Posts by streaky 1745 publicly visible posts • joined 5 Jul 2010
The problem isn't SMTP, the problem is the PGP implementations are clunky. How can one prove this? Mime crypto works seamlessly over SMTP if you trust the CAs not to start putting out bullshit certs to actors. As per the article it again depends on your foe but the point is the protocol isn't really the problem.
"It's not OK to agilely develop the benefits system and see if it works or not and potentially have people unable to pay to eat, clothe themselves and keep a roof over their head."
By your own definition such a system *would* be safety critical. The problem isn't the development methodology the problem is decision to deploy and the testing methodology. That and the fact that government contractors much like MPs can't - generally - tell their arse from their elbow.
"The standard is worthless and meaningless, as long as the companies are allowed to simply purchase insurance to cover their negligence and eventual breaches."
The cost of the insurance is weighed against the threat of breach. Assuming the insurers know the status of their security (and they'd be mad not to) that's the insurers and their underwriters problem, nobody else's.
IPv4 address tax was what I suggested many a time. Triple benefit: raise money for treasury, push adoption and punish hoarders.
Nobody listens to me though..
End of the day there's no IPv4 space left in the real world, and I mean *none* not very little, if business doesn't get on board their ability to function will cease fairly soon.
"If the major browsers do this, I will be ditching them all"
A non-inconsequential number of the browsers listed are open source so they can do what the hell they like. Debian won't have a censoring browser in their distro I wouldn't imagine so they'll carry on maintaining their fork. I don't trust the lists that come out and neither should anybody else; nobody stumbles upon child porn accidentally so the technology doesn't need to exist, the end. Frankly in Firefox's case it probably wouldn't even need a fork - an extension would probably be capable of destroying the list.
The reality is this technology will be abused by you know who in the courts because once you have it you have to use it to "do good" without actually proving that you're doing good or ever seeing a jury that can be nullified.
Not for nothing but the whole project is an absurd waste of taxpayer funds - even if it works on a technical level we're not the world police and foreign courts will laugh at us. Wish Cameron would get some degree of clue before he starts on his nonsense adventures.
Suggestion was an RNG was involved in picking the winner - sounds like a game to me. 500 sided die, I wouldn't want to be HMRC trying to prove otherwise. The only tax issue is if you die and you leave it to your kids, it's a fair distance over the IHT threshold.
That said I wouldn't fancy taking that sort of cash over bitcoin because a) where the hell would you exchange such volume and b) the NSA/GCHQ will be all up in your grill. Frankly your bank might freak out due to money laundering regs even if there was a legit balance transfer. Not that they could stop it but they'd totally freak out, possibly involve SIS :p
"Which advances things how?"
It doesn't advance things, it doesn't walk them back either.
By your argument Ronnie Biggs would have never served any time. You don't fuck off somewhere for 3 years and have charges dropped. Right or wrong it isn't a *legal* argument unless you also believe in unicorns.
If he'd not shown up at a friendly embassy he could have been tried, convicted and been released by now - instead the entire process hasn't started and there's *one* person on the entire planet to blame for that.
And not for nothing but if the Yanks wanted him they'd ask us to extradite him given it's about 100x easier from the UK than Sweden.
"There are clients which support TLS but not SNI"
Whilst this is strictly true, the reality is SSLv3 being broken removed all the remaining browsers/stacks (anything on windows xp) that don't support SNI from the equation, therefore no problem. Anything that doesn't support it is out of support (again, anything on XP) with a seriously compromised stack.
Per wikipedia SNI support:
Internet Explorer 7 or later, on Windows Vista or higher. No support for any Internet Explorer version on Windows XP because SNI depends on the SChannel system component shipped with Windows Vista.Mozilla Firefox 2.0 or later
Opera 8.0 (2005) or later (the TLS 1.1 protocol must be enabled)
Opera Mobile at least version 10.1 beta on Android
Google Chrome (Vista or higher. XP on Chrome 6 or newer. OS X 10.5.7 or higher on Chrome 5.0.342.1 or newer)
Safari 3.0 or later (Mac OS X 10.5.6 or higher and Windows Vista or higher)
Konqueror/KDE 4.7 or later
MobileSafari in Apple iOS 4.0 or later
Android default browser on Honeycomb (v3.x) or newer
BlackBerry 10 and BlackBerry Tablet OS default browser
Windows Phone 7 or later
MicroB on Maemo
Odyssey on MorphOS
Even if you're on XP (for reasons passing understanding) third party browsers will generally cover you via NSS.
"Except that none of those countries is seeking to make their domestic warrants apply world wide"
The UK does, I'm sure many of the others do too - I just can't be bothered to read their laws.
And also you're confusing a public process of law creation followed by courts (even where secret - and where the laws are totally nonsense) with the FSB up in your grill and asking where your licence to talk about things like this and/or revoking it.
Don't get me wrong the stuff GCHQ and NSA are doing is utterly nonsense the difference is we know about precisely what they're doing. The good news is everything we're doing to shut the numpty security services in our own countries out is also making us more secure against the Russian, Chinese and other alphabets - which is what the NSA and GCHQ *should* be looking at helping with rather than cat pictures we're sharing on facebook and the like that they're actually doing.
"nowhere else in the world has the same profit-threatening, global-reach warrantry system. Anywhere but the US would suit their requirements"
Also Canada, UK, Australia, New Zealand. And oh god don't forget China. And Russia is about 14 times worse. I'd probably stay out of basically all the Middle East too because the operating environment borders on the silly.
Oh and then you need a certain standard of developer and the ability to attract them to whatever country you operate in so you can wipe India, Pakistan and Eastern Europe off the list. Can't go to South America because your business might become state owned at basically any second. Then if you're Microsoft and you do find a suitable country - your business if probably worth more than the country's entire GDP - what happens if you have do to a recall or end on the wrong side of a lawsuit and need a loan without too much noise?
Oh and you're still going to need to repatriate funds from the USA so you're going to need a bank there that can be frozen, and hey conferences and layovers on your way to Barbados for your jollies and now you're subject to arrest for wire fraud and whatever else the US govt decides to use against you in it's pool of "stuff we can use to arrest people when we don't like them".
Pretending you don't have business interests in the USA isn't the same as not having them - the ultimate truth might well be "the cloud" isn't suitable for certain people (see: criminals and people likely to be accused of criminality - valid accusations or otherwise, businesses with trade secrets and states) to use because it's likely unprotectable.
It also might well be that it isn't ethical to provide such services. Cloud storage should be ultimately encrypted with the end user's keys that never leave the end-users possession so there's no access in the first place to a customer's data then in principle you can't be ordered to turn over data you have no access to - there's a double security benefit here which is if you're say apple and you have a security compromise or the user's account is compromised whoever does it still won't have crypto keys for the files so no nuddy pictures of d-listers splashed all over the internet. Come to think of it why doesn't iCloud work like that?
Cloud based hosting/servers is an entirely different problem - which speaking as somebody who has a fledgling stealth mode cloud host - is a really serious problem to resolve.
Well, the US doesn't control the DNS system. It doesn't even really control the root nameservers.
It does control the IP space though - directly and indirectly through the US-owned carriers that truck most of the internet's bandwidth. If the US made a decision about IP space there wouldn't be a damned thing anybody could do about it.
If they'd found in favour it'd have probably increased the noise regarding the ITU's (and thereby Russia/China's) control of the internet - and *that* is where it gets dangerous.
"tax them so we can all benefit rather than suffer imposed crapness"
Cool, or they could get pounded into the sand. I hope they get pounded into the sand.
Google puts up active roadblocks to innovation much worse than the ones Microsoft was found guilty of some years back.
For example, they use certs to lock people out of their protocols for the sake of stifling competition. Case in point - the cast v2 protocol requires Google CA signed keys to verify that a device is made by Google so you can't be a first screen device (e.g. a TV) without those keys which you can't possibly get hold of - but as a client you can just send requests to a chromecast without authenticating and it'll just do what you ask thereby proving it isn't security related; again the entire point of those certs is to lock down the entire google/android/chrome ecosystem from competition and innovation now they've pulled millions of google device users into it. It's a pretty horrific bait & switch and they should be forced to have their protocols opened up (in the sense that they're usable by third parties) or be made to pay very massive fines and forced anyway.
Nobody should be allowed to get away with that level of nonsense - Microsoft weren't, if Google are then I'm going to assume very bad things took place and go from there.
"while sysadmins may have run in the necessary patches, they haven't gotten around to revoking the PKI certificates their sites had before the bug was discovered"
Suspect it's actually a concious decision to not replace certs. There was a realistic attack window, there was a paranoid attack window and in between there was statistical reality.
"you can probably do most measurements using 200£ worth of off the shelf phone hardware with a couple of extra cameras"
You're going to need a high frame rate camera for one so not really.
In a way you're right though - the major accident-related issues on the track in recent years are cracks that aren't obvious on visual inspection and in one incident I believe the problem was what we former engineers call a non-metallic inclusion, which is code for "oops we didn't make it right".
If they can fit the train with high speed x-ray cameras and get it doing it's thing it could be a whole different world of useful. Machine vision of cracks on x-rays should be reasonably simple compared to the other stuff the train is doing. The tracks on the high speed lines in this country are work hardening so they have to be replaced over time - if we can decide what to replace based on evidence (by being able to actually see inside that rails) as opposed to on a schedule we can save money *and* make the lines safer at the same time.
By default you can't change the DNS servers that the Virgin 'Super' hub uses, you need to put it into modem mode and run your own router to change DNS
Why would you ever need to do that? Change it on the device. The fact that somebody changed DNS to get round the problem proves it isn't an issue when there is no problem. Ergo their babysitting service is worthless (at best).
Blocking inbound FTP/HTTP/RDP isn't going to reduce any sort of level of traffic, beyond a few attempts at the first step of the three way handshake. That doesn't even register. Most people's routers will do exactly the same thing anyways.
Not entirely sure what your argument is here.
"By using a different DNS service, I was able to work around the problem."
Surely you're not suggesting that their filters can be completely bypassed by the thing that any 6 year old can do - use different resolvers.
Sounds wildly pointless and you shouldn't let virgin babysit your kids for you.
I pay attention.
Every time one of these guys speaks I increase key sizes and trim older ciphers and hash algos and increase the number of rounds of sha-512 on our one-way stuff (passwords and the like).
Still taking David? 4096 bit. Still talking? 8192 bit. Still talking? New GCHQ boss steps in. That'll be 16384 bit. Did you stop yet?
I'm happy to keep throwing CPU time at this problem until the clowns say, y'know, we were wrong and - sorry.
I think you guys missed my point slightly - if you're expecting a nice easy role with plenty of key demographic fan service which apple fanboys will love filled with plenty of red meat and it turns out to be something else you might have second thoughts. I'm only speculating here but I can imagine why - it might be scheduling or something, only Bale knows at this point the answer.
"So... you're saying Jobs was a 'baddie'. Actors enjoy playing baddies, don't they?"
I'm not saying Jobs is anything, given his reputation I can't imagine how you could write Jobs as anything as a psychopath with a serious personality complex and possibly a messiah complex. There's a difference between playing a lovable baddie and.. modern day board room Hitler.
If I was an actor and wasn't aware of his history a stark look at it might give people cause for concern. Not that I have any reason to suspect Sorkin would write it like that, but knowing his work I wouldn't discount it.
My apple fan boy housemate and I do agree on one thing about this role though - it's an extremely difficult role to cast.
"For a look at Sorkin on a recent angry childish rant, take a look at "Studio 60" on YouTube"
You argument only works if people subscribe to your world view. I was involved in the effort to keep Studio 60 on air so lets assume I don't see it like you? Also Studio 60 was totally not recent. NBC thought they could fill their air with reality TV, and now nobody would work with them either way. But we might have been wrong, or not.
At BFI which is one of the few legit IMAX cinemas (where the European premier was held last week) in the UK it'll be about 20 quid I'd think (rough usual price) - *and* worth every damn penny.
@intrigid, yes ^ - and also there's one in Manchester I believe but the BFI one is a nicer cinema :)
Yeah I actually changed my mind about this having read some more - their old kit is 140TFLOPS sooo.. In which case that's actually some serious business and everybody looks less silly.
Be nice if they could put out an accurate press release though given everybody is saying 16TFLOPS which is majorly different.
Still looks expensive compared to Tianhe-2 though :)
My boss' words on the subject were "they can have my PC for a million if they want"
Whilst it's not only about the flops it does seem like they're overpaying by about £96 million to avoid a £500k software problem at face value.
But it's only taxpayer money so I'm sure it's fine.
Put it this way - for just over twice the price you can buy the world's most powerful supercomputer (Tianhe-2) at 55 PFLOPS (theoretical peak) before the downvotes start.
"Before you say your ISP offers unlimited - it usually ain't if you want to use it full throttle."
Happily pound mine at the gige up/down I pay for - the issue isn't governments it's customers who accept bad service and/or live in the middle of nowhere. Generally the issue is services from *really bad* private ISPs some of which the government throws money at and nobody knows where it goes (anywhere but on providing better services - yacht funds/index-linked pensions I guess) (company will remain nameless because we all know full-well who it is).
The problem isn't the tax system, it's that these international corporations are allowed to get away with massive misreporting of revenues, sales, profits and costs which leads to them not paying any tax. Cart/horse and whatnot. It's accounting law to blame to explicitly tax law, the accounting voodoo allows them not to pay tax.
The worst part of all this is if any companies are able to accurate identify where the money comes from and where it goes it's the mostly-online ones like google and facebook - they know where their advertising customers are from and they know the location of the users they're targeting (at an individual level, not just by sampling) so they should be held to a higher standard when they're filing accounts; not a lower one.
"in the absence of any evidence to the contrary"
You'd have to completely not understand the medium *and* have been living under a rock for the last two years *and* be extraordinarily naive to reach that conclusion. They're hoovering up enough data for the whole argument to be nonsense.
Lets be clear here, of all the things that have been said about Snowden - nobody has ever said he's a liar or has fabricated anything.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
