Re: Bruce Schneier is a twit

The loss of phones is an inconvenience, yes it could impact ambulance support and have major economic effects, but it is not that big a worry.

Take down electricity grid and then you are talking serious problems - no heating (no gas pumping, and most gas boilers *need* electricity anyway), no fresh water (remember the electric pumps?), no petrol after a day or so as cars run out and the station's pumps are down, little hospital service once the local stock of diesel for the back-up generators runs out, shop food runs out due to transport fuel shortages, etc.

Now can we get back to the more pressing issue of muppets putting SCADA systems on-line (and mostly Windows-based with often unpatched/out of data software on them) in utilities to save costs and thus exposing essential infrastructure to on-line attacks?

Re: Test Firing Shot/Salvo/Cascade? Media ... the Ultimate Deterrent

From the paper "An organization able to spend one trillion US$ (which is roughly a single-

year defense budget of the US [38]) for designing and building a large-scale supercomputer based on such optimized processors could theoretically break the full 256-bit AES in a time frame of as little as one year when using RKC or another attack of similar complexity."

One key per year for US1T$?

Methinks it would be cheaper to buy-off/bribe practically any organisation (or small country)!

@Antony Riley

The example paths for the stuff dropped were the OS ones, presumably equivalent to /usr/lib/firefox-10.0.2/components/ and similar on my Linux box, and they would need root/sudo to write there.

Also the symantic text says it is executed, and also changes the registry, so presumably is Windows-specific.

However, it could as a user program write to the likes of /home/paul/.mozilla/firefox/{random}.default/extensions/{more random}/components but the question is would it be executed? Could it be downloaded with execute permissions, or be a script that Firefox is (incorrectly) running?

Re: Don't forget...

"deleting its record of your actions whilst signed in."

Don't you mean "removing your view of the data Google hold on you"?

Re: I suppose there might be some truth in what they are saying...

I think a big factor was the placing of all customers' balls in the one place, so they could be kicked in one easy swing of the boot...

If the key seed information was handled per-company, then some companies would be more vulnerable, but at least one screw-up would not have compromised every customer. Less profits that way though?

Re: Khaptain

"If the police have him held as a child abuse subject then we can presume that they have done their homework"

Look up 'Operation Ore' and see how well that was managed.

Re: Can we extend this thought?

Simple if you read the article - this is about you being compelled to provide INFORMATION in your head.

DNA or a physical key are objects that you can be expected to posses. Extracting information by threat of indefinite prison for contempt of court is one step away from torture to obtain confessions.

This is not just about alleged kiddy-fiddlers, this is about YOU in 10 years time when some baseless accusation is made against you in respect to a computer you once had, that is encrypted, and you are then in contempt of court for not providing that knowledge what you don't actually posses.

Re: Searching

In the UK, yes. You are a dirty criminal as you performed the heinous act of 'format shifting' without obtaining the copyright holder's prior permission.

You do realise that such acts are funding terrorism and organised crime at this very moment?

Think of the children!

@JimC

But what choices do we have?

1) Bend over and take whatever the politicians have been paid to push through, or;

2) Cause trouble like 'Anonymous' and be seen as the justification that "something has to be done", or;

3) Write to your MP, etc, and get ignored by a party drone who has no technical knowledge and very little interaction with the real decision-makers.

Sadly, the only thing of note recently was the effectiveness of big internet companies speaking up against SOAP, etc. How long will that last until steps are taken to avoid "political interference" that way?

I think a lot of Anonymous (and similar groups) actions are ill-chosen and petty, but what are the options to protest in the internet world? It is not like there are factory/shop doors where activists could picket to have grievances heard any more.

Re: Re: Just Plain Stupid

A) LightSquared's plan would continuously affect most current GPS (phones, sat-nav for cars) in most built up areas where they want to provide broadband coverage, where as

B) The typical sat-communication system has limited power on the ground for uplink (so limited area of interference), and short term use at £x per minute call costs, and

C) The downlink (satellite to ground) has very low power by time it gets to Earth, so no issue competing with the similarly powered GPS signal.

Re: difference between witchcraft and miracles

I think it went a bit like this:

It helps the church's image = miracle

Thinking woman, or unpopular = witch

@Ken Hagan

My comment was not to say ARM is more secure than x86, just that the several million x86 viruses for Windows that are already out there will, in the vast majority of cases, be inherently ineffective on the ARM version.

So the bad guys will have to port them to ARM as well and learn the new hardware in depth. Hence I expect win8 on x86 will still be targeted a lot (easy porting, majority of users adopting it with new PCs), but the WOA will not be troubled much until (or if?) it has a big enough share to be worth it.

No x86 portability = less viruses

Another aspect of this is the WOA is probably going to be pretty much infection-free for a while as a lot of existing malware won't be able to target the x86's vulnerabilities directly, and of course the 'app store only' model for installing software will greatly reduce the opportunities for Trojans being installed. Add to the the locked boot-loader against rootkits, and from a AV vendor's point of view its looking like lean times ahead.

Which is good for consumers, even though I feel dirty at giving MS the thumbs-up on this aspect.

However, I guess if WOA takes off then it will be targeted by the crooks and then it will be interesting to see how long it takes for things like the boot-loader and software installation to be cracked (which is good for my penguin-fancying tendencies).

Finally, if I were a Windows developer, I would be mighty pissed off by MS allowing their own non-Metro software on WOA (Office 15 & IE10) and not allowing anyone else to do so. Wonder if OpenOffice/Chrome/Firefox or similar could mount an action against MS for such anti-competative rules?

Some of them are very bright, in cases exceptionally so.

But you have to remember the goal of out-sourcing is almost always to save money, and you can guess what happens next... So the best of Indian programmers tend not to work for these houses but get much better paid jobs in the west (I know, I have worked with one in the USA).

Clearly China's growth has been badly stunted by the lack of effective IP enforcement!

'"infringement of copyrights" if you prefer is a crime. It's very simple, punish those who violate law.'

You do realise that if you take a photo and show it off (maybe facebook) but somewhere in it there is a work of art, poster, etc, you are then guilty and so should be locked up and/or fined massively for infringement?

Laws should be fair and reasonable, to both parties in any IP dispute. This is something that is being forgotten in the move to court-free action on infringement from a teenager copying one song, all the way to the seizure of competitor's products at trade shows, etc, without a proper court hearing to decide if patents and/or trademarks have actually been infringed to an amount that demands such extreme action.

@Write to your EU MP

I did write some years ago when ACTA was first being leaked, and got a boiler-plate reply to the effect that such treaties are 'normally negotiated behind closed doors'.

Pathetic!

Now while I agree that some of the anti-ACTA protests are based on imagined or now-deleted aspects of the treaty, it should still be kicked out simply BECAUSE OF THIS.

If we are to have better laws, and a more sensible approach to trademarks & IP, then it should be something that is discussed in public with inputs from ALL parties, and not just the government ministers and IP lobbies.

You won't make everyone happy, but at least you will have some semblance of democracy in action, and a chance to deal with the issues that matter to both the IP lobby (protection & reward of invention and creativity) and to the consumers (fair global market, no locked-down systems intended to prevent fair use and maximise profit).

Laws that are seen to be fair and reasonable have more chance of being respected and upheld.

I don't see around 6k requests/year against 3 billion journeys/year as quite in to the mass surveillance area yet, but clearly it is something to watch to make sure it is not going to grow that way.

I was going to say something funny about spotting a Brazilian and floor-level CCTV, but in this case its not quite appropriate.

@Sean Timarco Baggaley

Sure they look similar, but both looks like bland rectangular things much like any sci-fi show would have used as a prop. Up closer than have different company logos, and when you turn them on different OS to look at.

Similar perhaps, in fact stupidly so[1] but I can't imagine anyone seeing a Galaxy up close/in-use and thinking it was an Apple iPad.

[1] Samsung has no USB ports or SD slot either, hence no advantage physically over an iPad. Add in to that its poorer 'user feel' and lack of such a well developed app store, and finally price it like an iPad. Just what were the morons at Samsung thinking?

@Dazed and Confused

"should they be able to rest control from you, when you aren't party to the process?"

No, you let them know you hold the patent (they should have done an IP search anyway, and as it is supposedly a public process, you ought to be looking for opportunities to use your IP as well) and so you get your cut.

My suggestion is that once a standard has been discuses, publicly reviewed, and finally adopted, no more patent claims to said standard will be entertained.

Stops an inside job like Rambus, stops trolls from coming back a year or two later when something is in use (think GIF images used of LZW compression here) and demanding huge pay-offs with threat of injunctions.

No, they can still get a court order to make payment based on your infringement.

Blocking sales is the bully-boy aspect, and what would give IP more respect would be a fairer method of agreeing "reasonable compensation" for IP used based on how much it contributes, not on the ability to hold up everything when the troll/holder throws a tantrum.

@Anyone actually paying

I doubt it. In fact, I doubt there is any paid support of significance for the desktop.

Why?

Because of the number of bugs I know of in 10.04 that have been reported, in some cases community fixes released, and they have done NOTHING about getting it out via their repository. I can't see them getting away with that on a paid contract.

Hell, if paying a few hundred quid got my list of half a dozen or more similar bugs actually fixed I would do it!

Also I can't see any large users wanting the changes that 12.04 plans for the GUI compared to 10.04 which is exactly the sort of reason that MS has had to keep XP on support so long. Enterprise users want stability, and would be much happier with the 10.04 LTS being security-fixed for 5 years or longer.

@not really

They probably would get arrested.

But I doubt the corner shop owner would be fined massively for not policing "his" pavement.

@Halifax/Lloyds

That is good.

One problem is a lot of web sites allow the change of phone number, so there needs to be a bit of delay/double checking so you get informed of the change on the old phone first, and then again on the new phone, so if its a fake change you can report it.

Another risk with "smart" phones is someone installing malware that can pre-screen the test messages, so compromising the 2nd channel as well.

Still, there is no PERFECT solution, just ones that reduces the fraud to a level that is less costly than the various protection systems cost.

Indeed that would be the Japanese way, but Sony's biggest problems don't come from the Japanese mind-set, but from adopting the bully-boy litigious USA mind-set from the movie/music division they bought in to (and similar leadership).

Why I avoid Sony has little to do with the cost, but to do with a lack of trust (CD rootkit & PS2 fiasco) and their insistence in a lot of cases of doing thing "their way" by adopting propitiatory standards when there are other interchangeable ones around (e.g. the memory stick for cameras/camcorders, instead of CF or SD, springs to mind, failing to see mini-disk were past it once flash memory was cheap & big enough, etc).

Maybe they have improved, not sure as I don't follow them now. If they do want to solve their problems, fist step is to separate electronics completely from content, next is to listen to users and to make thing work well. If it really high quality, then you can get a premium price.

"I'm all for paying you a bit of commission if I choose to buy through your links but only if I was forewarned."

Do you pay any more via these links? If not, I don't seen any real conflict of interest.

@Vin

Good to hear that for a change.

There, there, take your medication and chill out a little.

Has it ever occurred to you that most of the jobs sent overseas has been done by US corporations in search of even higher profits?

Of course, dealing with the problem by working with people and encouraging them, rather than treating the majority as criminals and lecturing them at the start of each DVD, etc, pressuring for business-specific odious laws, etc, is a better way.

But who would do that?

@A little too late

Not yet. The first step was to get a treaty 'agreed' behind closed doors, after all you don't want the people to actually have any input on how they will eventually be governed, do you? That has been done, bar some pekey leaks of what was discussed, only the big media should be party to that sort of thing.

Next you get it signed as an international treaty, and given the drones in power are only too happy to do this without question that has gone quite well. Other than the odd pesky frog speaking out and actually resigning against this new order, etc.

Finally you pressure the EU countries via lobbying in to passing laws to implement ACTA's aims. That is much easier than you think, just find some country like Spain that is struggling financially and get the USA to threaten repercussions if the don't:

http://torrentfreak.com/us-threatened-to-blacklist-spain-for-not-implementing-site-blocking-law-120105/

Or failing that, wine & dine a few sleazy politicians (Baron Mandelson springs to mind, much to my inner disgust) and job done - they tell the public they "must" do it for reasons of international law and use the party whip to get it passed.

Profit!

@Space junk

That is one of the goals of getting the "right orbit" to piggyback on, one that serves the science requirements but is also low enough that the thing will de-orbit in 25-ish years simply due to atmospheric drag.

Maybe it is spatula as in tool for oil paint mixing as she is an artiste, or maybe its spatula as in a plastic cooking implement re-purposed for spanking as she is a dominatrix?

Perhaps we shall never care...

Browser separation

Indeed, that is true.

I use one browser (Chromium) for Google apps and Facebook, and *nothing else*. Even that is not ideal as YouTube links from Facebook know my log-in so I copy & past in to another browser for them.

Ideally you need 3 different browsers, one Google, one Facebook, and another for the rest - including searches, with all cookies, etc, deleted on exit.

Of course, there is also the scroogle plug-in for Firefox to help that.