Sir Clive Sinclair’s ZX Spectrum Vega Plus: Are You Ready To Go Back to Skool?

As many (now old) kids of the eighties I was part of the ZX Spectrum tribe (are you still there, Commodore folks???) and if now I do what I do for living, I have to thanks Sir Clive Sinclair‘s genius that through his glorious microcomputer showed me literally a brave new world.

Now he’s back with the ZX Spectrum Vega project: a crowdfunded project to manufacture a console with a thousand of original “old time” games.

I hope that the project will raise enough money to actually release the Vega Plus, but even if it doesn’t, offering support (as I just did) is a way to say “thank you Sir Clive!”

Is The IPhone Criminals’ Weapon of Choice?

According to NBC, Apple has been ordered by a federal judge to support the FBI in decrypting the Iphone used by the people accused of having slaughtered 14 people in San Bernardino, California, last December, 2, 2015. The court order has been necessary since Apple refused to voluntarily provide such support.

These are the bare facts, that have been turned into a horse of different colours by  bad-faith anti and pro encryption activist. The former sang the usual song “Strong Encryption Smooths Criminals”(FBI Records), while the latter waged the old flag “Weak Encryption Affects Civil Rights”.

The federal court neither asked for a backdoor nor for the enforcement  of a weaker Iphone security, but just said Apple to support the after-crime investigation. This court order doesn’t hampers people’s legal right to strong encryption, because the justice said something like “you have the right to own a strong safe, but the State has the right to try to open it whatever the mean in case of a criminal investigation”. In this context, then, the fact that Apple has been ordered to provide support to the FBI is not constitutionally illegal.

I still support strong encryption for the masses (and for companies too), but I don’t think that making a case out of this court order might help the civil right cause. It only works as as a (maybe unintended) advertising stunt for Apple that can portray itself as a “privacy shield”.

Staying Under the (Mainstream) Radar

Staying under mainstream radar while releasing meaningful and original contents is a good way to attract people actually interested in your activity, thus making easier – as Seth Godin said – turning strangers into friends and friends into customers.

An empirical look at the way people and companies use profiling and stats suggest that to get more traffic (i.e. pay-for-click ads) contents are shaped just to attract people rather than to provide actual information.

Think of the usual effects of looking at your analytics: you take note of the queries made by users and you shape your content accordingly, to be sure to attract people who use these words. The price you pay for being that “smart” is that you’re not the one who controls the content of your website because you let the users (or, better, Google) do it on your behalf.The result is that all websites are made equal and turned into some sort of digital brochure. In other words, is the tail that is wagging the dog.

Personally, I’m more at ease with Henry Ford’s quote

If I had asked people what they wanted, they would have said ‘faster horses.’

Upcoming Data Protection Regulation to Hampers Genetic and Pharmaceutical Research

The privacy hysteria that since twenty or so years affects policy makers and data protection authorities, reached a new peak with the upcoming data protection regulation whose text has been published last Dec, 18, 2015.

While, thanks God, the text clearly states that “biosample” as such aren’t “personal data”

genetic data should be defined as personal data relating to the genetic characteristics of an individual which have been inherited or acquired as they result from an analysis of a biological sample from the individual in question, in particular by chromosomal, deoxyribonucleic acid (DNA) or ribonucleic acid (RNA) analysis or analysis of any other element enabling equivalent information to be obtained

Nevertheless there is no clear reference to the fact that genetic (and, in general, health-related) researches can’t be pre-emptively limited to specific processing since scientists work with microscopes and not with crystal balls.

The result is that every research project that deals with patient (and patient’s relatives) records might face enormous bureaucratic burdens every time a new path of study emerges from the current one.

Furthermore, the regulation says that:

Member States may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or health data

In other words, then, we will likely face a flood of local regulation that will make harder to perform researches that save human life.

Sure, there will always be the possibility to challenge in court the letter of the law, claiming that no provision can be interpreted in such a way to endanger human life and that data protection, in constitutional terms, is a “lesser right” when compared to the right to health. But this takes time, money and an open-minded court.

In the meantime, scientists will either slow down their activities or risk to be taken in court.

Does it make sense?

Italian Digital Signature Software Exposed to Man-in-the-middle Attack?

An independent researcher compiled a list of known Apple OSX-related vulnerabilities, including one that affects the Sparkle Updater Framework.

I’ve just checked my Mac with this command

find /Applications -name Sparkle.framework

and found that DikeX, the old version of the digital-signature tool released by Infocert S.p.a., uses Sparkle. I don’t know if the software is plagued by the bug, but this is exactly the point: nobody from Infocert just warned users with a single word about.

Alitalia’s Marketing Strategy and Cipolla’s Third Law on Stupidity

If you book the Alitalia’s cheapest fare on a flight it might happens (twice in two weeks, to me) that you aren’t entitled to get a decent quantity of miles for the Mille Miglia frequent flyer programme and mandatory given an (often) uncomfortable seat.

This Ryanair-like attitude (everything is an optional) might make sense for long hauls or mid-distance travels, where the passengers are available to pay a surcharge to board first or get some other goodie. But is completely useless for one-hour, taxi-like flights, were people go for the cheapest fare, and either don’t actually care about being good seated or earning a few miles.

Of course, Alitalia must justify the different fares for exactly the same thing (moving people from A to B), but this should be done by adding something more to the standard, and not by lowering the quality of the service first, and ask for more money to get something that was always been taken for granted until yesterday.

To put it short, letting a few “privileges” for the short-distance travelers wouldn’t have done any harm to Alitalia’s pocket, while it would have made people’s day better. Instead, the company chose to worsen its customers’ travel experience, without getting an actual benefit. This affects the passengers’ loyalty to such a company, and as soon as people is offered alternatives, they will surely catch it.

A classical application of Carlo Cipolla’s Third Law of Human Stupidity.

 

Why Him? (Marco Carrai, Matteo Renzi and Cybersecurity in Italy)

The appointment made by Italian PM Matteo Renzi of Marco Carrai as head of the Italian cybersecurity raised a storm of criticism and concern among the IT Security “professionals” that started complaining about his lack of competence, conflict of interest and so on.

Many of the complaints (a few of them I’ve heard privately, from people that called me for that purpose), though look more like a “why him and not me?” or “what does he have more than me?” instead of a serious analysis of Carrai’s adequacy-for-the-job.

He might not be the right person for such a role, but he is trusted by the prime minister and that is all that matters.

Not the first time, not the last time but – above all – not the first critical sector where such things happens.

 

Blogging vs Social Networking: different tools for different goals

Blog and Social Networks are very different tools of expression (and, for what it worth, online marketing.)

A blog gives you absolute freedom and exposes your thoughts to potentially a huge quantity of people. People, on the other end, can enjoy the things you do without necessarily disclose their identity, unless they actually want to do.

A Social Network page/profile, instead, implies that the majority of your audience is made by those you already know or, at least, you are acquainted with. Yes, I either know about the existence of “public” pages or the possibility of “following” somebody else, but this doesn’t change the point.

To blog is more like living into the wild, where you can meet other peers, predators or none at all (and in this case ask yourself why are you still blogging if nobody cares.) While “living” in a social network is fairly safer but actually less challenging because of its “Walled Garden” design.

While is obviously possible to use a blog to stay in touch with people and a social network to publish contents aimed at a (personally) unknown audience, it would be more efficient to use the proper tool designed for the specific task.

Unless you are left without options, why should you use a hammer to cut a wire and a screwdriver to hammer in a nail?

Become an IT security guru in 10 steps

Become a legal IT security expert doesn’t need a lot of effort and, with the due care, you can build your legend in a short time-frame following ten easy steps:

  1. learn the lingo (security is a process, not a product; don’t use simply-to-guess password, is your company ISO-27000-1 compliant? and so on),
  2. give yourself an “authoritative” demeanor and look (always talk in a “visionary” way, making people feel like they still live in the stone age) and dress accordingly,
  3. Talk legalese with techies, technical with lawyers,
  4. attend (possibly) international IT technical, legal/management conferences and try to get as much pictures as possible  of you with reputable people although they don’t know you, and regularly update your facebook/google+/blog with those pictures,
  5. try to give a speech at some university students association, so you can claim to be an “invited speaker” at the university (without mentioning the name, of course),
  6. create your own “digital-something organization”, become its chairman (and sole member, BTW) and champion for digital human rights,
  7. flood the newspapers with press-releases that will be regularly ignored until some journalist that is out of time to finish an article stumbles upon your statement, thus promoting you at the level of “source”
  8. try to catch-up with some low-level civil servant involved in trivial stuff related to the trade, give him some vapourware hint that makes him look smart at work, and use him as a source of petty-information that let you look like you’re part of the “inner circle”,
  9. try to have as much as possible Linkedin connection,
  10. get the European Computer Driving License (at least, you must know how to switch on a computer to work in this field, don’t you?)

By following these steps you start a loop where your legend become more and more solid up to a moment when you will be considered a “guru” and nobody will ever check your actual background.

And don’t worry, if you ever get a client, as soon as you stay stick to these ten commandments you’re safe: nobody will ever challenge the outcome (if any) of your work, because nobody will ever admit to having being fooled into hiring a fake…

Why Italy Already Lost the World(Cyber)War

We (Italians) can of course continue to lure ourselves into believing that dealing with “password policies”, “critical infrastructure committees” and “mandatory security measures” – just to name a few buzzwords – is enough to grant a decent level of security for our networks.

We can continue, after twenty years, to listen at – and say – the very same bull… stuff we used to say in the pre-internet era about ICT security (don’t use easy passwords, don’t write it on a post-it, use an anti-virus, etc.)

We can, definitely, keep going in waiting for the next “IT guru” or “magic box” that will make the bad guys disappear from our computers.

But we still continue using flawed software and operating systems without making the software houses pay for their faults (disguised as “features”.)

We still buy things and boxes (read: hardware) believing that just because of that “we are safe”.

And we still keep a blind eye to the actual quality of the IT security in public institutions.

Two options as a conclusion: we’re either stronger than we appear to be or we are incredibly lucky.

But luck doesn’t last forever, and we need to be lucky every single minute of the day, while the attackers, just once.