BOFH: Here in my car I feel safest of all. I can listen to you ... It keeps me stable for days

Yep, read the licence again

BOFH logo telephone with devil's hornsEpisode 10 "It's a clear-cut case of licence blindness," I say to the Boss.

"What now?" he chips back.

"Licence blindness. It's a term based on software licensing. Like when you're installing some software or another and a window appears with a scrolling box full of text in the background and underneath the box there's a checkbox saying 'I have read and agree to the licence terms and conditions.' You're going to click the box, and you're not going to scroll down and read all that licence palaver."

"Back in the day it used to say 'I understand and agree to the licence terms and conditions' - but no one really reads the terms so they just dropped the 'understand' bit because it gave them a far stronger legal position," the PFY adds.

"Yes, but..."

"I mean NO ONE is going to read through all those pages of legalistic bumpf just to install some product that they have no real interest in."

"OK, but..."

"And they bloody KNOW that no one will read it all, but to make it seem like they WANT you to read it all they'll grey out the Agree button until you've scrolled down to the bottom of the blurb."

"Uh huh, but I don't know how thi..."

"I mean if they were really SERIOUS about you actually READING the licence conditions there'd be a test at the end," I add.  "You know, multichoice like what the fines might be like or what year the law was passed etc."

"I DON'T CARE!" the Boss fumes. "And I don't know what the hell this has to do with the door problem."

"THE PROBLEM," I say, "is that security now gives new staff 12 pages of instruction on how to use their access card when a 30-second video would be better. More importantly, all the useful information about security is near the end of the instructions when people have stopped reading."

Long story short, the company has had a social engineering security-audit scare.

"It's all important information," the Boss blurts.

"It's not!" I retort. "You present your card, type in your PIN and press the green button - THAT'S IT. What the staff NEED to know is:

  1. Don't punch a hole in the card;
  2. Don't try and use it when its sandwiched into a bunch of other prox cards; and
  3. Don't give your card to some bloke at reception who says he just wants to nip outside for a smoke before the auditors get here but he left his card on his desk upstairs!"

"They found more issues than that," grumbles the Boss.

"Yes, yes," I reply. "They told us that our public wireless is less secure than James Dean's seatbelt and that we have no protection against drones spying on us through our unshaded windows. That said, completely changing our security system isn't going to help unless we change the way people use it."

"The new system is great!" the Boss burbles. "It has 1024-bit encryption, biometric measurements with user history and a dashboard on your phone to let you know about security issues."

In a stunning turn of events, the Boss - a mediocre IT manager at best - has convinced the Board to replace the company security system, triggering the immediate resignation of the Head of Security.

To add insult to idiocy, the Boss also convinced the Board he could do both roles until a successor is appointed.

"But it will still be used by idiots," I say. "Did you get the contract?"

"Of course," the Boss responds.

"And read - and understood - it?"

"The company lawyers looked it over before I signed it.." he mutters.

"THIS company's lawyers?"

"They look over all our contracts," the Boss says defensively.

"They looked over my contract," I reply, "- completely missing the addition of clause 85e about my daily onion bhaji entitlement."

"Yes." the Boss sighs, all too familiar with the after-effects of that.

"Or my clause 85e where I get two basement carparks, one in which I can park a van to use for central city storage," the PFY adds.

"What's your point?" the Boss snaps.

"The POINT is that if you write a document in the right way you can induce licence blindness," the PFY replies.

"You never put anything controversial in the first half of the document, when people are alert," I say. "And you never put anything dodgy on the last 2-4 pages. But somewhere around 2/3rds of the way into the document you start putting in clauses that are almost word-for-word copies of clauses on the previous page - but just with tiny changes to justify the additional clauses," I say.

Warming to my theme, I add: "Like: you have a set of 10 clauses where you itemise that the client will not reverse-engineer a software product, will not reverse-engineer a hardware product, will not reverse-engineer a firmware product.. etc. THEN you have another set of 10 clauses where the client will not allow others to reverse-engineer etc, etc, and another 10 clauses about always informing the vendor if someone has attempted to reverse-engineer a software product, a hardware product, a firmware product, etc.

"Before the reader knows it they're dropping off to sleep and aren't really sure which page they were on before they got drowsy."

"Yyyyyessss?" the Boss says uncertainly.

I continue: "So they read it again, lose their place - and their will to live - again, then get to a new set of 10 clauses about how the client will, I dunno, pay for the software licence on or before some day; pay for the hardware licence on or before some day; pay for the firmware licence on or before some day. Then get another 10 clauses about how the client will pay interest at the bank rate plus 2 per cent for late payments on the software licence on or before some date; how they will pay interest at the bank rate plus 2 per cent for late payments on or before some date; how they will buy us both new cars on or before some day; how they will not replace the existing security system on or before some future date; how they will reinstate the Head of Security with full backpay on or before some day, etc."

"Is that what we signed?" the Boss sighs, having recognised some familiar clauses in my monologue.

"Oh yes."

"So there's no new security system?"

"Oh no."

"And there was no security audit?" "No. But I will be needing that new car..."

"Actually, we both want vans," the PFY adds. ®

Similar topics

Broader topics

Other stories you might like

  • North Korea pulled in $400m in cryptocurrency heists last year – report

    Plus: FIFA 22 players lose their identity and Texas gets phony QR codes

    In brief Thieves operating for the North Korean government made off with almost $400m in digicash last year in a concerted attack to steal and launder as much currency as they could.

    A report from blockchain biz Chainalysis found that attackers were going after investment houses and currency exchanges in a bid to purloin funds and send them back to the Glorious Leader's coffers. They then use mixing software to make masses of micropayments to new wallets, before consolidating them all again into a new account and moving the funds.

    Bitcoin used to be a top target but Ether is now the most stolen currency, say the researchers, accounting for 58 per cent of the funds filched. Bitcoin accounted for just 20 per cent, a fall of more than 50 per cent since 2019 - although part of the reason might be that they are now so valuable people are taking more care with them.

    Continue reading
  • Tesla Full Self-Driving videos prompt California's DMV to rethink policy on accidents

    Plus: AI systems can identify different chess players by their moves and more

    In brief California’s Department of Motor Vehicles said it’s “revisiting” its opinion of whether Tesla’s so-called Full Self-Driving feature needs more oversight after a series of videos demonstrate how the technology can be dangerous.

    “Recent software updates, videos showing dangerous use of that technology, open investigations by the National Highway Traffic Safety Administration, and the opinions of other experts in this space,” have made the DMV think twice about Tesla, according to a letter sent to California’s Senator Lena Gonzalez (D-Long Beach), chair of the Senate’s transportation committee, and first reported by the LA Times.

    Tesla isn’t required to report the number of crashes to California’s DMV unlike other self-driving car companies like Waymo or Cruise because it operates at lower levels of autonomy and requires human supervision. But that may change after videos like drivers having to take over to avoid accidentally swerving into pedestrians crossing the road or failing to detect a truck in the middle of the road continue circulating.

    Continue reading
  • Alien life on Super-Earth can survive longer than us due to long-lasting protection from cosmic rays

    Laser experiments show their magnetic fields shielding their surfaces from radiation last longer

    Life on Super-Earths may have more time to develop and evolve, thanks to their long-lasting magnetic fields protecting them against harmful cosmic rays, according to new research published in Science.

    Space is a hazardous environment. Streams of charged particles traveling at very close to the speed of light, ejected from stars and distant galaxies, bombard planets. The intense radiation can strip atmospheres and cause oceans on planetary surfaces to dry up over time, leaving them arid and incapable of supporting habitable life. Cosmic rays, however, are deflected away from Earth, however, since it’s shielded by its magnetic field.

    Now, a team of researchers led by the Lawrence Livermore National Laboratory (LLNL) believe that Super-Earths - planets that are more massive than Earth but less than Neptune - may have magnetic fields too. Their defensive bubbles, in fact, are estimated to stay intact for longer than the one around Earth, meaning life on their surfaces will have more time to develop and survive.

    Continue reading

Biting the hand that feeds IT © 1998–2022