350 million squirrels

If you’re unfortunate enough to follow me on twitter, you’ve probably noticed that I’m currently just a bit grumpy about the UK’s crazy course towards the worst possible exit from the EU.

To be clear, unless someone can convince me otherwise (I’m still waiting for a reply from my pro-brexit MP), I will be voting to remain in or rejoin the EU at every available opportunity. I’ll also be at the Unite for Europe march on the 25th March.

But the thing that really makes me grumpy is the lack of any kind of sensible opposition. What usually gets me yelling at clouds is when someone pops up moaning about the pledge to spend more money on the NHS. (Apparently some people don’t think the bus was really misleading but the billboard seems less ambiguous.) The whole thing reminds me of a larger scale version of distracting a toddler. Oooooo, look, squirrel…

Photo © Patrick Wagstrom

Even if, and this is clearly never going to happen, the current government suddenly do decide that they’ll give any of the supposed £350 million to the NHS, it kind of misses the bigger picture. That £350 million is already worth less than when it was plastered on the side of a bus and we haven’t even started to leave yet. Pointing out that the Conservative manifesto included a commitment to the single market would probably do more to help the NHS than complaining about a bus. Actually ensuring MPs get a meaningful role in shaping the UK’s future relationship with the EU might also be a good idea. There are plenty of issues that will impact the NHS at least as much as extra funding, all of which deserve more scrutiny than they are going to get as things stand. For example, the European Medicines Agency or staffing from the EU. I’ll stop before this turns into even more of a rant but the point is that Brexit could mean anything and it’s about time we started taking it seriously.
It’s not that I don’t have a problem with misleading busses. For some reason you can get away with saying whatever you like in a referendum, which needs to change if we’re going to persist in having them. I’d personally prefer never to have another referendum again but if we must have one, perhaps it could be on the NHS? Unless the government know the will of the people on that as well.


In secure banking

Thought it was about time I got round to writing this post after reading another article highlighting some of the many flaws of Verified by Visa and Mastercard SecureCode today. Unfortunately the solutions described in that article are a little suspect and, while they might result in fewer people dropping out of sales, a better solution would be to scrap the whole crazy scheme completely. For a much better insight in to the security issues with 3D-Secure, have a look at Stewart’s post, which has some superb bonus features in the form of (attempted) discussions with various Financial Institutions!

And if there is still any doubt that banks have a problem with online security:

The underlying problem however isn’t a technical one. For a clue, have a look at ‘2.4 Liability shifting’ in Verified by Visa and MasterCard SecureCode: or, How Not to Design Authentication.

It doesn’t make any sense to me for the merchant or card holder to be liable for a security scheme which they have no say in.

A while ago I started thinking about various techniques that could be used to ensure that it would be completely safe to carry out any transaction on any computer, even if you knew it was logging every key you pressed. There’s no real point though: until the law makes it wholly the bank’s liability, where’s the incentive for them to stop making things worse with the current half-baked schemes?

It’s not like it’s rocket science, or even vaguely new technology:

I won’t be holding my breath.

Update: some good comments on Richard’s,  “Verified by Visa: bad for security, worse for business” post. Worrying if the Chase Bank comment is true! (17 Nov 2010)

Photo © David Neubert. Some rights reserved.