Original URL: http://www.theregister.co.uk/2005/10/18/letters_1810/
Black helicopters prompt burnt toast pandemic
We might have missed something there...
Letters The government has pitched the price of a standalone ID card at a mere £30, presumably to try to encourage a buy-early-to-save-money rush on the things, if they do manage to get them through both houses of parliament. You still don't seem to like the idea of them very much, but your thoughts on the subject do seem to be tending towards the rather desperate humour of the condemned man:
If it's £30 for an ID which will replace the need for a passport all over the EU, and it's three times that for a passport, that should kill dead sales of passports, at least for Euro travelling.
Will RyanAir accept the ID card or will they still insist you buy a passport to take advantage of their cheap fares?
I wonder if this is intentional, seeing as you will presumably need to raise the £93 to get a card before you can get a job, or apply for benefits isn't that going to be a little challenging if you have no money?
Perhaps this will lead to unfortunate people asking not for change for a cuppa, but change for an ID card?
Funnily enough, I can do all of the things that this card "can be used for" without an ID card, or with my current passport.
It's just another case of trying to justify this abhorrent waste of public money, a large chunk of which will of course go into the back pocket of the friends of the current government.
As a metric of how expensive government projects are to the tax payer, I propose a new system of measurement: blokes with shovels. This simple system compares how much a project costs with simply paying blokes to shovel the money into a huge pit. (Perhaps the millennium dome inverted?)
I don't believe your pricing estimates, & question the validity of your data. Orwell was right, but 25 years out ibn his estimate not 1984, 2005
Er, not our pricing, matey, Charles Clarke's...and for the record, we too question the validity of his data, almost on principle.
The LSE says that US companies get more out of their IT kit than do European or British businesses. Your response has generally been along the lines of "Well, they would say that, wouldn't they?":
LSE makes over-reaching conclusion to confirm own point of view shock!
The US owned firms are probably successful enough to have invested across 2 continents (assuming that it isn't just some American guy who's come over and bought a company).
Companies of that size tend to get the magic Microsoft slush fund chequebook and pen treatment (and not just from Microsoft) - cue huge discounts and better value for money; cue greater effect from IT spend.
In other news, the LSE conclude that, because celebrities get lots of free stuff, they must be better shoppers than poor people. Poor people should therefore adopt a celebrity lifestyle.
Good plan. We'll be off to Chanel Couture to get new Register T-Shirts made up just as soon as we're done here.
Don't computers cost relatively more in the UK than they do here in the US? I noticed personal computers tended to cost nearly the same number of pounds when I visited Britain in 2000 as machines here cost in dollars. That made something like a 1.5-to-1 higher cost including taxes. If you spent relatively similar amounts UK users would then get less productivity because they had less machine. It could be a smaller ratio than the above cost differences since most machines these days have quite a bit of power and memory even at the low end.
Of course the price differential may be less since the dollar is much weaker against the pound currently. Anyhow, I don't personally think IT is more poorly managed over there - we are adopting ITIL here and it started there, for instance.
Next up, the ongoing push to get Blighty's shoppers to use chip and PIN when paying for their goods. Some reasonable questions about this technology remain unanswered:
Mmmm... Chip and PIN.
1\ Ideal for mugging the OAP at the checkout. Stand in queue behind old lady. Watch her enter her PIN. Wait to leave store. Mug old lady outside. Go and empty cash machine.
2\ Ideal for teenagers. Stand in queue with parents. Watch PIN. Have full access to any pocket money at any time.
3\ How do I know that the reader is legit and not just some chip cloning machine?
So, if chip and PIN is going to be the only way, how will my local petrol station cope? They have a kiosk where one pays. They tried using Chip and PIN, but customers are stupid. And they kept dropping and smashing the card readers. So now it is signature only....
Technology eh? Why is it designed by idiots? Any why don't they think about the idiots that are going to use it? :)
I refuse to use chip and pin as I believe it make me less secure even though it makes the banks and possibly the retailers more secure. The shift of liability is the main issue although there are others I haven't time to go into now. The technology while flawed is not the main problem.
Like with ID cards convenience is not the most important thing in this area for me security is.
I recommend this website for more information about some of the problems.
Disclaimer: I do know Mike Bond and have on occasions met Ross Anderson and took his Computer Security courses as part of my Computer Science Degree.
Our beleaguered security correspondent often gets emails from people who want lessons in hacking, either computers or mobile phones. You will not be surprised to find out that many of these emails comes without capital letters, punctuation or even the slightest tribute paid to accurate spelling.
Here follows an example:
hi i am from puerto rico and dont speck much enghish so listen i want to lear how covert in hacker i want to hack plz help me to hack i lear faster and plz dont hack my computer lol cya
We suspect these sorts of letters may be prompted by occasional articles like this which confuse the very hard of thinking into believing that we are a hacking tip service. Fortunately, we have escaped any more such missives so far this week:
SMS messages are based on a technology imaginatively called 'Signalling System No.7", SS7 or C7. I used to work in this area, and the feasibility of denial of service attacks was a regular topic of conversation over lunch. The basic problem is that few people have heard of SS7, even fewer understand it conceptually, and fewer still know enough about network design to spot the weak points. It is true to say that you can bring down an entire network with SMS, and I'd heard anecdotal evidence that it's taken place in Asia.
The SMS messages traditionally go down the same channels as the call control messages, so if you overload them with SMS nobody can make calls either. Because this was already a problem with the unanticipated success of SMS generally, most operators will have a way to offload SMS traffic onto larger bandwidth but lower QoS links. Also, the way an SMS system is designed creates some natural bottlenecks so you'd have to really know what you're doing to exploit them.
The primary defence against this attack is that few people could do it, and the way it would work is different for each operator. I'm not convinced, as the article quotes others saying, that operators really have their networks firewalled properly against this kind of attack, but the principle is definitely not new. It's possible a government agency could have the knowhow to cause a problem, but few else. I could point you in the direction of PCI boards capable of putting out tens of thousands of SMS messages a second, and that could cause some indigestion on almost any network. It just has to be connected in the right place, and that's the hard part!
So what is this "free" method of sending unlimited text messages they intend to use to send spam....? I'm sure if it existed we would all be using it.
the denial of service on a mobile phone via text messages is EASILY achieved by means of a slow dialup connection. this is actually an old oddity nobodies seem to notice, until obviously now... although the proof of concept has been measured much time ago.
absurd to think that only now could it be achieved when the proof of concept was originally achieved using no more a machine that could handle only Windows 95 on an unfortunate dialup connection to the internet. it left the test phone's operating system... whats a good way to put it... destroyed. the cell phone had to be sent back to the factory, and was eventually just replaced by the factory with another. a fix was never published, and as im aware, there is no phone currently with the capability to handle an attack like this! the problem stems further since the medium in which the text messages are sent have nothing in place to protect the phones. the problem is bigger than one would think... as a current computer with a broadband connection could not only take one phone down, but most likely hundreds (if not thousands with some just ali'l 'beef' to it) at the same time.
Texans are up in arms about RFID tagging, and have decided to protest against the technology being deployed in supermarket chain Wal-Mart.
Two mains schools of thought out there on this one. One: these protesters are paranoid loonies need small, dark, quiet rooms in which they can lie down for a while. Two: Just because you're paranoid doesn't mean they aren't out to get you. You ain't seen me, right?
when will people realise that if companies and governments really were to work in co-operation - like this book suggests - they would have done it already. Tracking what someone buys? why, the government could simply sync up credit card purchase details vs. credit card owners vs. transaction locations vs. tax records vs. mobile phone accounts vs. mobile phone triangulation vs. whatever the hell else! true, cash might make this somewhat harder, but lets look at all the CCTV footage of shop counters and start to build a face recognition database! - ridiculous. (And can you imagine a system capable of aggregating all this data?!?)
as an industry analyst covering RFID as a prime area of focus, it's frustrating to hear of people like Katherine playing on people's fears. newsflash Katherine: 99% of what you complain about regarding RFID can do can already be done! if companies/governments are doing that now (at least i hope not! black helicopters again?!) why would they start with RFID?
most of the educated general public i speak to about RFID are more than happy to leverage the benefits of having the right products on shelves when they go shopping, being able to have more advanced warranty claim information, feeling safer knowing their pharma products aren't counterfeit, being able to purchase cars with some 2000 configuration possibilities - i could go on for hours!
I'm not saying that companies and governments should just ignore the general public. they should communicate with them more! look at the pilot of Marks & Spencer in the UK - market education is the best way to go about allaying people's fears. writing some book based on half truths to enhance personal gratification is not the right answer!
I wonder if anyone wants to point out to the paranoid masses that the location of that mobile phone in their pocket can also be tracked, and better still the entire infrastructure required already exists... They're called cell phone masts.
Ah, can you hold back on this one, I just need to dump some Nokia shares.
I am disappointed that Lester has decided to ridicule efforts to warn the public about this major invasion of privacy. On the Internet some "cookies" are far less innocent than their name implies.
Now data-miners have found a way to implant cookies not just on PCs but directly on people. Simply using a debit, credit, air miles or club card with a purchase can tie you to an RFID item in a store's database. It is then simple and of immense commercial value to track this items through the mall and to other destinations.
Since legislation is always decades behind the technology, we need public outrage to keep the more egregious possible abuses of this technology at bay. Until these Corporations publicly declare what they will and will not do with this information and under what conditions it will be handed over to Governments, we should be very concerned about this erosion of privacy.
Hi Lester, I will forgive you for making fun of my "black helicopters" if you can tell me if running my trash through a Staples Paper Shredder will destroy the RFID spychips? Or do I need a special "de-spychipper" similar to what they use at the library to disarm books from setting off the alarm bells? If it is the latter, do you know where can I buy a de-activator or do I have to get it from Q (Desmond Llewelyn) ?
Haven't you heard? Q's been retired!
I can agree with CASPIAN on this one. I don't even give retail markets my postal code or telephone number when they ask me at checkout time. And, a lot of US retailers have implemented the loyalty card scheme, to which I promptly filled in false information on the applications.
I don't think retailers need to know who's buying what where. The only thing I think retailers need is how many of each item is sold at a specific location - And that can be done entirely with the store's own inventory and ordering system, with no information required from the customer.
There was a car audio retailer here that used to require customers to fill out their name, address, and phone number on all purchases - Even cash purchases. For the use of a personal check, I can understand wanting this information in case the check bounces, but this is also why checks are printed with the account holder's name and address right on it. In backing up CASPIAN's allegations over the misuse of customer information, this same car audio retailer went out of business shortly after legal action resulting from 6 customers of this shop who all had their vehicles broken into no more than three months following their purchases.
Black helicopters ?
Would you have said so when the first person had mentioned that supermarket loyalty cards would enable them to collate a list of what you buy ? No, they'd never do that, would they ? Now, we have ChoicePoint and friends.
You really need to distinguish between what is done now (and they probably do not do any kind of RFID-to-person logging now) and what they can do, and certainly will do in the future, when the tech and its powers/limitations becomes more known. It's all about business.
If it can get you money, you'd be mad to not at least look into it. Nah, let me rephrase that: you would not be doing your due diligence by not looking into it. And that, for a business, is a no no.
Statistics are fun. You can find apparent relationships between all kinds of unrelated things, use the same data to prove contradictory points, or, if you are a little less sophisticated, add the numbers up wrong. This week we learned that 55 plus 43 does not equal 100, thanks to research into the sex of the average gamer. Now'we're going to learn some more things about sex, gender, embryology and basic maths:
As a transgender person, please allow me to update you on terminology regarding people who don't fit into the binary of two sexes and genders. The last paragraph explains how this more expansive take on gender may explain why there are so many non-male/non-female gamers
Genderqueer and intergendered people consider themselves neither male or female, both male and female, or between male and female. Intersexed people would include people who are born with ambiguous genitalia, are chimeras, or have genetic differences that make determining sex different. The term "hermaphrodite" is considered by most intersexed people to be a pejorative term.
Transsexuals are people who at some point in their lives experienced their sex (what's between the legs) as being different from their gender (what's between their ears). Sexual reassignment surgery (SRS) aligns sex and gender.
These folk would all fall under the umbrella term "transgender," which these days is being is being a descriptor of folk who in some way don't fall under the binary system of male and female. And, in counting non-male and non-female gamers, any transgender folk might decide that the either/or of the male and female checkboxes don't quite apply to them personally.
This is significant because most transgender people I know that are under 35 are gamers -- and are usually into sci-fi and fantasy games. If you for a moment has to imagine themselves as not quite fitting into the male and female boxes, that unorthodox perspective would lend itself to games where uncommon imagination is advantageous.
Many transgender people search to find ways to constructively use their unconventional imaginations -- including gaming -- because its a way to find acceptance -- or an acceptable use -- for their offbeat outlook on life.
We shall consider ourselves told. However, we reckon it is more likely that the researchers cocked-up somewhere in their adding-up, than that they even had "transgender" as an option on the research questionnaire.
I don't believe you spent adequate time looking at the whole picture, if you would allow me to puruse the journalistic angle you esteemed vultures have missed. 35% of players are under 18 years. 43% 18-49 19% 50+ years The remaining 3% are obviously practising whilst in vitro.
55% are male, 43% are female, the remaining 2% are perhaps the above mentioned feotuses (feotusi?) at less than 12 weeks. 1% of which are beyond 12 weeks and so have all their bits, dangly or otherwise.
79% of game players exercise or play sports an average of 20 hours a month, we can only assume the participants of this in depth study were answering as game players and so played EA sports an average of 20 hours a month. Either that or 79% of gamers are liars.
Who plays games online? 56% of online game players are male, 44% of online game players are female. there is no internet access in the womb, this further compounds my theory. until we get a universal serial bellybutton adaptor for wi-fi access in the womb; a greater divide between the haves and the have-nots will continue to expand.
But by far the most important question to be settled this week was exactly how wide should a toast soldier be?
I'm a bit concerned about a blanket 22mm soldier size when it's patently obvious that the size (and shape) of the egg comes into play as much as the strength and absorbility of the bread.
We need to know more? What size or sizes of egg were involved in the tests? Will a 22mm soldier be lost in a "large" egg and will it completely fail to gain entrance to a "small" egg (*).
I think is must be a conspiracy. I expect we'll find that this research was based upon a single size of egg and so, in an effort to "follow standards" the other two sizes of egg will be undersold and so lead to redunancies for chickens with the wrong size output devices. I dread to think how we will deal with the multitude of bread sizes that are not equally divisible by 22mm...
(*) Must admit I "lost" egg sizing after the introduction of the seven metric egg sizes in the 80s to replace our GOF imperial Large, Medium and Small and then the final migration back to that plain and simple categorisation just confused me even more. How can people write recipies if consistant egg sizes cannot be guaranteed?
Damn those pesky irregular chickens...
In reference to your recent article, thetoastshop.co.uk would be more than happy to offer hybrids of its "Buckingham" toast product that might suit the needs of those seeking the perfect toasted soldier.
Director of Marketing TheToastShop
That's enough for us. Back on Friday. ®