Tag Archives: rant

Tumbling through NS&I hoops

In the olden times when weeks were three days long and daytime TV was a still photo of a young girl losing noughts and crosses to a toy clown, my family bought me a bunch of premium bonds. If you don’t know, premium bonds are a kind of 1950s national lottery: you give an agency of the government some money, they give you some numbers, and those numbers take part in a monthly draw forever. You might win a prize each and every month; you might win nothing, ever. It’s all in the hands of the gods, in this case the god called ERNIE, the random number generator for premium bonds (in the 1950s all computers had to be given names so people wouldn’t grab pitchforks and torches and raze the building).

Fast forward a few decades and a couple of addresses and naturally NS&I, the priests who tend the dead pixels of ERNIE’s 2013 descendant, no longer know where I live. Having found my premium bond holder’s number and discovered I won £50 nine years ago that’s still waiting for me to claim, I thought I’d sign up to their online service at nsandi.com and ask for my winnings.

“Complete the online and phone registration form”, said the website. By which they mean, it turned out: give us all the pertinent details and we’ll generate a PDF for you that includes those details, which you must then print, sign, have witnessed, and then post.

Not the mightiest of faffs, and I suppose fair enough — though it’s hardly the most fraud-proof authenticator. Dutifully, and via PC World to address the inevitable empty printer cartridge, I did as I was told and posted the form.

A few days ago I received two letters, in identical envelopes, with identical plastic windows showing identical address formatting. Neither said NS&I on the outside, but they both evidently had the same sender.

One letter gave me my NS&I number: an eleven-digit identifier. My username.

The other letter contained, beneath a fancy-dancy pull-off plastic strip, an eight-character alphanumeric temporary password for my NS&I account.

So they sent separate letters for username and password for security, but in the same post so they’d likely arrive at the same time. Not particularly secure. Surely better, if they want to keep these things separate, to send them by different means: number by text message, password by post, or something. Anyway.

The password letter said I’d need to choose a new password for the site on first login. Helpfully, it gave the constraints:

The password you choose must have between 6 and 8 characters. You need to include at least one number, at least one special character, as well as a mixture of upper and lower case letters.

I understand the purpose of the character type constraints. Although enforcing a number and a special character reduces the total entropy of a password (an attacker knows that one of the characters has only ten possibilities — the digits 0-9) it increases the strength of the average password. It forces people who’d normally use “password” to use, say, “pAs5w.rd”. But I’d bet a large proportion of people stick the number and punctuation on the end, with an upper case letter at the start: “Foobar9!”. How much more secure is that than “foobar”? Not much. Users subvert constraints, because security trades off against usability.

To illustrate how likely this particular pattern is, the password letter includes this text just after the constraints:

An example is Uhsd895* (do not use this example for your own password).

In any case, a maximum length of eight characters for a password is, these days, laughable.

After ranting about this on Twitter, I left it a day or two. Yesterday I thought I’d try logging in.

Stand by your beds, I’m switching to present tense. It’s more dramatic.

On the first screen, the site asks for my surname and my NS&I number. OK.

On the second screen it wants two characters from my password (hopefully these are randomly chosen). Hmm. Presumably this is intended to defeat keyloggers (in fact it’s not usually much help), but unfortunately it also defeats password managers that like to fill in password boxes for you. And it might also mean NS&I is storing passwords in its database in plaintext.

Next screen: choose a new password. Here it doesn’t tell me what the password constraints are. I presume they’re the same as in the letter. I generate a random password in my password manager, limiting it to eight characters, and this is accepted.

Next screen: security questions. Five of them. All mandatory. Each with a separate picklist of choices. At least one of the available questions seems US-biased (wanting my “first-grade teacher”). Others are  ambiguous (“favourite sports team”) or easily discoverable (“university”) or can be socially engineered.

Right, done that, is that everything? No.

Below that, three boxes for security phone numbers. Thankfully only one is mandatory.

Am I done now? Not yet.

Next screen: I must select one from about eight or ten thumbnail images. My selection will be displayed on the login page as “reassurance” that I’m on the site I think I am.

Am I done now? Nope.

Below that: I must enter a “login phrase” as yet further “reassurance” when I log in. I enter something short and pithy.

And then, finally, I’m done. I have hauled my weary body through the maze of twisty passages all of limited utility, and have made it to NS&I’s secure website where I can claim my £50.

I click “Prize History” on the sidebar of the early-noughties design. I select my premium bond holder number from the list of two items (“please select” and my number). To select a date range there are two date pickers dug up from about the late eighteenth century which open actual new browser windows with ugly calendars. I decide to look between January 2000 and now, because, well, why not. (I don’t bother to read the text below, which nobody ever reads, and which says “We can only show prizes won since the online service for Premium Bonds was introduced. Click Info to find out more.”)

I click Next. There, in the world’s tiniest writing, several miles from the most appropriate place: “Please enter a start date bigger or equal to 01-01-2011”. (The Info popup says much the same thing, but in English.)


Hang on. I won my prize in 2004. Are you telling me the unclaimed-prize checker you don’t need an NS&I account to use has more data, going back further in time, than the hoop-tumbling monstrosity that is the secure, authenticated account-holder site?

It’s at this point I realise I’ll be writing this blog post.

OK, I’ll play their game. I change the start date to 01-01-2011 and click Next. It whispers another error message: “ZTS90009 : Please enter a start date bigger or equal to 08-07-2011”. No reason given.


This sort of half-baked rubbish no longer surprises me, so I change the picker to exactly that date. Here’s what it squeaks now, in that same tiny font, just as if it were an error: “ZTS90007 : There are no prizes to display.”


Thanks for that.

How do I claim my £50? After much clicking around I find nothing on the authenticated site that lets me do that.

I log out, huff and puff, and hunt down the website’s feedback form. I keep my comments and my question short: essentially, “I’ve got an NS&I account. How do I claim an unclaimed premium bond prize?”

An hour or so later, I receive a reply by email:

To claim your outstanding prize please can you write to us quoting :

1. Your name and address

2. Your holder’s number

3. The prize details as stated on the website

To make sure that we provide the highest levels of security, we require the signature of the holder to enable us to issue any replacement warrants.

You know, something tells me they haven’t upgraded ERNIE since about 1964, and it’s still running their IT. And I suspect I might shortly be booking a very pleasant railway journey to NS&I Glasgow, armed with a pitchfork and a flaming torch.



Filed under Random

Design and message

Last night, while wired on a trace of caffeine, I saw an infographic created and shared on Facebook by the Out4Marriage organisation. Views on gay marriage range from Of course, this is the twenty-first century to I’m the MP for Wellingborough, but leaving that issue aside, the graphic disturbed me somewhat. In fact, as a fully paid-up member of the Tufte club, I gurgled something lacking in both grammar and grace.

Here’s the graphic:


I shan’t BEGIN RANT here. Suffice it to say that all those pixels have been wasted on twelve numbers, two of which are zero. And you can’t read the labels. And the colours are inconsistent between pie charts. And they’re pie charts. And they’re 3D pie charts. And pie charts with zero-sized slices don’t make any sense. And there’s a typo “Liberal Democrate”. Here’s where I would END RANT, were I ranting, which of course I’m not.

I posted a short comment against the graphic. Here’s a screenshot with the subsequent two responses:


What particularly intrigues about Out4Marriage’s response is how it reminds me of the shields up ultra-defensive reply you sometimes receive from developers — especially of open source software — when you have the impertinence to report a bug in their code. The source is there — if you don’t like it, fix it yourself. And it made me wonder whether all voluntary organisations are inherently like that to some extent: deflecting any criticism by inviting you inside the tent to piss out.

Of course, whoever wrote that message also had a point. The people working on the campaign had had a long and tiring day and could be excused a typo, and tedious grammar pedants on the internet are the most tedious tedious grammar pedants since the Microsoft Word paperclip first interrupted us to insist we were writing a letter.

The subsequent comment, though, raised a caffeinated eyebrow. “If someone took the time to make it, we can take the time to read it,” this commenter says. I fundamentally disagree with that statement. It lets the creator of the graphic entirely off the hook. It says, effectively, design doesn’t matter to understanding. It says, effectively, user interface complexity doesn’t matter.

The principle of commensurate effort applies, naturally: you’ll put in the effort if the reward is good enough. You’ll master the incoherent hodgepodge of levers and sticks and buttons and dials and spinny things in a car’s user interface because you receive a huge benefit from doing so.

But an infographic like this has no great reward for deep study. It must communicate its messages simply and coherently and compellingly. Don’t Make Me Think!

For this graphic in particular you want to immediately convey the information that more Tory MPs voted against same-sex marriage than for it; that the other main parties are hugely in favour; and that a significant fraction of MPs failed to make a choice either way, and either abstained (technically, voting both for and against) or didn’t vote at all.

Three 3D pie charts with inconsistent colouring (with red/blue/green colours matching traditional party affiliations but not used as such) and labels too small for most to read even at full size absolutely do not convey that information. The message is lost in chartjunk.

And also: who is this chart for? If I were part of Out4Marriage I’d want a chart that supporters could share on their timelines for non-supporters to see and easily grasp. It’s the non-supporters — the ones who simply will not stop and squint and interpret a complex chart from an organisation they disagree with — you need to design for.

“Feel free to volunteer,” said Out4Marriage in its reply to my comment. So I did. Here’s what I created, minus the headlines and logos that you’d need to add:


Since only one party included abstainers — the Tories — I combined them with the absentees, and so twelve numbers is reduced to nine. Three stacked bar charts with consistent colours and large labels are easy to see and understand even when shrunk into a Facebook timeline. The ‘for’ colour is taken from the Out4Marriage brand. The ‘against’ colour is contrasting, pretty much, and deliberately sickly. The ‘absent/abstain’ colour is less of a highlight but still prominent. None of the colours are associated with political parties.

Much better, I think.

(While I was creating that chart, Out4Marriage posted a newer chart that used consistent colours and included a clear legend. It still had three 3D pie charts.)

I posted another comment to the original chart, pointing to my timeline for my version and apologising if anyone was offended by my earlier comment. I hope they see it, and take notice.

Everything an organisation publishes under its name sends a message. The opponents of Out4Marriage are well-funded, sending out millions of leaflets designed and worded to convince readers to lobby their MP to vote against equal marriage. You can bet they are now redoubling their efforts, selecting data that favours their cause, even after a 400-175 vote defeat at second reading, and presenting it as if they’re on course to defeat the bill.

Design sends a message. Everyone must know what your message is. Especially you.


Filed under Random

If it weren’t for you meddling kids

Governments love sheep. They adore compliant leggy clouds of wool flocking after them for a sniff of fresh grass. They like to funnel them through the dip for a fungicidal top-up, and wave a pair of clippers at them for a nice shear now and then. And they love to sell them off to Tesco, pocket the cash, and feast on their minty legs.

It’s an old joke: teaching is great, apart from all the students. System administration would be a breeze if not for those damned users. And government would be easy without those pesky citizens demanding rights and freedoms.

Last week’s G8 and eG8 meetings should get us worried. Do not be fooled: the rhetoric about freedom and innovation and unlimited rice pudding is simply designed to give us the warm’n’fuzzies. Yes, we’re supposed to think, they get it. The net is safe! Hooray! Baa! Baa!

The truth is far more sinister. It’s a classic “I love you, but…”. The net is full of lawlessness, of copyright infringement, the governments say, and they want to do something about it.

And again, don’t be fooled. “Copyright” is a trigger word: it polarises, it rehearses the same old arguments from both camps, it focuses the debate on one, narrow aspect. It ensures that big media, the copyright barons, are on the government’s side. It brings out the Cliff Richardses, claiming imminent destitution while dabbing eyes with local Caribbean onions.

Who could deny these artists a living wage? emotes a minister, justifying stricter net regulation on the basis of copyright infringement before nipping off to rip a CD onto an iPod, an act still considered infringement in English law despite now two government-commissioned reports recommending legalisation.

Governments are slow to increase freedoms and quick to reduce them.

But, as I said, don’t be fooled. The copyright thing is a diversion: the government calling “come by” to the media and entertainment sheepdogs and leaving a trail of goodies to distract the noisier lambs.

And it’s not about injunctions, super, hyper or otherwise – though that’s another convenient shiny thing to blind everyone with. Here are two incontrovertible facts:

  • Humans are social animals and love to gossip, even if that’s not what they think they’re doing.
  • Twitter is the most efficient gossip-distribution mechanism yet invented by man.

It thus follows that Twitter radiates gossip around the globe faster than any lawyer can stop it.

But you know what Twitter gossip isn’t? It isn’t doorstepping the people gossiped about. It isn’t rummaging through their bins. It isn’t intercepting their phone messages. It isn’t papping them on the beach and tutting at some tiny variation from this week’s idea of perfection on pages one, two and thirteen. It isn’t publishing lurid details of their private lives on trumped-up notions of public interest.

Privacy invasion and harassment by the redtops – and not just the redtops – is much worse than Twitter gossip for those invaded and harassed: but the government doesn’t legislate about that.

Twitter spreads gossip, some of it true, some of it false, just like email does, and the telephone, and the larynx. And guess what: we already have laws about the false stuff. We already have judges struggling to understand social networking, refusing to recognise tweeted jokes borne of frustration but plainly not menacing.

Twitter is communication, like any other form – but faster and with a global audience. It’s many-to-many, not one-to-one or one-to-many. (And, lest I be accused of undue Twitophilia, so is Facebook.)

This is why G8 governments want to regulate it. This is why they are afraid of it. It is no coincidence that governments have recently woken up to the possibilities of many-to-many. They’ve seen it help to disrupt north Africa and the Middle East all year, and drag them into a civil war none of them want to be a part of but all of them know they must be, thanks to what none of them want to admit: oil. Governments all think: could we be next? What would it take to bring down a western government? It might be on the verge of happening in Greece or Spain.

Governments fear nothing more than their own citizens rising up against them.

This latest shepherding tactic about privacy and copyright is a front, a sleight-of-hand, an attempt to outflank those sheep who sense the approaching knives. I suspect G8 governments believe, like the Romanian communist leaders of the 1980s who ordered the population to hand over their typewriters as they made it easier to disseminate subversive material, that by asserting control over the means of communication they can preserve control over the populace.

Western governments are lumbering beasts but they’re not daft enough to believe they could simply switch off internet and mobile phone services if the people start making too much of a noise, as happened in Egypt, Tunisia and Libya. Such an act would only be counterproductive were it even possible, and they’d have to take over the TV stations too. They want subtler control, like mandatory filters. Don’t like this Twitter account? Filter it out. Hashtag chatter a bit near the mark? Filter it out. All “for legal reasons” or for the “protection of children”. It’s all possible: China does it.

But the USA has the first amendment! Free speech! Yes, and that’s a qualified privilege. You can still be prosecuted for crying “fire” in a crowded theatre, or for what someone decides is treasonous speech. Some US legislators and judges believe that linking to a page that contains links to copyright-infringing material should itself be a criminal act. And it seems you can be arrested for dancing at the Jefferson Memorial.

There is nothing to stop a determined government, with a supine or bought legislature, from enacting laws that restrict our freedoms on the internet. There is nothing to stop them: except the people.

I realise it’s easy to see spooks lurking behind every bush, to see malignancy and conspiracy where there is none. Yet history shows that good intentions wither and weather, like rivulets of erosion in the majesty of the Sphinx. RIPA surveillance powers, used to monitor dog fouling. Anti-terrorism laws, used to harass and detain photographers. Laws about “improper use of a public electronic telecommunications network,” used to interpret as “menacing” an obvious joke on Twitter by a frustrated flyer eager to see his girlfriend, and ruining his life in the process.

Governments and their officers, whether deliberately or not, tend to overreach. Powers once taken are hard to let go. Our ancestors fought for our freedoms; they are entrusted to us by our descendants. We hand over those freedoms at our peril.

Or perhaps you believe what the governments say: that regulating the internet is necessary to protect blah, blah, blah. I offer these questions:

  • The internet must be regulated by government, but the press is allowed to regulate itself. Why do you think that is?
  • Do you trust this government? Yes? How about the government after next?

Baa! Baa!

Leave a comment

Filed under Random

It’s not about the children

It’s a standard technique in government: use an interview to float an idea to gauge reaction, and to “suggest” a solution lest a more draconian legislative route be hypothetically taken. It’s the governmental equivalent of plonking a horse’s head in the bed. Even better if the interview appears near Christmas, when Paxman et al are hibernating and the fiercest political cross-examination you’re likely to get occurs on a pastel Daybreak sofa between Michael Buble and a Chuckle brother.

Thus it was with weary inevitability that I saw a weekend newspaper interview in which the (Conservative) coalition minister for t’internet Ed Vaizey muttered about making ISPs responsible for filtering adult content, and forcing consumers to opt-in to porn. Of course, since the internet is for porn according to Avenue Q, it should really be the other way round: get the porn by default, and opt-in to the non-porn.

What does Vaizey actually say? “I think it’s very important that it’s the ISPs that come up with solutions to protect children.”

Ah, to protect children. The sainted kiddywinks, the mere mention of which serves to render all argument or dissent invalid. Won’t somebody please think of the children?

Well, it’s not about children, obviously. That’s a standard device used to justify any number of actions (and yet, still, the media laps it up). Here’s a tip: “for the children” means “we have an agenda and we’re deploying the C-bomb to distract you.” If the safety of children were truly the driving factor here, then I could suggest many more pressing matters.

For example, how about a ban on parents smoking around their children, particularly in enclosed environments such as cars?

Or let’s look at religion, where articles of faith are presented as fact, in which children can be indoctrinated with stuff and nonsense about sky fairies of one flavour or another with the full consent of the state, before they are old enough to be able to form their own opinions. And yet religion does not come with a warning sticker. (Don’t get me started on Catholic priests.)

As I said, it’s not about children. But hypothetically, were those proposals to be made, you just have to conjugate the verb: I protect children, you want a nanny state, he looks like a Belgian paedo. It’s all a matter of politics. Politically a government couldn’t win support to ban smoking around children, or the practice of religion. But it looks like it thinks it might be able to get away with the porn thing.

Like Parkinson’s law, the state tends to expand to fill the uncontrolled space available. Politics, or economics, or pragmatism, or other factors, determine whether or not the expansion is achievable in practice. It floats a proposal, to gauge initial reaction. It couches everything in terms designed to press the buttons of the electorate (“for the children”). It “concedes” meetings with those groups who actually know what they’re talking about, and lets the ignorant public Have Their Say. It performs the wildest acrobatics to be seen to “listen” and “engage”.

And then it makes a political decision. Not about the safety of the children, but of its majority. Could a bill pass? Will the Lords kill it? Will the Murdoch press support it? Politics is the art of the achievable, a concept some seem unable to grasp even with a compromise-driven coalition government in office.

Decision made to press on, it legislates with only a passing glance to the consultation with experts and public. There’s now a political agenda at work. The Opposition opposes, not through enlightenment but simply to fulfil its political purpose to oppose and obstruct regardless of the merits. (“We will support the government where it makes sense,” says every opposition leader, and again the media laps it up, frothing about a New Politics, but it never happens.)

How will this sordid dance play out with Vaizey’s hare-brained idea? Well, the ISPs and groups like ORG will patiently explain, with diagrams, that Problem One is to define porn, and that Problem Two is to correctly classify porn according to that definition when a human or algorithm is presented with some content. They will say that in any automatic or manual system there will be both false positives (non-porn wrongly classed as porn, such as educational materials, advice columns or Daily Mail stories about X Factor) and false negatives (porn wrongly classed as non-porn, which will happen for all sorts of reasons up to and including bugs, mendacity and pressing the wrong button). They will strongly recommend a well-defined, transparent corrective mechanism to allow for appeals, and they will ask why the hell are we being asked to be surrogate parents anyway?

The politicians will steeple their fingers and nod politely, making notes including pictures of boobies and willies and giggling amongst themselves. Then they’ll make simplistic analogies to TV watersheds and the controversial and secret Internet Watch Foundation blacklist of what somebody unknown once claimed to be child porn. They will invoke holy phrases like “children are our future” and that pol fave “our children, and our children’s children.”

And then when the experts have rolled their eyes for the nth time and left muttering, chances are we’ll see a bill that establishes an anonymous group of people who will, with only the flimsiest of oversight and a 99-step appeals process culminating in a rubber stamp of the word DENIED, maintain a secret list of verboten URLs. The members of the group will not be named “for their own safety, and to avoid nobbling” (they’ll snigger at the word “nobbling”). The list will be secret “to deter use of technical measures to bypass its restrictions” (despite the experts having told them that security through obscurity is a Bad Idea). The public will be assured that the system is foolproof (despite the experts explaining that the biggest fool is the fool calling any technology foolproof).

And the first URL on the list post-enactment will be the Wikileaks du jour. Because the Act will, of course, contain that other holy phrase of our age, “national security,” which can be applied to anything anyone decides it can be applied to. Additional URLs blocked will try and fail to stop copyright infringement on films, TV shows and recorded music, because some idiots still think that’s possible. And there’ll be a push to ban web sites for violent video games, movies and TV shows, too, because there always is.

For additional Kafka points, you will naturally commit a criminal offence if you access a URL on the list you are not allowed to see.

It’s all “for the protection of children,” you understand.

1 Comment

Filed under Random

Tackling drink-driving by closing the M4

Last weekend saw political hammers and security service nails deployed once more to shoddily half-shut a stable door. Next, with best misery guts faces on, a succession of suits will assure us that adding CCTV to all stables and waving our hands in an expensive pattern are crucial to ensuring our safety, despite them all having ignored the gaping, yawning doorway since the stables were opened by the Queen Mum in 1964. Meanwhile the escaping nag – Yemeni Ink, by Timing Device out of Sniffer Range – canters leisurely to pastures new.

It must be party time in Osama’s cave/hotel room. Again we see that al Qaeda doesn’t have to kill people to win. Terrorists, some people appear to have trouble grasping, aren’t actually trying to kill people: they’re trying to spread terror. And with the eager, hysterical assistance of the media and the government they’re succeeding. The Sunday Express shrieked about “Lockerbie II” and pols everywhere are now scrambling to be seen to do Something, Anything. Paint the stable yellow! Put a low brick wall around it! Place it inside an invincible glass dome with no way in or out! Blow it up!

This is, of course, all part of Osama’s plan to put the willies sufficiently up western democracies to make them overreact to each and every perceived threat, to keep the populace in a state of constant fear and suspicion, and to tacitly incite hatred against anyone not like them. It’s Operation Chief Inspector Dreyfus: make us all twitch-eyed, trigger-happy gibbering nutjobs intent on destroying all the many Inspector Clouseaus of our respective lives.

And so far Operation Dreyfus appears to have been a wild success. It seems half the US population is spooked by the sight of a muslim. Given the reaction he seems to be producing, I’ve noted with some concern that nobody has ever seen Glenn Beck and Osama bin Laden in the same room.

Operation Dreyfus is Act II of Osama’s grand plan. Act I, of course, ended on September 11, 2001. For the last nine years we’ve had a steady stream of lower level attacks, some foiled, some not. They’ve kept governments and security services busy poking around empty stables with long sticks and declaring war on straw and other nonsense. But have they been so busy chasing their own tails that nobody has been focusing on two rather important and interesting questions: how does Act II end? And what happens in Act III?

Act II is building steadily to a population conditioned to live in fear, to expect and find normal the constant, draconian surveillance of an increasingly authoritarian police force. Last year 100,000 people in the UK were stopped under anti-terror laws, sometimes for photographing public buildings, but a grand total of zero were arrested for terrorist offences. Travellers in the US are forced to choose between inspection by all-revealing scanner and by TSA hands instructed to wander crotchwards until they ‘meet resistance‘. And meanwhile, the steady rise in paranoia: posters exhorting you to Report, to Keep Watch. Terror Threat Levels. Reassuring-but-subtext-laden statements – “No information of any imminent attack” – designed to convey the message IMMINENT ATTACK!

And anyone too Different – in skin tone, or religion, or assumed religion, or lack of religion, or extent of trouser flare, or angle of fringe, or anything else that can be imagined – lives in fear. Watching their backs. Worrying who’s round the next corner fleeing the latest Fox News falling sky alert.

That’s where I suspect Act II ends: hunter and hunted. Possibly an innocent muslim lynched by a baying, slavering mob, an ensuing riot, tension, panicky cops: and then the shooting starts. Touchpaper well and truly lit, it kicks off elsewhere too. Curfew, state of emergency, troops deployed.

Once a country is in that heightened, nervous, fidgety state, the tiniest action is incendiary, like flicking a tiddlywink down a mountain. Once the avalanche has started it’s too late for the pebbles to vote. Act III probably opens with such an event: a simple, game-changing act. My first thought was an assassination, but a kidnap would be far more powerful. For the avoidance of doubt, this is purely a thought experiment.

Implausible, perhaps. But then I never expected to see the Berlin wall fall and Germany reunited within a year; to see an attempted coup in the Soviet Union, and to see that superpower rapidly disintegrate; to see a war in Europe; to see passenger jets used as missiles; to see western democracies engage in a war under entirely false pretences; or to see Greedo shoot first, and R2D2 and C3PO advertise Currys.

It almost certainly won’t play out that way: Osama might have very different goals for his three acts. I do know that we’re reacting to these events in precisely the way he would predict, and that’s where the problem lies. We invariably respond by trying to protect against yesterday’s attack in an overbearing and cackhanded fashion: like tackling drink-driving by closing the M4.

If the state truly wants to make us safer, then it should pour money into reducing road traffic accidents, not into intercepting and analysing internet traffic. It should say Keep Calm and Carry On, not If You See Something, Say Something. We in turn should laugh and joke about it, not let a git in a cave dictate how we lead our lives: we should simply refuse to be terrorised.

Terrorism is nothing new. We had IRA attacks on the British mainland in the 1970s, 1980s and 1990s. Some people were spooked by anyone with an Irish accent, but we didn’t declare a war on beer just because a couple of pubs were blown up. I remember turning on Breakfast Time in 1984 to see Norman Tebbit being pulled out of the wreckage of the Grand Hotel in Brighton, but receptionists didn’t suddenly start feeling people up before handing over the room key. If my grandparents, and millions of others, could remain in London and other major cities when the bombs were dropping during World War II, then we in our cosseted, cosy, ridiculously safe lives have absolutely nothing to worry about.

Leave a comment

Filed under Random

Mostly harmful

What a primitive world you humans inhabit.

A world in which the most successful at spreading fear and terror are those charged with the fight against fear and terror, who declaim solemnly that to secure freedom you must surrender your freedom.

A world in which a bewildered, misguided old man in a silly hat and a frock holds sway over a billion of you with his hate-filled, evidence-free invective.

A world in which having is fine, but sharing is not unless a complex set of criteria agreed by neither the giver nor the receiver are abided by, to the benefit almost entirely of the writers of the criteria and not those they claim to have written those criteria on behalf of.

A world in which statistical outliers and anomalies have massively greater influence over what happens than statistical likelihoods, resulting in death and destruction on a vast scale that, unlike the outliers and anomalies, is apparently entirely unnoteworthy.

A world in which the difference between truth and falsehood, between guilt and innocence, between libel and opinion and between fact and fiction is often measured in gold.

A world in which people are sometimes not allowed to know that they are not allowed to know.

A world in which belief in a mythical sky fairy endows legal rights to discriminate, and in which choosing not to believe in a mythical sky fairy, or in the most culturally appropriate mythical sky fairy, can result in a painful and premature death.

A world in which plenty is never enough, where your wealth is seemingly determined by people who are only interested in their own wealth betting other people’s wealth that your wealth will go up or down more or less than other people betting other people’s wealth think; and getting it wrong, and repeating it daily forever with nobody calling a halt to the madness for fear that all these people will bet all these other people’s wealth that your wealth will go down.

A world in which legislation to prohibit certain actions and stupidity trumps trust and common sense unless the acquisition of vast wealth via betting is involved, in which case trust and common sense trump legislation even where it is plain from experience that the people involved are untrustworthy and lack common sense.

A world in which the foolish and the gullible are neither protected nor educated but treated as prized markets to exploit.

A world in which the most fundamental, irreplaceable resources are mined, squandered, moulded and fashioned via the collective expertise of hundreds of generations, causing untold waste and pollution and permanently damaging the environment of the only planet you inhabit, then quickly discarded into large holes in the ground or thrown into the sea, all in the pursuit of wealth and frippery.

Time for the hyperspace bypass.

1 Comment

Filed under Random

Given enough eyeballs, all politicians are shallow

Alert readers may have perceived the thundering cloven hooves of an approaching General Election. Thousands of women are even now bearing down heavily to ensure sufficient raw materials for baby-smooching photo ops with slobbering, faux-chummy moat-owners and mortgage flippers. Between now and – most likely – May 6th (curse my predictive non-skills!) – pols of all flavours, none of them particularly lickable, will promise the earth while secretly planning to deliver a couple of inconsequential sods.

It’s a familiar, draining process. Manifestos full of smiling multiracial faces, hero-posing alongside commitments that mysteriously become aspirations for the n+1th term as soon as the ballot boxes go back into the ballot box box. Those smiling faces, like the swirling angels at the climax of Raiders of the Lost Ark, melt and burn into evil spirits sucking the souls of the electorate into a Westminster-based heaven allegory. Er, spoiler alert.

During the campaign we’ll see interview after interview where the usual reporters ask the usual questions and get the usual non-answers: “I’m glad you asked me that, Krishnan, let me answer something else”; “Look, the real question you should be asking is…”; “You should be focusing on the things the public care about, like…”; “Typical of the left/right wing BBC to…”. And my favourite double act: “The only poll that matters is the one on…” vs “Our internal polling is showing something entirely different”. Over, and over, and over…

This happens because complete honesty tends to be a career-limiting move for a politician. To climb the greasy pole – to even grasp your hands around its base – you need to become one with the grease. You don’t so much climb up the pole as oleaginate via osmosis and rise by capillary action. Dare to level with the electorate – by which I mean truly level, not say “Let me be clear here” because that’s code for “I am saying words to fill dead air while I formulate my non-response” – and you risk a roughing up by the whips, the party Dementors, and possibly defenestration.

Voters hate the evasion, distraction, rhetorical tricks, petty squabbling, dishonesty, finger-pointing, underhand tactics, etc, etc, used by politicians. They also hate it when broadcasters let politicians off the hook. Jeremy “Did you threaten to overrule him?” Paxman’s apparently accidental stuffing of Michael Howard in 1997 is a beautiful, shining, oh so rare exception. Discos and triscos typically degenerate into playground arguments over Top Trumps moderated by freshly graduated teachers eager to please both sides, when what’s really needed is a grumpy old soak not afraid to administer a good, old-fashioned clip round the ear.

I fear there is no great desire amongst broadcasters to fix this problem. It’s mostly all about the news cycle, the trivia, the access. I fully expect this time to see Sky News broadcasting live from David Cameron’s freshly waxed anus. There’ll be breathless reporters deployed like paratroopers at Arnhem to chase after any suit with a rosette, and eager to magnify the tiniest fluff or mullet-related punch-up to grotesque proportions, vomiting Westminster twittle-twattle to a British public thoroughly, self-throttlingly bored of the whole thing by day two.

I’m atypical; I love elections and TV election coverage. Indeed I have an honorary degree in Swingometry from McKenzie College of Psephology and Knitting, Vancouver, BC. And yet even I get utterly sick of the same old faces spouting the same old stories and getting away with it. I’ll be shouting at the screen – while stabbing my politician-shaped voodoo doll with a selection of the very finest cutlery – as reporters move swiftly down lines of suited twerps bleating their non-responses, then wrapping them up because they’ve only got twenty-five seconds before the next update from Jeremy Thompson wedged firmly up Cameron’s bumcrack.

But this election is, I think, going to be different and a little disruptive. This election will be the first bottom-up election.

Linus’ law: Given enough eyeballs, all bugs are shallow. This works just as well in politics: given enough eyeballs, all politicians are shallow. We’ve now reached critical mass. Someone outside the mainstream media, at some point during the campaign, will discover something important. It might be one of the ‘celebrity’ political bloggers, like Iain Dale or Guido Fawkes, already breaking stories; it might be an unknown. It could be a street urchin or ragamuffin of some kind who YouTubes a candidate twatting about. There are signs of bottom-up already: look at www.mydavidcameron.com.

Twitter will spread the key stories – true or not – twice round the world before rolling news has cut back from the weather. It’s going to be a shock to the political system, and everyone will be fair game. It might even change a few results.

None of this can prevent manifestos full of self-destructing promises, interviews as enlightening as the test card, and 24-hour CamAnusCam. And the Westminster of tomorrow won’t look that different to the Westminster of today, whoever ends up kissing hooves with Queenie. But it’s a start.

Leave a comment

Filed under Random

GSM and holes in the ground

Exciting news from the Chaos Communication Congress in Berlin this week: the A5/1 stream cipher meant to ensure privacy on GSM mobile phone calls has been weakened. Security researcher Karsten Nohl and his team have created an attack table – two terabytes of it – so you can look stuff up rather than be forced to calculate it yourself. They’ve saved processing time at the expense of memory. You can see the gory details in Nohl’s 26C3 presentation.

This kind of thing is not a surprise to anyone interested in security systems: a given system never becomes more secure, only less secure. New attacks and weaknesses are found. Supposedly secret keys turn out to be not-so-secret. No amount of pixie dust or PR can change this. For those designing security systems the game is to stay one step ahead of the attackers, to be Road Runner against Wile E Coyote.

But there’s a third player in the security game. Alongside our meep-meeping hero and Acme’s best customer (a black-hat hacker) is the white-hat hacker. His job is to find Road Runner’s vulnerabilities before Coyote does: because that way Road Runner can introduce effective countermeasures before Coyote can do any damage. White-hat hackers are needed in part because, as security guru Bruce Schneier says, anyone can create a security system they cannot themselves break. You need some attackers on your side to point and laugh when you make a basic error, because the black-hat hackers won’t be so kind.

In this case, Nohl’s team are wearing white hats: they’re the good guys. And don’t forget that Nohl’s team might not be first. We don’t know. Suitably savvy crooks might have already exploited the weaknesses in A5/1.

An appropriate response from the GSM Association – the mobile operators and hangers-on who promote GSM – would have been: “Yes, this was always going to happen at some point. That’s why we’re doing blah blah blah,” where the blahs would describe some change that strengthens the system. That would give people confidence that the association were thinking ahead, working to improve security.

But when I heard the news of this new attack I laughed. I knew what the response would be. The GSM Association would find the nearest hole and wedge its head firmly inside, while issuing pooh-pooh PR from its prominent buttocks. And that is precisely what has come to pass.

A spoke tells us, “We consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM.” Pooh! “To [develop this attack] while supposedly being concerned about privacy is beyond me.” Pooh! Nohl’s activity was “highly illegal.” Pooh!

Let’s take those points in order:

  1. What’s impractical now will be practical soon: it’s the way technology works. If you wait until it’s a practical attack you’ll be too late. The GSM Association are probably just hoping that GSM will die before this happens.
  2. Nohl’s team call GSM “the most widely deployed privacy threat on the planet” and don’t believe the GSM Association is taking its weaknesses seriously. That sounds like concern about privacy to me.
  3. Cretins. White-hat hackers must use black-hat methods or it’s game over.

But, you say, Nohl could have taken his attack to the GSM Association privately. I don’t think this would have had any effect. From his presentation it seems as if they were well aware of his work, and the default behaviour of associations like this when presented with undesirable information tends to be to either ignore it or try to suppress it. The unfortunate truth is that it is only through transparency that anything changes. See also: MPs’ expenses.

Surely, you continue, the GSM Association contains some people who aren’t dumb. They must know that security systems get broken all the time. Of course they do. In fact they were perfectly capable of issuing the response I suggested above because a stronger replacement cipher is available, KASUMI or A5/3, that I believe handsets already support. (Nohl’s presentation suggests A5/3 has weaknesses of its own, but let’s not go there.)

This new cipher isn’t in widespread use simply because not all operators have upgraded their systems; they’re trading off the increase in security against the expense of upgrading.

I’m guessing this was not a message the operator-packed GSM Association wanted to send out in their condemnation of Nohl’s work.

Leave a comment

Filed under Random

War stories

Each of us has a war story or two. By which I mean an actual story about an actual war, not just an anecdote about that time a skinhead threatened you with a kumquat. I have several, almost none of which involve me. They’re family stories, handed down by our family’s official teller of stories, my aunt.

Stories such as: how World War II broke out on her fifth (I think) birthday; how Uncle Bill (her mum’s brother) was “the only Canadian” on the beach at Dunkirk; how he, later in the war, happened to meet up with (I think) his cousin and another friend or family member in the middle of the North African campaign (there’s a photo somewhere). In case you’re wondering, her father – my grandad – was in a reserved occupation and didn’t see active service.

When I hear these stories I invariably ask myself how I would have fared in that war – or worse, World War I. When I was twenty I was at college, watching on TV amazed as the Berlin Wall came down; in World War II I might have been fighting in the skies over Kent, resisting what seemed an inevitable German invasion. In World War I I’d have been in the trenches.

I remember in January 1991 when the Gulf War started: a newsflash jumping into coverage of a football match, TV quickly patching into the CNN feed from Baghdad: chunky graphics and Bernard Shaw on a crackly phone line describing the bombs falling. I was working on my final year project and the adrenalin rush made my hands shake enough that I couldn’t write. I expected, as did many others, that Saddam would use chemical weapons on Israel – live on TV. We saw news reporters in gas masks; Kate Adie in a tent “in eastern Saudi Arabia”; John Simpson kicked out of Baghdad. It took just a few weeks to kick Saddam out of Kuwait.

A more local conflict followed as Yugoslavia imploded and NATO finally, reluctantly, acted. War in Europe, but not a european war. John Simpson dodging bombs in Belgrade this time.

And then Bush came to power and used the attacks on New York and Washington to bring his own idea of democracy to Afghanistan and Iraq. I agreed with the original goals in Afghanistan, but I knew the Iraq war was a sham as did millions of others. A shameful war, justified by lies, supported by sycophants, and driven by fundamentalist Christian ideology. The only plan to invade and conquer, the only goal revenge, the only possible result an entire region destabilised for decades. I watched on TV; sadly I’m still watching.

Wars in Iraq and Afghanistan continue, and the deaths continue. Democracy in Afghanistan has resulted in a corrupt election with Karzai last week declared the winner. Why are we still fighting this war?

Gordon Brown made a speech yesterday on the UK’s Afghanistan strategy. Here’s one passage:

“The first priority of any government is to provide security for its people. It is not sustainable to subcontract that task indefinitely to the international community. So the expansion and training of the Afghan army and police must be the new government’s first priority.”

And then three paragraphs later:

“President Karzai agreed with me yesterday that the first priority of his new government would be to take decisive action against corruption.”

I wonder which of the many first priorities Karzai will tackle first, and which he will only tackle first.

Why is our “strategy” on this war so apparently cobbled together that ridiculous, contradictory statements like that can get into major, supposedly defining speeches? Why are we still fighting this war?

Brown defines success in Afghanistan:

“We will have succeeded when our troops are coming home because the Afghans are providing security themselves, continuing the essential work of denying the territory of Afghanistan as a base for terrorists.”

If we pulled out all our troops today, who would provide security? The Afghans themselves. There: done. In any meaningful sense this is not a measurable way to define victory. The reality is: success is when we declare success. Why are we still fighting this war?

Tomorrow is Remembrance Sunday. I wear a poppy. I observe the two minutes’ silence. I’m grateful that men and women fought and died, and continue to fight and die, so that I may live in a world in which I don’t have to battle in the skies over Kent, or in the trenches, or in the deserts of Iraq or Afghanistan, or anywhere else. I won’t have any first-hand war stories to pass on to the offspring I also won’t have.

But I want the war stories that today’s soldiers tell their children and grandchildren to be about wars that were fought for a just cause, for a clear goal, for honourable reasons. The worst, most poignant war stories don’t end with death or destruction, but with one word: “why?”.

1 Comment

Filed under Random

Evidence versus expedience

Last Friday Home Secretary Alan Johnson fired the government’s chief drugs advisor, Professor David Nutt, for speaking out against government policy: for saying the unsayable, that alcohol and tobacco are more harmful than cannabis. This inconvenient truth has been, for a long time, the elephant in the room – metaphorically rather than hallucinogenically. Indeed a rare non-rubbish Horizon covered the same ground some time ago.

But governments don’t govern by evidence: they govern by expedience.

One death from tobacco-related lung cancer or alcohol-related liver failure is a statistic. One death from ecstasy is a front-page story, a week of leader articles and why-oh-why fodder for an officeful of lazy, smoking, drinking hacks. The Daily Mail has more influence on government drugs policy than any scientist, or any fact.

(Similarly, deaths on the road are considered “acceptable”. Crushed between two 12m, 44 tonne, six axle articulated lorries carrying fizzy weak Eurobeer to satiate the Friday night binges lubricating the traditional British weekend? Statistic. Span off when driving too fast on an icy road to die in a ditch polluted by a local factory? Statistic. Unless of course you were daft enough to get in a car driven by a drunk bodyguard and didn’t wear your seatbelt: then you’re the People’s Statistic.)

Political expediency ensures that tobacco and alcohol are legal and (not particularly well) regulated, despite the costs in lives, in time and in money. That same expediency rejects the evidence-based analysis that would logically lead to legalisation and regulation of (according to Nutt) lower-harm drugs like cannabis. The belief is that the votes of Middle Britain would go elsewhere, at least in the present generation, mostly thanks to sky-falling-in tabloid articles written by journalists who, of course, have never taken any illegal drugs themselves.

Politically, David Nutt had to go. He had proclaimed the emperor’s nudity from the rooftops and most significantly he had criticised the government: the emperor was not only starkers, but a big old Fatty McFat Fat.

I have no problem with the notion that “advisers advise, politicians decide”. I do think that scientists should keep out of politics, mainly for their own sanity. But this goes both ways: politicians should keep out of science. By all means ignore some or all of the advice you’re given, as long as you don’t pretend in public that the advice is something else. Instead, tell us why you’ve rejected it. Plain and simple. We might or might not agree, and we might argue vehemently that you’re wrong, but we’d respect the honesty.

And we desperately need an honest debate about drugs: about the science and about the politics. Sadly that doesn’t seem possible. Scandalously Channel 4 News hasn’t even been able to persuade a single representative of the Home Office to appear on its programme to answer questions about David Nutt’s dismissal.

I guess it’s not seen as politically expedient.


Filed under Random