News and comment <

Travel advice

2026/03/13 - Apple still at their old games....
Yesterday, I read this.

I would imagine there are a lot of Apple FanBois and FanGrrls who are so excited that once again Apple tell everybody they are the best at privacy and security. Indeed, I received the notification from three different sources, including one which specifically knocked my historical admiration for BlackBerry devices.

Here's the thing. (Linked to a search engine - choose your own providence!)

I'd like to think that Apple did not consider BlackBerry 10 devices to be "consumer" devices? Except I - along with millions of others - were "consumers". I had a BlackBerry Passport. Millions of others had them. And others had the Z10 and the Q10. They were all perfectly functional devices that relied on no further infrastructure. To my mind, therefore, they were consumer devices.

But no. I suspect Apple just hope that the rest of the world doesn't remember BlackBerry 10. The fact remains that some of us do. Even ignoring the fact that the Passport remains one of the most functional devices that I have ever used (and I miss), it had approval for NATO Restricted almost 15 years before Apple decided to tell the world they were the first.

For the sake of telling a complete story, I should point out sideband attack detection and protection in BlackBerry 7.1 was better (it had a removable battery for one) but there was a reason the UK Government used BlackBerry devices for HMG Restricted (and some HMG Confidential - but that's another story) at the time Apple were struggling to certify their crypto module. (And for the avoidance of doubt, IOS6 had to be approved for Restricted because so many people just wanted an iPad or an iPhone - the residual risks were broadly catastrophic and the management was non-existant!)

History is written by the victors, and in this case the benefit to their "consumers" is nil.

2026/03/11 - Internet Watch Foundation TALK checklist.
It's all very well to sit in a high tower and criticise those who do not understand the internet or kids and their attempts to "ban the internet". Fundamentally, we all want to keep our kids and vulnerable members of society safe, it's just we disagree on how that is best achieved.

More years ago than I care to remember, I recall getting the watch-lists from a very early version of the Internet Watch Foundation (IWF) to remove illegal content from our NNTP News Server.

Today, I watched an interview with Ngaire Alexander from the modern-day IWF. What she said was refreshing and encouraged openness, responsibility and learning. I'm delighted the IWF continue to offer practical advice on internet safety.

Here is their advice.

And yesterday, I discovered that the knee-jerk reaction of "think-of-the-kids" has it's own law (NSFW) - like Murphy's Law.

2026/03/06 - Privacy when you are the product.
Fascinating article on privacy from the Beeb.

2026/02/22 - The future of this website - Part One.
In the coming months, there will be some changes to this website. The first starts this week as we migrate everything to use the BLADESEC.NET domain. If you receive any e-mail, or visit a website that uses an almost similar domain name. It's simply not us.

And for the avoidance of doubt, MR-MAIL.NET and MOON-RAVEN.CO.UK will continue to operate. There are no plans to migrate them.

In the coming months, we shall stop serving off HTTPS too - but that's still a wee while away.

2026/02/21 - All that is wrong with people on the web.
This brilliantly sums up everything that is wrong with people on the web in a motoring column. Clever people - with a good reason - make a plausible camper design and release it to the web-enabled masses. Those same masses run with it, generating their own AI-slop, and one US-based journalist lying and saying that they had driven something that simply does not exist in the real world.

2026/02/17 - Kids and VPNs.
It's almost like Mr Starmer reads this website.

Peers signalled their intention to for kids to be banned from social media platforms. We speculated that VPNs would be next. And there it is.

A three month consultation is thought to be a more likely outcome, but I would wager it will make little difference. Government has to be seen to do something about the cultural, parental and societal problem with social media and those under the age of sixteen can't vote. That makes them an easy target to victimise.

This whole situation just goes from bad to worse.

I note in the article linked to above, that DSIT want to ensure that "children have a healthy experience online". They are assuming that "online" is a healthy place to be in the first place. It's not. It never has been. It is a virtual world with both good and bad - just like this one.

The two are intrinsically linked and each is critically important to the other. The virtual world - like this one - brings far more good than bad. It is, however, a fundamentally flawed assumption that the Internet is universally a "good place".

In the same way that the real world comes with dangers that parents and teachers educate and explain, the virtual world is exactly the same - but seemingly without the learned experience. It's too easy for parents and guardians to stick a tablet in front of their kids in order to gain an hour of peace. It's too easy to let your kid use private messaging as a consequence of peer pressure. The next step is letting them set up a social media account before they are technically old enough. And all of this occurs without understanding, education, support and explanation.

This is the root of all that is wrong that now needs fixing. But no. Let's just ban the kids from using this stuff. Let's apply a physical control to the virtual world. Because that always works and kids will never try to circumvent that, will they?

It does not work and the people who will be affected will be some of the most vulnerable souls we know.

2026/02/16 - Scotland win the Calcutta Cup.
Having bounced back from their drubbing by Italy, the tables were turned and Scotland completely dominated England. The last time Scotland won - back in 2024 - I missed the beginning of the match because we were on a ferry returning from Stornoway. This time, I was safely ensconced in a pub in Stornoway with Suilly at my feet and nothing better to do.

Possibly an indication of things to come?

2026/02/05 - Kids and social media.
A few weeks ago, opposition peers in the House of Lords supported legislation to ban under-16s in the UK from social media platforms. It is clear that with this, it highlights how desperately poor government is when it comes to understanding (i) kids, (ii) how the Internet works, (iii) what went wrong with the Online Safety Act; and (iv) kids (again).

Banning is an apparently easy solution to a complex problem that society's mindless and selfish adoption of social media has led to. Banning it simply won't work, and we'll see another surge in VPN usage. This may potentially result in demands for that legitimate security-enforcing technology to be banned too - for all the wrong reasons. And how do you explain to kids that have had perhaps three years of legitimate social media access that they're no longer mature enough to access it?

Society let the problem be created. It largely took Elon Musk's purchase of Xitter for society to begin to doubt it's value. Factor in all the Russian and Chinese mis-information bots, and all the AI-slop, and it's clear the benefit to society from social media has been devalued almost entirely leaving the sharn to float to the top. Society needs to fix the problem through education and definitely not a blanket ban. After all, kids would never use their better knowledge of technology to circumvent a stupid rule, just because it's against the law, would they?
--
2026/02/09 - Updated to improve legibility.

2026/01/14 - News round up.
Things have been a bit busy since the turn of the year preparing for some excellent news that will be announced shortly. As a consequence, we missed some really important news items:-

• The UK Government has exempted itself from the new Cyber Security and Resilience Bill. When those in authority say "do as I say, not as I do", you are on a very slippery slope to losing all accountability.
• And the UK Government has fragmented it's approach to IA again - with added AI. What role does the Government Cyber Unit have over GCHQ, NCSC, various factions within the Home Office and Cabinet Office, various devolved administration functions and a whole raft of arms-length organisations? This will end up as a land grab for power, but ultimately confusion over responsibility. No. Just no.
• Forty years ago, the Hacker's Manifesto was written. Is this a note of things to come?
• In some good news, the Government has made their thirteenth or fourteenth U-Turn and announced that the non-manifesto, optional, but mandatory for employment, Digital ID has been canned.

2026/01/01 - Happy new year.
As mentioned previously, the first of January, has brought a significant change to the website. Undoubtedly, the referencing of things in the past-tense and the notice of not accepting work or referrals will bring about a lot of questions:-

Firstly: BladeSec IA still exists - and will do at least for a little while yet. All existing contracts will be honoured and delivered in the relentless and passionate way that we do things.

Secondly: No, we are not accepting any new work. Sorry. It doesn't matter who sent you here, what assurance issues you have. We are no longer the security consultancy of last resort for you.

Third: Other than Suilly, the security card shed dog, who had an operation to stabilise his knee back in October, we are all in excellent physical health - especially given the time of the year.

Finally: All good things come to an end, and it is the turn of BladeSec IA to fade to black. The Principles that we lived and died on are no more. Whilst it does break my heart, we did make it to our fourteenth year. I recognise now those values we judged ourselves on are simply lost. It has been a hell of a journey, but fundamentally I am out of fight and the situation has been compounded by circumstances.

The industry is crying out for new IA professionals, with numerous industry journals highlighting massive skills shortages. The government is seemingly prioritising the creation of a "cyber industry" (not to mention an AI one!) at the expense of developing those of us that have been round the loop before. We have endless experience, but it doesn't matter. Better to do assurance by "one-size-fits-all" (Cyber Essentials) or spreadsheet (the Cyber Assurance Framework and it's variations). Create guidance that "security practitioners" can deliver with little or no experience, and there is no doubt that it's being dumbed down.

In the face of increased threat the current situation makes no sense to me and as I said, I am all out of fight. There are only so many times you can kick a dog before he stops coming back and I have been kicked black and blue this last 12 months.

I don't do the cult of the celebrity. I am not good at self promotion and saying, "Look at me". Over thirty years, I have led by example, with my actions showing my integrity, fairness and honesty. I have not talked about many things, because I couldn't and that won't change.

In the coming months, there will be some things that we need to sort out - not least of which, what gets done with Travel advice. And we know how popular some of the news and comment has become, so we'll leave that up for the time being, with the proviso that they represent solely my personal views unless otherwise specifically stated.

All that remains to be said, is "happy new year" to you and yours and watch this space. It's going to be an awfully big adventure for me and mine.