* Posts by h4rm0ny

2977 posts • joined 26 Jul 2008

'LOOK into my EYES: You are feeling very worried about the climate ... SO worried'

h4rm0ny
Silver badge

>>"1. Saying that Professor XY wants to manipulate people to think that there is a man made climate change, does not mean that man made climate change does not exist (if I read the article correctly, that is the conclusion that the author is trying to manipulate readers to understand). "

I've just re-read the article. Nowhere does it say whether AGW is or isn't real. Every statement in this article on the subject directly relates to whether or not the survey says what the professor says it does. Here's one for you - re-read the article, see if you can find any part that says or implies what you say it does above, and if not, retract your statement.

1
0
h4rm0ny
Silver badge

Re: Leaving aside that this is about climate change for a moment...

Once one ceases to doubt that one's cause is right, all methods become acceptable.

0
0
h4rm0ny
Silver badge

Re: Trojans

>>"Very cute. Even assuming that was true, what's stopping the scientist from concluding at the end of the study "my research doesn't prove or otherwise support the IPCC/UNFCCC claims"? The funding is already used at that point, so there's no reason to lie."

Right or wrong about whether this is the case, your logic is faulty. Research scientists live from grant to grant and the previous one is a determinant on whether you get the next. Publish a paper that gets damned by your peers, your chance of the next grant is reduced.

0
0

Sorry, admins: Microsoft says NO new Windows Server until 2016

h4rm0ny
Silver badge

Re: more FOSS adoption by Microsoft

>>"What is so incredulous about the mindset of most Microsoft dupes is that they forever denigrate Linux, BSD, Darwin based Apple OS X and all other Free/Open Source Software (FOSS) technology with incoherent drivel criticisms"

Assuming by "Microsoft dupes" you mean posters who defend MS products against criticism on these forums (as I often find myself doing, dogged being another and so on...), I actually don't recall any of us making "incoherent drivel criticisms" of OSS. On the contrary, I think most of us respect it. Want to back that up because to me that just sounds like manufacturing enemies.

2
3

'Revenge porn' bully told not to post people's nude pics online. That's it. That's his punishment

h4rm0ny
Silver badge

Re: Daily Mail

If it were the Daily Mail they would have posted pictures of the unfortunate victims so that their readers could be suitably shocked at how someone could have posted them online.

The Daily Mail website is that most unusual of websites - a porn site that condemns porn.

7
0
h4rm0ny
Silver badge

@dan1980. I agree with you on both counts - that this is wrong and that buzzword legislation is generally a bad idea. In answer to your questions as to how one would deal with this legally you would probably find this could slip under harassment and related crimes relatively neatly. Yes, if you allowed your partner to take photos of you naked, it is still reasonable to argue that posting them on a porn site is a separate act to that. One does not need to conflate the two acts and therefore legislation becomes easier.

5
0

'YOUTUBE is EVIL': Somebody had a tape running, Google...

h4rm0ny
Silver badge

>>"The only thing they are actually saying is that unless the artist signs up to the new service terms then they'll stop paying the artist when someone else uses their content in an upload."

Isn't that thing actually quite a big thing? The artist in this case certainly seems to think so and should Google be able to force people to accept their terms or let them do what they want anyway?

6
0
h4rm0ny
Silver badge

Re: Copyright "strength" is irrelevant

The above is simply not true.

EDIT: I don't usually make such bald and unexplained posts, but in this case you have made an assertion that you cannot support - that copyright strength is irrelevant. What more is there to say other than that you can't back that up?

3
10

Five years of Sun software under Oracle: Were the critics right?

h4rm0ny
Silver badge

Re: Java is shit

>>The same Boeing 747 is like shit on transporting sofa inside NY Manhattan area ..

I can read about six different computer languages and three human ones, and that was none of them. I'm sorry, but... what?

1
2

Spartan on Windows 7? Microsoft is 'watching demand'

h4rm0ny
Silver badge

Re: Just Asking...

IE being embedded in Windows isn't due to "spaghetti" code. OS's and browsers are growing ever closer and we are reaping the benefits of that. Why implement HTML rendering and vector graphics and javascript at the browser level when you can build support for this directly into the operating system and gain the benefits of direct use of graphics hardware and other performance gains. With Windows RT (the API, not the OS) you can code apps directly in HTML5, CSS and JavaScript if you want, no browser needed. Tight integration is one reason Metro IE11 is so quick.

You make it sound like careless coding when it's actually design with good reasons behind it. If you don't agree with all that and think that browsers and OS's aren't growing closer and closer, just look at ChromeOS - that's an operating system that actually IS a browser.

3
1

Wall St wolves tear chunk off Microsoft: There goes $30bn!

h4rm0ny
Silver badge

Re: Inconsistent stock market reactions

In short: Nobody has ever successfully convinced Wall St. that they can't have their cake and eat it.

11
0
h4rm0ny
Silver badge

Re: Stock pricds tend to be foward looking

No, they need to reinvest in research, promotion and support. The endless short-termism of the market is a blight upon our civilization. They always want instant returns even at the cost of long-term investment. The reason is obvious - they can then take the profit and walk away and repeat with another company.

But to be long-term viable a company cannot pursue an endless strategy of raising net profit at whatever the cost. Though that's what investors like.

23
4

'One day, YOU won't be able to SENSE the INTERNET,' vows Schmidt

h4rm0ny
Silver badge

Re: Credibility?

Well to him an Internet of Things includes people so maybe he doesn't see a difference between people and objects - they're all just an IP address to him. ;)

Talkie the Toaster counts as a new job in that case!

0
0
h4rm0ny
Silver badge

Re: Hmmm... Thousand Year Reich

You can always find prophecies that are wrong and usually find prophecies that are right. Which you find depends mostly on whether you want to prove that people can't predict the future or that they can. One of the most prescient and horrifying books I ever read was Neil Postman's "Amusing Ourselves to Death" and whilst dated today, it's still pretty solid in its analysis.

The introduction begins with a note that in the 20th Century we had two highly popular and successful dystopian novels both in contradiction to each other. One was Orwell's "1984". The other was Aldous Huxley's "Brave New World". And Postman's book begins with the statement that Huxley, not Orwell, was right.

Eric Shmidt is currently making Neil Postman (and Aldous Huxley) both look like Hari Seldon. Substitute YouTube for Soma and we're there.

0
0
h4rm0ny
Silver badge

Re: What flavor is his Koolaid?

>>"I want to avoid that one... Really, the internet will disappear? Or is he saying it will hide in plain sight?"

More the principle that if you turn everything brown, you will no longer see "brown", it will be meaningless and no-one will think in terms of not-brown anymore. Schmidt's vision of the future is one where no-one sees the Internet because there's nothing that isn't "the Internet" - not cars, not fridges, not people not your children. Of course by "the Internet" he means his Internet where Google has access to all of that.

Remember that this is a person who said if you don't want people to know something you shouldn't do it and that Google was going to be the next Microsoft. If the thought of Nineties Microsoft with a complete profile of your life and friends doesn't terrify you, you have a great deal more trust in human nature than most and I suggest a good newspaper or history book to cure this.

3
1
h4rm0ny
Silver badge

Re: "with your permission and all of that"

Even opting out wont do it. The idea is to make everything so tightly-coupled that you can't meaningfully opt out of Google without basically disengaging from modern life. Even today, try blocking Google Analytics at the router-level and you will find that around a third of websites simply cease to load. They're all waiting for a response from Google telling them it's okay to go ahead.

Even just blocking Google itself let alone their analytics results in some strange effects. For quite some time I've been experiencing an odd glitch on Ars Technica where I can't click to show modded down comments. I thought it was a browser issue maybe. More recently a few other parts have stopped working causing me to investigate and it turns out that it's because my blocking of Google is breaking some of their scripts. Google is present on most sites and disengaging from Google is close to becoming impossible if you want to participate in modern life. Making it an arduous process to opt out is just the start of making it difficult to avoid tracking. The level of active effort required to avoid it is reaching absurd degrees.

5
1

Is it humanly possible to watch Gigli and Battlefield Earth back-to-back?

h4rm0ny
Silver badge

>>"1 vote for Battleship. the film that is the very epitome of what is wrong in Hollywood"

Battleship is surprisingly watchable satire. You realize that no-where in the film did the crashed alien vessel initiate hostilities and despite their clearly superior firepower they always hold back from pressing their advantage each time the humans are forced to back off? I'm not even convinced the alien ship was a military vessel. The entire point of the film is that the humans are the aggressors attacking a damaged alien ship whose sole aim in the movie is to "phone home". They trot out all the American Military Hero tropes and film it from the action heroes' points of view, whilst at the same time making it clear that the humans are needlessly provoking war.

It's a brilliant indictment of the American military industrial complex and Hollywood war movies. I worry when I read posts like yours that people missed that and just took it as a straight action movie.

0
0
h4rm0ny
Silver badge

Charlie's Angels 2 is a hugely fun movie. I think perhaps you were expecting a serious action movie or just don't like anything that toys too much with realism. I adore that film.

0
0

Microsoft: We bought Skype. We make mobiles.. Oh, HANG ON!

h4rm0ny
Silver badge

Bad idea.

I have separate accounts for Work and Personal. Microsoft already had one abortive approach to merge my Windows account with Skype and my phone with Skype and they got a lot of angry push-back.

The reason Lync is good and Skype is crap for business is that Lync actually supports group differentiation and different availabilities whilst Skype is approximately as advanced as a punch-card machine. Actually there are lots of other reasons why Lync is better than Skype but in this context that's the relevant one.

If Microsoft want to force Skype integration into my other devices and accounts, they can go to Hell.

9
0

Windows 10: The Microsoft rule-o-three holds, THIS time it's looking DECENT

h4rm0ny
Silver badge

Re: We will tell them it's free - Muuhahahha

>>"I build and support my own devices, and I suspect that MS will class this collection of bits as "the same device" only until I change the motherboard. To be fair, mobo (and thus CPU + RAM) changes I always fresh reinstall for anyway, but I'd like to be sure that Win10 will actually let me reinstall onto "this PC but with different CPU/mobo/RAM in" and not require I buy a new copy of the OS to do so. "

I'm going to make an educated guess and say you'll be out of luck. If you have the full-price version of Windows, you should be able to use that through as many rebuilds as you like. The cheaper OEM version is actually what is sold to resellers for putting on pre-built devices. It's just that many people buy those instead because they're cheaper. So if you get this upgrade and you're upgrading from a non-OEM version I expect that you'll be fine. But if, like most, you're upgrading from an OEM copy then the new version will be the same licence. Meaning you'll probably be able to get them to re-activate it by phone unless you're unlucky, but technically they might not and I wouldn't count on it.

3
0
h4rm0ny
Silver badge

Re: I will keep pestering you

Seems to be the modus operandi of most men... : (

1
0

EE data network goes TITSUP* after mystery firewall problem

h4rm0ny
Silver badge

Re: Oh, dear...

>>"I'm sure that any of these companies could do far better if they just doubled their prices. Do you seriously think that it would have customers flocking to it, even if it were proven to be better?"

I'd be willing to pay around a 15% mark-up over their competitors if I knew it was better. If Vodafone was £20 a month and Three was £25 a month but I knew that I would get solid reliable service with Three, I would choose them. There is a market for quality.

3
0
h4rm0ny
Silver badge

Re: Oh, dear...

I've so far gone through Orange (now EE), Three and Vodafone. None have been satisfactory. Orange probably had the best coverage in my area but messed up everything else and were pricier. Three's coverage wasn't great and nor was Vodafone's.

What we really need is a reliable set of metrics, publically and independent, so that we can more easily see who is best on service. If the government wanted to do something useful with the networks, gathering and publishing official statistics would be the single best thing they could do. Give people the ability to look and see that Vodafone is worst for coverage in the North West or whatever, and you would immediately see more investment by the companies.

Market competition fails when the customers cannot see which product is better because everything is anecdotal and geographically situational.

25
0

Want a cheap Office-er-riffic tablet? Microsoft Windows takes on Android

h4rm0ny
Silver badge

Re: Hidden costs.

>>"This tablet is basically to fool idiots into locking them into Microsoft's new pay for services platform."

And what do you think Google giving away their OS for free is about? Charity?

2
0
h4rm0ny
Silver badge

Re: Hmmm so what could we get....

Sadly I think the marketers realize there is a willingness to jump between the low-end and the high-end. Those who just want cheap will only buy based on that. Those who want better quality have generally been willing to leap up two price categories to get there, hence you don't see a smooth gradient of improvement across price points. It's geared towards different market segments baselines, instead.

1
0
h4rm0ny
Silver badge

I would imagine it is unlikely as this is a permanent sale of the OS. They usually do discounted upgrades to a new version for those that bought near enough to the new version coming out so probably you'll be able to get it for not too much. But one of the big things about Windows 10 that people seem to be excited about (don't know why) is that it's supposed to bring more focus back to traditional form-factors and as this is a tablet, Windows 8.1 seems fine on it to me (not that I don't think 8.1 is fine on Desktop, too). The other thing is that I think Windows 10 is going to be available under a rental model too, so I don't see the appeal of that for a cheap tablet, tbh.

Anyway, cheap upgrade probably. Free, unlikely.

1
0
h4rm0ny
Silver badge

Re: It's good to have choice

>>"Android is also opensource, Google are the maintainers, but anyone can (and does) contribute."

Google have been turning more and more of the Android ecosystem closed source over time. It is harder and harder to contribute to Android without Google's approval every year. Have a read..

Google are the Microsoft of today. Remember when MS came up with that crappy .dat attachment for emails so that rival email clients would appear broken and when challenged always provided the excuse that they were simply providing a better and more secure system that others should comply with? Oh, and that it wasn't a problem because you could always turn it off (despite the fact that the point was that it caused problems for their competitors, not you). What does that remind you of? Oh yes, Google blocking Outlook (as per this article) because their system is "more secure", but you can always turn it off (as with .dat attachments) so it's fine. Oh, and it breaks Thunderbird, too.

Your naivety and trust in giant corporations is terrible.

1
0
h4rm0ny
Silver badge
Linux

Re: Linux?

>>"Does Linux brick things? And if you're a real "Linux hacker" you shouldn't be afraid of bricking things - and installing an OS "

When fiddling around with trying to install an OS on a device designed for something else, yes, there is a risk of bricking something. And that's not because of GNU/Linux. It's a tablet! You wipe the existing contents of the "drive" and fiddle with the boot partition you could well brick it long before you even get to the bit where you choose a new OS to install. That's why you want to do it on something cheap like this and not a Surface Pro 3 or something.

More helpfully, to the OP - it's an x86 device with full Windows (well the cheapo Bing version, anyway) so you should be able to disable Secure Boot (being able to do so is a requirement) and as an x86 device there's a strong chance you'll be able to get GNU/Linux installed and running so I say go for it. Touch screens are now supported in several of the modern OSs. Anything with Gnome 3.6.3 and up has a good chance of working. Much as I prefer KDE for desktop use, Gnome might be a better choice for touch screens unless KDE has improved on this recently. Hope that helps. Remember to post about your attempt so others can learn from it! Good luck!

1
0

Drinking to forget? OK. But first, eat a curry... QUICK!

h4rm0ny
Silver badge

Re: Hmmm...

I remember some research being done by the US army on drugs that would help dampen memory formation or emotive context. So if you've just bombed a village in Iraq, the pills help you feel less traumatized afterwards. Not sure whatever happened to that research but I can see something like this being picked up by the military. Especially if they can say it's for the good of soldiers which in the USA is pretty much an Advance Directly to Go ticket.

1
0

Video nasty: Two big bugs in VLC media player's core library

h4rm0ny
Silver badge

>>"And why was it impossible to him to keep quiet until Version 2.2.0-rc2 went live?"

I suspect because then they wouldn't get the "prestige" of having found two dangerous zero-day exploits. Probably saw it in the upcoming developer release, thought their chance of some press was going away, and announced it. Sad.

3
0

SCIENTIFIC CONSENSUS that 2014 was record HOTTEST year? NO

h4rm0ny
Silver badge

Re: warmists or sceptics

>>"For instance every single national scientific member delegate of the UN from every state - EVERY SINGLE ONE - acknowledges that global warming is happening and the humans are at least partially to blame. That's pretty conclusive to me."

Many of those you term "deniers" believe the same. Generally critics of AGW agree that the climate changes (of course it does!) and agree that humanity is bound to have some effect on that (again - of course it does). But they don't necessarily agree that human activity is the primary driver of climate change. Saying that people acknowledge that warming has happened and that humans are a factor is meaningless. Worse, it's a strawman that ignores what AGW-critics actually say.

1
0
h4rm0ny
Silver badge

Re: Well

>>"Science is never 100% sure. Even Newton has been proven to be wrong - however his equations are still good enough to get us to the moon and planets. That is the same kind of certainty that we have with global warming."

There are several people here who are making good and supported arguments for AGW. And then there's you who will cheerfully spout any hyperbolic rubbish because you think it's right to do so. No, AGW does not have the level of certainty that F=ma does. Not even the boldest of climatologists would make such ridiculous claims. Aside from the ad hominems and the dismissal of people who are skeptical as paid by the fossil fuels lobby, this is complete nonsense and you clearly just say whatever pops into your head that you think sounds good.

>>" As I say, even if global warming is wrong (and we all hope it is), the effect of getting more efficient (read cheaper) less polluting (read expensive that polluters don't pay for) energy that is available to many more people, is a good thing."

The thing is, I even agree that we should move away from fossil fuels - I am extremely pro-nuclear and nuclear is cleaner and doesn't result in us supporting nasty Middle Eastern regimes. But your reasoning is absurd. Things like wind turbines (the current darling of the "environmental" lobby (1)) are far more expensive than coal and gas and are demanding large subsidies from us to be viable. Nor are other energy sources inherently available to more people. Your argument that it is best to take costly measures just in case is flawed - as other people have pointed out. We could plough trillions into an asteroid defence system and maybe we should so we don't go the way of the dinosaurs. But then again maybe we shouldn't. There is a spectrum of cost vs. risk. Where does a cataclysmic meteor strike lie on that spectrum? Where do AGW counter-measures lie? Reasoned arguments can be made but all you do is argue that because there is a risk, counter-measures are necessary. That is flawed. Though I suppose if you believe that climate science is as certain as 9.8m/s/s you probably wont see that.

>>So irrespective of whether AGW is correct, it looks like a win-win situation and at worst a lose-win.

I know what you're saying, and have argued similar myself - we should be moving off fossil fuels but there are right ways and wrong ways to do it and panicked hyperbolic reactions such as yours lead to the wrong-way.

(1) I put environmentalist in quotes because there are many of us who consider ourselves environmentalists but are excluded from having a voice because whenever we try to protest or vote for the Green party, Friends of the Earth or similar is ready to use our voice to push an anti-nuclear agenda. Every environmental cause gets co-opted by these groups.

2
2
h4rm0ny
Silver badge

Re: warmists or sceptics

>>"I think what you are describing is arguments on the denialists side of straw men, ad hominem attacks, cherry picking, false petitions, etc, etc."

Sadly not. In any online debate on this I find countless accusations of being in the pay of the fossil fuels industry (such as you have done here yourself), endless people trying to show skeptics wrong by showing the climate has changed which misses the point that they're criticising AGW, not saying climate never changes and of course denouncing people as "denialists" which is a name that assumes a priori that someone is wrong. Very occasionally I see a post that accuses pro-AGW people of having a financial interest in pushing it but that is vanishingly rare and I've never seen it used to try and refute a factual argument. IME, I find far more aggression and base tactics directed at skeptics - sorry, I should have said "denialists" than the other way around.

As to "cherry-picking", there is so much data out there and so much variation, that "cherry-picking" is pretty much inevitable by any lay-arguer and is a trap either side falls into. You'd need a full-time career in the field to not cherry-pick data, to be honest. Of course sadly, even some who do have full-time careers in the field have been caught doing this so it seems that it is universal. :(

>>"However, we should not be affected by the bad arguments on one side or the other. Truth is separate from the aggressive arguments of some."

As I remarked, the bad arguments from the AGW-proponents have not made me believe that there is no AGW, they have made me lose my confidence that there is. An important difference.

1
0
h4rm0ny
Silver badge

Re: the only way is down

And either way, unless we have accurate models for how much global temperature lags behind the effect of the Sun's varying output we can't simply relate Sun to temperature by year. After all, if I turn a heater on or off, my room doesn't immediately become warm or cold!

1
0
h4rm0ny
Silver badge

Re: Wait Whaaa?

>>"So is the debate here that global land (sea temp isn't part of the debate because its a losing argument) temperatures havent really changed in the past ten years, thus climate change doesnt exist or isnt as bad as thought?"

No, you should have read more. It's about if there is a hiatus. If global warming has paused but the alleged causes of global warming are continuing to build, then it suggests those alleged causes may not be as significant as claimed / not the primary driver.

Also, apostrophes are good.

2
1
h4rm0ny
Silver badge

Re: warmists or sceptics

>>"Surely you mean scientists vs deniers?"

I expect a few downvotes for this, but it is the truth that I started out as someone who just accepted what I was hearing about AGW and believed it, and have since become a skeptic largely because of the attitude of so many AGW proponents. Over the years I have seen such continuous dismissal of legitimate questions with accusations of bias or deflections or simple strawmen (the attempt to prove that the world is warming as a refutation that humans are the primary cause of it, is eternal), that I have now taken up a neutral position of not being certain, tending towards not believing it in my more emotive moments.

The climate is extremely complex. No-one has ever shown to me that it isn't being affected by human activity, but endless aggression and strawmen and bad science in AGW-proponents posts has nullified most of my belief that it is. Your post pretty much epitomizes this with the use of "deniers" and its unscientific assumption that one must prove something isn't so.

4
1

Prez Obama snubs UK PM's tough anti-encryption crusade at White House meet

h4rm0ny
Silver badge

Re: The problem is...

>>"Well look at the track record. Skype has end to end encryption, but they happily share the encryption keys with everyone claiming to have something like a warrant."

They're less keen to share their own internal business data and executive's emails. Talking about a willingness to give up their non-paying customer's communications in a select business sector is hardly supporting a case that "the industry" doesn't care about encryption. We care very much and we don't want weak or backdoor'ed security for our company data. Let's take your other example:

>>"Look at the Clipper Chip, a deliberately broken encryption device which many companies wanted to build into their systems."

Rubbish. Practically no-one wants the government to come along and start telling them how to run their business. The Clipper Chip was formally dead within about three years of announcement which is probably some kind of record for cancelling stupid government IT projects. It was widely criticised by business as flawed both because no-one could really verify if it would keep their data safe, few wanted the US government poking around inside their company without their knowledge and it was unenforceable outside the USA putting American business at a MAJOR disadvantage to their European customers. The industry doesn't care about much except for money. When it comes to a choice between money and dancing to whatever silly tune the government is playing today, even that long-term government buddy Microsoft will go to court to try and fend it off.

Stop trying to re-write history to support your weird Eighties view of "the industry" as being some hostile Other. I've no doubt you could find some companies that publically acceded to the Clipper Chip idea but painting it as something businesses were happy about or didn't resist is not honest at all.

>>"Industry espionage is just an argument to use against governments."

I don't even understand what point you're trying to make here. You seem to be saying - and your following paragraphs backs this up - that you think industrial espionage is some sort of false front / excuse. In which case you have NO idea what you are talking about. None.

>>"In reality even the companies that do use e-mail encryption use it on deeply flawed systems. This isn't a problem as the really important internal information is usually not leaving the building."

Important information is usually not leaving the building??? I have almost nothing to say to this because anyone with any experience simply knows that this is wrong. "The building"? I'm staggered that someone can even think of some single business site for even a medium-sized business, let alone that important information is never taken outside of it.

>>"Companies tend to broadly overestimate the benefit of their work falling into a competitors hand. Few companies have much knowledge that isn't also known by their competitors."

This is beyond stupid. If our salespeople knew how much our competitors were about to bid, if they knew our release schedule or planned new features or corporate strategy, if someone had access to our internal vulnerability reports... You do not know at all what you are talking about and are making things up to support your worldview. Do you have ANY idea how much corporate espionage has taken place between China and the USA over the last decade? Obviously not.

Quite simply: if you don't know what you're talking about, don't pretend to.

4
0
h4rm0ny
Silver badge

Re: I can't explain....

But if you got rid of all the politicians and party one-upmanship what would you replace it with? Reason and informed debate? Madness!

4
1
h4rm0ny
Silver badge

Re: The problem is...

>>"The industry doesn't need crypto and it won't give us proper crypto in a time when selling the data of your users, or even mining it for yourself is seen as something acceptable"

Not sure what you consider "The industry" to be, but big business absolutely needs strong encryption. It is vital to ours and other companies. Not just banking, etc., but any respectable large corporation. Google et al. may not have a vital need for it when they're giving you free email, but the professional world absolutely needs and wants this.

I could, but can't, give you numerous examples of industrial espionage. And don't think that companies are happy about having to let the government have access, either. I know personally of two large contracts that US firms have lost recently due to not being able to provide assurance to European customers that the US government wont have access to their data. The Microsoft Ireland case is merely the most well-known of the current crop. Government access is also sometimes subverted - either complicity or otherwise meaning that even were a company happy to allow the governments to monitor for purposes of national security, one cannot trust that this will only be used for such purposes. An example of complicit subversion is when Raytheon used information acquired by US intelligence to out-bid a European rival. An example of uncomplicit subversion would be when the tools used for monitoring phone calls were hijacked by foreign parties without the operators' knowledge in the case of the Vodafone network being compromised to listen in on the phone calls of the Greek prime-minister and others for over a year. The hackers simply made use of the existing spying technology and turned it on their targets of choice.

So I honestly have no idea what you're talking about when you say "the industry has no need of encryption" or that "they will not give it to us". It honestly sounds like paranoid ravings of someone who sees "Us" the people vs. "Them" big business and just thinks of Gmail et al. Strong Encryption without government backdoors is very much wanted by "the industry" for anything other than a very small subset of businesses. And even Google want it for their own use, even if not to deploy with your email account.

That's why what Cameron wants is nonsense. (Well, that and human rights, I guess).

25
1

DAMN YOU! Microsoft blasts Google over zero-day blabgasm

h4rm0ny
Silver badge

Re: What's Google afraid of?

>>"I ran win8 long enough on my machine to get to a setting on the "charms" bar to make a change so I could install Linux. To get to that point, I had to accept the EULA, even though I never intended to use win8.See the problem there?"

Actually, no. If you want to wipe Windows off and install GNU/Linux, why do you need to enter Windows and change settings to do that? You can do anything you need from UEFI.

1
0
h4rm0ny
Silver badge

Re: Sorry, but Google were uttely wrong.

>>"So the problem is providing a deadline, and sticking to it?"

Sticking to a deadline reflects very well on you. When it's one you impose on yourself. Imposing a deadline on someone else... not so much. I think the word you are looking for is actually "ultimatum". Or maybe "threat".

11
7
h4rm0ny
Silver badge

Re: What's Google afraid of?

>>"The problem with Android is that Google are not as strict as Microsoft are with Windows, regarding updates"

Google don't control updates on Android and they cannot. Google's business model is to give Android away for free and make money from its use. They have no power over the OEMs and they can't push directly to end user's phones because they don't have a path to those devices. Nor would they really want one as pushing updates to a huge array of different hardware each running software that a third party (the phone OEM) has installed and which Google don't manage, is a recipe for disaster. All that Google can do is facilitate the OEMs updating the code as and when fixes come out. Which they do by releasing updates to the Android codebase.

I don't think updates to Windows and Android is comparing like for like, tbh.

5
1
h4rm0ny
Silver badge

Re: @Big_D

>>"I would just like you, and the other "IT Experts" of this forum to take away one thing: Full responsible disclosure is a good thing, and it's something that the security industry has been fighting for years over. The vendors don't like it, because it gives them more work with little in return (for them) and it makes them look silly when it's proven that they've ignored a security problem."

Speaking as someone who isn't the vendor in question but rather a customer, I don't like it either. It increases my risk.

And as you're suggesting that I "ask to go on a course" to learn about security, here's a little information for you about the general patterns with security disclosures. Only a small minority of privately disclosed vulnerabilities are exploited prior to a patch being released and after the patch is released it remains low. Think it through from the attacker's perspective - this is all simple enough. But when an exploit is publically disclosed or becomes so, without at patch, active exploits in the wild skyrocket. Those are the actual facts of the matter. Public disclosure only increases security in the cases where there would be no patch without the vendor being forced. And as we can see - that was not the case here nor was ever likely to be.

9
3
h4rm0ny
Silver badge

Re: @Big_D

>>"h4rm0ny, the Microsoft apologist. I bet if this had nothing to do with Microsoft you (and others) wouldn't even be commenting"

Ignoring that this is just an ad hominem reply, as a general rule I defend technology and argue against FUD. That's because I appreciate that making perfect technology is hard (having worked in the industry for a long time) and because I dislike FUD on general principles. And I see such attacks against Microsoft on these forums more often than any other company so you find me speaking out in defence of that quite often. What I seldom do is attack products. You'll find a vigorous debate by me on UNIX vs. Windows security models last year, but even there I wasn't claiming that GNU/Linux was especially vulnerable. I was a UNIX programmer for years. Of course to someone partisan, I look biased if I argue against their attacks, but I'm almost universally defensive in my posts. Which is a stark contrast to all those who will leap on any supposed problem as an opportunity to tear down and say how rubbish something is.

About the only negative thing I have ever said about Android is how much of it is being taken closed source by Google, rather than any attacks on the software itself. I think I made some criticisms of Dart one time as well.

So basically, yes - I do comment on things other than Microsoft which you're welcome to check. Now can we stop the ad hominems and return to discussing what rather than who?

9
5
h4rm0ny
Silver badge

Re: @Big_D

You make a jump between step 1 and 2 which I do not think is supported. You argue in point 1 that some groups may exploit this even without assistance by Google. You then argue in point 2 that this means there is no reason for Google not to make it easier for all. This, to me, is an error of absolutes: a bad thing is possible so it doesn't matter if it becomes more common / probable / easier to achieve.

In point 3, there is another issue. You propose that the release of the exploit code helps us protect ourselves. I disagree - I can look at the exploit code but there's nothing I can do to patch Windows myself. To the overwhelming majority of people the only use that can be made of the exploit code is to write malware. The only people who can use it in a beneficial way are Microsoft and that does not require a general release.

8
4
h4rm0ny
Silver badge

Re: Sorry, but Google were uttely wrong.

>>"It's naive to think that Google's team is the only one that may have discovered this bug. It's just that others may not have condescended to report it."

I think it's pretty clear to all that the problem isn't that Google reported the vulnerability to MS. On it's own, that's a good thing. But it's not on its own.

6
3
h4rm0ny
Silver badge

Re: Sorry, but Google were uttely wrong.

>>"This is standard practice, regardless of it being Google or Microsoft. In fact, 90 days is quite generous."

No it isn't. Symantec and all those other security companies don't generally release proof of concept code to help black hats build their exploits. They also work constructively with the affected projects or companies. And 90 days is not "quite generous". We're talking systems programming here, not a web app where you can just drop in a quick patch on deploy on your servers. When I did this sort of work we had a team of people in another building who did nothing all week but work through formal tests to check each release of software. It took a long time to do that and it was necessary. If we wanted to push out a change, that went into the process. If we stopped the process to account for a new bug, that would be holding up fixes for others - which may be more important - because it means restarting the whole release pipeline.

That's what a lot of people who only work on web apps and on non-safety critical software don't understand. And the armchair developers are worse. Stopping everything to put in a fix for the latest discovered problem can actually make your software more vulnerable because it can delay the release of fixes for more dangerous bugs. This bug basically causes the UAC notice to not pop up. So if a user with administrative rights is persuaded to run your malware, they don't get a "Do you want to allow this program to make changes..." message when they double click the email attachment, etc. That's bad, but who is to say it should have delayed some other fix?

Probably none of us here have seen the code and none of us therefore know whether 90 days is "generous" or not. And certainly Google don't know.

35
14

Google crashes supposedly secure Aviator browser

h4rm0ny
Silver badge

Perhaps. But someone creating an Open Source version of Chrome is a unique threat in a way that Firefox aren't. Whitehat aren't just trying to do this as a solo project. They're trying to re-ignite a community effort on this and get it going as a successful Open Source project. It is never preferable to fight a war on two fronts rather than just one, so Firefox are undoubtedly their big rival, but don't downplay motivations against Aviator, either.

1
0
h4rm0ny
Silver badge

Re: Own goal by Google...

>>"You must be a fairly atypical Reg reader if you can't work out how to replicate the kind of blocking this product provides (what with the ready availability of extensions like Ghostery and Disconnect), "

There's a whole world of people out there who aren't El Reg. readers but who still care about browsers. And to be honest, I think there are plenty of El Reg. readers who don't readily know how to replicate what Aviator does. And that's not because they're stupid. Aviator, for example, blocks HTTP referral values across different sites. According to their website you can't do that with Disconnect. And indeed, I had never heard of Disconnect before today.

Besides, one of the good things about Open Source is multiple ways to do things.

11
0
h4rm0ny
Silver badge

I remember when Open Source was a community of people helping each other and it was about sharing all your innovations and helping others improve their code as well. Well, I suppose aggressively grilling your rivals in public might help them improve in a Darwinian dog-eat-dog sort of way. But it's not what I had in mind.

9
0

Forums