Presumably the calendar is stored in some database as comprising zero items. Therefore 99p for a calendar is NaNp “each”. (For many products the label will say “4.39 per kg” or whatever is appropriate).
Oops
Anomalous Opinions
Tim Lee makes a good point at Freedom to Tinker – that open systems always seem to be losing until they’ve won – in part because the narrow interests that favour closed alternatives affect the reporting of the battle more than they affect the battle itself. (“The grassroots users of open platforms are far less likely to put out press releases or buy time for television ads.”) But the open systems win for the reasons I talked about the other day in the context of a “child-friendly internet” – the closed systems seem better fitted to customer demand, but they don’t adapt the way the open systems do.
Lee goes on to say that open systems will always win. I’m not so sure about that. Open systems will continue to win for as long as adaptation and innovation are crucial. When (if) the service required by users becomes stable, it seems probable that open platforms – with their complexity and vulnerability – will be supplanted by black-box single-purpose “appliances” that Just Work.
How likely is that to happen in the realm of information networks? I don’t know. Possibly we’ll always want more information. There may be subsets of networked information that can be hived off onto closed platforms, but against that, there’s always likely to be a value in combining information, either on your own systems or upstream. If some of the information you want is on open systems, the rest will need to be able to interact with it.
The Sun was reporting on the publication of the House of Commons’ Public Accounts Committee’s report into the project. I always try to avoid drawing conclusions from newspaper articles when primary sources are available. (Also including the NAO report from last July)
The short answer is that the project is expensive, but Tim is mistaken in looking at it as fundamentally a big pile of desktop PCs.
The project is intended to put all of the Ministry of Defence on a “terminal” type IT architecture, where applications run on central servers, and data is stored only on central servers, and desktop PCs are used to remotely access the servers.
This architecture has two huge advantages: First, it allows data to be controlled. If it never escapes the servers, but is only presented on the PC, the chances of data leaking out is much reduced, and the chance of large bulk data escaping is almost eliminated. This is a great advantage in a commercial environment, and much more obviously so in the case of the MOD.
The second advantage is robustness – since every desktop terminal is effectively identical, alternative working areas can be prepared with a high degree of confidence that users will actually be able to use them when necessary. There remains the necessity of replicated server facilities and data, but that, while not easy, is less hard than duplicating desktop configurations in an alternative locations.
These are valuable advantages, but there are drawbacks. The demands on network infrastructure are much heavier than when applications run locally and communicate with central resources only when necessary to share or archive data. The project involved installing new cabling in every MOD building, right down to shabby old TA headquarters, and the unexpected difficulties of doing that were blamed for the long delays the project has experienced so far.
The other drawback is that, while software can be written to work perfectly well from a remote terminal, most common software isn’t. The user experience is made marginally better by making software more responsive to the user’s incomplete action – things like highlighting buttons as the mouse moves over them, suggesting completions of words as they are typed. These features tend to become obstructive over high-latency links, as by the time the user gets the “response” to a part-completed action he has already gone past that. Also some of the graphical optimisations in the latest desktop systems (Windows Vista’s flashy effects and Linux’s X compositing extensions) work by communicating more directly with the graphics hardware – communication which is not generally possible over the protocols used for remote desktops. The project included provision of customised general-purpose office software for word processing, messaging etc. This also turned out more difficult than anticipated and resulted in delays.
Those points aside, the state of the project is not outrageous. Despite the delays, it is not vastly over budget .
The increase in announced cost, from just under 6 billion pounds to just over 7, is not an overrun, it is caused by the department not announcing the full cost of the project until all of it is contracted – the last billion is for extra work that was always intended, but which was not included in what they said they were going to spend prior to the contracts being signed to spend it. Not incompetence, just dishonesty “in accordance with normal practice” (p.Ev14 of the PAC report).
The relationship with suppliers seems to have been managed better than in the normal public-private car crash. Of course the MOD has longer experience with large private contracts than other government departments. The contractor is paid for delivery, so the 18-month delay has not increased the budget significantly.
Not that everything is rosy. The system, according to Wikipedia, is built on Windows XP. Now much as I hate Windows, I have to admit that it has one large advantage, that everybody is familiar with it. But, in using it as a terminal, and running applications remotely, that advantage is lost. Even if the server applications are running on Windows servers, using a Linux-based terminal is cheaper, more reliable, easier to manage, and more efficient.
Secondly, the system is installed for some users and running, but further work is needed to make it usable for information classified as Top Secret. Security is not usually something that can easily be added onto IT systems – you can add capability to a system, but making it secure is not adding capability but taking away capability – the capability of doing the things you don’t want it to do. It really needs to be designed in from the start.
Having said that, I must admit I don’t really know anything about the “I could tell you but then I’d have to kill you” stuff. There might be some subtle point that makes me wrong about it.
The most significant question was the one asked by Austin Mitchell: given the difficulty of these very large IT projects, are they really worth doing? Sir Bill Jeffery’s reply was “Because there is business benefit in having a single infrastructure and in particular single points of access.” This is undoubtedly true. But is there seven billion pounds worth of benefit? Given the proven risk of these projects going vastly over budget, it would need to be much more. Large private-sector organisations tend to struggle on with a multiplicity of systems. They complain about it, and make powerpoint after powerpoint of rationalisation plans, but in revealed preference the flexibility and safety of multiple systems seems to survive against the genuine benefits of single infrastructure.
Yes, it’s another of those cases where we have to work out whether we’re more appalled by the government’s viciousness or by its stupidity.
Here’s a little primer in email for novices and government ministers:
The Internet, the Web, and email are three different things. The internet is a network that can carry data. The Web is a lot of servers which provide hypertext and media over the internet in response to requests. Email is an addressing system and message format by which messages can be sent between users over the internet.
ISPs provide internet service. Sometimes they also provide web or email services over the internet as an add-on, and sometimes they don’t.
It is quite possible to send and receive email messages without one’s ISP even being aware of the fact. Indeed, most people do. If you have a large site, you probably run your own email servers. You emails go over your ISP’s internet service, but do not use your ISP’s email service, even if it has one.
Conversely, if you use webmail, your email does not reach your network in the form of messages – only web pages. Your messages originate or terminate with your webmail provider, who may well not even be in this country.
Only if you use the old-fashioned POP3+SMTP setup, or your ISP’s webmail service, will your ISP see your email as email. In some cases it might be possible for them, by searching your entire network traffic, to identify and extract email from your network flow. That involves a whole lot of processing that they would otherwise not need to do.
If you use an offshore webmail provider, they can’t even do that, because the traffic between you and the webmail provider is encrypted.
I don’t actually know whether Google, Yahoo and Microsoft, the biggest webmail providers, have mail servers in this country. I suspect not.
Note that if you use email encryption, as I recently recommended, you are still leaving a trail of who you sent mail to and when.
Attempts to get email out around inspection (without using webmail) are handicapped by measures taken to prevent spam. It is quite possible to send mail in the same way a large site does – your mail software uses DNS to locate the recipients’ mail servers, and then sends them the mail directly. However, many ISPs for residential users filter out direct email of this sort, and many recipients spam filters refuse it if it has come from a residential ISP network. This compromise of the end-to-end principle came in some years ago, and did little harm at the time, but as governments become more nosy, the requirement to pass all emails to your ISP’s SMTP server is more of a problem. It just goes to show how compromising important principles usually has a cost in the long run.
I don’t know how well-provided the world is these days with anonymous remailers – they were all the rage fifteen years ago. It might be possible to use TOR to get email out of the local ISP network securely – I will be investigating both these avenues over the next few days.
None of this is because I have anything to hide in my email traffic. As I explained previously, the problem is that if in a year or ten years I do, it will be too late. These channels are awkward to set up, and they have to be done ahead of time.
GPG key is linked to from the sidebar. Ideally you should get me to confirm the fingerprint in person. I carry it around with me, so if you meet me it’s easy to do.
As some bloggers have pointed out, the power doesn’t imply the ability. If your system is secure against hackers, it’s secure against the police. Provided you don’t do anything reckless, like run an open wireless network, or run Windows, you should be safe.
Having said that, it is worth noting that the police have resources that private hackers do not. In particular, they may get cooperation from ISP staff, or other service providers. Even if that theoretically requires further authorization, if they are given, for example, a password, informally and without authorization, they would then be legally allowed to use that password to access your system. In practice, they are unlikely to have to account for how they managed to get the password. When I worked in telecoms, the authorities were given traffic data (billing itemizations) on informal request on a regular basis.
I’m not actually sure what the law is. I’ve been looking at the text of the 2000 Regulation of Investigatory Powers Act, but it’s hard to puzzle out. So I’m relying on press reports.
If you want to keep the police out of your PC, follow normal IT security (use WPA2 or IPsec on wireless, don’t use Windows, don’t run code of unknown origin), and also assume that any passwords you use on external systems are known to attackers, so use different passwords for logging into your box, for remote access, and for wireless. Don’t expose these passwords over unencrypted email. Set good passwords on routers.
There’s another reason for making a fuss about this. Even if your system is safe, most people’s won’t be. That means that over time, it will become accepted that police have access to everyone’s computers. Eventually, the “loophole” that some people actually have secure systems will be “exposed” as compromising the ability of the police to protect us (or to protect THE CHILDREN), and secure systems will be simply banned. This is despite the fact that there is already law allowing the police to demand encryption keys etc. with a warrant.
That sounds far-fetched, but is there any reason why one would assume that a mobile phone was something too dangerous to allow an anonymous person to own? No – only that, for business reasons, it happened to be impossible to anonymously own one until the technology for pay-as-you-go was released, and everyone got used to the idea that phones could be traced. When people are used to the idea that computers can be searched by the police on a whim, they will not mind making it illegal to prevent it.
And just because you have nothing illegal, doesn’t mean it doesn’t matter. Once someone hacks into your computer, they are likely to damage things by accident. That’s always been recognised by the law, which (rightly) considers it a crime even if no damage is done, because of the cost of going over the system and making sure everything is OK. If police plant a backdoor on your system for their own use, it may be found and exploited by criminals. (This was one of the major issues with the Sony CD rootkits a year or two back.) Civil damages are also assessed on the same basis. As well as that, information which is gathered may be misused. A police officer was convicted of using private information for blackmail purposes just recently.
I may come back to this issue tomorrow if I can figure out what RIPA actually says.
The last post, on political structures, was the first one which wouldn’t have been written without my new netbook to write it on.
In fact my train home was more crowded than usual, so I was short of elbow room and had to type most of it one-handed. Nonetheless I was able to get my ideas down, and when I got home I looked up the links I needed and posted it.
I’m using scribefire to blog offline; I’m having one or two problems with it but it’s too early to make any judgment.
He said he wants internet-service providers (ISPs) to offer parents “child-safe” web services. The only feasible way to do that is to have a whitelist-based filter that allows “safe” sites to be viewed. That’s quite doable – I do it myself for my children, using squidGuard. It’s very much better done at the home end than the ISP, because that way my 9-year-old can ask for a site that he’s heard about, and I can add it to the whitelist, but the filtering can be done “in the cloud” if you can’t be bothered to learn how to use a computer. Nonetheless, the filter means that essentially, the boys do not have internet access – only this ersatz “pages from ceefax” version, and with the 9-year-old now 10, the time is approaching that it will have to be turned off for him.
The internet is dynamic. It changes year by year, very significantly. That is what has made it what it is. It is able to do this only because of the fact that, on the internet, anything goes. That’s not an incidental feature of the network, it’s what made it what it is. Anything goes in terms of technology (the end-to-end principle), and in terms of content (creating a web page without getting it approved beforehand by the BBFC).
You can make a copy of many of the most useful features of the internet at a given point in time, without that freedom. But what you have is frozen, dead. As the internet moves on, it can’t keep up. It’s like creating a command economy: when you start you have prices, traces of the market that used to exist. You can plan your economy based on those prices (with whatever adjustments you think will improve things). But where the market would have changed, you can’t see those changes. Over time, your dead market prices will become less and less appropriate to reality.
If anything-goes makes the internet unsuitable for children (and a reasonable person might well consider that it does), the only possible course of action is to stop children from using the internet. Let them revive Prestel or Compuserve for them – that would be more useful than the “child-safe” internet Burnham somehow envisages.
I just got a new PC – an Acer Aspire One. My hope is that I will be able to write blog posts on the train, so there will be a lot more posts on this site in future.
Very early first impressions of the machine: the keyboard (as I type this) is causing me a few problems – I believe it is 85% of normal size. I can touch-type, but I am making about double my normal number of errors as I type. I really don’t like the touchpad, but I don’t like any touchpads. I think I will be learning a lot of keyboard shortcuts over the next few days.
The thing runs Linpus Lite. I’m expecting to use it solely for reading, listening to music, watching video, and web browsing/blogging, and it may well be adequate for that, depending on what the media software is like. If not, I will probably install Debian on it. There’s a fairly detailed wiki page on the debian site about using this machine. Many users run Ubuntu on it, which would be another good option; the problems I had with Ubuntu were to do with running non-standard things on it, which would not be likely to be a problem with the range of activities I expect to use this for.
Dan Goodin at The Register has a very timely article recommending that everyone encrypt their email.
If you think that at any point in the next ten years you might want to send or receive an email message that can’t be read by your ISP, your government, the US government, or a lawyer, then the time to start using PGP-compatible encryption is now.
The reasons for this are:
I came to the conclusion a few days ago, dusted off all my old keys, found that they’d all expired (fortunately, since I’d forgotten passphrases), and created some new ones. I posted a key for sending to this blog, and if you have my personal email address, there is a key for that on the MIT keyserver.
So, if you’re using Windows, read the Register article; if you’re on Linux, install gnupg and enigmail (I’m on Debian and the packaged Thunderbird comes automatically with Enigmail to integrate with gnupg – just turn it on), even if you use webmail, there is now a firefox extension FireGPG to make it easy to send and receive encrypted messages.
So invest a couple of hours now in being ready.
I wish I got more comments, but if readers want to contact me some other way, there is an email address on my profile.
Note the GnuPG key I published (below) has expired: here is a new one:
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.9 (GNU/Linux)
mQGiBE1tc70RBACUO01n7B4LUYgV59hjoCfY4ymr6zmS+99VXk3AjxeRea6wv1/F
eNRSqhqf0roUlEBPp3ADcG1NGhvskuQnsRSduv08uD/GEYBbLmptWErit+98fZ/r
7eBulDc7mflhti9+lEjLZ7PzrSdYVd61HClPv8Lefg3jB5AVPY+SL/CQYwCg0nAe
J0+uYdLbH908zS6JKQyxVnED/3/KGor6cCT4o2ce3uvmMSzXYHzXoOgA6sC0WCeT
nyBmw5Wu8NCJi9apV6xTx93W4g2STnDc4UoVhwegq+dWrKAA1aVkHpBTQXCXR4xP
wwdcrifBRuNBd8ipNX7SmQYfRNy7kU4CAuQAVd6xEgA6MXq7rA2K5nzyVnnpzONE
LF5oA/9ZrjcmTVwyvzenkRuv91O0vPV37jKyHZ16EBBcegUsIJ77WHkDLn947qRm
XFGnh34gy+xTby/XK2xYnTQWsgUMP47j3pnYvUQJ3r2NvLXJkudlf/CKqCcPrdOM
+eNiUc9HPzzhwsHBjaOwdCy0oJENIwYNci1yhnPrRgLDPzOvErQ/YW1jZ3Vpbm4g
KGh0dHA6Ly9hbm9tYWx5dWsuYmxvZ3Nwb3QuY29tLykgPGFub21hbHl1a0B0ZXNj
by5uZXQ+iGYEExECACYFAk1tc70CGwMFCQPCZwAGCwkIBwMCBBUCCAMEFgIDAQIe
AQIXgAAKCRAzTzsrP+VVH3sxAJ9TwkKxl43VOg8jTHqO4DqBQRRxPQCaAraaX8kb
W/cD0sO9PoF/8eXaBmC5Ag0ETW1zvRAIAPADTzGwrBJfTToZJrssWxCB0MLt04Na
9+KTigCEloCligXIG60KjKim0G8HVgyQChasj0vUvWs+3QOwR/E8ibJIpXZvH5pV
qR05oadMHKsKlbryUVr7gHO/ZlCz8n6KrW+zxqN7/SGbF5KyNSt6zFKGVILdbVbu
0qQZLD0KizXsxxexvnjuIYhIO9niunYTtIgWd353zPM0jx7UTmvsUIxoXBj7CD/r
YVE1PEO9AOdbE5fHXJyVjXhPKHyNpdqLqsmXXsgaBzIT49yF1+ciQa86O4FXWmbT
8iEeBH08DlLSP1yP8F576dKqioKJvSYXypnuOBh1AUiBI3FULQiScOsAAwUIAMm+
BQcl71eK7ARPpDxDHKytidamnls0ZbKsXx41wvtkk+SLd9N22o6TFqq6nL8ytKCL
ht//K4GMcIwfShnE1R6LUDDVf97H6w8XzTMUcxCTf8GtpBeR+UUiwr+eZJQW4w9B
geQzM8sHdZSvSxceOoDY/qh1l6BDYPEhDrGtw0c1pETx/0OvphHrsF/qDvBXMy8S
3rPr2IJTiIi9RX3WpfXPpmNee6v0zc1BfVnnO7pTc+47VDfMU3EkTP6DGJ1+q/ch
dakMesNM0gl1dq3d34laffceWfcuuPwXiBm8H/HETzCI2tlhd1EUBZvnU7EuPHGy
kJMVKXdU6QejqH8MO7mITwQYEQIADwUCTW1zvQIbDAUJA8JnAAAKCRAzTzsrP+VV
HzKAAKCCWYF8Tx+uDK6FYqtpWhBo25UW9gCdEwp7F8KCvJEikrxzwWnm7KIgHTE=
=qc0t
—–END PGP PUBLIC KEY BLOCK—–
If you prefer to use encryption, here is an openPGP key relating to that email
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v1.4.6 (GNU/Linux)
mQGiBEkWzIkRBADI7G7tiyCd1N6bbQLlOOkbtq6QJbSk2aCesGN/uz4pivDuJO0f
8OhcY/BjUSOHkpe6w9b7cVNFLd9uUWhx7ElZirwsgbjdy80z30OQSh3J18JcOXW7
o1RgNBGiiXRDqKYH0OhDnsKY1SKEN/tO53dnXkuFFWNUxkPNBTkfrxwGHwCgmZAX
QzZRXjCl/UYR/cgHU+Hdy30D/i0sfiywOyhySfXUW+1QhiqnJ0rYmdai01YMIQzd
FDOlRWOmpMEFq+jCQL2XjqasPizqOKBvqsZyqE8m+aopOpbA5Numibltvbbz+OUG
HOCeHgFSLtwfI0shFEG8WrenJByxd0uI5X4n+3Pcw5JhsMPA9K9KKswEdvjAoS21
mGU3A/wJukCHhl49DjsGkV0VkKEQxs1ImqKlqi5FNxQfg0uCuoeq45BSUOvGc8zD
A8yRPEaRDndJneteR/MYMfnVtpfpac+9SADdTrEkmnBMlPjXtLLxXNF9jvPLhqLq
dn3janDwE/g/SPfoAax/le2GL06vD//8wyYh9rfcJGdiXlQ/T7Q/YW1jZ3Vpbm4g
KGh0dHA6Ly9hbm9tYWx5dWsuYmxvZ3Nwb3QuY29tLykgPGFub21hbHl1a0B0ZXNj
by5uZXQ+iGYEExECACYFAkkWzIkCGwMFCQPCZwAGCwkIBwMCBBUCCAMEFgIDAQIe
AQIXgAAKCRCzyVxQ3AGXKog6AJ9OCwPp/GTbKFQ/8bDWvHszB4XMsgCfQHKsZuFI
A+vOPVyOC7dUaYLH7aO5Ag0ESRbMjxAIAKtI5Fpd35AsVD7gdSRm3kgNMXlUFxGA
HlVBjCriJAEQgA8nkMwC5Y0oXhboU5WCp/M7skxgPRhrX0SGYluFfW68l6T14Bqt
WTgfQm88iCZlZL5fLk5g8HaKzThU9FSbHbfrOmxQaeKIiKvSTEJSUJNRtKaBGD5h
GrJH/FwwESiOqaLeyjZjdB0h7U7Vpi/hsn71fKbuw63uEUIbK7aJ8Y7Qvp7k4MjE
tLeWoEJ1KztbWMJyFp2TMeg96G6LAeXaR+vCrLgCPGXvb1BelWCDhTn5soEQztnd
2boQlAi4nVGwE+SkY/xhkImUuk1/kmxemny70Or9tSglJ8VMFdexlt8ABA0H/AsP
o8wFeDiqQ7bsARYoZa8FfzUB0MnW7v1niTAdmyhFjKlMxDKIxjlN+mvMfRIaXQxk
6vqTuPokSKlBUzpKBOvlUU0yamnFHUldaV0bcB5VLo5rxrxIDE3MyERcna+mbjCY
PwiXNXyxmvxsShIbf6iW78Xg8udOMBmF2nFWSAFCelIX7gdy8XlHYN2xxt3UQOFg
KQfhv1SvMrP64o5ozZgmcqS4OXUXu51MBqMIAhj3H5XYutpFLofVH1Nf8lNDijNz
lszgM5/IWFQvODjZZiRPh2Ht5TkTXqGNh2l7/Gl5LjYI7jz4kWvCT7FFF1ckuPN3
tiZAapPCh6xt9lJtz7iITwQYEQIADwUCSRbMjwIbDAUJA8JnAAAKCRCzyVxQ3AGX
Kg3YAJ97NmvzIrQY33Gsjv3IO74VNV6e8wCePLyOK1ywcH8taXjdL+GxkuHGUEo=
=yAJQ
—–END PGP PUBLIC KEY BLOCK—–
That key has been used to sign the following message (as a sort of check):
—–BEGIN PGP MESSAGE—–
Version: GnuPG v1.4.6 (GNU/Linux)
owGbwMvMwCS4+WRMwB3G6VqMp2uTGDzFLt4KyUhVSMrJT09PLVLIT1NIzMvPTcyp
LM3WAwkWF+SX6CXn5yqUFqcWK5QAlWanViqUZ5ZkKKRl5gG1FBRl5pVwuRmYWyoY
GZi4Kjg5WjorWLgamCq4WJqZKii4mLu6KDgZO1sqmDqbGii4OBsYKliaGzlyddgz
s4LsfwlzkCDTwT0M84P05itnz4/+d6Wmd9aklKXXeLlfmTLML4j+d9C6P7Uh+lvE
9ubJKc6cDRP0AQ==
=miUP
—–END PGP MESSAGE—–