Posted on

Faulty screen on Lenovo S10-3 10″ laptop

My trusty and very portable S10-3 – one of the best laptops ever made in my opinion – died a couple of months ago. Well its screen went black. Or it went all-white, to be precise. And I mean black OR white; every pixel was either full-on or full off.

The rest of the machine appeared to be fine – it could be heard booting and it appeared on the network – you just couldn’t use the screen.

Today I fixed it. There was a loose connection where the LCD panel cable joins the motherboard. Unfortunately, it’s been lying in a pile waiting to go to Lenovo’s service centre in Germany all this time because I couldn’t figure out how to check for loose connections. Like most laptops, dissassembly isn’t obvious. Fortunately, like most Lenovo (nee IBM) laptops, it’s actually built with servicing in mind. So here’s the trick:

Remove the battery and undo all obvious screws on the back cover. There four captive screws on the cover plate, behind which lurk the winchester, DIMM and cellular modem (if fitted). Don’t be fooled; they don’t come out! You can remove the winchester if you wish, but watch out – it has two of its own retaining screws and two more screws that are part of the cover you’ve just removed. You could go mad looking for them if you miss this point.

There are then six black M2 screws to remove to the case, and three very small screws under where the battery fits. Remove them all, and it will look like nothing’s changed.

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

Next you have to lever the keyboard off. It’s actually very easy if you lever in the right place, which is along the top edge. It ‘snaps in’ at the corners; gentle levering with a small flat screwdriver and finger nails pops it off easily.

To disconnect the ribbon cable connector, pull the black bit of the PCB socket clip forward and up. (Good luck getting the cable back in, from underneath, and closing the clip again with adult sized-hands!) You can then put the keyboard aside, and undo three further black M2 screws, which are found at either edge and the centre of the silver plate thing you’re looking at. Then you need to prise the top of the case off – the sliver bit comes with it. Again, this is much easier than it sounds if you lever with a small screwdriver and get your fingernails underneath.

The planar (motherboard if you’re younger than a certain age), is now laid before you. The LCD cable is obvious at the top left; they’ve even labelled it. Although it looks like it’s taped down, it just pulls in and out; reseating it did the trick for me.

If you need to dismantle the screen/lid assembly (or if you’re curious, like me), you can detach the power cables that come in on the right hinge and undo a couple of screws at each side to remove it completely. To open it you need to remove the screws hidden under the self-adhesive rubber pads in the corners. Then you need to flex the screen frame quite dramatically, working around the edge, until it un-snaps (if you see what I mean). Let’s just say it’s easier to replace the lid as one unit if you’re breaking for spares.

Anyway, my little friend is back and I’m happy. It’s just a shame the manufactures are pandering to the craze for fondleslabs and had dropped the 10″ form factor for truly portable “proper” computers, able to run software other than games, Facebook and surfing the web. Now that ASUS has dropped the Eee book you’re looking at something like the ThinkPad E145, which I was about to buy in spite of its extra bulk, weight and cost.

Unfortunately, the S10-3 and closely related models in the field  are currently not replaceable until fashion swings back.

Posted on

Google shoots own foot in war on child abuse images

If you believe the Daily Mail and the BBC, Google and Microsoft have buckled under pressure from the Government to block images of child abuse on the Internet. What they’ve actually done is block around 100,000 search terms that are used by peodphiles looking for material, whether such search terms could be used to locate other content or not. Great.

Actually, this is rubbish. Google (about which I know more) has not even been indexing such sites, so search terms won’t have found any that it knew about anyway. I’m sure the other search engines have similar programmes in place. This is a public relations exercise, with a piece by Eric Schmidt in the Mail today. It’s a desperate PR stunt that will back-fire on Google.

Eric Schmidt of Google, seeming desperate (from Wikipedia)
Eric Schmidt of Google, seeming desperate

The fact is that household names like Google don’t have a case to answer here. They’re not ISPs, they’re not providing hosting space for illegal material and they’re not actually responsible for it in any way. The only thing they can do is spend their money researching such sites, dropping them from there indices and alerting the relevant authorities to their research. This they already do. So when the likes of Mr Cameron criticize them, as an easy target, the correct response is “Don’t be silly, it’s not us, and it’s the job of your Police to catch the criminals whether they’re using the Internet or not”. What Google has done with this move is give legitimacy to the original false accusation.

As anyone concerned with cybercrime will tell you, the major criminal activity takes place in areas outside the World Wide Web – areas not indexed by Google or any legitimate company. It travels around the Internet, encrypted and anonymous; and the peodophiles seem to be able to find it anyway. All this move will achieve is pushing the final remnants underground, where they’ll be much harder to track.

Looking at the comments that have appeared on the Daily Mail site since it was published is depressing. They’re mostly from people who have been taken in by this line (originally spun by the Daily Mail, after all), and they clearly don’t understand the technical issues behind any of this. I can’t say I blame them, however, as the majority of the population has little or no understanding of what the Internet is or how it works. They simply see a web browser, normally with Google as a home-page, and conflate the Internet with Google. The Prime Ministers advisors are either just as simple-minded, or are cynically exploiting the situation.

 

Posted on

Skype under investigation for NSA links

According to today’s Guardian, Skype is being tackled by the data protection commissioner in Luxembourg over concerns it has secret links with the US National Security Agency, and its Prism communications intercept programme. Like many “interesting” companies such as eBay, Amazon and even Starbucks, Skype chose to be be based in the Luxembourg  in the hope it would be left alone. However, the infamous tax haven’s constitutionally enshrined right to privacy might turn around and bite Skype.

Skype Login PageMicrosoft bought Skype a couple of years ago; it had once been owned by eBay and, as a separate division, Microsoft has presumably decided to keep it in Luxembourg for the tax advantages. However, while Microsoft was allegedly one of the first large technology group to be pulled in to Prism, Skype has been widely thought of as a secure communications channel. If Luxembourg-based Skype has been passing intercepts to the NSA, its users and the local authorities will not be pleased.

I understand that the local law does allow this kind of thing, and for it to remain secret, if it’s specially negotiated by the government. And as such the data commissioner may not have been in the loop.

But, you may wonder, how does an encrypted peer-to-peer system like Skype get intercepted anyway? The protocol was designed to pirate media files in such a way that lawful authorities were unable to track or disrupt it (which is why no network administrators would ever want it on their LANs). If it has weaknesses, they must have been there from the start. And I believe they were.

A few years back I was talking to someone from Facetime, a manufacturer of firewalls. They’ve since found that flogging their domain to Apple for an iPhone product is also lucrative, and now they’re called Actiance. But I digress.

Facetime had struck a deal with eBay to get details of the secret protocol so that they could manage Skype on local networks. As it’s obfuscated and designed to avoid firewalls, this is a neat trick, and they were the only people able to do it at the time. As an example, they were able to determine which versions of Skype were in use and block those that didn’t fit with company policy. In other words, they could positively recognise the obfuscated protocol and make sense of it.

According to the files the Guardian claims to have seen, Skype was ordered to cooperate with the NSA in February 2011, and it only took them a few months to have call intercepts in place. I’m not that surprised; given the Facetime firewall’s abilities I suspected that payload decryption was going to be possible if you asked the right questions whilst brandishing a big enough stick.

Making this information public, as is now the case, is simply going to push the people that should be intercepted on to systems not under the influence of the USA. How about a Chinese Skype-alike instead? Perhaps not, as it’s widely believed that the Chinese version has a back-door for the local authorities to plunder. But there are plenty of anarchist outfits out there with the ability to write a VoIP system that isn’t compromised by big business’s need to cooperate with governments if they want to make a profit.

Meanwhile, let’s see how Luxemburg’s data protection commissioner gets on.

 

Posted on

Spam from global switch

My spam traps pick up dodgy emails from all sorts, including large companies that ought to know better. But today one was hit with a marketing communication from Global Switch. Not from an errant client of the data centre, but from Global Switch themselves, marketing their rack space (half price for the first 12 months, apparently).

I’m not sure what to make of this, but if you’re thinking of starting up a spamming operation, Global Switch looks like the place to be. If they don’t care whether they’re using legitimate, opt-in lists, why should they hassle their customers. Needless to say I contacted them about it; needless to say there was no one available to comment. If anyone from Global Switch is out there, it’s still not too late.

Further:

I did get through to Global’s sales team. While they stopped short of condemning the practice, they said they’d investigate if I gave them enough information to identify the honeypot. I’m sure they’d wouldn’t have bought the list they used if they suspected it was dodgy, which just goes to show.

 

Posted on

Who needs a botnet when you can Yahoo?

Someone, somewhere is making full use of Yahoo webmail to send out  what could be millions of fake emails pretending to be Amazon order confirmations (extrapolating on the numbers received here). Needless to say, they really contain a ZIP file with a rather nasty looking Microsoft executable file inside.

My guess is they’re using accounts compromised earlier in the year, as reported here, which gets them through spam filters as most ISPs trust Yahoo. Actually, ISPs generally don’t trust Yahoo but their users don’t see it that way when their friends’ Yahoo email is blocked.

Is this Yahoo’s fault? Normally I’d blame the criminals, but in this case Yahoo could be doing a lot more to to help. This has been going on for three days, and there’s no legitimate reason why any of its users should be sending out with addresses @amazon.co.uk. Even if they can’t scan to detect the latest malware, recognising these fake emails is easy enough.

It’s hardly a new tactic by the criminals, of course. amazon.co.uk’s name was abused back in May to deliver similar Trojan malware.

It’s about time Yahoo (and other freemail services) took responsibility for the damage caused by their business model.

 

Posted on

Chauvet Obey 40 blacks out when you change fixture

I needed to test some DMX controlled lighting figures recently, and after looking around I decided to get an Chauvet Obey 40 controller. It’s not the cheapest, but it won’t break the bank, and it supports more channels than the entry level models – and does scenes and sequences (chases).

The design looks fairly straightforward. If you want simply use it to control light fixtures manually you need only press the button for the fixture in question on the left and then use the faders corresponding to the channels you want to adjust until you get just the right shade of puce. You can toggle multiple fixtures on and off, and control them in batches. So far so good.

Having got this set up, I was horrified to discover that when you de-select a fixture the Obey 40 turns it off! This means you can’t go through adjusting all your lights in turn. Apparently the unit was designed to work in programmed mode, where you set up scenes and sequences of scenes and cycle through them. It can do that, okay. If that’s all you want.

After tearing my hair out for several hours I discovered, by accident, that if you press the Auto/Del button to toggle the “Auto Trigger” light on the LED display to “on”, the desk works the way you might hope – select the fixture(s) you want, adjust it and then select another fixture. This is, apparently, the “Auto Bank Playback” mode, which suggests it may not work so well if you have things programmed in a bank but this hardly seems to matter for manual control. Just make sure it’s sequencing through an empty bank.

This appears to be an undocumented feature, and was news to the helpful people at Chauvet in Nottingham. I get the feeling this was something that irritated them about the design, too.

So – if you’re stuck in the same position, trying to get manual control, the non-intuitive answer is to turn it in to “auto” mode. My unit was manufactured in April 2013; this may not apply to other units, which may have different firmware.

Additional: If you don’t mind the “programming” light blinking away like mad, you can also control it manually in programming mode – just don’t bother saving the scene.

Posted on

Your Smart TV is watching YOU

There were a couple of  interesting presentations at Black Hat yesterday Aaron Grattafiori and Josh Yavor from iSEC Partners and Seungjin Lee from Korea University were both talking about hijacking Smart TVs. These devices are Internet connected and basically do a lot of their stuff using web browser technology, including JavaScript and other well known attack vectors. iSEC Partners were testing Samsung TVs in particular, but they all work pretty much the same way and apparently the manufacturers’ programmers haven’t done much to consider the security aspects.

Grattafiori was particularly keen to point out that the cameras on such devices were as susceptible to hijacking as anything else.

He went on “Because the TV only has a single user, any type of compromise into an application or into Smart Hub, which is the operating system — the smarts of the TV — has the same permission as every user, which is, you can do everything and anything.”

He suggested you might want to  make sure the TV in your bedroom has it’s lens covered with a sticky label.

Earlier this year Samsung has issued a software update for the TVs affected by the security flaws described in Las Vegas, but the fact they’re all using flaky browser technology means we should all be wary of them.

 

Posted on

Mark Shuttleworth’s Ubuntu Edge Dream

Mark Shuttleworth’s software company, Canonical Ltd, trying to raise $32M to build the first 40,000 units of a smart-phone type device that can run Ubuntu Linux. I predict he’s raise the money, and make the handsets. But the idea will tank anyway. Here’s why.

The concept of a ‘phone capable of running a desktop OS is easy to understand. When you want to use the desktop Ubuntu side you plug it in to a real monitor and keyboard – say one at home and one in the office. When you’re on the move it will run Android Linux (for Android is simply Linux with an Android graphical shell). You carry your environment with you, and carry on working wherever you are, assuming you have a monitor and keyboard available. If you run the Ubuntu graphical environment on the move, using the handset’s touch-screen it’s going to be pretty painful.

People investing about £600 will get a ‘phone, if they’re ever made. Is this an investment, or a pre-ordering deal? I think it’s up to you whether you invest enough to get a ‘phone, or buy even more equity as an investment in the future of the device, but I suspect a lot of people will simply be after the latest gadget. Whether £600 is too much for the Penguinistas, remains to be seen.

I think they stand a good chance of raising the money because they’re selling a dream that’s been around in various forms since the dawn of personal computing. One of the early incarnations would be the Apple IIc, which looked a bit like a portable typewriter when cut free from its monitor. With it you could carry your computer back from the office, but it didn’t catch on. Then, came the Tandon Data Pac, a hard disk cartridge. With a cartridge slot in PCs at the locations you needed to work, you could carry the important part of your environment with you. In those days, Microsoft didn’t do anything prevent hard disk transplants, so this was a realistic idea. But it didn’t catch on. Whether there are 40,000 people in the world who still have this dream is a good question.

Now we have laptop/notebook/netbook PCs, which are easy enough to carry in a briefcase if you get the right kind. I have always had the right kind, starting with the Cambridge Z88, moving on to the Sony Vaio and currently the Lenovo S10-3. At around 1Kg, they’re truly portable but although the Lenovo is modern, it was only on the market for a year or two as the 10″ screens format isn’t for well received by the masses. They demands big and fast, and they aren’t really worried about the battery life as long as they look cool. People often ask me “where can I get one of those”, and I tell them. (Currently only Asus and Acer producing a highly portable laptop/netbook). The snag is that when they get one they then “must” run Office 365, or some similar bloatware that a small CPU can’t handle fast.

If you don’t need battery life and the ability to work on the move, but simply want to carry your PC to and from the office, there are small form factor machines also from ASUS and Acer. If you want really small there’s the Fit-PC2 which can actually fit in a pocket. I must admit, I bought one because I thought it was a neat design. These are all Intel based and can run unmodified Windows, and yet they haven’t really caught on either. The Ubuntu Edge will not run Windows; it runs Linux. This means it won’t run Microsoft Office, ever. My experience has shown this is a big problem for a lot of people. There’s nothing wrong with OpenOffice; it’ll work with Microsoft Office files and vice versa. It’s free, whereas Microsoft Office costs and small fortune. Yet in nearly every case, people who I’ve set up with OpenOffice for cost reasons have hankered after the Microsoft version, and most have gone out and bought it (or otherwise acquired it) within a year.

The CPU for the Ubuntu Edge has yet to be announced, but based on size, battery life and heat dissipation it’s very unlikely to be Intel, or even Intel compatible. The only thing that will fit will be RISC, and given the binary nature of Linux distributions it’ll be the second-best choice of ARM. Or will its users be expected to compile everything from source? No. It’ll be an ARM and the models that are capable of running Linux with a GUI at nearly the right speed will still rip through the battery at an alarming rate.

The final nail in its coffin will be the way people currently commute with their computing environment. This comes down to cheap and cheerful thumb drive, if you can find a ubiquitous Windose PC at both ends, or on-line applications such as Google Docs if you’re really serious about it; all your data and applications on every web browser, and impossible to lose at that. If you can find a keyboard and monitor at both ends, you’re probably going to find a web browser anyway so why bother to carrying your stuff on a mobile ‘phone instead? It’s a solution to a problem that has been a “difficult sell” for 30 years, and which has now been solved by the Internet. Okay, this allows you to use an Android ‘phone between PCs, but you could just get an Android ‘phone to plug that gap in your life.

Posted on

Email addresses used by comment spammers on WordPress

On studying the behaviour of comment spammers I became interested in the email addresses they used. Were they genuine and where were they from? Well of course they’re not likely to be genuine, but it is possible to force them to register with an address if they want their comments to appear – even if they don’t. Here’s what I found:

When the spammers were required to register, these are the domain names they registered with:

Domain Percent
hotmail.com 25%
mailnesia.com 19%
Others (unique) 16%
gmail.com 7%
o2.pl 7%
outlook.com 5%
emailgratis.info 4%
gmx.com 2%
poczta.pl 2%
yahoo.com 2%
more-infos-about.com 1%
aol.com 1%
go2.pl 1%
katomcoupon.com 1%
tlen.pl 1%
acity.pl 1%
dispostable.com 1%
live.com 1%
mail.ru 1%
se.vot.pl 1%
acoustirack.com <1%
butala.htsail.pl <1%
cibags.com <1%
eiss.xoxi.pl <1%
justmailservice.info <1%
laposte.net <1%
pimpmystic.com <1%
twojewlasnem.pl <1%
wp.pl <1%

Where the authenticity of the address is more questionable, although the sample a lot larger, the figures are as follows:

Domain Percent
gmail.com 40%
yahoo.com 11%
Other (unique) 6%
hotmail.com 6%
aol.com 4%
ymail.com 2%
googlemail.com 2%
gawab.com 2%
bigstring.com 1%
zoho.com 1%
t-online.de 1%
inbox.com 1%
web.de 1%
yahoo.de 1%
arcor.de 1%
live.com 1%
freenet.de 1%
yahoo.co.uk 1%
comcast.net 1%
mail.com 1%
gmx.net 1%
gmx.de 1%
outlook.com <1%
live.cn <1%
hotmail.de <1%
msn.com <1%
livecam.edu <1%
google.com <1%
live.de <1%
rocketmail.com <1%
gmail.ocm <1%
wildmail.com <1%
moose-mail.com <1%
hotmail.co.uk <1%
care2.com <1%
certify4sure.com <1%
snail-mail.net <1%
1701host.com <1%
cwcom.net <1%
maill1.com <1%
wtchorn.com <1%
chinaadv.com <1%
noramedya.com <1%
o2.pl <1%
vegemail.com <1%
vp.pl <1%
24hrsofsales.com <1%
kitapsec.com <1%
peacemail.com <1%
whale-mail.com <1%
wp.pl <1%
aim.com <1%
animail.net <1%
bellsouth.net <1%
blogs.com <1%
email.it <1%
mailcatch.com <1%
rady24.waw.pl <1%
titmail.com <1%
fastemail.us <1%
btinternet.com <1%
harvard.edu <1%
onet.pl <1%
yahoo (various international) <1%
akogoto.org <1%
concorde.edu <1%
freenet.com <1%
leczycanie.pl <1%
mail15.com <1%
speakeasy.net <1%
yale.edu <1%
123inholland.co.nl <1%
SolicitorsWorld.com <1%
apemail.com <1%
buysellonline.in <1%
email.com <1%
help.com <1%
ipad2me.com <1%
ismailaga.org.tr <1%
live.fr <1%
myfastmail.com <1%
mymail.com <1%
ngn.si <1%
redpaintclub.co.uk <1%
stonewall42.plus.com <1%
traffic.seo <1%
xt.net.pl <1%
a0h.net <1%
accountant.com <1%
alphanewsroom.com <1%
att.net <1%
auctioneer.com <1%
brandupl.com <1%
canplay.info <1%
charter.net <1%
cluemail.com <1%
darkcloudpromotion.com <1%
earthlink.com <1%
earthlink.net <1%
eeemail.pl <1%
emailuser.net <1%
excite.com <1%
fastmail.net <1%
gmai.com <1%
gouv.fr <1%
h-mail.us <1%
hotmail.ca <1%
hotmailse.com <1%
hotmalez.com <1%
imajl.pl <1%
jmail.com <1%
juno.com <1%
live.co.uk <1%
mac.com <1%
mailandftp.com <1%
mailas.com <1%
mailbolt.com <1%
mailnew.com <1%
mailservice.ms <1%
modeperfect3.fr <1%
mymacmail.com <1%
nyc.gov <1%
op.pl <1%
peoplepc.com <1%
petml.com <1%
pornsex.com <1%
qwest.net <1%
rosefroze.com <1%
sbcglobal.net <1%
ssl-mail.com <1%
t-online.com <1%
thetrueonestop.com <1%
turk.net <1%
virgilio.it <1%
virginmedia.com <1%
windstream.net <1%
yaahoo.co.uk <1%
yahoo.com.my <1%
yazobo.com <1%
yopmail.com <1%
zol.com <1%

A few words of warning here. First, these figures are taken from comments that made it through the basic spam filter. Currently 90% of comments are rejected using a heuristic, and even more blocked by their IP address, so these are probably from real people who persisted rather than bots. They’re also sorted in order of hits and then alphabetically. In other words, they are ranked from worst to best, and therefore zol.com has least, or equal-least, multiple uses.

It’s interesting to note that gmail was by far the most popular choice (40%) when asked to provide a valid email address but when this was used to register this dropped to 7%, with Hotmail being the favourite followed by other freemail services popular in East Europe and Russia (many single-use and counted under “Other”). Does this mean that Gmail users get more hassle from Google when they misbehave? The use of outlook.com had an even bigger reduction in percentage terms – again suggesting it’s a favourite with abusers.

Another one worth noting is that mailnesia.com was clearly popular as a real address for registering spammers, but was not used even once as a fake address. This is another of those disposable email address web sites, Panamanian registered – probably worth blacklisting. emailgratis.info is also Panamania registered but heads to anonymous servers that appear to be in North Carolina.

Where you see <1% it means literally that, but it’s not insignificant. It could still mean hundreds of hits, as this is a sample of well over 20K attempts.

If you have WordPress blog and wish to extract the data, here’s how. This assumes that the MySQL database your using is called myblog, which of course it isn’t. The first file we’ll create is that belonging to registered users. It will consist of lines in the form email address <tab> hit count:

echo 'select user_email from wp_users ;' | mysql myblog | sed 1d | tr @ ' ' | awk '{ print $2 }' | sed '/^$/d' | sort | uniq -c | sort -n | awk '{ print $2 "\t" $1}' > registered-emails.txt

I have about a dozen registered users, and thousands of spammers, so there’s no real need to exclude the genuine ones for the statistics, but if it worries you, this will get a list of registered users who have posted valid comments:

select distinct user_email from wp_users join wp_comments where not comment_approved='spam' and ID=user_id;

To get a file of the email addresses of all those people who’ve posted a comment you’ve marked as spam, the following command is what you need:

echo "select comment_author_email from wp_comments where comment_approved='spam';" | mysql myblog | sed 1d | tr @ ' ' | awk '{ print $2 }' | sed '/^$/d' | sort | uniq -c | sort -n | awk '{ print $2 "\t " $1}' > spammer-emails.txt

If you want a list of IP addresses instead, try:

echo "select comment_author_IP from wp_comments where comment_approved='spam';" | mysql myblog | sed 1d | sort | uniq -c | sort -n | awk '{ print $2 "\t " $1}' > spammer-ip-addresses.txt

As I firewall out the worse offenders there’s no point in me publishing the results.

If you find out any interesting stats, do leave a comment.

Posted on

David Cameron on Google Porn

I’ve been watching with dismay David Cameron’s statements on the Andrew Marr show at the weekend; he’s attacked Google and other big companies for not blocking illegal pornography. Let’s be clear: Google et al, already do, as far as is possible. The Prime Minister is simply playing politics, and in doing so is exposing his complete lack of understanding about matters technological and social.

It’s not just the coalition government; Edward Miliband trumped him in stupidity by saying that the proposed plans “didn’t go far enough”, which is his usual unthinking response to anything announced by the government that’s might be popular.

Cameron’s latest announcement is to force ISPs to turn on “no porn” filters for all households (optionally removed, so it’s not State censorship). I’d be fascinated to hear him explain how such a filter could possibly work, but as my understanding of quantum mathematics isn’t that good it I may yet be convinced. Don’t hold your breath waiting.

The majority of the population won’t be able to understand why this is technical nonsense, so let’s look at it from the social point-of-view. People using the Internet to distribute child-abuse images do not put them on web sites indexed by Google. If Google finds any, they will remove them from search results and tell the police, as would everyone else. Paedophiles simply don’t operate in the open – why would they? They’re engaged in a criminal activity and don’t want to be caught, and therefore use hidden parts of the Internet to communicate, and not web sites found by Google!

Examining the illegal drugs trade is a useful model. It’s against the law, harmful and regarded as “a bad thing” by the overwhelming majority. The police and border security spend a lot of time and money tackling it, but the demand remains and criminal gangs are happy to supply that demand. So how successful has 100 years of prohibition been? Totally ineffective, by any metric. With 80% of the prison population on drugs IN PRISON it should be obvious that criminals will continue to supply drugs under any circumstances, if there’s a demand. If anything, proscribing drugs has made it more difficult to deal with the collateral effects by making the trade and users much more difficult to track.

So, if we can’t stop drugs (a physical item) getting in to prisons (presumably amongst most secure buildings in the country) , does anyone seriously think it’s possible to beat the criminals and prevent illegal porn being transmitted electronically to millions of homes across  the country? David Cameron’s advisors don’t appear to have been able get him to understand this point.

Another interesting question is whether I should opt to have the porn filter removed from my connection. The only way such a filter could possibly be effective is if it banned everything on its creation, and then only allowed what was proven safe through. There are generally considered to be over 500 million web sites out there, with 20,000 being added every month. That’s sites; not individual pages. The subset that can realistically be examined and monitored to make sure they are safe is going to be quite small, and as a security researcher, I need to retrieve everything. So am I going to have to ‘phone my ISP and say “yes please, want to look at porn”? Actually, that won’t be a problem for me because I am my own ISP. The government doesn’t even know I exist; there is no register of ISPs (or even a definition of the term). There are probably tens of thousands in the country. So I shall await a call from Mr Cameron’s office with a full technical explanation of this filtering  scheme with interest.

Fortunately for the Prime Minister, his live speech on the subject scheduled for 11am has been displaced by a load of royal reporters standing outside a hospital and Buckingham Palace saying “no news yet” on the supposed imminent arrival of the Duke and Duchess of Cambridge’s first child.