Cookies: Ask Me Every Time – by law?

2009-11-20 by mjr

SME Web – Internet advertisers: New cookie laws approved: reports that:

“internet users will have to provide consent to cookies being stored on their computers. This could result in them being bombarded with pop-ups seeking their permission to accept the cookies.”

However, the site doesn’t link to a text supporting that interpretation. The only reference is to a directive which doesn’t seem explicit.

Further, the article states

“The current EU telecom law allows the use of cookies if web users are notified of them and are able to opt-out. “

but there are tons of sites which don’t comply with that and are simply broken if they can’t store their cookies. That includes several gov.uk ones – very annoying, but surely there wouldn’t be so many if it was illegal, would there?

Is that article accurate and does anyone have plain English that I can send to gov.uk webmasters to persuade them to fix their sites?

Posted in Web Development | Tagged , , , , , , , | Leave a comment

A browser tip I should have known before…

2009-11-18 by mjr

I knew that / (slash) activated the Quick Find in Firefox and its close relations, but I didn’t know that ' (apostrophe) activated a Quick Find (in links). That’s quite helpful when jumping through web admin interfaces where I know which links I want, I’m using the two-handed keyboard (not the one-hander) and prefer not to jump between keyboard and mouse.

I don’t see that on the menus anywhere, so how was I meant to find it without digging through the manuals? What other speed-up shortcuts are lurking in common applications? Is there something like Emacs‘s where-is function (c-h w) for Firefox that will tell you where to find something?

Posted in Web Development | Tagged , , , , , , , , | 7 Comments

Congratulations Peter Marks, UK Business Leader of the Year

2009-11-13 by mjr

As well as being a member of TTLLP, I’m a member of the Co-operative Group, which (amongst other things) runs the co-operative shops in areas where there is no regional cooperative society, including Weston-super-Mare and Worle.

Congratulations to our Chief Executive Peter Marks for being named Business Leader of the Year this week.

Co-operatives employ 10% more people in the world than all the multinationals and their subsidiaries put together (according to according to Peter Couchman). It’s nice to see our business success being recognised in popular awards.

Posted in Cooperatives | Tagged , , , , | 1 Comment

SPI November 2009

2009-11-11 by mjr

An announcement for this meeting just dropped into my inbox with “Apologies for the lateness of this announcement; some crossed wires”.

It will be in #spi of irc.oftc.net as usual, at 2000 UTC. The agenda is available online and someone will email the logs to spi-general afterwards.

Posted in SPI | Tagged , , , , , | 1 Comment

PDF: how can we avoid over-using Pretty Difficult Files for citizens?

2009-11-11 by mjr

With the more political/government side of my work for our co-op, I often send emails like this:

“Please can you resend the information as plain text, ISO OpenDocument, html, PDF or something else standardised? OpenOffice.org can load most Microsoft Office and save as ISO OpenDocument and PDFs. If you’re stuck with Microsoft Word or some other uncooperative Windows software, you can get a free and fun print-to-PDF add-on from pdfforge.org and a choice of free and fast PDF viewers from pdfreaders.org.”

I emphasise PDF because it is pretty easy to generate from lots of software, but this is very much a last resort. It’s almost always better to have the original data in a simpler format, or as a web page. At least then it has some structure beyond simple presentation.

I hadn’t realised this was a general problem with governments until I saw PDFs are bad for open government, says Sunlight Foundation in US on Free our Data blog last week. Should I change my request to emphasise the original data files?

At our village council, we’re only just starting to get files electronically instead of on paper. Is there a useful practical guide I can give to our officers and reporting members to help us get it right from the start? They’re using the spread of systems and software typical of a council with no specialist IT officer. I’ve not found a guide when I’ve been looking, so I’d appreciate any pointers.

Posted in Cooperatives, SPI | Comments Off on PDF: how can we avoid over-using Pretty Difficult Files for citizens?

Book Review: Creating a World Without Poverty

2009-11-09 by mjr

I was referred to Creating a World Without Poverty during a discussion on advogato some months ago, but it took rather a long time to obtain the book for various reasons and then I forgot about this review until a recent discussion on new Cooperatives-UK Chief Ed Mayo’s site. Better late than never, here’s my review of it. Let me know what you think of this book.

About the Book

Author Muhammad Yunus is founder of the Grameen Bank, Bangladesh, one of the microcredit pioneers, but that story has been told in another book Banker to the Poor. The prologue of this book starts with the creation of Grameen Danone – a joint venture between the bank and the France-based Groupe Danone – then part one describes problems in capitalism and introduces the idea of Social Businesses as a complement to what the book calls Profit-Maximising Businesses (PMBs), or what most people know as usual shareholder companies.

Part two then covers the Grameen Group from its start in banking, through an impressive list of short company case studies – some Social, some PMBs, some joint-ventures – up to the first year or so of Grameen Danone. The final part then talks about creating a marketplace which is open to Social Businesses, harnessing Information Technology to spread these ideas (more on this in a later article on this site) and using those innovations to banish poverty from the world. The epilogue is the Nobel Prize Lecture “Poverty Is a Threat to Peace” which seemed to read almost as a simplified summary of the book’s main ideas.

Annoyance

I got quite annoyed with this book because I feel there is a lurking absurdity in its main big idea:-

On the one hand, the argument seems to be that profit-maximising businesses are problematic because of their single-minded focus on profit-maximisation. This is an argument that I largely agree with, as you may remember from my short review of Joel Bakan: The Corporation.

On the other hand, it proposes to remedy this by creating Social Businesses with equally single-minded focus on social problems – this seems like a recipe for disaster! If profit-maximisers threaten to wreck the environment, human rights or whatever else isn’t in their goals, why won’t Social Businesses using similar single-purpose company formation rules just as easily threaten to wreck whatever mentioned isn’t in their goals?

If this book is correct and entrepreneurs are multi-faceted human beings who will act to promote social aims (which they must if they are to invest in Social Businesses), then the only robust way forward is to promote businesses that do not try to simplify that multi-faceted nature, whether for profit-maximisation or for a subset of social aims. The best form of businesses that I know for trying to represent all interests of their owners are cooperatives.

Dismissed after less than a page

Cooperatives are examined in part one of the book and dismissed after less than a page (p35) because they are “not inherently oriented towards helping the poor or producing any other specific social benefit” (which is a misleading claim because concern for community is a basic principle of cooperatives which all should uphold), they can be owned equally by the wealthy as well as the needy (why is this a problem?) and they can sometimes be demutualised into PMBs. Ultimately, if that’s the will of the people, that can’t be completely prevented, but recent developments have found ways to make that much less attractive (so-called anti-carpetbagging rules). Doing what people want is not usually a problem in other spheres – it’s democracy.

What’s really infuriating is that the author proceeds to describe Social Business which are aimed at specific social benefits (rather than all), can only be owned by the needy but can access the resources they need by donations from the wealthy or by forming joint ventures with them (even very unequal ones) and can be “desocialised” into profit-maximisers (p178). The same problems which were used to reject cooperatives exist just as badly, if not worse!

Conclusion: a bit disappointing

So, ultimately, I found this book a bit disappointing. There are lots of good ideas, but when presented with a ready-made round wheel for the basic problem of tempering profit maximisation, this book reinvents an oval one.

I suppose I shouldn’t be surprised. The misleading criticism of cooperatives is sadly typical of much of the current social enterprise movement, which I mentioned as a drawback in the recent case study of our co-op by Cooperatives-UK. I don’t know if social enterprise enthusiasts are informed by the thinking of people like Muhammad Yunus, or if the high-profile authors simply reflect the movement.

Have you read this book? Did you spot this contradiction? Do you feel it has other problems that I’m ignoring? Or is it a work of genius and I shouldn’t be disappointed with it?

Posted in Cooperatives | Tagged , , , , , , , , , , , , , | 3 Comments

ssh security

2009-11-04 by mjr

A periodic security review at our co-op suggested switching PasswordAuthentication no on even more hosts. One of those caused a bit of a heated discussion about the benefits of increased security and the drawbacks of making emergency access harder, reminding me of the old joke about a secure computer being one encased in a block of concrete, not connected to anything and buried in a secret location.

More usefully, I found a Discussion summary on improving SSH which seemed to cover the basics pretty well. It also suggests that “nearly two thirds of all SSH private keys were stored on disk with no password protection” which is scary and can server admins even detect that sort of risky behaviour?

One thing I’ve not really noticed before is how common brute-force ssh attacks are. There are some denyhosts statistics which make interesting pictures and Strong passwords no panacea as SSH brute-force attacks rise summarises some data from last year.

So what can we do? libpam-cracklib seems like a first step, along with denyhosts. While searching around, I noticed sslh – ssl/ssh multiplexer which looks like a useful trick that I might try somewhere. It entered debian testing earlier this week and looks simple to backport to the stable version.

What tips would you give? Do you think it’s worth having at least one reasonably secure host with PasswordAuthentication enabled, just in case of disasters disabling private keys? Are you a fan of port-knocking and other more sophisticated things? Do you know more numbers about ssh security?

Posted in GNU/Linux | Tagged , , , , , , , , , , , , , | 14 Comments

Windows 7: Released with known critical bug

2009-10-28 by mjr

The debian project defines a critical bug as “makes unrelated software on the system (or the whole system) break, or causes serious data loss, or introduces a security hole on systems where you install the package.”

FSF Europe reported that “Windows 7, is currently shipping with a potentially serious defect […] a high-risk vulnerability in the SMB2 protocol. This can be exploited over the network to shut down a computer with a Denial of Service (DoS) attack.” (Full details)

You’d be hard pressed to know this from all the Windows 7 launch ra-ra on the BBC and others. Where was the Public Service part of the broadcast, warning customers about this awful problem?

Please, when picking your software, when choosing your next operating system, select one that is mainly cooperatively-developed and which makes a promise like “we will not hide problems”. debian, fedora and centos all make promises of openness. Check whether your system does and if it does, mention it in the comments here. If it doesn’t – please ask its developers!

Posted in SPI | Tagged , , , , , , , , | 7 Comments

What’s in a name? Co-operative in names at Companies House

2009-10-27 by mjr

This was a Freedom of Information request to Companies House. The request was partially successful. I asked:

“How many companies have been incorporated with the word co-operative in their name in the last few years and how many have been refused approval for the word co-operative?”

After a bit of shuffling, the answer was:

“we do not collate information on applications for company names that have been refused […] As at the end of July there were 1,286 companies on the register with `co-operative’ in their name. You may also wish to note that there were an additional 56 companies with `cooperative’ in their name. […] The figures for the companies that were incorporated within the last 3 years, and are still live, are 114 for `co-operative’ and 14 for `cooperative’.”

So, there has been about a 10% increase in cooperative names registered Companies House in the last three years, but there’s no indication that Companies House are policing it effectively.

Are you seeing more cooperatives around you recently? At least in the UK, the recession-support programmes offered to our co-op favour private companies over co-ops, but maybe new start-up co-ops can also access some funding? Have you met something called a co-op (apart from a computer game) which wasn’t a co-op?

Posted in Cooperatives | Tagged , , , , , , , | 1 Comment

debian kernel, firmware and virtualisation

2009-10-26 by mjr

The debian GNU/Linux kernel’s firmware content is one of the most troubling bugs, and (as I understand it):

  • it mostly came from upstream (so fixing it only in debian isn’t sustainable),
  • it’s something some FSF supporters kick us for (often while ignoring other not-aiming-for-100%-free systems and turning a blind eye to the non-program problem in their own back yard) and
  • it’s actually pretty hard to fix and even harder to get paid for fixing.

The latest Bits from the kernel team included: “A constructive discussion was held about the outstanding firmware issues, how the team addresses them and how we might work with upstream to address our DSFG issues with kernel sources.”

The fuller minutes expand it a little: “The main topic was concerned with continued splitting of non free firmware and ensuring Debian kernels remain useful even with our DSFG challenges. Discussion about upstream firmware releases and general agreement was reached to talk to Dave Woodhouse about this (as he did most of the upstream firmware splits) . Action item for Vince and Max to talk to Dave Woodhouse.”

Good luck and thanks for working on this!

Another interesting point for our co-op is that xen dom 0 patches “will be included in the squeeze kernel release subject to ongoing stabilisation work. The feature will be marked as deprecated and will not appear in future releases.” vserver (which I still use on one server) is also going away, but that’s less of a surprise.

It appears that OpenVZ is the only one with continuing support in the debian kernel, so I guess I’d better take another look at it (after it failed messily last time I tried).

Will you be changing your virtualisation approach? Do you think debian will get any encouragement for its firmware-splitting, or more flaming for not going far enough?

Posted in GNU/Linux | Tagged , , , , , , , | 7 Comments