Friday, June 20, 2008

More on the EU blogger code.

Not surprisingly, this has attracted more than a little scorn from a few people.

But let us remind ourselves:

whereas weblogs are an increasingly common medium for self-expression by media professionals as well as private persons, the status of their authors and publishers, including their legal status, is neither determined nor made clear to the readers of the weblogs, causing uncertainties regarding impartiality, reliability, source protection, applicability of ethical codes and the assignment of liability in the event of lawsuits,
Okay, I'll try:
  • I suppose I am a private person - an interestingly undefined term - I am certainly not a public figure.
  • Hang on, I have appeared on TV a couple of times, I have given evidence to Parliamentary committees, I have been interviewed by mainstream media. Am I a 'private person' still?
  • Oh, no, actually, I am a 'media professional' - I do get paid (occasionally and generally late) for writing articles.
  • But it isn't my main source of income (not really even pin money).
  • But my blog does occasionally cover information security, which is what I write professionally about.
  • But I am not a member of the NUJ nor have I registered myself with the government as a blogger.
  • I am not impartial, clearly, but then neither are MSM journalists.
  • Source protection? In the USA this might have some legal standing, maybe, but not in the EU!
So, clear as mud then! Statist cunts.

The Inexorable March of the Code Napoléon

Well, it is really beginning to wind me up. As people keep pointing out, there is a very significant difference between Common Law nations, such as England1 and America, and Code Law nations, such as most of Europe - i.e. most of the fucking EU. Unfortunately, the egregious cretins at the Berlaymont never take any account of this difference.

I work for an IT company and they do quite a reasonable amount of UK national and local government work. We are now looking at bidding for some EU work - in my area - and I have been looking at the Pre-Qualification Questionnaire for this. It amazes me2:

3.1 Is the Applicant insolvent (or the subject of bankruptcy proceedings if an individual) or being wound up? Proof A or C required, see next page for further details.

3.2 Is the Applicant having its affairs administered by the courts?
Proof A or C required, see next page for further details.

3.3 Has the Applicant entered into an arrangement with creditors?
Proof A or C required, see next page for further details.

3.4 Has the Applicant suspended business actitivies?
Proof A or C required, see next page for further details.

3.5 Is the Applicant the subject of proceedings concerning any such matters referred to in 3.1, 3.2, 3.3 or 3.,4 above or in any analogous situation arising from a similar procedure provided for in national legislation or regulations?
Proof A or C required, see next page for further details.

3.6 Has the Applicant been convicted of any offence (if an individual) or judgement been made against it concerning its professional conduct by a judgement which has the force of res judicata?
Proof A or C required, see next page for further details.

3.7 Has the Applicant been guilty of grave professional misconduct?
Proof not required.

3.8 Has the Applicant failed to fulfil its obligations relating to the payment of social security contributions or the payment of taxes in accordance with the legal provisions of the country in which they are established or with those of the country of the contracting authority or those of the country where the contract is to be performed?
Proof B or C required, see next page for further details.

3.9 Has the Applicant been the subject of a judgement which has the force of res judicata for fraud, corruption, involvement in a criminal organisation or any other illegal activity detrimental to the European Community’s financial interests?
Proof A or C required, see next page for further details.

3.10 Following any other procurement procedure or grant award procedure financed by European Community budget, has the Applicant been declared to be in serious breach of contract for failure to comply with their contractual obligation and is the Applicant subject to any administrative penalty as a result of this?
Proof not required.

Now the questions themselves are probably not too unreasonable (although 3.9 is likely to exclude nearly all MEPs and many recipients of EU grants). What concerns me is the "proofs" that are required:

AProof regarding situations mentioned in points 3.1, 3.2, 3.3, 3.4, 3.5, 3.6 and 3.9 in the form of a recent extract from the judicial record, or failing that, a recent equivalent document issued by a judicial or administrative authority in the country of origin or provenance showing that these requirements are satisfied. The extract(s) or equivalent documentation must be the most recent available.
BYour Imperial Overlords will accept a recent certificate issued by the competent authority of the country concerned as satisfactory evidence that the Applicant is not in the situation mentioned in the point 3.8 above. The certificate must be dated less than four months before the final date for submission of this PQQ.
CWhere no such certificates or documents are issued in the country concerned, they may be replaced by a sworn or a solemn statement made by the Applicant before a judicial or administrative authority, a notary or a qualified professional body in the country of origin of provenance.

Now, where, in a common law country, do you actually get such proofs? If you have done something, there may be a certificate saying that, or not. And "Proof C" is no proof at all - just bloody arse-covering!

Of all of the things I haven't done, I don't have a single piece of paper saying that I haven't done them3. It reminds me of the St Trinian's film4, where the Headmistress (IIRC) says "I'm the only person here with a certificate to say I'm sane!"

1. Scotland, interestingly, is somewhere in between. It does retain most of the aspects of Common Law although much of its early law was codified in the C18 and 'they' are trying to do it again.

2. Although not as much as the ones from pre-Boris London that asked us for the number of transexual lesbians amongst our staff and shareholders. Not information we gather!

3. I don't work with children and am no longer in a specified occupation, so do not have an Enhanced or Standard Disclosure certificate.

4. The 1966 "The Great St Trinian's Train Robbery", apparently (i.e. according to the great god, Google).

Friday, June 13, 2008

The Rule of Law and Other Things

While generally wishing to join in the near-ubiquitous and almost ritualistic praise of David Davis from the rest of the libertarian blogosphere, Rachel and the ukcrypto list (but with Trixy providing some balance?), I would like to make the following points:
  • Important though Magna Carta and habeas corpus are, constitutionally, historically and in demonstrating the utter disregard nu-Lab have for anything that doesn't fit in with their micro-managerial accretion of power to the central state, they are probably less relevant in terms of its constitutional impact on modern Britain than the Lisbon treaty.
  • For a politician to make a stand on a matter of principle is rare. For a high-flyer with, I suspect, a guaranteed seat in the Cabinet if (when, please, when) the Tories win the next election, is amazing.
  • But, you would also have to say and although I disagree with her violently on this, Anne Widdecombe also made a principled stand for 42 days. This is much the same as respecting the Dennises (Canavan and Skinner, not Denis MacShane - Ed notes: interesting google cache of his wikipedia entry: "Denis MacShane (born 21 May 1948) is a politician in the United Kingdom. He is Labour Race Traitor for Rotherham, and was the Minister of State for Europe ...") for standing by their principles whilst disagreeing wholeheartedly with them for being blithering socialist prats.
  • I don't think Davis is taking too much of a risk - a 5000 majority at the last election and the stunning unpopularity of Gordon's cronies?
  • It has let the spin machine distract the press from dumping on Gordon and Jacqui.
  • UKIP need to do something about Bob Spink.
This (h/t Harry Haddock) really makes me think:

Prosecutor Alex Mann said the police went to ensure everything was all right and spoke to Cocker who was 'co-operative and relaxed' and he assured the officers everything was fine.

'He only became worked up when the police asked for his details,' said Mrs Mann.

'The police tried to explain they just needed the name for the report but he became aggressive and started swearing at the officer.'

After the hearing Joan Codling, 57, who lives in the flat below and made the call to police, said she contacted officers after being concerned that he may have fallen ill.

She said: 'I was worried in case he was having an epileptic fit. There was a lot of noise and I didn't know what to do so I called the police.'

A police spokesman said Cocker became 'aggressive' towards the officers who feared for their own safety.

The spokesman said: 'Parva spray was used to stop any confrontation and was necessary to protect the officers and any members of the public who were around at the time.

'Within the circumstances, we feel we used reasonable force.'
So many things to say, although this is the Daily Hate report not a list of facts but as I don't actually have access to those ...
  • It is a sad reflection on the isolation of our communities that when a neighbour thinks that somebody may be in medical difficulties, they call the police rather than going and knocking on their door.
  • I suspect that Cocker was technically wrong in refusing to give his name (and that this is why he was convicted). Even PCSOs, I believe, can require you to identify yourself (one of their few statutory powers.)
  • If the guy was trying to shut his door, how on earth could the police fear for their safety? Surely they are safer on other side of a door from somebody they have unnecessarily pissed off than with no barrier between them.
  • Pelargonic Acid Vanillylamide - "primarily affects the eyes causing closure and severe pain." Lovely stuff.
And, finally, this. One of the problems we have in the UK is that we generally assume that rules have been put there for a sensible reason so, unlike the Italians or the French, will normally comply (hence our usual polite queuing - unless you live in Merton). Companies are scared to disobey the rules of the nanny state because the punishments are arbitrarily severe (and fighting them legally costs so much more than just avoiding the problem.) But, it has to be said, Tescos (corporately) are, as has been said here before, a bunch of prats.

Thursday, June 12, 2008

Yet Another Voluntary 'Code'

From the home exemplar of cretinous suggestions - the European Parliament:
Suggests clarifying the status, legal or otherwise, of weblogs and encourages their voluntary labelling according to the professional and financial responsibilities and interests of their authors and publishers;

In this context the report points out that the undetermined and unindicated status of authors and publishers of weblogs causes uncertainties regarding impartiality, reliability, source protection, applicability of ethical codes and the assignment of liability in the event of lawsuits.

Actually, the report is only 8 pages and full of Euro-shit, so its "pointing out" consists of this unevidenced statement:
whereas weblogs are an increasingly common medium for self-expression by media professionals as well as private persons, the status of their authors and publishers, including their legal status, is neither determined nor made clear to the readers of the weblogs, causing uncertainties regarding impartiality, reliability, source protection, applicability of ethical codes and the assignment of liability in the event of lawsuits,

So, because some journos blog, then all the actual human beings who do so must wear a yellow star on their blogs (yes, sorry, Godwin)?  Would they just bugger off and die?

Wednesday, June 11, 2008

No It's Not

A 'smurf attack' not especially nasty, that is.  It is, however, old news

The attack consists of a flood of ICMP echo reply packets generated by exploiting the "broadcast address" feature of the Internet Protocol.  It is defended against by dropping packets aimed for such addresses outside of local networks (i.e. at routers).  See here, as well as the CERT-CC advisory.

The 'fraggle attack' is a similar concept but using the UDP protocol rather than ICMP (after many people just started blocking ICMP at the firewall.)

Smurfs, on the other hand, are truly hideous.

Tuesday, June 10, 2008

The Future of "Intrusion Prevention"?

Bruce Schneier has been one of the influential thinkers in the information security profession for much of its existence.  A professional cryptographer (he designed the common Blowfish algorithm and the Twofish algorithm that was one of the five finalists in the AES competition), he wrote what is still a key work in the field, "Applied Cryptography", but has been working in the wider security arena for some time - running his own intrusion detection outsourcing company - Counterpane - now part of BT.

In a recent CSO Magazine interview, he answered a number of questions on the changes in security, mostly concentrating on the anti-terror / airport security situations he castigates in his most recent book, "Beyond Fear".

However, much to my delight, he then said this, talking about security ideas from the insect world:

But the neatest story I've found is about how lima bean plants defend themselves. When two-spotted spider mites attack them, the plants emit a chemical distress signal. The distress signal helps in three distinct ways. One, it gets other, nearby lima bean plants to start sending out the same distress signal, even if they're not being attacked yet. Two, it repels other two-spotted spider mites. And three, it attracts carnivorous mites to land on the lima bean plants and prey on the herbivorous two-spotted spider mites. Yes, the plants have evolved to call in air strikes against their attackers.

My emphasis.  Yes, one of the gurus of computer incident response seems to have proposed active response by ground attack aircraft on suspected computer criminals.  Now, if we could just get this added to the Council of Europe Cybercrime Convention then incident response will become a lot noisier!

Friday, June 06, 2008

The Spread of Illiteracy

Whatever the failings of the British establishment, and they are many, varied and manifest, you always used to be able to rely on them for the graceful depth of their classical education, "le bon mot et le mot juste" and the correctness of their grammar. The V&A museum is as establishment as you get.  Hence my surprise at the surprisingly illiteracy of one of their posters I saw this morning; advertising their exhibition, "China Design Now".

As a Scot, I am quite sensitive to the pedantic distinctions between Scots, Scotch and Scottish.  Therein lies the source of my dismay.

"China Design Now" suggests the field of fine ceramics.  Perhaps "China: Design Now", suggesting the country, or "Chinese Design Now", suggesting the nationality or population, were considered too elitist or merely too correct for Brown's Britain? 

Thursday, June 05, 2008

BT Phorm Trial Report Leaked

The report is available here and Alexander Hanff has an analysis up here.  I'm not sure the Security section (3.7) is adequate but this does seem to refer to a much older version of the malware.  Equally, as this is a 'Technical Validation', there is little treatment of the legal, regulatory or ethical issues which, it has to be frank, are the biggest problem with this appalling idea, although there is a minimal mention in Section 4 (Broadband Terms & Conditions).

I particularly like this apposite (we say 'security', we mean 'Revenue Share') typo from the "Success Criteria" section:

An interesting iota of excrement from the great { Phorm / Webwise / 1-2-1 Media / evil spyware b*stards } debacle.

Boggles, Mind, The

Now, as a libertarian, I am against state interference.  As a humanitarian, however, I realise that some "parental choices" are simply a guise for child cruelty. But, why, oh why:

They declared: "It is the National Tax Board's view that Elvis is a first name of a masculine type and as such may, in light of standard practice, be considered clearly inappropriate as a first name for a woman."

The unfortunate nipper's mother has vowed to battle on and to "continue calling her daughter Elvis whatever the eventual outcome" of an appeal.

The Local notes that another Swedish couple, who last year locked horns with the tax authority over their daughter's proposed name, eventually prevailed and will now have to answer to young Metallica when she's old enough to realise just how daft her mum and dad are.

is it the "National Tax Board" who have control over the naming of children?  I could understand it being the Registrar or the local mayor's office but the Infernal Revenue? Even in Polly's socialist utopia, young Elvis shouldn't need to pay tax for another 15 or so years!

Wednesday, June 04, 2008

Idiots Just Keep Surprising Me

Well, he is a Yank and a lawyer, so that is two strikes agin him in the great lottery of life but:

Lane's attorney, Paul Rosen, said it was outrageous that his communications with his client might have been compromised. "You can't imagine the discomfort of learning that Larry Mendte, who is working for CBS . . . may have had access to her most intimate and personal communications," Rosen said.

Now, I'm not condoning any computer crime - even the relatively minor one of looking at somebody else's email but ...
  • Will people stop treating email as if it is some sort of secure system.  The analogy normally used is that it is like writing a postcard in pencil - trivial to read and easy to change.
  • "may have had access to her most intimate and personal communications" - no, no, no! Please, don't do this on email and, not picking on Yahoo specifically but, if you have to use email, choosing a major web-mail provider is even less clever.
  • "Lane's attorney, Paul Rosen, said it was outrageous that his communications with his client might have been compromised."  He needs to think about just how many ways email communication with his clients may be compromised.  Then he needs to start communicating sensitive information with his clients in a more sensible way.  This is, in the grand scheme of things - essentially trivial - a workplace dispute and 'hacking' that probably is no more technical than a guessed or shoulder-surfed password.  If Rosen was, for some reason, representing a suspected terrorist with FISA warrants and even more sinister espionage in place, his outrage is not going to balance the scales of justice.

HTTP Error 403: You are not authorised to access the file "\real_name_and_address.html" on this server.

(c) 'Surreptitious Evil' 2006 - 2017.