Original URL: http://www.theregister.co.uk/2005/10/14/letters_1410/
Turkey new hotspot for holidays and viruses
A politically flavoured bag of letters
Letters The postbag was positively groaning this week. But we shall ignore almost everything you've said in favour of a fabulous photo story. We got a note from a reader (thank you, you know who you are) that one William Gates III was holidaying in Turkey. And Lo! CNet has the confirmation.
Sadly, the esteemed news site was unable to prevent itself from morphing into Hello! magazine, in a new triumph for tech journalism. Surely such heights have not been scaled since SF Gate profiled Larry Ellison's rather decorative wife, Melanie Craft. (Really, read it. We think you'll like the bit about the shower.)
Anyway, check out the pictures here. See how cheerful they look? Pay special attention to picture two. Does Sir Bill remind Doonsbury fans of anyone?
Finally, we don't wish to seem uncharitable, but does anyone else think that it can be pure coincidence that Gates holidaying in Turkey at exactly the same time as there is an outbreak of avian flu in the same country. We all know about MS and viruses, after all...
And on with the show. Let's see, you've vented on many subjects. Let's start with the conviction of one Daniel Cuthbert for the "hacking" of the DEC Tsunami appeal website:
Thanks for the story on the Tsunami "Hacker" - the first I have seen that actually describes what the poor sod did.
If you had told me that this would constitute an offence, that the police would pursue it, and that the CPS would prosecute it, prior to this case, I would not have believed it. I'm quite at a loss as to how typing a URL which would only have yielded a page on a baldy configured server constitutes an "attack" - it would seem to be a perfectly reasonable "sanity check" to me.
It seems that the real evil in this case is the extremely badly drafted legislation - how are we to know what we have "permission" to do? We do not!
However, the people who created this miscarriage of justice are the police and CPS, who seem to be both ignorant of the territory in which they are operating and capable of extraordinary malice. I have no idea what the officer who said that this "sends a reassuring message" was driving at - the message it sends to me is that anything I type may be willfully misrepresented and used against me.
Oh, and I donated £150 to that appeal through that website that week - I would not do so again, as I would not feel safe. That is the saddest aspect of all of this case.
What utter crap!
So now, if a website publishes a broken link and I click on it, because they didn't INTEND for me to have the access I'm a criminal?
Better arrest just about everyone!
I just put ../../../ into the address bar. Does that make me a bad guy?
'Dr Neil Barrett, a computer crime expert recently appointed to advise the EC on Microsoft issues, said: "...the access was unauthorised. He came to a site for which he did not have permission to exceed the normal user levels of access and attempted to elevate that access. Now, it's true that security professionals do such things - on penetration tests - but that's where permission has been given." Barrett does not believe the verdict will have much impact on the security community.'
The man typed NINE bloody characters into his browser's URL bar, for God's sake! For this he loses his career, is convicted of a criminal act, is fined and branded a criminal for the rest of his life?
I can guarantee that in the unlikely event that any British law enforcement agency ever asks me for help with a computer security issue, they'll get a "bugger off" until I see a subpoena from a US court - and I *do* have British customers, so it's not entirely outside the pale.
In fact, let me go one step further: Now that a police agency has demonstrated that cooperation by computer security professionals will be used to oppress the innocent, the curious, and those who are (justifiably) wary of criminals, I will *never* give any such cooperation to any law enforcement agency without a court order.
This is pretty scary stuff. I should add that this is coming from the Metropolitan Police, probably the worst law enforcement unit in the country (the people who shot dead an innocent tube passenger, the people who shot dead someone for carrying a chair leg, the people who arrested protestors...when the Chinese President visited London, etc.).
This kind of gung-ho who-cares-about-the-consequences policing is low-level tyranny and its getting worse: the Government is passing overly broad laws which are being strictly interpreted making criminals of everyone. I predict that one day even shouting "nonsense" at the Foreign Secretary will be treated as terrorism by the police. Oh..
This may seem daft but typing ../../../ in the address bar can't possibly be referred to as "...the access was unauthorised. He came to a site for which he did not have permission to exceed the normal user levels of access and attempted to elevate that access".
Surely all he would have seen would be a 403 Forbidden message. How can anyone be prosecuted for this!
The Googletoolbar has an up a directory button which does the same thing. and which I often use when navigating in a site in the hope of finding more general information than given on the specific page I'm reading.
I also routinely get 403 errors when doing this - does that make me a criminal? Surely there has to be more to this story or our criminal justice system is in a real mess.
"Cuthbert put ../../../ into the address line" is that all he did? I run an Apache web server here and have at least 10-20 attempts at those kinds of vulnerabilities a night, man I need to call the police, I could be rich at a £1000 a pop.
And what's this Intrusion Detection System? It's obviously over-paranoid since Cuthbert didn't actually manage to intrude, just knock on the door. Do I need to get one to earn £1000 per hack attempt?
What is the world coming to? Maybe the Met should get out there and target all these script-kiddies randomly scanning every IP range they can dream up and who are willing to cause damage, should their new piece of software provide the functionality to break in. I've got plenty of server logs for them to start with if they need.
I feel sorry for the guy, seeing as he lost his job which is probably a bit harsh.
But he did break the law...it's interesting to note that the people up in arms about this are the "security experts", are they trying to say that there should be one set of rules for them, and another set of rules for everyone else?
Imagine, if I was passing a house and I thought a crime was in progress because I heard shouting and crashing sounds from inside. Do I have the right to break open the back door and have a look? Or even sneak in, if the door is open? Not according to the law!, because they could just as well be having kinky sex, as actually really killing each other.
Now, if there really _was_ something going on then I'd be morally right to go in and do the right thing, and perhaps that's what the guy felt he was doing; but the bottom line is, if he thought the site was dodgy, he should have followed the proper channels to have it investigated.
At the very least he could have contacted the website in question (even anonymously if he was afeared for his reputation) and explained the situation to them; rather than walking away and making it look like an attack.
that's my 2 pence anyhow.
Is this right? Convicted for typing "../../../" in the address bar?!! How on earth can this be a crime? Why isn't this a national outrage? Is there a campaign site? Aren't we all guilty of doing this, even by accident?
Still, I suppose he was lucky he didn't do it on a "strategic" site - he could probably be held by the Police for 3 months without charge. Wow, I love my country. Where did it go?
So if I, in my ignorance, type in the string from your article ../../.. I can end up with my career in ruins?
Mind you, as being a techie Frenchman using a mobile phone in a heavy coat can get you an arrest record then why should we be surprised?
And they want to be able to hold people for 90 days!
Next up, the BSA and its new found consumer loving face. Yes, the one that wants private copy levies scrapped in the EU. Because they are not fair to consumers, now that we have shiny fabulous DRM as an alternative:
I always wondered why we paid blank media levies and then got sued for performing tasks we'd paid tax to be able to do. The worst was realising every time you burned a data CD that you'd wasted your copy tax on *not* pirating copyright material.
The only down side of removing copying levies is that they could have possibly been used in defence of burning bit-torrented albums, as the music cartels had received their royalties for the works burned to CD.
"But surely the BSA has not thought this one through. If Europeans are all paying for unpoliceable private copying already, why do we need DRM?"
Excellent question! If I were in the EU, I'd certainly be all in favor of keeping an existing, simpler, and functional systems of fees over DRM. On the other hand, if I had an interest in selling DRM systems, then I'd be all in favor of scrapping the fees, thus increasing the need for DRM. (I think this is terribly obvious, but sometimes the obvious needs to be said aloud.)
After all, if you're in the business selling DRM systems or DRM enforcements tools (such as the upcoming Windows Vista product), then the more people you can corral into using DRM, the more money you can make, the greater control you can have.
By the way, wasn't Microsoft instrumental in setting up the BSA (Business Software Alliance) about fifteen years ago when MS felt they weren't getting sufficiently preferential treatment from the SPA (Software Publishers Association), who, at that time, were more concerned with shareware registrations?
Even better, instead of charging us MORE for the DRM content, why not just give it away cheaper? I mean, after all it can't be copied. RIGHT?
Are you sure it's not a hoax?
Was it really all they said? They didn't print the rest of the press release in smallprint on the reverse side? They didn't mention something along the lines of wanting DRM software forced upon everybody - and high licences for the DRM-enforcing-software?
C'mon... You report the news! Let us know the rest!
I loved the quote 'DRM is increasingly being accepted'. All I ever get asked by my non tech friends is how to remove itunes DRM so they can play the files on their cheap MP3 players!
(Or maybe this is all some nefarious plan to get DRM accepted then lock it down a lot more tighter when its sort of accepted.)
(Would love to say more but theres some black helicopters landing outside.)
Slightly worrying, this next one. A study reveals that the UK's system for tracking criminal and terrorist finance is not up to snuff. Those in the know are not surprised:
None of this is surprising.
If i position myself as a data miner (one of my skillsets) i get asked where my Phd in advanced stats is, and get paid 50% (or less) of what i get offered as a BI, DSS, DW, or DB architect professional. No Phd required...
Further, as i consider it a really interesting, socially beneficial, and rewarding line of work, i looked at roles being offered by the NCIS's high-tech unit (a year or two ago), and the salaries and remit were less than attractive.
So am i astonished that they are (mostly) staffed by MOUS-qualified staff who think a mailmerge, pivottable, or auto-import from .CSV is high-tech? Not really. Will they have some great people who do it for passion? Probably. Will they be decision makers and architects? Unlikely. Am i working there? Not on your nelly - i'd be arrested for murder of colleagues, and my defense of self-defense and/or euthenasia would not hold water:)
An anecdote: When a (4 months pregnant) co-worker was anonymously threatened with highly abusive and threatening emails from an anonymous AOL address, it took me exactly 15 minutes to track down their IP address, and about an hour to get hold of AOL's officer in the UK for such cases (i did have to bounce between their offshore helpdesks in india and ireland...)
As AOL mostly uses a unique IP and dial-back, they knew exactly who the originator was. Armed with all the facts, all the names, and a closed case, it took 2 weeks to find the right person in the police force, and another week before action occurred.
Am i confident our law enforcement officers are capable of dealing with high-tech crime? umm...
None of you was particularly happy with the idea of putting benefits claimants through lie detector tests either:
What???!?? I'm outraged... Obviously this will never get into law, and it's just Blunkett trying to get into the headlines again, but the man clearly has a screw loose.
It's quite well understood that lie detection systems, no matter how sophisticated cannot detect certain types of liar. A good example are those people that genuinely believe (or can convince themselves) that the lies they are telling are justified.
Surely the worst offenders are those that have little or no moral sense, so are unlikely to show any stress when spinning their own version of the truth.
Ironically, many politicians fall into this category. Just look at the rubbish some of them spout with straight faces!
Presumably Blunkett, Blair et al will also be quite happy to have one of these devices installed in the middle of the House of Commons chamber?
It could then handily warn the people when our elected representatives are being less than truthful, by emitting a great Family Fortunes style "wrong answer" noise.
Come on Blunkett - show the people you have confidence in this technology you are prepared to use on the rest of us!
Also in this highly politically charged letters round up, we should pause to consider the BBC's request for more cash. A mixed response here, and not much middle ground:
F*ck the BBC
Remember that the BBC is being pushed hard by HM Govt to roll out Digital TV. The Govt doesn't want to do it itself and cop all the cr*p now being thrown at the Beeb for forcing everyone to change their TV's etc. So the money the BBC is after is, in part, to cover the cost of doing the dirty work of Bliar, Brown and Co.
Hey, lay off Auntie!
The TV license fee costs a fraction of a Sky subscription, and provides far better content and services - the Listen Again feature for radio (and they're planning to add TV to that service, too - not just comedies, AFAIK, but the whole week's worth of output). I gave up my Sky subscription ages ago because it was so expensive and offered nothing worth watching. The Beeb has a great reputation worldwide for the quality of its journalism and content. On top of that, they're now having to stump up the costs for the digital transition - it makes no difference to us, the taxpayers, whether the gov't or BBC pay for that, of course, we'll still pay for it one way or another. So if you want to have a go at someone for the cost of the license fee, blame the government for pushing what would have been a government cost onto the Beeb.
I've got no affiliation with the BBC, I just think they provide a great service and even £180 (by 2013 - that's still quite a long way off, it's not as if next year's license fee will be £180) is great value for money.
So leave the Beeb alone.
(Flooding Eastenders out of existence sounds good to me, though!)
If all this extra content is being provided based on my TV License, I'd like to know what the BBC is going to do about getting it to me.
I have not purchased a set-top box, and have no intention of doing so either on the basis that the coverage is not universal. My father (for instance) lives in Croydon, and can only get 5 of the "many" extra channels available to those with set-top boxes.
I live in woking, and can barely receive channel 5 where I am.
Before the BBC decides to start wasting my money on extra channels, they need to spend money on the infrastructure so that people can actually receive it.
Am I entitled to a discount because I feel that there is nothing extra on these (quite honestly) appalling extra channels? No. And wh not? because then the BBC would lose its monopoly.
If they want to fund these extra channels, do it the commercial way and charge people directly for the use.
God damn it, I'm not a money tree!
The BBC can increase my licence fee to fund the transfer to digital. All I ask in return is a small share of the £xxxBn profit from selling off their analogue spectrum once they have migrated.
That's not too much to ask is it?
Sadly, all that cash will go to HM Government, not to Auntie. This should not surprise you...
Something a little lighter to end on? Yes, we thought so.
So why not take a stroll through the Peruvian mountains where farmers and miners are protesting that wads of money are being spent on technology when all they really want is some decent bloody irrigation:
Give a man a spade and he will create an irrigation channel, telling his friends and neighbours.
Give a man the Internet and he will tell Everyone! He'll even stop digging to blog by phone or check his email every five minutes.
I think that these Peruvians are very ungrateful. Here is Switzerland we are in dire need of more soccer pitches and who can complain about more bandwidth? The Swiss have no understanding of draining ditches and irrigation anymore. The Peruvians need to understand where the Swiss are coming from. Maybe they could compromise with a few hotels on tops of the Andes with James Bond being chased by <insert in baddie-de-jour>. That's something that the Swiss can relate to.
Regards, Sean Redmond.
This explains why my IRC channel (#peruvian-princess-4-me) has been such a raving failure. Who'd have thought they couldn't read or right. Dammit, back to the drawing board.
--- All well and good, say local farmers, but as representative Cristian Huilca put it: "We're peasants, many of us cannot read or write ... But we don't believe the internet will help us as much as an irrigation channel will." ---
Enjoy the weekend. ®