Original URL: http://www.theregister.co.uk/2008/04/15/comments/

Brown fingerprints wanted as Phorm bungles again

Read on, dear techie nerds...

By Robin Lettice

Posted in Letters, 15th April 2008 06:02 GMT

Comments In an effort to calm the European Union's anti-trust concerns, Microsoft has released 14,000 pages of coding secrets. The documentation for the first time publicly shows the underlying protocols for Office 2007, Office SharePoint Server 2007 and Exchange Server 2007.

It's going to get really fun when the US Supreme Court looks at software patents later this year. The word is out that the Supes are really unhappy with the Federal District Court's abuse of software patents. The Supreme Court may finally rule that you can always use math, even in software.

Scott Dunn


Last time there was an actual leak of code from MS it was found that the coding itself was mostly of high quality. The reasons for the problems were there in the comments, IIRC - various sometimes quite acerbic and even obscene comments from the programmers about the kludges and hairy workarounds they had to use to get round MS' usual issues - backward compatibility and ease of use, mostly. How many people have got into issues with Vista because they're trying to run some ten-year old app written for NT4?

it's bloated and inefficient not because it's badly coded, but because MS' Men In Suits insist on it doing silly things.

KarlTh


Like other MS inventions, Hungarian notation started life in Xerox. It was used in BCPL, which has one data type. An extra clue about what a variable is for was useful in BCPL. HN was supposed to give information about a variable's purpose. MS missed the point. Now people think that HN means encoding the data type of a variable in the name. This just repeats the work done by the compiler and adds extra confusion when the encoding gets out of step with the data type.

In some situations, HN done properly can make C source code clearer. If the prefix of a variable and a function name do not match, you may have found a bug.

Fining MS until they produce documentation is not going to achieve anything.

IE was never free. People are forced to pay for it as a part of the purchase of a new computer. The only sensible way to allow competition is to forbid the sale of MS software with a computer. By all means, install a deactivated copy of Vista for free, and let people who want Vista pay a separate activation fee.

Flocke Kroes


A recent study suggests that if you look like a slag, you probably are one. A Durham Uni research team led by Dr Lynda Boothroyd found that people assume that manly-looking men and slutty-looking women are more likely to pass it around, and were generally right. The team proposed, though, that what women are really after is a bloke who can be expected to remain faithful - which means one with softer, more feminine features, apparently.

Now all we need is some kind of facebook add-in thing which will automatically guage and make available ALL individuals 'sluttiness' ratings, list them all in order of sluttiness, then proximity to whoever is searching, and perhaps an instant map print out with directions to their house, providing they've clicked a button and accepted your request for a bit of a beasting. Maybe you could also be matched by the STDs you share too

Rob


I've just checked the link to Dr. Boothroyd's page and I reckon she might.

Anonymous Coward


"women don't fancy studs who get lots of sex"

Good news for me then!

Paul Talbot


Unfortunately, this kind of research often ends up in waffle - eg : women prefer men who look after their children, because that's adaptive. We actually have no idea.

Maybe women prefer to sleep with men who look 'manly' (and thus likely to sleep around) but settle down with men that are nurturing. Maybe men say they like 'easy' women, but when it comes to the crunch, they don't.

As the Reg points out - what this proves is the correlation between faces and what people will admit on a questionnaire, nothing more.

Gilleain Torrance


One would have thought that the logical conclusion about this is:

1) People who have lots of sex, probably do so because lots of people want to have sex with them.

2) People who have little sex, probably do so because most people don't want to have sex with them.

Taking that as a starting point, I would have thought that much more appropriate sets of conclusions could either be:

1) Men lie more than women about how much they have sex.

or

2) Women lie more than men about who they want to sleep with.

Personally I would probably argue that both are true. Men who aren't getting it are quite likely (especially students) to lie about getting it. And women won't admit to liking the slutty ones because it will increase their chance of being labeled as being easy/slutty themselves.

Anonymous Coward


It all depends when during the month the women were asked.

We're only interested a few days, any other time we prefer chocolate,

hence why we prefer caring men for a relationship, they buy us chocolate, but manly men for sex, though another woman is better.

Hazel Rees

Phorm is on its usual form, and this week blithely admitted to editing its own Wikipedia article to remove damaging but factual information. Called out on breaking Wikipedia's policy on conflicts of interest, Phorm said it wasn't aware of the policy. You were cynical, as always:

All this "correcting" of articles has given me an idea for a website.

Mikipedia:

You control articles written about you.

Tag line: it's a bit like facebook except it pretends to be an encyclopedia.

Bill Fresher

That's just taking the mickey, Bill.


They are, pretty much, screwed.

They're in the public eye in a bad ligh with a bad product that no one wants apart from the ISPs, though even they are now all backing away nervously.

If they'd been open and honest from the start they might have had some shred of credibility, but they don't. Editing their Wiki article like this was a stupid move in my opinion.

Tim


I never, ever, EVER thought I would say this, but, I'm a big man and I can do it, without even wincing.

****************

Well Done Wikipedia - preventing Phorm's attempted manipulation of their entry to cloud the facts and silence their critics is credit to the ideals by which Wikipedia is supposed to work.

****************

I feel dirty, now...

Mike Crawshaw


I guess it really just highlights just how technically savvy the Phorm clowns are, that they thought they would be able to get away with this unnoticed.

Will anyone at BT et al now ponder if this glaring lack of technical acumen might perhaps be a sign that the company isn't capable of being trusted with their customers private data after all? Perhaps not.

Ivor


I know El Reg readers don't have the best opinion of Wikipedia. But I think we can all agree that this wasn't just underhand, it was idiotic. About as subtle as swanning into the Guardian's office and trying to edit a hack's article on your company using their computer. While they're still sitting at it.

You can influence a Wikipedia article one way or the other, especially positively. Rather than one, giant, anonymous whitewash, you do slight, gradual changes, explained in great tedious detail on the talk page, all of it couched in the language and jargon they feel comfortable with, and if you can't out-bore the other editors (admittedly a difficult task) then resort to the myriad Byzantine conflict-resolution processes. All of them, one by one. I won't go into more detail because I'm not doing their PR monkeys' work for free. If Phorm wants a whitewashed article, then they can sack whichever incompetent made the cackhanded first attempt and pay me £6,000 an hour in consultancy fees to get it done (I doubt I'm asking for much more than Citigate and the rest are getting for their conspicuous epic failure.) I'll also need enough crack and hoes during the negotiation process to annihilate my soul, of course, but that won't take long.

Anonymous because I don't want to give the game away to Wikipedians and it's not like BT can't dip into my traffic to find out who I am.

Anonymous Coward


Hot on the heels of a hacker club publishing the German interior minister's fingerprint, No2ID and Privacy International are offering a £1,000 reward for the fingerprints of prime minister Gordon Brown and home secretary Jacqui Smith. The groups plan to make the prints publicly available.

I wonder if it is indeed lawful to do this? I know the american tv shows get around the finger print issue of needing a warrant by just getting the suspect to touch something "public" like a glass or door knob or something else. Anyone care to comment on how UK law treats this?

Well done for coming up with the scheme to get these fingerprints. Infact I think the scheme should be rolled out to the entire government and let "US" - the common people who the government works for - police them for a change.

Thumbs up - because I would really like Smith's and Brown's thumb prints.

brimful


Is this another reason why old gordy wouldn't touch that olympic torch yesterday?

resigned2myfate


Similarly, if we could get a copy of their facial biometric we could demonstrate how we could use the data to fool facial biometric matching systems (such as humans) into thinking either Brown or Smith were present. Or maybe their signature, if we could get a copy of their signature we could pretend to sign cheques, documents etc and fool signature checking systems (such as humans) into thinking they were genuine!

Er...

Revocation isn't really the issue with biometrics - it's determining to a reasonable level of probability that the actual source of the biometric data is present when the biometric sample is recorded (using a camera, sensor etc). For example, when you present a photo ID to a person, that person not only checks whether you match the ID but implicitly that you're not wearing a mask, have a photo stuck over your face, and are not a corpse being held up by someone else*. If someone successfully underwent plastic surgery to look like you you would be unlikely to modify your face to revoke the biometric! The key is to develop automated systems that cannot be fooled by masks, photos etc, and this applies to other biometrics such as fingerprints and irises. Unfortunately most fingerprint sensors do not have this capability and rely on human supervision for such checks (e.g. inspecting someone's fingers before putting them on a scanner) - though there are some scanners that do - such as multispectral scanners.

Also, if your biometric is associated with a second factor - and can only be used in conjunction with that second factor (except perhaps for low value transactions) then you can always revoke that factor - just as you would in the past if someone stole your credit card and successfully forged your signature.

In my view if systems are securely implemented and the application of biometric technology done in a way that considers the risks of "spoofing" and includes appropriate countermeasures, there's little to worry about. On the other hand, I guess that's a lot to worry about :). What bothers me is how emotional people are when it comes to their fingerprints being "captured" compared with other biometrics such as face and signature. No doubt it's from long association with law enforcement.

*interestingly research has shown that humans comparing two faces they don't know to determine whether they are the same person perform less well than computer face matching algorithms.

Anonymous Coward


Copyright your fingerprint. It should be unique to you and it does belong to you. You can then sue for unauthorised duplication and reproduction of your copyrighted image.

Giles Jones


I have some brown envelopes with lots of MPs fingerprints on them. Any good?

Also, I can't wait til they ask for a DNA sample to prove who you are. I'm up for that anytime :)

There you are at the bank at lunch break, you get to the cashier and then you have to make a withdrawal for your withdrawal. I suppose they could ask for blood....but the bastards already have all of mine....

Doug


Everywhere these two politicians go they are surrounded by a phalanx of security people and special protection officers to ensure that that they are not inconvenienced by the attentions of a grateful electorate strewing carpets of rose petals in their path. It's tough at the top and that is why we are only too pleased to supplement their already generous salaries with expense accounts that cover job-related costs such as TV licences, mortgage payments, food, taxis and hi-fi systems. Hey, just kidding, guys.

The problem for NO2ID is that having unleashed the bounty hunters they must now deliver the goods, otherwise B&S will spin their usual load of hypocritical BS about the integrity of government database systems and 'nothing to hide, nothing to fear'.

The Home Secretary is on record as saying that she is afraid to walk the streets of London after dark. Perhaps the lady could wrap herself in one of those frightfully secure distributed databases that she ignorantly prescribes for the rest of us. Come to think of it, Jacqui & Gordon could pre-empt this whole mess by publishing their fingerprints on a public website. That would teach those bolshie bastards over at NO2ID a thing or two.

Jimmy


There is an obvious reason for Fingerprints and DNA biometrics to be more emotive than facial and signature based biometrics. And you almost caught that at the end of your post in mentioning the connection with law enforcement. The problem with both fingerprint and DNA evidence is that they are used for law enforcement. Take the example of the fake fingerprint of the German Interior Minister from last week. Now that is available, how hard would it be for a criminal to plant fake fingerprints at a crime scene. 10 years ago that was unlikely to be a problem if you were a law abiding citizen, since in the absence of a conviction your fingerprints and DNA would never be on a database. Now, the Police can arrest you on a whim and get your fingerprints and DNA on a database, increasing the chance for criminals to get away with biometric evidence planting. If the Government had a full database of all citizens, it would be even easier. As a poster on another article said, what's stopping a criminal from collecting a load of used fag buts from outside a pub and throwing them away at scenes of crimes? Similarly, when the first big theft of data from the government database occurs, what's stopping people making casts of fingerprints and leaving them at crime scenes?

Essentially, a population wide biometric database, especially one that is open enough to allow it to be used for authentication for a wide variety of services (ie currently proposed ID cards), has an obvious law enforcement risk. Firstly, there would be a number of miscarriages of justice as incorrect/planted biometric evidence is used to gain convictions in lots of cases. Then as the miscarriages come to light, suddenly fingerprints and DNA become a whole lot less useful in law enforcement than they were before the scheme.

Anonymous Coward

Our own Bill Ray was accidentally conferenced into a call at the O2 press office which had PRs discussing what to tell him, declaring that they were not frightened of him, and calling you lot "a bunch of techie nerds". Many of you took exception, but you still found the humour.

Puts me in mind of the answering machine message I encountered when calling a now defunct technical support department at 2am one morning..

Click. Clatter. Clunk..

"..uck's sake Steve, don't fuck around with that - if you screw up the messages we'll get a fucking bollocking."

"Don't worry Dave, I've not.. Oh, for fu.."

Clunk. Clatter. Click.

Beeeeeeep.


Techie nerds????

How dare they! It's simply not true. Only last week I was discussing with my mate Ziggy the finer cultural points of that classic,THX1138!!!

And I'll have you know I would have almost had a girlfriend a few years back, if she'd not objected to my Richard Stallman poster in the bedroom! Women, eh? Pah!

Got to go now - have to repair the elbow patches in my cardigan.

Rich


We are not afraid of Bill Ray!

http://www.werenotafraid.com/

Anonymous Coward


Isnt the "nerd" redundant? I mean, if you are a techie, arent you guaranteed to be a nerd?

Can you be a techie but not a nerd?

Really, if you are going to call us names, at least get it right.

Jonathan


Lets face it, it's not a shock that they identified you lot as geeks. You are. I omit myself from that brand as I'm one of the few cool and trendy people who uses this site. I'm not a geek. I'm not.....

Gotta go, mums just said my tea's ready and she can't carry it up the stairs now she's ninety.......

But in reality, I love PR cock ups. I'm with O2 and am gonna guilt trip them into an awesome deal come May. I would switch out of revulsion for their incompetence, but 3 are shite and the less said about Orange the better. I also used to work for Vodabone, so will never go there again.

Jay Cooper


What makes you nerds think the PR guys were unaware? Huh? The classification is spot on, so they must know what they're doing.

Next time you want to break up, call a friend to discuss and just "by accident" conference your partner in.

Illsay

Have any of you actually met Bill Ray? I know he terrifies me. ®