Posts by streaky

All I know is calling them IS bestows legitimacy on them and should not be used.

Re: No-one at all? But I thought...

That people were making gazillions of pounds posting videos of themselves playing and commenting on computer games, and posting shit videos of ugly cats and stuff???

I've seen enough filings to companies house to know people are, don't worry about that.

especially if the internal networks where they generate and manage keys are, as they state, isolated from the public internet and they can establish with reasonable certainty that they were not breached

They didn't state this - they said their network is like something to do with onions and that they got into their office network and no further, which is fairly obviously nonsense.

Re: Bloody teenager

NSA and GCHQ are doing exactly what I'd expect them to do

Expect or should be doing. You're right in it's what people half expected them to do but it isn't what they should be doing. By rights Gemalto should effectively be out of business (how they're surviving I have no clue) because banks should be deleting their root trust under the assumption all the company's keys are compromised - what they should have been doing was helping Gemalto shore up their defences for the common security and "economic well-being" (see: all the relevant law on this) of the US, UK and the EU as opposed to attacking the very basics of everybody's security.

What they've done here is certainly in the UK illegal in certainly the spirit of the law; if not the letter. GCHQ are supposed to be working to secure us against outside threats not weaken us.

Re: What Kamp?

"proven to be a bad way to introduce state to HTTP"

Cookies shouldn't be used to introduce state, they should be used to reference state - that's not the same thing. Because somebody uses something in a nefarious manner isn't automatic cause for ban - if it's *only* purpose was nefarious activity I'm sure you'd get agreement, but it isn't so you won't from anybody sensible. Until somebody comes up with a better idea than cookies (and they won't because the only reliable alternative is some sort of unique identifier like a cert) they're staying, the end.

Re: but the '...w.dll'

"Wouldn't stop the NSA for long. All they need is a signing key or signing of their own bootloader"

Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again.

Re: Spell Checker

You're supposed to use Tips and corrections else some reg hack will come along and shout at you for mouthing off in the comments - true story ;)

Re: Catch-22

which provides for jail time if you decline to hand over when asked your encryption keys

Passwords for my crypto keys don't have "existence independent of the will of" (Saunders v UK) me, they can do what they like; I quite fancy a massive compo award via the ECJ. The can have the keys they can't have the passwords for them. For everything else there's PFS and they can bite me.

So you're bearish on the quantum computer market then.

Yup.

Re: Google should run for President

In reality, corporations are not persons of any kind, natural or unnatural. Corporations are collections of legal documents and bank accounts, and that's about it.

And yet legally they are, they have rights, they should have rights. The question is over what rights they should have and what they shouldn't.

Re: Rely On

It's fairly easy to argue that 509 is a better model for what PGP is used for in the linux environment - the only difference is the stack and an authority can revoke keys on behalf of people they certify keys for; which actually if you're say debian isn't necessarily a bad thing. If you're signing packages with a key signed signed by the debian project's trust anchor and that key goes awol and the dev themselves are awol debian can revoke the key on behalf of that developer - this isn't actually a bad thing. With PGP packages are signed by a central package key which if compromised in some way (more likely because more people have access) the key for the entire repo needs replacing on everybody's system rather than a revoke->reissue->re-sign process for the affected packages.

Also I wasn't arguing it wouldn't be a major task, I was simply stating that we could probably live without it.

Re: More neutral language please

Maybe it's me, but I have changed stores permanently after repeated 'not currently in stock' situations

It's not just you my local Asda spends half its time looking like they've just been robbed by an army of "they're not Russian, honest" soldiers, I don't know how they persistently have no products anybody wants, just empty shelves. A few years ago I stopped shopping at the Canary Wharf Waitrose for exactly this problem - to the point I was telling people that if they ever hear Waitrose talking about recession they're just lying; the actual issue was they plainly weren't buying enough stock.

This stuff really pisses me off. Occasionally it's fine, but when it happens every week with the same items you're doing something fundamentally wrong, why are your systems not figuring out this is happening. No Big Data™ needed to solve this one.

Re: Begun the Ad Wars have

especially for browsers with curated extension stores

Not really, Moz isn't in the business of selling Ads, and AFAIK has no plans to - any browsers that do the conflict of interest is blatant though.

Re: privoxy and friends: we're moving to a world with much crypto, if it isn't in the browser the best-case scenario is it breaks things. Not ideal. Key is using browsers not made by people who sell ads, even if that's a fork of a browser by a company that does.

Re: Confused

Hahahaha, you think Labour would be any less authoritarian if elected?

I don't recall saying that?

Re: I wonder what they really want

They're scared of everybody, and the way they're going they're going to end up in a position where they should be scared of everybody.

Re: Uh, yeah ....

+1 300 re-releases of Halo for the fan boys with no clue. Pretty sure writer is talking about the tech rather than the games though....

Re: Shamefully..

Is your claim that that's the only purpose of the business

Only purpose? No. The history of the company is sketchy enough that they easily could have been literally rather than y'know, figuratively. ITT/Wallenbergs et al.

it's definitely not the case at HMRC

Hence the discussion. Government are doing it wrong, hold the presses.

No kidding though why isn't a cost-overrun the supplier's problem to eat? Go to your shareholders, tell them what you burned and enjoy the replacement CEO.

Or put a better way: don't make bullshit bids for projects. I'm serious - why do governments do such a shitty job in contract negotiation? If they can't guarantee the cost then they know full well they're lying about it and they shouldn't get it anyway. If they can't produce deliverables passing acceptance tests why do they get paid a penny and why are they allowed to bid on other projects?

This is fairly basic stuff and it really pisses me off that government haven't learned stuff everybody else knew in the 1970's.

Re: Organising the Techies

TOR is overkill for the actual problem. Not only that but the network clearly doesn't have the bandwidth to cope with that even if it was the solution to the problem.

HTTP2 is a start, a big start. Getting everybody's SSL config up to scratch is good too.

Re: The Hilarity..

Commenting on my own post here.

Me or you would go to jail for this shit.

Because it looks like a prima facie case of GBH. http://en.wikipedia.org/wiki/Grievous_bodily_harm#Specific_intent - actually it sounds like religiously aggravated GBH which is up to 7 years in jail so...

All Microsoft have to do is have the option to be able to give the thing some power while you're using it at your desk and some battery power to last all the times when you're not. If they do that (and it functions like claimed) they're gold regardless of all the other noise.

Re: Obama never met a lie he didn't like.

I don't think you understand basic economics. Also protip: you're not rich on the scale of things and never will be so chill out? Obama is probably the best thing to ever happen to the US and it's been squandered by people pandering to billionaires who keep their money in the Caymans anyway.

He's a terrible political operator but he's got his head screwed on.

Re: iPlayer

I know a few born/bred/current brits who don't watch TV and therefore don't have a TV license who would gladly do same for access to the content they want to watch and not paying for drivel like EastEnders and strictly. I'm one of them.

Re: @Jimmy: Would have been more impressive (and believable) @fruitoftheloon

Or where it might by comparison be silly to say anything about the NSA having compromised the DPRK's network?

I'm positive that North Korea are aware that security services from various countries are in their systems and that passing on relevant information would have made zero difference to the NSA's capabilities.

Re: This is probably very bad..

"Crash from being harassed by opponent fighter jets?"

Goes the propaganda. If either of the claimed "it was somebody else" theories were correct we can be sure of some things:

* The Soviets would have shouted it from the rooftops

* The project wouldn't have been cancelled as infeasible

Chinese competition to the F-35? Heh. In the same way as the T-50 is supposed to be (popularly) competitive with the F-22 but patently isn't, I assume?

Some people need to find a grip. It's pencils in space and graphite in your sensitive safety-critical electronic systems all over again...