Posts by dan1980

Yes, it can be overcome with a VPN. But does the average person know how? Even if they did, when they realise they have to turn it off to get their Netflix streaming to work or after the first time they see download or browsing speeds slow down, how long do you think it will be before they just stop bothering?

Yes, those interesting in conducting 'serious crime' via the Internet can easily work around this and it will be prudent for them to do so.

In that regard, you can say that the money is wasted as it won't help much with the stated purpose. But then one would have to believe that the stated purpose is actually the intended purpose.

That's why they can't admit that it won't work or would be easy to circumvent.

Remember that this data will be accessible to a far broader range of people than just law enforcement, including (but not limited to) the RTA, local councils, ATO and so forth so it really is as much - if not more - for monitoring normal citizens as it is for tracking and catching 'serious criminals'.

Actually, I think the reason they are not providing real specifics is because they want to capture full browsing histories but don't want to come out and say that.

They know, however, that there's really no way for the ISPs to give the government what they are asking for without also providing these histories. Thus, the AG's department just has to wait for ISPs to do implement their systems and then sit back and relax with a big grin and one of the cigars Joe Hockey left behind.

Re: No shit

Well, not really. Things might works until their broken but something that is insecure is always insecure - it's just a matter of whether it is known to be insecure.

Re: Good example to show to management

I agree, it's a good article but the missing caveat is, of course, that this equation can vary hugely depending on your location. Here in Australia, our dollar is toast right now and even when it isn't, servers are VASTLY more expensive that they are in North America.

Now, I realise Trevor is dealing with Supermicros here, but for ease of comparison I look at Dell.

An R730 spec'ed with an E5-2630L (a 55W, 8c part) and 128 GB of RAM is ~$4400 USD. In Australia? $8,600 AUD. That's with the cheapest HDD option (1 x 300GB SATA) to avoid blow-outs as the options on the Dell AU site are ridiculous.

Re: responsibilities

@Terje

I never claimed it was a perfect analogy and that, as it is a grey area, the responsibility (and therefore the potential liability) isn't always clear-cut.

The problem with the counter-scenario you put forward is that the website is not 'offering' the potentially dangerous content (ice-cream) to the visitors; it is offering some wanted content and then more-or-less forcing the visitor to be exposed to some other, unregulated, potentially-dangerous content.

As I said, it's not a perfect analogy and I used it only to explain how determining responsibility is very dependent on the specifics of the situation.

It matters not one whit that the content on the site is free to consume - the site can still be liable. To pull another (imperfect) analogy out, consider a marquee setup in some public place - a mall or thoroughfare perhaps. On the outside are signs directing people inside where they will receive free tax advice. Once inside, you find that there are television screens all around displaying explicit ads for porn sites.

Upon complaint by people who walked in and were offended - perhaps with their children - do you really think it would be an acceptable defence for the stall owners to say that they don't decide on the advertising content and leave it up to some third-party?

I apologise for the continued analogies but the simple truth is that these things have precedent in the 'real' world and the idea of holding a company responsible in situations like this is far from unusual.

The standard legal protection is to put a in disclaimer - the way video games do with warnings that the "experience may change during online play". If you gave out a free DVD advertised as having childrens' cartoons on it and then, half-way through, an advertisement for an R-rated movie - complete with 'violence', 'nudity', 'coarse language' and, of course, 'adult themes' came on, you would be right to complain. Unless, that is, the DVD was clearly marked that it may contain adult content, in which case you bloody well wouldn't pop it in the player for your 6 year old.

Likewise, if sites like this are going to rent UNREGULATED space on their pages for ads that may contain malware then they should be required to have a disclaimed displayed before you get into the site that clearly states that it contains unregulated content that may include malware served as advertisements.

The expectation is that, if you go to the Forbes site, the content on that site will be controlled and regulated by Forbes. It isn't bloody 4chan, after all.

Re: responsibilities

@Terje

Well, yes, but that's not exactly the point. There will always be people doing the wrong thing and yes, ultimate blame lies with them, but that doesn't absolve everyone else.

The question is whether a website is responsible for the ads shown through its page. I believe that, by and large, they should be.

Depending on how you compare the situation to other, more every-day scenarios, it can be a bit of a grey area. Take a restaurant found to be serving food that makes their customers ill. If it's in the handling and storing and preparation of the food then the case is clear - it's the restaurant's fault. But what if the cause was bad produce from the supplier?

That's less clear but it is still reasonable to expect the restaurant to do its best to ensure that the produce they are purchasing is coming from a reputable supplier and is fresh and of good quality. In some instances it may be very difficult to tell is some particular piece of produce is 'bad' and I would be reluctant to assign blame to the restaurant in that case, though I would be surprised if they didn't apologise profusely and offer complimentary meals to all those affected - that's just good sense.

HOWEVER, what has happened in the case of these malware-laden ads is not quite the same. To translate what has happened back into the restaurant analogy, it would be as though the restaurant just accepted whatever rocked up on their back steps, without question or inspection and dumped it on a plate. That's not a reasonable level of care - it's an utter abdication of responsibility.

And, while the ads are not the content that site visitors are looking for, it is something essential forced upon the BY THE SITE. With that in mind - that the content is not something user is searching for but is pushed onto them by the site, alongside the content, that clearly puts a responsibility on the site to ensure that what they are forcing upon their visitors is safe.

Re: responsibilities

@graeme leggett

The website owner - i.e. Forbes & Realtor in this case.

Why? Try translating it to television.

Let's say you are watching a program with your kids on a Sunday morning and an ad comes on full of naked, sweary humans advertising alcohol*. Who would you blame?

You might say that TV stations book and vet their ads in-house but that's almost proving the point - TV stations have to review and vet advertising because they are responsible for what they show. They can't just throw up their hands and say: "we just provide ad space and a third-party sells that space to the highest bidder."

That's just not going to fly and so it shouldn't here.

If the ads on your site aren't being verified and vetted then you should find a different provider of ads - one that does ensure that only legitimate, virus-free ads are shown.

* - For this exercise, let's ignore music videos . . .

Re: I am so glad

I'd have to say that, except for the Linux part, that about sums up my online, 'connected' presence too. (Actually, I have a Linux desktop - and server - too but mostly stick with my Win box for day-to-day tasks.)

But even though I don't use these devices and services, I don't think you should have to avoid them just to be safe. As it happens, one of the reasons I don't have a smart phone is that I don't want all those vulnerabilities and all that invasion of privacy. It would be massively handy to be able to easily access the Internet on the go - whether that's using maps when travelling or looking up when the next bus is or booking a restaurant when you're out or just finding some contact details for a shop. But I have resisted the lure of that convenience and utility because I am not comfortable with the way the technology and is implemented.

When I eventually do make the jump, I will do my best to lock everything down as much as I can but for the everyday person, you shouldn't have hack your own device - voiding the warranty in the process - and disable every useful feature just to make it safe.

Re: "Reasonable"

@Jack of Shadows

Sure - Wyndham's lawyers will bring in well-paid technical experts to argue that everything is, and was, reasonably protected and 'standard industry practices' were followed.

But even without delving too deep into the technical details that will be argued, there are simple non-technical facts that are incriminating enough.

Take the claims that the hotel "didn't inform its hotel network about the attacks" and "didn't check what operating systems its subsidiaries were using". Those are either facts or not. If those assertions are true then that, clearly, is negligence. You don't need a technical expert to dissect that: a security breach had occurred and the head office did not inform the branches.

Take that outside the realm of IT and it's straight-forward.

Does the average person really think it is an unreasonable imposition on a hotel chain to require them to inform their branches that there has been a security breach and that they may be vulnerable as well?

Re: "soy protein, carbohydrates, and other nutrient-rich ingredients"

@Pascal

It's unclear whether you are talking about biological evolution or social evolution.

In terms of biology, humans have been 'humans' for at least tens of thousands of years and very probably around 200,000 years. It is thought that control of fire was achieved prior to this evolutionary milestone and there is indeed a theory that cooking food resulted in better nutrition which in turn assisted in brain development.

But, biologically, the fact that it was COOKED is not really relevant - simply that better nutrition was available. In that sense, it matters not one whit whether you have consumed that nutrition after lovingly preparing a sumptuous meal or after chugging a bottle of goop; if the nutrition is there then your body doesn't care how it came about.

Fire and cooking was also important socially, however and contributed to that side of our evolution. Specifically, it allowed more time for other pursuits as night was no longer a barrier.

On that measure, however, the far greater development was agriculture, which finally allowed humans to manage their food sources better and to produce surpluses. This in turn allowed people to specialise and enabled trade and so on.

So, when it comes to social evolution, allowing people to satisfy their nutritional needs without having to spend time gathering and producing and preparing it is what is important - you are freeing people from that burden so they can spend their time on other pursuits.

Of course, for many people that just means more time to watch TV or people working themselves to the bone, skipping lunch breaks, and so on but the point is that from an evolutionary standpoint, the important developments are available nutrition and available time, both of which this product satisfies.

But anyway, it's not necessarily logical to say that something that prompted or produced an evolutionary change towards modern humans in the past is necessarily going to be a good thing now or in the future.

Take the climate change that resulted in deforestation and pressed our ape-like ancestors 'come down from the trees' and to slowly adapt to a lifestyle on the plains, including developing a more upright posture, which freed their hands and so allowed for the development of tools.

Does that mean that deforestation is a good thing now?

@Cari

"Unfortunately, for the impatient types that want the imbalance "corrected" Right Now, addressing the real cause would take too long."

And this is the case with nearly any real or perceived issue that governments put their noses into. They are stuck in the mentality of election cycles and partisanship and very, very few have any real interest in fixing anything. (And those that do tend not to advance to positions where they can affect any change.)

In this instance, I believe the 'problem'* is a self-perpetuating one and thus one that will only get fixed gradually. It's also quite possible that it is related to sexism but I contend that it is not related to sexism today - at least not in a major way.

While I think it is perfectly possible that innate differences in gender contribute at least part of this, I suspect that it is a hangover from earlier times when women just didn't go into these fields and were not generally considered as good as the men.

The next generation of girls were raised by mothers who didn't have any real background in 'STEM' and as they were growing up, there were very few female role models in those areas. As it was more acceptable for this generation to be educated similarly to males and work in whatever fields they wanted, more did end up in these areas. Their children would be a bit more likely and so on.

In other words, the environment in which girls are raised and the visibility - or not - of women in these areas is a contributing factor to how interested they will be in STEM.

In that sense, I can see some benefit in artificially trying to boost the numbers of women in these fields as seeing more women in these professions will have a flow-on effect.

BUT, it can't be fixed just by doing that - you need to tackle it from all sides, especially by trying to get girls interested in these subjects early on.

* - I don't actually believe it is a 'problem' per se - after all, is it really some great societal ill that there aren't many female coders or sysadmins? Are there women out there who have missed out on a life of fulfillment because they never cared for maths at school and thus never even considered a career in technology or physics or engineering? Maybe but no more so than there are people of all stripes who 'missed out' on a life of celebrity because they were born into a middle-class working family of no great creativity or who missed out on being high-paid footballers because their parents were academics.

Re: Was the Treasurer "for sale"?

The funny (not really) thing is all this crap the coalition spewed about "Mining TAX" this and "carbon TAX" that.

Implementing a scheme where multi-billion dollar companies digging up valuable resources from our country are subject to an increased royalty payment when (and only when) they are doing exceptional well, so that, as a country, we can all benefit from the unprecedented boom in the profits earned extracting and selling our shared resources is a tax an horrendous to behold.

Implementing a scheme where the detrimental effects of pollution are taken into consideration (but only fractionally) when calculating the price of those things that generate the pollution where upon the money earned is used to help offset the damage is a tax and unthinkable.

Making CDs and books and electronic devices purchased from "the Amazons" subject to GST collection, despite the only options for doing so being either unenforceable or economically unfeasible, is apparently totally good policy though.