Over Christmas there was yet another terrorist “attack” in a plane over the US. And as a result, Fuhrer Brown has said that full-body scanners will be brought in to all the main UK airports because ‘they’re crucial in the fight against terrorism”. Which, frankly, is bollocks – the experts don’t even agree that the explosives used by Umar Farouk Abdulmutallab on Christmas Day would be found by a full-body scanner.

I’ve written before about Security Theatre, and really this is all more of the same.

What makes me really laugh though is all the shite that politicians spout about doing this “because we won’t give in to terrorism”.

• Every single time you take a flight and have to take your shoes off for a search, terrorism caused it.
• Every time you go through a full-body search from now on, that’s been caused by terrorism.
• Any time you can’t take a drink or shampoo abroad, that’s been caused by terrorism.
• Any time you read about ID cards or airport security, that’s been caused by terrorism.

And actually, for pretty much all the above items, you could replace “caused by terrorism” with “caused by the threat of terrorism”. Because most of it isn’t actually related to terrorist acts – it’s related to “plots”, rather than the real thing.

Basically, if you’re travelling by plane, you’re affected by terrorism or the threat of it. Every time you’re affected, you think about why you’re being affected. And bang, terrorism wins yet again.

In fact, the only recent occasion where terrorism really hasn’t affected things (yet, anyway) was the bombings in London on the 7th July. Certainly that event has made people more aware of the risk of terrorism and suicide bombers – but it hasn’t involved extra security checks, or changes to the way we live.

So wittering on about not letting terrorists win, while adding in new pointless security measures “to prevent terrorism”, that’s terrorism winning its case.

With the new job I’m actually finding myself in a fairly serious position of trust and responsibility – quite weird, for having only been with the company for two months.

For example, I’m completely responsible for the security of the data, a lot of which is seriously sensitive. That’s fine, I’ve been there before with other sets of information, but the sheer scale of this one is what makes it a bit intimidating. The stuff I’ve inherited from my predecessors is – to be polite – a bit shambolic, with what looks like a lot of “Oh, that’ll do” workarounds. So I’m getting to fix these things, and that can be a bit stressful.

This week has been (and still is, to some degree) a high point on the stress levels, because of two big jobs.

First, I’ve had to change all the encryption methods on the site, to bring it into accordance with some industry guidelines. That means de-crypting the existing data, re-encrypting it with the new method, then de-crypting it all again to make sure it matches the first set of de-crypted data. For 75,000 records. Suffice it to say, there were *lots* of backups in place, so I could roll it all back whenever.

Second – and this is due to be happening either tonight or tomorrow – we’re moving all the database stuff over to the new server. Again, having a seperate server for the database is a requirement of the industry standards but means a lot of work – killing the site, taking backups, copying them to the new server, and restoring the data. We could have used replication to copy one database to t’other, but to be honest I’m happier with the slower method which I’m familiar with in this case, rather than one I haven’t needed to use before.

Along the way, I’m also now a key-holder for the office – something else I don’t actually mind, and have done plenty of times before – but again it’s that responsibility, that trust which I still find surprising. I shouldn’t, but I do.

The final piece of this has started this week, as we’ve now got a new developer on board so I’m now in charge of a team of three developers, having to set up all the infrastructure for development areas, change control, training, documentation, everything. I’m responsible for two other people’s jobs as well as my own. That’s the scary bit – in the case of the new developer, I’ve been the one to interview him, I’m the one who’s said he’ll do the job. If I’m wrong, then he’s going to go, and won’t necessarily have anything to go to.

It’s all a bit of a leap into the – what? It’s not unknown, I’ve run small teams before, and run other businesses before I got back into IT and Web stuff. But it’s a big leap for me all the same, from where I was working last year as sole developer for one of the local councils, and now I’ve got a team, a set of plans, and a whole shitload of work.

Weird the way things work out sometimes, isn’t it?

Following on from the post a while back about Toyota Ireland sending out a marketing email with all the addresses CCd in instead of BCCd, I’ve had a couple more instances this week of email fuckwittage.

First of all, an email from a recruiter at Modis International (an Agency I dealt with once) who pimped out an email again using CC instead of BCC to throw it to loads of people. Even better, there were a number of fuckwits who then exacerbated the situation by using ‘Reply to All’ rather than ‘Reply’, and thus ended up spamming everyone themselves.

The second instance is even better though – at work, we’ve been setting up a secure site with SSL, and the company being used for the SSL certificate tried to email the equivalent of me@www.site.com instead of me@site.com . And tried it three times, without understanding what the problem was.

So all told, it’s been a bit of a week for fuckwits.

Over the weekend, I completed – and sent off – my Self-Assessment Tax Return to Your Friends And Mine at HMCE.  The deadline for receiving them is October 31st (i.e. this Saturday) so I’ve only just scraped it this year, having been really really good with it last year.

I know, I could do it all online, and have ’til January 31st to fill it in etc. – but I still don’t trust the online system. I wrote about this a couple of years back, and my feelings are still the same. Mainly, I’m happy to spend the money and use the Special Delivery stuff to get the tax return in – it just means I’ve got a signed confirmation that the Tax Return has been received where it’s been sent.  I’ve been bitten by that before, the entire “Oh no, we haven’t received it” from HMCE. Of course, if you say you haven’t received something from them, it’s a case of “Well we sent it, so you must have received it”, but it’s not the same thing when it’s time to send stuff to them.

Basically, when it comes to sending documents to HMCE, it always pays to be paranoid. Always assume that they are either :

1. Vindictive
2. Inefficient beyond the dreams of man
3. Both

and you’ll be OK.

It’s because of that – OK, it’s partly because of that – that I still don’t trust the online submission of tax returns. Yes, you can be pretty sure they’ve received it – but when it comes to HMRC, “pretty sure” simply isn’t sure enough. I feel the same way about HMCE’s online submission as I do about the people who store all their important data/files with Google, Amazon or some other internet cloud-based server – in other words, “Expect it to get lost. Expect it to get hacked.”

My tax return is on paper. Yes, I know it’ll end up being clocked in to the HMCE ‘System’. That’s fine. But letting their system be the only place it’s held? Sod that. I’ve got a photocopy of the tax return. I know where the figures came from, and I’ve got them recorded. I expect HMCE’s copy of the document to get lost, edited, hacked or mislaid. If/when it happens, I’ve got my own hard-copy backup.  If you’ve done all the calculations on-line and not printed out the results (or even better, screenshots) and/or received confirmation from the system of those figures, what proof have you got of what you filled in?

Even if it’s simply that the electronic version gets corrupted, if HMCE also have it on paper then there’s some way they can recover the information without me even needing to be involved. If they only have an electronic version, then lots of people are going to be screwed if anything does happen.

So while I can, I’ll stick with doing my tax return on paper and sending it in to them. When they eventually go to “Online only”, I’ll still make sure I’ve got a printout of the entire thing, along with all the figures I’ve used to calculate it.

Call me paranoid, I don’t mind. Frankly, I’ve been kicked in the nuts by HMCE too many times to not be paranoid. And that’s not paranoia – that’s just common sense.

Of course, you also have to bear in mind that 911 was the main emergency number in the US well before the advent of 9/11, (or 11/9 – whichever you prefer) and there was always speculation that the date was chosen for exactly that reason.

As a result, I suspect there might be a few security agencies wondering whether 9/9/9 might be planned to be of similar significance/utilityin the UK…

I still find it hard to understand the certainty of the Government and Security Forces that terrorist attacks will happen again on aeroplanes. Maybe they know something I don’t.

To me, security – or at least the perception of security – comes about through making easy targets into harder targets. When it comes to home security, we don’t look at making our houses completely thief-proof. We look at making them into a harder target than my neighbours.

In my opinion, people in general – whether it be your everyday office worker, a burglar, a politician, or a terrorist – are lazy. They’re not going to do something difficult if they can do something easy.

On the terrorism front, airports are (in theory at least) the hardest target around now. Bear in mind though that I’m still a firm believer in ‘Security Theatre‘ – so airports at least appear to be the hardest target. They’re certainly more hassle than (for example) sitting on a bus or a train.

So I find it hard to understand that conviction that planes are still the prime target. Personally I’d probably be trying to look at anything but planes and airports.