俄羅斯在英國脫歐的議題上,也利用 Social Network 的廣告影響民意

TechCrunch 上看到的,俄羅斯政府不只在美國選舉時這樣做,同時也在英國脫歐公投的議題上進行操作:「Twitter says Russians spent ~$1k on six Brexit-related ads」。

不過金額比美國選舉時小了很多:

In response to the Commission’s request for information concerning Russian-funded campaign activity conducted during the regulated period for the June 2016 EU Referendum (15 April to 23 June 2016), Twitter reviewed referendum-related advertising on our platform during the relevant time period.

Among the accounts that we have previously identified as likely funded from Russian sources, we have thus far identified one account—@RT_com— which promoted referendum-related content during the regulated period. $1,031.99 was spent on six referendum-related ads during the regulated period.

With regard to future activity by Russian-funded accounts, on 26 October 2017, Twitter announced that it would no longer accept advertisements from RT and Sputnik and will donate the $1.9 million that RT had spent globally on advertising on Twitter to academic research into elections and civil engagement. That decision was based on a retrospective review that we initiated in the aftermath of the 2016 U.S. Presidential Elections and following the U.S. intelligence community’s conclusion that both RT and Sputnik have attempted to interfere with the election on behalf of the Russian government. Accordingly, @RT_com will not be eligible to use Twitter’s promoted products in the future.

波蘭政府的官方網站將會使用 Let's Encrypt

Twitter 上看到這則 tweet,指出波蘭政府的官方網站使用了 Let's Encrypt 的憑證:

SSL Labs 上也可以看出來:「SSL Server Test: www.gov.pl (Powered by Qualys SSL Labs)」。

不過不確定目前是暫時性的 (之後會換成其他的 SSL certificate),還是本來就打算這樣設計了。

用手勢在會議中表達意思

英國內閣辦公室中的英國政府數位服務 (Government Digital Service) 發展了一套手勢 (六個),可以在不用打斷發言過程下表達出一些簡單的意見或是表示想要有進一步的討論:「Platform as a Service team takes even-handed approach to meetings」(網站好像有點熱門,讀取速度變慢不少 XD)。

提高會議溝通的效率...

科威特通過法律強制取得每個人的 DNA:包括外籍人士與訪客

Bruce Schneier 這邊看到這則新聞:「Kuwaiti Government will DNA Test Everyone」,原始報導在「Kuwait set to enforce DNA testing law on all – Officials reassure tests won’t be used to determine genealogy」這邊,開頭的說明還蠻清楚的:

The DNA testing law that will go into effect this year is aimed at creating an integrated security database and does not include genealogical implications or affects personal freedoms and privacy.

以及:

When the law (no. 78/2015) is applied, it will be binding on all citizens, expatriates and visitors too.

Bruce Schneier 擔心的是這種嚴重侵犯隱私的資訊沒有任何罰則可以阻止科威特政府將 DNA 資訊轉其他國家的政府:

And there is nothing preventing the Kuwaiti government from sharing that information with any other government.

這個國家完全不能進去...

美國政府應該已經取得大量原始程式碼,而且 CEO 不知情

Bruce Schneier 這邊看到的:「Companies Handing Source Code Over to Governments」。

直接對員工下法院命令,並且不得告知任何其他人有這個命令 (包括 CEO):

These orders are so highly classified that simply acknowledging an order's existence is illegal, even a company's chief executive or members of the board may not be told. Only those who are necessary to execute the order would know, and would be subject to the same secrecy provisions.

跟中國企業的情況類似。

Love your country, but never trust its government

Hacker News Daily 上看到的,在 Sun-2 的 bootloader 裡可以看到「Love your country, but never trust its government」這樣的字串:「Why the Sun 2 has the message "Love your country, but never trust its government"」。

這段字串是由 John Gilmore 當時在 Sun 開發時所放入的,John Gilmore 同時也是後來 EFF 創辦人之一,不過當初放入這段字串的目的是為了抓到盜版:

Yes. Vinod Khosla, first President of Sun, came to me at one point and said to put something hidden, triggered in an unexpected way, into the ROM Monitor, so that if somebody cloned the Sun Workstation (violating our software’s copyright), we could do that unexpected thing to the competitor’s demo workstation at a trade show and thereby prove that they had cloned it.

過了三十年後 John Gilmore 被挖出來問的回應也是蠻有趣的... (可以參考原文附上的信件)

而這句話現在回頭看也很經典,尤其是最近各國政府想要在 crypto system 裡面放後門的各種反應。

荷蘭政府捐贈五十萬歐元給 OpenSSL

在一堆政府想要立法放後門進系統的情況下,荷蘭政府則反對這樣的想法,並且決定捐贈五十萬歐元 (目前約五十四萬美金) 給 OpenSSL:「Dutch govt says no to backdoors, slides $540k into OpenSSL without breaking eye contact」:

The Dutch government has formally opposed the introduction of backdoors in encryption products.

A government position paper, published by the Ministry of Security and Justice on Monday and signed by the security and business ministers, concludes that "the government believes that it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption within the Netherlands."

以及:

The formal position comes just months after the Dutch government approved a €500,000 ($540,000) grant to OpenSSL, the project developing the widely used open-source encryption software library.

英國政府對電腦的資安管理機制:Ubuntu 14.04 LTS 的部份

Ubuntu Insights 上看到「UK Government issues Ubuntu 14.04 LTS Security Guidance」,英國政府發布了 Ubuntu 14.04 LTS 的資安規範:「End User Devices Security Guidance: Ubuntu 14.04 LTS」,在裡面甚至還包括了 script 幫你處理。

可以在「End User Devices Security and Configuration Guidance」的「Per-platform Guidance」看到其他作業系統的資安管理規範。

在企業規劃內部的資安規範時也可以拿來參考看看?

英國政府將優先考慮 Open Source 應用

Slashdot 上看到的文章:「UK Government Mandates 'Preference' For Open Source」,引用的新聞是「Government mandates 'preference' for open source」,英國政府的說明原文則是在「Open source — Government Service Design Manual」。

第一段就馬上說明無論是作業系統、網路軟體、網站伺服器、資料庫,甚至是程式語言,都應該優先考慮 open source 方案,再考慮 closed source 替代方案:

Use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, Web servers, databases and programming languages.

只有在少數狀況下才應該使用 SaaS 或是安裝非 open source 軟體替代:

Problems which are rare, or specific to a domain may be best answered by using software as a service, or by installing proprietary software.

不過這份 manual 還未定案,還可以看看會有什麼更新...