Re: What kind of screaming right wing loon are you?

@Steve

Based on

Next step warn the Dutch to mend there ways otherwise we will do SFA about global warning and watch the clog wearers drown when sea levels do rise.

I'd assume it was a (rather dry) joke

Re: Every call you make with Skype gets copied to MS servers

There was discussion recently (may have been mentioned on Slashdot as well, can't remember) regarding the uninvited Redmond based requests being seen against URL's shared in Skype chats.

In fact, I think El Reg even mentioned a story on it.

Re: Internet, video games, movies, music, all just a little bit of history repeating..

"But I can't watch them 24 hours a day", "They don't listen to me", "I don't have the time"

1: You shouldn't need to if you raise them properly and give them an understanding of things rather than just hearing 'No' and 'Yes'

2: Make them

3: Find the time

As you say, all bullshit excuses. My favourite though, is "kids nowadays are so switched on with tech, there's no way for the parents to keep up". You either take the time to read-up, or pay someone to impart the relevant knowledge. If your kid was 'good' with explosives, would you let them make and ignite roman candles in the cellar?

@Vimes - As a parent I need to change what you said slightly

It seems that some parents are constantly trying to offload the responsibility of looking after their children onto others whilst at the same time undermining what efforts are being made (witness for example the parents helping their little ones create facebook accounts even though they're too young to have them, or ignore the age ratings on games).

I take my role as a parent very seriously, if the Government implement this filter it'll make bugger all difference to my parenting as I'm still going to be doing what (I think) every parent should be doing anyway.

The bit that gets me, is we don't expect the Government to tell our kids not to run across a road without looking, that's our job. Internet pornography is being touted as a safety issue (mental wellbeing etc.) which frankly puts the ball even more firmly in the parents court.

Personally I think blocking it is the wrong solution anyway. Sure filtering should be part of the solution, but the important but is explaining the issues surrounding it. Not sure that's the Government's job either though.

Re: This is all entirely legal ?

supposedly made it unambiguously illegal to intercept and disclose the content of communications without explicit consent from BOTH parties.

But the communication isn't being intercepted and the content not disclosed, so that area of RIPA doesn't really apply.

Doesn't mean it's not wrong of course, but I think you're going to struggle to apply anti-interception regulations to location tracking. You could argue that getting the phone's finer location is a communication between you and the Telco and their disclosure is therefore in breach, but I suspect it's shaky ground. As for cell based location, not a chance in hell of making that stick if you ask me.

Re: Upload

AFAIK you won't need to.

The call it 'cloud' put AIUI it's still going to be software running on your PC (with the exception of some plugins) - but it'll be phoning back to make sure you've paid this months bill.

Re: @as2003

Yes, but to do that the HTTPD binary is modified. So although there's only one change on disk, it's made to a file you expect never to change (unless you've updated etc.).

Re: root?

The bit that gets me is the "hard to detect" claim. If the httpd binary changes, I get alerts. Its not the only thing checked, but on a production server the only way it should legitimately change is if I run an update and/or recompile.

Until cdorked hit the news, I'd assumed it was standard practice to keep checksums of things you don't expect to change. Either people haven't bothered or they're ignoring alerts!

Re: @Tom

My point about changing into cash was that the only way you could plausibly keep the taxman from knowing would be to never exchange your BTC for fiat. The second you have more money available than seems possible, questions get asked.

It would, of course, be evasion though. You're quite right in saying it isn't USD centric though.

Re: They'll just not be a part of the standards body

@AC and others

You'll have to forgive me, committed the crime of posting whilst under the influence of some heavy painkillers! I'm on some lighter ones tonight, so hopefully this'll be a little clearer

What (I think) I was getting at, is more the fact that you've very little to use against someone who comes along after the fact, doesn't participate when standards are being made, but decides not to pay your fees. Injunctive relief should be a measure of last resort, but I'm not sure it should be ruled out completely. That said, it needs to come down to how big a part the "innovation" in question actually plays - sure it might be essential, but how much of the end device does it make up?

Re: They'll just not be a part of the standards body

Yes, it's kind of hard to see what the benefit of declaring your patents when new standards are being discussed nowadays.

It used to be that it'd guarantee you some income, but this decision seems to imply that it's potentially little more than a gentleman's agreement. Given the increase in patent litigation of late, it's sure much more attractive to keep schtum and the gouge the competition a few years down the line, free of the SEP restrictions

Re: Don't see the problem.

Whilst I agree with you to some point, the evil lies within those companies who are going to exploit this by stripping metadata and suchlike so that it's nigh on impossible to locate the author.

There's also the argument that as a copyright holder, I've got the right to decide how and when my work is used, and who by. This quite effectively strips that.

The bigger issue, for the country as a whole, though - is what are the international repercussions going to be? If, for example, we get whacked with a massive fine, it's you and me who've got to pay it. Not to mention what happens if we're unable to export our work as a result of trade-restrictions.

I've also got a vague memory of a small island being told it could dis-regard all American copyright for a given period as a result of something the yanks had done. Might be mis-remembering, but if not, that could be quite harmful as well

Re: The result is that..

I always add copyright information to the metadata, now I will have to paste a big QR code on any image that I publish.

AFAIK the Beeb are one of the naughties who have been routinely scrubbing the meta-data whenever you submit something.

Re: Watching this like a T-Mobile using hawk

If you want to get in with "you shouldn't get what you can't afford" that is the point exactly. I'm tied in to a 24 month contract and I signed up at a set price.

Precisely my view. You sign up to a contract knowing that if the shit hits the fan and your circumstances change, you've still got to find the money to pay the bill, it's based on an assessment of risk. But, operators hiking the price is something you can't account for.

I had to phone them a little while back and say I was going to have a few issues paying that months bill on time, right stroppy they were. I'll be discussing this with them when I pay this months.

Re: Easy

Try not to get too enraged or hateful at those with full trolleys who grab things simply because they are cheap while depriving you of what you are relying on to live.

I hate those people!

Re: the lefties at the BBC won't like it

Surely that's the point? If OSS was leftie, the lefties at the BBC would like it, no?

Re: Which is why you are a hack

El Reg in particular has a problem with the fruity clan because they got excluded from the party.

IIRC though, El Reg got excluded for failing to swoon over Apple's tech and offering slightly more realistic reviews, something that doesn't seem to have changed since (clickbait aside)

Re: Here we go again

They might get a bit bored of being shown the progress bar on a remote backup before being asked nicely to leave though. Bigger bonus if they decide to break the encryption to save the journey and find you've deliberately been streaming files full of 0's just for the fun of it

Re: Beautifully damaged!

If it's any consolation I feel your pain - the only reason I have Java installed is so I can access the network of those customers who have a Java based VPN client.

I'm glad it's not just me that was bothered about a Java app messing about with routing tables etc.

Re: a thief?

I can not see that a person with the vision, intelligence and energy to accept, develop and drive forwards an idea, whether their own or another's, is any less useful or honest than the one who had the original idea. I suspect that, without those "standing on the shoulders of giants" (most of whom built on those before them) we would be rather a long way backwards in the stage of prehistory still. Did you ever use a pencil, or a pen, or paper? Should none of those have been made because the original idea was based on lines in sand or wood by someone who never gave their permission to develop it into modern writing instruments?

Where your argument falls flat on it's face, is that it ignores the issue of patents. Is it stealing to develop based on someone elses idea? No.

Is it right, though, that you could take an existing idea, modify it slightly and then add a patent to stop anyone else using anything remotely similar?

Not sure stealing/thievery is the right word, anyway, but trolling aside I've a feeling the OP was probably referring more to the 'we invented it' attitude Apple seem to take to anything they release

Re: It's because Americans pay the same on a long-term contract no matter the phone we buy

Not sure the OP ever insinuated that they do, that seems to be entirely your assumption. Not like it was an incorrect statement either, does use of the word Linux touch a nerve for some reason?

What the OP seemed to be observing is that under a system where the price you pay remains the same whichever phone you choose, it should be a worry for Apple that such a proportion of people still don't go for what's marketed as the cutting edge fashionable choice.

Re: Torvalds is priceless

Might just be me, but that reflects badly on the litigous society we live in, not on Linus.

The simple fact is, the head bod needs to be passionate and strong willed. Management by committee doesn't work, you need someone with the balls to call a turd a turd.

Kernel coders are a strange lot, and things get very heated very quickly sometimes. Its just the nature of coding at that level, you can't honestly tell me you've never got intensely frustrated when someone just won't get what's plainly obvious to you?

Re: Who cares?

They got pretty narked at El Reg as well a while back. A story about a recall/fix relating to a fire risk. site search should find it.

I'm more inclined to believe the NYT purely because Musks vested interest is far more obvious. I suspect they're probably both telling half-truths but as it'll be a long time before I consider a leccy car its really nothing more than a sideshow

Re: Speed Limits...

Depends how the logging stuff is set up. It might be the Speedo is going off the wheels/gearbox whilst the logger uses GPS (sort of like the black boxes the insurance company uses). Of course, if that's the case I'd question why there isn't a logging system to check the two numbers are the same (to a tolerance) as I'd want to know if my speed was 15-20MPH out

Either Mr Broder has 'broke the law', and needs some tickets, or Mr Musk is telling porkies about how his 'car' logs stuff.

I've a sneaky suspicion that the truth may require you to change that or to an and.

Re: Security skills

@Ben

Of course it is, assuming we're comparing a standard school image to an OOB Linux install (apples, oranges does come to mind though). We managed OK on Windows machines though, but did have the 'benefit' of DOS before that..

You're right though, that the core problem is the way the curriculum has taken all the fun out of it. It does it in every area though, I remember being told you can do that if you want, but they won't give you any marks for it, only bits x, y and z will be marked where x,y and z were the most boring unimaginative things you could think of.

Part of the problem is, again, lack of skills. Most teachers aren't going to be happy to let the kids do something they themselves don't understand (unless they have to), which at the moment will generally cover everything except spreadsheets. Again, part of it comes down to pay, with the skillset I have I wouldn't dream of having to deal with a classful of kids for what teachers get, never mind dealing with the difficult parents.

Re: First%20impressions

but the settings cog now also does nothing for me

Not just me then, I was beginning to wonder if they'd forgotten to link an event to it, or if my tired mind was being thick and mis-interpreting some new logo.

Think I'll stick to using my browser for the time being in all honesty

Re: Ahh the old, "you don't have kids" argument from authority fallacy...

@Keep Refrigerated

Indeed the only skill needed seems to be getting it in the right hole and waiting around for 9 months or so.

You do develop a few other skills once littluns born of course. For some, it's the art of making a child understand what is and isn't OK. For others, it's the 'skill' of whinging that it's too hard and can't the government do it.

Without going off on my usual rant, to me it's pretty simple:

How many parents-to-be read a book on pregnancy and the early years? I'd say quite a percentage probably do (I didn't, but the missus did)

So why is it too much to ask that they read a book on the t'interwebs and how to effectively enable filters etc?

In return all they ask is that you do your part in raising a decent human being to join the rest of us and not expect them to rearrange their lifestyles around you and yours.

I'd like to think I'm doing my bit to work towards that. Come near littlun in the wrong way and you'll suffer the consequences, but it's my job as a parent to spot you and to teach littlun what is and isn't OK.

Re: Hmm, this guy. @peawormsworth

There's no reason why gmail could not provide an encrypted email option where the message content is decrypted by local browser plugins or javascript or similar.

Unless the email is being encrypted at the senders end, it'd make no difference whatsoever to Gmail's ability to scan and index. They'd just process it when it first hits their SMTP server instead.

If it's being done at the senders end, you can already do that - use PGP - whilst it'd be nice to have it happen 'in browser' there's no reason GMail needs to provide this, pretty sure there are browser plugins that can do that for you.

It's a nice idea though, but I'm not sure I'd trust my email provider to provide the solution, especially if the aim is to keep said provider out of my emails!

Re: I remember my Java and Linux friends spouting that junk too.

@WatAWorld,

Re-read his comment, you've completely missed his point!

He's not saying "It's more secure because you've let the world see it", he's saying that a secure system will remain secure even after all the details of how it works have been explained.

Giving someone access to something (keys - physical or password, documents - top secret or otherwise) isn't about the security of the system. No system can tell whether that user who's just authenticated properly (i.e. by entering correct credentials, or by inserting a key into a lock) is genuine. Even biometrics would fail on this if someone 'lent' you their auth token (their finger).

The OP was talking about designing secure systems, not about how many eyes reduces bugs. There's a big difference, and the availability of docs only makes it easier to find a security weakness, it doesn't suddenly make it possible - an attacker could *potentially* stumble upon a weakness with no access to the documents, the difference being that with no access to the documents the likelihood of a 'friend' finding it is also reduced dramatically.

Incidentally

"Oh, no vulnerabilities because so many people have looked at it and for sure someone would notice any vulnerabilities."

Is indeed a silly thing to say, there's a higher chance of someone noticing vulnerabilities, but it's anything but certain.

Re: Legal protest or Zombie Apocalypse?

Yeah pretty much my first thought:

argues that DDoS "is not a form of hacking in any way" and that it's really not much different than repeatedly hitting the refresh button in your web browser, albeit on a much larger scale

Not hackng in any way - true - but definitely different to hitting the refresh button in your browser, especially if some of the participants are part of a botnet, or are compromised servers.

What they're saying could - almost - be a fair point, if every participant was sat at their own machine, using their own machines resources. That's not what happens though, and it also fails to address the points others have made, like the inability to have a two-way conversation with the protestors.

Re: People have opinions, it's not a crime.

@Lars

Strange isn't it, in the real world you probably would call them a pillock, shake your head and walk off. Online, people shake their head and then move to the most convenient complaint form, OR if it really offended them, they might share a link so that others can be equally offended.

There are a lot of people in today's world, who seem to believe they have the right to decide what is and isn't offensive and try their best to have that speech censored, often whilst crowing about free speech themselves. Look at the Daily Fail's campaign against Jack Whitehall and various other comedians for a non-illegal UK example.

What we need, is for someone to show common sense in a high profile case - I can see why the plaintiff may have found this offensive, however I find his choice of clothing quite offensive to my sense of style. I guess the point I'm trying to make is that offense is subjective so can't easily be judged or measured in advance. Requiring a defendant to do so would un-necessarily curtail freedom of speech - Be a long, long time before it happens (if ever) though.

Re: Company needs to do their researchhhh

Lacks the words 'on a mobile device' though, apparently nowadays that's enough to make something novel!

Re: If i upload something that i don't own

@Michael

Is there an explicit indication that the agreement includes a model release, or is this just implied (or perceived to be implied by you).

By agreeing to give them the rights, you are saying that you have the rights to do so, so a model release is being implied (bearing in mind that a model release doesn't have to be a bit of paper - the paper just provides you with proof of what's important: that they consented to their likeness being used).

It's obvious that, as a service aimed at the general public, a significant proportion of people either (a) won't have read the agreement and be aware of what's in it, (b) might have read it, but won't have understood it and/or won't have understood the *implications* of what they were agreeing to and/or (c) won't care about the copyright status of any uploaded random crap anyway.

You could say the same about EULA's, the terms and conditions of your bank account or any other legalese document. As the user, you've confirmed that you've read and agreed, so the terms are binding (not actually that simple, but for a different outcome you'll likely need a day in court).

FB/Instagram wouldn't automatically be off the hook for copyright violations (especially if they couldn't produce a real person to point the finger at - i.e. the uploading user had used fake details), but they could potentially then take action against the user (dependant on finding him/her) for breach of contract. They'd certainly try to use it to reduce any damages awarded against them (we used the image in good faith your honor)

It's a risk that a lot of web-based companies take, to some extent. Look at Helium - if I upload someone elses work as my own and they then license it to a magazine you enter a similar sort of situation.

IANAL but I have studied law.

Re: If i upload something that i don't own

I assume the line "Instagram does not claim ownership of ... " is some kind of legalese that leaves you responsible for the image but they get to profit off it.

Not quite, though they have covered their backside elsewhere

The terms leave them able to say Bakunin licensed us to use it for commercial purposes, and we did so in good faith, if there was no permission to use the likeness of the model, Bakunin should not have granted us the license

The not claiming ownership is basically clarifying that the rights to the work do not transfer. Largely because if they did, people would get very, very upset. The only real difference though, is that the former doesn't stop you re-using (and/or relicensing) the work elsewhere - for Instagram the only difference is they can't assume exclusivity

Ah but how would you define infringe?

Is it infringing on the communication to introduce enough delay to make it worthless once received. Is it infringing on it to take a copy for analysis later? Is blocking access to a resource infringing if you've a policy banning that type of content.

Obviously I'd answer yes to all of the above, but I can quite believe that some governments may want to argue the toss on at least one or two.

Re: Why bother with the trial?

There's nothing wrong with the OP's comment apart from the final (and I expect, for conviction.)

Innocent unless proven guilty, yes, but you can see how some are developing suspicions (if not making their mind up entirely) given the efforts that seem to be expended avoiding going to Sweden?

@AC Re: Security FAIL

guess you havnt looking at the figures for Linux distribtions then. They have a far worse security record than Windows and the gap is growing.

In a thread where we're observing that vulnerability figures are useless, you decide to point to figures as evidence that one OS is less secure?

Just a wild stab in the dark here, but given that Windows is closed source, wouldn't it be entirely possible for MS to ignore 99% of vulns (so long as the public don't know) giving them some nice low vuln counts. Not saying that's what's happened, but it's another example of why you need to look at more than a vulnerability count.

As far as site defacements go, how many sites are hosted on Windows servers and how many on *nix servers? The stats would suggest the latter is far ahead, so there's always going to be more defacements (which is strangely similar to an argument trotted out by fanboys about how Windows isn't really insecure).

Anyway, only replying as my fingers are freezing and I need to warm them up before doing any proper work!

Jumped from 34% to 42% in fact.

In reality it means little as it tells us nothing about how many vulnerabilities there are in a fully patched install (could be none, could be millions, if we knew, they'd be fixing them!). That extra one they found this year could be the last (though I doubt it). Stats really are meaningless in this area, unless your aim is to say "We fix things once we know they're broken"

is exactly the same as having an ultrasound pic (sonagram for the peeps across the pond) or those new videoes.

I'd say there's quite a dramatic difference between having a video or printed picture and having a 3d model of your baby personally, but YMMV.

We were offered a 3D scan, but it was £100 so we decided we'd be quite happy with the ultrasound pic instead (especially as the sample 3D's scans were all lacking texture so looked quite scary)

Re: SSL VPN through Port 443

Or a reverse SSH proxy on the same port. Or TOR or some-new-thing-I-have-not-heard-of-yet.

Kind of what I was thinking, block VPN and something else will get used instead. Based on comments further down it looks like the previous 'VPN Block' was simply a case of blocking the IP's of the popular VPN providers rather than based on any kind of protocol, so getting hold of a VPS in another country and running OpenVPN or somesuch would have got around that...

I would guess someone thought it'd be a good idea so that engineers could log in easily or somesuch. Hell it might even be a testing account which they never thought to remove.

Either way, it's a bad bad thing to ship equipment with hidden accounts.