Posts by Allan George Dyer

National Security Law

From my point of view, the National Security Law is quite clear, even though the administration doesn't seem to realise just how broad it is. Two provisions, taken together, make it risky to do any sort of information security: it allows covert surveillance by the national security department of the police (Article 43(6)), and interfering with the performance of duties of state power is an offence of Subversion (Article 22(3)). Suppose a user in your company is under surveillance, you run your anti-virus scanner and remove spyware from their machine... guess who goes to jail for Subversion? If you sourced the scanner from a foreign company, that might also be Collusion with a foreign power under Article 29.

As this law has worldwide jurisdiction, then researchers in the foreign company developing the scanner might also have committed an offence.

Oh, and as this would involve state secrets (there's no point in using a covert surveillance tool that isn't secret), the trial could be conducted in secret.

Don't worry, I'm sure the trial will be conducted to the highest standard of Chinese justice.

"Average caught British computer criminal is young, male and not highly skilled" - FTFY

Maybe there is a correlation with the average skill level of the British Police in these matters?

It's a Cunning Plan

1. Leak timing of "clandestine operations"

2. Do nothing

3. Watch adversary franticly searching for the clandestine operations

4. Deny ongoing operations

5. goto 2

More attributes needed...

Some places (e.g. Switzerland, Hong Kong) require masks in some circumstances, and ban them in others. Does it have useful attributes:

participatingInAnIllegalGathering

religiousDress

and configuration options:

globalPandemic = TRUE

we_reNotReligiouslyIntolerantBut = TRUE

As clear as mud

How the “LeaveHomeSafe” app actually achieves its aim is unclear. You can scan the QR codes at venues, and enter taxi license numbers, and confirm when you leave a venue. The Government has, multiple times, assured people that their visits are ONLY stored on their phone and automatically deleted after 3(?) weeks, so there are no privacy concerns. But, if you are tested as COVID +, you have the option (otherwise, what's the point?) for uploading your records to the Centre for Health Protection. Presumably, the consolidated records are then transmitted to all app users. This might cause two issues:

i) If there are lots of cases, does this scale well? Three weeks of visit date for every case must be transmitted to every app user for matching.

ii) If there are very few cases (yesterday there were 14 new cases in HK), privacy is compromised. In the extreme case, the movements of one person are transmitted to every app user. Anyone who can work out who the case was ("Bob went into quarantine yesterday") can check where they have been (depending on the in-app security... probably reasonably breakable).

In practical terms, the actual scanning of the QR is fast enough, it's the other stuff that is inconvenient. I've experienced all of these:

a) I didn't see the code on entering

b) I did see the code, get the phone out, start the app...

c) Someone (a security guard) is standing in front of the code

d) The lift arrived, catch the lift or scan the code?

e) I'm leaving... Oh, look, there's the code, scan it now?

f) I left, and forgot to tell the app (it defaults to 4 hours before expiry)

The resulting records are likely to be incomplete and inaccurate.

The size of the venues is highly varied... restaurants are now required to display the code, and eat-in customers must either scan it or record their details manually, so every corner cafe has a code. So do 20+ floor Government buildings with thousands of people. There's a large public hospital with multiple buildings with QR codes at each entrance, and some of the buildings are linked by bridges, without QR codes. Is it counted as one venue or many? Either you end up testing far more people than have possibly been within shouting distance of a case, or you miss close contacts, or, most likely, both.

Interestingly, during public briefings on the latest figures, Government officials have not reported the number of cases that were detected because of this “LeaveHomeSafe” app. I won't speculate why.

More data required...

So, what sort of masks were the production crew wearing? Assuming the level of interaction was roughly the same as the participants during the event (possibly a bad assumption, if some stayed in the control room the whole time), the masks appear to have been completely effective at protecting their wearers. We know even improvised masks are highly effective at protecting other people if the wearer is infected and asymptomatic. Were the crew wearing N95 masks, or something less effective?

Wolly thinking

"overestimate the likelihood of guilt" - While I agree with the Appeal Court's decision, they could do better in describing their reasoning. The test doesn't determine guilt, it matches, or fails to match sample A to person B, the meaning of the match depends on the context.

Or have we reached beyond thoughtcrime to the point where genetics can be used to identify evil races? Icon: Godwin's Law.

"MagSafe charging standard"?

What standard? I like MagSafe, but I was annoyed that I couldn't use the old PSU from a broken MacBook Air with a new MacBook Air, because the MagSafe connector was a different size.

Golf, not Insurrection

So these armed hate-groups are going to turn up to the inauguration cold and grumpy because they slept in the back of their pickup trucks?

How about offering them alternative accommodation somewhere warm, like Florida? Hey, there's an idea, spread a rumour that Donald likes them so much he wants them to hang out by his pool and play a round of golf. The course is empty, now the PGA has dumped him.

Archaic Usage

Until recently, the HK government was fond of using "cum" in it's meaning of "combined with". Who wouldn't want to use a litter cum recyclables collection bin?

However, I declined the invitation to a "Networking cum drinking party".

Multi Apps are available

"It has since become ubiquitous, racked up billions of uses and is now to be adopted in Hong Kong."

The HK Government is currently promoting a different app, which relies on users scanning a QR code at participating venues, not the other way around like Xi Jinping's app.

I'm confused.

Unexpected Error

So, the other errors were all expected? Why didn't you do something about them.

French Technology

What RFI is not saying is that their chief engineer is from Gallifrey, and un problème technique involved the temps et dimension relative dans l'espace.

“Police recommend that you do not engage with scammers,”

So what do we do for entertainment now? Particularly as some places enter a new lockdown.

Suggested conversation extenders:

"So, where is this 'Any' key?"

"How do you spell dub-dub-dub?"

"Is this about the delivery of my duct-tape, pincers and spade?"

'Twitter says it has "no evidence" this claim is true.'...

So the hacker posted the most outrageous lies he could think of as The Pres, and no-one could tell the difference?

The first commercially funded airlock?

Let me guess, it lets you out for free, but charges on the way in...

"I'm sorry Dave, your credit card limit has been exceeded."

Think of the possibilities...

If this is successful at getting status information to the public, they could extend it to inform maintenance teams at some point.

How to double the problem...

"For now, we're told, the solution, for want of a better word, is to break the data into two or more spreadsheets."

Incidently, has anyone mentioned handling of US date formats yet?

In other news, due to a Y2K problem, all the statistics so far are from the Spanish flu pandemic.

No Appeal

I don't know why Penman thinks that only success channels incur the wrath of the industry. I used Scott Joplin's The Entertainer, taken from an original (1900ish?) piano roll as background music on a video and the copyright owners of the film The Sting put a strike against me. That, to my mind, is a false claim, they didn't compose the music and had nothing to do with the production of the piano roll. So, I appealed with an explanation, and got a blank response that they were pressing the claim. I wasn't willing to start an expensive legal battle over a video that will probably be viewed by almost no-one so that part of the video is now silent.