Posts by streaky

Re: It'll be fine

There's no way to get a deal with the EU. They're intransigent no matter how much it benefits them and have a habit of focusing on silly side issues at the expense of dealing with the core issue. There's no way they'll agree to any deal as far as I can see, and I doubt an extension will either be acceptable to either the EU or the UK electorate.

I'm fine with all this because I voted for Brexit and we don't want a deal, multilateral trade deals are abusive. Just saying if you think there's going to be UK access to the single market as it looks now you might need a reality check. Duties are the price that we pay for accessing markets.

As for manufacturers they're welcome to move out the UK - but they should recognise that duties apply both ways.

Re: perhaps itself encrypted with a key known only to law enforcement

My dear Streaky, PGP is very much a thing, You should google it.

Nono don't misunderstand, I know it's a thing, I'm telling you it doesn't work like you think it does.

"long-range combat search and rescue" is code for special forces ops.

"long-range high-speed delivery of mission essential spares and stores" - it's called a C-130 and they're cheaper to get off the ground, and shift more/bigger mass, faster, for way cheaper.

They're a pig to fly and easy to crash, which is why it happens often. Use a plane or use a heli, there's no requirement for in between for UK forces. There's might be for US forces but honestly I doubt it, there's a reason the US navy AND the secdef in the US were against the project - it's not really fit for purpose or really any other purpose. US army in the end smartly ran away screaming.

Re: Chekov here: my nyetwork

Curl in php-fpm reacted very badly to this. Thought it was me - used nscd as a workaround which solved it in the end but holy hell.

Re: The perfect Password

Brute force attacks do not care which characters humans use.

Yes, yes they do.

Iamsostupidthatiforgetmypasswords%^£thetime2000 is way - way - stronger than Iamsostupidthatiforgetmypasswordsallthetime2000.

Larger the key space the less feasible the attack. Adding an extra possible character increases the complexity by an order of magnitude. This stuff isn't even complicated.

It's a commission regulation. It's arguably worse in many respects, when the European Parliament tried to get the fines (modestly) increased the commission did the normal EU thing and took them out to the woodshed and bashed them with a 2x4 until they complied - and it's still enforced by the Art 29 clowns under a new name. Same shit, different day. Also it's going to be all on Ireland once again and they're - again - mysteriously (nothing to do with tax collected, obviously) not going to have the resources to deal with the issues that arise. It exists purely to annoy US companies and promote the *appearance* the commission recognises the existence of the Charter rather than actually give EU citizens any protections.

The day the UK manages to leverage itself out this shitshow...

Re: I'm sorry for my country.

Tell us all how we were supposed to put a decent person in the White House when both choices are horrible?

Devil's advocate: by understanding that one's reputation is caused by the other and might not, actually, be factual.

The fact that there's people still saying they're both as bad as each other is exactly how you get yourselves into this mess.

Using two separate hash functions on the same doc would do it to be fair. If you used say md5 AND sha-512 the changes of there being a collision in the same input in both functions is infinitesimally small. It's mathematically effectively zero.

Yeah it's not the intent of hashing in git, arguably a side effect to a certain standard though. I'd pay good money to see somebody produce a collision and the resulting file not be garbage mind - therefore it would detectable in other ways.

tr1ck5t3r is not mad.

He's certainly angry about.. something.. and the "mad" part is strongly debatable.

His points regarding the extent of digital information collection, surveillance and monitoring are spot on.

Corporations collect personal information. Spending habits, personal details, photos, phone and email details, browsing history to name just a handful. This info is easily obtained by the TLAs.

It's not *easily* obtained but it is obtainable. Those are not the same thing. The problem is what comes next...

The NSA/GCHQ et all are fully connected to all ISP backbones - your network traffic IS monitored.

This is partial truth. They've been and probably continue to be able to access traffic flows between key points in the internet infrastructure and the carriers have been and are complicit in that. Where it breaks down is the tin foil hatter response of they can actually monitor all this information for every person all the time. They have to get useful intel out of the data they collect, and they can't monitor every packet because the flows are obviously far too big for that level of data collection - it'd take a secondary parallel internet infrastructure to make that work and it simply doesn't exist. The fact it obviously can't work as an intelligence tool is the entire problem with it. If it worked it wouldn't be so easy to question it's existence but it missed key events like the Boston bombing and the (numerous) Paris attacks so why should we have to give up privacy for a system that can't possibly - and provably doesn't - work. There's no amount of funding that can make the system they've (apparently) been trying to put together actually be functional at doing this.

None of the above is in dispute - multiple sources not of the tinfoil hat brigade show this to be true. Just look at the revelations of Snowdon or any number of articles on El Reg.

Snowden docs never really stated this though, you have to be clear about what Snowden actually said and not reinterpret them to mean they have more capability than they really do. They've gone too far but we're in the zone of total capability on all devices at all times and nobody is safe and the agencies concerned clearly don't have that; and nobody has said that - including Snowden who was running rings around them at the end, and arguably continues to with fairly basic security measures, crypto being a key one.

Re: 20 year old PHP implementation?

I wouldn't trust a build of *any* interpreter from 20 years ago doesn't matter what you think of PHP. Running as root is moot - once somebody is in any common priv escalation and you're gold.

Re: On the plus side

Desktops seem to be more complicated than servers in my experience, never had a dist-upgrade fail on a servers but I see it all the time on desktops. Never really figured out why but they're usually fixable if you have even reasonably basic knowledge of linux.

Re: Er ...

Fourth Amendment isn't a right to privacy in explicit terms. It's a right not to have your person searched or say a server that belongs to you - and a warrant can break through that right if it's legally gained. You asked this whilst I was still mid thought stream on my original comment, see the edited version where I covered this.

The only thing that stands between that right and you being searched is probably cause, which is a very low bar. Lets not even get started on exigent circumstances in times of terrorist attack fears.

Re: Businesses fail all the time

The polite and non-exploitative thing to do would be to send an email and written/typed correspondence to clients telling them one is going under. Stop taking money from client bank accounts and advise the client to seek an alternative supplier for ALL the services they subscribe to. Suggesting alternative provider would be useful. And stating a date on which the services will terminate is essential.

This is the point at which "what would be polite" conflicts with the law. Once you know you're insolvent the law says you cease trading, and that includes sending out polite emails or allowing customers to make backups - or giving prior early notification. Not very nice it might be but it is the reality. Always backup your stuff.

Liquidators will screw you for this stuff and you will end up becoming a disqualified director if you're not careful.

"Home Office mandarins"

These guys aren't the problem here.

The problem is the security services asking for (as it's their right to do) more powers upon more powers. I'd never ever criticise them for wanting that because every power they get the more capable they are and that's fine for them to ask.

It's parliament's job to educate itself and find the line between what they actually need and the rights of people not to be watched 24/7 - and then enforce that decision - and they have neither the will or the means to do that job. It's being farmed out to the European Court system and that's a bad place to be when we're about to lose that system.

It's okay to have the occasional terrorist attack and it's also okay to send special forces in/use drones/carpet bomb/use nuclear weapons (delete as appropriate) to reduce the external threat to ensure the country doesn't have to lose the freedoms that have been so hard won.

TLD;DR: Government needs to get better at dealing with the security services and stop using the EU as a backstop in lieu of competence.

Re: Uhm

There's no evidence that's the case and the joys of an actual democracy rather than a pretend one: we can get ourselves a new government if they don't fix it.

Re: @Streaky First it's optional...

If so, then why haven't they already borken the windows telemetry?

I dunno maybe because they, y'know, have.

Why would AMD and Intel have to be on board and (b) why would microsoft have to remove other OSs?

Because it'd take a hardware security change to make this happen on general purpose computing devices that would have to come from processor manufacturers at a hardware level to be effective in a way the average toddler couldn't work around it. On the other OSes thing; probably because everybody (well, most) would jump ship to a company/community that wasn't trying to end general purpose computing in a way that - FWIW - Microsoft have not only never professed to interest in but also helped engineer in the first place.

IF it ever happens I'll be front and centre shouting Microsoft down but can we wait until Microsoft's board have caught up with your insinuations first?

Re: Can anyone prove SHA256 is any better?

You can already mathematically prove it's more expensive and time consuming - and to what degree. Once you physically prove the state of it you've by definition already found a collision and thereby proven that god doesn't exist.

Re: wishfull thinking

"I regularly pay for one-off fibre installs across Scandinavia and a price of tens of thousands of euros isn't uncommon"

But.. the UK isn't Scandinavian. FWIW the USO is the USO so the question, again, comes down to technology choices whilst doing that.

Re: Being a criminal has little to do with the list as given.

Is it when the NSA kicks the door in?

I'd tell them they're in the wrong country and to do one.

If it was the NCA or local po-po I'd tell them what they told my sister when her abusive ex found his way into her iTunes account and changed the password and added his own email address as a recovery address with proof who did it (not like according to the CMA this should result in multiple years in prison or anything) - there's nothing they can do.

On a more serious note - as somebody who's been a kid in the past - the point is this article is completely useless to its stated goal. These things are not there to be discovered by the incompetent - if you read this article and it's your only point of reference; you're in no position to judge if your kid is a hacker any more than you're in a position to judge if somebody has an aortic dissection from watching house episodes.

This stuff inevitably has negative consequences. Little Jimmy is a hacker because he likes computers and struggles to make IRL friends but belongs to a community of <insert game> players who accept him for who he is. Little Jimmy should be on restricted computer time so little Jimmy can't do whatever he's doing that's going to end with him getting gainful employment in tech fields over and above his peers who are all getting drunk in the local park and smoking weed. We can talk about it because we've been exactly here - and for the record if you think modern systems are more of a risky target than older systems you might be out of you mind - the only difference is there's more of them. I remember when credit cards didn't even have security codes printed on the back.

we're in a country now that allows the Food Standards Agency to ask my ISP what I Googled on February 14th 2017, and for them to then be told that I went on to a pornography website

If you were really this paranoid you'd know that the average 4 year old can make that return an empty list and you'd get on with it. The people who actually care (most of us work in tech and can see how insipid such a thing would be from a mile away) should just clear ourselves out these databases and let the ones who think we're making funny jokes about it also get on with being in those databases.

This stuff is a massive waste of political capital that could be used for actual issues like GCHQ's attitude to their remit or attempts to front-door crypto and the like. Joe Average probably takes the nothing to hide view (if they didn't - we do have elections you know) so let them get on with it.

Regardless I heard the EU was supposed to save us from this. lol.