KM's Fairy Godmother Department
Dec. 6th, 2005 10:39 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
major_clangerAfter my nasty labels-gumming-up-printer experience the other day, I emailed Konica Minolta's technical support line to ask for advice on if it was possible to clean the image transfer belt of my printer. (In case anyone's wondering what this bit does, I found a nice explanation whilst googling for advice). At most I was hoping for some hints on whether or not I could use WD-40 or IPA, and to be honest I was rather expecting to hear that there wasn't much I could do short of replacing the ITB assembly - which costs about £300.
I was thus pleasantly surprised to get the following reply:
Dear Mr Bradshaw,
I will send you some cleaning solution to remove the residue.
Kind regards,
Shaun Lamberton
Technical Support Agent,
Konica Minolta Printing Solutions
Thinking objectively, I can see the business sense behind this generous gesture: a happy customer with a working printer will keep on buying expensive colour toner cartridges. Nonetheless, it's a very prompt and helpful response; Mr Lamberton, I salute you.
Regarding the weekend's other hassle, I finally got my car back today, after paying a bill that made my Flexible Friend cringe to the tune of a sum that just made it into four figures. It does seem that everything that could wear out did so at the same time, but spread over five years and 75,000 miles I suppose that it doesn't seem quite so horrifying. As it is, the garage were very apologetic for the delay - one of the replacement bits had to be re-ordered as the first box had the wrong part inside - and not only discounted some of the parts but threw in a free valet.
This was also the first time I've had one of the new MOT certificates. Having been studying land law, I can see the similarity with the changes that the Land Registry have made recently, in that in both cases (buying land or getting a car MOT'd) the bit of paper you get is no longer the legal proof in its own right, but is rather just a notification of the update of a central electronic register. I'll be interested to see how well the security works on the new system, as I understand that concerns in this area led to long delays in introducing the system. But if it all works, the idea of being able to independently verify that a car's MOT is genuine is a good one. And it's nice to see that the standard form has a feature that some garages have been using for a while: a peel-off sticker for your windscreen with a reminder of when the next test is due. I just hope it's not prone to coming off inside the test centre's printer...
I was thus pleasantly surprised to get the following reply:
Dear Mr Bradshaw,
I will send you some cleaning solution to remove the residue.
Kind regards,
Shaun Lamberton
Technical Support Agent,
Konica Minolta Printing Solutions
Thinking objectively, I can see the business sense behind this generous gesture: a happy customer with a working printer will keep on buying expensive colour toner cartridges. Nonetheless, it's a very prompt and helpful response; Mr Lamberton, I salute you.
Regarding the weekend's other hassle, I finally got my car back today, after paying a bill that made my Flexible Friend cringe to the tune of a sum that just made it into four figures. It does seem that everything that could wear out did so at the same time, but spread over five years and 75,000 miles I suppose that it doesn't seem quite so horrifying. As it is, the garage were very apologetic for the delay - one of the replacement bits had to be re-ordered as the first box had the wrong part inside - and not only discounted some of the parts but threw in a free valet.
This was also the first time I've had one of the new MOT certificates. Having been studying land law, I can see the similarity with the changes that the Land Registry have made recently, in that in both cases (buying land or getting a car MOT'd) the bit of paper you get is no longer the legal proof in its own right, but is rather just a notification of the update of a central electronic register. I'll be interested to see how well the security works on the new system, as I understand that concerns in this area led to long delays in introducing the system. But if it all works, the idea of being able to independently verify that a car's MOT is genuine is a good one. And it's nice to see that the standard form has a feature that some garages have been using for a while: a peel-off sticker for your windscreen with a reminder of when the next test is due. I just hope it's not prone to coming off inside the test centre's printer...
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2005-12-06 11:59 pm (UTC)no subject
Date: 2005-12-07 08:04 am (UTC)Having thought about access to information, and the analogy of medical confidentiality: Only good if there are a limited number of named individuals with access to the database. Otherwise, the scope for data misuse balloons.
no subject
Date: 2005-12-07 08:40 am (UTC)So that's a lot of people...
no subject
Date: 2005-12-07 06:40 pm (UTC)There are all sorts of very good reasons why medical data is and should be confidential (e.g. the potential for discriminatory treatment). But why should it be a problem to be able to ask if the authentication code on an MOT certificate is actually associated with the vehicle it purports to be for?
The most one could do with the current system, as far as I could see, is come up with random 13-digit numbers and see if they happen to coincide with a particular car registration. Even if you hit lucky, all you get back (I've just tried it with my details) are the make, model and colour, mileage, date of test and phone number of the test centre. Other than that the latter probably indicates very roughly where the owner lives, this does not really tell you a lot. Since the chances of guessing are so small, the only way you'll realistically get this info is if you have the test certificate, in which case you have it all in hard copy anyway.
no subject
Date: 2005-12-07 09:05 pm (UTC)And the ever lingering worry is what might be stored here that you can't see. Is your address there, for example, but only visible to those authorised - which could be those spam marketers if they grease Gordon Brown's hand with enough silver?
no subject
Date: 2005-12-07 09:38 pm (UTC)no subject
Date: 2005-12-07 09:46 pm (UTC)The key new threat here seems to be the open access to the database after entering a 13 digit code from anywhere on the internet (if I'm interpretting what you've said about the system correctly). With this, I'm sure some script kiddie is ready to scrape a lot of the database already, whether HMG sells it or not.
no subject
Date: 2005-12-07 10:33 pm (UTC)If the system worked by entering the MOT code, and threw out the registration and other details, I'd agree with you. But what it does is take in the MOT code (which is only on the test certificate) and the registration, and - if and only if the two are paired in the VOSA database - it gives you the vehicle description and mileage.
So a program that looked like:
for MOT = 1 to 999999999999
for number = A11AA to ZZ55ZZZ (i.e. the complete list of valid registrations)
queryVOSA(MOT, number)
if query <> reject then print number, quert
next number
next MOT
might, access constraints on the VOSA database permitting, eventually list the description and mileage of every car in the country. But I think that we're talking a rather large value of 'eventually' here, as the response rate is going to be limited by (and throttleable via) the database report engine.
no subject
Date: 2005-12-07 10:46 pm (UTC)But there is a broader point... When you had the certificate, you were responsible for its security, and for the security of your own information. Now that its all on a publicly accessible server, you can no longer be respnsible for your own security. You have to rely on the programmers and operators that the government has got doing their job properly, and on the platform they work on being secure. And this is not only to direct, dumb attacks like the one I suggested, but also to more subtle ones based on the computiong infrastructure. Any idea what platform this all runs on and how secure that might be? Lets hope its not Windoze!
The problem with a lot of these current government IT projects is that they are taking the responsibility for information security out of the hands of a small number of identifiable individuals (eg. you, the MOT garage in this case, or, for the NHS medical records system, you, your doctor and their staff) and putting it in the hands of a lot of faceless people running networked systems that you know little about, and can do even less about checking or improving. They are saying 'trust us, we know what we're doing' when, in case after case in the past, they patently have not.
The MOT thing is a small delta on the overall problem. The ID card database, which represents a nationalisation of identity, is far worse.
The DVLA have sold your personal details
Date: 2005-12-08 07:47 am (UTC)Re: The DVLA have sold your personal details
Date: 2005-12-08 06:34 pm (UTC)