The great weakness in democracy is that whenever you ask the people what they want, they choose something other than what they’re going to get. The great strength is it doesn’t matter: you can always ignore them, go round them or go over them. Whichever route you choose, those damn people will have what we give them.
So, in the UK, the government always chooses self-regulation over legislation. Getting internet censorship legislation voted through the two houses will be difficult; but persuading the ISPs to voluntarily enforce that censorship, step by step, will be easy. The UK simply ignores democracy.
The EU goes round the people. Ask the people and they’ll throw it out, like ACTA. So the EU gets round democracy by sidestepping it; like the private deal being discussed by the Clean IT project between the ISPs and the law enforcement and intelligence services. This way there’s no pesky parliament interfering, and no awkward judges to satisfy.
But both of these approaches are too lily-livered for the macho American presidency. Obama’s approach is to drive straight over democracy and sod the people. If the judges declare his NDAA unconstitutional, so what? He’ll have it anyway. And if Congress rejects his Cybersecurity Bill, who cares? He’ll force it through on an executive order regardless of the people.
Democracy. Pah! Who needs it.
As I get, well, more mature, I find myself becoming increasingly intolerant of these highly paid (often by my taxes), poorly educated (even though they probably got A-Star A-levels and red-brick double-firsts) moronic murderers of the English language. (If you are more than forty, this doesn’t apply.)
In the weeks prior to the Tour of Britain coming to the rural backroads of Devon, garish yellow signs appeared at regular intervals along the roadsides.
Advanced notice… they said. I tried; I tried very hard, but could find nothing advanced about them. They were, in fact, very basic notices – just simple prior warnings of weaponised wheels spinning far too fast.
But I became more and more apoplectic with every advanced notice I passed. If you cannot use the English language correctly, go back to school. Don’t get paid for annoying me!
There. Feel better now. Stay calm and keep taking the medication.
By now everyone in the world knows that Anonymous claims to have lifted 12 million sets of Apple user details from the feds; that the feds say we never had them in the first place; and that Apple says it never gave it to them anyway. The first is wholly believable (and most likely true); the second is unbelievable – and although I don’t know about the third, I have my suspicions.
But that’s not what I want to talk about. It is the message from Anonymous in its announcement. You can read it here: SPECIAL #FFF EDITION – ANONYMOUS. It’s long, it’s a little bit rambling, but it’s well worth the effort.
If you do read it, stop and think about it. Don’t dismiss it as the paranoia of disaffected teenage geeks. Instead, take a moment to consider the message:
You[r] home, stuff, car and computer, you will pay for everything you have for all of your life. All the time: a monthly fee, forever until you die. That’s the future; nothing is really yours. LAAS – Life As A Service. You will rent your life.
You’ll be tempted to dismiss it. Don’t. Jump over to 10 Things That Every American Should Know About The Federal Reserve. This one is written by a lawyer: Michael T. Snyder, a graduate of the McIntire School of Commerce at the University of Virginia with two law degrees from the University of Florida.
The truth is that our current debt-based monetary system was designed by greedy bankers that wanted to make enormous profits by using the Federal Reserve as a tool to create money out of thin air and lend it to the U.S. government at interest.
In the traditional sense, this one is better written, but they both say the same thing: different words, different grammar, different style – but still the same thing. Banks trap us in debt. It’s a syphoning system. They create money that doesn’t exist, and they certainly don’t have, and then one way or another they ‘lend’ it to us. We have to pay back, ostensibly with real money but actually with our lives, what they created out of nothing.
One way or another, the banks get us to pay them for our own enslavement.
There are two forms of irresponsible disclosure that are illustrated by the last week in Java world. The first is to rush to full public disclosure as soon as a new vulnerability is discovered or a new exploit developed without giving the vendor any time to fix it. The second is to refuse to disclose until after the vendor has produced a patch. Google’s approach – to give the vendor 30 days to fix the vulnerability before it is made public is responsible disclosure. But I don’t want to defend Google, I want to nail the idea that it is somehow responsible to stay shtum until the fault is officially patched.
Last week a new Java 0-day exploit was made public and went ballistic. The problem is that Oracle knew about the problem from 2 April at the latest: it was a known 0-day vulnerability that Oracle then ignored. Oracle ignored it in its first round of quarterly patches, so the earliest it could fix it would be 16 October (or they could just ignore it again).
An exploit for this vulnerability went public last weekend and was rapidly added to and used by the Blackhole exploit kit – making the internet an even more dangerous place for Java users. But we know that an exploit was active in the wild before it became public knowledge because both Kaspersky and Symantec have said so. What we don’t know is how extensively nor for how long it had been in the wild.
So what we have is an actively exploited 0-day vulnerability that the vendor knew about but had no plans to patch for at least another six weeks – or put another way had already ignored for almost five months. That is unacceptable.
But then the vulnerability was publicly disclosed and shame was heaped upon Oracle. And in just a couple of days it was fixed. This would never have happened without full public disclosure.
So just as giving a vendor no time to fix a vulnerability is irresponsible, so is it even more irresponsible to give that vendor a blank rain check. Oracle and Java prove this – so next time a security researcher publicly discloses a 0-day exploit, don’t condemn the action – it may just save you a whole lot of grief.
GeneWatch UK today slammed the EU’s new draft rules for approving genetically modified (GM) insects, fish, farm animals and pets. The organisation warned that billions of GM insect eggs and caterpillars would be left in vegetables and fruit if UK company Oxitec’s GM moths and flies are approved by the EU under the new rules. Oxitec’s GM insects have been genetically engineered so their caterpillars die inside olives or tomatoes or on the leaves of cabbages. The company plans to release GM pests across the EU to mate with wild pests in an attempt to reduce their numbers. Millions of GM pests must be released each week to have any effect on wild populations.
GeneWatch UK PR: Billions of genetically modified bugs will spread in fruit and veg under new EU proposals
Jesus wept. Is there no end to the depth of our ethical depravity?
When we finally succeed, as we inevitably shall, in wiping mankind off the face of the earth, Gaia will breathe a sigh of relief.
Well, as you know, I got in a bit of a mess over my BT password. All sorted now.
One of the reasons for choosing BT was to avail myself of the 3 million free WiFi hotspots it offers (and yes, when available in the right place, it’s a very, very good service). But, oh, those passwords again. My new BT account password didn’t work with BT WiFi. Nor was my BT account username recognised by BT WiFi.
So I contacted support. Let’s not go into all those recorded messages advising you to check their website for a solution to your problem (which is, of course, that you cannot check their website). No matter. Persist. There is a human being at the end of the monologue. He may not be in the same country, and he is almost certainly difficult to understand – but he exists and is polite so long as you don’t venture off the hymn sheet.
Turns out I needed a BT email address which I didn’t have. It’s OK, he said, I’ll give you one now. Which he did. And your password, he said, is…
Whoa, I said. Couldn’t you mail it to me? No. What about email, and I’ll change it as soon as I get it? No. What about security, I asked? This is secure, he said. What about eavesdropping, I said? It’s not possible, he said. This is secure.
OK. He didn’t actually know he was talking to me over a VoIP phone which I had on speaker in a crowded – but quiet – room. But, well…
This, he said, is your secure password: paris123.
Umm. If you don’t hear from me for a while it’s because our local terrorist or his file-sharing brother sniffed the details and used my account before I changed my brand new secure password.