I love it.
How to genuinely apply transparency and the "many eyeballs" Open Source idea as well as Kerckhoff's principle to critical code.
2316 posts • joined 9 Jun 2009
How to genuinely apply transparency and the "many eyeballs" Open Source idea as well as Kerckhoff's principle to critical code.
garbage in = Facebook out
If only there was a way to shame companies into upgrading their security promptly.
Hmm, maybe something to prod the banking regulator with? After all, they are always in need of evidence to show they're actually doing their job, and this is pretty much a classic by now..
Can someone tell banks and places like TP Online
With a bit of luck the lawyers will wake up to the problem of liability through negligence. By formally declaring SSLv3 dead and buried, and by refusing any connections from the grave there is no credible argument that anyone still relying on this code is doing anything at all for security.
This means that when problems appear it's not just consequential liability, it is also likely to attract regulatory fines as well. Personally, I think the way to fix this is to make banker bonuses payable to any victims - I reckon it would turn the City into a powerhouse of cybersecurity in, umm, a week, tops :)
And yet copyright is now death plus 70 and no doubt Disney or some large corporation will achieve perpetual copyright at some point.
Maybe not copyright rights, but rights to free use of your images into perpetuity is already standard fare in Google's Terms & Conditions. OK, they do their level best to avoid using the word perpetuity (just in case someone actually reads it), but just read it for yourself - it's not hard to find. I think it probably is with Facebook as well, but I don't use it...
"Things got out of hand at that point."
You don't say :). Admirable effort.
Lawyers sue where them money is.
It appears there is no big difference in motivation between lawyers and bankrobbers then :)
I suspect just about any iOS user has a folder like that "rubbish I don't want but cannot delete".
At least you can stick such apps in a folder, out of the way.
I think Swift's main attraction is that it's one platform to bind them all :).
I suspect the cunning plan is that by bringing Swift into Open Source, Apple ends up with more people feeling capable of developing applications for iOS and OSX, but being able to code doesn't immediately imply an ability to make it user friendly.
It'll be interesting to watch what happens. Apple tends to be less into public beta testing so I don't think it's a big risk for coders to invest time in Swift (it's not going to disappear overnight), but what interests me is how quickly they will adjust any issues or add missing features. Apple has never struck me at being terribly good at communicating (and by that I mean two-way, not marketing :) ), and Open Source only really works with bidirectional engagement.
What would make it really interesting is if an Android SDK emerged from a 3rd party, which is possible if it's really Open Source. I don't think it would harm Apple much, but their reaction would be worth watching.
So blame the developer of the music app and tell they if they don't correct this you'll find a different app
Umm, no, this is actually an iOS message. It's a shorter form of "as we get a share of revenue, it is our duty to remind you that you have disabled the last vestige of overcharging mobile vendors have when you're abroad". That message would just be too long to put on a screen, hence the shorter form. :)
I like iOS in general, but that doesn't mean it's perfect. This is a good example of one of those nuisances you have to put up with when travelling.
Simply make it mandatory that management and whoever designed the thing have to use them - no escape, no excuses and no alternative options like shopping at the competition who were smarter by avoiding the idea altogether. Either this results in things that are actually usable by normal human beings, or it'll cause a premature abort of the project whilst still in the testing phase.
It's actually an approach that could work on many levels. I suspect if they forced the Microsoft coders who came up with the ribbon interface to actually use it it would have never gotten past the planning phase, ditto for Vista and TIFKAM.
What sucks is to have that kind of tech but also having to run along beside it pushing a cart with your mate on it so he can film it from a good angle. Of course the stop at the end sucks even more for your mate if you slip and fall.
Yes, that surprised me too. I would have expected a segway, a tracking drone (maybe they couldn't get one that wasn't armed:) ) or even another robot..
The canary for technical acceptance always has been, and always will be, centered around the adult industry.
Canary? I always thought that involved chickens. Ugh :)
Oh, I like the idea, just using the word "ecosystem" in context with this is a bit much for an audience of paid up members of the cynics club like me :).
Love the article. I have experimented with remote control things, and the first pain with a smartphone is that you will always have it locked to prevent it from inadvertently dialing someone, so before you can use it you have to unlock it.
Then you have to start the app. Which needs to connect, which again takes a while. At which point you discover it's clung on to some public or FON access point name so it's not even on your own network, and by the time you have fixed that its battery has finally run out because it's the end of the day.
I'll stick with normal switches. Just because you CAN remote control things doesn't mean you actually have to. It also ensure I still occasionally physically see the devices I use..
Google just told me that summation is the process of summing something up, not the result :)
Yup, the price for posting pre-coffee :)
Lovely writeup, especially the summation
It requires yet more surface space (when will someone create an internet-connected table to hold all your IoT products?)
It does things that other products in your home already do but not as well and at a much higher cost
It connects to other IoT products for no discernible reason and with no practical outcome
It provides wonderful sounding but ludicrously unlikely scenarios where your life will be improved
It has its own phone app
It's been given over $1m in funding by people who should know better
I really want an article upvote button :)
Although, given all this metadata analysis which the spooks seem so fond of, you'd have thought it not beyond the wit of man for a telco to observe that a particular trunk subscriber makes a vast majority of outgoing calls, most of which last only seconds, and has very little downtime
Now there is an amendment to the Patriot Act that would get popular support, or call it the USA Freedom from Robocalls Act (UFRA). Given that its tentacles are global it would also nullify the idea of hiding across the border.
All we need is a plausible connection between robocalling and terrorism. Anyone? :)
Well, you can still buy ink, fountain pens and paper :)
No, your option is a simpler one. Inform yourself of all the factors that matter to you and then make a choice that fits YOU. This is why interoperability is so great: for everything you do, you choose the gear that fits your needs, budget and risk profile.
This means you build a backbone focused on interoperability and then plug in whatever you need. I personally also prefer to use IMPA/SMTP/CalDAV and CardDAV rather than Exchange but for some that is a bridge too far. Your accountants like Excel on Windows? Fine, but make sure they save in .xls (not .xlsx - avoid the "x" formats as the bubonic plague they are).
Your designers are far more efficient on Macs? Fine - that is quite happy talking all manner of RFCs including SMB, and off you go. A bit of platform diversity also protects you from a complete cascade meltdown when another ILoveYou virus lands, or when someone codes an effective drive-by virus for a Mac or Linux box (that it hasn't been done yet is no guarantee of the future).
Want to go Open Source all the way (even if not entirely Free)? No problem - your backbone will support it.
Even before Sir Berners-Lee defined the URL idea we were already working on interoperability (which was easy then as most of it was Unix based). It's one of the most valuable features of the Net - make sure you keep that feature alive.
Is the US the last country on the planet to ban hand-held mobes while driving?
Well, on the plus side, they have the right to carry arms.
This one can be solved *really* quickly. All it takes is some pragmatic joined up thinking :)
And on some cars, but probably not modern ones, turning the engine off by key could cause the steering lock to engage. Not a good thing in a moving car
I think that only happens when you actually pull out the key - just turning it to an "off" position will not cause the steering lock to engage. That is, in the cars that I have used, I don't know if this applies to all makes but it strikes me as a sensible safety measure.
No biggy, remember, METADATA can't stop bombings at marathons, can't lead to the revelation of another person, contains nothing personal about you!!
Yup, we definitely need a <sarcasm> tag, but just on the off chance you meant it, the obligatory link to a remark made by someone in public about meta data. Note that there was no indication he didn't mean what he said, and he's in a position to know.
a classic T-bone accident
Yup, spotted. Nice one :)
the good burgers of North Tyneside were well served by their local police force
I saw what you did there..
So they needed to go up high instead of walking close?
When a cow has beef (sorry) with you, best keep out of its way - there is a lot of kinetic energy in a cow that decides to start moving.
They had to shoot it, the steaks* were too high.
(* actually by the late Tommy Cooper who could do that sort of material really well)
It's the price you pay for cutting a service to the bone and expecting 5 people to police 200,000.
Let the down voting begin!
You won't get one from me, because that is unfortunately true.
.. I'd have to go and find the &^% car because it drove off by itself.
I just realised that this is going to introduce an entirely new type of car theft: some hacker in China activating your smart home's garage door, then telling your car to drive itself to the nearest mechanic to be stripped down for parts.
Just when you think you'll pay less insurance because of an (apparently) lower risk of accidents, up goes the risk of theft.
in licensing you are guilty until proven pennyless.
Now THAT is my personal favourite quite of the week. I salute you.
We really need a <sarcasm> tag here..
Not to mention and perhaps more pertinently, from a distance it would be quite difficult for a potential watch nabber to pick out a Rolex from among the Citizens, Seikos and generic brand bling watches et al so their chances of selecting a rewarding target for their wrist-snatch job (oo-er missus) are pretty slim.
I suspect that of someone specialises in this sort of activity they will have also developed an eye for the right watch. The clues are not just the watch, but also generally what the target wears.
Can you just use a photo of your iris? Because that's really not secure at all.
I think it's too early to tell, but in my opinion you're looking at a clever volume test of new technology that Fujitsu is developing, smartphones are a really quick way to do a mass rollout of something that is still subject to improvement. In case you didn't know, Fujitsi also develops sensors for palm recognition, and how these work may give a clue as to why eye recognition may actually work.
For a start, these are depth readers, so they look "beyond" your skin for vein patterns, and a picture won't do. Next, they had to simplify analytics already as the original ones produced so much data that a pass/fail took seconds (if I recall correctly the first ones took well over 10 seconds) so they may have found a new balance between resolution and security and may have ported all that learning to this phone and iris scanning.
I'm now entering the realm of speculation, but I think it's plausible to assume that this eye scanner may look for vein patterns instead of iris matrix. They may swell up after a night out, but AFAIK the pattern doesn't change (anyone with a medical background? Is this correct?). Alternatively, few are focusing on iris recognition of late, so Fujitsu may have come up with something new.
As for how to use that, there are already various deployment models out there that don't require your biometrics to travel off the device - you'd just use a locally stored hash of the biometrics to open a credentials strongbox in the phone (which is where all the more traditional challenges hide :) ).
So, based on past performance, I reckon this may indeed be interesting enough to keep an eye on, so to speak :)
Here is a lovely one that is a whole paragraph in one word: "herkömmlich".
It basically amounts to a putdown of other, similar objects, acts or events that are similar, but not quite as good. It's impossible to translate but it's a Godsend for marketing.
It's not about where your data is hosted, it's about where your legal agreement with the company is hosted.
It's a bit more complex than that, because the company also has to comply with the laws where it is located, and on top of that you also have the jurisdictions of all the countries through which your data travels - a factor you usually have no control over but which could in Europe involve countries such as Sweden where the FRA law was only tuned down a bit after protest.
'm assuming that these links are being put in place to distribute various Linux ISOs
OK, that's my keyboard gone. Thanks for the laugh :).
Gasp - you read *books*?
Thumbs up :)
Crude as it is, I would opt for another letter substitute (L to C)..
I'm not still sure if its the case, but don't Apple TVs only play video if it's in very specific formats?
Not if it's Airplaying from a MacBook running VLC :)
I think if we had an Edwin Snowden-type come forward in every major European country (or even the smaller ones) people would be very upset with how fast-and-loose European intel agencies are playing with the law.
We'd also soon run out of safe havens for them...
.. on the superbly appropriate picture leading this article.
Honestly, this is the proverbial case where that one picture speaks a thousand words. Not that I didn't enjoy reading the article, mind, but my personal feelings about the impact this bill will have are pretty much summed up by that image.
Having the password on a note stuck to the monitor isn't a bad idea. It stops people bothering to watch what you're typing when you sit down and enter the real password.
Thumbs up for the Health & Safety excuse :)
I can see this as an extra range facility for the Tesla :).
President of the Commission Jean Claude Juncker said that in his experience (as former Luxembourg PM) intelligence service personnel “are very difficult to control”.
Ah, what a nice way to put it..
I'm generally OK with it. The only issue I find is that part of the route mapping seems to have been outsourced to politicians - in some places you get lots of U-turns :).
The biggest benefit of the in car system is the availability of power, the biggest issue is the usual lack of updates
In-car systems also tend to have access to wheel motion detectors. That in combination with a magnetic compass allows an in-car nav system to continue guidance in, for instance, long tunnels. The TomTom kit like the app in my phone tends to sort of make things up for a while :).
What I really like of the phone version is that it checks the route for traffic jams and tries to reroute me if possible, but I suspect it's not hard to add that to modern car media systems (especially since they may have to dial 112 in the future, so the electronics will already be available).