* Posts by Ben Liddicott

254 posts • joined 24 Mar 2010


Patch now: Design flaw in Windows security allows hackers to own corporate laptops, PCs

Ben Liddicott

Re: Server 2003

And "shoe in" for "shoo in"..

Privacy alert: Outlook for iOS does security STUPIDLY, says dev

Ben Liddicott

Don't use this for work...

You shouldn't be putting your work password into anything not specifically authorised for work use, whether a device, app or website...

Also goes for LinkedIn stupid apps.

BOO! Grave remote-code exec flaw in GNU C Library TERRIFIES Linux

Ben Liddicott

And your cheapo router

When's that getting updated?

I know routers weren't mentioned, but I'll bet they are vulnerable.

Doomsday Clock says 3 minutes to midnight. Again

Ben Liddicott

Look at meeeeeeee!!!!!!

The doomsday clock is just grandstanding scientists annoyed that expertise in quantum physics and mathematics oddly don't translate automatically into hot chicks and political power.

BAN email footers – they WASTE my INK, wails Ctrl+P MP

Ben Liddicott


Right, IF.

And even then the sender has a contract with the ISP which requires the ISP to keep activity confidential. In what way does this mean there is no expectation of privacy?

Ben Liddicott


"So you're basing this on a law that predates email?"

No, because email dates from the 1960s, and was used commercially before SMTP was invented.

I said "the legally mandated information can easily exceed six lines". Not in every case, but in an LLP with fewer than 20 partners all partners have to be named, as well as a service address given, which together can easily exceed six lines of 72 characters.

I never said that the long disclaimers seen were necessary, in fact above I have criticised them and proposed a shorter version for those that want one.

Ben Liddicott


"By law"? What law?

I'd think full name, position, a contact phone number and a website URL is sufficient. That will easily fit into 4 lines.

By the Business Names Act, 1985. Unfortunately the law doesn't care what you think is sufficient.

Ben Liddicott


No, you correctly note that the disclaimer can't form a contract, but a duty of confidentiality can also arise other than from a contract, especially related to receipt of information inadvertently. The case is Coco v A N Clark (Engineers) Ltd, 1968.


The common law equitable rules are essentially: that the information is not public; that it is not trivial and has value or the potential for harm; and that a reasonable person in the circumstances would think that there was a duty of confidentiality.

If, for example, someone accidentally emails you somebody else's medical records then I would say that all the above are clearly met, and you are under a duty not to disclose the information.

Again, if you receive an unsolicited CV from an agency, it will say in the disclaimer that it is sent in confidence, whether in those words or otherwise. You don't need to have invited the confidence for it to be a confidence.

And again, information may be legally privileged, and if received in a work capacity DPA rules may apply.

An email disclaimer may be technically redundant in many cases (though actually not in the CV case above) but it is a useful reminder to the recipient to have regard to the possibility of a duty of confidence, especially if - as Ben Tasker appears to - he believes that there can't possibly be one.

Ben Liddicott


If you send it directly to their MX from your outgoing server, you are handing it off directly to their nominated server, which will be run by people who owe a duty of confidentiality to the recipient, whether as an employee or as a contractor like MessageLabs. There will be no arbitrary SMTP servers in between, only the ones the recipient has arranged for.

Only deep-packet inspection is going to read the message and that is illegal and more akin to steaming open the envelope than to a postcard.

Ben Liddicott



Length: The footer must by law be included in most business emails, and the legally mandated information can easily exceed six lines.


If you send the message directly to the public MX, you have the same expectation of confidentiality as if you sent it first class to their mailroom. If you encrypt the connection using SMTP/TLS you have the same expectation of confidentiality as if you sent it to their mailroom in a locked container. Either way it is a pretty strong expectation of confidentiality. This is because confidentiality is a legal obligation not to misuse information, it is not primarily about technical measures but social and legal ones.


I agree that the legalese is often bullshit but that's for two reasons, neither of them being the ones you noted.

1) Confidential information often (usually?) remains confidential even if it is accidentally disclosed to someone who shouldn't have had it. That person will often also have a duty not to disclose the information e.g. under the data protection act if it is personal information, or on pain of contempt of court if it is to do with court proceedings, or under common law equity rules. In these cases the legalese is unnecessary. All they need to say is "This email may contain confidential or legally privileged information". Even that may be unnecessary depending on the circumstances.

2) If the legalese says "for the sole use of the addressee" then it is worse than useless because a) it is often not for the sole use of the addressee, and b) because if it is accidentally misaddressed it may not even be for the use of the addressee at all. All they need to say is "If you think you may have received this by accident please tell us so we can sort it".

However I am not a lawyer, and clearly there are lawyers who think long legalese disclaimers are necessary.

Ben Liddicott

Re: What goes around, comes around

Correct, Business Names Act 1885, Section 4.

If you also want a disclaimer, this is the shortest one I have been able to come up with, feel free to use or adapt it:

Trading Name is a trading name of Trading Company Limited, 1 Main Street, Fairfax, FX1 1FX. Registered in England and Wales, number 11111111.

This email may contain confidential or legally protected information. If you think you may have received it in error, please reply to the sender to let them know.

Police radios will be KILLED soon – yet no one dares say 'Huawei'

Ben Liddicott

Re: Why change the system?

Roger that. If they need fast data rates why can't that be an additional 4G/WiFi handset alongside the Tetra radio? Heck if you retrofit the Tetra with a Bluetooth modem the 4G handset can use Tetra for slow rate comms when the 4G/WiFi connection is unavailable.

You have a 'simple question'? Well, the answer is NO

Ben Liddicott

Awwwww!!! Sweet :-)

What a lovely man :-)

EU law bods: New eCall crash system WON'T TRACK YOU. Really

Ben Liddicott

Re: Free?

It won't have an 'off' button but you can disconnect it if it is a discrete component, and if you own the car you can put a drill through it.

Don't be daft, it'll be illegal to tamper with "safety equipment"....

World's best threat detection pwned by HOBBIT

Ben Liddicott

Re: If you wander round the bad part of cybertown...

Why would people be looking for Jude Law with his kit off? Just not getting it. He's not exactly David Hasselhoff.

Ben Liddicott

If you wander round the bad part of cybertown...

You will get mugged.

MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for terrorism'

Ben Liddicott

A secret policeman in every internet chatroom

Like the pubs and bars of Europe in 1900. Say the wrong thing ("effin' government, hang them all") and you'll be spending some time awaiting trial...

The prosecution will be dropped of course. The process is the punishment.

Yes, it is interesting that they said it... The assault on free speech continues... never let a good tragedy go to waste...

YOU are the threat: True confessions of real-life sysadmins

Ben Liddicott

You can't defend against your bodyguards...

...as Mrs Ghandi learned.

Your only option is to pick trustworthy guards... and be the sort of person they are willing to be loyal to.

Attack reveals 81 percent of Tor users but admins call for calm

Ben Liddicott

Re: TOR is and always has been an NSA honeypot

Prove it isn't.

It's a US Department of Defense (Navy, then DARPA) project in the first place, so the default assumption has to be that it doesn't protect you against USG. And the NSA is part of the DOD and its chief is ... an Admiral of the US Navy.

And: Yes I think most anonymity services and software packages are honeypots.

Probably they aren't *all* honeypots, but who can tell which aren't? Surely the question is not whether they are compromised by government, but by which government?

And even those which aren't pwned by the NSA (or another agency - probably more than one), are effectively honeypots to the NSA because they can de-anonymize any real-time traffic just based on their overview of network activity.

Ben Liddicott

TOR is and always has been an NSA honeypot

Why not get your enemies to self-identify?

Here Enemies = Anyone who doesn't want to live in a panopticon.

HMRC dishes out tax rewards to GOV.UK... for inking deals with MEGABUCKS SIs

Ben Liddicott

Re: Does this mean...

No, nothing to do with businesses. This is purely an internal government accounting thing.

Ben Liddicott

This is Government refunding Government - nobody saves any money

This guidance doesn't affect businesses at all.

The article is unclear, but this is talking about whether **government departments** can get a rebate for VAT paid on various purchases. Government "services" are not VATable so they are not able to reclaim VAT on inputs against the VAT they (don't) charge in the same way as businesses. The purpose of the rebate is to ensure that outside suppliers aren't placed at an automatic 20% cost disadvantage over using internal staff for the same job. I.e. it is not so much to encourage outsourcing, as to create a level playing field for it.

As such only outsourced services which substitute for employing internal staff are supposed to be VAT-rebate-able.

Hence bespoke software = Yes, renting Cloud Servers = No. Outsourcing systems administration ought to be Yes, but I haven't read the guidance. Of course cloud servers come with a sysadmin element, so if I was a supplier I would rewrite my contract to break that out as a separate purchase so as to remove the pricing disadvantage as intended by the rules.

(Remember VAT is paid on sales, but reclaimed on VATable inputs. So in net-net it is only actually paid on NON-VATable inputs, which are: Capital costs (i.e. profits/your mums pension), Staff costs (i.e. labour/wages), and Imports (i.e. foreign capital and foreign labour)).

Yorkshire man NICKS 1,000 Orange customer records. Court issues TINY FINE

Ben Liddicott

Blame the prosecutor: He could have been charged with fraud.

Making a false statement with intent to obtain an advantage (or cause harm to another) is fraud, carrying 5 years in prison.

The lesser "pretexting" offence should only be used when there is no such intent.

No need for a change in the law, just proper prosecutions.

Reg mobile man: National roaming plan? Oh UK.gov, you've GOT to be joking

Ben Liddicott

What makes you think it's an accident?

So we have:

* Consumers want (or ought to want) industry to compete to improve quality.

* As any fule no, industry doesn't like competing, they would much rather cooperate which allows them to keep nice high margins for delivering a poor service

* Industry certainly doesn't really want to build loads of sites - they would rather share.

* Currently not allowed to share as it is anticompetitive.

* Now government is telling them they ***must*** share...

Government ignorance? Or do they know exactly what they are doing? Economics is one of the things taught in PPE you know, along with politics.

Look for campaign donations, relatives on Telco boards etc...

OTOH, if they are sincere, we could have the best of both worlds with mandatory roaming with a mandatory high termination charge - which they aren't allowed to pass directly to the subscriber (i.e. can only charge the same as a non-roamed call/data). That retains the incentive to build while providing covering. Indeed, the higher the roaming charge, the more incentive to build! O2 could make a nice lot of money building stations in the Highlands for Vodafone users to roam to!

Why solid-state disks are winning the argument

Ben Liddicott

Long-term deep storage

SSDs require power to be connected every few months or they start to fade. Here, we are competing with tape though.

Yes, Samaritans, the law does apply to you. Even if you mean well

Ben Liddicott

Domestic purposes

So the purpose of the processing is to enable you as an individual to be notified of certain tweets, and for you as an individual to possibly do something about them? The Samaritans are doing the processing but only on behalf of individuals who want these notifications about those they follow?

Sounds like "Domestic purposes" to me, which is an absolute exception to the DPA.

Jaguar Sportbrake: The chicken tikka masala of van-sized posh cars

Ben Liddicott

Re: Nice Review

Consider the Discovery then. Everything listed above, and a lot coming second hand onto the market now.

Apple's warrant canary riddle: Cock-up, conspiracy, or anti-Google point-scoring

Ben Liddicott

"Order" vs. "Requests".

To date, Apple has not received any orders for bulk data.

So they've joined the inner circle, and are now voluntarily handing bulk data over, without being ordered to do so?

If you want to tighten up the warrant canary, you don't re-word it to be more vague, you add additional clauses for the other thinks you have also not done.

This is an ex-canary.

It's a pain in the ASCII, so what can be done to make patching easier?

Ben Liddicott


I think you mean the employees of IBM, Oracle, Red Hat, Dell, HP, Canonical, and the Linux Foundation etc who are paid to update the kernel (and the other essential parts) as part of their (paid) job.

BBC Trust candidate defends licence fee, says evaders are CRIMINALS

Ben Liddicott

Re: Licence fee to ITV and Channel 4...

Why? The BBC is full of adverts. Mostly for itself, but still.

4th Century GOBLET could REVIVE CORPSE of holographic storage

Ben Liddicott

It's the storage technology of tomorrow.... and has been for twenty years

Cos, you know, it allows you to store information in the depth of the media. Unlike, say, a four-layer DVD. Wait, what?

Or, you know, an stacked-die flash chip.

Seriously, holographic storage will take off never. It's a non-story and always will be.

EU justice chief blasts Google on 'right to be forgotten'

Ben Liddicott

Of course it is a free speech issue.

It is so the great and the good can hide from us that they are neither as great nor as good as they pretend.

If in doubt, it isn't for your benefit.

What's in your toolbox? Why the browser wars are so last decade

Ben Liddicott

Debugging experience is better in IE

If you are using IIS and Webforms or MVC, you can set breakpoints in javascript, and use the same debugger to step between server and client side code. It really helps.

Web moguls ask YOU to stump up big money to STOP big money from winning in Washington

Ben Liddicott

Re: If you could buy elections Ross Perot would have won

"To me, this speaks volumes not only of how you view the world, but how you treat others and the level to which you are capable of dehumanizing others."

Um, yes. Because I view people as being capable of making up their own minds having listened to different opinions and decided who to believe, I am dehumanising them and I am a sociopath.

"This almost always works, when the craft is employed by a skilled practitioner. This is because our species is exceptionally vulnerable to emotional and instinctual manipulation. Rational thought and logic are still relatively new evolutionary adaptations and they can be easily overridden by emotion."

You don't trust people to decide what to allow into their own heads. So you want to try to control the process. That's what dehumanising looks like.

I think as a discussion this has gone as far as it can go without degenerating into those long usenet discussions where we each respond to each counter-point with two counterpoints, and post-lengths blow up exponentially until each reply takes a whole day and we both forget where we got to. Happy days, many an hour spent etc...

But this: If we are all being manipulated so our beliefs come from omnipotent/omniscient evil social scientists we need to be protected from, then where did you get your belief that that is the case?

"I checked out the studies". Did you? Did you check the press release matched the abstract? That it matched the conclusions? That they matched the data? "Of course!" Liar. Check one out, any one (I'll wait) and you'll find that at each stage you dig down from press release to the conclusions and find the effect is only 20% (p> 0.97, sample size 23), and brush aside a tear, then dig down further as the evidence gets weaker at every stage, and when you hit the bedrock of actual data and find it is composed of compressed college students average age 21 will you ask yourself "I wonder if this generalises to 48 y/o slaughterhouse workers in the Midwest?". You will not.

People can't be trusted to make their own decisions because the media manipulates them. You know this because the media told you. "But not Murdoch media" So that's OK right? MC Escher calls. He's ready for your close up.

Ben Liddicott

Re: If you could buy elections Ross Perot would have won

"everyone, from politicians to advertising companies uses decades of research into psychology, psychiatry and social dynamics to ensure that they control how people vote, even when people are aware of the means employed to manipulate them"

So while most people are too stupid to see through this, nevertheless you are immune and your own support for curtailing free speech through the use of oppressive campaign laws cannot possibly be the product of the same types of forces? If you really take your own assertion seriously you should right now be disappearing "through the looking glass"-style into an MC Escher engraving depicting the Cretan Liar paradox.

Why do I think it is a left-right issue? Because you seem to want to use that (dubious, exaggerated, hyperbolic) assertion as an excuse to make people you disagree with shut up, by preventing them using money to reach an audience. Which is typically a left-wing preoccupation. "The poor still don't all vote for us, in spite of the welfare state! They must be indoctrinated by the Fox. Let's do something about it". No, they hate you. "But we keep offering them more and more money for doing nothing!". That's why they hate you.


Nit picks:

* "Manipulate" is just a pejorative term for "persuade". Hyperbole.

* it isn't decades - it's millennia - the earliest extant academic work on the subject is 2400 years old. But pretend it is a new problem and you can pretend new measures are needed.

* control is an exaggeration. They attempt to persuade them to vote in particular ways.

* Commercial advertising however distasteful is trying to sell stuff not control the vote. Conflating two things only related by their methods not their objectives to make the problem look bigger. Hyperbole.

So that's:

"Everyone uses what they know of human nature to persuade others to do what they want, and have done since time immemorial. Advertisers try to get you to buy stuff. Politicians try to get you to vote for them. Kids try to get out of doing their homework/get you to lend them twenty to go to the cinema. This sometimes works, even though people know that is what they are doing - and they do since they do it themselves."

Not much left after the nits are picked, is there?

Ben Liddicott

Re: If you could buy elections Ross Perot would have won

First, I suggest you get a tissue to wipe the foam flecks from your screen. You are basically saying:

* Candidates can tailor the message and might be lying

* And people are too stupid to make simple judgements and need to be protected from deceptive messages

I agree with the first, which reinforces my point - if they lying or tailoring the message it is because they know people won't vote for a message they hate. So it in no way contradicts what I said. I never said it would be an honest message.

But if politicians are lying who is going to point that out when everyone outside the system is effectively silenced by campaign finance rules? When the FEC and IRS investigates genuine grass roots campaigns, with the connivance of BOTH big parties, to shut them down/shut them up?

But of course they are the campaigns of Conservatives (= free as in freedom = liberal from the latin Libre) whereas I guess you are a Liberal ( = free as in beer = socialist, from the latin socius or comrade). So that's alright. Free speech is only for Liberals! No Platform!

But clearly I am an uninformed rube.

(Is this a change in comments policy? Does this mean I get to call you names too?)

Ben Liddicott

Re: If you could buy elections Ross Perot would have won

The unions are doing it. In the US, the Dems get masses of money from the education unions, police unions, and lawyers.

Ben Liddicott

If you could buy elections Ross Perot would have won

This will all pay for TV ads, leaflets, and annoying robo-calls to get your message across, but if the voters don't like your message no amount of repetition will win you the election.

Cisco open-sources experimental cipher

Ben Liddicott

What is wrong with CTR mode?

CTR mode effectively converts a block cipher into a stream cipher, eliminating the need for padding.

CTR is the only mode you need.

Today's get-rich-quick scheme: Build your own bank

Ben Liddicott

Sealing wax hasn't been used for computer systems since the late 70's.

Chewing gum is what is used now - usually Nicorette these days due to the smoking ban.

Help. Mailing blacklists...

Ben Liddicott

Re: OK here is what you need to do

"As a small shop I don't have that sort of time to waste, but if I ever get rich, I'll sue the f*cking shirt off every single one of them who does this."

That's like renting a shop in a bad neighbourhood, and complaining that people don't come to your shop because they don't want to be mugged.

So you are going to sue the people who told them it was a bad neighbourhood.

Change neighbourhood - get a new ISP.

Ben Liddicott

OK here is what you need to do

0. Most important. Fix the problem. It is no good trying to get de-listed if their own logs tell them you are still emitting spam. You may need to be able to tell people what happened and what you have done to fix it.

1. It is no good asking them why you are blocked, unless you have definitively determined that it is a specific decision taken by them in your case (even automatically). More likely, you are blocked because they use a reputation service.

2. So you need to check your status on ALL commonly used reputation services.

3. What is a reputation service? It is someone's opinion, based on their published policies, that your IP address or email domain meets the criteria to be listed on that service - usually the criteria can be determined automatically, but sometimes the lists are curated manually. In other words, it is an expression of opinion, not an instruction to anyone to block you. Mail operators may choose to use such lists to block outright, or as part of a scoring system, and usually in combination with a whitelist/blacklist of their own. (For example you would usually whitelist your bigger customers - you don't want to lose an order for a million widgets just because an over-enthusiastic salesperson got your customer listed on one of these lists).

4. So find out who has listed you.

Check both your IP address and email addresses against all blacklists. Robtex is a service which can do this for you:


So for example if your email domain is theregister.co.uk and your mail server is aspmx.l.google.com, then bung the IP address into the box at the top, then hit the "blacklists" link and it will tell you if you are listed by any blacklists.

Do the same with the domain.

5. Then you need to jump through the relevant hoops with each and every blacklist which has listed you. In most cases you can get de-listed (once) by asking. But not in all cases. Some will only de-list you after a month - but these are little-used.

Generally, if you can get off all the lists, you will find you can get mail delivered again. But that's the first thing you need to do.


An alternative would be to actually move your mail domain to Google, or Outlook.com. They already do all the rate-limiting, outbound filtering of spam and other defence-in-depth measures you will need, and have developed relationships with all the other large mail providers to report abusive users.

Ben Liddicott


Join the Mail Operators List, and ask there.



EBAY... You keep using that word 'ENCRYPTION' – it does not mean what you think it means

Ben Liddicott

Re: Seasoning

Salt should be cryptographically random.

WHOMP! There it is: IBM demos 154TB tape

Ben Liddicott

"""A follow-on thought: If tape density can more than double every 30 months then it could well outpace disk density improvements and cement its role as the archive medium."""

* Tape storage halves in price per GB every 30 months

* HDD storage halves in price per GB every 18 months.

* Flash SSD storage halves in price per GB every 12 months.

So at what point will HDD take over from tape?

At what point will SSD take over from HDD?

At what point will SSD take over from tape? (Possibly never to this one. Currently, high capacity SSD needs to be powered up every few months).

Japanese cops arrest man with five 3D printed guns at home

Ben Liddicott

"Gun Deaths" include self defence. Self defence is good. Murder is bad, even if no gun is used.

As a result, Japan has some of the lowest rates of gun death in the world, with around 0.06 firearms fatalities per 100,000 people. Here in the Land of the Free, where pretty much anyone can own a gun with minimal oversight or training, that figure is 10.2 deaths per 100,000 people.

"Gun Deaths" is a false category. What is wrong with it? It focusses on the method instead of culpability.

Firstly it combines culpable homicide, self-defence, and suicide, as if they were morally equally problematic. Secondly it suggests that gun homicides make up a category of murders which would not otherwise exist. Neither of these rhetorical devices is legitimate, but both are necessary to make out that guns are a real problem.

* Suicide rates are similar in most countries, but in the USA the gun is often the method of choice. Take the guns away and there are plenty of bridges. There is no reason to think the overall level of suicide will change, since suicide is a deliberate act.

* "Domestic Gun Homicide" is much higher in the USA as the anti-gun campaigners will tell you. It is also much higher in US states with high levels of gun ownership in the home. However in this statistic "homicide" conflates self-defence and murder. And "Gun Homicide" excludes fatal stabbing and beatings. If you add back the non-gun domestic homicides, there is little difference in overall "domestic homicide" rates. But if you then separate out those into murder and self defence an interesting picture emerges. States with low levels of gun ownership have 90% murder, 10% self defence, 90% female fatalities, mostly non-gun deaths. States with high levels of gun ownership have 50% murder, 50% self defence, 50% female fatalities, 50% gun deaths. In other words the high levels of "Domestic Gun Homicide" is almost entirely accounted for by **women defending themselves**.

So there.

The USA does have a high level of murder, but if you exclude drug and gang turf wars, that vanishes too. If you are not yourself a criminal, your risk of murder is no higher in the USA than the UK.

Cameras for hacks: Idiot-proof suggestions invited

Ben Liddicott



* Wide is more important than Zoom.

* Aperture is more important than megapixels

* Speed-to-shot is also very important.


Looks great, shoots fast, big sensor, big lens, wide angles, fast shutter, waterproof and shockproof:

On Amazon

Ben Liddicott

Snowden-inspired crypto-email service Lavaboom launches

Ben Liddicott

BND is as close to NSA as GCHQ is...

"Lavaboom was founded by Felix Müller-Irion in Germany, so presumably it stands a reasonably good chance of staying as NSA proof as possible."

Germany's spy body BND has excellent links with the Americans and British. As you would expect given the number of American and British troops in Germany, and the history of the cold war, when of course the partition between east and west was the front line. Rumour has it they are particularly good at tapping fibre-optic lines.

If you want to be proof against the NSA, set up in China. Of course you will then have the Chinese authorities to deal with, so it's not like you will be better off...

Reality check: Java 8 finally catches a multi-core break

Ben Liddicott

Only 6 years after C#...

It's not just a better Java.

It's a much better Java.



Biting the hand that feeds IT © 1998–2020