tech

  • New Twitter logo – a suggestion

    Steve WoodsLanguage, Media, Tech

    Twitter logoToday’s Grauniad reports that Elon Musk, the super-rich man-baby allegedly in charge of social media platform Twitter, wants to change the company’s famous blue bird logo. Announcing his intention, Musk is said to have tweeted: “And soon we shall bid adieu to the Twitter brand and, gradually, all the birds”.

    Since being acquired by Musk in October 2022, Twitter has had its business name changed to X Corp and it is on a design involving an X that Musk wishes logo efforts to be concentrated, with him also announcing the following:

    “If a good enough X logo is posted tonight, we’ll make (it) go live worldwide tomorrow.”

    As someone with an intense dislike for Musk and all he stands for, your ‘umble scribe has not been on Twitter since his takeover and has deleted his account* despite the large number of friends and contacts I’d made on the platform all over the country and the rest of the world.

    Nevertheless, your correspondent would like to suggest to Musk not to bother with a logo featuring an X, but something far more familiar to those with whom Twitter comes into contact, particularly if they are from the fourth estate or the media in general. It’s shown below for the benefit of Musk and his cultists.

    Turd emoji

    No, your eyes are working perfectly. It is the turd emoji. And it’s appropriate for many reasons. Firstly, there’s the mismanagement of the platform since Musk’s acquisition, including allegedly unlawful sackings of staff and the reinstatement of accounts of previously banned persons (such as that of the deeply unpleasant disgraced former 45th president of the US of A).

    Furthermore, press and media inquiries to Musk/Twitter now receive the turd emoji as their sole response to him/the company. It is hence far more representative of what the company has become under its present ownership, not to mention the mindset of its billionaire proprietor.

    However, if brown’s not your favourite colour, an alternative could be to tint the turd emoji the shade of blue used by the social media platform.

    Blue turd emoji

    * = Now on Mastodon, but that’s the subject of a future blog post. 😀

  • Facebook’s parent company fined €1.2 bn. for GDPR breach

    Steve WoodsGDPR, Privacy, Security, Social Media, Tech

    New logo as Facebook morphs into MetaMeta, the parent company of social media platform Facebook, has been fined a record €1.2 bn. by Ireland’s Data Protection Commission (DPC) in relation to breaches of the European Union’s General Data Protection Regulation (GDPR) in respect of user data transfers from the EU to the USA, Irish broadcaster RTE reports.

    The company has been given five months to implement changes to such data transfers.

    The DPC said Meta had infringed the GDPR by continuing to transfer EU user data to the US despite a ruling by the European court of justice requiring strong protection of such information, adding that the data transferred by Facebook under a measure called standard contractual clauses “did not address the risks to the fundamental rights and freedoms of data subjects that were identified by the [European Court of Justice] in its judgment”.

    Meta has said it will appeal the decision, as well as commenting that it was disappointed to have been singled out when using the same legal mechanisms as thousands of other companies providing services in Europe.

    The EU and the USA have agreed a new data transfer framework which is expected to be in place later this year.

    This is the largest ever fine levied in the EU for a privacy breach. The previous record penalty of €746 mn was imposed on Amazon in 2021.

  • EU Parliament wants to protect Free Software in AI regulation

    Steve WoodsOpen Source, Politics, Tech

    FSFE logoToday the Free Software Foundation Europe (FSFE) reports that the European Parliament’s two competent committees – the Committee on Internal Market and Consumer Protection (IMCO) and the Committee on Civil Liberties, Justice and Home Affairs (LIBE) – today voted by a large majority to protect Free Software in the EU’s AI Regulation. Furthermore, non-profit organisations and small Free Software projects up to the size of micro-enterprises, are largely to be exempted from this regulation.

    In addition, the FSFE comments that this principle must be anchored in the Cyber Resilience Act and Product Liability Directive and the parliament’s forthcoming votes.

    Alexander Sander, FSFE’s Senior Policy Consultant, explains as follows:

    Instead of putting the responsibility on the Free Software developers, it should be put on the companies that profit from it on the market. Smaller organisations and non-profit activities, for example by foundations, must be excluded. With this vote, the Members of the European Parliament are thus recognising the reality of Free Software development and trying to protect it. The principle of transferring responsibility and liability to those who profit on the market instead of focusing on developers must also be anchored in the Cyber Resilience Act and the Product Liability Directive. This is the only way to not only protect Free Software and its contributors but also consumers and customers.

    The final vote on the AI Act is expected in the next few weeks, after which discussions on the final text will take place between the Parliament, Council of Ministers and the Commission. The Parliament is currently discussing the amendments to the Cyber Resilience Act and the Product Liability Directive which have been submitted.

  • Firefox Focus – first impressions

    Steve WoodsBristol, Open Source, Privacy, Security, Tech

    Your ‘umble scribe is a great fan of the free and open source Firefox web browser and has been using the desktop version since version 0.x many years ago. One of its major attractions has been its emphasis on security and privacy.

    Until recently it was also the default browser on my smartphone, until I discovered Firefox Focus. Firefox Focus is a free and open-source privacy-focused mobile browser based on Firefox which is available for Android and iOS devices. First released in December 2015, it was initially a tracker-blocking application for mobile iOS devices, but was developed into a minimalistic web browser shortly afterwards.

    Firefox Focus iconAccording to Mozilla, Firefox Focus is a dedicated privacy browser with automatic tracking protection. meaning web pages load faster and your data stays private. It’s also easy to delete history, passwords and cookies, so advertisers and other ne’er-do-wells don’t follow you around online. Just tap the erase button on the search field and all that data is gone. Tracking protection is also very strong. The browser blocks a wide range of common trackers by default, including social trackers and those sticky ones that come from things like Facebook ads.

    After using Firefox Focus for one week, I can say I’m impressed with the way it works. Although it required me to learn how to use tabbed browsing (hint: hold down a link in your search results and a menu appears, offering the option to open the link in a new tab. Ed.), once that was cracked, I was away. As for fast page loading, that’s not disappointing either, even on notoriously slow-loading sites, like that of Bristol City Council, which still seems to be powered by a horse turning a shaft in the basement of the Counts Louse (which some call City Hall. Ed.). 😉

    If you value your privacy and security, I’d recommend Firefox Focus on your mobile device.

  • French Customs censured for illegal retention of personal data

    Steve WoodsPrivacy, Security, Tech

    CNIL logoFrench IT news site Le Monde Informatique reports that the French Customs authorities have been sent a formal notice by the CNIL, France’s data privacy regulator, in respect of an illegal data file containing the details of more than 45,000 people, including copies of identity documents and records of criminal offences.

    French Customs logoBusinesses are not the only organisations with which the CNIL has found fault for holding illegal files containing personal data. Public sector organisations can also fall foul of the law.

    The French Customs authorities, which come under the control of the Ministry for the Economy have been caught red-handed following a report in respect of Customs’ file used for recording information about vessels and their crews which is known as SIRENE. Intended to identify all the people checked at sea or in port in order to combat fraud, this system was in fact developed and implemented with no legal basis and not in accordance with the law, according to the CNIL

    Checks were carried out by Customs’ Channel-North Sea-Atlantic coastguard service and inspections revealed that recourse to this system did not comply with France’s Data Protection Act. This data system actually lists information about the vessels checked and their passengers, including personal information such as marital status, address, occupation and copies of identity documents, as well as criminal convictions (drug trafficking, counterfeiting, off-the-books employment, failure to co-operate, sexual assault, possession of illegal weapons, intentional homicide and murder).

    6 months to comply or be fined

    All told, the details of 45,793 persons – including 392 minors – are included in the SIRENE file. “The creation and use of the SIRENE file are not provided for by any legislation (for example a law or a decree). In addition, the CNIL has not received a request for an opinion concerning its implementation, in violation of the Data Protection Act (articles 87 and 89, the CNIL explained. Other grievances have also been lodged against the Ministry for the Economy, such as the failure to send an impact assessment in respect of the protection of personal data and the lack of a clear distinction between the data of the different categories of persons concerned. or the fact that the latter were not made aware that their data had been included.

    Following the CNIL’s formal notice, the Ministry for the Economy and Customs have 6 months to comply otherwise a penalty could be issued.

  • Seriously

    Steve WoodsLanguage, Security, Tech

    The language used in official responses to news stories seems to have been rigid and formulaic in recent times, particularly amongst those organisations within or linked to the public sector.

    Today’s edition of The Register reports that ACRO, the UK’s Criminal Records Office was taken offline due to a security breach. The site currently displays a holding page blaming ‘technical issues‘, a fine example of misleading bureaucratic language.

    This is the site’s holding page as this post is published.

    Text reads Thank you for your patience as we work through our technical issues. To obtain an application form for a POLICE CERTIFICATE, send the applicant name and date of birth to: Policecertificateapp@acro.police.uk. To obtain an application form for INTERNATIONAL CHILD PROTECTION CERTIFICATE, send the applicant name and date of birth to: icpcapplication@acro.police.uk. Please do not send an email to the above addresses if you have already submitted a form. Someone will contact you to take payment. For future updates on this matter please see our customer services Twitter account: https://twitter.com/ACRO_Police_CST

    El Reg notes that manages ACRO people’s criminal record information, running checks as needed on individuals for any convictions, cautions, or current prosecutions. It with British police and businesses, as well as exchanging this data with other countries, particularly where people wish to move or emigrate to another country and a certificate of good behaviour is required from the British police. ACRO has access to data from the Police National Computer via an information sharing agreement with the Cabinet Office.

    The data typically handled by ARCO includes name and address history, extended family information, a new foreign address, legal representation, passport information, photo and data PIN cautions, reprimands, arrests, charges or convictions.

    Earlier this week, ACRO emailed users to inform them that it had “recently been made aware of a cyber security incident affecting the website between 17th January 2023 and 21 March 2023“, adding that “we have no conclusive evidence that personal data has been affected by the cyber security incident; however it is only right that we inform you of the situation. We are very sorry that because of your interaction with ACRO your data could have been affected, and we are working tirelessly to resolve this matter.”

    Anonymous generic hacker complete with hoodie

    The message went on to say that “robust measures” had been taken as soon as the breach was discovered. It won’t be the first time that pulling the plug on a website has been described by a public sector organisation spokesperson as “robust”, If your systems were truly “robust”, taking the site offline would not have been necessary.

    After intoning the “robust” mantra, ARCO then goes on to say: “We take data security very seriously and will ensure that the matter is fully investigated…. Translating this into plain English, this means “Oh dear! We’ve been caught out!”

    The fact that ARCO had not taken data security “very seriously” is clearly highlighted by two facts:

    • Firstly, ARCO did not notice crooks were gaining access to its computer systems for more than two months; and
    • Secondly, it has now freely admitted that it is going to take steps to find out how the breach happened and prevent its reoccurrence. A clear case of that old adage of shutting the stable door after the horse has bolted.

    The public sector relies heavily on public trust to do its work. If it really does want to be taken seriously, tough measures need to be taken and implemented, not just for IT security, but in connection a very ancient and fundamental idea: that of honesty.

  • Happy 25th, curl!

    Steve WoodsLinux, Open Source, Tech

    Version 8 of the curl command line too has been released, German It news website reports. This coincides with the software’s 25th birthday.

    The release of a new major version (8.0O of curl (Client for URLs) has been released just in time for the software’s 25th birthday. The data transfer command line tool has barely changed. The new release has far more to do with publicising the birthday of the software and its libcurl program library. This was explained by curl’s initiator and maintainer Daniel Stenberg when announcing the release. In moving to a version 8Stenberg also wanted to avoid ending up with a curl version seven with point releases running to three figures (7.xxx).

    Little has changed within curl itself with this release: 8.0 is just the first release of curl that no longer runs on systems without working 64-bit data types, as can be gathered from the release notes. Otherwise, the new version contains 130 bug fixes, including six vulnerabilities of which Stenberg classifies five as “low” and one as “medium“. Furthermore, there are rewards ranging from $480 to $2,400 for those who successfully squash curl’s bugs.

    To celebrate the release, some of the project’s figures have also been released. There have been 215 releases, whilst 41 contributors (of whom 23 were new) collaborated on version 8.0. A total of 2,841 persons have contributed to curl’s code; mostly only once, as Stenberg comments in his Youtube video.

    Curl itself is a very popular command line tool for sending and receiving data with URL syntax, whilst libcurl is a transfer program library which handles most internet protocols and is used in many third party applications.

  • Czech government using open source web analytics

    Steve WoodsGDPR, Open Source, Privacy, Security, Tech

    Czechia coat of armsJoinup, the EU’s open source news site, reports that the Czech Republic is to begin using the Matomo open source web analytics tool on the Czech citizen portal and gov.cz websites, where it will replace Google Analytics.

    This change will ensure that the data by the sites collected will stay within the EU and, as the Czech administration will be using its own instance of Matomo, it will retain full control of the records.

    The change was triggered by an open letter sent by the Czech the digital freedom watchdog luridicum Remedium after it noticed the Czech state vaccination system website was using Google Analytics during the COVID-19 crisis. The Czech Data Protection Authority and public sector strategic partner NAKIT then pursued the matter and replaced Google Analytics with Matomo on Czechia’s Ministry of Health website. This move later led to further action and the country will continue following this trend on public sector websites.

    Previously named Piwik, Matomo has been in development since 2007 and is presently deployed on 1.4 million websites, including those of NASA, the European Commission, the United Nations and Amnesty International.

    The Czech decision to choose Matomo follows those of other European countries seeking to keep control of their citizens’ data. Last year the French and Austrian data protection authorities determined that Google Analytics was not compliant with EU data privacy standards, in particular because Google’s data transfers to the United States are contrary to the EU’s General Data Protection Regulation (GDPR).

  • LibreOffice Base Guide – now in Czech

    Steve WoodsLanguage, Open Source, Open Standards, Tech

    The blog of The Document Foundation, the organisation behind the free and open source LibreOffice productivity suite, reports that the user guide for Base, the suite’s database development and administration tool for relational database management systems has now been translated into Czech.

    Czech LibreOffice community member Zdeněk Crhonek (aka “raal”) writes as follows:

    The Czech team translated the LibreOffice Base Guide 7.3 – and it’s now available on the documentation page. Our team consists of three translators: Petr Kuběj, Radomír Strnad and Zdeněk Crhonek, along with localized screenshot maker Roman Toman, and Miloš Šrámek, who prepared machine translations.

    Cover of Czech Base guide

    Learn more about or join the LibreOffice Documentation project.

  • LibreOffice & Nextcloud for EU Institutions

    Steve WoodsOpen Source, Politics, Security, Tech

    EU flagEU data protection authorities have negotiated a contract for the use of Nextcloud and LibreOffice Online in EU institutions. They are now testing the solutions, German IT news heise reports.

    Data protection-friendly alternatives

    It was announced last Wednesday that the European Data Protection Supervisor Wojciech Wiewiórowski and his team have begun testing both solutions this month. In coming months they want to examine “how these can tools support EU day-to-day work“. This pilot phase is part of a larger IT reflection process that the EDPS already started last year aimed at encouraging EUIs to consider alternatives to large-scale service providers to ensure better compliance with Regulation (EU) 2018/1725.

    By procuring the Open Source Software from one single entity in the EU, the use of sub-processors is avoided. In doing so, the EDPS avoids data transfers to non-EU countries such as the USA and allows for more effective control over the processing of personal data.

    According to Mr Wiewiórowski, “Open Source Software offers data protection-friendly alternatives to commonly used large-scale cloud service providers that often imply the transfer of individuals’ personal data to non-EU countries. Solutions like this may therefore minimise reliance on monopoly providers and detrimental vendor lock-in. By negotiating a contract with an EU-based provider of cloud services, the EDPS is delivering on its commitments, as set out in its 2020-2024 Strategy, to support EUIs in leading by example to safeguard digital rights and process data responsibly“.

    Microsoft Office in the sights

    Mr Wiewiórowski has already examined the contracts which EU institutions have with Microsoft and reached the conclusion in 2020 that the data processing purposes when using Windows or Microsoft Office had been defined far too openly. Processing contractors were not adequately audited and data could be transferred too easily by EU institutions to countries outside the Union. At the time, he demanded that Microsoft should only retain user information within the EU. The roles of all those involved with all their rights and obligations must be clearly regulated. Furthermore, Users should look around for alternatives that “enable higher data protection standards“.

    The EDPS started further investigations into the use of Microsoft and Amazon cloud services by EU institutions. These entailed the use Microsoft Office 365 by the EU Commission. According to Wiewiórowski many contracts were concluded prior to the “Schrems II Judgment” and had to be examined in the light of the European Court of Justice case law.

Posts navigation