Posts by dan1980 2933 publicly visible posts • joined 5 Aug 2013
@AC
Unless I am mistaken, there is no requirement to implement ALL the DRBGs specified to become FIPS compliant.
Thus, to become FIPS compliant, RSA could have completely ignored the Dual EC algorithm.
I would argue that it is the duty of a company like RSA to be paranoid and assume everything is compromised until tested and proven safe, rather than just saying "we relied on those guys". Apparently not.
@AC
Points for reminding me of endless hours fiddling with LH/DH - most memorably in trying to get spech synthesis working in Dune II.
I remember having several custom AUTOEXEC.BAT/CONFIG.SYS pairs that I would swap in for various programs/games before restarting the PC. Kids these days have it too easy etc . . .
It has, however, spilled over into a pathological need to trim Windows down as lean as it will go.
@D.A.M.
Yup. Two years earlier, in fact. You'd reckon that would imply that they had examined it and approved it independetly of NIST. You know, being a leading provider of cryptographic solutions and all . . .
I like the part where RSA talk about "newer, stronger methods of encryption". ECC is definitely designed to address issues with older cryptographic methods - specifically the need for ever-longer keys. In other words, the idea is to make it more efficient. Except, you know, this particular implementation of ECC is orders of magnitude LESS efficient. And has gaping holes, just for laughs.
It's like deciding on a diesel engine over petrol only to choose a car that drives at 1kmph and has wheels attached with cable ties.
@Don Jefe
I'd agree, broadly, but of course politics shows us time-and-again that the "nice, neat little packages" are often the lies as an accurate understanding sometimes requires more information than can fit in a soundbite.
I like the point-form format of RSA's response but an accurate representation of the facts requires additional points:
The lack of proof should have caused RSA to examine the standard more closely before making it the default PRNG. Failing that, the findings of bias in 2006 should have been enough to warrant caution and a review by RSA. Failing that, the presentation by Ferguson & Shumow a year later should have raised such flags as to prompt RSA to immediately alter their default PRNG and inform their customers of the potential vulnerability.
Simply saying they "[relied] upon NIST" is utterly inadequate, given that NIST provided no proof of the security of the PRNG**, while independent researchers had proven that there are real, exploitable flaws in it. What justification did the RSA have to rely on a body that provided no proofs?
The short version of the whole affair is that RSA is one (or more) of the following:
In denying the first (as they are), RSA is effectively admitting to one of the others. None are good for a company in the business of protecting users' privacy.
* - We now know that they were the sole author but we must assume RSA did not know this at the time.
** - There can be none.
@-tim
True, but would you rather share newly-installed, pulbicly-owned, underground fibre or decade-old, privately-owned (and therfore rented) above-ground coax?
The allure of the LNP plan is that, should it all go exactly as they claimed, more Australians would see the benefits sooner and with less expenditure. That relies strongly on two premises - that the roll-out will actually proceed at a faster pace, and that the costs will actually be significantly reduced.
Most technical commentators spoke of grave concerns and doubts that there was any liklihood of either outcome occuring with each report that is more and more certain.
As was said before the election (and since) - the choice is largely between a fast, future-proof network blowing out in budget and time or a lesser, slower network blowing out in budget and time.
@Killraven
So, as the 'ultimate illegal', what is the 'ultimate punishment'? Nothing, that's what.
Legislation is legally binding unless proven unconstitutional; if you break an unconstitutional law, you still get punished.
A piece of legislation that is ruled as unconstitutional ceases to be legislation but while it is still on the books, it is law and breaking that law is illegal.
Likewise, actions in accord with an unconstitutional law are legal and cannot be punished. You only have to look back to the civil rights movement to see this. In Plessy v. Ferguson, racial segregation laws were ruled to be constitutional. Later, in Brown, the Supreme Court ruled that segregation in public schools was, in fact, unconstitutional, thus striking a fatal blow to the 'separate but equal' doctrine born from Plessy.
The 13th and 14th Amendments hadn't changed or been superseded between 1986 and 1954 - for the purposes of racial segregation, it was the same constitution - so segregating public schools has been unconstitutional since the mid 1860s. But, prior to 1954, the practice was legal and post Brown, it was illegal.
Downvote me again if you want (and are still paying attention) but illegal and unconstitutional are not the same thing.
@LordHighFixer
Perhaps read the paper before pooh-poohing the results; it specifically mentions (3.3) that they ruled out EMI and confirmed the readings were from 'acoustic emanations'.
Beyond just the fun-and-games you mention with EMI, testing for vulnerabilities to EMI side-channel attacks is common enough that there is no way the authors didn't know about this. Indeed, there are even competitions to see who can retrieve keys from chips using EMI analysis.
One of the implications of this work is that a side-channel attack using sound could, potentially, be conducted at distance. They managed 4m with a parabolic reflector but, as the signal is audible, any method that captures audio with sufficient sensitivity should work. In the paper, they indicate that they plan to use a laser vibrometer in future tests!
Other scenarios they describe include bugging/tapping a phone conversation and using a computer's own microphone. The latter would not be overly difficult and would be ideal where someone is using, for example, Skype.
The mature nature of EMI side-channel research means that there are existing measures for protection against such attacks, but machines so protected would still be vulnerable to acoustic analysis, which opens numerous attack vectors, some of which could be very covert.
Of course, it's not just a matter of 'record sounds, get data' but the principle has been proven.
Seriously - nice job. That is some impressive, impressive work.
As several people have mentioned above, EMI is one thing (and a pretty well known thing) but using coil whine* as a reliable indicator of what functions the CPU is performing and refining that to find a 4096-bit key? Like I said: impressive.
Of course, they then took this further, realising that, as the source of information was seemingly voltage regulation, there should be ways to measure this more directly. In one of their experiments they get the same information from connecting a voltage probe to a CAT5 cable connected to a switch - at the switch end. As they rightly point out, that can be in another room, far from the user's gaze and doesn't actually interrupt use of the network. As the information is coming from the potential of the shield, you don't even need the port to be enabled on the laptop.
Even more amazing is being able to measure this indirectly by measuring the potential of someone touching the laptop chassis!
Again - very, very impressive work and they should be suitably proud of it.
Maybe not directly useful given the restrictions but they have proved a general property - that CPU operations can be reliably ascertained from analysing the voltage regulation.
* - What people call 'coil whine' is not always generated by the coils themselves, as the paper identifies. More generally, it is the power supply/regulation circuits that are responsible. It doesn't seem to matter what is actually responsible, nor that they know what component/circuit it is.
The last paragraph is the kicker.
Whenever I speak to a client about migrating an application to an online provider, I always start with an ideal transfer rate - assuming that the data will transmit at the full line rate - and work from there. There's no point even testing if the theoretical maximum is too slow!
Last time the estimate was 500 hours - 3 weeks. Even then, it would have actually taken closer to 4 weeks as, after that initial transfer was finished, we would have had to send changes. That would have taken a few days, so more changes to be sent, and so on until the time decreased to the point where we were sending just one day of changes and could therefore cut-over with some measure of control.
Of course, none of that is to say that this technology is not impressive, but there is a big difference between increasing the speed of data that already has to be transferred and being a 'game changer', which I would equate with enabling the use of a data transfer where, previously, couriered HDDs were used.
I contend that it was GT2. At least that was the most fun for me. Not overly realistic, but I was far more attached to my cars and setting them up just right than I have been in any subsequent GT. I used to tweak my gear ratios and suspension for every circuit - can't be bothered doing that now.
But yes, as the series goes on, the AI has become a glaring problem. Every review notes it each time but it never seems to be addressed.
Considering the US Government maintains that sections of the Geneva Convention (you know - the ones about torturing people, etc...) don't actually apply to them, I wonder exactly how much weight such a pronouncement has?
Remember, all the government has to do to prevent the facts of any prospective case from seeing a court is to say: "but, but, national security . . . " And remember also, we're talking about something that's supposed to be covert; if done 'right' it shouldn't even get to the point where the Government needs to intervene and use it's magical 'get out of jail free' card.
In Hamdan v. Rumsfeld, the central issue was not what actually happened to the prisoner but if the court was able to hear the case. Essentially, the US Government had passed legislation that tried to prevent the court being able to decide if it (the Government) was breaching the Geneva Convention.
In both situations, the Government has simply legislated that the courts can't try the Government. I used to think that the tripartite system was a good idea as it helps limit the power of any one party. Indeed it still is a good idea. It just doesn't work that way in practice anymore; not since the Government decided it didn't want to be subject to such judgment and subsequent limitation of their action and autonomy and so legislated accordingly.
The thickness of sarcasm makes it a little difficult to get through your post so let me counter with my own:
The avoidance of short-term pain for political expedience is always an excellent strategy for the long-term prosperity of a society.
It is a fact that, at some point, humankind must transition to cleaner energy sources. Like many such decisions, we will always have an excuse why we do mean to do it, just not quite now. It doesn't matter what the almighty economy is like - it will never be the perfect time. Now, the economy is not strong enough. Once it starts recovering, it will be too delicate to risk. Once it has recovered, then it'll be: "we'll cripple the economy".
Any do you know what? That would be fine if the pollution we are spewing into the atmosphere (or planning to pump into the Great Barrier Reef) only affected 'the economy'. But it doesn't. It effects everyone; even (amazingly) those people who don't own mining companies.
@Paul J Turner
The amazing hypocrisy of non-scientists using things like ice ages and climate cycles in defence of their position is that such things are only known because of all the scientists who spent years doing painstaking (and sometime dangerous) research across numerous inter-related fields. These scientists who you evidently believe (because you take the historical occurrence of ice ages as a fact) are the same ones you simultaneously say you do not believe.
Worse, you use the evidence they have collected and the work they have done as 'proof' that they can't be trusted.
I don't mean to be rude but you, and others who make similar statements are using the findings of climate scientists to call into question the findings of climate scientists. In doing so, you ignore the fact that understanding ice ages, climate cycles and the causes of these, is a key part of the evidence for man-made climate change.
No one is suggesting that the planet's climate will forever be static but for human influence, but given the knowledge of how climate changes can cause feedback loops, even small additions to natural processes stand the chance of having comparatively large effects.
On a more specific note, the entire (public) argument of the coalition appears to be that it will cost money to address climate change. Or, rendered in the current political language, "be bad for the economy". And that's the crux of it; because addressing climate change will cost money in the short term, climate change has become the proverbial 'political football'.
@JLV
It is a bit of a tricky situation, I'll grant you that.
However, such a law would not be even close to unique. There are already scads of laws that exist to protect the sensibilities and peace of the public.
What, after all, do public nudity laws aim to do except enforce "interpersonal courtesy"? It doesn't hurt anyone for someone else to walk around naked. Indeed, you have far more ability to 'just not look' at a naked person on the street than you do to 'just not listen' to a mobile phone being used in a pressurized cylinder hurtling through the air at three quarters the speed of sound.
Free speech is tempered by the need to uphold the freedoms of those who would have to hear your speech and that is nothing new. But this proposed law is not really about free speach anyway - it's far closer to noise laws that exist in almost all communities.
Free speech says that you can sing a song about your hatred of the government; it does not say that you can play that song at full volume outside my bedroom window.
@Windrose
While I never discount the possibility that I am just very odd, I've always though that there was a reason why mobile phone calls annoyed and distracted me so much. That was more or less confirmed by two studies; the first, conducted in 2010 at Cornell, the second in 2013 at USD.
They're easy enough to find but the conclusion are exactly what people could tell you - having to listen to mobile phone calls is distracting in ways that ordinary, two-sided conversations (or other audible annoyances) are not.
The proposed explanations from both groups was that the brain is automatically trying to process language and when only half a conversation is audible, the brain has to try harder.
This has always been my assumption too - language processing often seems to happen sub, or semi-conciously, but when you hear what the Cornell researchers called a 'halfalogue', the extra work your brain is doing to try and process it brings it up to a level where your far more aware of it.
Not that I am against a reduction of all such annoyances in planes and other confined, public spaces - trains, buses, restaurants, shops, cafes, etc... - but I, personally, find mobile phone calls to be a special type if annoyance, and it seems I am not alone in that.
"Why bother trying to compare costs if you don't factor in two of the most expensive parts of your infrastructure?"
The most expensive parts of whose infrastructure?
Is storage and bandwidth always the most expensive parts for everyone? It seems the question could be better worded:
"Why bother trying to compare costs if you don't factor in two of the most expensive parts of MY infrastructure?"
Trevor - excellent explanation of how you think and how this influences what you do as a sysadmin. I am much like you, having involved myself in that paradigm (for want of a better, less wank-word-bingo term) for a long time and it's sometimes difficult to break out of that thought process.
I think the important thing to note is that such bias is experienced by all sysadmins, and those who promote cloud-based systems are certainly not immune.
More directly, for some situations, it makes sense to deal with 'workloads' but for others it does not. Those situations and jobs that can be effectively provisioned and managed in a per-workload paradigm (bingo!) are the ones most likely to benefit from being run in a commodity cloud environment such as Azure or Amazon - though obviously that is not the sole criteria.
Trying to force things to fit a per-workload model, however, is a recipie, if not for disaster, then at least for pain - either through reduced functionality, increased costs, or both.
I once had an argument with someone who claimed that relational databases were outdated and no longer relevant, 'NoSQL' being the future and the only logical path. His bias was born of his long-standing involvement with building back-end data crunching systems. Though he never conceded the point (and I didn't expect him to,) it was amusing to me that his current project involved processing data generated by SAP. The fact that his 'big data' project would be pointless without the data generated by an application requiring a relational database seemed not to inspire him to rethink his position.
Long story short, the pain people experience when moving to the cloud, where not due to sheer incompetence or rubbish luck, is usually due to trying to shoehorn a system/client/application into a model that just doesn't fit it.
Unfortunately, vendors like MS view cloud services - specifically the "delicious monthly subscription[s]" - as essential for their business to succeed. The result is that many smaller companies are effectively being forced into the cloud as MS are quite simply structuring their software offerings that way.
The brutal murder of SBS is the prime example, but the removal of the 3-user 'family pack' Office license in 2013 is another. Neither are in the same sphere as people who would be using the Azure platform but both are part of Microsoft's plan to move as many users as possible to a subscription model and eventually do away with perpetual licenses altogether. Both encourage people to adopt this model not by making the model itself desirable, but by increasing the cost or difficulty of not adopting it.
For some users and businesses, it actually makes sense and will represent an improvement or saving, but not for everyone and those people well end up paying more for a less suitable product.
@Gordon 10
I would argue that ". . . spooks failing to comply with existing legislation . . ." is really just a natural and entirely expected outcome of the real problem: lack of transparency.
Not everyone is bad. Not everyone is selfish and devoid of decency and respect for their fellow humans. Not everyone, however, has access to the technologies and the power to amplify those natural human faults to levels that threaten the privacy, human rights and freedoms of vast swathes of the world population.
The potential for such power to be misused is large enough by itself but the more insidious problem is of essentially well-meaning people progressively over-stepping until a new 'normal' is defined. That is where we are, and, somehow, intelligent people are defending these egregious violations of our privacy as nothing unusual.
This seems to be largely what has happened. Those on the 'inside' have, bit by bit widened and deepened their surveillance of normal citizens. It has happened more or less gradually, so that those conducting and running these agencies don't really notice or understand the lines they are crossing. It only becomes obvious when the extent is suddenly made public and the people, whose expectations of privacy have not been eroded in similar fashion, realise what is being done.
In a way, it's like when you don't see your niece/nephew for a year and all of a sudden they've gotten so tall. To them and their parents it's all quite natural as they have not seen any major differences from one week to the next but to an outside observer the change is readily noticeable.
The people who defend these actions by saying that they are 'normal' often deride others for being naive and not understanding the way the world works. They miss the point; the vast majority of people don't want this kind of mass-surveillance to be 'normal'.
These agencies are operating so far outside and beyond what the average person considers as normal and reasonable because they have been able to conduct their activities unseen, unknown and un-monitored by the average person.
They are selling security at a cost of privacy but we are seldom allowed to see the return on our investment (it's all classified) and never allowed to see how much they are charging us. Nor are we able to 'opt out' of this service. Is it any wonder we are being overcharged?
While I don't believe anyone above is arguing for closed standards, we have to be careful not to slip automatically into an appeal to motive.
Almost all such companies like open standards when they are a smaller part of the market and closed standards when they are the dominant player. It might be interesting to note, however, that Cisco (relatively) recently released EIGRP as an open standard. The motives might be debatable but one thing you can be sure of is that the routing market is a FAR different place to the software market as the Internet fairly runs on the fact that the protocols are open.
Regardless of their obvious vested interest, Cisco have a legitimate point. 'The Internet' seems to be taking backwards steps as it was built and expanded under freedom and openness. Now, as we deliver ever more complex functionality over the Internet - to the point of running full applications inside a browser, and beyond - the technologies are becoming more closed.
Custom CODECs and plugins and frameworks and now, while we are finally starting to cast off Flash and the more-recent Silverlight, we have the W3C themselves planning to turn HTML into a nice, convenient packaging for custom, closed DRM APIs.
Proprietary protocols and closed standards have their place, just not on the Internet, please.
"Yes thats fine you stream your music to listen to (when you should actually be listening to the radio product you contribute to) and chew up the LAN/wan bandwidth and THEN complain that you find editing video and audio "slow", over the same network."
Yep. That's one of my favs too. More amusing, of course, is when you are expected to identify bandwidth hogs and yet they won't approve budget for some new, smarter switches to help you do just that. This, of course, despite the fact that the dev team just arrange purchase of SSDs for all their PCs to try and fix the network slowness.
Re: Macbooks and AD printers - how many times a week do you hear: ". . . but it works fine at home"?
Agreed - it's a great strategy. In a past life we did a similar thing for the phone and PC VLANs: whitelist (the correct brand) IP phones on the voice VLAN and blacklist those same MACs on the data VLAN.
It wasn't really a security thing, though - more a helpful way to troubleshoot as a device plugged into the wrong VLAN just wouldn't get an IP. It was also good for a remote office with no local support - plug the phone in and if it gets an IP, it's on the correct VLAN. If not, try the other outlet!
Doesn't work if you have the PCs connected through the phones but if you have dedicated outlets and switches it just makes things easier - especially when troubleshooting remotely.
Peter2, pierce and Matt Bryant are all on-the-money.
Finance acts as gatekeepers to the money because they have the knowledge, expertise and responsibility to ensure that the company's money is spent according to company policies.
HR acts as the gatekeepers to staffing because they have the knowledge, expertise and responsibility to ensure that the company's hiring and employee management practices are conducted according to company policies.
Guess why IT acts as the gatekeepers to the IT environment?
My favourites are web-based and 'cloud'-based solutions, as the pre-sales people for these often actively tell people that they don't need to involve IT - it's all online and you won't need to install anything, don't you know?. I took this up with a pre-sales team once and was told, verbatim: "we try not to involve the IT department". You what? The marketing for such products is usually an endless parade of racially-diverse, young corporate-types leaning over each other at boardroom tables in expensive, light-filled offices, smiling and pointing at tablets & laptops.
It's all so easy, see?
. . . except that the platform requires Java, which has been disabled due to several unpatched security issues with particular relevance for company systems. Or it needs to install an (unsigned) ActiveX control that is not compatible with the installed version of Internet Explorer. You could roll-back, but there are several unpatched bugs and it wouldn't work with the company intranet anyway. Or perhaps it's not coded to deal with IE at all and certain features only work in Chrome. Great, except IT were instructed not to install Chrome due to privacy concerns and the staff only realise the problem at the end of month when they find they can't run their reports properly.
The reply from the department in these cases is almost always a variation on: ". . . but I don't understand what the problem is; <insert vendor here> said it was all on the Internet and would work anywhere!"
Everyone in IT has been there and we all have our stories. Shudder.
". . . it's enforcement that's the rub."
Exactly. It's all about having a CIO/CTO with the knowledge and personality to communicate this effectively to the other C-levels and the clout and balls to carry the day.
One thing I have found, working in companies of different sizes is that directives like these must come from, and be supported by, the very top of the chain. Otherwise it's just inter-departmental bickering.
This is also a good learning point for IT staff, and can help teach how to properly and effectively convey what the problem is, why the system(s) are problematic, the consequences, what can be done now and, importantly, how everything would have been better if IT was involved from the very start. That is a very valuable skill.
Sometimes, just sometimes, when doing that, you find that the system that has been purchased without your knowledge is actually not too difficult to integrate. That doesn't excuse what has happened and in those instances I make sure I point out that it was pure luck that the systems work, but I must confess that at least once I have taken the usual stance and, in trying explain exactly why we can't help, I have come to the realisation that there's really no reason it can't all work well.
Accompanied by a suitable report detailing why we should have been consulted first, what the complications were and how we can manage these implementations better in the future, I have at least once found that the overall result was better cooperation from that department head. In short, she knew we actually did care about them and wanted to help them do their jobs and make their lives easier. She better understood why we have the structure and restrictions we do (though still complained about mailbox size) and the next system (an online employee portal - yes, it was HR . . . ) went much more smoothly.
That's far from the rule, but don't rule it out.
@Dropper - "FFS really?"
No, not really.
Reading the Aus Dept of Health website, the goals are to:
While the article is right to highlight the non-definitive nature of survey results, it is interesting to note that during the implementation, a survey found that almost twice the number of smokers using plain packaging believed the cigarettes to be of lower quality than the previous year, compared with those still using branded packaging. A similar result was shown for satisfaction with the product - those using plain packaging were twice as dissatisfied as those with branded packets.
Worth noting is that the report very clearly made the disclaimer that it could not determine if the result was due to the plain packaging itself or the now more prominent health warnings. You will note that that still fits the government's goals for the legislation.
Your argument is a strawman - you ignore the fact that anti-smoking measures are multi-pronged as what works to encourage one person to quit, cut-down or never start, is not necessarily the same as the next person. That's why, in that same term of government, duties were raised, with plans for further, predictable raisies (12.5% over CPI from 2014); Internet advertising was banned; cigarettes must now be kept out of sight at counters; over $100m was allocated to address Indigenous smoking; bans on outside smoking were widened - including beaches, playgrounds and restaraunt seating; $135m was allocated for additional media campaigns; The duty-free allowance was significantly reduced; penalties for tobacco smuggling were increased; and Additional nicotine replacement therapies were approved for subsidy under the PBS.
No one serious about reducing smoking believes any one measure will be broadly effective in isolation and that is why the government did not pass this legislation in the hopes that it, alone, would be some silver-bullet. The tobacco companies, of course, argue the case with that deliberately false assumption. But then those tobacco companies have recently tried to fight this legislation with two diametrically opposed reports - that the ban has not affected legal sales, but somehow has managed to increase the incidence of illicit tobacco use.
@Don Jefe . . .
Yes and no. Well, that's my belief anyway.
This is going to be a long one. I respect you and don't disagree lightly . . .
I think you might be misconstruing the idea. I don't think people are suggesting that young people walking into the corner store, perusing the packets and selecting a brand they feel represents them is how smoking starts.
I believe the idea is that cigarettes were once seen as glamorous and the plain-packaging laws are the latest step in a long effort to reduce that attractiveness - one that started way back in the early 70s, when the US Surgeon General released extensive reports on the health hazards of smoking.
Since that time, there has been a gradual process going on with the aim of reducing smoking in Australia. It has combined information, in the form of health warnings, campaigns, etc...; restricting smoking advertising; funding 'quit' programs, subsidising medical treatments; restricting smoking in public areas and, of course, raising fat wads of cash through excise and duty increases.
Over the course of this process, the number of smokers has steadily declined. It's certainly possible that the numbers would have declined anyway, though I feel that to be a bit of a stretch. It would be easier to argue that any given regulation/restriction/law was ineffective but each new measure has most certainly been consistent with the stated aim of the Australian Federal Government, which is to reduce smoking levels in Australia.
Back to the core argument, on the effectiveness of plain packaging, it has to been seen as part of the larger process to remove the visibility of smoking, reducing the 'passive' advertising.
It may be down to an ignorance of Australian laws (and I freely confess an equal, if not greater, ignorance of US, Canadian and UK laws) but the scenario you are ridiculing is a straw-man. Why? because two years prior to the plain-packaging legislation being passed, laws were enacted requiring all cigarettes and tobacco to be placed out of site at the point-of-sale - usually implemented with large, plain cabinets behind the register.
Plain-packaging laws are just a logical extension of the progressive banning of all cigarette advertising, and the effect is not expected to be drastic but cumulative with previous efforts. The aim is to stop smoking being 'around' so that it is not seen as normal or socially acceptable*.
Mate, I pretty much agree with you on everything before even reading your posts - you are older, wiser and more worldly** than I am - but I can tell you without the slightest bit of exaggeration that the packaging most definitely made a difference to me.
When I started smoking, my first cigarettes were Winfield 'Reds'^, shared with friends. Once I started buying my own, I bought B&H. Why? Because I thought they were classier. Note that I said "were", not "looked". Later, as a 'matured' into a young adult, I moved to Stuyvesants. Why? Because I felt they were a bit more mature, a bit cooler. More understated - no need for flashy gold 'look: I'm smoking B&H here' - instead a utilitarian soft-pack with simple style.
You might think I am making this up but I am not. I wince a bit at the memory of my younger-self but that is the naiveté of youth.
The point is not that I smoked because of the packaging, the point is that that packaging is advertising and advertising is effective. Not on everyone, but certainly more so on younger people. The Australian government has a policy of banning cigarette advertising and the move to plain-packaging is wholly consistent with that long-running, bipartisan, publicly-supported policy.
Anti-smoking measures have increased over the years, while at the same time smoking rates have decreased. They are not simply coincidental, so the question becomes: which is the cause and which is the outcome? It could be plausibly argued that since the detrimental nature of cigarettes became known, smoking has decreased and therefore public support for anti-smoking measures has increased, leading to more and stricter anti-smoking measures. The Australian government largely takes the opposite stance, that the anti-smoking measures caused the decrease in smoking.
There are studies and survey and reports and graphs and endless opinions supporting both sides of that. I would note that I have not seen a study claiming the measures are ineffective that has not been commissioned and funded by a smoking body. (Not to say they don't exist.) As the title of my original post implied - you can make such a report support either position depending on the data you use and how you present and weight it.
For my part, I believe it is both together. I believe anti-smoking measures, overall, have been effective in reducing smoking. That reduction in the smoking population then means there is more public support for further action to be taken. That may lead to some actions that don't produce a statistically significant effect and are implemented based more on that public support than on hard numbers.
I better leave it at that : )
* - I am not saying the aim is a noble one or even a practical one, but that is the aim and, when viewed in that light, the plain-packaging laws are consistent with that aim.
** - Though not more wordy.
^ - 16mg - we were men.
Good critical thinking but not actually correct in the instance. The massive hike (25%) was in 2010. Since then, it has been pretty much in step with CPI.
Going into the election, Kevin Rudd planned to increase the tax by 12.5% each year for the next your years (i.e. the government term). I have a feeling that was to be 12.5% on top of CPI increases but can't recall. That was slated to start towards the end of this year but I don't know if the LNP are going ahead with it.
What was done at that time was to sharply limit the duty-free allowance to 50 cigarettes (down from 250). Whether that had a noticeable impact I can't say.
Where to start?
First - the primary aim of plain packaging is not to directly cut down on current usage, it is to prevent new smokers starting up. Whether or not that will be effective is another question but the benefits of this measure, like those before, will be long term and can only be assessed long term.
Second - 154% is just one figure from the report, dealing with one form of illicit tobacco, and represents an increase from 0.5% to 2%. I would suggest the author actually READ the report next time. The actual increase in total illicit tobacco use is 13%. In 2012, illicit tobacco (in all forms) accounted for 12.8% of the market. In 2013, it was 13.3% - an increase of 0.5 percentage points.
Third - $1bn? No. No, no, no. The ENTIRE illicit cigarette market in 2013 would have, if purchased legally instead, generated $1bn in excise. In 2012, that number was ~$900m. So, between 2012 and 2013, the change meant an ESTIMATED loss of ~$100m*.
Finally, as the author notes, the study was commissioned by cigarette companies. If, as the author says, opinion polls are not the finest source of information, I would suggest that studies funded by cigarette companies should be treated just as sceptically. Further, it is interesting (to me) to note that several key bits of evidence for the conclusion that illicit sales have jumped are . . . surveys! One of those had a sample size of just 2100 people.
* - Excise increased 2.4% between these two periods but that's not enough to make too much difference and is reflected in the $100m. Actual difference is $120m, but $20m of that is accounted for by the excise increase - i.e. if 2012 volumes were matched with 2013 excise prices.
@Trevor_Pott - "Fondleslabs are inherently content consumption devices."
Pretty much exactly this. As a single device, I far prefer even my aging and slightly grumpy netbook. Yes, sometimes it's a bit unwieldy on the train, and it takes too long to boot and connect to 3G, but it's a damned sight easier to use when troubleshooting code or writing a report or even bashing out a long-winded post on El Reg. It's also good for a a quick (i.e. 3hr) Civ2 session.
Tablets and laptops are just different devices - as I constantly try to remind my clients when they complain that X/Y/Z doesn't work on their new shiny toy.
For my money, the battleground MS is fighting on just isn't relevant for me.
Elaborate, please - I'd welcome a use for the 2H* pencils I've accumulated. Beyond scoring lines in paper. Thinking on it I suspect you'd write 1-6 on each of the sides and roll to find the runs scored? How do you get out? Hmm... maybe 1, 2, 3, 4, 6, OUT! - yes, that would do it; no one runs five. Well, unless you bring Tuffers out of retirement.
Or I suppose you might toss the pencil and if it rolls of the desk, that's out. Would make sense.
* - I presume a 2H would work equally well?
@KrisMac
It was my (childishly-low level) understanding that iron can't fuse with other iron atoms. One of my takeaways from that 'understanding' was that the nuclear fusion could, theoretically, continue if there was a fresh supply of protons - i.e. hydrogen.
Or is it that iron, no matter what you throw at it and no matter the temperature, won't fuse?
Note - my question comes from a desire to learn; would love the feedback.
@Turtle - "Eventually people are on the side that they help."
By that logic, all the humanitarian groups that give aid to North Korea are "on the side <of>" Kim Jong Un and his father before him.
Oh, I bet they spout platitudes about the world community and feeding the hungry, caring for the sick, and other such trite nonsenses to help them sleep at night, but we all know, from our far remove, that their self-righteous, rouge actions are really just there to help The DKKR's military dictatorship spend more money on arms to threaten the the rest of the world and oppress their own population.
@turtle - "I have no doubt that Snowden has any number of pious bourgeois platitudes . . ."
If you're referring to speeches and quotes attributed to members of the founding fathers and champions of the American Revolution, such as Franklin, Washington, Jefferson and Henry, then feel free to call those people "pious" or "bourgeois" but I'm not sure many would agree that such lines as:
"When the American spirit was in its youth, the language of America was different: Liberty, sir, was the primary object."
or:
"It will be found an unjust and unwise jealousy to deprive a man of his natural liberty upon the supposition he may abuse it."
are mere 'platitudes'.
Step forward a bit and there would be good company with Lincoln:
"It behooves every man who values liberty of conscience for himself, to resist invasions of it in the case of others: or their case may, by change of circumstances, become his own."
Or, more recently, I would think it odd if someone derided Kennedy's:
"Let every nation know, whether it wishes us well or ill, that we shall pay any price, bear any burden, meet any hardship, support any friend, oppose any foe to assure the survival and the success of liberty."
The aims, if not necessarily the methods, of Mr. Snowden would, I suspect, find great respect and admiration from many considered as great people of history, who helped shape the US and indeed the world as a freer, more just place.
My question is - given the prior 'revelations' that the NSA tapped into both Google and Yahoo, why would Microsoft wait until they were specifically mentioned to start this action?
Given the nature of the revelations and the clear indication of intent, if not actual conduct, it seems odd that MS would believe they were fine until otherwise informed.
@Cliff
One could argue that the ability of publishers to make money from copyrighted works incentivises them to engage and pay writers (etc...) and thus provides incentive for those writers to, well, write.
Many (including myself) would argue that the system is unequal and in dire need of fixing, but then I occupy that (probably large) middle-ground that believes copyright law is necessary, but the current system is not optimal.
On 'the mouse', specifically, I do see a distinction between a written work and a character. A creation like Mickey Mouse is as much a trademark as intellectual property so, in some ways, wondering when Mickey Mouse will become 'public domain' is a little like wondering when I will be able to build and sell cars with the Ford badge on them, or PCs with the HP logo.
Really, Mickey is a trademark - the character, and indeed other similar cartoon characters, are used as identifiers for their brand. The cartoons themselves are protected via regular copyright (which may or may not be extended) but the characters themselves would seem to be valid for protection potentially in perpetuity. (Apologies for the alliteration.)
Seeing an item or work with Mickey Mouse instantly signifies that that product/work is the property of or licensed by Disney. If the protections on the character and 'likeness' of Mickey Mouse were to suddenly expire, think of all the knock-off goods that would appear. It would most definitely cause 'brand dilution', which is precisely the thing that trademarks are designed to protect against.
To be clear, a cartoon with Mickey Mouse should not receive any special or extended protection (which is what you were likely talking about), any more than a song or a piece of writing should. After X years, that work should be considered in the public domain; the music can be used in a movie or a YouTube video, the book re-printed by another publisher, or a cartoon/movie shown by a broadcaster - all without having to pay anyone. BUT, that is not the same thing as someone making a new movie with the Mickey Mouse character.
Like the bunny, the mouse fulfils the criteria for a trademark and should be protected as such.
THAT SAID, the copyright laws of works do seem to get extended and I don't agree with that at all. There is no reason why the specific work of 'Steamboat Willie' should not be part of the public domain. While it might not be quite the same, modern symphony orchestras and opera companies simply could not exist without the timely expiration of copyrighted music - it is very much in the public interest that the Brandenburg Concertos or Mahler's ninth are in the public domain.
An interesting thing there, is that up until relatively recently, the US did not recognise foreign copyright laws so Disney was able to use Stravinsky's 'Rite of Spring' in Fantasia without paying the then still-living Stravinsky any royalties for the film's US release. They did have to license for international release but were later taken to court for breach of contract when the film was released on video and largely lost, having to pay up.
"Furthermore, the USPTO is one of very few govt departments that is self-funding and actually makes a little profit for Uncle Sam. Nobody really wants to mess with that."
I suspect that one of the reasons the USPTO is self-funding is that it appears that they do precious little work for the fees they charge. I can't remember the source but I was recently reading something about two closely overlapping patents that were found to be issues by the same patent officer.
For what it is worth, this was a great, great game. I was suitably impressed and my brother and I spent countless hours playing this. I remember we'd sometimes play through together - one of us acting as the lookout for the other, noticing hidden ledges and so forth. Whatever criticisms can be leveled at it regarding the character and depiction of Lara or the fact that cut-scene were not so novel to the PC crowd, the fact is that I enjoyed it an lot and many others did to.
It showed very clearly that 3D adventure/exploration platformers could work and sell well if done right.
The atmospheric music and effects were particularly good, if memory servers.
Ignoring the actual swearing for a moment, this shows very clearly one of the major problems I have been so concerned about with everything moving to online, 'cloud'-based systems and the consolidation of things under one device/vendor/account.
Just think about the possibility of where this could have gone if MS had persisted with their original plans for the XBox . . .
With every game requiring both online activation and check-in every 24 hours, these bans could very easily have resulted in people being unable to play their games at all. It's not even close to far-fetched given that EA did pretty much the same thing with their Origin system, with several confirmed instances of people who were banned on the EA forums no longer being able to play their games as their accounts got locked out of the system and so couldn't authenticate. This was not just online games but ALL games.
Why should someone be locked-out of playing a video game online for swearing on a phone call? Or vice-versa? That's ridiculous.
If anything is to be blocked, it should be the specific action that has caused the problem. I.e., if someone swears over public voice-chat, then block them from using the public voice channel. If an uploaded video breaches the T&Cs then block the user from uploading videos.
These things are functionally unrelated so they should be addressed separately.
Back to the swearing though, what happens if you upload a video of, say, CoD where the NPCs are swearing? Does that trigger their automatic filter and thus block you?
Back to the swearing, if anything should be blocked, then it should be swearing in public channels, in public matches/lobbies. I can't say this affects me much but that is the appropriate place to do it, if anywhere is. Still, it might be hard to avoid a loud expletive from time to time. Private sessions should have options decided by the convener. If the participants agree that they want to be able to swear then let them. Likewise there is no reason to block swearing in private Skype chats.
More generally, blocking certain language is about preventing offence. Swearing is simply not objectively offensive. In Australia, people can be fined by the police for 'bad' language. The simple truth, however, is that if the charge is contested, it is almost never upheld. That is because 'offensive language' is just not really definable. You can't even say that offensive language is language that causes offense, and indeed the courts don't do that.
The only way to start a definition of what 'offensive language' is, is to say that it is language intended to cause offense.
Even then, of course, that is not workable by itself as how can you tell if someone meant to cause offence. To do that, you need to assess the people involved, their normal speech, the speech of those around them, the context, including the events prior to the incident, and the forum.
Still, not all language designed to cause offense is swearing. If I said to a Muslim that Muhammad was a Satan-worshipping homosexual, one might well conclude that I was being deliberately (and grossly) offensive, but I would think that very few would deem the language 'swearing'.
If MSs T&Cs say that you can't swear or use offensive language then they really need to spell out EXACTLY which words are not permissible. If there is an automated filter then it must have a list so simply make the list public. That would avoid any confusion.
P.S. - I do, of course, find it amusing that MS are trying to clean up our language considering they are responsible for a good 90% of my swear-word output during the work-day. Here's a tip, Microsoft: if you want to reduce swearing, stop:
a.) Discontinuing useful products (SBS, ISA/TMG, etc...)
b.) Replacing perfectly good, efficient menus with ribbons and tiles.
c.) Trying to force everyone onto the 'cloud'
Instead, try focusing your considerable talent pool on making products that work and fixing them when they break.
MS are like a child with ADHD - they get bored and distracted working on a product and just abandon it to run across the playground to play with a shiny, new ball. But I digress . . .
Yep.
I use webmail when I work from home but don't need to VPN in (I don't have Outlook on my home PC) and it's fine for checking and replying to e-mails but as a day-to-day solution it just doesn't fit my usage.
Maybe that makes me out-dated and clinging to a superseded paradigm but it works for me.
I have setup and customised Outlook (2007) to look and work the way I want it too and that is a big attraction; users can personalise the layout to best suit their needs and preferences. Want to view which senders requested a receipt? Easy - just add in the column. Don't need to see categories? Take them out. Only want to see e-mails from today? Collapse the groups. Use obscure functions frequently? Add a new tool bar with the items you use most.
And, of course, almost anything I can't do directly functionality-wise, I can knock up a quick-and-dirty VBA script or invoke the Outlook object model in a scheduled VBScript task.
I am far from Microsoft's biggest fan - especially as the program I am currently defending/praising has been butchered in the last two releases (2010 and 2013) - but what I am saying goes for other desktop e-mail clients as well, including Notes and Thunderbird. Some people may love webmail clients but for me, I like my desktop client and I would find it odd if someone else were to tell me that I was wrong in my preference.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
