAM, viruses, or software vulnerabilities that we have to tolerate in the world today? No wonder business has a hard time investing in security - it doesn't pay back. Actually, the salaries are probably much lower level than reported, as are the responsibiliites that these professionals actually have. As for a boom time ahead, I'll believe it when some of the security problems get solved, instead of just patched.

Keith


More of that despicable Kantian cynicism about government IT projects, this time, the payroll service:

"The project cost £3.3m and after nine years never delivered a workable system."

That sounds like one of the greatest IT triumphs ever achieved by a Government IT project. Name one that lasted nine years and did not piss ten times that against the wall.

Steve


Half Life 2's authentication procedure has not won it many fans. There might be more on this one, later:

Half-Life 2 requires "activation" ? You mean, like Windows XP ? So what happens in 10 years from now, when I decide to reinstall it on my ultra-modern mega-gigaflop PC, just for old sakes ? What if Valve is not there anymore, and has no more servers to authenticate me ? Strike that, what happens when my hard disk bites the platter and I have to reinstall everything ? Do I get to re-authenticate, or do I have to actually buy another copy ? This is madness. Valve : drop the authentication. I bet that in less than two days, pirates will have cracked it anyway. A waste of time for a useless bit of programming.

Pascal.


All this talk of war gaming seems to have confused some readers:

So what the US government is looking to implement is a dedicated command and conquer network. The moustichioed, buzz-cut, generals will be able guide their combined forces about the battlefield with a simple graphical interface, not doubt it will include a digitized voice telling them that they have selected 10 light-infantry cannon-fodder raw recruits.

Cool. When is it coming out for X-Box? Might get a little bit slow when the network crashes and they have to use the disaster recovery mechanism of good 'ol 56K (well actually 26K) modem.

Will splinter cell be included?

Nick

Quoth Andrew: Muzzies? On generals? This isn't Village People, y'know!


And finally, in our coverage of the SMART-1 launch we describe the Moon as Earth's only satellite. Not so! BUt the others are only temporary moons. A bit like occasional furniture, perhaps?

Apologies for the pedantry, but the earth actually has 5 moons. The second moon (Cruithne) is 3 miles across and has a 770 year horseshoe orbit. It was discovered to be a moon in 1997. Since then 3 other smaller moons have been discovered, with much duller names - 2002XYZ, or some such.

My thanks for this interesting factlet go to the Stephen Fry and the BBC, more specifically their quicky program, QI (Quite Interesting).

Cheers (and sorry about the pedantry again!)

Mark

Here is a link about Cruithne!

Enjoy the weekend. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Facebook's Zuckerberg in EBOLA VIRUS FIGHT: Billionaire battles bug
US Centers for Disease Control and Prevention contacted as site supremo coughs up
Space exploration is just so lame. NEW APPS are mankind's future
We feel obliged to point out the headline statement is total, utter cobblers
FedEx helps deliver THOUSANDS of spam messages DIRECT to its Blighty customers
Don't worry Wilson, I'll do all the paddling. You just hang on
Down-under record: Australian gets $140k for pussy
'Tiffany' closes deal - 'it's more common to offer your wife', says agent
Internet finally ready to replace answering machine cassette tape
It's a simple message and I'm leaving out the whistles and bells
The iPAD launch BEFORE it happened: SPECULATIVE GUFF ahead of actual event
Nerve-shattering run-up to the pre-planned known event
Win a year’s supply of chocolate (no tech knowledge required)
Over £200 worth of the good stuff up for grabs
STONER SHEEP get the MUNCHIES after feasting on £4k worth of cannabis plants
Baaaaaa! Fanny's Farm's woolly flock is high, maaaaaan
Boffins who stare at goats: I do believe they’re SHRINKING
Alpine chamois being squashed by global warming
Swiss wildlife park serves up furry residents to visitors
'It's ecological' says spokesman, now how would you like your Bambi done?
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.