Thursday, February 28, 2008

Trust me not

The biggest problem with the ID cards being proposed by the UK government is trust, and here is a great example of it being misplaced ...

The public have been trained to trust the "Chip and PIN" (C&P) system of card payment authorisation. The banks in the UK have sold the idea that C&P is totally safe and thus any misuse of a card and it's PIN is the responsibility of the card holder. Under a deluge of relentless marketing the public have indeed come to trust C&P. Of course the public should not have been so trusting, as is now clear.

If you have time, do watch the BBC Newsnight video on this subject. (BTW, Jane Badger is not a relative of mine, as far as I know).

... For every mention in the video of the term "Chip & PIN" replace the term "National Identity Card", and you have a flash forward to a sampling of the kinds of identity theft problems that any national ID card will cause.

It is not the technological weakness of such systems that cause the big problems, it's the trust we the public place in them.

And as an aside, I had a C&P transaction fail just last week in London. I immediately went to my bank and said I wanted a note on my file that something weird had happened at the particular store. The response from the bank staff member was initially that I should not worry because C&P is perfectly secure (in fact she was rather annoyed that I was bothering her with such a 'trivial' matter).

Trust them not.

UK ID card strong points

The centralised UK identity card proposals are pretty stupid in every dimension. The strongest bits are probably the IT security measures:

Minister defends National ID Register security | The Register: "Meg Hillier"

... but IT security is the smallest part of the problem. Look at the recent security leaks and personal data losses and you'll see hardly any cracked systems. Mostly the problem is people being asked to look after highly valuable data and either being corrupted or making a stupid mistake.

So the fact that great care is being taken to make the IT parts of the proposed system secure just makes the most secure bit more secure (perhaps). The gaping holes are elsewhere.

If there is an ID card system (and I hope there is not) then it should be distributed to minimise the value of the data in any one place. All the personal data should be under the control of the individual subject (e.g. on the card itself) and this should be digitally signed so that if a duly authorised person wished to see the data they can ask the subject, get the data from the card and verify that the data is good.

Tuesday, February 19, 2008

Sydney STUG meeting on Tuesday 26th

The Sydney Smalltalk User Group will be having one of it's irregular meetings on Tuesday 26th Feb at the James Squire Brewhouse at Kings St. Wharf in Sydney. The meeting will be in the Ward Room which is at the back of the pub and will start at 18:30.

Andrew McNeil has made the arrangements and as he says:
Speakers so far who have put there hands up -
Michael Lucas-Smith -- Seaside / Web Velocity
Myles Byrne -- a code browser written in squeak and seaside
Bruce Badger -- Slaps, the Smalltalk LDAP library and a summary of progress on the Smalltalk ANSI standard.

Cincom is even supplying a new nibbles to kick things off, so get there early.
To keep up with such events join the Sydney Smalltalk User Group mailing list.

Sunday, February 17, 2008

Grunt

In Australia, a car with lots of low end power is said to have "grunt".

For example, the taxi we just took from Sydney airport demonstrated enormous acceleration from 0 to about 20 KPH swiftly followed by a demonstration of heavy braking. This was repeated for the whole journey through heavy traffic to the CBD. This was grunt in action. It made me feel quite ill.

London black cabs have fairly small diesel engines which accelerate the cabs quite well, but compared to the Sydney cabs the acceleration is pathetic ... but, the passenger experience in a London cab is much smoother because the driver must nurse the momentum of the cab, so no violent acceleration and less heavy braking. Less scary too.

It also helps that London cabbies almost always know the way

Friday, February 15, 2008

In my lifetime

More thoughts on the extension of copyright terms:

Copyright really is a deal with the public where the holder of the copyright gets a temporary monopoly and the public get to have the work in the public domain when the copyright expires.

I think that there should be a chance of seeing both ends of the deal. By that I mean that the tunes I heard when I was a kid should have entered the public domain during my lifetime (assuming three score years and ten).

The Register adds their view:

EU commissioner backs record biz on copyright extensions | The Register

So the big winners in any term extension will not be the starving artists, who will continue to starve anyway. The big winners will be the record companies and a small handful of super-stars.

I think a reduction to 25 years for all new copyrights would be a better move. This could be introduced over a long period to avoid any big bangs. While I may not see the music of my childhood in the public domain, it should be a goal to ensure that future generations do.

Thursday, February 14, 2008

Copyright dilution

Copyright is supposed to be an incentive for creativity. The current term of a copyright is so long that people have a reduced incentive to be creative if they have had one or two smash hits (whether music, literature or software). e.g. the oft cited, and rather wealthy, Sir Cliff Richard.

So, yes, change is needed. But not this:

BBC NEWS | Business | Bands set for longer music rights

Extending the term of copyright reduces the incentive to be creative and so dilutes the value of copyright to the public at large, the very same public that is supposed to be represented by people like Charlie McCreevy, the European Union's internal market commissioner.

The commissioner wants to extend copyright terms because, he claims, the moral rights of the performers are at stake, but what about the moral rights of EU citizens? So a few wealthy people want to get even more money from their existing body of work, but what about the other side of the coin - what do the public get out of this that they do not already have?

Just like home

I think my namesakes keep a tidier home than I do! ...

BBC NEWS | Science/Nature | Secret lives of badgers revealed

... though we have less fighting and we do tend to use electric lights at night.

Study protocols with bridges

While working on the Slaps LDAP library I wanted to study the messages exchanged by current implementations of the LDAP protocol, capturing LDAP messages and adding them to the Slaps SUnit test suite before building a Slaps instance to directly respond to the client. I have done this using a couple of bridges that can sit between any client and server and capture messages. One is the octet bridge and the other is a parsing bridge.

The octet bridge does not try to understand the messages flowing back and forth between the client and server but looks out for bursts of traffic. These bursts are then logged using the OpenSkills logging library. Here is an example of a captured burst between the ldapsearch LDAP client and the OpenLDAP server:
<OSkByteArrayLogEntry>
<t>Thu, 31 Jan 2008 05:52:38 GMT</t>
<x>303E020101633904000A01000A01000201000201</x><p>0....c9.............</p>
<x>00010100870B6F626A656374636C617373301904</x><p>......objectclass0..</p>
<x>17737570706F727465645341534C4D656368616E</x><p>.supportedSASLMechan</p>
<x>69736D73</x><p>isms</p>
</OSkByteArrayLogEntry>

This sample can then be added to SUnit tests for the Slaps parser. Once we have captured the messages for an exchange we are interested in, perhaps a client logging into a PostgreSQL database and PostgreSQL then issuing an LDAP request to see if that client can indeed login, we can set up the SUnit tests and make sure the Slaps parser can handle the various messages in the flow.

Now we can use the parsing bridge instead of the octet bridge. Instead of looking out for bursts, the parsing bridge relies on the Slaps parser to know when a complete message has been received. The parsed message is then re-encoded by the Slaps library and sent on it's way. Once we have the entire exchange passing to and frow through the parsing bridge without any problems we know we can reasonably handle the messages in this kind of request.

The last step is to use the Slaps library to respond to the LDAP messages directly. For example, in the case of OpenSkills we want to manage access our internal Store repository. With Slaps we can refer to the objects that make up the membership system to answer an LDAP authentication request from a PostgreSQL server.

Using bridges and SUnit testing to build up support for a protocol is not limited to LDAP and Slaps, and could be used for any streaming protocol. These techniques are not new, of course, but it is nice to have this all working smoothly in my Smalltalk development environment. It certainly makes working on Slaps much easier.

Wednesday, February 13, 2008

Another crook magnet

Here we go again. This time the UK government want to create a valuable concentration of personal information about school children:

Government wants every English child on 'secure' database | The Register

This will be yet another valuable source of identity information for the villains of the world. A really bad idea.

How about this instead: For each subject (initially a child student) there is a digital file. The subject (once 18, or their guardians before that) may have a copy of this file and the current places of learning may have a copy of this file. Nobody else. As the subject progresses through their education, records may be added to the file by the people teaching them. Each record is signed using OpenPGP. Each person who may sign such a record must have their key signed by an approving authority and their key must be on a public key server.

When the subject moves from learning to working they may wish to submit some of the records to a potential employer (for example records of recognised qualifications but perhaps not the results of a spelling test taken when they were 12). The employer can verify the education record by confirming that each record was signed by someone who, at the time, was authorised to do so.

Once the subject leaves education and becomes an adult the file must not be retained in any form by any party without the authorisation of the subject.

Clearly, the subject should be very careful indeed to make sure that their file of education records is safely backed up since if they asked for every copy to be destroyed, and they then lost their own copy, the file would be irretrievably lost.

But I think such a distributed system would be much better than another centralised government system and crook magnet.

Tuesday, February 12, 2008

London Congestion Charge improved?

Ken Livingston, the Mayor of London, has announced changes to the so-called "congestion charge" for central london:

London Congestion Charge becomes CO2 tax | The Register

This has been a very confused programme. It certainly has not prevented congestion in the City of London where I live and work, and many people think the charge is just a ruse to raise more tax.

I'm comfortable with the idea of a charge to reduce the impact of traffic on the City, and this new change seems to be an improvement. We will see.

... but I would prefer to see a scheme where the overall polution impact of a vehicle was assessed in terms of:
  • Air pollution (which is what this new change does)
  • Sound pollution (Harleys pay more than BMWs)
  • Size (Hummers pay more than Minis)
The new CO2 based system must have some way of working out what charge applies to each vehicle, perhaps by make & model, and this same catalogue could hold size and noise data.

Lastly, the scale should be sliding. By that I mean that over time the tolerance for air pollution, noise and large vehicles should be reduced.

But Ken's CO2 move is a step in the right direction, I think.

Monday, February 11, 2008

Microsoft & email protocols

Few things have existed on the Internet for longer than email. Standard protocols such as SMTP and POP have been with us forever it seems, and even the relatively new IMAP is widely used. Email interoperability has been working pretty well for a long time.

Microsoft bought HotMail, who at the time were using BSD and were conforming to the expected email standards. Microsoft have changed that:

Hotmail vs Live accounts � FastMail.FM Weblog

So much for bleating about their desire for interoperability. Once again, Microsoft's actions speak much more loudly than their words.

So, what could we expect if Microsoft were allowed to buy Yahoo!? More warm words about interoperability no doubt, but much more chilling action pulling in exactly the opposite direction, if history is any judge.

Wednesday, February 06, 2008

Fix My Street and more

A group called My Society have put together a number of really useful sites to help people interact with all levels of government in the UK.

A pedestrian crossing close to where I live has a broken request button. What to do? Who to call? It's Fix My Street to the rescue! I just enter my post code, click on a map to set a flag pointing to the offending crossing, briefly describe the problem ... and Fix My Street sends a report to the appropriate body (the City of London in my case). Brilliant! The system lets the council respond to the problem by, for example, saying when and how the problem was fixed.

Another application from My Society is Write to Them. Again I start with my post code and in this case I get a list of all my representatives including local aldermen, MP, MEPs etc. I click on one of these and a letter template pops up with the correct form of address in place. I just need to enter the essential text of my message. After confirming that I really want to send the message (by sending me an email message), Write to Them send off the message to the representative. After a couple of weeks Write to Them sends me another email message asking if I heard back from my representative, adding my response to a database which records who is good at responding to the people they represent and who isn't.

My Society has other systems too, and what they all have in common is providing a very easy to use wrapper around public services that should be easy to use anyway, but often are not.

Tuesday, February 05, 2008

Oyster vs. Nat West

I got an email message from the Oyster card system this morning. It seems that the "auto top-up" failed. No information about why. I followed the link in the message and was simply asked to reconfirm that I really did want the payment to go from the card I had nominated (the one they said had "failed", remember?). I clicked on the "yes I really did mean that card" button and was told that all was now well, except ... there is still a "payment failed" message showing on the screen.

To the phones. TfL have one of those for-profit phone numbers that mean that they earn more money when they force their customers to call them, and also by keeping them on the line as long as possible. After jousting with the options for a while, I went for the one I knew would work right away; the "I want to buy something from you" option. Sure enough, a real person answered. This person was very nice and said that everything looked fine on the card, but she was unable to tell me what the problem was with the payment, for that I had to speak to another department. I managed to persuade this person to just put me through rather than go through the monster phone system again. And she did.

And so I sat in a queue waiting to talk to another person. I waited several minutes (with the Reassuring Messages and the Calming Music) because this is not a "let me give you money" number. In the end I speak to someone who tells me that everything is just fine, and that I have no need to worry. But wait a minute, I say, what was the problem that caused the payment to fail? No idea, he says. The only people who could answer that are a department that will not talk to customers (I kid you not).

At this point I am taken by surprise as the operator tells me that they will walk over to the hidden department and ask them what the problem with my payment was, and he will then call me back with an answer in just a few minutes. Gosh. Sounds good!

... and he called back! Holy moley. It seems that my bank refused the payment because of some kind of anomaly with my address. I need to sort this out with my bank. OK, I say, so what is the reference number of the payment that the bank rejected so I can call them and ask about it? I don't know, he said, ... but I'll go and ask and call you back again. Knock me over with a feather.

... and he called back again! I was not surprised at all to hear that there was no reference number for the payment request (well, of course there is, but I was not surprised to be told there isn't one) and that I'd just have to call the bank and mention TfL and the date. So, top marks for Derek (for it is he) for being the best customer service representative I have dealt with for many years. Big pat on the back there. However, no brownie points for TfL whose systems should have saved me from having to bother Derek in the first place by giving me a reference number I can use to call my bank.

At this point I should be able to go via an on-line banking system and see exactly what the problem was by entering the id of the failed transaction, but no, no such system exists, even if I did have a reference number. And so to the bank and yet another for-profit phone number. The bank spends ages digging through their systems while I am on the phone. I get bulletins every few minutes as they look through one system after another. In the end, they can't see any problem, can't see any rejected transactions. No idea. What should I do? Call Oyster because they will know exactly what the problem was at their end. Can I get Nat West to talk direct TfL to sort this out? Not a chance.

In the end I just have to be happy that both my bank and Oyster think that my accounts are in a good state. Nobody knows what the problem was, and only I care.

So, what can we learn from this mess? First that good customer service is important and apreciated (thanks again Derek). Second that if a customer is presented with a problem there must be a way to understand what the problem actually is (or was) so that there is confidence that the problem will not re-occur. Lastly that bouncing a customer back and forth is not nice. One or other of the organisations should have offered to call the other and get to the bottom of the problem.

BTW, the other matter with Oyster/TfL is still outstanding. Very poor show indeed.

One last thing: standards. If there was a standard for exchanging financial information it could include a reference number which would be valid regardless of whether the transaction was accepted or not. In cases where a transaction fails I could receive the exact data structure that (in this case) Oyster tried to send to my bank. That would be a big help.

Friday, February 01, 2008

Slaps speaks

Slaps is a Smalltalk LDAP library that can be used to implement either LDAP clients or LDAP servers. Slaps talks directly via sockets to other LDAP clients and servers.

Today I have Slaps talking nicely with the command line ldapsearch and OpenLDAP. Woohoo!

There is still more to do, but from here on it should be a matter of extending a working library rather than nutting out fundamental problems.