blog.world3.net

More on work and ill health

25/07/2008 – 16:35

As a follow up to my last entry, I want to write some more about the moral and social issues involved.

Is it right that someone less able to do a job should be given one? Most employers will look quite negatively at a poor sickness record. Other people working at the same place seem to get upset if they feel they are doing more than their fair share to make up for someone else. That all seems fairly natural, but is it okay?

If you don’t want to employ or work with someone who is ill, say with a bad back or something, then it seems that you have to accept your taxes going to pay them benefits instead. Even if you just think, “too bad they will have to do a less well paid job or part time”, you still end up having to pay them benefits because they can’t afford a house, or medical care, or to pay as much tax as you.

I wonder if that is now the case. Maybe I should just accept that my life is pretty much ruined by this illness and I will never achive any of my goals or earn a descent wage. I do feel bad about not being able to “pull my weight” as much as someone who isn’t ill, but there is nothing I can do about it. It’s not like I can just buck-up and get on with it.

That makes me feel that society doesn’t care about me, so why should I then care about society? Why not just claim every benefit going, do my best to avoid work until something descent comes along and just generally do everything I can to screw money out of everyone else and the system? If it’s a fight and people think I am worth less than them then why not?

My moral code stops me doing that, but the argument still stands. Maybe there is some middle way, but it seems to me that no-one takes it. What to do…

By mojo | Posted in politics | Comments (0)

Benefit reforms for the sick

23/07/2008 – 19:26

I read the BBC article on benefit reforms for those out of work with interest and some concern. The Daily Hate Mail reading morons who were voted to the top on the Have Your Say discussion were even more disturbing.

There seems to be a perception that everyone on benefits is a scrounger, simply work-shy and looking for any excuse. Well, I am currently signed off work, and so I want to set a few things straight.

Without going in to details, at the moment I suffer from arthritis amoung other things, and often can’t sleep either. That means mornings are very hard, because I am both tired and very stiff. Those arn’t the only things but they are the main ones. I am just now starting to look for a new job (so will hopefully not be signed off soon), but the situation I face should really be understood before people start their rants demanding a crack down on the likes of me.

I am an honest person, I will not lie to an employer. So, they are going to know that I am ill. They know I will need significant time off when things get really bad (can’t walk, let alone drive to work etc), that there are things I cannot do (heavy lifting, spending all day on my feet or at a desk (a mixture is okay)), and that I will be unable to start at 9AM every day. It’s not because I’m lazy, it’s because I am ill and there is absolutely nothing I can do about it. No cure, no “pull your socks up”. Faced with that, what employer is likely to want me?

So, if I eventually do find a job, what is it going to be like? Well, I expect I will get some abuse from the Mail readers working there for a start. But beyond that, can I now only expect a crappy “hand-out” job, or at best a lower wage? You might argue that as a less capable person, I should expect a lower wage, but then what I am supposed to do about a mortagage etc? The Thatcherite view is “tough shit, fuck you”, but I was kind of hoping I was living in a society that at least tries to help people with some unfortunate chronic illness. I can sort of understand why people feel resentful when they have to work harder because one guy can’t do part of the job, but all I can say is that I am more than willing to do it for someone else. In fact, we all do when we pay National Insurance, and I’m largely okay with that because I’d rather everyone had a chance at a reasonable life than just discard them like a broken tool.

Sure, I hate the real scroungers as much as anyone, but I really don’t think there are that many. Of course, they always find them for TV shows and newspaper articles, but the reality is that dole/incapacity benefit money is crap and I think most people on it would prefer to work. What puts a lot of people off is the fact that they would end up worse off – they loose the support, gain all the new bills and end up with a shitty part time McJob that makes them truely miserable and gives them no prospects. If someone told you that your salary would be halved, everyone would hate you and there would be no chance of improving your lot, how would you feel?

That is my main concern with the plans as laid out really. They seem more about forcing you off the books rather than trying to help the majority who want to work find a half descent job. Maybe that’s a namby-pamby left-wing PC brigade view, but I happen to think that everyone should at least have a chance at a descent job and descent life. Not a hand-out or job given to them, but a real chance. Quite how you get capitalist employers to do something that does not generate maximum profit I don’t know.

By mojo | Posted in idiots, politics | Comments (1)

Uniqueness of DNA questioned

20/07/2008 – 10:13

The uniqueness of DNA evidence has been brought into question once again by a lab tech in Arizona: http://www.latimes.com/news/local/la-me-dna20-2008jul20,0,1506170,full.story

The tech discovered two criminals on the database with remarkably similar DNA, close enough in fact to satisfy a court of a match in most cases. One was white, the other black. She went on to discover nearly 1000 more matching pairs.

Police in the UK are still using discredited Low Copy Number DNA evidence, despite it being the cause of the collapse of the Omagh bomb trial. In that case there were also two people that the DNA pointed too, one of whom was a schoolboy living in England.

Claims that the chances of a false DNA match are billions to one are now clearly discredited, yet the police carry on using DNA in this way and relying on it in court. Unsurprisingly, lawyers are now starting to demand extensive database searches and finding their own expert witnesses to counter this. Like fingerprint evidence, it appears that soon DNA evidence will be reduced in importance and police will have to rely on other, more traditional forms of proof when bringing a case.

It will be interesting to see the outcome of the Barry George re-trial too – yet again, forensic evidence (a single particle of gunpowder) has been overstated at trial.

By mojo | Posted in law | Comments (1)

Petition for PayPal credit card transactions to be properly regulated

09/06/2008 – 11:09

My petition on the 10 Downing Street Petitions web site has just been approved, so please sign it!

http://petitions.pm.gov.uk/3partyccs/

Currently, you are not protected by your credit card company when paying for stuff with a credit card using PayPal, which basically means when buying anything with credit card on eBay too.

The problem is that by using PayPal, it ends up being two separate transactions. First, you send the money from your credit card to PayPal which is one transaction. Then PayPal send the money to the seller, which is a separate transaction. As banks are only required by the banking code to investigate transactions you participate in, if there is a problem with the item or seller they won’t help.

The petition asks for this loophole to be closed, so that banks are forced to properly deal with PayPal issues. Since PayPal themselves basically make it impossible to resolve anything properly through their own system, I think it’s important that you can ask your bank for assistance or to do a chargeback.

By mojo | Posted in law, politics | Comments (0)

The "I've got nothing to hide" argument

08/06/2008 – 11:36

The argument that no law abiding citizen should have anything to hide, and so surveillance is okay is a deeply flawed one, but one which seems to be quite powerful and rarely properly debunked.

Many people simply respond with rather extreme cases, demanding answers to questions such as “can I see your credit card records then?” or “would you mind having cameras in every room of your house, including the bathroom?” These kinds of arguments are not that helpful, because they don’t show why some limited surveillance by government agents (police, secret services, even local councils) is not acceptable. The typical argument is that if some small loss of privacy (and privacy itself is a horribly undefined and vague word) then it should not be a problem for anyone not trying to conceal illegal behaviour.

Privacy is not really about hiding potentially bad things like crimes though. Humans are social creatures, and it is easily demonstrated that surveillance causes “chilling effects” – people change their lawful behaviour, despite not having done anything wrong or there being much theoretical likelihood of potentially embarrassing information being exposed to the public.

A good example would be the recent case involving Kevin Bankston, a smoker. Google has been photographing streets in the US and then allowing people to browse the photos on the web. Those who have nothing to hide should have no fear of this, since their lawful actions in public should not be a problem for them. However, Mr. Bankston has been keeping the fact that he was a smoker secret from his family, and Google exposed him. Smoking is perfectly legal, of course. In the UK similar schemes have been tried, such as allowing people to view local CCTV on their televisions at home.

Because of surveillance, people are often not willing to say or do things they otherwise might. That is not just a loss for the individual, it’s a loss for society as free speech and the free flow of ideas is harmed, as is freedom to engage in any lawful activity one chooses. For example, a person might wish to protest against the cult of Scientology, but doing so will certainly invite extra surveillance such as having CCTV cameras pointed at you and the police pointing cameras at you. The police could potentially monitor your phone calls or email, just to make sure you are not planning any illegal action.

Compare this with East Germany of Soviet Russia. Even people behaving legally were constantly monitored, which resulted in oppression of political expression and freedom. In theory, those people should have nothing to hide, but surveillance is akin to investigation and like it or not does affect the way people behave and think. Fear that information may be erroneously recorded or misinterpreted, saved and used against an individual at a later date is unfortunately both strong and real.

Much information gathered on individuals cannot be challenged or even viewed by that individual. The Police National Computer is an obvious example. It certainly contains many errors, but no individual has the right to examine the data held about them or to have errors corrected.

Worse still, technology makes aggregation – the combination of many small bits of information – much easier. People argue that giving up small items of information should not be of concern to someone with nothing to hide, but in combination these many small pieces can be used to build up a detailed picture of an individual, and infer even more. Such information is now being used to try and predict behaviour in the future, and it is pretty hard to refute potential future actions.

How data is handled and used is also a big issue. Taking national ID cards as an example, it is not clear who will have access to data on them and how it will be used. For example, should Blockbuster be allowed to require an ID card as the only acceptable proof of ID? How will NHS staff be prevented from checking to see if a particular person ever had an STD and leaking that information to the press or that persons friends?

What if you campaign in favour of choice for women seeking abortions, and your address is made known to pro-life campaigners who then turn up at your house to protest and harass you? You broke now laws, have nothing to “hide”, but expect a certain degree of privacy when it comes to private details such as address.

The question of oversight and accountability is key here. The government and acquire virtually any information they want if they can show good reason for needing it, such as investigation of a crime. The police have the power to obtain normally private information in certain circumstances, as do many other bodies for whom the information is pertinent (social benefit agencies, for example). The key is that generally they must show a non-trivial reason for needing the information, such as strong suspicion of a crime.

By mojo | Posted in law, privacy | Comments (0)

I own this number

05/06/2008 – 16:27

I own the copyright on the following number. It’s mine, and I’m licensing it under a Creative Commons licence for everyone:

7840503105526216071103157865574030473816135816274075
6659995647367689887704190271686800028652662117436767
3277367311120646735130020647991793716906378068496038
1695401876427914616971423241556196069007992684776810
7140421413129977448963987771460202578977180817576301
0637945407349920630842274701733252363545567191751200
8418817060739478022487892365696480484556391288052670
8409265757194997631649105684044991085523359617979771
5537165589804778865387221835889651966246386788137233
1462875349602216664841504764233358486811183290582291
5278275287922576877967530552582820747972639422108865
3395380485315505521832314901913360126089945951144684
5540895433481351775188493888336736897213647236632858
513568396609123

This number is a prime, and the decimal representation of a PNG image file that I created, and is copyright me. It’s quite a nice number I think, ending in a rather satisfying 1-2-3.

I figured, since some companies think they can own a number, I guess I can too and it would be cool to have one! What companies am I talking about? Well, the AACS LA for one, who apparently own 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0. Here’s a picture of their property:

The RGB values of the bands represent the number, plus C0 on the end. That number also happens to be one of the cryptographic keys used for the DRM on the now obsolete HD-DVD discs.

Actually, they don’t own copyright on the image above, but then again it is an image representing their copyrighted number in a different form (like writing it in a different language). If I write “するだけ” (Just Do It(TM)), does that infringe Nike’s copyright even though it’s in a different format? Well, actually Just Do It(TM) is a trademark, but it was the first thing that came to mind…

I think really the issue here is that copyright law is not really adapted to the digital age. For a start, anything you can store on a computer can be represented by a number. When you download files from BitTorrent, you are really just downloading a big number. Encryption keys are numbers too, as the AACS LA knows, but it’s somewhat unlikely that they could claim ownership of a number…

In fact, under the US DMCA law, there are quite a few possibly illegal numbers. The DeCSS program, for example, which decrypts DVDs and is outlawed by the DMCA can be represented by the following prime number:

4856507896573978293098418946942861377074420873513579
2401965207366869851340104723744696879743992611751097
3777701027447528049058831384037549709987909653955227
0117121570259746669932402268345966196060348517424977
3584685188556745702571254749996482194184655710084119
0862597169479707991520048667099759235960613207259737
9799361886063169144735883002453369727818139147979555
1339994939488289984691783610018259789010316019618350
3434489568705384520853804584241565482488933380474758
7112833959896852232544608408971119771276941207958624
4054716132100500645982017696177180947811362200272344
8272249323259547234688002927776497906148129840428345
7201463489685471690823547378356619721862249694316227
1666393905543024156473292485524899122573946654862714
0482117138124388217717602984125524464744505583462814
4883356319027253195904392838737640739168912579240550
1562088978716337599910788708490815909754801928576845
1988596305323823490558092032999603234471140776019847
1635311617130785760848622363702835701049612595681846
7859653331007701799161467447254927283348691600064758
5917462781212690073518309241530106302893295665843662
0008004767789679843820907976198594936463093805863367
2146969597502796877120572499666698056145338207412031
5933770309949152746918356593762102220068126798273445
7609380203044791227749809179559383871210005887666892
5844870047077255249706044465212713040432118261010359
1186476662963858495087448497373476861420880529443

Anyway, remember to list me as the source if you use my number. Thanks.

By mojo | Posted in idiots, law | Comments (0)

New "virtual" child porn laws a bad idea

05/06/2008 – 15:34

I have held off writing this entry for a long time, because I was worried about the response I might get. So, I’ll start by pointing out what I hope should be obvious anyway: I do not support or seek to protect paedophiles. Anyone who abuses children deserves punishment.

The issue at hand is new legislation aimed at making “virtual” child pornography illegal. The main type they seem to be targeting is photos or videos modified to look like drawings or cartoons. Kind of like effect used in A Scanner Darkly, where a person or a computer traces over a photo to make a realistic looking drawing. Other kinds include things like photoshopping a child’s head onto a suggestive image of an adult’s body, or simple drawings created entirely by hand or on a computer (e.g. CG like the Baeowulf film).

There was a surprisingly level headed discussion of the issue on Slashdot.

While naturally most people find these kinds of images distasteful, I think making them illegal is a bad idea. The main issue is freedom of expression, although I would also like to mention the point that as there has been very little study of paedophile behaviour it is not at all clear that banning such things will protect children. In fact, it’s possible that by denying these people this outlet, they might be more likely to pray on actual children. It’s not a “good” situation by any means, but if the goal is to protect children… And the reality is, no-one knows one way or the other. If the government wants to do something, they should support academic studies. Know your enemy and all that.

Anyway, the freedom issue. The problem here is that, at least in the case of pure drawings (or written stories for that matter), no actual human being has been harmed. Punishing someone for producing or having such things amounts to punishment for thought crime, or perhaps pre-crime if you take the view that it’s a preventative measure.

The idea that seeing something can cause a person to want to do it is quite outdated too. It was popular in the 60s, but has been largely debunked. Every adult in the UK sees violent images, crimes being committed and anti-social behaviour every day on the TV, but most don’t go out and copy it. While it’s true that people who are considering doing those sorts of things do sometimes seek them out, correlation is not causation.

Ultimately, in any society with freedom of speech and expression, you have to tolerate things you don’t like. That’s the basic principal of the thing. While most people dislike this kind of stuff, since no actual harm is being done to anyone banning it can only be seen as a form of censorship.

The government argues that paedophiles may be using these kinds of images as loophole in the law. However, you have to question the basic assumption that paedophiles are automatically criminals. Don’t get me wrong, of course child abuse should be a crime, but is merely thinking about child abuse a crime? It can only be one if you believe in thought crime.

By mojo | Posted in law, politics | Comments (0)

Student arrested under the Terrorism Act for Al Qaida research

27/05/2008 – 11:52

Yet again, it looks like a climate of fear and abuse of the Terrorism Act have have lead to an innocent man being imprisoned for six days (via The Guardian).

To summarise, an asian student downloads the Al Qaida training manual for research on his post-graduate course from a US government web site, and it is discovered on his administrators PC. The Nottingham University staff report it’s existence to the police, who promptly arrest him and keep him detained for six days.

Eventually he was released without charge. Many countries don’t allow people to be held for more than a few days without charge at most, because everyone should have the right to a quick and fair trial. The police can hold you for 28 days (and the government wants to extend that to 56) under the Terrorism Act. Imagine being locked up for 6 days, let alone 28, with no charge, nothing to answer to and no way to appeal.

Locking someone up for a month would ruin their life. Imagine trying to explain that to your employer (assuming you still have a job at the end of it), or your family and friends. Of course it’s fine if charges are brought and a trial is arranged in good time, but in cases like this there does not have to be.

Of course, people argue that it’s okay because only “terrorists” (by which I think they probably mean Muslims) are being targeted by police, but that isn’t the case. The Terrorism Act has been repeatedly and widely abused. Councils use it to spy on parents trying to get in to good schools or people dropping litter. A woman was arrested for walking along a cycle path under it:

Sally Cameron was arrested under the Terrorism Act and held for four hours for walking along a cycle path in Dundee. She said: “I’ve been walking to work every morning for months and months to keep fit. One day, I was told by a guard on the gate that I couldn’t use the route any more because it was solely a cycle path and he said, if I was caught doing it again, I’d be arrested…The next thing I knew, the harbour master had driven up behind me with a megaphone, saying, ‘You’re trespassing, please turn back’. It was totally ridiculous. I started laughing and kept on walking. Cyclists going past were also laughing…But then two police cars roared up beside me and cut me off, like a scene from Starsky and Hutch, and officers told me I was being arrested under the Terrorism Act. The harbour master was waffling on and (saying that), because of September 11, I would be arrested and charged.”

This really is the fundamental problem with all these kinds of laws and technical advances (such as CCTV and portable x-ray scanners): they are wide open to abuse, and much as everyone would like to trust the police it’s clear that we can’t. If you look at the number of abuses of power over the years, the number of wrongful convictions based on the police falsifying evidence, the number of people whose lives have been ruined by this kind of thing, it becomes clear that police powers need to be limited.

This sort of thing also brings up the issue of pre-crime. Reading about Al Qaida should not, in itself, be a crime. Even reading terrorist training manuals does not make you an actual terrorist, in the same way that reading a book on poker strategies does not make you a gambler, or watching The Bill does not make you a cop. There is clearly a difference between being interested in something, even if it’s something people are afraid of or which could be used to cause harm, and actually causing harm to someone. In this case, it’s clearly pre-crime – actual Al Qaida terrorists don’t need to read up about Al Qaida. Sure, maybe it could influence someone’s decision to join Al Qaida, but so could news reports on Iraq or September 11th. Either it’s pre-emptive crime prevention or it’s thought crime.

It’s not just people researching Al Qaida either. In July 2005, a cricketer on his way to a match was stopped at King’s Cross station in London under Section 44 powers and questioned over his possession of a bat. The Torygraph (I know) has lots more examples.

By mojo | Posted in law, politics | Comments (0)

Attacking data in RAM

14/05/2008 – 11:52

Today’s Hack a Day post linked to this article on recovering encryption keys from RAM, so I thought I’d look into defences against this kind of attack.

There are simple ways to defeat this, and although not 100% reliable they are pretty effective.

You have to consider what sort of situation this attack is likely to be used in. The attacker would have to get to the machine while it is powered on, but be unable to access it due to software security (passwords etc). So, they reboot the system and try to recover the encryption keys from RAM, or remove the RAM from your computer (possibly after freezing it) and install it in their own machine.

Why would you need to put the RAM in another machine if you could just hit the reset button? Well, the reset button might be disconnected, or the BIOS might be set up to do a full memory check which would overwrite every byte in RAM. The only way to be sure to avoid the BIOS wiping RAM would be to power the machine off, reset the BIOS and power it back on. Note that in laptops, even resetting the BIOS (which is typically very difficult as it involved opening the laptop up) often does not clear the power-on password.

A note about UK law here. The RIP Act means that the police can force you to hand over passwords. Luckily Truecrypt features plausible deniability, but it might be hard to argue that you didn’t know the power-on password for your laptop. That’s the biggest problem with that law – instead of the police having to prove you are guilty, you have to prove you are innocent. So, it’s probably not a good idea to rely on the power-on password.

So, the attacker wants to freeze the RAM and put it into their own machine for reading. It’s going to be hard to freeze it, transport it to the new machine and install it without data loss, but for arguments sake let’s say it’s possible. Certainly, the CITP paper seems to think it is.

Most machines have a case open switch, which could be used to trigger a memory wiping program. Assuming the program was intelligent things like encryption keys could be erased in nanoseconds, and the entire RAM in a few seconds. The attacker would have to power off before opening the case, increasing the time before they can freeze the RAM and thus increasing data loss. The power button itself could also be used as a trigger, in case the attacker is stupid enough to press it instead of pulling the plug.

Anyone worried about being raided should probably set up a panic switch, or at least be ready to hit the reset button to allow the BIOS to clear the RAM. Truecrypt should ideally be configured to dismount any encrypted volumes when the machine is sleeping or the screensaver is engaged, although that’s not always practical (e.g. with boot volume encryption).

The ideal solution would be a PCI-e card with a small amount of RAM for encryption keys, a microprocessor and battery/capacitor. As soon as power goes off, the uproc would securely erase the RAM. Maxim make ICs that do just that, all we need is an implementation. It’s a shame USB can’t be used, or any cheap uproc would do, but USB devices cannot be mapped to memory address space.

Of course, even this wouldn’t prevent any open documents, cached directory listings etc from being recovered.

A program to wipe the physical RAM on shut-down of Windows would be ideal, but not trivial to write since it would need a complex driver to access RAM and figure out which bits can be cleared (because you don’t want to crash the OS). A simpler but less effective method would be a program that simply requests allocation of non-paged RAM (i.e. physical RAM) repeatedly until allocation fails (and presumably RAM is filled up) – similar to how Eraser‘s free disk space wipe works.

Really, this kind of attack, assuming you are reasonably well prepared for it, is not particularly effective. For anyone worried about law enforcement, setting the BIOS to do a full memory test and setting a BIOS password is probably enough to prevent it in most cases. An improvement would be to make sure your BIOS does a full memory test by default (i.e. after being reset). Some mobos do that, if yours doesn’t a BIOS editor might fix that.

By mojo | Posted in hardware, law, privacy, security, software, windows | Comments (0)

BNP using BBC Have Your Say as a platform?

02/05/2008 – 11:25

The BBC Have Your Say forums have always been full of ignorant morons, but it looks now like the BNP are making a concerted effort to use the site as a platform for their views.

Here is a selection of the highest voted comments today:

No elections in my area this time but I would have voted BNP. The only party with the nuts to tell it how it really is.

Blah Blah Blah, Soham

Just hope it is a candidate who will stop the mega mosque!

Keith Waters, Ely, United Kingdom

Looking at the results, it seems unlikely that the BNP really has that much support. More likely, they have rallied a significant number of their supporters to vote for these kinds of comments to get them to the top of the list.

At least, I hope that’s what is happening, because being half British / half Asian I’m kin of worried when people vote for a party that is directly opposed to my existence. It just shows how bad things still are when I’m not even sure I should admit to something like that – even the hint of it seems to make people nervous and wary of you.

By mojo | Posted in idiots, politics | Comments (5)

たとえ溺れても梦はゆめでしかない

blog.world3.net

More on work and ill health

Benefit reforms for the sick

Uniqueness of DNA questioned

Petition for PayPal credit card transactions to be properly regulated

The "I've got nothing to hide" argument

I own this number

New "virtual" child porn laws a bad idea

Student arrested under the Terrorism Act for Al Qaida research

Attacking data in RAM

BNP using BBC Have Your Say as a platform?

Meta

Categories

Archives

Links:

February 2012
M	T	W	T	F	S	S
« Jan
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29