Re: Will it work?
"The reliable, high quality of the beans these people secure" -- Some Starbucks employee
Well, if only you guys would turn the damn roasters off a bit sooner, we might be able to tell if that's true.
3577 publicly visible posts • joined 14 Nov 2007
"You have zero privacy anyway. Get over it."
Provably false. Do you know everything about Scott McNeally? Can you even find out everything about him? No. Privacy is a matter of degree: nearly no-one has absolute privacy and nearly no-one has no privacy at all. Blanket statements like this are just attractive soundbites --- any more than superficial analysis shows them to be fundamentally unhelpful in any mature debate about how much privacy we can reasonably expect in various circumstances.
" This is why the whole certificate concept is flawed" -- AC
There are some problems with certificates, but expiry isn't really one of them. It's nothing like DRM orphans; certificate expiry is virtually a cryptographic necessity.
There's a lot of dates companies need to remember: tax returns, profit filings, public holidays, audit points, backup schedules, etc. etc. --- it's really not too onerous to track certificate expiry dates.
If all that was needed was Timestamp (you forgot that) and another 8 bytes to store two IP4 addresses, you might indeed get to no more than a dozen bytes per record. But there's a hell of a lot more going on than one connection per site, just have a look at your own connection log. (And remember all that DNS activity, as well as DHCP, as well as all the other various network activity your computer is doing even when you are not browsing.)
But the thing is, 2 IP4s and a Timestamp would be worthless for the purposes of the IPB. It's a lose-lose --- either the data collection is indeed this small or it includes quite a lot more information. In the former case, the legislation is of much less utility than claimed, and in the latter it is of much greater intrusiveness than claimed.
... do your duty as a UK citizen.
I intend to. If this bill gets passed, all internet connections from this household will be summarised by a single Internet Connection Record per year.
2016-01-01 00:00:00 connection to xyz.vpn.ch:443
... approx 200TB data transferred
2017-01-01 00:00:00 connection to xyz.vpn.ch:443
"Worse this puts a pressure on the criminals to improve what they are doing" -- AC
But it does relieve pressure on the poor terrorists; after all, the security services were already too busy to prevent people on their watch lists from committing terrorist acts, so once there are very many more leads the terrorists can shelter in a very much lower signal-to-noise environment.
A 99.99% effective terrorist spotting algorithm is going to give you at least 10,000 UK suspects. It's going to require about 90,000 field agents and at least 10,000 support staff to watch them 24x7; the salary costs alone would be around five billion pounds sterling per year.
"that particular colour blindness is male chromosome linked" -- AC
Doesn't mean it doesn't affect females, just that the proportion of affected females in the population is the (smaller) square of the proportion of the affected males: e.g. if 10% of males are X-linked R/G colourblind, 1% of females are (because 0.1 * 0.1 = 0.01).
"Except that councils will also have access, And other bodies too" -- Vimes
Yep: the Department for Work and Pensions; the Department for Transport;the Health and Safety Executive; NHS Trusts; the Department of Health; the Gambling Commission ... etc.
Now, if it's to stop terrorism, only a small list is required: secret services; home office; etc. If it's to stop crime, only the police forces need to be added. Why the hell are all these other bodies on the list? If they have a need for the information to resolve crimes, why can't they go through the police?
"In most countries we live with typically a 10 to 100 times greater risk of being killed on the roads than by a murder" -- Paul Crawford
Well in the UK, road deaths have run at a rough average of 3k/yr since 2000 (although have dropped to just over half that in the last few years). In the same period terrorism has run at 5 per year (including the London 7/7 bombings). So you're talking more like 3-500 times greater risk for a road fatality. For heart disease and cancer we're talking about 150k each (forming about 60% of the annual death toll) --- these are 50,000 times more likely to get you than UK terrorism, which is right down there with the death toll from stinging insects.
@LucreLout the article is much longer than any instructions to sleeper agents would need to be. The problem with one time pad is, as with idiot code, the issue of key distribution. The thing about idiot code though, is that it doesn't even look like cipher text: a message saying that your friend is expecting triplets, but is still hoping for a home birth instead of going to a major hospital such as Reading and that the due date is April 23 may mean that you should attend a given meeting site / drop box at 16:23 on Tuesday and pick up some explosives.
" Landis pleaded guilty to felony counts of computer trespass, tampering with public records, and unlawful use of a computer.
Why?"
I'd hazard a guess at Plea Bargaining" -- they probably threatened to charge him with Terrorism and lock him up for 8,000 years unless he pleaded guilty to offences he didn't commit. I suspect the motivation for the prosecution would be that 'intent' is harder to prove.
Dear Supercillious Bleu
It is an understatement for "This is an extremely interesting result for everybody."
It is a euphemism for "FUCKING HELL, LOOK AT THIS!"
Sorry you were not able to grasp that, did you need the joke alert?
PS: I am not Little Mouse
Sorry, Dan but it IS bullying (I can use CAPS too).
If I were in charge of an operation to exploit the journo's interviews to track jihadis, there is NO WAY I would have seized the laptop in a highly public way. It would be no problem to subvert it, with no-one being any the wiser. That could likely, as more jihadis trust the journo, lead me to even more targets.
You got it right (accidentally) when you sad "bad people ... need to find out the consequences" -- in other words that the confiscation of the laptop is effectively some form of summary extra-judicial punishment of which you approve. This is the truth of the matter, they are sending a message.
If you really believe that (a) they need the contents of the laptop and (b) that the only way they can get it is a highly public seizure, you are an even greater fool than your ridiculous posts suggest.
"the judge refused to see the drone video or view the telemetry data both proving that the drone was above 200 feet" -- guyelec
If a shooter on the ground hit it with a shotgun round, it was almost certainly below 200 feet. Telemetry data and video, on the other hand, has no provenance - it could easily be from an earlier, higher altitude flypast or even a different drone.
[Edit: the original case report quotes the judge as saying that at least two witnesses report the drone flying below the tree line]
"There has been some misinformation that the government are somehow against encryption," the minister said, without elaborating further.
Well, I'm not sure it's tactful for a minister to say that it was actually his prime minister who was responsible for the said misinformation, which is probably why he did not elaborate further.
[Edit: Back on topic, what's the point of a kitemark? You cannot purchase anything without giving payment details, so the advice is one of two things (a) people should use one-off payment (bitcoin?) for everything or (b) companies that cannot safeguard such information should be prosecuted.]
"I particularly love the ones who can stare at a screen of hex and infer something important for the plot from it (beyond 'oh look, a bunch of hex')"
Do you remember that "Are you smart enough to be at GCHQ?" test some time back -- that had giveaway hex 0xDEAD 0xBEEF if I remember correctly that hinted that you should run it through a VM?
"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."
--- UK Data Protection Act
In what way is that not an obligation to encrypt?
"In which case dial 1471 or a friend's no. first to make sure the line has disconnected." -- Captain Badmouth
Not sure it's beyond the ability of a clever crim to fake the voice-synthesized response to 1471 -- I'd stick to calling a person whose voice (or whose response, e.g. "4As Taxis") you will recognise. Better still, use a mobile which cannot still be connected to the previous call.
I'm not sure why the calling party must hang up to disconnect the call on a landline, can this be fixed?
Can we start a campaign to make it illegal for outbound calling agents to ask security questions, and restrict them to giving names and/or reference numbers and a request to call back?
(Public Service Announcement)
It won't be popular with some companies with bad practices but tough.
"Never, ever, give an agent any details on the phone when they have called you. You don't know who they are unless you are the one making the call to a number whose provenance you trust"
* it might be best to call that number from another phone - you cannot be sure the dial tone you hear is not being played to you by an attacker who has not actually hung up
"There are a finite number of prime numbers that use 2048 or less bit" -- Wade Burchette
Finite yes, but also ENORMOUS.
The number of primes less than x, pi(x), is approximated by x / (log x-1) or more roughly, but more conveniently, x / (log x). For 1024 bits, x = 2^1024 which is about 10^308.
pi( 2^1024) ~= 10^308 / 1024 ~= 10^305. As there are probably only about 10^80 atoms in the universe, give or take a power of 10, no such list can exist, even for primes of 1024 bits. For 2048 bits you'd be looking at > 10^600!
So although you have to use primes (otherwise the encryption wouldn't work), "the finiteness" of the number of primes is not a problem. But I thought it was a reasonable question, so if you do get any downvotes, they weren't from me :-)
LOL, but; in the UK at least I think you could be prosecuted for drunk driving on the basis of that statement. IANALBIPOOTI and I think that Accessories and Abettors Act (1861) still has a relevant provision in force (much of the Act has been superseded by the Criminal Law Act 1967) that states:
"Whosoever shall aid, abet, counsel, or procure the commission of any indictable offence, whether the same be an offence at common law or by virtue of any Act passed or to be passed, shall be liable to be tried, indicted, and punished as a principal offender."
Hi, thanks for the clarification - brain not working well at the moment. I guess I'd accept 23GB/mo as a mobile limit for everything except 'landline replacement' use where wired broadband is not available. I'm a pretty heavy mobile data user, but I've not been over about 12GB/mo since a fiber deployment took our local speed from under 2Mb/s to about 30. Nevertheless, I agree it should not be called 'unlimited'