49 posts • joined 2 Sep 2009
(Tl;dr see last para)
If today's Google still takes its original "don't be evil" motto even a little bit seriously then I think they need to be very clear and up front about their strategy behind this. There are at least two possibilities:
1) This is an effort on Google's part to use their substantial profits to reinvest in the tech ecosystem that makes them rich and benefit everyone by raising the bar.
It could be that Google's motivation here is to provide such an improved telco experience that other telcos have to raise their game to stay in contention and everyone benefits. If that's the case then they need to commit to that and offer some assurances about how they will proceed in a way that respects privacy etc. It's fair to say that Google has had issues in this area in the past, so we need those.
2) However, it could be that this is just another bid at grabbing data wholesale. That is the thing that makes the most sense. After all information is money, and we know how much Google loves data. With access to people's phone calls and text messages they have NSA style access to metadata at the very least. And if they offer Google Voice style transcription services (and why wouldn't they, it's a great value-add) then they have complete access to content too without a warrant etc. Something the NSA can (should) only dream of (except of course that if Google has it then the NSA has it too).
I'm beginning to think that somewhere down the line we are going to need legislation that protects against information monopolization as well as market monopolization.
It's a race to the bottom
Where the bottom in this case is the bare metal. Or the interface between brain and digital 1s and 0s, howsoever implemented. Not a race I think anyone is going to enjoy watching.
Personally it comes as no surprise that there is a controlled vertical landing phase for the Blue Origin rocket. I've always been impressed with Amazon's returns policy.
Standard Baked Alaska
I'll have my ISO(N) standards compliant baked Alaska now please waiter.
It's probably part of Elon Musk's SpaceX business plan already. I can see the tagline already, "SpaceX: Serving sumptuous sol-scorched slices to the solar system." I'd probably buy shares in that.
Like an old card game...
"advertisers aren't keen to reach audiences that can't legally buy their products."
Considering the product is alcohol, BULLSHiT.
Re: I could be (read: probably am) wrong but...
DD-WRT, Open-WRT and Tomato all list supported hardware which you can check out before you start bidding. Recent-ish Buffalo routers tend to work well with DD-WRT. The Cisco E1000, E2000, E34000 range are generally supported by DD-WRT too and are available at reasonable-ish prices.
There's evidence against this criticism too...
Two issues here:
1) Exactly which encrypted activities on Android are we talking about? The blogger seems to say that _every_ encrypted connection on Android is affected. But that isn't true. Recent versions of Chrome for Android have all negotiated TLS v1.2 connections with AES_256_GCM using DHE_RSA as the key exchange mechanism to websites that support that level of encryption (most don't). So clearly it is not "all SSL connections" on Android that the blogger is talking about. Which ones does he mean exactly?
2) The problem with WEP was not so much the ciphers chosen, but rather the way the encryption was implemented. The WEP algorithm was to blame, not the RC4 cipher itself. Up until earlier this year RC4 was still regarded as pretty secure when implemented properly, and indeed many sysadmins still prefer it over AES or other alternatives with larger key sizes (RC4 is limited to 128 bits) because, as a stream cipher, it is not vulnerable to attacks such as BEAST, which target flaws in AES and other block ciphers. Admittedly the tide is turning and RC4 does now appear to be increasingly vulnerable, but that is only becoming apparent right now. The decision on RC4 in Android was taken years ago.
Open barn door security
From the article quoting Dave Anderson, senior director at Voltage Security:
"So, is it possible that the NSA can decrypt financial and shopping accounts? Perhaps, but only if the cryptography that was used to protect the sensitive transactions was improperly implemented through faulty, incomplete or invalid key management processes or simple human error."
Why bother cracking the https session when all you have to do is read the unencrypted email confirmations? Many vendors (I'm looking at you in particular Amazon) don't even bother to encrypt their outgoing SMTP traffic* with this sort of sensitive information in it. Who wants to bet the NSA had a hand in implementing that particular policy?
* Just go to "view source" or "show headers" on the last email you received from the vendor of your choice to see what I mean.
Re: Whatever happened to your Constitutional Rights ?
I hear you on the principles at stake, but the technical workarounds may help to arrive at an acceptable political solution. If enough people see for themselves the extent of the gratuitous monitoring of the communications of innocents then they will be more motivated to push for political change.
The state of technology at the moment allows for monitoring to be almost undetectable and is certainly below the radar of most netizens today. If that can be changed that is a good thing.
Solutions that work around the technical weaknesses of most people's email systems today and require law enforcement agencies to enforce the law openly are therefore a step in the right direction.
Enter the Raspberry Pi...
There are already a number of disk images available for the Raspberry Pi which make previously tricky setups very easy to achieve _properly_ for even a newbie, eg. asterisk, xbmc.
What would be great would be to see development of an open source email system with encrypted SMTP, POP, IMAP, webmail etc which could then be downloaded as an image, booted and be up and running with generated keys within minutes.
You don't need huge processing power for a personal email server. But if lots of people shifted to an encrypted-by-default system like this, running on commodity hardware via their own broadband connection, without the traffic going via a major ISP's mailservers or Google/Yahoo!/Microsoft, then the majority of email users can have their privacy back again without the concern that all their email is being gratuitously read by some nosey parker(s) in Cheltenham/Fort Mead.
Court orders then become necessarily more targeted because only one person's email, or a relatively small group of people's email (an RPi can't serve huge groups). And you know when you're being targeted because they have to ask you for the keys...
It seems you can't trust a company to keep your email secure and keep the service running, so people are going to need to do it themselves.
Perhaps somebody has already done this and I've missed it. If so I'd love to be pointed in the right direction!
Re: Encrypted email
Re StartCom certificates: I guess it's a case of you pay your money and you make your choice, or you don't and you can't.
I've been on a similar path these last few weeks with encrypted email and certificates etc. Seems to me that if you really want encrypted email you need to go down the PGP/GnuPG route and exchange public keys with trusted individuals and anything else is the icing on the cake.
You can set up Postfix (not sure about the alternatives I'm afraid) to remember details about other SMTP server's certificate fingerprints, which should mitigate against StartCom attempting to MITM your communications (remember the certificate authority doesn't see your private key at any point, they just sign your CSR). And if you are using DHE or ECDH ciphers then you have "forward secrecy" protecting past SMTP traffic at least...
But it appears that most active SMTP servers are not set up to handle SSL or TLS protected traffic, so PGP/GnuPG remains the best bet. FWIW I have set up my own server to handle encrypted SMTP, on principle!
Re: Don't they realise that the cat ...
Quite a lot I reckon. Which is why if you're really serious about encryption you do it on a second computer that is not connected to a network.
Even so, matching up PGP keys to everyone's inboxes and then cracking keys across multiple platforms and applying them to the right email streams is going to be a rather greater hurdle for the NSA to clear than simply splicing some fibre at the Googleplex or at Hotmail HQ and reading it all in plaintext.
There's no such thing as perfect security, but you can at least take reasonable precautions.
Don't they realise that the cat ...
is well and truly out of the bag?
I wonder how many new private email servers have been set up over the past fortnight, how many new PGP key pairs generated, how many new VPN tunnels configured?
If I was a US cloud provider I would be contacting Steve Bong about alternative business models around about now.
The cloud is convenient in many ways, but when it comes to privacy and security it's all rather too nebulous.
Coincidence? I think not.
Also in the news today is the story about the planned ISS switch over to Linux from MS based solutions. (Loved the quote from the contractors about needing a "stable and reliable" computing platform :-)
So, is Steve Balmer now reduced to taking potshots at the ISS with a superpowered pea shooter in order to save face?
Yet another headline, produced under incredible pressure, is comedy gold :-)
Re: Headline misses
Very decent of you sir. Apologies for the nasty bout of grumpy old man syndrome.
Something about "Black Eyed Pies" might have been even better. Or "BeagleBone A8 the Pies".
And actually, the Pi is "full Linux", just not as fast.
Same set-up here, except with a Raspberry Pi running pywws. Works a treat.
Surely, the point of these (relatively) cheap, small weather stations is that they give sufficiently accurate information about local climate conditions. Like, quite how windy does it get in my garden? Or, when the weather forecaster says it's going to be 20 degrees, how warm does it tend to actually be? Or, has it been so dry for the last few days that I might actually have to get the watering can out?
Leave the careful calibration and site location issues to the global weather scientists - that's their job. And I think they've got enough problems of their own to be sorting out without dissing the amateur scene!
Software Defined Network. (Information the article didn't supply.)
One of the things that makes these titles even funnier is these comments afterwards :-)
Re: "to keep the company out of privacy-related trouble"
You do realise that even Noscript whitelists pretty much every Google property by default, don't you? In its just-installed state it does nothing to protect you from anything Google wants to do to your browser.
What a relief. There was me thinking I'd broken the entire internet by messing around with my home network DNS setup!
Is it too much to hope that the problems are a result of an attempt to upgrade to ipv6?
Re: I had to read that 2.71828 times
Why isn't it $3.141593 million? Is this some kind of MapReduce optimisation gone horribly wrong? Maybe there's a $3 administration fee? There's no cents to it.
Re: IPv6: not enough incentive to move
In reply to Ken Hagan (15/1/13 17:52)
Ah ... good point. I may have indulged a little too heavily in hyperbole there.
The point I was trying to make is that smartphones, tablets, and the OSes that run on desktop systems are all IPv6-capable. They can all, given the right kind of network connection, access IPv6 resources.
The routers (or whatever connects the devices to the wider internet (e.g. mobile 3G/LTE/whatever)) will be supplied by the ISP. And if the ISP is selling its service as proper internet (ie. IPv6 capable) then the router will be too.
As for games consoles and TVs and PVRs, that's not really relevant to the point as, provided the connection is dual stack, they will not be affected.
It seems at this stage the consensus is to move from IPv4-only to dual stack IPv4 & IPv6, and then more gradually still to IPv6-only. The problem that many El Reg readers appear to have is that mainstream UK ISPs are moving to dual stack at the speed of a very slow snail. And my point was that that puts them in a vulnerable position.
While I apologise for the gratuitous hyperbole, I think my point still stands.
Re: IPv6: not enough incentive to move
The internet tends to move fast in bursts and break old stuff. It's a disruptive technology. That's what has made it so phenomenally popular. The only way to survive in the presence of a disruptive technology is to change and adapt and keep up. Or else you risk getting broken by the next stage in its development.
The incentive to move is history. Keep up or get broken by the next thing. Unless ISPs have IPv6 ready, debugged and waiting for the press of (a big red) button then some day soon their CEOs are going to wake up and discover they're 18 months behind curve and the masses are plunging head first into some IPv6-only thing which is exploding like Farcebook did. And the masses won't be able to do it on their networks. So they'll go somewhere else.
Consumer devices, OSes, etc. are all IPv6 ready. They can all access IPv6 resources. The only things that are not ready are the mainstream ISPs. They're sitting on a ticking time bomb. There's your incentive. Perhaps they need to do some risk analysis on their business models?
Re: Sounds like...
Now, you see THAT approach almost sounds sensible. Hang on, no, it DOES sound sensible. Unlike the game of IPvX chicken being played on this side of the North Sea.
I've got a bad feeling about this...
Plusnet, BT, Sky, TalkTalk and all the other IPv4-only ISPs need to wake up and smell the coffee. Their management need to understand that there's a market opportunity for their smaller IPv6-also rivals here. All it takes is a year or so more of these kinds of bodges on a creaking IPv4 infrastructure and then along comes a killer app that needs direct contact to a home network resource (I'm thinking something along the lines of ifttt.com or that fork from CES (a killer fork app ... Ouch)) and bosh there goes a sizeable chunk of your customer base. The more the established players prevaricate and procrastinate the more catastrophically vulnerable their market position becomes.
Come on UK ISPs. Grow up and deal with a C21 internet.
Re: Old idea?
"The Mad Scientists' Club" perchance?
Re: LXDE all the way now.
> How about the GNOME decision to dump the interface users knew and introduce a completely new one? Who thought that was a good idea?
Me :-) It's precisely the thing that GNOME should be doing _because_ it's open source.
If enough people think the new direction is no good, then people will pick up with the old code and go forward with that instead. But if there's something good about the new code and way of doing things, then more people will jump in and hone it to something better and better ... until the next big new idea comes along. Distros generally have the resources to maintain old code if it suits their objectives. Debian built a huge reputation by managing this dynamic with their stable/testing/unstable streams. And Redhat has grown a billion dollar business out of their approach.
Personally I think the GNOME 3 interface is great, and I'm glad major distros have picked it up. I find it far superior to Unity and going back to GNOME 2 seems so clunky, slow and restrictive now. Who wants to carry on doing stuff the way they've always done it when new hardware capabilities open up so many more possibilities?
Looks like the scanning client (ie. the really useful prog that automatically inventories your network) is Windows only. It's a shame really, but I can't see this being especially useful to me until they sort out a Linux client.
... this is part of the first set of colour images captured by Curiosity this morning.
As you can see, Google tried to one-up NASA (in a bet between Page/Brin and Bolden where the stakes were landing/take-off rights at more NASA landing strips), by beating them to the LZ on Mars. Sadly their G-Rocket (beta) landing system has atrocious latencies via Odyssey and the whole thing came to a sorry end.
NASA were obviously chuffed to bits to hit the LZ successfully and get some shots of the pranged G-Rover for bragging. What took everybody by surprise, however, was the sight of an indignant amanfrommars dinging said G-Rover with prime specimen Martian rock samples in response to Google's brazen intrusion into his previously unmolested (and indeed uncontended) home wifi system.
Lewis, loving the Old Testament knowledge here!
As for the IT angle. The Isaiah and Ozymandias references are more than enough to establish a proper sense of perspective on any of our human accomplishments to date, including advances in IT (MS excluded as Windoze clearly doesn't count as an "advance").
PS. Oh how I wish the mobile version of the forums allowed icons.
The ethernet circuitry is housed in the same chip as the USB stuff on the Pi. The webcam was USB, so the chip was in use, even if the ethernet wasn't plugged in. Interestingly on heat scans of the Pi when it's running the hottest part of the board is the ethernet/USB chip, not the CPU/RAM stack in the middle. Dave did his homework!
PS. Please can we call them Pydrogen balloons now?
Re: Rational arguments
But that's my point. In saying what you did you prejudge the entire issue. In fact it's not indefensible, it's rationally solid.
And if you read the comments carefully you'll discover a nuanced, generous, tolerant attitude towards all people, regardless of their particular points of view.
Have to say that, given the subject matter, Zoopy's making the most objective and rational arguments round here at the moment. Also, (s)he's managing it without being abusive or resorting to stereotypes.
Thank you Zoopy for your contributions today.
Re: diamond byte
I couldn't honestly say because I have no idea what "taco" or "taco bell" mean. But it sounds like you have the right kind of idea, though your scales are out by 10-12 orders of magnitude, depending on the dimensions of your mall (which I think I know what you mean by).
Glad to see carbon making a comeback here. Back in the day (12yrs... ?) we tried using populated buckyballs inside carbon nanotubes to create qubits in a structure with direction dependent conductivity for read/write addressing.
It was all a bit of a pipe dream. The problem was getting the nanotubes to line up nicely. They really didn't line up well, tangled up like steel wool. Got some great pics of N (and various other elements and molecules) inside C60 inside nanotubes though :-)
Cultural imperialist misattribution ... grrrr
Oi Rik! Mark Twain didn't come up with all the best quotes!
Accounts of the origins of this quote have been grossly misreported.
See here (http://www.york.ac.uk/depts/maths/histstat/lies.htm) for details about the actual history of the phrase. Even Twain acknowledged that he himself didn't come up with it.
Perhaps your copy should be adjusted to say, "as Mark Twain was wont to say, 'as Disraeli was wont to say, "There are ..."'"
Grumble, grumble, can you believe the cultural imperialism coming from the colonies these days, grumble, grumble.
Re: A page out of the PARIS/LOHAN book
Indeed. Now all we need is the gaffer tape.... I know I had a roll around here somewhere...
Pi kernel panics
Sounds like you've managed to fry your board, or a compnent on it somewhere. My own Pi has had uptimes of over a week between boots, and then I've shut it down normally to refresh the disk image (and that's using the bleeding edge OpenELEC images, not the Debian stable images, with which I've had no stability issues either). Two usb devices plugged in, ethernet networking and an hdmi cable running at full HD.
No panics here!
Re: >"individual particles are still moving at the same speed but there is a ripple through them"
Hmm. That's actually the whole point of the speed-of-light-is-a-maximum thing and the reason why it's such a fundamental concept in our understanding of physics today. It governs even the rigidity of your rods. It's WHY you can't have infinitely rigid rods. The point of contact will not move that fast because you can't have rods that stiff because the speed of light is a maximum.
Actually, I believe the relevant limit you want to consider when it comes to rods and communicating information along them is not the speed of light, but the speed of sound in that material. Which will be rather significantly slower.
The experiment described in the article is a bit different. Frames of reference anyone?
Funny how in our thought experiments we so quickly latch on to the possibilities of the infinite/eternal and yet so often we refuse to acknowledge any such influence in our worldviews ...
This guy is a genius, a hero, a legend in his own lifetime, a giant of a man. Mars within a decade? Awesome!
Now all I need to do is:
1) write some open source software
5) Buy the first ticket.
Re: Re: Bogus research
As a bank card user I want to protect my PIN and keep my money safe. If I can make it hard to get to my money while giving the impression that it would be quite easy then that is to my advantage.
If I have the chance to influence the results of a report from Cambridge that are likely to get reported more widely I would have a strong incentive to answer many questions indicating a low PIN strength/security.
It lulls crooks into trying the easy option and failing, a little bit similar to the piece of paper in the wallet (described in a comment above) with false 4 digit PINs on it.
Anyone with an ounce of nous on security issues can see why the researchers should expect to be supplied with false responses from the people surveyed.
Lovely, but what about IPv6?
Nice to hear about YouView. But what about IPv6? Content is great, but there is still the issue of how we are going to be able to access it in the near future.
When are TalkTalk going to roll out IPv6?
Truth is an absolute. Free speech is a means to an end.
There comes a point when saying something is not true when it is true is really unhelpful. Accuracy is important. Reg readers know this. We depend on it for our daily vulture fix.
PS. Loved @_RCH_'s satirical post :-)
Great but what about the screen?
Thank you for your review, I for one will almost certainly be buying one of these, but what about the screen Andrew?
Is it resistive or capacitive?
- Updated Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
- Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
- Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
- FOUR DAYS: That's how long it took to crack Galaxy S5 fingerscanner
- Did a date calculation bug just cost hard-up Co-op Bank £110m?