129 posts • joined 2 Sep 2009
"Disingenuous"? You're going with that?
"If they're making out that the data is protected and secure that's a little disingenuous because if they want to operate a business here, that'd have to comply with demands from the authorities," said Jeremy Goldkorn
It's more than disingenuous, it's the lie that everyone swallows when they sign up for cloud-based anything anywhere, not just China.
It's not your auntie June you should be worried about
... it's who she passes it on to afterwards.
After all, auntie June is probably not going to have the elite hacker skills necessary to discover the undeleted files on the (emulated) sdcard. So you're safe for now. But only until she sells it on eBay for ££.99 (excl p&p).
And then you're both done for...
Re: He's right! PGP sucks to use!
Its practical use is that it serves as a working system for many tech-savvy types, and also as a standard for other systems.
PGP was invented years ago and it was an enormous step forward, even though it was as tough to use then as it is now (in fact tougher - ever tried using it on a 386?). The thing is that the problems it set out to address then have only become worse in the intervening time: now there is not just the concern that it is possible to exercise mass-surveilance on populations in the "west", but the proof that it is in fact happening.
I don't know what the next big step forward will be or where/who it will come from, but I do know that it will need to give us at least what PGP does. Otherwise it won't be a step forward, but rather backwards.
The experts tell us that cryptography is hard and good cryptography is even harder. From my experience I would tend to agree. The question is, is it worth it? And attempting to answer that question leads you on to other rather bigger questions.
Re: Not saying PGP is perfect
> And how do you trust an email or key server?
That's what the fingerprint is for. You use it to verify that what you downloaded is actually correct.
Re: Not saying PGP is perfect
You don't need the whole certificate/key in a qr code, you can send that as an email attachment or download it from a web page or key server. The qr code would be useful for the key fingerprint though, which should be much more manageable. You would then use the fingerprint encoded in the qr code to verify you had downloaded the right key.
Re: He's right! PGP sucks to use!
It might suck to use for all the reasons he gave, and yes SMTP sucks because it was designed without security in mind, but there is one reason at least why PGP absolutely rocks:
You can use it to encrypt a message to send via just about any medium. And you can verify that security independently of the infrastructure you used to communicate.
As soon as you start to build a monolithic "secure" system you lose that independence, which is a big loss.
In every secure system I am aware of (and I should say that I in no way consider myself an expert in the field) there is always a trade off between convenience and security. You can have more of one but it means less of the other. If this guy has come up with a way of increasing the convenience without losing any of PGP's security then I'm all for it, but if he's advocating the opposite I don't want to know.
Re: Each year we get the 'new words' announcement...
Re @Pet Peeve
That's right. It's kind of the ultimate listicle for word-geeks.
Re: Correct horse battery staple
> 'N^a&$1nG' could be cracked in approximately 3.75 days
That was the most worrying part of the article!
It's all part of the rise of the corporations - a necessary step. Haven't you read any dystopian sci-fi?
Re: I'm more impressed
Probably best not to turn the microwave on, unless you want to burn your phone... but that usually means something different.
Re: We need IP6
We can't be too prolific with our IP versions. The version field in the IP packet header is only 4 bits long = a maximum of 16 versions ever without breaking compatibility completely.
> geeks who want to do it cos its cool to have a v6 connection from your bedroom
Yes, because when was the last time a geek in their bedroom changed the face of the internet as most people know it?
Re: You don't need NAT for IPv6
Yes. If it does NAT it is, to all intents and purposes, a firewall.
And as to latency, which do you think is quicker/less resource intensive:
NAT: checking whether a packet is allowed to cross the lan/wan boundary, tracking which ones do and rewriting the address and port number on all of them.
IPv6: checking whether a packet is allowed to cross the boundary or not and forwarding them essentially unmodified if yes.
Yet another reason to demand a device with a removable battery from your smartphone vendor of choice.
IOW be afraid, be very afraid
So presumably this doesn't necessarily mean that every domestic router is pwned, but certainly that just about anyone can be.
I make it 21, not 23 as the article says. Or are there two extra ones hiding behind a controller chip on on the other side?
Re: Can you turn it off?
It's called a tablet. But then you still need a mobile for voice, so it's a catch 22. Unless of course you can make do without GSM/POTS in which case VoIP/Skype may do it for you.
Re: The biggest challenge ...
That doesn't really sound like a holiday...
Re: A US patent doesn't seem to be worth the paper it's printed on anymore
I think you'll find somebody has already patented that idea, as long as it's printed using a computer.
Re: PGP eh?
That's a good question, one that everyone familiar with public key cryptography would know to ask.
If Yahoo! did anything like storing unencrypted private keys on their servers then their implementation would be slammed by everyone with any security credibility and the whole thing would be dead in the water.
Since most users have No Clue (in this case, specifically, about email privacy and cryptography) then Yahoo! will be dependent on third party assessments of their security product/model in order to gain traction and buy in.
That being the case I would be fairly confident that Yahoo! will handle the key safely (ie. either only stored locally on the user's computer, or else - like Lastpass - storing an encrypted copy on their servers and only ever decrypting it locally).
Recipe for disaster
1x OMA-DM (with backdoor conveniently left open, or not fitted at all)
1x stingray (fake mobile phone tower)
Blend with Machiavellian malevolence to taste. You may like to add the odd cackle or two for good measure.
A deliciously effective means by which to crack citizens mobile phones en masse. I bet someone's thought of that before (and deployed and used it).
It's not exactly a crash diet now is it?
230+kg over 50m years, that's around 0.005 grammes per year.
Is it for featherweights?
Re: 2KW across 35mm !!
I wonder what one of those would do to a misplaced set of keys? Especially if one of those keys was a car key with a radio coil (or IC equivalent) inside.
Re: >> did you make it to your user group meetup
Which user group did you say it was? ;-)
Re: The chocolate is still ****, though.
He could have been a bit more polite about it (when in Rome/Baaaston and all that), but I agree.
Insert subtitle here
Retention department retrenches: retrains retaining reps.
I take it you are also anticipating a calamitous sky-falling-on-our-heads event following the revelation that Apple PR communicated directly with El Reg. Will wonders never cease?
Re: read all about it
Must be some weird quantum optical effect. Wave - article duality?
Star Wars franchise storylines not in fact based strictly on reality and the known laws of physics!!!
Next time I must remember to use The Force before posting.
PS maybe the producers were trying to come up with a really gripping way if opening the film ... But they needed a hand?
missing the point
I think the real issue here is the way that Moss Side gets referred to as a "suburb" of Manchester by so many sources. From my own recollections "zone" or "theatre" might be better word choices.
I thought plaques helped people remember stuff. Obviously not when it comes to Alzheimer's. You learn something new...
Re: Browsers cannot be secure...
Something like Enigmail?
No word in the article on what they're using this computing power for... So I'm left to guess that they're using it for a new pilot-as-a-service scheme for new aircraft. Brings a while new meaning to the term "cloud computing".
Re: Longitude prize
Yes it appears intractable. But it's also very important. Hence the longitude prize suggestion, slightly tongue in cheek.
This is why we need an alternative to the certificate authority model. Currently we have something that has some of the mechanisms and appearance of security but with too many caveats. There is far too much trust placed in the hands of too many organisations, many of whom are not obviously and transparently known to be trustworthy and some of whom are known to be systematically or ideologically compromised.
Consider including this problem on the longitude prize list?
Re: You say "unsymmetrical", I say "asymmetrical"...
You could ask the in-laws by loud hailer from the recommended safe distance of five hundred metres while they perform the necessary close inspection (by ingestion) to distinguish the two.
Re: "what does that make Eric Schmidt?"
Re: Since the phone knows your location....
If I understand what you're saying correctly I think someone may have already had this good idea...
Re: thats a bit closed minded !!
Yep. With this kind of basic biological research you have to be committed. Either urine or you're out.
I'm out, ta for my coat.
That's because at Yahoo! everything goes with the bang.
So if an individual set up their own hardware and software to do the same thing for themselves would they be in trouble? If not then I think SCOTUS got this rather wrong.
bandwidth not privacy
The USS Jimmy Carter et al can grant the NSA physical access to the raw feed pretty quickly.
Google are likely in this only for the bandwidth. Security/privacy will have to depend on encryption (as A Blowhard stated above).
Does anyone know which protocols the new software supports and which cipher suites? And then how does that compare/differ to vanilla OpenSSL? From what I can work out from a quick scan of the linked-to git repository it seems to basically be the same as OpenSSL but maybe not quite as many cipher suites supported. But I could well be wrong.
When it comes to security in the cloud or in closed source products I am reminded of the Henry Ford quote about his cars, "Any customer can have a car painted any colour that he wants so long as it is black." The modern IT equivalent appears to be, "You can have any kind of information security you like so long as it is crap."
But what kind of pants?
Trousers - maybe.
Underpants - no way!
> High-end storage tanked, but 'HDPA' storage about to soar says IDC
>That'd be 'high performance data analysis' kit for HPC-inspired Hadoopery
So, presumably that'd be "HPDA" rather than "HDPA"? :-)
Although I'm all in favour of HDPA, anything that improves the sound quality on most public address systems would be a good thing.
Re: light sabre duel
Hmmm, and that nicely explains why he's the one in hospital doesn't it?
Garage door my as...
I bet it was a light sabre duel with JJ Abrams about whether the lens flare in a particular shot was going to obscure the trademark H Ford eyebrow-raise-and-eye-roll combo.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Video of US journalist 'beheading' pulled from social media
- Microsoft refuses to confirm 'Windows 9' unzip lip slip
- The Register to boldly go where no Vulture has gone before: The WEEKEND