The Security Research Computer Lab at Cambridge University posted an article about industry response to a fundamental flaw in the “chip and pin” system in February. The paper, by Omar Choudary (a PhD student), highlights a flaw in the standard that permits the use of any PIN number. The University passed it to industry two months before publishing.
Now, some eight months later, the only bank known to have addressed this is Barclays. Instead of addressing the issue, the bankers’ trade association feels the best course of action is to tell the University its being irresponsible [pdf] in publishing the information! Given the Streisand Effect, is that not trying to close the stable door after the horse has bolted? The University’s response is an emphatic no, at the moment.
It is interesting that the UK Cards Association feels an offence was committed in proving the vulnerability. I would have thought they’d welcome the information, given their front page statement:
We inform and engage with stakeholders to advance the industry for the ultimate benefit of our members’ consumer and retail customers. Our work includes preventing card fraud, contributing to legislative changes, collating industry statistics and developing industry standards and best practices.
I’ve been having line problems with my ISP – British Telecom. To cut a long story short we see a 75% speed drop, phone BT, jump through umpteen hoops and they reset the profile at the exchange. The fault is with the line and it’s intermittent.
That doesn’t really bother me. The customer support agent told me to use BT’s speed diagnostic tool. Now aside from why their tool would be better, its not really an option as its a poorly written Java applet that doesn’t seem to work with Firefox or Chromium in Linux. Now I dare say I could get it to work but why spend the energy? When I mentioned it to the agent, he told me BT doesn’t officially support Linux and helpfully suggested I keep a Windows laptop handy.
Are you kidding? Keep a Windows laptop handy? There are reasons why I use Linux, there are reasons people use Macs and Windows too – they chose to. What the hell has that got to do with my ISP? I have no software from them, it’s a wireless access point they provide. Do you know what operating system it runs? Linux.
Has anyone else noticed a large amount of ping backs to link farms from Planet Ubuntu feeds over the last few days? I’m getting a fair few. I’d give an example but if I link to a site that takes my posts from a syndicated site and creates posts that are syndicated on other sites I might create some sort of perpetual motion blog post and consume the Internet (it might seem far fetched but what if Robert Morris had stopped to think).
I find these objectionable though – they appear to be WordPress and I guess are using a plugin to pull feeds in and publish as articles. They’re not as bad as flat out plagiarism – which I’ve experienced. Mind you even that isn’t the worst, I once wrote a howto which was CC licensed and I realised it had been ripped off when someone posted a comment on it suggesting (quite strongly) that I had taken it from the thief!
So it occurs to me that maybe this is a WordPress thing. Then again maybe not. Like so many of us I get stuck in my ways and WordPress is like a pair of comfy shoes. Maybe I should try a new platform, so I wondered what was popular out there in Ubuntu-land.
I’ve tried Drupal (I don’t like it, sorry Emma), Serendipity and Pixie (I quite liked that but baulked at the theming system). Mind you I also have quite a lot of time to myself over the next four months, maybe I should roll my own, I’ve hacked around in PHP but have never developed a large project using it.
So let me know, suggestions on a postcard. Maybe just a comment here will suffice.
After writing documentation for many years, once in a while I come across a post on the Internet that makes me wonder why I bother. So I thought we could turn it into a game.
Basically it’s like spot the difference, see how many things you can spot that are wrong with it and post them here.
Here is the post in question and it is a cracker. I can think of several things that are wrong with it but see what you can come up with. Here’s a starting hint – man visudo.
Windows software tends to abstract any kind of technicality from the user, except when it comes to ripping. For some reason, this requires a myriad dropdowns. I’m computer literate and I struggle.
Continue reading “A Windows post (gasp)”
I’ve been away from Ubuntu for a while and just installed Xubuntu 9.10 on an Acer Aspire One. While editing some of the files, I remembered that pressing the cursor keys in insert mode inserts characters.
This is because of vi compatible mode and is easily redressed by adding “set nocompatible” in “~/.vimrc”. I understood from this page that this was the default but I might be misreading. It seems to be a peculiarity of Ubuntu, I didn’t notice this in RHEL, Arch or Fedora (three distributions I use fairly regularly).
Is this an indicator that vim is not perhaps as popular in Ubuntu? I notice that most times I see a guide online it will suggest using gedit, even if invoked from the terminal. Perhaps, as I’m not au fait with Debian, our lineage prefers the compatible mode.
I’m sure its not important and we all have our preferences for editors but I do like vim and wish that this behavior was default. One of the paradoxes with OSS, GNU/Linux in particular, is the freedom afforded allowing us to configure our environments in whatever fashion we prefer creates a diversity that is difficult to train new users, especially between distributions.
Never thought I’d have to publish this on my personal blog but I’d like to draw attention to the license:
For any CC work that you use from this site, please use the following attribution:
This work by Dougie Richardson is licensed under a Creative Commons Attribution-Non-Commercial-Share Alike 2.5 UK: Scotland License. Based on a work at http://blog.lynxworks.eu, permissions beyond the scope of this license may be available at http://blog.lynxworks.eu/about/
I chanced upon a site earlier (not linking to it – as I see no need to further their hits) where my post has been lifted verbatim and reprinted as the owner’s – with my name and as a link right at the end. It’s not asking much that if anything helps you, redistribute it under the same terms and give credit where it’s due.
Certainly don’t want to see someone else’s name attached at the top!
Following my last post…
Things that do not make me happy:
Spending the first of your two weeks leave that you finally managed to get at the same time as your kids in bed sick.
Your clan mates PS3 packing in.
Upgrading to Ubuntu Netbook Remix Jaunty only to find it won’t do wireless any more and that you’re going to need to install it in a VM on another box to write its documentation.
Paying insurance premiums religously only to find that after a genuine accident they don’t fancy paying out because there’s some technicality. Then your neighbour comes for coffee and laughingly tells a story about how they just poured juice down the back of the TV and are getting a new one through their insurance.
In-fighting in teams.
Trying to integrate DokuWiki and Drupal.
Spending several weeks on a calculus paper only to screw up the final result because you transposed a sign for some reason.
Writing a very clever piece of Java only to present it and someone say “why didn’t you use the method in such and such a standard object”.
Being unable to convey why using the same String object in a for loop is a bad idea in a cryptographic system (it creates new instances until garbage is collected)
Consistantly being overlooked because you “don’t have XML/XSLT” skills – despite having a track record with them.
Looking forward to the one damn thing you can eat when you have a sore throat, stawberry ice cream, only to find the store changed their opening times without telling anyone
Lastly, my number one pet hate, so big it deserves its own paragraph.
If I was a plumber, would my colleagues and neighbours expect me to fit a new bathroom for them free of charge? Should I have chosen the carpenters path then would it be reasonable to expect a free conservatory? No. So why is acceptable to expect on call IT support, application development and fixing computers riddled with viruses without so much as a damn beer?