Posts by Graham Cobb 1464 publicly visible posts • joined 13 May 2009
Unlike you, I don't consider myself an expert on cryptography (although I did meet Phil Zimmermann once - in 1979 I think).
However, my point is to get Meta, with their effectively infinite amount of money, to pay some real experts to create real, open source, cryptography integrated with WA and to solve the key distribution problem as well, so it is both as open as, and effective as, encrypted email is today (hopefully better).
This is a good message from the boss of WhatsApp. However, he knows as well as we do that governments will eventually just impose these requirements on them, despite what he says, and that they will have no choice but to implement the demands.
What we need is for Meta to put its money where its mouth is:
1) Provide an open API which makes it easy for 3rd party apps to send messages using WhatsApp and to handle displaying received messages. Allow a good, integrated user experience to be provided by a 3rd party app with integration with WhatsApp contact lists, etc.
2) Sponsor a standardised way for 3rd party apps to handle encryption - like GPG email - to allow interoperation so we can each choose our own app and publish keys like we do for email.
This would take a tiny amount of effort from them, would enable them to dodge these sorts of requirements, and avoid people moving to smaller, niche messaging systems.
P.S. While they are about it: providing an easy-to-use GPG email app on their platforms, integrated with WhatsApp and Facebook messaging as well as SMTP email, would be useful.
This doesn't help with your specific problem but the best way to do calendar sync nowadays is definitely to use a CalDAV server. Most phones support CalDAV (built-in on Apple, DAVx5 works well for me on Android). Built-in on TB (I think - I am certainly using it on TB).
The downside is that you need a CalDAV server to actually store the data. Owncloud/Nextcloud work well if you can host your own server. Otherwise, there are some commercial companies that provide them. I have heard people say that Google Calendar provides a free CalDAV server, but I don't use Google services so I don't know.
Similarly, CardDAV is the best option for address book sync nowadays.
Phishing is a very hard problem to solve. The problem isn't IPFS (as the article says, there are other content-addressable networks and other ways to hide malicious content). The problem is that today's anti-phishing tools are not fit-for-purpose and take shortcuts which the phishers will always find ways to get around.
In my opinion, the only ways to address the phishing problem are:
1) Train, train and keep on training users. To spot the phishing and to understand the real risks and impact to the company. You need to train users to never click on links in mail and enter a password - however legit the mail looks. Always go back to their own browser bookmarks (or the company internal home page directory) to visit sites. And keep training them with surprise tests every few weeks. Yes they will moan, and they will be right when they say "this test was too simplistic, too easy to spot, I am never that stupid" - but the continual reminders help keep the problem in their minds.
2) Reduce the impact of users giving away passwords. Particularly make sure that any important systems have MFA so acquiring a password through phishing won't help the attacker much.
Well, if it's really infinite, everything has already happened.
That is so wrong.
There is really very little that is special about an infinite universe. If the universe is infinite, that does not imply that everything which could exist or occur does exist or occur in that universe. It only requires that at least an infinity of things exist or occur.
To see this, consider the mathematical set of the rational numbers. That set is infinite. But it is easy to prove that it does not contain the square root of 2.
Or, simpler still, consider the set of prime numbers - that is an infinite set but it only contains a tiny subset of numbers. No "4" for example.
As a final counter-example, imagine an infinite version of our universe. And assume it really does contain not just an infinity of things but everything possible... Then take out Harlow. It hasn't suddenly become finite: it still contains an infinity of other stuff.
But it doesn't contain Harlow.
Er... Isn't that exactly the point? Of course the current models are wrong - everyone knows a more fundamental model is needed. The point is to get more data to refine the next iteration of the model.
And, guess what, that will be wrong too. There is a meaningful philosophical question about whether we could ever gather together enough energy to work out how the universe really behaves without needing to destroy the universe itself in doing it. But LHC is nowhere near that yet, so many more slightly better but still wrong models to come!
I am just hoping we can get as far as a model which reasonably unifies Gravity and Quantum Mechanics (although it will still have many, many inconsistencies at higher energies than we can generate).
I just can't believe that these NHS Trusts were naive enough to put values on these shares! Startup company shares have no value at all unless you have a buyer offering money for them. Surely these trusts have (a) professional financial advisors, (b) accountants and (c) auditors to tell them that.
Please tell me that no one let them create budgets or plans based on those supposed "share values"!
Anti-freedom measures such as these, which are intended to give politicans control of what people see and can discuss are the reason that platforms (Twitter, Facebook, etc) urgently need to die and be replaced by protocols (like web, mail, messaging, etc).
It certainly isn't just India which is a problem. Virtually every government in the world wants to regulate speech on the Internet. Not just the "usual suspects" (Russia, China, Brazil, Vietnam, ...) but the EU, US, UK, Australia, etc all have created similar laws. This has to stop. If we value democracy and freedom of speech then we need to urgently democratise and open up social media so there are no gatekeepers.
Give us your opinion on the many thousands of coal miners killed by lung disease. Oh, they're working class so it's not important?
Better still... instead of throwing meaningless headlines around, do some real calculations on lives lost/impacted per megawatt-hour from different energy policies.
I disagree with the idea of AI's as inventors as you do, but you make a careless error in your post.
"Round corners" is not a patent. It is an example of a "design patent" which is a completely different concept, similar to a copyright, which happens to include the word "patent" because the word "patent" doesn't come from intellectual property law, it means a certificate or right granted by a government - any right.
"Patents" and "design patents" are different things. So much so that other countries avoid the confusion - for example in the UK "design patents" are called "registered designs".
I have to say, I find the idea of transparency about moderation rules appealing.
Of course. I expect everyone here does. Just as everyone here finds the idea of a voting system which reflects the will of the public appealing.
It is just a shame that both are impossible.
Kenneth Arrow famously proved mathematically that a completely fair voting system is impossible.
No one has yet proved fair moderation is impossible, but Mike Masnick has written several informative articles about the problem. I recommend them.
All the social media companies can, and do, provide all the information they have to identify a user once a court has ordered it. No company has ever refused to do that (although some value their users' anonymity higher and choose to dispute such orders in courts - but they act if the court system eventually makes the order).
I hope you are not saying that users should be forced to provide identification before being allowed to speak on social media? There is a reason anonymous public free speech is allowed and the reason is in the word "freedom".
The "curated feed" is just Facebook doing what its users want: they want posts that are most interesting to them. If you don't like the way Facebook curate your feed, stop using Facebook. Don't complain about the way they curate other people's feeds: either they are doing what their users want or they aren't and will lose users. It still doesn't open them to any liability - that remains clearly with the author.
And as for your comments on moderation... just go and do some real research before repeating them. You obviously have completely missed the scale of the problem.
For the user to be responsible in court for what they say surely means that the user must be known to the court, and under the court's jurisdiction.
No. It does not.
If I post a libellous message on a nearby telegraph pole in the middle of the night with no one seeing me, that doesn't make me any less responsible for it. It just might make me harder to find and prosecute.
Similarly, if I do the same thing posting on the village noticeboard on the village green. In that case, of course, the owner of the noticeboard is allowed to remove it if they wish.
"The free press" is mostly, nowadays, a way for people rich enough to own newspapers to promote their views. Even 50 years ago, some press barons tried harder than others to publish more news and less comment, but they are almost all just opinion nowadays.
The role of the "free press" in protecting freedom has pretty much been replaced by the internet nowadays, at least in those countries where internet access is widespread and reasonably open. Social media is part of that, but only part. Many, many campaign groups (some narrowly focused like, say, Humanists UK or Big Brother Watch, others much broader like Liberty or the National Front) use the internet to spread their views and organise their campaigns. That applies equally across the political spectrum.
No one gets to censor those campaign groups' emails - whatever opinion they express, however hateful they are.
I don't see any logical necessity that they can't be a third status (which, in fact, they are today under US law): a private company operating a bulletin board which can choose to allow, or not, any post they choose on their bulletin board, and yet the authors are liable for what they post.
The bulletin board operator clearly cannot determine legal issues of whether something is legally permitted or not: the author is responsible in court for what they say. Equally, the bulletin board operator may exercise whatever editorial decisions they like: if they only want to allow discussion of the Buffyverse on their bulletin board that is their choice.
It is common, of course, for hardware vendors to sponsor integration labs with software partners to help sell solutions (as opposed to components).
Like most hardware suppliers, Samsung are already a significant contributor to the Linux kernel for technologies which allow their hardware to perform best. Enlightened self-interest from hardware vendors is what drives much modern kernel development.
It doesn't even have to fit. It looks to me like the screen is taped to the box behind it. I'm guessing the prototype motherboard is inside the box - for ease of access and making hardware fixes if nothing else. If I was in the early stages of prototyping a new laptop I wouldn't want to have to dismantle it every time I wanted to swap in a new rev of a chip.
This is probably the (low clock speed) prototype they gave the test guys to try using it like a real laptop and report on what fails ("the Rev 13B chip fixes the annoying flicker in the top left of the screen but the random disk errors that were fixed after Rev 12 are back").
Yes and no. The basic Win95 UI concepts and building blocks (window decorations, menu navigation, etc) are fine, but the desktop was pretty horrible. I couldn't live now without my two popup side panels - which appear when I move the cursor to left (controls and system status) or right (window list) edges - and I certainly won't tolerate a bottom panel (vertical space is in such short supply!). I also make a lot of use of my 4 virtual desktops - one just dedicated to emacs, another for terminal windows on all my systems.
1. HOPEFULLY = ADVERB
2. HOPEFULLY is shorthand for "I am hopeful that..."
It is a standard part of English, whether you choose to use it or not. And even those who do not use it know what it means, as there is no ambiguity between the two meanings as they are, as you spotted, different parts of speech.
I have no opinion on whether it is practical or even desirable.
I just pointed out that "There is a massive amount of interest and discussion about fully autonomous commercial shipping", which is undeniable (that IMO URL was in a section called "Hot Topics", after all).
And when that level of interest happens, there are always people circulating to make money off the topic. I assume that is what IBM wanted to do (as well as conduct some interesting research). It is a shame that they have been let down by the boring mechanical engineering and not had a chance to do the interesting parts of the research.
Its not clear the industry agrees with you... https://www.imo.org/en/MediaCentre/HotTopics/Pages/Autonomous-shipping.aspx
Personally, I think the main real goal is to get rid of expensive people like Masters and just have a couple of maintenance people on board recruited for almost no money in low-wage countries.
There is a massive amount of interest and discussion about fully autonomous commercial shipping. Don't forget that most of the world's trade still travels on ships. and they take a relatively long time to cross the oceans. The shipping companies want to get rid of crews but there is (rightly) big concern over the legal and ethical issues (maritime law has been around a long time). As well as practical issues of how loss rates would change (would there be more accidents and losses, or fewer?).
It is a shame that this project seems to have been let down by the mechanical engineering. And embarrassing for IBM to have their name associated with i!
Yes. The criminals will use illegal strong encryption (coupled with needle-in-a-haystack services such as IPFS).
The rest of us, including professionals such as doctors, financial advisors, lawyers, politicians, charities and journalists, as well as activists and campaigners, will lose our privacy.
I think that, unfortunately, VMS clustering had different goals from today's PI clusters (generally).
The primary goal of VMS clustering was to allow shared filesystem access: disk files could be shared transparently, efficiently and safely from any cluster node (and tolerating failures in nodes and interconnect). The primary mechanism for achieving this was the distributed lock manager, but combined with significant re-engineering of the filesystem code. It was optimised for fast, LAN connectivity between the cluster members.
Of course, lots of other things were also made to work cluster-wide (particularly later) but filesystem sharing was the main driver.
In the Linux world, shared access to the same file (even without clustering) is very rare. In most cases (such as databases) a daemon process owns the file access. In effect, VMS has the same daemon, of course, but it was built into the kernel (in Exec mode) and an integral part of the clustering software. So, VMS-style clustering would not really be a kernel feature in Linux.
Of course, there are cluster filesystems on Linux. These are typically aimed at wider area sharing - so have different tradeoffs - and do not (mostly) include a distributed lock manager (such things also exist separately as well, of course).
I'm not at all sure that VMS-style clustering helps very much with the scenarios that Pi-clustering is being used for. But I am not in the Pi community.
Unfortunately Phase V wasn't exactly OSI. OSI networking had got bogged down in the standards process so Phase V was an "intercept" (meaning - it had to ship so we made guesses as to the standard). The network layer was close, and some of the applications (like X.400) came later and so were fully standardised, but others were way off (CMIP, for example).
But X.400 and X.500 were notoriously difficult to get interoperating even with fully compliant implementations.
There is a reason Radia Perlman (one of the main DECnet Routing architects) wrote her PhD thesis on Byzantine Routing failures (faulty or malicious nodes disrupting Routing). DEC's own DEcnet was probably the largest network dependent on fully-automatic routing at the time (although Arpanet was bigger, it was more hierarchical and less automated in those days before OSPF and IS-IS were created).
See http://www.vendian.org/mncharity/dir3/perlman_thesis/ for the thesis.
Yes, a really bizarre thing to say. I started working on apps with the Nokia 770 (over 15 years ago!). I put a lot of effort into the GPE personal organizer app, and many users of the 770 found it extremely useful.
It was completely free. Maintained and developed by a small group of people. And certainly not useless - in fact it was pretty critical to making the 770 a viable product for Nokia and leading to the followon Internet Tablet products.
I've never really used Windows for anything serious (my history is RSX->VMS->Linux, when not working on embedded systems) but I am impressed with Powershell for its ability to work with objects and collections as basic building blocks.
The ability to pipe around objects, instead of just character streams, along with primitives to allow constructs like "for each" and "case" switching based on class in a standardised way would be very useful improvements to bash.
No. They did it because that is what Mozilla chose to require.
Of course, in the the real world most people ignore licence agreements and "just get on with things". But don't blame Debian when it was Mozilla's choice to require Debian to use a different name.
Actually, I might welcome some calculating, or even thinking, politicians. There seems to be no foresight, no planning, certainly no analysis - not even any listening!
It is all just "wheeeee! We did it! We are in charge!! Stop asking difficult questions and pass the lemonade!" You would expect them to put even a tiny bit of thought into the likelihood of winning the next election but not even that seems to trouble them.
I have disagreed with "nondom" status for many years. I'm not convinced that the country really benefits from allowing those wealthy people to live here without playing by the same rules that everyone else here has to. I seem to remember the Labour government introduced them because of threats by international rock stars and sports people to live abroad. Fine if that's what they want to do. The tax rules should be the same for everyone.
However, it is particularly stupid for a politican to be using such controversial loopholes. And it should be illegal when said politician is in charge of the loopholes! A clear and obvious conflict of interest that should have disqualified Sunak from being a minister, let alone Chancellor of the Exchequer. (As well as an obvious own goal the Conservative Party should have realised would bite them)
Yes, but the companies likely to offer the "master integrator" role are probably the same companies the DoD are trying to bypass with OpenRAN. Ericsson, Nokia, Huawei, ZTE, Fujitsu and NEC. Some of those have more to win/lose with OpenRAN than others but they will all claim to be the best company to integrate it for you.
I have no problem with you deciding to avoid any company you choose (I have several I will not do business with). However, I do not think Huawei were responsible for the collapse of Nortel.
Plain old mismanagement, plus the interference of politicians, I think. Much like, for those of us a generation older, GEC/Plessey/Ferranti/Marconi in the UK.
Frankly I am really surprised that there are any IT professionals left using the same email address for different personal-use registrations. Even my resolutely non-technical friends have mostly now understood the advantage in appending ".companyname" to the email address they hand out for any registration and are using it for all new registrations.
My current battle is to get them all to use password managers for every website so they no longer need to choose or remember passwords.
The list of security standards in the article (and, presumably, in the underlying press release) are all very well, but they tell us nothing about the real security implications of the service.
In particular, does it allow for user choice, information and identity selection?
Choice: I need to know to whom I am connecting and be asked to authorise it. I certainly won't allow my device to connect to random networks, whoever they may be affiliated with. Nor will I allow it to connect automatically without asking me.
Information: I need to know who is running the network, what their privacy and other policies are, how it is paid for (are they selling me or am I paying directly), what restrictions, monitoring and filtering are in place. Are there restrictions on use of VPNs or other security tools? What information do they remember if I connect to them again in the future? What do they pass to other providers in the scheme?
Identity: I interact with almost all commercial (and some government) entities with different identities (different mail addresses, no 3rd party cookies or scripts). Which identity is my device going to use to interact with this network? How do I tell it which one to use?
E2EE is not terribly hard to implement. If the major services are banned from offering it then first there will be some smaller players offering it (such as Signal). If those are banned as well then there will be FOSS packages to make it easy to operate your own private E2EE network - handily packaged for your local terrorist cell to start using. Sure key distribution is hard, but the only people who will suffer from that are ordinary law-abiding people. The horsemen of the apocalypse will be happy to spend time and money doing secure key distribution for their illegal stuff. The only people who will suffer are the law-abiding.
And if that happens, then all the lovely traffic data that is visible today will disappear underground as well.
I disagree. The changes to the International Salvage Convention in 1989 were specifically to incentivize the (very similar) problem of encouraging salvors to address the very hard, risky, and unprofitable problem of oil pollution.
Previously they only attempted salvage if they would be able to recover either the ship or the contents. The changes encouraged them to address the marine equivalent of "bolt-sized bits of flying junk".
It may be that an initial step would be to do something to make sure that insurers for today's launches will feel great pain if they contribute to the mess, to cause them to drive the industry to solve the problem with a suitable international salvage treaty.
Yes - future users of space pay to clear up the mess left behind, so that they reduce the risk of their equipment being damaged. It is in their interest.
There is little risk of launches not paying their dues. Not only are there plenty of other examples of internationally funded services which are in everyone interests to contribute to, anyone launching without paying will find that the scalpers will quickly spot that it is easiest to collect their money on sending stuff back down before it has had a chance to reach a high orbit or deploy its payload.
So, can't we incentivize private companies to do this? In the seas, we have the concept of salvage, with the extension of the International Salvage Convention in 1989 to guarantee payments to salvors who try to prevent environmental damage.
Can't we set up a process for space salvage, to provide an economic reward to those who succeed in cleaning up space junk? Maybe based on the mass of material they manage to collect and can demonstrate to have caused to burn up in the atmosphere? The scheme would be international (like the International Salvage Convention) and would be funded by a tax on launches (proportional to their mass).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
