Original URL: http://www.theregister.co.uk/2007/02/09/lettters_0902/

PlusNet forums blown wide open by a letter bomb

That was sent by a stalking astronaut

By Tracey Cooper

Posted in Letters, 9th February 2007 16:03 GMT

Letters It's a full to bursting letters bag this week, set to explode like a letter bomb. And boy, oh boy, the UK government was certainly top of the hit-list - whether ID cards, IT systems, or fingerprinting kids, you had a LOT to say about our incumbents. Take cover. Low flying missiles to follow:

First up, the news that managing director of fingerprint scanner supplier Softlink did a u-turn on his advice for parents about whether they should let their kids' prints be nabbed by schools. Yes, then no, then...

I am struggling to make any sense of the pronouncements here as this Alisdair Darrock seems to struggle with his English. From what I can decipher it sounds like he is asking us to believe that he is a champion of civil liberties but disagrees that fingerprinting children is an abuse of their rights. My children have instructions to refuse and phone me immediately should they be requested to provide prints. Darrock is a charlatan and a part of a sinister movement towards total control, starting with those judged too young to form a considered opinion on what they are being requested to provide. If my kids don't get to use the library then thats tough. I will buy them them books they miss rather than allow abuse of the sort Darrock is dishing out. And if he is one of these 'nothing to hide...blah, blah' idiots then can he send me his childrens fingerprints, photographs, description, just in case......

There you go, a whole paragraph and I fought the urge to accuse him of being an unethical prick.


I am not a parent but I was until recently a pupil. Here is what I hope is a coherent argument against fingerprinting pupils which hopefully is not too complicated for Mr. Darrock to understand: "I don't want you to".

I don't want you to as an ex-pupil, and I don't want you to as a one-day-maybe-parent.


A smidgen more sympathy for the poor fella from this reader:

Hi Mark -

I sympathise with Mr Darrock. The trouble is, he doesn't have control over the threats to privacy and liberty posed by database systems in school libraries, whether or not they contain fingerprinting - and nor do schools. Perfectly legitimate and ethical biometric technology businesses are being caught up in the current official obsession with identity, monitoring and tracking, of which biometrics have become emblematic.

Mr Darrock isn't the problem; the problem is what various authorities may do - or be compelled to do - do with his systems. Information sharing under the Children Act 2004 can defy confidentiality, and it is in any case dangerously unclear who controls information in school library systems and whether it can be used for other purposes than the administration of borrowings.

The imperious attitude of education authorities, Whitehall, and some schools, is what's at the heart of parental concerns about fingerprinting. The authorities feel entitled to do anything at all to children, parents just being a nuisance to them. But parents see their chidren being further conditioned to be treated like sheep and they don't like it. If the initial physical interference with kids can be sanctioned arbitrarily, without meaningful consent or choice, then why should any of us have any faith in the subsequent handling of the information?

Best regards

Guy Herbert


Mark, I see someone has started up a petition against this at:

http://petitions.pm.gov.uk/kidsprivacy/

There isn't one set up for Scotland yet as far as I can tell. I'll get round to that at some point though.....


Next up, the NAO released a report this week questioning how the government calculates its "efficiency savings". £13bn of savings so far, and "only" £8.2bn more to save by next March? Whatever!

It's not the size of the £2.8bn that is a disgrace, but what it points to. The civil service *is* the government. The size of these bills indicates the extent to which the business of government is in the hands of a tiny number of transnational corporations.

What the NAO report shows is that the politicians supposed to represent our interests either can't or won't. That is the disgrace.


Government spend also rattled cages on the ID card front. The IT industry, through trade body Intellect, locked horns with the Tories over Conservative plans to scrap ID cards, should they win power from Labour:

It's with great dismay that I hear those five terrible words "I'm not a racist, but..." at the beginning of a sentence. Notwithstanding, I'm not a Tory, but I have to agree with the shadow Home Sec on this one.

Government almost always overspends on IT contracts, and The ID Cards Fiasco [aka DRM for Government, v2.0] will be but a great big fat example. Everyone in IT is watching this, and meticulously sharpening their carving knives, including myself.

Higgins of all people should know that if you're going to become involved in something of such high social and political sensitivity as ID cards, then you should be prepared for Interesting Times Ahead, and tender your bids accordingly. I don't mean to sound cynical, it's just that I am.


Though not all comments were aimed at UK.gov...

Has there ever been a less appropriately named body than Intellect? Have they considered rebranding to Fuckwit?

And as the the Conservatives fleshed out their opposition to ID cards, we wrote an enlightening piece about the party's stance, which finished up with: "Watered down, the message is: why do you need ID cards, when you can just lock more people up?" This reader quite rightly pointed out our folly:

Heyyyy, that wasn't watered down, that was concentrated!

Ahem.


Government's surprising decision to introduce electronic voting schemes in the May 2007 local elections, despite concerns over unproven technologies and the lack of an audit trail, left many of you gobsmacked:

"Why the government thinks the internet is inherently less subvertable than the postal system is something it is keeping to itself".

And quite understandably so. The default hypothesis is that they are actually as ignorant as they seem, and don't begin to understand what they are talking about. That's quite likely.

Another possibility that can't be ruled out is that they understand full well, but have plans of their own. Sometime in the future...

"You mean this Internet thingy is not secure enough for electronic voting? Well, obviously we must take it over and make sure that it becomes secure. We can't have people entrusting their important business and data to a network that can be hacked, can we?"

First reading of the Internet (Control and Regulation) Bill 2008...


Perhaps the 'apathetic electorate' would vote if they gave a 'none of the above' option on ballot forms?

While others saw the "funny" side:

"E-voting pilots don't make sense"

Well, of course they don't. How are they meant to vote while flying a plane?


Another subject dear to your hearts this week was DRM - notably, ol' Steve's call to scrap it altogether:

Jobs is (IMO) a bit of a whacko but he does seem to have hit the nail on the head here.

The problems with licensing FairPlay should be turned around and looked at as how this would take place: would the licensing rate be fixed? Would it have to be to EVERYONE?

However, the only reason FairPlay is required is because the big labels require it.

Jobs could also have offered to put out a crack that DVDJon produced that unlocks YOUR OWN iTunes purchases. The resulting file no longer requires iTunes or an iPod to play: anything playing AACS (?) will manage it. It doesn't unlock someone else's, only the owner ^W purchaser can. 'course the RIAA would cry that this was a circumvention tool...


But that's where the sympathy for Steve-o seems to end:

Why does iTunes exist?

If the analyses I've seen on the Register and other sites are correct, iTunes can't be doing much more than covering it's operational costs. So there's not a good business case for it itself.

If Mr. Jobs' analysis is correct in that over 90% of music on iPods doesn't come from iTunes, than it's not necessary as a driver for the profitable hardware.

Finally, if Mr. Jobs' statements on the futility of DRM are honest, then it must be morally repugnant to him as a technologist to push technology that he KNOWS does not work for the customer* -- not to mention that he must believe that iTunes as it is must die before his non-DRM utopia can come to life.

Seems to me that a good way to help that along would be to open that DRM up to competitors and allow the breakdown of DRM which Mr. Jobs himself prophesizes would come of such an act...

* meaning either consumers or the music industry.


Very interesting that Jobs is only raising a furore when governments are breathing down his neck... Did he think that QTFairUse or playfair were merely student projects? I think after the iPhone fiasco, poor Steve has felt the need to play up the "Apple=compassionate, understanding, sympathetic" act a bit.

Passing the buck. Eventually we will discover that all this is about muscians actually wanting to get paid and make money from their work. How selfish of them! Can't they just work for free like open-source programmers?

And what about open journalism? Should news articles be copyright free, and journalists should also work for free?


"Perhaps those unhappy with the current situation should redirect their energies towards persuading the music companies to sell their music DRM-free"

Really makes you feel sorry for Lol' Ol' Stevie, doesn't it? I mean, Apple is obviously the victim here. Clearly they have plaid no role in the propagation of DRM at all! Its all the Big Bad Music Industry!

Pass that buck, Steve-O.


Hi!,

"DVD Jon" posted his views on that. http://nanocrew.net/2007/02/06/steves-thoughts-on-music/ http://nanocrew.net/2007/02/06/steves-misleading-statistics/ http://nanocrew.net/2007/02/06/steve-on-licensing-fairplay/

Best regards,

Patrick


And to sum up. Small, but perfectly formed:

Steve Jobs dribble = BabbleGate

On the subject of fairplay, Fujitsu techs have signed up for more strike action until they settle their long-running pay dispute. Poor unpaid workers. Yes? No, you say:

So the unionised, TUPE protected, always-had-the-same-ok-wage, newly Fujitsu-ised workers want their yearly pay increase to match inflation? Boo-fucking-hoo, cry me a river.

They should try being one of us thousands of agency workers unfortunate to have our contracts controlled by Fujitusu. We typically get absolute minimum wage, no increases other than what they can legally get away with, if we even hint at joining a union we are out the door faster than we can even say "Amicus?". And take a day or two off and you are disposed like the replaceable cog you are, never mind living it up with weekly strike days. Welcome to Fujitsu, you spawny gets. Try whining when your TUPE expires.


"Unionised technical support staff at Fujitsu IT Services..."

I read this initially as "un-ion-ised technical support staff..."

I'm glad that the situation is not as highly charged as a scaremongering-ElReg would have us believe! B^>

Rgds

Damon

Scaremongering? Us?

Now, onto what had to be the story of the week. Love-crazed stalking astronauts armed with pepper spray and plastic bags. It just doesn't get any better than that. And all we can do is ask, but why?

I really don't get this one. Here is a woman who is not only qualified like few other women on the planet are, she is a hyper-specialist in a community that takes absurd amounts of long, hard work to get into. She is on a career track that should be the envy and the inspiration of just about the entire human population save the pope and god's-gift-to-the-Resolution-desk. There are a few ways to derail a career like that: theft, making a costly booboo in space, becoming ill, having a tragic and well-documented accident. What do you not expect to be a career-killer: raging hormones. What gives? You work your butt off, you're a woman [it should not make a difference, but the world is not a nice place like that], you have qualifications and honours enough to fill a wall, you realise a dream that many have but precious few achieve: actually going to space and working there. You made it. You made it big time. What do you give it all up for: keep-your-goddamn-hands-off-of-MY-MAN-bitch!!. And it's not even her husband.

There is so much I don't understand of the world, it's embarrassing. I wouldn't give up a career like that because of hormones though. Not after working so hard to get where she was. It's a tragedy. Her personal life is in ruins and she will -NEVER- fly in space again. And the guy is so going 'Ok, you're a nutcase. Stay away from me!'.

Tragic lapse of judgment. This is a woman I feel sorry for.


Hi Lucy,

The phrase 'going postal' was becoming dated anyway. Perhaps it's time to revive the 1986 acronym, NASA = Need Another Set of Astronauts.

J.


Another cock-up this week arose with the news that a hole in PlusNet's forums left the ISP "theoretically" wide open to hackers...just another oops to add to an already crappy month...

Despite all of PlusNet's recent goofs, I think people should go easy on them on this particular occasion. Security flaws still get found in even the most venerable of forum software. Since the problem was caught early, they weren't really obliged to notify their customers but they still did the honest thing even though more bad publicity is really the last thing they need right now.

Chewi


Concerning the Plus Net password cock-up. Yes it is definitivelly a cock-up. But it has to be said that at least Plus Net are sticking to their policy of being quite open about these things (try to find a provider that notifies you of issues, gives you a clear idea of their architecture and bandwidth capabilities and also gives you a good idea of where their infrastructure is evolving next).

Yes, recently they seem to have made a lot the headlines (when there were problems) but I would not be too suprised that other ISPs had on occasions similar issues (if not more) but just kept quiet about it.

Also, the issue concerns the forum site, which normally is not that important. But admittedly most user will problably use the same password for the forum and their main account. And the level of risk depends of how strong your password is (as it is the MD5 hash that was leaked). So I could easily see that most ISP would just have kept their mouth shut when at least PlusNet told us that there was a risk.

I must admit that at present my feeling is that they should rather be praised for that (after all error is human and they will always happen. What is important is how you react when such an error occurs...).

Regards,


Many of you picked up on the fact that 5-8 letter long passwords aren't that secure anyway.

It's better than that. PlusNet restricts passwords to being between 5 and 8 characters long, beginning with a lower-case letter, and containing only lower-case letters and digits.

The email advised that only users with weak passwords need be at all concerned. I suppose it's a matter of degree.

Discussions on the forum have revealed that changing the password algorithm is a difficult problem, so we seem to be stuck with the password design for the foreseeable future.


John. With regard to the Plusnet issue. I interpret this as all password hashes have been exposed and therefore any number of people now have values of all PlusNet user passwords. The advice is to only change your password if it was insecure, but the PlusNet policy on passwords is:

"Your password must begin with a letter and contain only lowercase letters and/or numbers. It must be between 5 and 8 characters in length."

Surely with this policy in place pretty much all passwords are insecure, especially if someone now has as long as they wish to brute force the relativly low number of possible values.


Morning,

you may wish to comment on the password standard which is implemented by PlusNet.

The passwords must be 5-8 character, all lowercase alphanumeric with no special characters.

Bit hard to get a decent strong password with criteria like that.

Regards

Paul.


And look out would-be data thieves. You're now up for two years in the slammer if you use or share other people's data:

But this is an easy one to chalk up. Governments are busy building "data sharing" links between their various civil databases, then between those and police and immigration databases, and then further with other governments. But more data sharing means more ways of stealing more people's data.

That's not to mention that some people may consider the Government's 'sharing' (or even 'peer-to-peer sharing', you might say) to be stealing.


"People who steal personal data in the UK will face up to two years' jail, the Government announced today."

So which jail are they going to put them in? According to some recent news, there isn't anywhere to put these criminals. Most likely that they'll get a slap on the wrist by a judge and be sent merrily on their way.

Wellard.


Slap on the wrist also for Nokia which, in spite of finally whacking out firmware updates for its N73 and N93 handsets, is lagging on updates for other models:

Nokia still NEEDS a bit of smacking for this one, they STILL haven't given new firmware for N90 users, there was a ton of complaints and question on their forums, on when we will finally get our N90 firmware update.. nokia is still leaving us in dark with this one.. Nokia is almost mocking us with this, US who faithfully bought their first generation Nseries N90 phone, and we are being left in dark when our buggy phone software needs firmware update!

Shame they haven't done the same for the E70 business phone - my Vodafone-supplied E70 is still stuck with the bug-riddled 1.0610.05.07 firmware, even though there is v2 firmware available. Seemingly the v2 firmware is available for phones supplied direct by Nokia, or by other network operators, but not for phones supplied by Vodafone. I took my phone to a Nokia service centre, but the technician there (whilst very helpful) said he couldn't upgrade my phone to v2, and showed me the relevant service bulletin to prove it.

After going round the loop with both Nokia and Vodafone customer service, it appears that the problem is Vodafone - the v2 software was released by Nokia over 6 months ago, and Vodafone are (according to an email I received from them) "still evaluating and testing the new firmware". I have the distinct suspicion that the phone will be obsolete before they release new firmware for it.

If it was my phone rather than a corporate one I'd have taken it back, demanded a refund and switched to another network operator.

0/10 Nokia for releasing such a buggy pile in the first place, and 0/10 Vodaphone for your appalling customer support.


0/10 for Nokia and Vodafone, but 10/10 for our very own bomb disposal expert Lewis Page for his letter bombs analysis.

Greetings,

I'm a regular Reg reader. I just wanted to write and say that your article by Lewis Page on letter bombs was the best, most informative article I've seen in this whole bomb-scare.

Congratulations to The Reg for simply finding someone who actually knows what he's talking about and letting him write it, rather than finding some happy-to-scare-up-some-attention "analyst" who's never been within a thousand feet of an explosive device.

I hope you'll have more such non-scaremongering content in future.

Charles


Dear Sir

Please forward this to whomever pays your freelancer fees at The Register:

"Please keep this guy! His two articles so far were both funny and informative, and I eagerly look forward to the next one."

That is all. Thank you.

Awwww.


Narcissism aside, you had other things to say:

You said "There might be a place nearby where a smallish explosion wouldn't be that big a deal.", do you mean like Basildon?

Matthew.


do you think that this http://www.gothamist.com/attachments/jen/2007_01_mooninite2.jpg http://seattlepi.nwsource.com/dayart/20070131/226Suspicious_Devices_NY204_612959731012007.jpg would be a convincing bomb?

Very dissapointed by the lack of Mooninite coverage, we get a visit from the moon, they shut down a city showing us their vastly superior culture, even the bbc covered it. Tshhh must of been too high brow.

Anyway too busy worrying about dirty bombs, bird flu, immigrants, chavs, brain cancer from mobile phones and the literal hundreds of free criminals (HUNDREDS GOOD LORD) who arn't on the list to be worried about some demented alf freak.


"On leaving the service he wrote a book, Lions, Donkeys and Dinosaurs: Waste and Blundering in the British Armed Forces, which was so successful that it is now almost impossible to obtain"

A lovely example of how copyright hinders the author and the public at the same time..!


And finally, one day soon we could all be buying stuff with our mobile phones. Like, everything man.

About this cash on your mobile thing...one thing to point out, my cash and cards never run out of batteries. Imagine not being able to buy a pint just because you forgot to charge your phone. It'll never work.

Dave

A very scary thought indeed. Scrap that idea, we're off to the pub with a grubby handful of real coinage. Just the way it should be. ®