123 posts • joined 6 Mar 2009
Re: ICO ?
Oh god I've got my compliance geek on here:
a) FCA/PRA (who replaced the FSA) would not have jurisdiction over a travel agent as they are financial services regulators - with the exception that the FCA might have jurisdiction in relation to a credit licence, but that wouldn't be relevant in this case.
b) as others have said, PCI-DSS is a card scheme standard so any fines for non-compliance with that would typically be issued via the merchants acquiring bank.
c) and this actually bugs me a *LOT*, under the DPA financial records are not considered sensitive personal data (this designation being reserved for medical history, political affiliations, union membership and sexual orientation) - as a release from the ICO they really shouldn't be using that phrase incorrectly.
d) I also find it slightly odd that the FCA state that there was no fraud as a result, that would be extremely hard demonstrate and from what I understand it tends to be done by statistical analysis at the card issuers/schemes to identify spikes in fraud where clusters of card numbers all made purchases via a particular merchant within a particular window. The fact that nobody might have felt sure enough to state that there was fraud to the ICO has almost no value here.
Re: Will he really make a huge profit though?
Kickstarter isn't what I'd call an investment - its a funding platform where people donate to enable a project to proceed. Typically for larger donations they get something back, but the low level donations this may simply be their name listed on a website.
If one of these projects suddenly becomes a multi-billion dollar success, then the original people who funded it don't get a large return.
At most this is an "investment" in the same way that an ebay purchase is.
There are true investment type sites for start-ups, but they are high risk and require a lot more than a couple of £/$ to participate.
The alleged damage that this sort of thing causes doesn't lead to an immediate terror attack - what it would do is get some intelligence sources killed as their identity gets leaked, it damages diplomatic relations, etc... this damages the infrastructure used by an intelligence service so that its not as effective in the future.
This doesn't translate into "we can directly trace attack X back to the disclosure of this information", you'd never be absolutely certain that you'd have caught it anyway. Plus you'd probably not want to disclose the change in capability if you could prove it.
I personally think that you can choose to argue somewhere on the scale of:
(*) the damage is a good thing as all intelligence services are evil
(*) that its a bad thing which is justified because intelligence is getting too invasive
(*) the damage is a bad thing which isn't justified as security is worth any price.
But I don't think you can argue that it causes no damage at all - after all wasn't the whole point of the disclosure to make some level of impact.
fair point re "low income" - what I actually meant was not on banker salaries.
One of the arguments I've seen which I have quite a bit of sympathy with relates to the surge pricing in Uber (which incidentally I've never used) - i.e. if you want a taxi when its raining its likely to cost more and a *lot* more in more extreme events.
This does mean that should the Uber model cause normal taxis to be a non-viable business then there could be real issues with getting access to transport for those on low incomes at those times. Ultimately that's a social policy question.
Re: Sigh ...
its not so much shoulder surfing as Trojan software which is the threat, if I have a Trojan installed on your PC (probably including a browser plug in) that can identify target bank sites and then capture both key strokes and a screenshot of the login page, then at least with the partial characters the attacker needs to observe a number of attempts before they can guarantee access.
I did think it should be filed under rise of the machines in boot notes
Re: I thought this was about Carmack
There is a big difference between IP and code. While cut and paste code is always going to constitute IP theft, it is possible to infringe IP while writing completely new code.
By the time I was in York (mid 90's) Netrek was the game
In essence this capability already exists and is usually referred to a chipping which impacts both insurance cost, and probably invalidates any warranty. Not unreasonably a car manufacturer expects to design a car as an overall system - brakes, suspension, tyres, gearbox and engine - while they can supply variants they would still need to design within an envelope of performance.
Also, my 1 year old (cheap) car already has an "Eco" button which enables a number of economy related settings (performance wise it mostly seems to reduce the available torque above 2500 rpm)
So I'm not really sure I see this being anything very new commercially (with the possible exception that being able to lock a car to eco mode might be attractive to parents of new drivers for the first year) - although it might well do it better and cheaper from a manufacturer perspective.
First of all - I also don't "get" crypto currencies yet, the big issue to my mind with bitcoin seems to be that its a finite resource (I've seen estimates of when the last coin will be mined), this suggests that there will come a day when the currency simply stops.
That being said, lets assume it does actually work over an extended period and deal purely with the issue of refunds. I think the suggestion of converting to a reference currency is the only practical approach, certainly it used to be the case that you could only submit a credit card settlement file once per day to avoid people gaming the exchange rate of foreign currency transactions.
Lets assume for a second that you have to refund the amount of the currency paid in its original form - this would create a very easy way to game the system. I take my bitcoins and buy something with fairly static value and low transaction costs (golds probably not a good example these days but for the sake of argument lets use that). I then wait. if the value of bitcoins rises then I demand a refund, if it falls I sell the gold in another currency.
Suppose I then buy £100 of this commodity every day (in BC equiv currency) on a rolling 30 day cycle with one purchase and one refund every day - at this point I profit from any rises in the currency but don't take losses from any falls.
The only way you'd get around this is if you required the merchants to hold the BC in that form for the refund period - but then they are in the position of not knowing the effective price at the point of sale.
Hence the need to convert to reference currency - which incidentally I believe is also a tax requirement (i.e. profit/loss must be reported in £GBP)
Re: Mass market?
OK - so how does the software cope with differing resolutions? colour temp? different CPU/GPU specs? differing accelerometer sensitivity? memory limits? differing OS builds with jitter effects from different interrupt handlers?
Moreover, the lack of a clear long lived reference design would be a major issue for any company thinking of using it as a target for a major release (which tend to be years in the making and film level budgets).
I'm not denying that software could provide a functional experience across a variety of form factors - but its certainly not going to be optimised. I'd argue that for most near term applications that is likely to be a pretty fundamental issue.
While it certainly looks like a cheap way to create a 3d system - I suspect it'll struggle to find mass market developer support as there isn't a standard hardware platform. One of the key benefits of consoles (and the iPhone for that matter) has been that developers can properly test (and they know that the platform will exist for a significant time span).
I'm a fan of Andriod, but for an application like this I can see the variety of devices being a huge issue with getting it adopted.
Re: Are you insane?
Historically MS made source code available under restricted terms. There have been documented leaks in the past. [http://news.bbc.co.uk/1/hi/technology/3485545.stm]
I think its fair to assume that copies have made their way into some restricted "blackhat" groups (any government agency that *really* wants a copy for example!)
The only difference here is that its a freely available release, but as I say above - the people you'd be worried about having this will already have done so.
<Disclaimer> I've not used GNOME is years so the following comments are purely based on the article and other comments. </Disclaimer>
I've got no problem with the view that some users may want a more complex environment - although personally I do like common operations within my GUI to be fully usable within the "G" context (i.e. without the need to manually edit a config file)
However.... if you want a something within a main stream distribution then you need to accept that being main stream they aren't going to include an interface which is only really useable if you're up to admin grade tech skills.
Re: Seems strange...
Well yes they could - if you assume that any back door was setup to be always on, and that it had been implemented in a way that made detection possible. As an example, suppose that a piece of kit had an "error" in its SNMP handling such that a badly formed packet, or perhaps a sequence of "random" community strings caused it to execute a buffer overflow which then happened to run a decrypt option on a block of binary data which just happened to then become a back door.
There is form for attackers trying to insert backdoors into the Linux kernel via deliberately incorrect handling of TCP flags which was caught in code review (https://freedom-to-tinker.com/blog/felten/the-linux-backdoor-attempt-of-2003/) - can you imagine trying to find that sort of logic trap purely from compiled object code? Especially if it had been designed to be hard to find and existed only within a code block which was dynamically modified.
So.... if I was worried about this sort of kit possibly shipping with back doors, I certainly wouldn't want to rely purely upon analysis of the kit as deployed.
Trust is a very hard thing to create and ultimately is never 100% and is dependant upon understanding the process by which something is created, tested, distributed and used.
I'd strongly suggest you read "Reflections on Trusting Trust" and then consider if you still think its possible to achieve a good level of assurance purely from observation of behaviour within a test environment (http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf)
Re: If only...
I don't believe materials are a significant element of the cost of these craft, its the R&D and supporting infrastructure (maintenance, fuelling, air crew training, etc...) which make them expensive.
People often quote a cost of £XX per air craft, but that drops rapidly as you increase the production run and spread the R&D budget more widely.
Re: If only...
sorry not buying this -
a) I've heard the search area described in percentage terms of the total globe, if that's the scale you are using then frankly the chance of ever finding your target if its not actively emitting a signal for you to track is going to be extremely low. Going fast over a stripe is still a tiny fraction of that search area so having a couple of high speed long endurance plans would make very little difference to your odds.
b) you've got to consider the cost of such a program vs the benefits it generates - I am not suggesting that the likely loss of the plane and those on board isn't a tragedy - but in a global context it wouldn't justify an annual multi-billion pound/dollar program which might make a fractional difference to the chance to locate them in this extremely odd scenario.
if a repeat of this scenario becomes a serious concern for policy makers going forward then it would be cheaper and simpler to insist that:
1) every aircraft on certain routes had to subscribe to the service which allows them to relay back in flight data in real time and that the on-board hardware be redesigned/moved such that it couldn't be disabled by the pilots
2) aircraft start to carry an inflatable buoy with a homing beacon which could be deployed in the event of a crash (so that you have an active signal above the water).
Alternatively it could be used to justify a standing fleet of airborne patrol radars if a military force was looking for a budget argument (although again I think this would be massively expensive relative to modifying the planes)
Re: they won't need these 70k in equipment anyway
Of course the bit of me that's run budgets knows that the equipment budget is likely capital (and thus subject to amortisation over a number of years) and any consultancy would be revenue (which is booked straight to costs).
Therefore typically a £70k reduction in equipment would provide something like a £23.3k consultancy spend within the budget year (and probably creates £23.3k savings in years 2 and 3 which could then go to savings targets in those years without needing to do anything else).
I'd therefore be particularly annoyed about exactly how they'd nicked my budget.
Re: "They can now allow processors to work at full power"
I'd say "not wanting to be picky" but actually I do.... increasing wattage (power) for a short period is exactly what an ultracapacitor will provide, what it doesn't do is increase the number of joules (stored energy capacity) of the device.
It might allow you to withdraw the stored energy in a more efficient profile which might then have the effect of making the hybrid device deliver more energy in real world usage.
In any case, I do think that thin ultracapacitors are likely to start popping up all over the place as they will support form factors which batteries cant.
IP is generally *not* put in escrow
I've arranged escrow for quite a number of solutions over the years - the agreement is typically for an escrow copy of the source code and a non-exclusive and non-transferable licence to any IP required to maintain the software in the event of a trigger event (typically the insolvency)
The ownership of IP is entirely separate from the licencing of it and access to code.
Re: I think I speak for most when I say...
this is one of those articles where I understand every word on its own... but have real trouble with the whole
you mean like say Yahoo Email, or Gmail, or Hotmail, etc.... these sorts of service only ever work if you have a really large operation and the lifetime or free service is actually a loss leader to sell other products.
Making your central business model a cheap lifetime service isn't sustainable - but maybe the model was something like : get lots of clients onto the platform and make the money from business consultancy and add on recurring services.
Not saying that is the case - just making the point that there are business models which can and do offer long lived free services, but not at a small scale.
If I was Apple, I'd simply bundle a convertor which could plug into the current port and allow charging via micro USB. I'd be amazed if that was particularly hard to do - charging shouldn't be more than two pins and the adapter could do any negotiation necessary (and presumably would negotiate to a low speed charge with some smoothing to account for the fact that they probably wont trust the input voltage to be exactly what they want)
From a design perspective I think its unlikely they'd add a second port within the handset and from what I can see the standard will only apply to chargers not docks (and do you really want a mandated technical interface standard for docking stations set by a political forum?)
Re: It costs so little to the end user just because the Indian governament pays for it...
Ummm - this model is launching 2014 as an upgrade to an existing, maybe not high spec but there are certainly plenty of similar speced tablets being sold commercially in the UK. I thought vapourware when they announced the first iteration (and was broadly right at least for that model), but this is gen 4.
5-7 years is the rollout time, India has a population of around 1.2B and a life expectancy of about 65, so assuming flat demographics you'd have about 20M people in each year (and in reality more than that at the bottom of the age range). So assuming you want to put one in the hands of all 5-10 year olds that is 100M+ devices, which are being subsidised by their government.
Or to look at it another way, they are aiming to roll out approximately 15-20M devices per year. With (as this article demonstrates) a number of hardware revisions during the rollout.
I don't know enough to have an opinion about if this is a good project or not - but from a pure project management perspective that doesn't seem an unreasonable approach or timescale to me.
The big issue for business is generally the effort involved in the migration - why do it if you aren't getting any benefit?
Getting off XP due to end of life might be an argument, but if that also requires a new Exchange, Office, etc... then the direct cash cost for the desktop OS licence becomes a relatively small part of the overall bill. Its worse for companies with bespoke internal apps who have dev, testing costs and issues.
Also as others have said, I'd have thought any move by MS to offer products for free would get a lot of regulatory scrutiny.
"But we can't help but agree with exasperated folk stranded at airports over the weekend who - quite reasonably - asked why such a failure could have happened in the first place with a critical system. Redundancy, much?"
The fault sounds very much like a configuration problem, if caught at implementation its usually a case of revert to prior state... but once its been in use for a period its the sort of thing that in the middle of a safety critical system can be immensely hard to back out (do you really want them to shut down all phones on the air traffic system???).
Redundancy means having a duplicate system - hardware wise that's easy, software wise do you really mean they should maintain a completely parallel system with distinct config at all times? I appreciate the trite answer to this could be yes - but in a real situation (which has to interact with external parties) that can quickly become utterly pointless.
Frankly I'm quite impressed that they managed 80% throughput in the circumstances - I'd guess the contingency plan became a lot of post-it notes very quickly.
one of the most interesting decisions is that the 8GB / 16GB storage is actually a micro SD card rather than chip based flash.
Re: The VERY definition of Android Landfill
the battery will be good for at least two years, and replacement looks pretty straightforward (a few screws, some light prying and one plug). Yes there will be some - but if that becomes a common failure there will be plenty of people able to refurb them for £20-£30.
Got mine last week
Have to say I'm impressed, its certainly more of a functional phone than a pretty phone with the default black back - but that's what I want. It feels solid and its perfectly fast enough for anything I need. My old Galaxy S had some flex, and the odd squeak from the case - this doesn't, its hard to quantify but physically it feels reassuringly solid.
The battery might not be "removable" but I've read a couple of teardown reports and its certainly replaceable - the inner cover comes off with a few screws and there is only light glue holding it in place. I don't need to swap batteries during the day, but I do object to throwing away a device if the only fault is that the battery isn't holding charge.
Yes an SD slot would be nice, but with the 16GB model I cant honestly say I feel stuck for space (although I personally would find the 8GB model hard to live with)
The Motorola migrate app also worked pretty well, so for an average user the migration should be pretty painless.
Having used CM 9/10.1 for the last year stock android is what I'm used to - and frankly seems a lot nicer than the bloat overlays that other manufacturers put in. The oddest sensation I've got therefore is that it looks almost the same as my old phone, just fractionally bigger, a little heavier and a lot faster.
All in all it seems a really good handset.
Re: say wot ?
I think you are being a bit unfair there. Cars have a tendency to be involved in accidents, part of a cars design is that it includes an energy store. Under failure the stored energy may get released in an uncontrolled fashion, especially if the failure includes significant physical damage.
I like the idea of electric cars, and will buy one once they hit 300 mile range on a charge, and either fast charge or range extended. However, i fully appreciate that the design issues of a large energy store are significantly different from a laptop battery. From a h&s perspective it's the difference between injury and multiple deaths
Re: At the risk of resurrecting an old joke ...
anything blends if you have access to an industrial grinder for HDD disposal
"Only" 8.5% attended a bullfight....
On a national scale that doesn't sound like a small number to me.
Re: This needs a name.
I dont like to say I told you so...
but I thought this was a natural step to take for electric cars:
Re: But will gam devs use it?
The article does explicitly say that its for non-latency sensitive elements. Back in my school days I wrote a turn based tactical squad game on the *cough* Archimedes
it wasn't brilliant and the AI for the bad guys was incredibly basic, but at the time I remember having to run a loop that repeatedly polled for mouse movement/clicks. Because of the low power of the systems in those days I wrote the AI to sequence its planning in small chunks and processed one chunk each cycle of the UI loop (which had the nice side effect that if you moved quickly most of the bad guys would simply repeat their prior actions).
Abstract this up and I can imagine having a local basic tactical AI, but with a cloud based strategic AI backing it up. The local system could handle basic tasks such as target selection, choice of cover and advance/retreat type options - the strategic AI could look at flanking, co-ordinated cover fire, moving units to elevated positions, etc...
Technically the system could send out one packet of current locations and waits for strategic input from the cloud - which can happily take 3-5 seconds to return it because its operating at a higher level and in while its waiting the local tactical AI is still doing a reasonable job of the second by second tactics. Hey presto, cloud based service improves the game, but an outage it doesn't prevent it from running in a basic sense.
I'm not saying this is what would happen, but its one way I could imagine it being used.
Can a properly managed paid development / test team produce better results - probably (I've known plenty of buggy commercial software), but in practice they are focused on the latest handsets so access to newer features is largely via custom ROMs.
I run CM9 on my i9000 (Galaxy S), custom ROMs are the only way to get Android 4.x on that handset. Yes it has the odd bug, but I can live with that easily for not having to spend £300 on a new handset (either one off or via increased monthly costs).
I also have an original Note 10.1 which I like a lot, but I'm still waiting for a 4.2 update from Samsung and I am starting to be dubious if it will ever arrive. As my kids also use my tablet I would *really* like the multiple profile functionality. At some point I may wipe that and install a current CM or similar ROM.
Re: hard to count
all you can say is that there are examples where the security services have made a fanfare about having stopped particular plots - you have absolutely no data on what they havent publicised.
How would you ever know if someone was identified as being crucial to a terror plot but that the authorities didnt want to advertise the source of their intel, so they are picked up for say handling stolen goods instead.
It could be zero, it could be two a week - neither you or I know.
Actually all they've accepted as I understand it is that Fairfax have a preferred status to offer to buy out the company for $9 per share. BBY are free to talk to other parties and could accept an alternate offer subject to a (significant) penalty fee.
At present nothing is binding on either party and they are still trying to arrange the funding to allow the deal to be completed .
May well happen - but its a long way from certain.
I think the point is that Nokia doesnt sell to the end consumer - they sell to the network. So they want a device thats desirable to the end user, but only to negotiate with the network. I suspect that at a simplified level these deals have an initial fee and a per device fee - I'd be curious to know the split in revenue between those two parts.
Re: Now watch all Western European Mobe companies go bust overnight
if you read what was proposed there are two options:
a) allow roaming at no additional cost
b) allow a user to use a different operator without changing SIM
I wouldnt be overly suprised if this leads to tariffs which dont allow roaming at all (or perhaps only roam voice/SMS) and the model could become buy a PAYG card when you get to the country you're going to.
Re: re: Battery life
get an EyeFi card - I have one and sync with my Note 10.1, I agreed I'd prefer a full sized slot and just popping a card. But generally it works about as well.
My inbuilt satnav also doesnt have full postcode search, it really bugged me for about the first month. Now I'm used to it I actually prefer it, I've had mixed results with postcode searchs in the past (e.g. being dropped within a couple of meters of where I wanted to be, but the wrong side of a 15 foot wall that didnt have a door and in a one way system)
The system in my car lets me use the first part of the postcode (e.g. AB12 1) and then street and number, so far its put me outside the door I wanted every single time. The only time its annoying is when I'm driving somewhere and need to make a course adjustment mid-way as people are a bit suprised when they cant just give you a postcode.
Still overall I dont think its too much of a deal having lived with it for 6 months.
or alternatively - somewhere under the cost of 10 days benefits payments from 2010
Re: Just what I wanted
I honestly cant decide if that's a joke or not....
Nokia is more than a single division
"Nokia’s stock actually rallied on news it was finally going to stop trading as an independent company"
They are buying one of its divisions (the loss making one) for about half of its market capitalisation at the last business day close. From a stock perspective Nokia is going to remain as an independant company, just not making phones any more.
As the first Data Protection Officer I ever worked with put it - sensitive personal data means the things that the Nazi's killed people for
Re: Too bad
hmmmm not convinced. I run CM9 on my phone and am very happy with it - but I'd regard anything physically built into my car as having the potential to be safety critical - I appreciate that it *shouldnt* be, but that doesnt mean it absolutely isnt.
I have a satnav built into my car for which there are unoffical ROMs floating about (essentially hacked versions of other regions binaries)... I thought about applying one for maybe 5 minutes and then decided the grief simply wasnt worth it. Plus the cost of replacing a bricked embedded device can be very large (as opposed to a bricked handset where I can easily replace it with a second hand device at a known cost in a lunch break)
Just because something can be hacked doesnt mean its sensible to do so - as above some people do already do this, but I really cant see it becoming main stream.
APIs to standard sensors (e.g. GPS, pressure sensors, etc... I can imagine, and the mirror screen tech that allowed a handset to use a cars screen also makes sense. But replacing an embedded system with something that I have relatively little assurance over the development, codebase integrity and testing? No thanks.
Re: In response to "A" Key Removal..
I know someone at university in the late 90's who managed to get a cursor left ASCII code into thier password this way on the basis that if anyone key logged him it would overwrite the previous character and he'd still be secure.
Almost as nice as the guy who wrote a postcript fractal generator which locked a printer for about 8 hours when sent.
- BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
- Stick a 4K in them: Super high-res TVs are DONE
- Review You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
- DINOSAUR SLAYER asteroid strike was DEVILISHLY inconvenient timing
- Russia: There is a SPACECRAFT full of LIZARDS in orbit above Earth and WE control it