Blog

Moved site to HTTPS only

Noticed the following tweet the other day:

Thought this would be a perfect time to switch my website to HTTPS only. Previously I have played around with using my own CA, trusting this CA on any computer I use, and then I can generate my own certificates as and when I feel like it.  This is generally alright for personal use, but for public use there is little benefit doing this rather than just using self signed certs.

I found letsencrypt fairly easy to use, the only problem was I had to bring Apache down for a few minutes while I requested a cert – this is a minor thing, but I do host a few other websites on the same VPS I use for my website, so something to bear in mind.  The expiry time seems pretty short too, only extending 3 months into the future by default.

Anyway, it beats paying for a cert 🙂

David Cameron wants to ban encryption

Yes, apparently so.

For those of you who can’t be bothered reading the article, David Cameron would like to ban all forms of encryption that the UK intelligence agencies (MI5/GCHQ) can’t crack.  As far as the Snowden leaks show, that will include things like PGP, OTR Messaging, ZRTP, and also proprietary applications like WhatsApp, iMessage and Skype, although apparantly the latter has already been cracked by the NSA[1]http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-collaboration-user-data, and who knows about the other two, as they’re closed source and can’t be peer reviewed.

In the UK we have already lost the right to not incriminate ourselves due to oppressive RIPA legislation[2]https://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000#Controversy, we are currently one of the only countries in Western Europe to implement internet censorship[3]http://12mars.rsf.org/2014-en/, and seem to be losing our right to privacy in general.  These measures seem to be getting pushed through parliament under the guise of ‘protecting our country from terrorist attacks’, if so, where is the proof that these measures have actually prevented any terrorist attacks?

Personally I encrypt as much of my data as I can, I carry an encrypted android phone & tablet, my laptop is encrypted, I use PGP when I can.  If the government were to make it illegal to encrypt stuff in a way that would prevent them accessing it, I’d probably still use the same tools.  I don’t think I could trust them to not muck up – remember the lost MoD hard drive, amongst others[4]https://en.wikipedia.org/wiki/List_of_UK_government_data_losses?

What’s the point in having intentionally weak encryption?

What about people who want to use Open Source encryption methods (me for one) – forcing all encryption to have a backdoor would all but render the encryption useless, unless we removed the backdoor, which would then be illegal.

What about an employee or foreign diplomat that is travelling across borders, is Mr Cameron saying that they’ll be unable to protect their company or state secrets?  What about Mr Cameron’s state phone, will it be rigged with a method of decrypting?  If so, what if foreign intelligence agencies gain the power to read the encrypted data?

It also sounds like he isn’t a big fan of Tor – the anonymity tool.  Yes it certainly seems to cause GCHQ and the NSA a massive headache, but it positive uses far outweigh the negatives. Things like whistleblowing, political activism in oppressed regimes like North Korea, China and Iran, and also protecting their own agents working abroad from detection are all vitally important to protecting our freedom, and the freedom of others.  We can’t ban something just because it might be used for evil, if we did we’d have no internet or telephone as they might be used by terrorists to collaborate, we’d have no vehicles as they could possibly transport drugs, and we’d not be allowed to leave our homes in case we tried to rob a shop. All of these things are absurd, and so would outlawing encryption.

So David, do you think you could leave the [important] technical decisions to some of your [hopefully] more intelligent advisors?

April Fools

Haven’t seen too many April Fools today – Google have ‘Google Nose‘, but I couldn’t see any good ones on BBC News or anything – they normally have something.  Perhaps with it being the Easter holidays, no-one is in work to make them up!

Looking through the BBC News website there is an article on ‘Real’ stories that appear to be pranks – BBC News – April Fools Day: 10 stores that look like pranks but aren’t.

Hope everyone has a good couple of days off – I think we’re spending today trying to clean/tidy parts of the house that are a little neglected, i.e. the office/study upstairs, which seems to gather all the junk that used to collect in my room at my parents house…

Don’t want to go too far with having the pup, and he’s still not had his second set of jabs, so he can’t really leave the house, other than the garden for weewees!  Can’t wait until we can get him out of the house for walkies 🙂

PC Mark Milton

Was flicking through the news as normal at lunch, and came across the name PC Mark Milton, the name rang a bell, and after having a quick look I found the previous news article…

From 2005:
BBC News

Today’s article:
BBC News

Strange how he was described as the ‘creme de la creme’ in the past, and was extremely lucky to avoid a ban (IMO), but he still seems to be have complete disregard for safety…

Edited to add

I don’t think any of the news places have picked up that this is actually the same bloke…