Pro tip - don't expect your new router/modem to be secure. Just like you don't expect the car salesman to lock your new car's doors once you arrive home.
903 posts • joined 1 Mar 2007
Re: Only keeping what they already keep
"Brandis and co keep telling us that the new law dictates that telcos/ISPs need only to retain the data they are already keeping for internal purposes."
They do keep bring that up. I do wonder if George and Malcolm know the difference between storing 1 number (bytes used), and storing the names, addresses, bytes used, time it started and stopped, etc.
Something tells me these clowns last looked at a phone bill about 20 years ago.
Re: The private investigator can be asked to leave.
"Someone who is seen loitering about a premesis can be asked to leave the area"
Perhaps what Turnbull means is that we can ask our ISPs to stop collecting data on us then? ;)
"How does a gov going collect metadata when SMTP these days are via TLS and TCP payloads are encrypted ?"
I think they're wanting the SMTP server logs packaged up and stored.
I'm still curious what will happen with storage of things like ICMP and UDP traffic. In some cases, the metadata will take more room to store than the size of the content. I seriously don't think anyone who voted for this legislation actually understands how traffic flows on the internet.
Re: Apples values.
"I doubt you can still buy standard laptops / PCs with Windows 7 pre-installed?"
You certainly can! Sales of new PCs where I work is almost purely Windows 7. Toshiba, Asus and HP have many an option in laptops with 7 preinstalled still.
Re: Scary to say...
"I've yet to see a development estimate that matches the actual reality"
Yes, but these are meant to be development builds to gain feedback about any stability issues present in the first place. Delaying them means only the issues MS has noticed can be fixed in a timely fashion.
At least you saw a date - I quickly simplified the fraction down to one third, wondered why they were talking about ninths in the first place, then finally realised it was a US style date without a year.
"9-15 months average?! How ridiculous! These organizations either have too much middle management, really bad documentation or just terrible IT staff."
3-4 months for the initial planning isn't unreasonable in a business big enough to label it's "departments". You'd have specific software to contend with, scheduling around important events in different departments, etc. Managers would need to meet with other managers. Teams would need to meet to discuss the plans. It all adds up.
And that's only assuming you have a handful of servers to do - as the number of servers goes up, the time obviously does too.
A smaller business with one manager and a handful of staff could do it in a weekend, or even a quiet afternoon.
George's own Chief Of Staff signed a letter to my local member responding to my questions saying:
"The government is committed to ensuring agencies' access to metadata remains subject to strong safeguards". Isn't allowing random law enforcement agencies to view what they want somewhat less than "strong"?
And it was also mentioned that the data collected will be subject to the Privacy Act 1988 - call me an idiot, but surely allowing random access by police to this data breaches that act.
Re: Hellooooo UBUNTU...
> Why wait until then? I began the switch as soon as I saw the Win8 preview.
We've been looking for for a suitable "idiot friendly" (from an updates and maintenance POV) distro to sell preinstalled on computers since XP's demise was announced. The Windows 8 preview was an encouragement to that process.
Sadly the most easy-to-keep-updated distros tend to force stupid changes on people, and the ones that don't force stupid changes tend to require a reinstall to update major releases.
Re: It will be a cold day in hell...
"but Linux has a ~2% desktop market "
I never really believe percentages quoted for Linux market shares...
You can't go off sales volumes for pretty obvious reasons.
You can't use browser agent IDs because not everyone uses the internet in the same ways.
You can't do a survey because a lot of people think "Word 7" is an operating system.
I've got a few Linux desktops that never see the internet, or only ever see ftp.debian.org. Who's counting those?
Re: @joed - Does not make sense?
"No it won't, you troll. The only thing Secure Boot locks down to the point where you can't switch it off is the Surface RT"
Really? I guess you don't need to boot anything much on random x86 devices every day then. They already make Secure Boot a "Where's Wally" game, and some manufacturers have already failed at UEFI booting anything other than their own Windows 8 images.... It's only a matter of time before manufacturers start hiding the Secureboot option, even if only by accident.
Re: More to do with
" They only slung the DRM scheme to convince the RIAA that Apple was their best choice."
That's what they'll argue in court I expect. And despite my usual thoughts on Apple, I suspect it's largely true, and this time Apple isn't the main problem.
Re: Init freedom
"And the boot time argument? Anywhere needing 99.99% uptime is not worried about a 4 minute reboot."
And most of the reboot time (in my experience) is the BIOS and various controllers doing their random checks and warm-up routines.
"I'd suggest the answer is no"
I'd say so too. Get within wifi range and most would be screwed.
Or just send emails about speeding fines like the Crypto-bastards are doing lately. Seems to work great.
I'd say so - it's the same labels and markings as when HP did it.
Is Toshiba recalling these worldwide like HP? Everyone concluded it was only really a problem for 120v users when HP did it, so odd that Toshiba Australia are worrying about it (240v).
Re: Odd Choice
"From the obscure Browser question"
Internet Explorer started life as Mosaic redressed... That said, the question is a bit odd in a 12 question general internet knowledge quiz. I'd have expected more questions about cookies, email and other such everyday things, not a corporate name guessing game.
Re: Of no consequence
"I doubt that there will be a tech crisis because people don't know the date that the first iPhone appeared."
Even people who queued up to buy the first model wouldn't remember what year that was by now... Unless some other significant event happened around the same time.
Seems odd someone's "web IQ" would be based on the knowledge of the past and present CEOs of random tech companies.
Re: Maybe MS should do what Apple does and keep its OS's secret from the press until they're ready
Yeah - cause Apple's failure to test their products correctly never causes any problems, right?
Re: If you want major security improvements, you want incompatibility
"The only reason Linux hasn't wiped out Windows is it isn't as good for most customers."
Actually, for the 90% of customers that want to browse the web, send an email and maybe write a letter... It's perfectly fine. You can do all those things with little to no understanding of the underlying OS.
The only reason Linux hasn't wiped out Windows is that customers are too scared of change (which also happens to be a major factor in Windows 8's failure).
Re: @Roj Blake
"Although even a couple of days would be pretty unacceptable."
It's done over the intertubes - surely it should be able to guess fairly reliably within seconds that the recipient is not available via iMessage. Keep track of failures over a few days, and prompt the sender if there's a run of failures during say 7 days.
Not exactly a hard thing to work around.
>Think of anything you can buy in a metal version or a plastic version.
Like a garden shed?
>And which is more expensive?
The plastic one. Near double the price ($AU460 vs $979)...
In this case, the "premium" priced product is the plastic one.
Re: "differences in reporting"
Brandis's way of lying about his lies.
I sent a letter via my local member a few months ago. No reply yet as to whether the metadata laws actually require me, as a private network admin, to collect metadata regarding the local users.
>One upside to pay-by-bonk is that the means to pay is almost certainly already in-hand (literally),
I'm considering taking my rarely used credit card out of my wallet so the only contactless card left in there is the card I want to pay with... Then I can just wave my wallet across the terminal.
My Aussie bank actually does support pay-by-bonk on Android (has done for about 12 months - didn't hear the media praising that innovation), but rudely only on a preselected collection of phones. My phone has NFC, but no support from them.
I dont' really care too much where this all goes, as long as they stop with the dumbass idea of more gTLDs. Nothing looks more disorganized than the latest release of new ones.
Re: More bad research?
>The.berlin works to promote ratings the same way that "www.berlin.example.com" would.
Exactly... Google uses the domain as part of it's scoring. A website with a direct domain keyword match will rank higher than one without. Of course if you fill the page content with obvious keyword spam, it'll de-rank like crazy still, but most genuine businesses don't do that.
Google's rankings are a little mysterious, but not that mysterious.
Prolific's been blacklisting their RS232 adapters for ages. And it causes problems even for companies like banks. An Australian bank ships Prolific clone cables with their POS integrated EFTPOS terminals. If companies like banks can end up with fakes, how is anyone else supposed to tell?
I personally think a warning should be displayed to notify the user when fakes are detected. That way you know WHY it's crapped out (you don't just call the real manufacturer names). And as long as this hardware fiddling is reversible, I've got no issues with that either.
Probably there for the newsreaders who live in USA, where they would leave out the "and", effectively making it $2m multiplied by 60,000 dollars when read out loud.
Not looking good for MicrosoftCraft videos then?
So once the Mojang/Minecraft buyout goes through, what will happen to all those Minecraft videos? Can't imagine the Microsoft Copyright Police would like to see all those blocky textures misused by having people entertain other product owners....
"Folks, it's time to enter the 21st century, and if you can't handle a connected account, maybe Windows 10 isn't for you."
Well, actually there's more reasons than a fear of "connection". Those MS accounts can store payment information, so when you're a computer repairer, requesting that password is REALLY awkward. It's like asking for the cutomer's credit card PIN.
Re: Doesn't a Worm have to infect without user intervention?
It's all becoming a blur now because of misuse of the terms and ever some malware doing more than one "style" of nasty business.
If my memory of my learning days is still OK, it goes something like this:
Trojan - idiot user installs, then it does it's stuff quietly while the user isn't looking (tends not to replicate itself).
Worm - exploits holes in security to "worm" it's way around networks (including the intertubes).
Virus - attaches to other executables and may move to other systems by finding "portable" executables (such as shared disks).
I'm sure I'm wrong in some way, but I spend all day having to dumb things down to "you had a virus" for customers.
"That would be more true if Google only presented a link, which is not the case."
Well they could provide you with a numbered listing, but how useful would that be? Any index needs to refer to the content it's talking about. The index in the back of a book has topic names with the page numbers, not just a listing of page numbers.
Re: Google NOT responsible !!!!!
Or Apple. Apple was the one providing:
1) The broken security on the storage.
2) The suggestion in IOS that iCloud is essential to your life and must be enabled for true enlightenment.
3) No reminder that photos deleted from the device are not necessarily deleted from the iCloud service.
But Google? WTF? Are they too afraid to sue Apple in case they get permanently banned from the fruit farm?
Re: Streisand effect
"More importantly, according to Apple only 6 iphones have bent."
The report I heard said 9 confirmed, worldwide. Still low, but I did immediately wonder how many sheeple simply hadn't yet reported the problem.
And as they've now commented on the problem, 3 things happen:
1) Every iOwner now checks their device regularly for bends.
2) Apple introduces a change to the design and replaces any bent units people complain about.
3) Apple makes no further comments on the issue, leaving the only comment as there is only 6 (or 9) bent phones.
And none of these clowns have even stopped for a second to think about the flow on ramifications of these new laws (assuming I'm understanding the possibilities correctly)...
Let's say ASIO breaks into a network, infects a few computers. The owners take them to a repair shop, where they virus scan, then connect to the network to check for updates. The ASIO virus then attacks the repair shop's network, infecting a few shop PCs (and perhaps other customer PCs).
Now a rep for Big Corporation comes in for a warranty issue at the authorised agent for their laptop manufacturer... The laptop is connected to the repair shop's terrorist suspect network, and also infected by ASIO's spyware.
How is it going to go down when a big company like News Corp, Foxtel, Telstra, etc finds signs of ASIO's busybodying on their networks? I suspect the end result is sueballs being launched towards the government.
Maybe they're concerned the individuals might sue the government over breaches of copyright if they re-publish the submissions...
Has anyone started a petition to kick this moron out of his job? He appears to have zero clue about what his role is.
"What you elected instead was a government more focussed on achieving its ideological goals"
I'm not so sure. I get the impression most of the pollies (on all sides) actually believe Brandis is keeping the national interests in mind. They just gather around, drink his KoolAid and pass his bills.
I'd have thought they'd give the job of AG to a person who actually understands how laws work (and how they sometimes don't)... But what would I know.
Re: I want to know
"My network printers in use now have 500MHz processors. I do occasionally wonder why they need this level of power"
Print job processing. Especially as people expect more and more to be able to print out a full A4 high res photo in a matter of seconds from their shiny wireless gadgets.
Re: This will be interesting!
"If there is a move away from Java and into another language we may see an improvement in memory resources and a smoother experience on older slower machines."
Side effect is the likely dropping of non-Windows support. I can't see MS rewriting it in another language and keeping OpenGL involved, let alone popping out non-Windows binaries.
Maybe an OSX version would survive, but would be written by a totally different team, released in years the Windows one is not, and have a completely different feature set.
Most public servers run on Linux too. Goodbye to those if MS decide to mess with the balance.
Re: Macs only need a HIPS..
"The only difference with Windows is so many of the applications put holes in the system, you really need to keep up with the applications patches. My brother tells me this isn't a problem with Macs"
Why wouldn't it be a problem with Macs when it is with Windows? It's still software.
Besides, most malware comes from an idiot specifically asking the computer to run the dodgy code, which then sticks itself into a startup folder/script/schedule. For Mac users, you can probably even skip the startup bit - they rarely log off anyway (shutting the lid is not shutting down).
"missed by colleagues computers which rely on the work standard install of McAfee."
Some might even argue the names of their products are in fact misleading.
Re: Security questions?
"Caution: Apple do ask these questions is circumstances other than password recovery."
Australia's my.gov.au website, now compulsory for individuals wanting to deal with tax online, does this too. I created my account with random gibberish for the "security" questions, then got locked out when I next went to use it.
So next I switched to idiot mode to ensure I would be able to actually log in next time. Whoops. As it turns out, to reset the password, all one has to do is guess 2 of the 3 insecurity questions, then enter a new password. No confirmation email. No SMS.
I expect the Australian government believe this is called Two Factor Authentication too.
"Procedurals that pretend to be about forensic science are the worst - Fox's Bones is a particular offender."
I don't even question the stuff on Bones - it's so fantastical that it just registers as sci-fi on my scale.
A recent episode of Major Crimes on the other hand... They physically took some servers and their tech geek says this: "The data will still be intact, but you're gonna need some help getting through their firewalls."
But as if that wasn't enough, they went on with the train wreck:
"Well, mom, these are most likely load-balanced servers running Apache. Or, uh, maybe Fedora under Linux. Nothing advanced I could probably get these booted up and reset the root passwords."
Re: not sure about the load
The diesel is normally delivered by a tanker truck, not in drums.
No one buys Fosters in Australia.
Re: Not fit for purpose...
"under the conditions that game ending achievment has not yet been achieved"
While that is OK circumstantial evidence, it's not really compelling. Achievements can be reset in most cases by a simple tool. Why rewrite that system when you can just say "no" to refunds?
Re: Refunds are only sought for games that are not fit for purpose (i.e. don't run)
"What if I start up a game that's designed to take 200 hours to play through, and precisely 1 hour in, it crashes? I try again, with the same result. And again."
Simple - they check your session lengths aswell. I went through the refund process with Steam a few years back over a game that was basically a bad console port (and infected with GFWL for added fun). Among other issues, GFWL kept wanting to install updates for the game and it kept just loading then quitting to run a GFWL updater. Steam support said they confirmed my story of many short sessions, and issued the refund.
"As far as I am aware, they are charging Australian customers in Australian Dollers;"
Nope. US dollars. We get special regional pricing though - some things are up top 5 times the USA price.
Re: Scope and use
There's a PDF copy of the actual consultation document on one of SMH's articles... If you're keen on being really concerned about the plan, it's linked here: http://www.smh.com.au/digital-life/digital-life-news/secret-data-retention-discussion-paper-leaked-20140827-108yyh.html
Just tell us the bloody plan!
I wish they'd just come out and publish what they've got so far. All this hearsay and speculation is getting silly and rather worrying.
One major flaw I see is this - if only retail phone and internet providers are to comply, what's the point? Find a connection used by decent numbers of people with relaxed WiFi security, and sit in your car. Then it's their problem when George Brandis comes busting their door down.
On the other hand, if they want data retained by the customers aswell, then I see a BIG market for sales of equipment - compliant routers, new PBX systems, etc - and audit services to check your business complies. Might work out pretty damn awesome for some people.