I've just read that one of the alleged bombers was given a Passport and UK
citizenship despite having a UK criminal record. This wasn't a case of identity
theft or identity fraud. It was case of the official process breaking down.

So apologies if this is already in Kim's laws, but I'll add another.

All identity systems contain some identities that cannot be trusted.

In fact it shouldn't be too hard to come up with a Godel style mathematical proof
that this must be true in every case. There may not be anything terribly deep in
this statement, we're really just saying that to be human is to err. But it should
be remembered that there is *never* 100% trust when we're talking about Digital
ID. So we must *always* analyse and allow for the level of percentage risk and
it's implications.

From the IDWorkshop mailing list.

There seems to be a lot of activity at the moment around government driven
identity schemes. In the last few days, I've seen a report on Californian
limitations on rfid based cards. But being a Brit what really interests me is the
UK proposals. This has been given a kick by the recent atrocities. And not all in
favour of the ID cards. Even the Home Secretary has admitted on TV that ID cards
and ID systems would not have made any difference.

These are particularly interesting.
http://www.theregister.co.uk/2005/07/26/overseas_passports_biometric/
http://www.theregister.co.uk/2005/07/25/id_card_goes_icao/

One aspect I find fascinating is the problems they are having deciding where the
source of all subsequent trust comes from. What they are falling back on is that
the whole house of cards rests on the integrity and accuracy of the National
Identity Register which is the underlying database. But they are using security by
obscurity (or simple political spin) to avoid explaining how this integrity is
maintained. As El Reg so eloquently puts it.

"Effectively, it's a system which by design puts all of its eggs in one basket,
and is dependent on that basket being made impregnable via measures which the
Government will never reveal or discuss. Trust us..."

This reminds me of the problems and process obtaining SSL Certs from the major
Cert suppliers. All they were ever really proving was that whoever ordered the
Cert could work a fax machine. But having done that the Cert could then be used to
verify the identity of the holder. So IMHO, the whole trust tree surrounding web
certs rests on a dubious premise and really just looks like a mechanism for
charging fees. This doesn't stop SSL working, but it does limit it's usefulness.

I can understand how PGP's web of trust works. What I can't understand is how any
tree structured ID trust system can work. It feels like "turtles all the way
down". Eventually you get to some body that claims ultimate accuracy. But in the
real world, they can't.

Back to politics, while this is happening, two pledges have started
http://www.pledgebank.com/refuse
I will refuse to register for an ID card and will donate £10 to a legal defence
fund but only if 10000 other people will also make this same pledge. 10724 people
have signed

http://www.pledgebank.com/resist
"I will actively support those people who, on behalf of all of us*, refuse to
register for an ID card, and I pledge to pay at least £20 into a fighting fund for
them but only if 50000 other people will too."
A mere 190 signatures.

A rant from me on this blog entry. Pledge 5 pounds per month to support an organisation that will campaign for digital rights in the UK

For instance, one of the key questions in my list is whether you should be able to time shift TV programs and skip through the ads. We think it's fair use because we've been doing it for years with VCRs. The media industry do *not* see this as an automatic right. And they are actively fighting to prevent us from being able to do this as we shift to all digital HDTV. And as what constitutes a Digital HDTV is not at all clear (PC, DVD player, PVR, iPod Movie, cellphone, linux box, Mac, Xbox, PSP, etc etc) actually preventing us from doing this has some very unwelcome side effects.

I absolutely do not want to be told that I can only use this monitor with that DVD with that hard disk under this operating system and only if I pay that subscription tax to this body that might hand out a proportion to that musician. Today, because tomorrow they changed the rules without asking me for something I've already bought. And then be sent a threatening letter extorting money with menaces if I try to get round it.

Pixelbot - Blog
awesome animated gifs [from: del.icio.us]

Side-Business Software: The neglected software market - Signal vs. Noise (by 37signals)
building software for 1-10 people small businesses [from: del.icio.us]

'I will actively support those people who, on behalf of all of us*, refuse to register for an ID card, and I pledge to pay at least £20 into a fighting fund for them' - PledgeBank
[from: del.icio.us]

Don Young talked at Opentech about Amazon Web Sevices. I wanted to contact him afterwards and found this.

Don Young
* Role: Talking on Amazon Web Services.
* Photos: Can’t find any.
* On the web: None.
* Employment: Presumably Amazon.
* Other notes: None.

Doh! How can you be a Web Services evangelist and have no presence on the web. At all, at all?

'I will actively support those people who, on behalf of all of us*, refuse to register for an ID card, and I pledge to pay at least £20 into a fighting fund for them' - PledgeBank

Let's say that you are against the proposed UK ID card, but don't feel that you can take the radical step of refusing to sign up for one. You may have dependents, a standing in the community or simply not feel strongly enough about the issue to take a stand. Well here's a way for you to support the 10,000 who are prepared to be that radical on your behalf.
[from: JB Ecademy]

'I will create a standing order of 5 pounds per month to support an organisation that will campaign for digital rights in the UK' - PledgeBank

If you ask yourself questions like:-

- Why is it fair use to quote text from a copyrighted book in an article but not ok to quote audio or video in a performance piece?

- Why don't the media companies want you to time shift programs and skip the ads in the future the way you've been doing for 20 years in the past?

- Is it extortion by a cartel or good business for the media companies to sue their customers for doing something the customers don't see as wrong and where the customers have vastly less legal resources to fight it?

- Is the life of the artist plus 20 years really a fair term for copyright?

- Should orphan works where the copyright owner is untraceable be automatically public domain?

- Should the media industry be able to mandate that the technology industry build in support for their copy protection schemes and make it illegal to tamper with them?

- Should the BBC be allowed to give away the content they've generated in competition with commercial interests in the same area and under what license?

- And should all this be decided by some faceless bureaucrats in Brussels in a non-democratic fashion where dissenting voices are excluded?

- And should US approaches to all this be accepted by default in Europe and the UK?

Then consider signing this pledge.
[from: JB Ecademy]

The Clicker: Microsoft's OPM for the masses - Engadget - www.engadget.com

More here. The Clicker: HDCP's Shiny Red Button

Oh. My. God.

DRM control built into monitors and dumb TV screens to stop you watching content controlled HDTV goodness.

And now we've got people talking about adding DRM to hard disks to stop you storing it as well.

I can see (for miles and miles and) a (Microsoft) Vista up ahead and it ain't pretty.

This modern life, eh? Just Say No To DRM. You know it makes sense.

Techdirt Corporate Intelligence: Techdirt Wireless How Dare You Want To Use That Internet Connection! UK Police charge and get a conviction for using somebody's wifi without permission "dishonestly obtaining an electronic communications service and possessing equipment for fraudulent use of a communications service." 500 quids and 12 months' conditional discharge.

Oh good grief... I guess we're all criminals now. I mean I've ripped CDs that say no copying. I've downloaded music I couldn't find anywhere else. I've bought (shock horror) music from Russian music sites. I've used BitTorrent to get the full series 4 of Alias because I kept missing it on TV. And yes, I've sat in the Marriott Park Lane and used a Wifi connection from across the street rather than pay the ridiculous prices for the Hotel's hotspot. I've even been reduced to wandering around Smithfields with the laptop open trying to find an open AP so I could find out the mobile phone number of the person I was supposed to be meeting. My own AP at home is deliberately wide open with an SSID of "1trinityrd.public" which contravenes NTL's internet access T&Cs.

And now the UK Police have nothing better to do but to hassle somebody with an open laptop on the streets. I guess I'll just have to hide in a cafe from now on.

This modern life, eh?

A Discordian Coloring Book - Frame
[from: del.icio.us]

The Principia Discordia
[from: del.icio.us]

TRIZ 40 Principles
oblique strategies for mechanical engineering creativity and innovation [from: del.icio.us]

We are all terrorists now
[from: del.icio.us]

There's a discussion going on here about issues with using Skype when yours is the sole computer behind a cheap firewall/router on broadband. It seems relatively common that you copy of Skype ends up being a supernode helping to switch traffic for people who are behind NAT. In some circumstances the sheer volume of TCP connections can then overwhelm the router. So even though the bandwidth needed is quite small, the effect is that internet access grinds to a halt with DNS and web timeouts. There's a further problem here that people with bandwidth capped broadband are likely to have exactly this sort of connection and may not have any router at all. In which case, first they are very likely to become a supernode, and secondly, even the small bandwidth taken is eating into their cap.

Skype really need to do something to rate limit this or even allow people to reject being a supernode. The problem is that if they do that their whole switching mechanism and NAT busting approach fails if not enough people are supernodes. But in the past couple of days I've had two people say they've had to reject Skype for exactly this reason, so if they don't do something they will be shooting themselves in the foot. In my case, I've now had three instance of this happening in the last 2 days. Fixing it involves killing Skype for 3-4 minutes and then restarting it.

One suggestion has been to go into tools | options | connections and uncheck "Use port 80 and 443 for incoming connections" as this is supposed to bar being a supernode. But it's had no effect for me.

On another note, my son is going to Brunel Uni in Sept. I was scanning the computer network terms of use. In the middle is a statement that goes "P2P file sharing pograms (such as kazaa, grokster, bittorrent, Skype) are expressly forbidden". I'm not exactly surprised, and the issue is likely to be bandwidth as much as copyright issues. Still irritating though to see Skype lumped in with these.

I've been taking a look at OpenID and searching for PHP implementations. Along the way I've come across several programs that are typically only 5-10k long. And I'm seeing a wide variety of copyright statements at the top which basically say "do what you like but leave my name on this because I want attribution". Sometimes there's even a no commercial restriction. I have to ask myself, what are you trying to achieve and what are you afraid of? This all gets particularly annoying in an area where the code is very likely to get absorbed into a bigger system, as is the case with Identity.

So here's a request. If you're contributing code to the world, either use an established copyright scheme like GPL, or effectively make it public domain. Which is why when I do this stuff I typically put a disclaimer in the top of the file that says "do whatever you like with this, I don't care". It would be nice to hav a more formal way of saying this but I've never found a formal way of saying "I renounce copyright over this file".

GoingOn Screenshot
The future of YASNs? [from: del.icio.us]

I've just received this email about the Pledge to refuse to register for the UK ID Card and to give £10 to a legal fund to support those who do the same. They've now got 10,000 signatures. I think the email needs wider distribution.

Thank you all - what a success!

When I started this pledge, I hoped we could show the government the depth and strength of feeling against their draconian ID system, and begin to build a fund to fight a series of legal battles against it. YOU have now done this - and more quickly than I ever dared hope.

Some of you have already asked exactly how the pledge is going to work, and now that we have reached the 10,000 mark I hope you'll bear with me while I explain in a little more detail what we (NO2ID) intend to do:

1) We shan't be asking you for your £10 until or unless the government manages to pass the Identity Cards Bill. It is by no means certain that they will be able to do this - and you can help us NOW to stop them*. Once you send your money in, it would be administratively prohibitive for us to refund it so we only want to ask for it once we are absolutely sure that we are going to need it.

2) All funds that you send will be held in trust, in a seperate bank account administered by an independent third party (a couple of law firms have already offered their services). NO2ID will not mix your pledges with campaign funds, i.e. every penny you give will go towards fighting the Act in the courts, and supporting those who are fighting the necessary legal battles.

3) It is just possible that even if the government do pass this Bill, they may drop the current ID scheme - leaving the legislation on the statute books. In this case, we shall still need to get the Act repealed (it contains some very dangerous powers, even if they remain dormant for a time) and so the fund will be used to pursue that end.

4) Once we have won utterly (no Bill, no ID scheme, no law sitting on the statute books) then any monies remaining in the fund will be dispersed - depending on how much is left - by either donating it to an appropriate charity (we'll hold a vote on which one, should this ever become necessary) or drafting a Bill, the aim of which is to inhibit any future government from imposing compulsory registration and ID cards on the people of the UK.

HOWEVER, this pledge does not end just because we have reached 10,000. We know that many tens of thousands more will refuse to register, and we still want to reach them and have them sign up before the closing date of October 9th, the day before Parliament sits again in the Autumn. The more of us that there are by then, the harder we make it for them to proceed.

We shall also shortly be launching another pledge - one that you may be highly motivated to promote.

Raising £100,000 in a little over a month from people who will refuse to register for an ID card is astounding, but now we want to raise £1,000,000 from people who - for whatever reason - feel they CAN'T refuse to register, but who will wholeheartedly support those of us who do. I know from the comments and direct mails [*please* don't write expecting an answer, I simply can't handle the volume of mail] that there are many people like this out there already.

I'll be notifying you of the URL for the new pledge shortly - DON'T SIGN IT YOURSELF, but see if your friends, family and colleagues will now back YOU up in your fight for our freedom and privacy.

*Finally, I said that there is something that you can do to help us now. Don't forget that we are fighting hard to defeat the Bill so that your pledge may not even be called in. Many of you have said that you'd happily give more than £10, some have already seperately donated and joined NO2ID. If you haven't done so already, please:

1) Sign our petition at http://www.no2id-petition.net and get others to, too.

2) Donate to NO2ID - via Paypal from the front page of our website http://www.no2id.net or by post (cheques payable to 'NO2ID') sent to NO2ID, Box 412, 78 Marylebone High St, London W1U 5AP.

3) If you're able to give £15 or more or set up a regular payment, please do become a member - we hope it will be the shortest subscription that you ever make! Forms and bank details are available online at http://www.no2id.net/getInvolved/join.php or by post from the above address. If you send an SAE it will save campaign funds for our ongoing essential work in Parliament, the media and across the country.

Thank you for your patience with this long e-mail, and my heartfelt thanks for your commitment to fight this thing. Together, I am sure we shall win.

In solidarity,

Phil Booth
National Coordinator, NO2ID

[from: JB Ecademy]