James D. Stallardblog

For the benefit of the record, I am very pro-police and very anti erosion of privacy.

The clamour for removal of around 1,000,000 records from the UK national DNA database is a disaster for the police.

There are so many records in the database, and the Police are so bogged down in paperwork, that they have resorted to DNA as the first and almost the only line of enquiry. DNA has become the evidential panacea to the Police and public, when it is far more susceptible to tampering than almost any other kind of evidence.

This has of course resulted in an unacceptably large number of wrongful arrests and wrongful convictions as contamination during collection, analysis and processing is married to the significant number of inaccuracies in the source database itself.

The reasons for the disaster is as follows:

. Innocent people will no longer be available to accuse without actually doing some police work to go and at least check an alibi before arrest. The Police are so tied up with pointless paperwork and targets only a committee could have come up with, that they don’t have the time to go and be Policemen.

. There is a significant risk that inaccuracies in the source database will cause the records of the guilty to be thrown out with those of the innocent. Paradoxically, this will be used an excuse to keep the records of the innocent in the database.

The problems with a pervasive database of DNA are many and serious:
. You as an innocent party can (and will) be accused at any time of any crime, because a small particle of you, floating on the wind, happened to settle in an inconvenient place. Having been accused, the accusation will be kept on file for ever and will be made available to the criminal records bureau (even though you are innocent of any crime) who will silently and without recourse, bar you from any job involving contact (and potential contact) with children or other vulnerable members of society. It has been estimated that one quarter of all jobs in the uk will come under CRB checking, so you could be forced out of work for the rest of your life.

. No one in the civil service cares one iota about who gets their hands on our personal data, because they are not personally held responsible for it’s safety. History has proven time and again that no responsibility and no accountability, absolutely guarantees that sensitive data will fall into the public domain. If a criminal has your DNA records, who knows what they could be used for. Without exclusive access to the one thing that proves who you are, you have no way of resurrecting your identity after yet another security breach.

. This government has created thousands of laws criminalising various behaviours, but done nothing to stop the causes of those behaviours. It has passed laws to make it illegal for you to deny the Police a DNA sample on arrest (on the grounds of breach of privacy, for instance), but has done nothing to criminalise abuse of the records it collects. This has (as in every case) caused otherwise law-abiding people to be branded criminal for simply protecting their privacy in the most innocuous (and previously acceptable) fashion.

The day we are forced to contribute to a national DNA database of every citizen, is the day the innocent and law-abiding start to leave the country. To stop the bad-guys from escaping, would the last one out please close the door.

With the rising cost of fuel impacting everyone's bottom lines and the increasingly good PR to be had, one of my clients asked me to come up with a centrally controlled power management solution for their Windows XP estate of around 3500 machines.

According to a report prepared for the US Environmental Protection Agency "An organization can save $10 to $50 per computer annually by enabling power management features that place a computer monitor into a low-power “sleep” mode during periods of inactivity". In 2008, the US pays 5p per Kilowatt Hour on average, we pay almost double that at 9.5p (source: www.eia.doe.gov and www.uswitch.com), making the savings between £10 and £50 per monitor, per year give or take the exchange rate fluctuations.

Based on those figures, this represented savings of between £35,000 and £174,000 EVERY YEAR, just in power, just in monitors - not forgetting that those figures do not include the machines themselves and the savings in air-conditioning. Indeed, many businesses only require air conditioning to counter the heat created by all those machines and monitors being left fully powered up.

The big reason why Microsoft never implemented Power Management control via GPO is that GPOs are designed to deliver registry integer and string values and for some reason Power Management settings are held as binary values. This has meant that the only solution to date is a specialist application (and custom GPO template) that can perform the translation between GPO-based registry integer and string values, and the Operating System. It's a messy solution at best.

There is an application out there that does GPO based Power Management, but it requires the application to be installed on every machine and a poorly designed Group Policy template; and after testing it for my client I wasn't happy with the functionality or quality, or the number of times I had to reboot my machine after yet another a terminal Dr Watson failure. The only other solution I found is poorly written and requires a software deployment mechanism to get it beyond a limited pilot.

So, I designed and created a new solution.

The new solution is completely (and easily) centrally controllable by group membership and allows you to set as many different combinations of Power Management settings across your IT estate as you like (vastly more flexible than GPOs). The new solution allows you to centrally control Power Management on machines that are not logged on and for users after they log on. The new solution uses the built-in Windows XP APIs and applications to guarantee compatibility across all Windows XP Service Pack levels with no crashes or any unexpected behaviour. The new solution integrates totally into Active Directory on Windows 2000, 2003 and 2008 and is completely transparent to users. Although power management settings are, by default, only changeable by members of the local Administrators and Power Users Groups, a simple alteration can be made that allows this right for your non-priviledged users without further elevation or compromise of your security. A version that can handle Windows 2000 and Windows Vista will be available shortly.

How much is it?
. A one off consultancy fee to attend your site, install and configure it, and train your administrators. Two days is usually sufficient, more might be warranted in large enterprises with complex environments.
. A subscription fee based on a tiny percentage of the savings to be had, per seat, per year. Significant discounts are available for multi-year subscriptions and large numbers of users.

Please contact me at www.leafgrove.com or using the email link on this entry for more information and discounted pricing.

Is it me or is there a deafening silence, where there should have been celebration?

The long-time bug in DNS that allowed cache-poisoning and effectively allowed an attacker to hi-jack a legit website for their own needs has existed since the start of DNS. The bug is well known and is the result of less-than-perfect design of the solution itself - interestingly not really the fault of the vendors writing DNS Server applications.

Ok, so the bug has now been addressed by the major and most of the minor vendors. The celebration point is that dozens of vendors (many in direct competition) all got together and released a fix for the same bug, AT THE SAME TIME. Think about that for a second, that single fact is nothing short of miraculous. I have to wonder if this example of large-scale global collaboration by vendors is a statistical blip, or the sign of things to come.

While driving home the other day, I saw in the distance, running towards me a naked girl. As I drove closer, the girl continued to be naked and what's more she was being ignored by everyone passing her. As I passed her, I realised that she was fully clothed in a flesh coloured, skin tight lycra running unitard.

I wasn't sure if I should be relieved or disappointed