back to article As Brit cyber-spies drop 'whitelist' and 'blacklist', tech boss says: If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother

The British government's computer security gurus have announced they will stop using the terms whitelisting and blacklisting in their online documentation. The National Cyber Security Centre (NCSC), part of GCHQ, said on Friday it would, following a request from a customer, eliminate the terms when describing including and …

Page:

  1. anthonyhegedus Silver badge

    "Oh, that was easy," says Man, and for an encore goes on to prove that black is white and gets himself killed on the next zebra crossing.”

    1. Anonymous Coward
      Devil

      Geez

      Note that Geez, clearly referring to Jesus is religionist and god damn is sexist.

      I better stop typing before the thought police get here.

    2. sabroni Silver badge

      So explain white lists and black lists without using the words allow or deny.

      This is pathetic. There's over a hundred and fifty comments on here, most of them badly thought out "polictical correctness gone mad" screeds heavy on "what if I think the allow list is things I'm allowed to deny" bullshit.

      Allow list is a list of allowed things. That is clearer than calling it a white list.

      Deny list is a list of denied things. That is clearer than calling it a black list.

      1. Anonymous Coward
        Anonymous Coward

        Re: So explain white lists and black lists without using the words allow or deny.

        Dont think anyone cares about white list, black list just needs a vowel swap to block list, then everyone who cares more about touchy feely imagined everyones a winner nonsense can bugger off out of the way of real security discussions, i wonder how many got pwned while the oh so important discussion of what to call black and white lists went on, suppose a grey list should now be a delay list.

        white and black hat are irrelevant as no one refers to them selves as such as its all shades of grey and choice of application, criminals are criminals, no need for a cute cyber prefix, end of the day there aint much difference between a banker with granted access to a system fiddling the books, to a non skiddy gaining access and emptying accounts, other than a massive bonus vs a short jail stint and a black deny mark on your cv...

        Are rainbow tables next incase it hurts a homophobes feelings? Or are they beneath consideration due to having incorrect points of view??

      2. Anonymous Coward
        Anonymous Coward

        Re: So explain white lists and black lists without using the words allow or deny.

        Sir I will blackball you from our club because you are a blackguard.

        On the other hand members of the Black Watch are welcome

      3. LucreLout

        Re: So explain white lists and black lists without using the words allow or deny.

        This is pathetic. There's over a hundred and fifty comments on here, most of them badly thought out "polictical correctness gone mad" screeds heavy on "what if I think the allow list is things I'm allowed to deny" bullshit.

        Pathetic? What's pathetic is the endless newspeak being spewed out by those championing offense politics.

        This change is pointless and counterproductive, and it smacks of people talking utter nonsense just to have an excuse to take offence on someone elses behalf. It's the same utter stupidity as "the singular they". Define yourself however you choose, just don't expect me to play along with the pretense.

        Offence is taken and cannot be given, therefore it is your choice if you choose to be offended. I'm all done worrying about that and I'm done playing your word games, because the sort of things you get offended by are unending and increasingly silly. [Not "you" Sabroni, "you" generically]

      4. chuBb.

        Re: So explain white lists and black lists without using the words allow or deny.

        white lists generally permit access/bypass of a system, where as a blacklist prohibits access/triggers additional scrutiny

        But its VERY subjective and contextual, if your edge security stance is block everything and permit only from inside to out connections, then your white list would only contain known exemptions of permitted inbound connections.

        So anyway explianed without prohibited words.

        That said this is nonsense especially as its actually useful to visualise your ACL's and trusts defined by them as a strata/gradient i.e. (grey lists trusted with supervision/observation of behaviour) and thats a level of intuitive nuance missing from allow and deny, i suppose supervised might work in some context's but not many i.e. when its something like spam greylisting where what your really doing is verifying that the sender has a SMTP relay that follows the rules and behaves in an expected manner, i.e. retries after 5 mins, a delay list would be a better name, but doesnt really indicate any connotations of trust like white/grey/black list does to my mind.

      5. Intractable Potsherd

        Re: So explain white lists and black lists without using the words allow or deny.

        @sabroni: has there ever in history been a case where using "whitelist" and "blacklist" has cause confusion? If yes, your point has merit - if no, then you are being picky for the sake of it. (Personally, I'm torn. I think things should be made as clear as possible to aid understanding, so I like your argument. On the other hand, if it ain't broke, don't "fix" it is a really good maxim for everyday life.)

  2. karlkarl Silver badge

    Being "in the black" is seen as a positive thing when it comes to debt. Will they get rid of that term? Possibly those of fairly red skin (eczema?) may become upset.

    So now that shades don't exist; do I pay the ransom money to the BlackHat or the WhiteHat hackers? Both charge large amounts.

    1. Anonymous Coward
      Alien

      Depends.

      Is the bank using it international?

      As for software, it often is, and colour (though sometimes international) is a local and social, traditional option for reference.

      So it can cause confusion, or be a buzzword. Where as "allow list" and "deny list" are easier to translate and implement.

      Also see time, clocks, calendars and just about anything human being way way more complex once you decide to try and program it! :D

      1. Mike Shepherd

        Re: Depends.

        How does changing the name of something make it easier to implement?

        1. This post has been deleted by its author

          1. amanfromMars 1 Silver badge

            Re: Depends.

            Using correct, descriptive names for functions and variables usually helps with comments. ...... Benson's Cycle

            Apparently, and as I have oft found and been told, such is not always the case whenever new descriptive names for functions and variables are thought unbelievable and/or too good to be true and nonsensical.

            It is easily enough resolved though with the virtuous application of a bit of patience and as much extra information as is needed for an advancing intelligence to paint an accurate picture for fuller presentation and deeper comprehension.

          2. Rich 2 Silver badge

            Re: Depends.

            While I’m all for meaningful variable and function names, the only thing that helps with comments is actually writing comments.

            And please don’t go down the “self commenting” argument - it’s bollocks and perpetrated by lazy people who can’t be arsed to document the (usually crappy) software they write

            1. sabroni Silver badge

              Re: it’s bollocks and perpetrated by lazy people

              Explain to me again how comments get tested? I prove every line i write with tests. How do you alert your users when your comments go out of date?

              Oh, you don't? You allow a description that doesn't match the functionality to live in the code? Now that really is bollocks perpetrated by lazy people.

              1. Persona Silver badge

                Re: it’s bollocks and perpetrated by lazy people

                Explain to me again how comments get tested

                Code review.

            2. Anonymous Coward
              Anonymous Coward

              Re: Ooooh...

              When I wrote the code, only God and I knew what it was doing. Now only God does.

    2. Len
      Go

      The problem is that colours are usually non-ordinal until you give some, often subjective, meaning to it. Red, yellow and green make sense but only if you already know the colours from how they were once agreed on traffic lights. Red as a colour for danger makes some sense but green as a colour for the opposite much less so. In many countries the middle light isn't yellow but orange (and they call it orange too).

      Black has always been an ambiguous colour (or technically, the absence of colour). As you say, when it comes to financial figures 'black' is a positive thing, though 'black money' is money before it is laundered. Meanwhile, in branding 'black' is often the highest, best, or most expensive tier, think 'black label'. For that reason I've always found the 'black hat' and 'white hat' terminology ambiguous too.

      I think this makes a lot of sense, 'Allow' and 'Deny' are unambiguous.

      1. John Brown (no body) Silver badge

        And not forgetting, of course, those cultures which don't differentiate between green and blue other than as shades of the what they see as the same colour. Or those where red is seen as propitious rather than danger. Or those like the UK whose middle traffic light is amber and called such, not yellow or orange.

        1. Peter X
          Joke

          It strikes me that there are so many varied uses of colour, both in a positive and negative context, maybe we should just give up calling people black or white, and just have brown and pink people? And then all other uses of "black" or "white" can remain as they are?!!

          1. chivo243 Silver badge
            Alien

            Just like the Andorians...

            Pinkskin! You owe me one!

            1. Lunatic Looking For Asylum
              Unhappy

              Re: Just like the Andorians...

              Pink may offend the homosexual community :-(

          2. Persona Silver badge

            give up calling people black or white

            Been there, done that.

            Many many years ago when I hadn't been at school too long we had a couple of black girls in my year, except we weren't allowed to call them black as that was then a pejorative term. I clearly remember the teacher saying if you look closely they aren't black but dark brown, and as easily as that we all accepted it and stopped using that term. The teacher also pointed out that we weren't white but more of a pink colour but that didn't go down so well as the boys all saw pink as a "girly" colour............ You can't win them all.

            1. Drew Scriver

              In a previous US Census I was visited by a Census taker who insisted on checking the box "white" for my race.

              Not only did I tell her that I go by "human", I also put my hand on the questionnaire and challenged her to define the color of my skin.

              Compared to the obviously white sheet of paper it was quite impossible to refer to me as white. Red, maybe brown. But even our toddler could see it wasn't white.

        2. Mage Silver badge

          Port and Starboard

          Should really have been red and blue, but blue was an awkward shade to create a filter for, works poorer in fog and much less bright than green.

          Port is red, because it is and is to the left facing towards the pointy bit because it was called Larboard in English for awhile, There may also have been a convention to use a steering oar on the starboard side and tie up to the pier in port on the port side, but I'm sceptical, The changing of larboard to port was obviously needed for shouted orders more than black -> deny.

          Red and Green are still often used on machinery for stop and start, though often with differently shaped buttons. Red for an emergency stop may be a Western thing? As is red on gauges and meters for danger or empty. Possibly from typewriter ribbons. Though red, green and black ink was used for dip pens. Curiously commercial "fountain pens" with a nib rather than fine tube come after typewriters and large ballpoint pens for carton marking.

      2. aks

        Traffic lights in the UK were traditionally labelled as red, amber, green.

        1. Ian Johnston Silver badge

          Though railway signals are red, yellow and green.

        2. Drew Scriver

          In Virginia, and I assume in many other states as well, the word "yellow" does not appear in the traffic code. Legally it is called "amber".

          Now, tell this to the people at the DMV, as even the written test for a driver's license insists on calling it yellow...

          1. Robert Helpmann??
            Mushroom

            In Virginia ... the DMV ... is the absolute worst of anywhere I have lived or visited across four continents and dozens of countries.

            Sorry, but some slight editing was in order to make the statement a bit more clear.

      3. Anonymous Coward
        Anonymous Coward

        Thing is, its nothing to do with race. It derives from christian view of "good" being depicted as white hues such as angels etc and their representations being in alabaster and marble vs demons, witches etc being draped in black

        A customer - so that will be a committee with a permanently offended MP or a civil service dept headed by someone who thought that "ba ba black sheep" was racist (despite black sheep existing and being uncommon vs white sheep) and thought "ba ba happy sheep" was a much better choice.....it is politically correct virtue signalling at its worst and pushed out during a pandemic to avoid the justified pushback.

        REALLY good to see they have so little to do, perhaps long overdue to cut their funding as they clearly are overfunded and overstaffed if they have time for this nonsense

      4. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      "Being "in the black" is seen as a positive thing when it comes to debt."

      I've a feeling that might be a UK thing ... in the US I think they use green for profit and red for debt

      1. Mad Chaz

        BLACK Friday disagrees

        1. Drew Scriver

          Doesn't the term Black Friday come from the label police departments gave it because it was the day when family feuds would flare (after Thanksgiving)?

      2. Gerry 3

        'Deny Friday' ?

        Hmmm... I never realised that the day after Thanksgiving to get back in profit in the US was known as Green Friday.

        Will it now have to be called Deny Friday?

        1. Scroticus Canis
          Facepalm

          Re: 'Deny Friday' ?

          Wishing for an Allow Christmas

          The Deny Country, the Deny Hills

          The Allow Cliffs of Dover

          I'll have a deny coffee please

          Where does it all end?

          1. Anonymous Coward
            Anonymous Coward

            Re: 'Deny Friday' ?

            Awww snowflake, it ends with calling a list of things to be denied a "deny list" and a list of things to be allowed an "allow list". Using this as a cue to blindly replace all instances of white with allow and black with deny is a very silly straw man argument.

            Maybe you should take some time to reflect on why you can be triggered so easily, eh?

            1. Kubla Cant

              Re: 'Deny Friday' ?

              Maybe you should take some time to reflect on why you can be triggered so easily, eh?

              Maybe you should take some time to learn about irony?

      3. ratfox

        In China, they use red for profit and green for debt.

        1. myhandler

          White is the colour of death in China and red is the colour of good luck and energy.

      4. Tim99 Silver badge

        Way back in time, two common inks were red and black - Black inks go back to prehistory, red (HgS) inks were certainly around 2000 years ago. Both of these inks were "permanent". Early 20thC typewriters could have dual colour red/black ribbons and were often used for accounts.

    4. bombastic bob Silver badge
      Facepalm

      let's just make things as confusing as possible

      It's my understanding that 'Red Hat' got its name because in certain countries (like maybe China) the 'Red Hat' is the good guy, and the 'White Hat' is the bad guy. Or something like that. And KKK members wear white hats. And I own a black hat (I'll be wearing it with my recently obtained Guy Fawkes mask).

      So next is what, traffic lights? Can't use 'Red' for 'Stop' because it offends "Red People" ? Or 'Yellow' for "Caution" because it offends "Yellow People" ? Or maybe 'Green List' vs 'Red List' because they're already used for traffic lights? Except in some places they use Cyan rather than Green.

      Oh hell let's just use the ENTIRE RAINBOW. for EVERYTHING and just CONFUSE EVERYBODY! And then we'll offend the LGBTQ{rest of the alphabet} people because they use rainbows to represent their "community"... [seriously dividing ourselves up like this using 'identity' is completely _BOGUS_, and then people get to pretend they care about PETTY CRAP like 'offensive' color-related terms]

      I have a better idea: STOP caring about PETTY CRAP like this, and care about things that MATTER instead. [yeah nothing BLATANTLY OBVIOUS comes to mind at the moment...]

      icon, because, facepalm

      1. Alan_Peery

        Re: let's just make things as confusing as possible

        Except that "allow list" and "deny list" are less confusing.

        1. CountCadaver Silver badge

          Re: let's just make things as confusing as possible

          Not really, unless your wet behind the ears, nearly everyone knows what blacklisted means i.e. banned / blocked from entry as in the blacklist run by various large construction firms up till very recently in the UK i.e. NG Bailey for one, same as blackballed

          Ditto for "Black affronted"

          Someone is burning taxpayers money on a meaningless virtue signalling exercise and are forgetting who pays their wages i.e. the general public, who are generally sick to the back teeth of this relentless (and very expensive) politically correct driven rebranding/naming exercises. Then again I see the same nonsense from local councils from both elected members and salaried managers spraying public funds about like water

        2. jake Silver badge

          Re: let's just make things as confusing as possible

          Does your allow list allow spam, and your deny list deny spam?

          Does you allow list allow "adult" web browsing, and your deny list deny "adult" web browsing?

          Confused yet? How about YourDearOldMum?

          1. sabroni Silver badge

            Re: Does your allow list allow spam, and your deny list deny spam?

            Hmm, tying yourself in knots here jake. The allow list is the list of allowed things. The deny list is the list of denied things.

            Confused? Only if you try really really hard to be.

            YourDearOldMum can work it out, don't pretend it's tricky.

            1. Intractable Potsherd

              Re: Does your allow list allow spam, and your deny list deny spam?

              @sabroni: jake is correct on this one. I have fallen victim to this in the past. "Blocklist" would be clearer in this situation, though I've never had problems with white- and black-lists.

        3. Mark 65

          Re: let's just make things as confusing as possible

          Does that mean we’ll now have allow hat researchers and deny hat researchers?

      2. Terry Barnes

        Re: let's just make things as confusing as possible

        "I have a better idea: STOP caring about PETTY CRAP like this, and care about things that MATTER instead"

        Privileged white man thinks that race doesn't matter. Knock me down with a feather.

        1. Intractable Potsherd

          Re: let's just make things as confusing as possible

          And no one can respond to you without getting serious risk of being modded. Privilege much?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like