All I know is calling them IS bestows legitimacy on them and should not be used.
Posts by streaky
1745 publicly visible posts • joined 5 Jul 2010
Page:
Twitter probes terror threat: Medieval murder mob ISIS allegedly puts co-founder in crosshairs
FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers
Don't pay for the BBC? Then no Doctor Who for you, I'm afraid
Conditional Access
I have no issue with conditional access. I don't watch broadcast TV, and I'd be happy paying on a case-by-case for the stuff I would want to watch if it stopped sucking and started being good again like it used to be, for example Horizon.
There's a problem, they're not talking about conditional access, they're talking about billing people regardless of them watching broadcast TV; I'll happily go to jail before I pay it.
NO ONE is making money from YouTube, even Google – report
SIM hack scandal biz Gemalto: Everything's fine ... Security industry: No, it's really not
especially if the internal networks where they generate and manage keys are, as they state, isolated from the public internet and they can establish with reasonable certainty that they were not breached
They didn't state this - they said their network is like something to do with onions and that they got into their office network and no further, which is fairly obviously nonsense.
It's a shame so much ire is being directed at the victim of this attack and not the perpetrators.
Whether Gemalto are making themselves an easy target with clumsy PR shouldn't take away from the fact of what really happened here.
The problem is the NSA/GCHQ OP has exposed them for a sham. It's not clumsy PR it's share price first, security second. From a company that sells crypto products to the financial sector, amongst others.
Initially it's GCHQ/NSA's fault we could have been living in ignorance for decades about this; the UK government should be made to pay via a case at the ECJ for financial damage done to the state and costs to rebuild Gemalto with proper procedures in place and the recall/revoke/reissue of all the company's crypto products and keys.
That last part is where this story gets sketchy because that isn't what's going to happen, and investors have displayed fairly shocking ignorance over these events. Share price is higher today than when the revelations first aired in public, which is just frightening. They're basically claiming that they fought off arguably the two most capable offensive hacker orgs on the planet and won and nobody sensible should believe them.
Not even GCHQ and NSA can crack our SIM key database, claims Gemalto
Re: Who to believe?
Huge crypto vendor in total denial about the state of its own security. They clearly proven untrustworthy by word and action. This is actually worse than the DigiNotar attack and the company should be fed to the fishes the same way.
They're in denial about the SIM attack, who could trust any of their other crypto products ever again?
Didn't the Left once want the WORKERS to get all the dosh?
This is because that relegation pressure flows through into a desperate desire to pay however much that rare talent that might keep you up, or promote you, can count up to.
This is nonsense. It costs money to stay in the Premier League it costs more to take a run at the EPL from the lower leagues. For the record nobody is paying whatever a player wants under the top 3 and nobody below that is buying players at any cost. Liverpool did once with a certain player that turned out to be worthless and it wouldn't ever be allowed to happen again.
If you want to take a run at the Champion's League that's a different story because you suddenly *will* meet teams like Barca where no wage or price restraint applies and nobody can compete with them even though they are within the terms of the FFP regs.
Also not for nothing but Labour are centrist, and they took a turn to the right of centrist back there at one point.
Did NSA, GCHQ steal the secret key in YOUR phone SIM? It's LIKELY
Re: Bloody teenager
NSA and GCHQ are doing exactly what I'd expect them to do
Expect or should be doing. You're right in it's what people half expected them to do but it isn't what they should be doing. By rights Gemalto should effectively be out of business (how they're surviving I have no clue) because banks should be deleting their root trust under the assumption all the company's keys are compromised - what they should have been doing was helping Gemalto shore up their defences for the common security and "economic well-being" (see: all the relevant law on this) of the US, UK and the EU as opposed to attacking the very basics of everybody's security.
What they've done here is certainly in the UK illegal in certainly the spirit of the law; if not the letter. GCHQ are supposed to be working to secure us against outside threats not weaken us.
Re: If Apple wants to really piss off the feds
Later Apple, Google and Microsoft can come together on a standard to support encrypted communication between all smartphones, and the NSA can hate Snowden even more for spoiling their illegal games.
Or they could just *start* with a standards process and do it right first time. Cray idea I know.
HTTP/2 spec gets green light: Faster web or needless complexity?
Re: What Kamp?
"proven to be a bad way to introduce state to HTTP"
Cookies shouldn't be used to introduce state, they should be used to reference state - that's not the same thing. Because somebody uses something in a nefarious manner isn't automatic cause for ban - if it's *only* purpose was nefarious activity I'm sure you'd get agreement, but it isn't so you won't from anybody sensible. Until somebody comes up with a better idea than cookies (and they won't because the only reliable alternative is some sort of unique identifier like a cert) they're staying, the end.
Re: i can see myself
It's in the protocol more than the apps. It doesn't take long staring at the output of firebug to see the major speed issue with most sites - optimised or otherwise - is protocol related. Also not for nothing but you'll use it when your HTTPd supports it; the end, no questions. And that will be soon, very soon.
Your hard drives were riddled with NSA spyware for years
Re: but the '...w.dll'
"Wouldn't stop the NSA for long. All they need is a signing key or signing of their own bootloader"
Anybody involved in this would go out of business very quickly - all their trust keys would be revoked and they'd be *extremely* lucky to have anybody ever accept them again.
Virgin Media to splurge BEELLIONS on UK network infrastructure expansion
Proposed US law could deal knockout blow to FBI in overseas cloud privacy ding-dongs
We'll ask GCHQ to DELETE records of 'MILLIONS' of people – Privacy International
Re: Catch-22
which provides for jail time if you decline to hand over when asked your encryption keys
Passwords for my crypto keys don't have "existence independent of the will of" (Saunders v UK) me, they can do what they like; I quite fancy a massive compo award via the ECJ. The can have the keys they can't have the passwords for them. For everything else there's PFS and they can bite me.
So you're bearish on the quantum computer market then.
Yup.
California Uber Alles: Google wants to become the World Privacy Court
Re: Google should run for President
In reality, corporations are not persons of any kind, natural or unnatural. Corporations are collections of legal documents and bank accounts, and that's about it.
And yet legally they are, they have rights, they should have rights. The question is over what rights they should have and what they shouldn't.
Re: Google should run for President
Corporations are unnatural persons the world over. This is why you write laws that specify if for example the right to free speech or the right to be not murdered generally applies to which.
The US' problem is these things were not codified in early and arguably the most important law despite being well known legal issues at the time, so now somebody has to decide which apply to what.
Internet lobs $$$s at dev of crucial GPG tool after he runs short of cash
Re: Rely On
It's fairly easy to argue that 509 is a better model for what PGP is used for in the linux environment - the only difference is the stack and an authority can revoke keys on behalf of people they certify keys for; which actually if you're say debian isn't necessarily a bad thing. If you're signing packages with a key signed signed by the debian project's trust anchor and that key goes awol and the dev themselves are awol debian can revoke the key on behalf of that developer - this isn't actually a bad thing. With PGP packages are signed by a central package key which if compromised in some way (more likely because more people have access) the key for the entire repo needs replacing on everybody's system rather than a revoke->reissue->re-sign process for the affected packages.
Also I wasn't arguing it wouldn't be a major task, I was simply stating that we could probably live without it.
Big Data, empty bellies: How supermarkets tweak prices just for the sake of YOUR LOVE
Re: More neutral language please
Maybe it's me, but I have changed stores permanently after repeated 'not currently in stock' situations
It's not just you my local Asda spends half its time looking like they've just been robbed by an army of "they're not Russian, honest" soldiers, I don't know how they persistently have no products anybody wants, just empty shelves. A few years ago I stopped shopping at the Canary Wharf Waitrose for exactly this problem - to the point I was telling people that if they ever hear Waitrose talking about recession they're just lying; the actual issue was they plainly weren't buying enough stock.
This stuff really pisses me off. Occasionally it's fine, but when it happens every week with the same items you're doing something fundamentally wrong, why are your systems not figuring out this is happening. No Big Data™ needed to solve this one.
Google, Amazon 'n' pals fork out for AdBlock Plus 'unblock' – report
Re: Begun the Ad Wars have
especially for browsers with curated extension stores
Not really, Moz isn't in the business of selling Ads, and AFAIK has no plans to - any browsers that do the conflict of interest is blatant though.
Re: privoxy and friends: we're moving to a world with much crypto, if it isn't in the browser the best-case scenario is it breaks things. Not ideal. Key is using browsers not made by people who sell ads, even if that's a fork of a browser by a company that does.
Snapchat jihadist-fearing peers return with LAST GASP Snoopers' Charter demand
What do China, FBI and UK have in common? All three want backdoors in Western technology
Re: Communication equipment
we can't make a secure system which can only be snooped by the "good guys."
Of course you can. If one starts from the premise that the "good guys" really are thus: a 3 year old could write a back door (or rather a front door) that has strong auth that can do this.
It's not a question if that's secure, it's a question of if them screwing around with RNGs, crypto suites and doing the insecure back-doors is a good idea; and if anything of it is ethical and if there's any point at all when in a few years everything flowing across it is going to be encrypted strongly.
Windows 10 heralds the Minecraft-isation of Microsoft
Re: " an operating system that crosses the streams ......"
Java really does suck though.
Post-modem Ericsson wobbles thanks to flat sales and falling profits
Shamefully..
They still can't be turfed out the standards process.
HMRC fails to plan for £10.4bn contract exit... because it's 'too risky'
it's definitely not the case at HMRC
Hence the discussion. Government are doing it wrong, hold the presses.
No kidding though why isn't a cost-overrun the supplier's problem to eat? Go to your shareholders, tell them what you burned and enjoy the replacement CEO.
Or put a better way: don't make bullshit bids for projects. I'm serious - why do governments do such a shitty job in contract negotiation? If they can't guarantee the cost then they know full well they're lying about it and they shouldn't get it anyway. If they can't produce deliverables passing acceptance tests why do they get paid a penny and why are they allowed to bid on other projects?
This is fairly basic stuff and it really pisses me off that government haven't learned stuff everybody else knew in the 1970's.
Switch it off and on again: How peers failed to sneak Snoopers' Charter into terror bill
Sly peers attempt to thrust hated Snoopers' Charter into counter-terror and security bill
Re: The Hilarity..
Commenting on my own post here.
Me or you would go to jail for this shit.
Because it looks like a prima facie case of GBH. http://en.wikipedia.org/wiki/Grievous_bodily_harm#Specific_intent - actually it sounds like religiously aggravated GBH which is up to 7 years in jail so...
The Hilarity..
.. is this junk isn't what Cameron and May are saying the security services need to "do their job" and save the children from ASBO-wielding nutjobs (yeah seriously - ASBOs) who can apparently piss off to Syria and come back when they like (so what's the point again?).
Seems to me that the security services always know full well who these people are whenever something happens but simultaneously refuse to crawl up inside every available orifice of the same people - they're far more interested in what you're doing on facebook.
the incident culminated in an attack on two members of the public who were beaten to the floor, punched, kicked and struck with wooden placards
Me or you would go to jail for this shit.
How can we have got our system so wrong? Is it just the boomers after more tory rape-the-country-finances pork that let these clowns slip in or what?
Landlines: The tech that just won't die
Metaphor
Having to pay for it is a little like a garage selling you a Ferrari, and then charging you extra to be able to drive it at more than 50 miles an hour
No it's like having a 1980's Skoda that you can't buy only lease that was paid for by the taxpayer anyway and costs them close-to-zero to maintain and they put no effort into improving the roads and them charging you an lease on the car stereo that you can't not have at 15 quid/month.
This stuff actually gets worse if you're a Hyperoptic customer or certainly what VM used to do, not sure if they still do - you have to actually pay more if you don't take a phone package. Now I love Hyperoptic but that policy is idiotic - the only way they can get away with it is because BT massively distorting the market; you're still better off and your ISP is a million times better anyway so you have to bend over and take it.
YouTube: Nobody needs to get hurt Zoe, just sign the Ts&Cs
"Anyone starting up a new video service?" she asked.
No because you all go to Youtube anyways so it isn't worth our time. QQ, tough shit.
There's no alternatives when all the drivers of all the traffic cling to Google or Facebook or whatever else for dear life. Gotta dance with the one that brung you I'm afraid.
Hola HoloLens: Reg man gets face time with Microsoft's holographic headset
Re: Truely holographic?
It's not a hologram in that way (well it isn't at all). Arguably it's more realistic in it's attainability - but the effect from the viewer perspective should be the same (arguably better, to look like an actual thing rather than a weird-ass projection). Enough people have said it really is what they're advertising for me to believe it, if you look at the technical specs it does look sound.
Obama makes net neutrality pledge in State of the Union
Re: Obama never met a lie he didn't like.
I don't think you understand basic economics. Also protip: you're not rich on the scale of things and never will be so chill out? Obama is probably the best thing to ever happen to the US and it's been squandered by people pandering to billionaires who keep their money in the Caymans anyway.
He's a terrible political operator but he's got his head screwed on.
Give ALL the EU access to Netflix, says Vince Cable
Just WHY is the FBI so sure North Korea hacked Sony? NSA: *BLUSH*
Re: @Jimmy: Would have been more impressive (and believable) @fruitoftheloon
Or where it might by comparison be silly to say anything about the NSA having compromised the DPRK's network?
I'm positive that North Korea are aware that security services from various countries are in their systems and that passing on relevant information would have made zero difference to the NSA's capabilities.
Evidence?
The argument is the NSA in NK's gear. Well no kidding that's what they're supposed to do. Then <conjecture> therefore it must therefore be NK. The article actually contradicts itself:
The N.S.A.’s success in getting into North Korea’s systems in recent years should have allowed the agency to see
Yeah, no shit, one would think that, wouldn't one?
Don't get me wrong I can't imagine how or why it could have been anybody but North Korea but I've still not seen any evidence it actually was.
Snowden doc leak 'confirms' China stole F-35 data
Re: This is probably very bad..
"Crash from being harassed by opponent fighter jets?"
Goes the propaganda. If either of the claimed "it was somebody else" theories were correct we can be sure of some things:
* The Soviets would have shouted it from the rooftops
* The project wouldn't have been cancelled as infeasible
Chinese competition to the F-35? Heh. In the same way as the T-50 is supposed to be (popularly) competitive with the F-22 but patently isn't, I assume?
Some people need to find a grip. It's pencils in space and graphite in your sensitive safety-critical electronic systems all over again...
Re: This is probably very bad..
They can steal all the designs they like it doesn't give them the technical capability to actually build one or counter it.
The F35 is an inherently (designed) unstable aircraft, if they made a carbon copy it'd just do a Tu-144 at the Paris Air Show type deal.