Posts by JimBob01 57 publicly visible posts • joined 23 Feb 2014
Was thinking the same thing.
The rules seem to say you have to have the apps, not that they have to be on every phone you possess. Given how many people seem happy to live with (at least) 2 phones, is having another just for FIFA and Qatar such a big deal?
"Appl makes it astonishingly obnoxious to even download free things without a credit card number on file."
Care to elaborate on your claim? I found it pretty simple to create an Store account with no payment method ... perfect for downloading those free things...
I’d bet that Apple already employ many people for product security purposes but any employee is open to the many cognitive biases just because they are an employee.
Handing low level access to “independents” is a way of reducing the role of cognitive bias in security assessments, basically getting input from another set of eyes.
An obvious weakness in this approach is that you have to trust the people (you give low level access to) that they will report any interesting findings and not keep it to themselves, eg would the FBI report they had found a useful backdoor?
“ If you are going to complain about it then go ahead - but complaining just illustrates that you don't understand the world.”
WT-absolute-F!?
Dunno about you but I live in a world where large cloud companies constantly bang on about how much more reliable they are than using your own equipment.
For this reason, a PC not booting is not news worthy whereas a mega-cloud service being borked is.
The use of phones to ‘secure’ important, personal information has become widespread without any concern for fact that phone companies do not have strict and consistent rules about such things as SIM swapping - Particularly as this practice is considered a handy feature by many who would, no doubt, baulk at any reduction in this convenience.
I have heard the "large orgs do technical security so much better than we ever could" mantra so many times but there never seems to be any consideration of the increased social engineering surface that a large organisation must have to manage huge numbers of anonymous clients. Also, as in this case it seems, a large organisation is much less well equiped to deal with rogue employees who are, again because of org size, pretty anonymous AND able to subvert any security protocols put in place.
Maybe the new mantra should always be that "convenience and security are opposite ends of a scale, as one increases the other must decrease". You must prioritise what is most important. Anyone who claims different is ignorant or selling snake oil.
Too many posts where people are (deliberately?) mis-representing what MVP is SUPPOSED to be…
“Viable” is supposed to mean that it works.
“Minimum” is supposed to relate to the richness or paucity of features.
Obvioulsy, some teams/management don’t get that either but it seems, if there is “adherence to Agile religions” then, they must be using it properly.
Erm do you mean the Duke of Westminster or Earl Grosvenor?
Though inheritance tax is another out of control process at HMRC. It was originally brought in to cover large estates and was referred to as the Mansion Tax for a reason. Now, if someone leaves you a property in London you have inherited a mansion! It also seems that the threshold of this tax has not followed the index. And, as with all taxes, it is the people at the low end of the threshold that end up paying a disproportionate tax rate as they cannot afford the “smart” acountants.
As for HMRC lack of understanding of their own processes, tax legislation is written in consultation with (by) the large accountancy firms that, in no way possible, have a conflict of interest. I mean is it really possible that these consultants write in loop holes that can then be sold as expertise to their corporate clients?
hmm… imagine you are waiting to board your plane when an announcement is made
“There will be a short delay to boarding as the technician carries out some maintenance. We appreciate your understanding and hope to continue boarding as quickly as possible”
Wait 20 minutes…
“I have an update on the delay to boarding. It seems the technician has bricked the plane!”
I would guess that the patching only becomes mandatory at the next planned service of the plane so that the process can be properly planned. Up until that point, cold rebooting every 100 hours should be sufficient.
"As such, it's not enforced anything. It's proper taxation for the category that you fraudulently claimed not to be finally being applied to you."
The interesting thing is that according to you, "you" being accused of behaving fraudulently because "you" seem to be is the same as "you" actually being guilty. That seems a dangerous road to go down...
"And a client waiver will do nothing. That's like getting a waiver from your employer that you don't have to pay tax. It doesn't work like that."
You know that contractors work under contracts right? And under contract law, any change to a contract MUST be agreed by both parties else the contract may be unilaterally terminated?
Maybe the solution for any contractor is to add a clause to the their contracts that states that, if the position is considered to be outside IR35 and then HMRC suddenly decides that this contract is actually covered by IR35, a 40% rate increase will be activated?
In most developed democracies, a referendum to make major constitutional change requires a representative majority ( >50% of the electorate), or even a super majority (usually 60-75% of electorate). Leaving the EU, and all it associated costs, should be classed as major constitutional change so why was, at least, a representative majority not enforced?
Parliament gave the people a NON-BINDING referendum on whether the populous thought being part of the EU was a good or bad thing. This is nothing more than an opinion poll and so positive and negative options were provided.
The Government overrode Parliament and made the poll BINDING. This decision had severe consequences, aside from undermining parliamentary democracy.
1. Once binding, it should have been a one horse race - "Do you want to change the constitution?"
2. ONLY "Leave" votes should have been counted
3. The decision to leave the EU should have only been taken if (at least) >50% of the electorate voted to do so.
The shit storm the UK is now in should never have happened if democracy had been respected.
"4 We can no longer blame Brussels. This is perhaps the most important point of all. If we left the EU, we would end this sterile debate, and we would have to recognise that most of our problems are not caused by “Bwussels”, but by chronic British short-termism, inadequate management, sloth, low skills, a culture of easy gratification and under-investment in both human and physical capital and infrastructure."
- Boris Johnson (apparently a good reason to the leave the EU...)
Source: https://www.telegraph.co.uk/news/politics/10052775/We-must-be-ready-to-leave-the-EU-if-we-dont-get-what-we-want.html
"In a 52-48 referendum this would be unfinished business by a long way."
- Nigel Farage (pre-referendum ...now post-referendum a 2nd referendum is undemocratic?)
Source: https://www.bbc.com/news/uk-politics-eu-referendum-36306681
"I'd think that it makes sense to leverage something like AWS rather than pay vast amounts to build and run your own infrastructure in this particular case.”
I would say that, in this case, the opposite is true. $300m+ a year can buy you an awful lot of your own infrastructure. Cloud services do not make a loss so, with a bill that big, significant savings are probably available from going in-house.
…And allows you to avoid using your competitors’ platforms too - avoiding a potentially major risk.
However, when rolling out new services, the great elasticity of current cloud providers can help you quickly produce a fast scaling application and, if the need arises, assess what sized datacentres you would need if you considered bringing your apps in-house in the future.
"The far left does itself no favours, some are even calling Bernie right wing! I mean WTF?!”
Given that the US political spectrum goes from “far right” to “centre right” (what the UK manage to contain in a single party), I would say that calling Bernie right wing isn’t that far from the truth. What the UK would term “liberal” would likely map to “communist” in the US.
How about changing data laws to make the data collector responsible for any misuse of said data, either by themselves or any party they pass it on to?
Irrespective of whether the misuser obtains the data legally/consensually or not.
That should focus a lot of minds on data security
Pre-Brexit the EMA was based in London and big Pharma has a significant interest in being close to this particular organisation.
http://www.pharmtech.com/ema-faces-brexit-challenges
Interestingly, I was talking to a slave trader in AMS a year ago and he was talking about the great opportunities in Pharma, given the EMA has now moved to the Netherlands (currently in Amsterdam). https://www.ema.europa.eu/en/about-us/contacts-european-medicines-agency
What you seem to have missed is that the referendum was informational and not legally binding.
What it demonstrated was that the country was effectively split down the middle about EU membership.
The bit you seem to have ignored is that any weighting of results should favour maintaining the status quo, ie unless a demostrable majority of the electorate desire change then change should not happen. Just in case you are not clear, Leave is the change in this case.
"It matters not if the margin was 5, 5k or 5m votes, it was a referendum, and folk voted as they pleased, that's how a democracy functions, for a given 'value' of democracy of course…”
Actually it matters a great deal what the margin of victory is. In this case, the country is being subjected to the will of 40% of the electorate. If Leave had received 5m more votes then it would have exceeded 50% of the electorate and demonstrated a clear "will of the people”.
And for those expecting the EU to crumble, I live in NL and Geert Wilders is not getting much of an audience these days - especially compared to the run up to the Brexit vote.
This whole fuel idea was shown on Tomorrows World. They started by demonstrating that kerosene is hard to ignite by turning a blow torch on a dish of the stuff. They then did the same with an atomised spray to show how easily it burnt then.
The invention was an additive that reacted to violent movement, eg a crash, by turning the kerosene form a liquid to a jelly. The idea being that “solid” kerosene wouldn’t burn. The catalyst near the engine would disable the gelling mechanism.
In the test, a remote control plane was supposed to crash land on a runway that contained 4 obstacles designed to rip the wings (fuel tanks) apart. The pilot made a small error on landing and one of these obstacles ripped through an engine causing a flash fire. The additive did its job and the flash fire quickly subsided even though the destroyed engine led to more fuel than expected being available to the fire. Unfortunately, the flash fire was enough to get some of the luggage smouldering and a few minutes later a secondary fire started that eventually burnt out the plane. The test was deemed a failure.
"If bent certs from trusted CA's is a real risk”
A major issue is the transparency of “Trusted CAs”. Who decides which CAs make the list?
MitMing is very common in larger orgs but requires installing the cert on all user machines (twice if FF is available). If you are on the trusted CA list then you can easily create a certificate to match * that no browser will bat an eyelid at.
Wonder how many trusted CAs are fronts for 3+ letter agencies, eg looking at my Keychain ...anyone really trust “DoD Root CA 2”, “Federal Common Policy CA” or the Taiwanese “Government Root Certification Authority” (also in FF)?
If you are really worried about spies intercepting your traffic then take a look at the looooonnngggg list of trusted roots. How many of them do you recognise? How many of the recognised providers have also been ‘required’ to provide valid certificates to TLAs? How many of those roots are actually owned by TLAs?
“...Such a practice is unacceptable; you should not be able to charge both ends..."
Ever sent/received a wire transfer?
Regarding the article, it appears to be a line of straw men while conveniently avoiding ever mentioning the possibility that ISPs could act directly against the interests of their customers.
"This is impossible for the following reasons:…”
So how is it possible that I have BBC1-4, 1 & 2 HD and Entertainment as part of my cable package …in the Netherlands? And yes, I was able to watch all the BBC generated coverage of Wimbledon that I desired.
It would seem that there appears to be a fairly simple solution to all this geographical licensing mumbo jumbo after all.
"I'd ask you to be kinder to leaflet delivery people. They are paid for the number of leaflets that they deliver and because of the time it takes to deliver that number of leaflets, they are effectively working below minimum wage. Each "no leaflets" message they see costs them more time and is one less drop they can make.”
Are you suggesting that they are observed at every single door? How else would a “paid per drop” scheme work? I would assume they are paid to deliver to specific area and provided with a bundle (and reward) based on the approx number of letterboxs - actual delivery just being assumed.
Many moons ago I had a job delivery free papers and that is how it worked then - used to end up with large piles of undelivered newsprint to dispose of as more and more people realised they could complain about unsolicited papers - and that was in the days before recyclng infrastructure was a thing.
Is this a straight mixed content check?
Does the check fail if the https implementation is poor, eg SHA1 cert, cert issued by SHA1 cert, PFS not available, etc
Does it check if encrypted content is traversing a 3rd-party CDN that is MiTM’ing some/all of the encrypted traffic?
What does the green padlock actually mean?
And is a site that gets a green padlock actually secure?
And on a side note - Why does Google think it fair to down-rank a site that dosn’t use https even when all data transferred is public domain, eg news sites?
"This invalidation constitutes a serious disruption for the thousands of companies that have relied on the framework for commercial data transfers between the EU and the United States,”
Maybe, rather than relying on an obviously dodgy ‘framework', they should have taken real action, ie stop dealing with US service providers, when the whole incompatible data protection legislation issue was identified?
I really don’t understand how this works. Isn’t the main point of VPN that you are connecting two points of your own infrastructure over an untrusted network. It appears to be claimed that cloud providers are implicitly trusted partners.
Alternatively, you could tunnel to each OS instance but that could get very busy when you, at least, double the number of tunnels for redundancy …and then you remember that you have multiple sites that need connectivity...
How many root CAs are just some 3-letter agency? Plus, isn’t TLS compromised anyway?
How many businesses run their own CA’s so they can MITM all traffic leaving the corp network?
How many sites use CDNs for HTTPS, where the CDN is decrypting everything, eg https://www.cloudflare.com/ssl?
Given the routine disruptions to encryption in the millennial Internet, how different is the level of real security delivered by HTTPS and that of the TSA?
So few people seem to understand how TLS (SSL now being consigned to history) works. The Cloudflare diagrams make it all look so easy but they do not highlight the fact that they are MITMing ALL the traffic - because they have to, to check if the requested content (or some of it) is already in the cache.
If you are actually tranferring data then you should not be handing all this data, in plaint text, to a 3rd party as you are breaking the implicit agreement with your users that data has remained encrypted end-to-end. Given that data transfers don’t get any benefit from a CDN, there is a fairly obvious solution but sometimes people really do need the obvious pushed in their face (some over and over).
Only vaguely off topic but anyone know why Google is going to start ranking http lower than https when broadcast-only sites, eg news, have obsolutely no need for encryption (Guardian & Telegraph redirect 443->80)? Especially now that HTTPS has been broken by the spooks and likely soon by all the other ne’er-do-wells...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
