Frank

“Right to be forgotten” and police body cam footage posted forever on YouTube

In Europe, the court has decided that people who don’t like search engines like Google turning up embarrassing details about them now have the right to get the offending pages removed from the index. A Spanish lawyer by the name of Mario Costeja Gonzálezping hated people typing his in his name and finding an article in his local rag alluding to his past financial difficulties, and when they refused to pull the historical record he took all and sundry to court until Google (in particular) was forced to stop indexing the page. If you want to read the page from La Vanguardi, click here. Whilst I have some sympathy for the guy, taking Google to the European Court over the matter is not the best way to keep out of the public eye.

This isn’t without controversy – it’s censorship by the back door, handed down by a bunch of un-elected judges and everyone in Europe now has to comply. However, our colonial cousins, with their First Amendment, have e completely different problem – too much free speech.

Someone is exploiting the system, and the fact that publicly generated records in the USA are public, by requesting all police body camera images in order to provide content for a new YouTube channel, as reported by Komo News. Basically they’re slurping all the footage shot by Poulsbo Police in Washington and posting the “best bits”. The privacy issues are mind-boggling! Forget getting drunk and posting an unfortunately selfie on your Facebook page – if you get a visit from the cops in Poulsbo, it could end up on YouTube forever.

What is Google (owner of Facebook) doing about THIS? Absolutely nothing (thus far); it’s free speech, isn’t it?

8-November-148-September-15

Google Apps for Schools – how safe are they?

So-called Group Work is probably the bane of every tutor in higher education, myself included. As to the poor students having to collaborate; it’s always the motivated one dragging the hangers-on and possibly university’s resident idiot along with them. It’s a nightmare. The most common complaint is that they never turn up to meetings to work on the project because it’s too difficult to organise. Yeah, right!

So this week, one of my colleges persuaded me to get them all working with Google Apps. The theory is that they don’t need to be co-located in time or space to work on a common document. I suspect the lack of physical presence will actually make it easier for some of the group to loaf off, but perhaps I’ve been at this too long to be optimistic.

Google Apps, on the other hand, is gaining ground in education. Cloud-based applications that allow easy sharing of documents has to be a good thing, and I have to say I’m very impressed at the ability of several people to edit the same document at once. And it comes with the ultimate feature that will guarantee sales – it’s free.

When I say “free”, that means that Google gets to harvest your personal data instead of hard cash, and feed you targeted advertising. And this is a worry. You may be okay with this, but if it’s to be adopted in colleges or schools, supposing some students aren’t as relaxed about it? Those in the know keep away from Facebook for just this reasons, but it’s optional. If you make Google Apps part of coursework you’re forcing students to accept terms they’d otherwise reject.

So, in 2006, Google announced Google Apps for Education, with the advertising stripped out. It’s actually a pretty good deal. Features may change over time, but it’s basically business version of Google Apps with one difference – it’s also free.

Unsurprisingly, Microsoft is really hacked off about this. They’ve been giving their Windows and Office software to educational establishments at a huge discount (or free) in order to get kids hooked on it, and as a result we have a generation that believes Microsoft Office is necessary to do anything. Kids come out of education knowing nothing else, which forces companies to purchase Microsoft Office at the full price in order to make them feel at home.

So, free or otherwise, Google Apps is probably more suited to college use, and Microsoft isn’t going to like it, so is fighting back with lawyers (no surprise there).

For example, last year Microsoft backed a bill in the US state of Massachusetts to block the use of Google Apps in schools.

To quote: “An Act prohibiting service providers who offer cloud computing services to K-12 educational institutions from processing student data for commercial purposes.”

Pernicious as Microsoft’s education offering is, this bill does have a point and I find myself siding with Microsoft for once. In fact I’d go further – no one should be forced to use applications collecting personal data, even in further or higher education.

This is becoming more relevant as I understand many schools are now considering the use of Google for Education. If their students are under 18, how can they even give informed consent? And once the parents understand the issues, who would give consent on their behalf? In most Judistictions, you need to be 13 or over (or 16+ in some parts of Europe) before you are allowed by Google to have a Google account, so it’s not like Google isn’t sensitive to the issue.

My sources inside the chocolate box tell me that the new Apps for Education will be advert free. When pushed, there was no guarantee that tracking wouldn’t happen – only that no adverts would be shown in the Apps themselves. Whether they will appear, based on tracking data, on other web sites remains to be seen and when the child reaches an “appropriate” age they’ll come with years of profile data. I’m awaiting clarification from Google on this matter.

(Update: Google has now publically declared that they will not scan Apps for Education data for advertising purposes, however the devil is in the detail. They don’t say that they don’t scan it for other profiling reasons. And then I found this court document, unearthed by SafeGov, in which Google’s own lawyers admit that they do profile students email and suchlike, meaning they can target adverts in other circumstances.)

And then there’s the question of whether it’s a secure environment. Well, no, it’s not. But that applies to Office 365, most LMS (see blogs passim) and anything else that has public messaging – in this case GMail. Given the problems I’ve had with users of freemail accounts, including GMail, I can’t help but question of the wisdom of allowing children access to it. When you’re signed up for Apps for Education you are supposed to be getting 24/7 support from Google, unlike Joe Public. Whether this helps resolve the issues remains to be seen. It’s also possible to turn off features centrally, such as Chat (an obvious thing to disable). Unfortunately, if you do turn off GMail there’s no other closed
messaging system to use instead.

As with my earlier papers and articles concerning LMS systems, I’m not saying that Google Apps are inherently insecure. In fact, I’ve got a lot of confidence that Google data centres, in particular, are robust. If Google does deliver on it’s data use policy, and is providing this service free of charge and with no strings attached, that’s great news. Microsoft has had their way for far to long for it to be healthy. Google has stated that as Google was born out of a research project at Stanford, they now want to give something back to education and that’s their only motive. It’s nothing to do with scuppering Microsoft; how could you possibly think that?

Like all Internet connect IT for use in schools, it’s the social risks that worry me the most, such as abuse of Internet email. If your school plans to use Google Apps, Office 365 or any other system with open email, just ask to see the risk assessment first.

That said, I’d still prefer to see educational establishments return to the open source model; Linux if you must, and OpenOffice. Computing by and for the people. Or perhaps those days are gone. We’re already stuck with a generation that now believes computing comes from large companies like Google and Microsoft. Sadly, I feel that it’s unlikely that most will have the technical talent in-house to make it happen.

Update:

Some of the concerns expressed here about data usage have now been addressed after Google signed up to this code of conduct IN THE USA.

16-October-1417-October-14

Google Nexus TV uses Atom

The Nexus TV box that Google just announced is the company’s latest attempt to take over the living room (after Chromecast). This one runs Android 5, so punters can download and run apps from Google Play. This will include games, of course, and there is to be an optional games hand controller. However, what no one seems to have noticed is that the NExus TV box has an Intel processor, not an ARM.

Although simple Apps are written in CPU independent Java code, or, strictly speaking, a similar VM either Dalvik or ART depending on which version of Android you. It’s interpreted on the target platform, and therefore slow. When high performance is needed then code has to be written C and compiled to native code (i.e. using the NDK). This hasn’t been a problem thus far, as all Android devices on the market used the ARM core, and were machine-code compatible. I wonder how many games are written this way? Quite a few, probably.

Tesco has also just launched a non-ARM Hudl tablet. The mass media had yet to comment.

20-September-142-July-15

Don’t write off the iPhone just yet

This may seem and odd premise, given that Apple flogged 4 million of the new iPhone 6 units as soon as it was launched. It doesn’t sound like a failure. But I’m hearing voices…

The theory is that the smartphone market is saturated. In the US, an often quoted statistic is that 75% of Americans already have one. In the UK, research from Deloitte puts the figure at 72% a year ago, rising at about 15% a year. Selling something everyone already has is not a good place to be.

Then there’s the inexorable rise of Android. Google launched the low cost, very capable and very affordable Android One phone in June. Never heard of it? Well it’s not available in the west – they’re going after the huge third world market, starting with India. There are a billion punters there, eager for the western tech. And the same with China, although they can make their own (as well as handsets for the rest of the world).

Generic Chinese Android handsets are good. I have one. It takes two SIMs at once and works under water, at a fraction of the prices of a western branded unit. Manufactures like Huawei, ZTE and Foxconn own this space and will be hard to shift. Google doesn’t make money from Android, and I doubt that the Android One will contribute much to their balance sheet. But Google is a data capture company, and have Google-controlled smartphones out there is strategically very good.

So, Apple must be doomed – a saturated market and cheaper smartphones that do it better. But that’s never been a problem Apple’s business model.

Apple’s products are aspirational – they say, “Look at me – I’m wealthy enough to spend £100s every year for the latest iPhone and therefore I’m a good prospect when it comes to making babies.” The more they cost, the more people want them. Fanbois may protest, saying that they iPhones work better (not so) and look nicer. Sony sells nice looking kit too, but is forecasting a $1.2B loss from its Android smartphones. The same with HT; it’s just breaking even on declining sales. Samsung is making a good profit ($6B), but there’s a suspicion this has been generated on a huge marketing spend.

Apple doesn’t need to spend too much on marketing. It just has to look cool and remain aspirational.

According to Juniper, shipments of smartphones will be close to 1.2B units this year (with 985M shipped in 2013). That’s a high volume, but if it’s the Android One and low cost units going to emerging markets (those not yet saturated), the bulk of that will be making meagre profit.

Apple, on the other hand, makes a very nice margin, thanks. Fanbois will happily hand over $100s simply to have one with a larger flash memory; several thousand percent more than the memory itself costs elsewhere. They’ll accept that the limited-life battery is ;sealed inside and will die, taking the iPhone with it in a couple of years. They’ll accept that there’s no memory card slot as an alternative to buying the ridiculously expensive internally upgraded models. They’ll even put up with the poor telephone performance; after all the screen looks very nice (don’t tell them that Samsung beat them too it).

I used to work with Cuppertino in the late 1970’s and early 1980’s – lots of people did because the Apple II was a major player; a de-facto standard. Then in 1981 the IBM PC was launched, became the new de-facto standard and Apple was marginalised with the Mac, losing market-share big time until it was less than 10%. 25 years ago I was discussing their demise with Guy Kewney, a good and wise pundit and friend. “You’re wrong”, he said. “The PC market is much bigger. Other PC makers would be very happy to have 9% of the current market, and they have much lower margins than Apple.”

10-September-14

Google geek lives on site for year. Yawn

Matthew weaver told the BBC he lived on site on Google’s. Mountain view campus. for 54 weeks between 2005 and 2006. Are we supposed to be impressed? Well it’s a long time but the story continues to reveal he was living in a camper van. How soft modern techies have become. Back in the early 1980’s living on site while a project was on was not at all uncommon. I certainly was not the only programmer in small tech startups to spend the night under the workbench in a sleeping bag. It was an alternative soft option to simply working through the night.

These young techies simply don’t know they’re even born. Camper van indeed!

5-September-14

Barclays launches biometric finger scanner

In a headline-grabbing move, Barclays bank has launched a finger-scanner for its customers to use when identifying themselves on-line. It’s not an easy-to-fool fingerprint scanner; this one examines the veins in the user’s finger to determine a match.

Like most biometric identity verification methods, I think this is anything more than a gimmick – at least as it’s being reported (encouraged by Barclays) as some kind of future for consumer banking. They’re actually launching it for corporate users, where it probably does have a niche.

The problem with biometric identification is that it’s just as susceptible attack as a password, but a lot more expensive. In fact, if someone uses a secure password, fooling biometrics is often quite easy in comparison.

Imagine how it works: The scanner examines the finger and passes metrics to the bank – just like a password. Because fingers are squishy and organic, the metrics will vary each time so the bank’s computer is only looking for a “close enough” match. Passwords have to be spot on.

So how can a vein scanner be fooled? Well, I’m sure they’re encrypting the data end-to-end to make a replay attack difficult (sending the same scan data twice). At least I hope they are! But at some point the data is unencrypted – it’s coming from analogue sensors looking at the finger. Hack the sensor and you’re away.

Barclays may have done something very cleaver, and I will watch to see if this is true with interest, but however it works, I can’t see it being any more secure.

So why bother? Simple – it’s more convenient. If you’ve got a load computers in a corporation with different employees wandering around making bank transfers, you really want to know who’s doing what. Passwords in the public are one thing, but within an organisation, they get passed around. Usually the employees do this willingly, but someone with crooked intent can find they by other methods.

You can use smart-cards to identify employees, but these can be “borrowed” too. Using a finger makes sense. Vein scanners don’t work on dead fingers, so you an be fairly confident that the user is who you think it is. Weighed against the cost and reduction in total security, it’s probably a good thing.

As an ID form for the public, I think not! A corporate environment is controlled; it’s not the Internet. I would hope that companies can avoid having thousands of criminals trying to defraud them 24/7 working on the inside, but that’s exactly what you have on the wider Net.

(more to come)

2-September-1420-September-14

Leaky iCloud

As I picked up my copy of Private Eye at the station Newsagent just now I noticed the headlines on certain of the dailies going on about hackers stealing naked photos of celebrities from their Apple on-line storage areas. The fact that they were (apparently) celebrities and that the weren’t wearing clothes was the main point for the tabloids, but the big story is really the security of cloud storage.

Personally, I’d be very surprised if attackers had actually compromised Apple’s servers. More likely explanations would be an inside job, or the lusers endpoints. But my money would be a phishing attack.

It does highlight, however, the danger of outsourcing your sensitive data to anyone.

In the 1980’s the fad for outsourcing really took off. Professional engineers all said it was a bad idea then. If your company data is important, the last thing any business should do is trust it to someone else.

The term ‘cloud’ has become a trendy marketing concept in recent years. What it really means is “I have no idea and don’t care.”. It was used in context as follows:

“Where is that service your using actually running?”

“Don’t know, somewhere up in the clouds!”

It’s was ironic. In the real would, admitting you’ve lost control of your data is hardly something anyone would be proud of. But suits heard the new buzzword and wanted some of it. And the punters quickly accepted the benefits (free stuff) without a thought to the risks.

So has Apple’s on line storage been compromised? I doubt it’s been hacked. The technology is fairly robust. If you want to access iCloud data, Apple’s servers themselves are not the soft attack vector. The obvious method is to trick users into handing out their passwords. After all, any coy celebrity foolish enough to (a) take pictures of themselves in the buff; and (b) store them on someone else’s computer, are hardly going to be the brightest stars in the sky.

The fact that fanbois seem to have been the victims in this case is irrelevant. They may have been easier targets if, indeed, it was a phishing attack. However, the general principle remains the same whoever is providing the service – Amazon, Google, Dropbox, Microsoft or one of the many startups trying to get a bit of the action. And the same goes for Facebook and the like – anyone uploading anything remotely sensitive to their servers needs to consider the implications. If you wouldn’t publish something directly on your web page for all to see, don’t send it to “the cloud” either.

The American gun-selling industry has long used the argument that firearms in themselves aren’t dangerous. It’s the users that are the problem. They’re right, in so far as the argument goes. Unfortunately, adding the human factor to cloud services makes the encryption, data centre security and other precautions taken by the providers irrelevant in the same way. People will be hurt. And “celebrities” will caught with their pants down.

28-August-1428-August-14

FreeBSD ports build fails because of gfortran

I’ve been having some fun. I wanted to install the latest ported versions of Apache and PHP for test purposes, so set the thing compiling. There are a couple of gotchas!

First off, the current ports tree will throw errors on the Makefile due to invalid ‘t’ options and other fun things. That’s because make has been updated. In order to prevent you from using old “insecure” versions of FreeBSD, it’s considered “a good thing” to cause the build to break. I’m not kidding – it’s there in the bug reports.

You can get around this by extracting the new version of make for the 8.4 iso image (oldest updated version) – just copy it over the old one.

Some of the ports also require unzip, which you can build and install from its port in archivers.

Now we get to the fun part – because the current system uses CLANG but some of the ports disagree, when you go to build things like php5_extensions (I think the gd library in particular) it depends gcc, the GNU ‘C’ compiler, and other GNU tools – so it tries to build them. The preferred version appears to be 4.7, so off it goes. Until it goes crunch. On inspection it was attempting to build Fortran at the time. Fortran? It wasn’t obvious why it broke, but I doubted I or anyone else wanted stodgy old Fortran anyway, so why was it being built?

If you look in the config options you can choose whether or not you want Java. (No thanks). But in the Makefile it lists
LANGUAGES:= c,c++,objc,fortran
I’m guessing that’s Objective C in there – no thanks to that too. Unfortunately removing them from this assignment doesn’t solve the problem, but it helps. The next problem will come when, thanks to the new binary package system, it tries to make a tarball of the fortran stuff it never compiled. I haven’t found how this mechanism works, but if you create a couple of empty directories and a an empty file for the man page it’ll proceed oblivious. I haven’t noticed and adverse effects yet.

A final Pooh trap if you’re trying to build Apache 2.4, mod_php5 and php5-extensions is the Zen Thread-Safe options (ZTS). If you’re not consistent with these then Apache/mod_php will fail to load the extensions and print a warning in httpd-error.log. If you build www/mod_php5 you’ll see a warning like:

/!\ WARNING /!\ !!! If you have a threaded Apache, you must build lang/php5 with ZTS support to enable thread-safety in extensions !!!

Naturally, this was scary enough to make me stop the build “make config” to select the option. Unfortunately it’s also an option on lang/php5 and if you didn’t set it there then it’ll go crunch. Many, many thanks to Matthew Seaman from FreeBSD.org, who figured out what I’d done wrong.

27-August-1427-August-14

No-IP, no sales

No IP is my Dynamic DNS provider of choice. They provide a fuss free service if you need to assign a DNS entry to a dynamic address, and it’s also free of charge. What’s not to like?

If that’s not reason enough to support them, they had a bit of bullying from Microsoft lately, but are now back on-line. If I needed an external DNS provider, I reckon they deserve my business. So how curious that they don’t have a sales department? At least none that I’ve been able to contact. Out of desperation I emailed the webmaster (the most likely contact in their published list) and got an (automated) reply suggesting I raise a support ticket.

Needless to say, when I tried to raise a ticket it asked me a load of questions about the product I had. “Not applicable”.

If it turns to be too much hassle trying to buy a service from them, I’ll just have to peer with someone. Does anyone with BIND running in a DS that I’m not in want to do a swap on DNS replication? Why? 512K day, that’s why!

23-August-1427-August-14

Tesco really doesn’t like journalists

I just had a most interesting experience at Tesco in Watford. I went to take a picture with a mobile phone and was suddenly surrounded by burly security guards. Apparently it’s company policy that no one is to take pictures in Tesco, or even Tesco car parks. How odd!

Okay, it’s private property and they can make up whatever rules they like. If you need a shot of their pick and mix, you’ll need a long lens so you can stand on the road outside. But it begs the question, are they stark raving mad?

Luckily a manager turned up pronto (presumably someone pressed the panic alarm), and I persuaded her to send the security people away while she explained – in fact the outcome was very satisfactory from my perspective, and should I ever need to speak to a manager within 30 seconds again, I now have a sure-fire method.

As a long-time hack, I know what I’m about when it comes to taking pictures. Normally, when you’re taking photographs with a camera on a mobile phone, it’s pretty clear you’re not doing so for commercial reasons and it’s unusual for anyone to complain. Okay, if I had my big press camera with me, I’d certainly have asked permission to photograph/film. Or I’d have used a hidden camera. But it wasn’t like that – in fact I was shooting the contents of my shopping trolley as a record – obviously domestic use only, and I even mentioned to a member of staff nearby that I was getting a shot of that if he had no objections.

So can they do this? Well it’s not illegal. They can make up any rules they like about who can and who can’t enter their premises and if they want to ban people taking photographs, they can. They could get a court order and bar you from every Tesco store in the country. What they can’t do (if this happens to you) is make you delete any photographs you have already taken, and neither can they touch you or your camera – that’s common assault.

But why should it come to this? Surely Tesco doesn’t hate journalists? Actually, I doubt they even realised. But on asking around, they have form in this respect. Had of Patrick Collinson’s experiences I’d have been prepared, but he was writing in The Guardian when he was nabbed for noting down prices.

So is this a one store going bonkers (I’ve not had any bother at my local Tesco, although don’t often shop there these days)? I set out to find a security guard who’d talk, and it didn’t take long (but he’s not from Watford, in case anyone from Tesco is reading this!)

Apparently, the only photographs allowed are general ones of the exterior of the shop. If you’re audacious enough to snap something specific, like and advert, or one of their products, they’re instructions are to “ask you why, and ask you to stop”. Obviously the “why” is out of politeness. And if you’re inside the shop, forget it! You need special permission from the duty manager, sign-in and have to wear a visitor’s badge. Want to shoot some grocery or other and send it to your other half for approval? Not in Tesco, you don’t.

It gets worse! Should you try this and then refuse to stop, Tesco security is instructed to detain you, call the cops and try to have you charged under Blair’s masterpiece, the Prevention of Terrorism Act [2005]. [I think he may be confusing this with Regulation of Investigatory Power Act 2000]. Boggle! I asked if he thought someone was pulling his leg, but apparently Tesco reckons that people taking pictures may be doing so in order to choose locations for placing bombs. They had some bother in 2007 with bomb hoaxes, and therefore this policy is for “our” protection. Somehow, without photographs, it must be very difficult to leave a bomb behind. Doesn’t that make you feel safer?

Or perhaps they’re still smarting after that youtube video of the horseburger skit.

I’ve written to Tesco for a clarification of this, but they have so far declined to comment. I certainly can’t find anything to suggest this is a genuine policy in writing, and I don’t recall every seeing any “no photograph” signs up. But the my source was adamant. Perhaps it’s a myth. I hope so. One incident like this, or Patrick Collinson’s won’t damage their business much in itself, but every little helps.