Re: Love it.
...or set someone's ringtone to Goatse
1691 posts • joined 28 Aug 2009
...or set someone's ringtone to Goatse
Metadata is data. It's just a convenient horseshit term used by politicians etc. to hammer the wedge in and widen the crack. It's all bloody data and calling it something else is not going to change what it is.
"After that it is simply assumed that the process is corrupt, which is not an objective analysis."
It's certainly the way to bet given everything we know now. The various security agencies have been lying their tits off all century at least; have been gratuitously overstepping their remit; have apparently been disappearing evidence; have been targeting journalists; and have generally been indulging in shenanigans that people with that sort of power really should not get up to. It looks fucking corrupt from here.
Compromise internet infrastructure in France and extra-territorially
Well, if France thinks it's OK to frig around with another nation's infrastructure then surely the converse applies. Do they realise that they've just announced open season on themselves, do you think? They ought to hastily retract that bit, I reckon, before things get silly. Or surrender now, I suppose...
Fair points but -especially for domestic and (to a certain extent) SMB users- you're taking the competence of your cloud provider largely on faith.
Now I'm only in the webhosting shallow end, so to speak, but I have -not infrequently- encountered service providers who couldn't manage the infrastructure AT ALL, let alone securely.
Another reason to not trust the cloud. Like we needed more...
I quite like Wordpress...at least you don't have to completely dismantle it to update, unlike, say, Drupal.
The Wordfence security plugin isn't bad....gives you a live list of who's doing what and allows you to put brute-forcers on the naughty step for a time.
"Conley said the technology was aiding child pornographers, terrorists and, rather bizarrely, people who take upskirt photos of women on public transport."
Given the number of public figures who are subsequently found doing the thing they are supposed to prevent, are we taking any bets on this? That does seem oddly specific.
As far as I can tell, I was neither inaccurate nor ideological. FOSS isn't a panacea for all of mankind's ills, but -from a long-term planning point of view- it has the dual advantages of distributed control and momentum.
Proprietary software is by definition controlled; and usually by a small group of people. There's less momentum there and that means that small changes can have a very large effect on the direction of a project. Now I love Wolfram Alpha to bits, and I doubt for a moment that the Wolfram brothers are going to go all Oasis and start trying to kill each other with guitars and throwing servers off the balcony; but centralised control is a risk if you're going to be throwing a lot of money in or if you're planning infrastructure.
So yes, I can absolutely see why planners would go open source where possible, and I also mentioned that it was not always the easy way. I was merely pointing out that using open source -as opposed to the proprietary solution proposed by the AC I replied to- might be a decision based on common sense and what was good for that particular group of people at that time; and not "short-sighted and dogmatic". That was as evangelical as I got; unlike the AC who seemed personally miffed that a group of people didn't do things his way.
When I asked why they didn't just use Mathematica, the reply was that they only used open source tools, so they had received funding to write their own solution. I couldn't believe how it was possible in an advanced learning institution to make such short-sighted and dogmatic decisions
If your foundations are proprietary, you can have the rug whipped out from under you at any time at the whim of some 3rd party. Open Source may be the hard way at times; but the reasoning is anything but short-sighted.
I thought you only had to point melanin at police in the US to set them off?
That being said, there are a minimal number of legitimate situations where encryption is justified. In those cases the people involved would have little reason to not allow authorities to examine the encrypted files.
What the actual fuck? Given that it's an established fact that everybody is being MITM'd all the time (by national security agencies and probably your ISP at the very least) you encrypt whatever you do not wish to be world-readable. This includes, comms with banks; a VPN if you're on company biz and out in the field and (in my case particularly) client login data to maintain their various web empires. Those are just 3 cases off the top of my head. Let me also point out that if I don't take reasonable care and encrypt my client's data then I am legally liable if anything leaks through incompetence on my part.
The vast majority of encryption use is for valid and legal purposes.
@ Trigonoceps occipitalis:"OK, but please let me have the option of a copy sent to my email."
I see your point, but this can be a risky thing for a company to do...you would then run the risk of
1) Your webform being used as a spamming engine (if it's only relaying messages to your customer support address then it's fairly easy to lock down; but if you allow it to send to multiple addresses, some of which are user-defined it all becomes more tricky). Remember also that if your webform gets caught spamming, your whole domain will be locked down for at least a couple of hours until you can get yourself out of the blackhole. Possibly multiple domains, if they share the same IP address. During that lockdown, people attempting to contact you will not be able to send you email; and that can be expensive; possibly disastrous. At the very least, it doesn't look good.
2) Badly set up forms (ie, where it is not explicitly stated in the body text that this message is from a webform at $site) could also be used to send convincing messages from a genuine live company address. Pretty sure there is some potential for havoc there.
The standard response is to send a very basic "yep we got it" email out automatically. Your message is normally stripped out/not included due to data protection. It's not uncommon for people (especially to support and similar) to have personal details, identifying information, maybe passwords. There's no way in hell a company is going to risk sending that, sight unseen. That's also why support emails from a company generally don't copy the whole conversation (because -amongst other things- it would give an attacker multiple chances to get their hands on delicious personal information).
As soon as a company sends an email, they become legally liable for the contents.
So while your request seems simple -and technically it is- it's entering shark-infested waters, legally speaking. It's not that nobody has thought of it; but if you consider the public reaction to both spamming and data breaches (and your proposal has potential for misuse in both areas); can you really blame companies for not wanting to go there?
I've had dealings with a number of companies that have had web-published customer service email addresses, and have responded quickly and effectively. Clearly they are managing to operate well despite the tsunami of spam, so I'm puzzled by those companies that aren't so competent.
Well spam filters are better these days, and it also might be a question of scale...a company that can throw a couple of interns at it will fare better in this respect than your average one-man-band outfit. Likewise, a company that has a dedicated member of staff (or support department) to handle incomings will cope better than companies that work on a more ad-hoc basis. I've also been in places where a tsunami of spam would be welcomed by at least one staff member...an opportunity to look busy all day without having to engage a single neuron (and if anyone questions your productivity you can simply point to the 12,000 spam emails you dealt with last week).
If you have a published email address (versus a web form) two things will happen:
1) You will be spammed harder as time goes on
2) You will have less people contacting you. Some people do not know how to cope with an email address and some people won't bother because it's extra effort.
You can mitigate the spamming somewhat by obfuscation; or you can burn and replace your support email address at intervals (that is a bit risky though because you can alienate/ignore people trying to contact you on the old address).
I'm not the world's greatest fan of webforms; but it really is the best option available at the moment. There is -for the user- that feeling of sending your message into the unknown: Some companies realise that and that is why you get the almost-instant "Yep we received it and you're in the queue to be dealt with" automated response from some places.
Webforms are email essentially. It's a lightweight client to send in one direction to (usually) one address.
Just remember to look for tickboxes so you don't sign yourself up to any mailing lists.
P.S. Oh yeah - forgot: You also cannot count on people having an email client these days. A lot of people use webmail, so you'd have to copy the email address, log into your email service, paste the address in and then type your message. Not everyone can do that and -of those that can- a significant number won't bother.
So web forms aren't ideal; but they're fast and easy and everyone can use them.
P.P.S. Totally with you on the attempts to force contact though social media. Fine if it's an option; but if that's the only means of contact then there will be no contact from me either.
"It should be absolutely MANDATORY that there be a plainly visible contact email ADDRESS on every companies web page."
Problem there is that spammers harvest published email addresses and sell them on to everybody. This renders your published address next to useless in short order; with the attendant time cost and the danger of missing out on a genuine -possibly critical- message because it's buried in crap. And obfuscation doesn't work (like putting the address as name (at) domain.com or publishing the address as a graphic) as spammers just hire someone cheap to dig up a list of contact addresses.
The only way to stop this is to not publish the email while still making contact possible (and, importantly, easy for the customer); hence contact forms.
So now you know.
Absolutely. My computer, my screen and my bandwidth. Adblock Plus should countersue for theft of bandwidth. That would be amusing.
Accountability. I am responsible for what I do and will pay a penalty if I fuck up. That should apply to everyone.
In a sense, it doesn't matter what the law says or what passes; because the spooks are going to keep doing it anyway. They have to, because every other country's spooks are giving it some; and not to stay in the game would be suicide.
What's needed is some oversight and controls against misuse of the data for petty reasons and against their own population (not treating allies like the enemy would also be nice, America). Military intelligence, fine. Trying to weed out terrorists, excellent (although terrorist should be strictly defined...people who throw bombs about in the name of Allah or the FSM or whatever are terorists; people who fail to bag their dog's crap definitely aren't. I've made a start for you spook outfits, carry on. I suggest that someone who is prepared and equipped to cause indiscriminate corporeal harm would be a terrorist).
Oh and spook agencies - stop bleating on about encryption being a terrorist's tool. You ain't ever going to get your way on that and it's getting boring to listen to.
You -all of you, not just the US- have thoroughly blown the public's trust. To redeem yourselves from the effects of a bunch of power hungry arseholes who thought that they would never be caught out is going to take some considerable time. You did it to yourselves, so stop whining. Some areas you could look at include:
► Define specific areas where it is rght, just and good for you to be sucking up information
► Add controls to stop information being misused.
► Be fucking accountable.
► (For the US only): Try and stop shooting unarmed black people. Sooner or later they're going to start shooting back.
(previous comment deleted because I was just back from the pub)
I always take the attitude of "What are we supplying? What do the users of that thing want/need to see/know?"
Then build that. And argue about the rules later. Works for SMB; can't speak about government work.
My private theory is that browser-makers have received a bung from the Combined Unified Nodule of Trust Sellers, or whatever it's called to make the warnings deliberately fearsome.
And, of course, HTTPS Everything would inconvenience advertisers. In all honesty, I'd implement HTTPS just to piss them off, if for no other reason.
Self-issued certificates are a problem in another way too - most browsers treat self-certs like an alien invasion that is HAPPENING NOW! LOCK UP YOUR POSSESSIONS AND HIDE YOUR ANAL PROBES!!!!
Sure, MITM, sure there's going to be a lot of people who get it wrong as described above; but surely HTTPS is better than no HTTPS?
I would have HTTPS across everything, if only the browser warnings were less alarming (with a cert verification page somewhere on the site in question, not that anyone would ever check).
It's not the extra £10/year for the certificates (although that is a factor); it's the fact that with all the pwnage of certificate authorities, you just can't trust the fuckers.
It better bloody well be compatible with the standards that everybody else on the net is using. My days of doing one site for IE and one site for everything else are over. They don't have the market share for those kind of shenanigans these days.
So if you're raided, your house layout gets put on the internet?
You could have one of those oil drum affairs at the top. No blades required.
"this cunning plan relies on the fact that most users aren't savvy or motivated enough to do that"
Not really. I'm pretty sure that the intenet would come up with a few point-and-click solutions for the less technically-inclined.
There's 4 elephants in the room for this NSA chap:
The first is that my data is mine. This assumption that a thing that is mine also belongs to someone else is colossal arrogance on the part of the NSA. Attempts to take what is mine by force will meet resistance. And talking of arrogance...
The plan falls apart as soon as other countries become involved. It seems to be a peculiarly American failing to completely forget that countries other than America exist. Other countries would (of course) want their own set of keys; thus turning the idea into an instant clusterfuck. You either end up with every country having their own set of keys (and I'm not sure if this is even possible; but I'm pretty damned sure it's not possible to do it safely); or you refuse countries, in which case you get entire countries resisting the data-rape.
This is a world where -with all the illegal data-hoovering that the public is still largely unaware/uncaring of- schoolgirls can still get from the UK to Syria undetected. Charlie Hebdo. Etc. So with all the advantages in the world; the spook agencies are just not doing the job. Giving them more powers is extremely unlikely to make any of us one whit safer. Speaking of safety...
The keys *WILL* come together and be leaked at some point. It is inevitable.
Vulture South can't wait to see the tech sector's response to these ideas.
Get fucked, would sum up the response from this particular part of the tech sector.
I have rarely heard such a stupid idea. Every device from every manufacturer in every county? Who would all then want their own set of keys. Quite apart from the technical implausibility of getting keys onto all hardware, all the user would need to do is run their own encryption on top and you're right back to where you are now. Apart from (I suspect) a good few billion quid lighter in the tax budget.
Polite as that may be; it is still war. You don't get to enforce your opinions outside of your borders. China and America both; be told.
Fuck no! Don't want to be wasting bacon on those twunts. Use the lips, trotters and arseholes hosed from the abattoir floor. This will have the dual benefit of insulting terrorist dickbags and stopping $manufacturer making "sausages" out of it.
Pies. Fill the hole with pies. And beer.
...but...but...think of all the private prison people who would be getting disappointed looks from their shareholders! And they might even have to deal with actual real criminals, and that sounds like hard work.
...to both Edward Snowden and John Oliver.
It played for me (spain). Do Australians feel like this all the time?
I've got a bunch of 'antisocial' reading material. What the daft bint doesn't seem to realise is that knowing how to do something and the slightest desire to actually do it are two entirely different things. I also have a copy of the Quran, Bible, Egyptian Book of the Dead etc. and have no intention of becoming religious, for example.
For the record NSA/GCHQ; terrorists do it outside and disapprove of beer; both of which eliminate me from enquiries. Please unsubscribe me from your list. Thank you.
An interest in how things work is why we're discussing this on the internet and not up in trees flinging faeces at each other (although on some parts of the internet the main difference is a lack of trees. Please note, I most carefully do not speculate upon which part of that spectrum Congress may reside).
In my yoof, the proximity of a gravel pit made a safe-ish place for blowing things up on a small scale, and I do believe that the occasional reasonably-sized detonation is a worthwhile part of growing up. I wouldn't go near the Anarchist's Cookbook for practical advice, though, as laminating yourself across the kitchen just doesn't appeal.
The Anarchist's Cookbook is quite interesting. The recipes seem a bit risky to me though. Might be a better idea to give a copy to anyone who wants one, and let them blow their arms off in their mum's kitchen rather than going outside and committing a multi-person atrocity.
But seriously, banning a book raises it's perceived value and more people will want a copy...just to be cool, if nothing else. Is she trying to sell the bloody thing, or what? Plus with US's foreign policy; the number of people who would be willing to make them available is an unwinnable game of whack-a-mole.
Also, most of the hardware mentioned is out of her jurisdiction.
Sorry. I didn't phrase it well. You're thinking about how to make your bit run better; but how do you make the whole thing run smoothly? All of it.
What I'm envisioning here is that someone goes for a biopsy and all of a sudden their insurance goes up and banks start trying to claw back all their long-term stuff before the patient dies; possibly before the patient has got the results back themselves. That's just two of the most obvious things that can happen; and is not what you really want if you've been diagnosed with something horrible.
From the sound of it, this information would be shared on a fairly broad basis and it's a statistical certainty that there will be an ethically-bankrupt money-grubbing bastard or two amongst the sharees; if not now then next week. Look at the shit Uber get up to with their data and they are just a taxi company. Extrapolate that attitude to serious stuff like life-threatening illnesses and think of who has a financial finger in the pie (insurance, banks, people the patient does business with; people who stand to inherit, medical profession etc etc) and things could get nasty very quickly.
For the path:
Patient --> GP --> Testing centre --> GP --> Patient
...you do need a unique identifier, name and history.
For the collaborative, analytic and statistical work you'll need a unique identifier (because that's how databases work); and I should imagine that some clinical details would be helpful too. The unique identifier doesn't have to have anything to do with the patient though in this context. You'd also have to be very careful with the clinical data too...it's *amazing* what people can fish out of databases. Off the top of my head a 2-system design; one with the patient's actual details that is rabidly secure, that also has an extra field for random numbers that you use as the unique identifier for wider dissemination. That way the patient could be identified/contacted; but you'd need a bloody good reason to gain access to the 'real names' system.
Not sure what you'd do for the clinical details...I'm not a Biomedical anything so am unsure what 'clinical data' is made of, exactly; so can't really offer suggestions on improving the safety/anonymity.
The business -as described in the article- is basically 2 distinct fields of operation with diametrically opposed data needs. Field 1 (diagnosing individuals and reporting results back) does need personal information. Field 2 (collaborating and letting Big Data munch on the numbers) needs to be as anonymised as humanly possible while still including *necessary* information.
Slides are fine; but how much patient data are they intending to bundle with said slides?
The basic idea is good; but it could very easily go horribly wrong.
"Right now, when a consumer puts Do Not Track in the header, we don't know what they mean,"
What the fuck do you think it means? Read a bloody dictionary.
I absolutely support his stance on bacon sandwiches. Is that racist? I actively encourage other people to swear off bacon sandwiches for religious or any other grounds...more for me. HOORAY!
I was just thinking something like that...it'd be interesting to SNORT Android apps (especially the built-in "core" apps) and see just what they're leaking to where.
At least with PCs you have a chance of identifying nasties with freely available software. A lot of IoT stuff comes with zero thought to security and in many cases you'd need diagnostic kit (and the knowledge to drive it) to even tell you've been compromised. Let alone updating/applying patches, even if that's possible.
Bit risky for governments to declare war on Google...."when they have you by the bollocks, your heart and mind will follow" it is written.
I could declare war on Google, because I don't make much use of their services. If Google disappeared tomorrow, I'd miss YouTube a bit, but it wouldn't take that long for Vimeo et.al to step up.
If you want some free advice from the prolitariat, governments, then do a careful audit of just how much of your IT infrastructure you're outsourcing before doing anything silly.
That was excellent! I bet you could clean up selling fire extinguishers door-to-door to his neighbours.
@d3vy: Piscine: As of, or pertaining to, fish.
5 seconds with a thesaurus gives a few alternatives for 'splendid':
up to snuff
...we could probably bankrupt the poor girl in a single forum thread.
Social media wankers, as satirised by El Reg's Steve Bong.
Here's an example to give you an idea: