* Posts by Richard Simpson

44 publicly visible posts • joined 8 May 2007

Research finds consumer-grade IoT devices showing up... on corporate networks

Richard Simpson

This can be prevented but I guess it's not easy.

Where I work security seems to actually be taken seriously and this problem shouldn't be able to occur (or at least it would require a lot more effort).

For a kick off, there are no WiFi passwords as only WPA2-Enterprise with pre-shared keys is supported.

For physical connections, if your device's MAC address isn't in the data base then the port doesn't activate at all. I guess you could try changing the MAC address to get round this.

If you try to connect your own switch onto the end of the network then this is detected and again the port doesn't activate.

All of the switches are in locked rooms or secure cabinets and you can't have your own local switch even if it is supplied by corporate IT. I recently wanted to connect a dozen pieces of lab test equipment (which will all need to be registered and approved, obviously) but wasn't allowed to have even a corporate approved switch on my test bench. Instead, IT installed a dozen more RJ45 sockets on the wall running back to the secure network cabinet in the corner of the room.

We have working from home, but only via corporate supplied laptops which will only connect via the corporate VPN. Only approved USB devices will activate if you try to plug them in.

I have no doubt that this all costs an awful lot of money and a great deal of inconvenience so I'm not surprised that most enterprises fall far short of this standard.

You better get a wiggle on then: BT said to be mulling switching off UK's copper internets by 2027

Richard Simpson

How many connections is that?

Have I understood this correctly? Are BT proposing to dig up and replace the copper cable to every single property in the UK in the next eight years? That must be thousands every day even if they start now.

Eggheads want YOU to name Jupiter's five newly found moons ‒ and yeah, not so fast with Moony McMoonface

Richard Simpson

Every language and culture

Here we have one of these ridiculous and unenforceable rules. How exactly is anyone going to determine that the name they come up with isn't offensive in any language or culture? I can't begin to imagine how anyone on earth could be sufficiently multi-lingual to know this. How do we even know that there isn't some remote Amazonian tribe who find the word "Jupiter" tremendously offensive?

Brit boffins build 'quantum compass'... say goodbye to those old GPS gizmos, possibly

Richard Simpson

Re: GPS accuracy

The military signals are also transmitted on a second quite different frequency (about 1.2 GHz if I recall) and this is another reason for their enhanced accuracy.

Atmospheric refraction affects the accuracy of GPS because it affects how long the signals take to pass through the atmosphere. Civilian GPS has a model to correct for that, but it is based on an average atmosphere. To go a step up in accuracy you need to know the state of the atmosphere right now and that depends on things like the sun. The atmosphere affects the two different GPS frequencies (civilian and military) differently and by measuring the difference you can get a better estimate of the current atmospheric refraction and improve your estimate of position.

Dot-com web addresses prices to swell, thanks to sweetheart deal between Uncle Sam, Verisign

Richard Simpson

.com is for international companies

Personally I can't claim to be too fussed by this. The .com TLD is (at least technically) for international companies who can clearly afford to spend the renewal fee. If other people want a .com then I don't see that even $10 per year is a significant cost and if it is then there is no shortage of other far more appropriate TLDs available such as .org (if you activity really is international) or a country specific one such as the .org.uk that I use for my personal domain.

Remember that lost memory stick from Heathrow Airport? The terrorist's wet dream? So does the ICO

Richard Simpson

Use of old classification

The presence of documents containing obsolete security classifications is not necessarily surprising. In an astonishing example of governmental common sense, when the new classifications came out (3 or 4 years ago) there was no requirement to re-classify existing documents unless and until they were changed.

Git it girl! Academy tries to tempt women into coding with free course

Richard Simpson

Schools need to step up to the plate

My Daughter would love to have done GCSE computing but her prestigious girls grammar school chose not to offer the course citing lack of interest. Said lack of interest was probably not helped by them reducing the computing course in year 9 to one half lesson a week due to "lack of room in the timetable". There was still plenty of room in the timetable for one and a half lessons of RS! Now they are muttering that they might not run the A level either despite that being a combined course with the boys grammar.

Conclusion: You can go around all you like encouraging girls to study computing, but you also have to lean on schools to actually offer the courses. Extra courses like the one Maker seem to be offering are an excellent effort, but not a substitute for offering the proper academic courses in schools.

The eyes have it: 'DeepFakes' bogus AI-meddled videos outed by unblinking gaze

Richard Simpson

The real problem with "Deep Fakes"

Everyone seems concerned that Deep Fakes will create fake news to discredit politicians but I am not so sure that this is the real issue.

If I was a politician I would welcome the arrival of this technology. Obviously I can use it to discredit my opponents, but far more usefully, I can now visit Miss Whiplash safe in the knowledge that should a video ever emerge I can gaze into the camera with a look of injured innocence and say "Obviously this is a Deep Fake. It's terrible how this technology is being used to mislead my constituents".

I wouldn't even have to worry about this blink rate question, as I am guessing that statistics of the normal blink rate whilst being "corrected" by Miss Whiplash will be hard to come by.

Richard Simpson

Defeats the point

Yes, but the entire point of "Deep Fakes" is that the video convincingly looks exactly like the person it purports to show. If that person is wearing sunglasses then it will be much less convincing and defeat the whole point of the thing.

Beardy Branson: Wacky hyperloop tube maglev cheaper than railways

Richard Simpson

Land costs!

"How on Earth could it be cheaper to put a train in a continuous airtight pipe hundreds of miles long, rather than simply running rails along the ground?"

Can I start by saying that I am neutral on whether Hyperloop makes sense, particularly in the UK where it will be tough to get the tube straight enough, but to answer the specific question it is largely about land costs.

A railway line consumes a huge amount of land. A double track is easily 10m wide and even more if you need a cutting or embankment. Buying all that land for your shiny new railway is mightily expensive, plus you have to keep building bridges so that roads can get under or over it.

With a Hyperloop you bung your pipe on pylons so the amount of land consumed is much less. Most agricultural activities can continue underneath and roads can run under it completely unaffected. Also, it seems reasonable to suppose that the noise of the shuttle running through a low pressure tube will be much less than a huge high speed train running past so hopefully it can run much closer to houses, few of which will therefore have to be purchased and knocked down.

Coming now to the question of "simply running rails along the ground". I deduce that you are writing from the 19th century when this was almost possible. Unfortunately, here in the 21st century, high speed rail lines need a huge amount of construction work. Considerable foundations are required to ensure that the rail surface won't sag or bend over time (depending on the local geology obviously) together with ensuring reliable drainage. Because we are no longer using steam, there is a vast infrastructure to support and supply electricity to the overhead lines and of course we need signalling and train safety systems to be installed as well.

Of course, we could run our conventional railway line on a huge viaduct to allow cows to graze underneath, but apart from the much greater shadow cast on the ground, high speed trains are much heavier than Hyperloop shuttles so the viaduct will be vastly stronger, heavier, more intrusive and expensive than a Hyperloop.

Bottom line: I am quite prepared to believe that the cost per mile to construct a Hyperloop is considerably less than that for a modern high speed rail line, but that doesn't necessarily prove that it would be a better solution for the UK.

UK exam chiefs: About the compsci coursework you've been working on. It means diddly-squat

Richard Simpson

So, it's now the same as the iGCSE then?

Great! My daughter's school decided not to offer Computing GCSE because of a lack of interest. So we decided to teach it to her at home because it was her favourite subject but we couldn't teach her the GCSE because you can't do the coursework at home so we have started to teach her the iGCSE which doesn't have that bit.

Now we discover that we needn't have bothered and could just have taught her the GCSE in the first place!

FCC boss Ajit Pai emits his net neutrality extermination plan

Richard Simpson

The key issue is surely like of ISP choice

It seems to me that the key problem here is not so much the repeal of the net neutrality rules since so far as I can gather, the new ones don't say that ISPs MUST treat different services differently, but merely that they can if they want to.

Rather the key problem is combining that with the fact that most Americans have very limited choice of broadband supplier. As I understand it, even those who do have a choice only have a very limited one of maybe two or three suppliers all of whom are big corporations.

So far as I can see, I similar scheme here in the UK would be much less of a problem. I can get 80Mb via VDSL on my phone line at home via which I have a choice of more than 100 ISPs. Even if the big ones like BT and Sky started differentiating services there would always be some small players like Andrews and Arnold who would be prepared to sell me a flat service.

Estonia cuffs suspect, claims he's a Russian 'hacker spy'

Richard Simpson

Re: Round up the usual suspects

Do you have any evidence that a significant number of ethnic Russians living in Estonia are (in general) loyal to Russia rather than Estonia? The ones I know fall into two categories:

- Those born in Estonia and given Estonian citizenship either because they can pass the language test or because they are descendants of a citizen of the first Estonian republic (1919 - 1939) are generally loyal to Estonia (the majority, particularly of younger Russians).

- Those denied citizenship and therefore effectively stateless (no passport, can't vote) despite being born in the country because they don't pass the criteria above are rather more keen on Russia. I think we can all see an easy way to solve that problem.

Note 1 - The situation in Lithuania is rather different to the other two Baltic states because there everyone resident at the time of independence could become a citizen if they wanted to no matter how well they spoke Lithuanian.

Note 2 - Yes, the UK imposes a language requirement for those wanting to gain citizenship, but not (and this is the key point) for people who were born here.

Openreach: Comms providers 'welcome' our full-fibre 'ambition'

Richard Simpson

Re: Sit on Hands, became show hands slightly, BT still act like the drunk blocking the Pub doorway.

Well, I think what you are describing here Adam is a concept called taxation. Everyone pays something and there is some alleged universal benefit. This is of course a fine and wonderful thing IF the benefit is sufficiently universal. Sadly, many such benefits are not universal e.g. flood defences usually don't benefit tax payers on top if hills and schools are not particularly beneficial for the childless.

Your 5G and driverless car examples seem from where I am sitting to fall into the same category. My mobile phone isn't smart in almost any sense of the word and probably doesn't exceed 2G and similarly my 1997 Ford Fiesta is working just fine and I intend to keep it in that state until I am too geriatric to drive it. Perhaps I will need a self driving car then or perhaps I will be too senile to care!

In summary, I think that 5G is an excellent and clever thing and I am all in favour of it, provided that those who pay for it are those who want to use it.

Richard Simpson

Re: Sit on Hands, became show hands slightly, BT still act like the drunk blocking the Pub doorway.

I am with Andrews and Arnold. Currently I pay £35 per month for their VDSL service with 200GB download (which I don't get near using). A&A are quite an expensive ISP but they have truly fantastic technical support, are entirely happy with Linux based customers and appear to genuinely value my privacy.

When I bought my current service you could have 40/10 or 80/20. Subsequently they stopped the 40/10 for new customers and offered 80/20 at the same price. Those on the old service could upgrade for £15. To be honest I have to admit that I don't know if this offer is still valid.

Richard Simpson

Re: Sit on Hands, became show hands slightly, BT still act like the drunk blocking the Pub doorway.

I can definitely state that I do not want to pay another £7 per month.

Currently I get 40Mb down and 10Mb up via FTTC and I could switch to 80/20 for a one off fee of £15 if I wanted. Everything seems to work just fine and I am not in a hurry to pay an extra £84 per year for extra speed which I clearly don't need.

Dyson to build electric car that doesn't suck

Richard Simpson

Re: Solve this at the source

Ah, the old "An electric car is no use to me so everyone else who has one must be a fool" argument.

Well, Bombastic Bob, it would appear that your lifestyle does indeed require a gasoline car and you would currently be a fool to buy an electric one. BUT, it doesn't follow from that that everyone else has the same use case as you do!

Here is an entirely true example:

I have a colleague who sits a few desks from me. He lives in Bournemouth with his girlfriend and works in Salisbury. They own two cars. One is a Nissan Leaf and the other a conventional "gasoline" hatchback. Each morning they get into their respective cars and he drives 35 miles to Salisbury whilst she drives 5 miles to her job near Bournemouth. His Leaf has enough range for the 70 mile return trip, but he could charge up at our work electric charge points if he wanted to.

Evenings and weekends when they drive together they use the Leaf for short journeys (e.g. shopping) and her "gasoline" car for long journeys (e.g. visiting relatives). They find that this arrangement is entirely convenient and save an absolute fortune in fuel (particularly considering that "petrol" here in the UK costs a lot more than "gasoline" where you are).

So, having read this description (which I assure you is entirely true) would you describe my colleague as rich, an experimenter or smug? Perhaps smug is the right answer as that is probably how he feels about his huge cost savings.

2 kool 4 komputing: Teens' interest in GCSE course totally bombs

Richard Simpson

My daughter wanted to do GCSE Computing but can't!

My daughter is in year nine of one of the country's top girl's grammar schools. This year her computing was reduced from one period a week to half a period a week. Never the less, she put it down as her first choice of optional GCSE. Unfortunately, she was one of only eight girls to choose this option and the school decided not to run the course. She is now going to do French instead and is very disappointed.

Given that my daughter's school is selective and highly academic, it seems unlikely that the perceived difficulty of the subject would have been a major barrier. In my daughter's opinion (and speaking to her friends) the reduction of time allocated to the subject in year 9 meant that the teacher didn't have time to explain the concepts properly and thus many of the girls lost interest.

It is worth noting that in a nation which desires to produce significantly more digitally skilled workers, the school still found time for an entire period of Religious Education every week!!!

New prison law will let UK mobile networks deploy IMSI catchers

Richard Simpson

Encryption aware phone?

"Handsets are supposed to provide an on-screen notification when encryption has been disabled, but conformance to that detail is very rare indeed."

Has anyone ever seen such a notification? More importantly, are there any phones where you can set a flag which means "If the base station asks for an unencrypted connection then the answer is always - No"?

Just give up: 123456 is still the world's most popular password

Richard Simpson

Re: Don't Just Blame Users

Is it really such a big problem if people write their passwords down? Surely this at least depends on where they write them.

It seems to me that the main attack which passwords are protecting against are those which occur over the internet from anonymous adversaries usually in foreign countries. Such people can't see the passwords I have written down in a notebook at home and they only way they could would be to find my house and break in and the cost, time and risk of that clearly isn't worth it.

I agree that a random burglar may find the notebook, but most burglars are surely more interested in money and TVs and if someone has actually broken in I will at least know that my passwords may have been compromised.

Bottom line: Surely a strong password written down in a private location (e.g. your house) is much better than a weak password which is not written down at all.

Forget aircraft – now cretins are laser-blinding ferry boat crewmen

Richard Simpson

Re: 15 days jail time ?

Well, firstly, what percentage of Romans were drinking from lead containers? I am guessing a relatively small percentage of wealthier people with the rest getting their water from well/stream/puddle with wooden containers (which will of course be much less well represented in museum collections as they will have rotted away).

Secondly, being a bit of a psycho may have been an advantage in Roman society which was generally much more violent than ours.

Most lead piping was removed from UK homes decades ago and no new houses have been constructed with lead piping since perhaps the 1960s. I am in my 50s and I have never lived in a property with lead pipes. Most laser wielding loons are in their 20s and therefore are even less likely to have done so.

Of course some people claim (with some justification) that leaded petrol causes violence enhancing brain changes, but most 20 year olds were born after it was phased out.

UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor

Richard Simpson

Re: Provided by?

"It is currently a jail-able offence to not reveal an encryption key when demanded"

Yes, but that costs money! This law is all about bulk surveillance and you can only do that if the cost per suspect (sorry, citizen) is minimal. The process of demanding encryption keys involves people actually going around doing the demanding together with lots of expensive paperwork. Feasible for hundreds of suspects, but not for tens of thousands.

I already have a VPN to a trusted overseas supplier (my mother-in-law) using only open source software which can't have been backdoored by HMG. Now, maybe one day PC Plod will turn up and demand the key. I will of course hand it over after slightly less than the maximum time allowed. They will spend ages searching for whatever interests them and presumably find nothing (yes, they could plant some evidence and convict me of any offence they like, but they could do that just as well last month). I will then re-build everything from scratch, create a new key and we can do the whole charade all over again if they want to spend some more money.

I don't mind GCHQ reading all my email and files provided that they have to work for it!

Pluck-filled platter-stuff: Bold disk drive makers fatten up

Richard Simpson

Re: Geometry

"We can't assume a simple platter count doubling because the casing itself takes up space"

I was confused by this as well. Surely, no matter how tall you make the drive you still have one base and one lid so if you make the drive twice as high you get more than twice the capacity.

If we assume that a 1in high drive has 0.75in of platters and 0.25in of base (including PCB) and lid and that it contains 6 platters then adding another inch gets us another 8 platters. Am I missing something here?

Today the web was broken by countless hacked devices – your 60-second summary

Richard Simpson

Re: Maybe..

Well maybe it would be excessive to actually prosecute end users, but running insecure devices could be made illegal indirectly via ISPs. I think it would be perfectly reasonable for ISPs to be required to identify customers whose devices are part of these botnets and then warn those customers. With the legal stick being that if the customer doesn't fix or disconnect the offending device in a reasonable period (say a couple of months) then they get cut off until they do.

Digi minister Matt Hancock: Britain needs go full fibre. And we're not paying for it

Richard Simpson

Re: Why Why are all politicians complete morons?

I too am waiting to find out what all this extra bandwidth is for.

I recently upgraded my ADSL to VDSL and went from 3Mb/s to 40Mb/s downloads, BUT, I only decided to pay the extra because of the previously abysmal upload speed (a few kbit). The new 10Mb/s upload speed makes access to file shares as work easier so working at home is more practical and my mother-in-law can now browse our photo collection over the VPN, but download wise I haven't seen a huge advantage. Sure, the software updates download faster but that can happen in the background anyway. iPlayer/YouTube etc still works just as well! I am now being offered an upgrade to an 80/20 service for a modest one-off charge. I'll probably take it, but only because the monthly fee doesn't increase.

The bottom line is that since I haven't got a big benefit from going from 3 to 40Mb/s download I am really struggling to see how I would use Gbit speeds!

Freeze on refrigerants heats up search for replacements

Richard Simpson

Ongoing maintenance

Has anyone found a clear explanation of what this means for the maintenance of existing equipment (e.g. the air con in my cars). Should I stock up on bottles of HFC?

Vodafone: Dear customers. We're sorry we killed your Demon

Richard Simpson

Re: I think it would hurt them

Well, to answer your final question, I have always been happy with the service I have got from Andrews and Arnold. Not the cheapest UK ISP by a long way, but as others have said, you get what you pay for.

True story example:

A couple of years ago I was looking at the 1 minute resolution usage and latency graphs you get on their support site and noticed almost continuous traffic right through the night. I couldn't find anything in my network causing it so I phoned them up. The conversation went a bit like this:

"Hmm, let me check you line" tap, tap, tap. "Ah, yes, looks like your router is being used for a DNS amplification attack. There is a page on our Wiki explaining how to change your router setting to prevent that and meanwhile I'll change your static IP and update your domain DNS records to reflect that."

The key point is that (a) they diagnosed the problem rather than asking what version of Windows I was using and telling me to re-boot my computer and (b) they took it for granted that I would know what a DNS amplification attack was. On the few occasions I have phoned their support line it has always been answered by someone who knows a lot more about networking than I do.

UK digital minister denies legal right to 10Mbps is 'damp squib'

Richard Simpson

Upload speed?

Has anyone seen any indication of a proposed minimum upload speed? I guess that since the thrust of this is presumably to increase our ability to consume paid for content, upload speed isn't going to be a big priority.

'Knucklehead' Kansas bloke shoots self in foot

Richard Simpson

Not sure what charges?

"The authorities are now pondering what charges the gun owner may face."

Really! Do I deduce that the USA has now reached such an extreme level of loonyness that discharging a firearm in a crowded building and injuring someone might not actually be a crime?

London NHS trust fined £180,000 after second bcc fail on HIV email list

Richard Simpson

As always, toothless watchdogs

I simply can't see the point of fining public bodies. The £180k has simply gone round in a circle inside government. The money isn't going to be retrieved by docking the pay of those responsible is it! Either those attending the clinic now get a lower quality service or the central NHS just tops the money back up again.

I guess it's slightly embarrassing for the immediate career prospects of those involved, but I am sure it will soon all be forgotten. Where I work in government, if you let secret stuff out by being a complete cretin you lose your job and possibly get a trip to the slammer. Somehow that doesn't seem to apply in cases like this, I wonder why. Could it be that the secrets I am careful about belong to HMG whilst the ones spread around here (vis HIV status) belong to citizens?

UK authorities probe 'drone hitting plane at Heathrow'

Richard Simpson

Re: Detection would be a good start

Firstly, most modern systems don't use triangulation, but time difference of arrival, as I think I mentioned.

I agree that you may need quite a few stations to track signals on the ground depending on how large an area you want to cover, but for tracking the actual drones the problem is a lot easier since we are only interested in the skies on the approach and departure flight path. Clearly, we can construct antennas that point in that direction and ignore most of the interfering signals that don't interest us.

I am not convinced by your interference argument. Consider the drone. It is clearly flying at a reasonable altitude in order to strike an approaching aircraft. If it can distinguish its own control transmitter from the hundreds of other 2.4GHz sources visible from the air then so, presumably, can our tracking system.

I don't believe that there are any mobile phone frequency bands around 2.4GHz and your complaint seems to be based on the rather quaint idea that mobile phone locations aren't already tracked. As for Bluetooth, this does sound like it would be too low power to be usefully tracked.

So, in summary I don't agree that this is not a bright idea.

In related news, a colleague has pointed out to me the following system which seems to take the special to purpose radar approach: http://www.blighter.com/products/blighter-auds-anti-uav-defence-system.html

Richard Simpson

Re: Detection would be a good start

Agreed. I should of course have written "developed".

The thing with writing long comments at work is that time for reflection and review is rather limited!

Richard Simpson

Detection would be a good start

Clearly, in addition to serious jail time for anyone doing this (what's the betting that even if caught they'll get a short suspended sentence) we clearly need better schemes for detecting drones in prohibited areas. And yes, this sort of thing is in my line of work.

Idea 1) Already mentioned by others is the idea of triangulating the locations of transmitters. For locating the drone (and thus warning pilots) this is probably not too difficult. Technology like VERA (https://en.wikipedia.org/wiki/VERA_passive_sensor) which relies on time difference of arrival could do this easily. A much simpler system than VERA would work fine since the range needed is limited and only a few frequencies need to be covered. Detecting the ground transmitters is a bit more challenging since the RF path is more obscured and of course you will get a lot of false positives but I thnk that a system, perhaps installed on current mobile phone masts would be possible. Of course, in both cases radio silence could be adopted with the drone operating automatically, but people who do this are by definition morons and therefore usually not clever enough to work that out.

Idea 2) Dedicated radar - Presumably, these drones are not currently showing up on airfield radars because (a) their radar cross section is too small and (b) their speed is too low and therefore the radar's Doppler filter removes them as clutter. But, in my professional opinion a suitable radar could be invented. It only needs to search a limited amount of space where aircraft are taking off and landing and it could use the no doubt very distinctive Doppler shift from the props as a discriminant so it doesn't keep detecting birds (like the counter helicopter mode on some military radars),

Saturn spacecraft immune to mysterious Planet 9's charms

Richard Simpson

It's Saturn's orbit which is at question

I may not have understood correctly, but when I read the paper about Planet 9 and Cassini it seemed to say:

1) That perturbations in the orbits of the planets limited the possible locations where Planet 9 could be in its orbit (even assuming that it exists).

2) That the orbital models being used relied on the motion of all the planets and numerous asteroids going back several decades.

3) That slight changes in the orbit of Saturn were a particularly relevant part of the data set and that Cassini was simply a handy way (via radio ranging) of finding out exactly where Saturn was.

Hands on with the BBC's Micro:Bit computer. You know, for kids

Richard Simpson

Old photo caption

The caption to the photo at the bottom doesn't seem quite right. The computer in the picture looks to me like an Acorn Atom. Was this Acorn's first 'kids' computer? Well, maybe. I was a kid and I certainly had one (and spent hours explaining to my ZX81 owning school friends that a real keyboard was actually rather important).

No more Nookie for Blighty as Barnes & Noble pulls out

Richard Simpson

Re: March with your wallet - buy only open formats

Most MP3 patents have expired and the few that remain will do so by the end of 2017.

Bruce Schneier: We're sleepwalking towards digital disaster and are too dumb to stop

Richard Simpson

Re: It's gonna be difficult...

Can you explain exactly where you saw the regulation about reducing the power of kettles. An actual link would be useful. Last time (it was about a year ago) there was an EU study into proposed energy saving measures I took the trouble to look at the bit about kettles. It proposed two solutions:

1) Better insulation.

2) Far more effective 'auto switch off when it boils' mechanism that work promptly when the kettle is new and don't get steadily less effective as it ages.

Both struck me as being quite sensible. Of course, you are going to ask me for a link to the study I am referencing and that could take a while to find.

Ukraine has a Eurovision pop at Russia

Richard Simpson

Re: Rules is rules

Whilst I agree that there is a considerable amount of politically driven voting, I have yet to be convinced that it has a big effect on the answer. The last ten contests have been won by nine different countries (Sweden won twice) although with also one win each for Finland, Norway and Denmark it does appear that Scandinavia does rather well, but OTOH none of the Scandinavian countries have been runner up in the last ten years and if they had an advantage you would expect them to do well in second place as well.

Also, if it was true that there is a big dislike for Russia throughout Europe, they wouldn't have won once and come second three times in this period.

I find myself of the view that the effect of political voting isn't enough to produce a serious distortion in the results and this has been helped in recent years by the semi-finals. After all, if your political buddies don't get through to the final then you can't vote for them and have to give your douze points to someone else.

One final thought. There are about 40 entrant counties each year, so if the mechanism was completely fair the UK would expect to win once in every 40 years!

Richard Simpson

Rules is rules

If Eurovision has rules forbidding songs with an overt political agenda then is should enforce them equally on all contesting nations irrespective of how popular or otherwise the political agenda in question is.

The resulting contest will, as always, consist entirely of bland drivel, but surely that is what Eurovision viewers want and expect.

Finding security bugs on the road to creating a verifiably secure TLS lib

Richard Simpson

Re: Mathematically correct code

Is this an issue in this case? Surely TLS execution time isn't a limiting factor in most internet transactions? Even if it ran at a fraction of the current speed, would that be a problem for most modern computers? Hmm, perhaps an issue at the server end. Presumably this scheme can't be extended into hardware crypto accelerators?

Also, forgive my ignorance, but I thought that TLS was primarily used to achieve a secure key exchange for a traditional cipher which is then used to exchange the actual data. I get the impressions that this work isn't fiddling with the actual cipher code which will remain just as fast and/or buggy as now but I am ready to be corrected on this point.

Indie review of UK surveillance laws: As you were, GCHQ

Richard Simpson

Relatively good on Encryption

Having waded through quite a bit of the report, three paragraphs in particular seem pertinent to the encryption debate:

13.11 ...There may be all sorts of reasons – not least, secure encryption – why it is not physically possible to intercept a particular communication, or track a particular individual. But the power to do so needs to exist, even if it is only usable in cases where skill or trickery can provide a way around the obstacle. ...

13.12 ... Few now contend for a master key to all communications held by the state, for a requirement to hold data locally in unencrypted form, or for a guaranteed facility to insert back doors into any telecommunications system. Such tools threaten the integrity of our communications and of the internet itself. Far preferable, on any view, is a law-based system in which encryption keys are handed over (by service providers or by the users themselves) only after properly authorised requests.

13.13 ...there is a compelling public interest in being able to penetrate any channel of communication, however partially or sporadically. ... Hence the argument for permitting ingenious or intrusive techniques (such as bulk data analysis or Computer Network Exploitation) which may go some way towards enabling otherwise insuperable obstacles to be circumvented

So, he seems to be saying that encryption should not be legislated against (as now), laws should exist to force people to hand over keys (as now, but step forward perfect forward secrecy) and GCHQ should be allowed to try to break encryption (again, presumably as now).

Laws forcing password hand over remain troubling, particularly for those of us getting older and more forgetful, but they have two big flaws from GCHQ's point of view; (a) they are expensive to apply so can't be done on a massive scale and (b) the suspect then knows for certain that they are being investigated. Otherwise, it remains that case that we can try to make our systems more secure and GCHQ can expend effort and money trying to break in - Game On!

Of course, this is all just a report with no legal powers from a lawyer who can be replaced if he starts saying too many sensible things. It remains to be seen if May and Cameron take any notice of it!

Japan scores ballistic missile shootdown bullseye

Richard Simpson

ICBMs fly too high?

Hmm, perhaps I am missing something here, but surely ICBMs only fly high for part of their journey. Surely, they have to come down to lower altitudes at the end of their flight, otherwise, they won't do anything useful? Now, I don't doubt that shooting down ICBMs is more difficult, but perhaps it is because they go faster? After all, if they go higher up and they had a bigger rocket to start with then it seems logical that they will be going faster by the time they get near the ground.

This all reminds me of an article by George Orwell in which he mocks pre-WW2 newspaper articles explaining that there is no threat from German bombers because anti-aircraft defences would force them to fly too high. The idea presumably being that if you drop a bomb from high enough then it won't reach the ground :-)

Patent damages not refunded if EPO cancels patent

Richard Simpson

Just a statement of what we all know anyway.

So far as I can see, all the judge is saying is that it is OK for the legal system to be unjust, so long as that is good for business.

Surely it has been painfully obvious for years that this is their opinion, its just that judges and politicians don't normally come right out and say so.

Student detained following attacks on Estonian websites

Richard Simpson

Some interesting points

1) There is a great deal of talk from Estonians about how Russians are invaders. That was certainly the case many years ago, but most Russians living their now were born there and in many cases so were their parents. I accept that many believe that people should be punished for the actions of their parents, grandparents etc. I am not one of them.

2) Most of the trouble in Tallinn has been caused by general purpose hooligans. The sort of people who in the UK would be rioting because their football team lost.

3) It is perhaps instructive to compare Estonia with Lithuania. They both have very similar 20th century histories, but everyone who was a permanent resident on the day that Lithuania gained independence became a citizen. The same is not true in Estonia where there are still a great number of stateless Russians.

4) Estonia gained independence in 1991, therefore, any Russian younger than their mid-thirties can't regret that they no longer run the country, since they never did.

5) Is Amnesty International prejudiced against Estonians? I don't know, but they certainly have plenty to say about their language laws (http://web.amnesty.org/library/Index/ENGEUR510012007?open&of=ENG-EST). In my non-legal opinion, Estonia is going to end up in front of the EU for breaching EU laws designed to protect linguistic minorities.

6) Very little known fact: Consider my wife's grandmother. She lives in Russia in the same cottage she was born in and speaks only Russian. She sounds like the sort of person that the Estonians would want nothing to do with doesn't she? But, between the two world wars, the bit of Russia where she lives was part of the first Estonian Republic. As a result of this, the Estonian government will give citizenship to her and any of her decedents. My wife's cousin doesn't speak a word of Estonian and apart from 2 short holidays has never set foot in the place, but because of her grandmother she now has an Estonian and thus EU passport. Meanwhile, many Russians who were born in Tallinn and have lived there all their lives, but also don't speak Estonian remain stateless. This seems a little inconsistent to me.