45 posts • joined 25 Nov 2009
You'll be wanting Ye Olde SteamOSe
RSA==tossers ... How is that news?
I used to maintain ssh for Debian back in the day when one was supposed to use librsa (from RSA) in order to comply with their patent, so we had the real version of ssh in non-us, and the librsa-linked one for US based users that felt the need to comply with the patent.
librsa was a piss poor implementation of "their" algorithm, so when it also caused some build failures I just forgot to produce the US patent friendly version.
Nobody complained, because anyone with any sense had already decided to ignore the patent.
I've had no respect for RSA ever since -- they failed to fix reported bugs for ages too IIRC -- I had chalked that down to lazy incompetence founded on having the patent to protect them from proper competition, but it seems that there might have been a spot of corruption in the mix too.
On the other hand, having a product that appeals to the clueless is a great way to get rich, so I don't suppose most of their customers will take the slightest notice, or even realise the implications of this.
Re: Not paying for patents
> Scrapping patents would be the worst move a modern society could make
Nonsense -- The fashion industry has effectively no protection for its designs, other than trademark, and yet it exists, and innovates strongly, and turns over vast amounts more than most of the sectors with strong protection:
Re: Document your tricksy shit?
Also, Kurt (the maintainer in quesion) did ask about whether it was a good idea to "fix" said tricksy shit, on the openssl-devel mailing list, and recieved only positive noises in response.
It was later revealed that the OpenSSL developers generally don't read their -devel list, because it's too noisy, and instead hang out elsewhere -- feel free to make your own judgements about the overall wisdom of that, and how to allocate the blame arising from the Debian patch.
Would that 15% be the salaries of the staff that they can now fire?
Extrapolating from what I've seen a few times in the comms side of things, I'm guessing that the story so far is:
A manager wanting to furthjer inflate his reputation, worked out that techies are expensive, and only ever came to him with problems, so why not kill two birds with one stone, push the things they look after into "the cloud", then fire all the people that can diagnose who's to blame in case of failure, thus making sure that it takes as long as possible for the sevice providers faults to come to light.
Coming soon in the next exciting episode:
Our manager hero gets an award from SocITM for his cloudy prowess, and makes a quick exit to the next oportunity for an even bigger SNAFU on a larger salary, sortly before it becomes apparent that his supposed stroke of genius has resulted in nobody being able to access their data on occasion, and a casualty or two.
I didn't think real scientists did Fahrenheit, particularly not this side of the pond.
Actually 54000 °F is very close to 30000 °C, so my guess is that a scientist guessed the surface temperature as 30k °C ±5k and someone else (probably the journalist) has then decided make the number bigger by converting to Fahrenheit -- giving a false impression of accuracty while they're about it.
... so, it seems that one needs to ask the troll to demonstrate the infringement in discovery
I wonder how MS would respond to that.
Nice TED talk exposing the utter tosh used to try to justify ACTA & Co.
Those percentages seem impressively small until you multiply them by 200,000,000 at which point we find that 280000 indians will fail to enrol in the system -- too bad for them.
If you tried checking the population's ID once each, 70000 people would be wrongly decleared to be using false ID, and 114000 would get away with using someone else's (or perhaps be identified as a terrorist instead -- it's not clear what false positive means here).
So it seems like somewhere between a quarter and half a million indians are likely to end up one ID check away from a pretty unamusing time after this system is implemented.
Nice to see that the code's open: https://github.com/alphagov
So all you naysayers, how about cloning the repos and fixing the stuff you don't like, and trying to submit patches. You're all clever enough to poke holes, but are you clever enough to fix them?
Would also be very interesting to see how they react to third party patches, and the govenment's reaction to getting work done for nowt.
I want one, but I want to own it
I'll cheerfully pay 350 quid for a device I own (i.e. Free firmware that I can at least examine, and ensure does not include a remote kill switch or other features that are not in my interests, and preferably also includes features to protect my privacy from leaking data).
I'm not wanting to be able to significantly twiddle with the readings, obviously, so they need a tamper-proof module that generates readings, along with a cryptographic checksum that allows them to confirm that I'm not tampering with that when I send readings in.
Having seen Ross Anderson ( http://www.cl.cam.ac.uk/~rja14/ ) talk about this subject, it seems inevitable that the way these meters are being funded will lead to them being cheap and nasty little security nightmares that will inevitably be abused, which could involve anything from theives looking for power usage patterns showing empty properties, up to hostile nations breaking the national grid by flicking the power in a few million homes off and on simultaneously.
these figures are drivel
So, they ask ~940 people where they're going to deploy, one of them says AT&T and two say IBM, and they report that as 1% vs. 3% respectively -- oh, and they apparently have 103% total.
Drawing any conclusions from this, when you tell us that the MS-lovers are an irrelevant side show in the cloud, is pointless.
Anyone that's decided they want to run Free Software on VMs is liable to be open minded enough to make a rational decision, rather than fearfully clinging to nurse for fear of something worse, so Microsoft tempting the kids with some free sweeties isn't going to make much odds.
Just out of interest
How is one supposed to tell the difference between bogus justifications for nuclear power that were touted in the past when we were in the cold war, and it had been decided that we needed reactors to make weapons regardless of any down side, and real actual scientific justifications that we might see today, that sound eerily familiar?
Also, I note that we don't have much in the way of tidal generation, despite it being a power source that surrounds this country. I would assume that that is because it's too difficult to extract and not close enough to where it was needed if I didn't know that those lobbying for nuclear had been sabotaging funding for alternative energy sources for decades.
My suspicion is that nuclear is something we probably need more of, but it's really difficult to trust any of the evidence from those on either side of the argument given the history, and extreme articles of this sort only serve to polarise opinion.
All it takes to kill the private sector's enthusiasm for nuclear is to suggest that they pick up the clean-up costs -- interesting that, eh?
Co-op's policy on ethics?
I'm a co-op member, and bank with them at least in part because of their supposed commitment to ethics in business, which makes me wonder why they're willing to use suppliers who have been repeatedly convicted of abusing their market position, as Microsoft has, which strikes me as evidence of a certain lack of ethics.
It wouldn't be so bad, but they're wasting my money on second rate software, and thereby shipping money that could be spent in the local economy off to Redmond, via the Irish government's friendly tax rates, such that they don't even pay what would appear to be a fair level of local taxes on their takings.
What's worse is that there's Free Software available that would do the job at least as well, the development model of which fits in perfectly with the co-op's philosophy, and they're not using it.
Ian is clearly a bit of a dimwit -- hopefully he'll be out on his ear shortly like the folks who were foolish enough to try and run the London Stock Exchange on a Microsoft platform.
I wonder if pointing out...
"This is a software patent [and is therefore not patentable]"
will be taken as a valid criticism.
I doubt it, given what's been allowed in the past.
or any other nonsense you feel like, as it happens
It _could_ work ...
if it were done such that one could buy a key fob or similar token from one of a dozen manufacturers, depending on your needs, which device would generate a new key whenever one fancied, and would allow you to chose between one of several such identities.
Then you take your widget to the post office, or some such, along with your passport, a gas bill and your swimming proficiency certificate, and they sign your ID using public key crypto.
I believe that one of the ex-USSR countries has something pretty close to that in their ID cards.
If you think that one of your keys is compromised, you revoke the key, create a new one and go back to the post office for it to be authenticated. No enormous central database required.
of course, since no central database is needed, there is no chance of the civil servants supporting such a scheme, because of the lack of empire building opportunities.
One could imagine having a tamper-proof module built into phones for holding these keys.
at which point this becomes something like Dave Birch's psychic paper idea:
shame it'll never happen
Porting Authorisation _Code_ (PAC)
Here's the thread at the OSI ...
Simon and the others seem to have missed the fact that clause 4 is optional, as it only applies to people who want to avoid distributing source, so the fact that some of the non-free users get discriminated against seems like an irrelevance to me.
The thing that is problematic to me is that it makes the chicken clause dependent on distribution of source, but doesn't really define which source we're talking about -- whether that was the source one got before any modification, or after any changes that went to make the binary being distributed. Even that doesn't seem to make it non-free, since if one behaved as though the software were under the GPL (except for linking it against real GPL software), it's clear that one would not then be obliged to dance, so it cannot be less Open/Free than the GPL.
It's a shame it's GPL incompatible though -- I could imagine using it for a laugh if it were not for that. Let's hope that this becomes another instance where the OSI and the FSF differ on their decisions -- it would be nice to have this as one in the grey area as being free but not open ;-)
or about 2k per MP's office
Which doesn't sound too bad...
except for the fact that my MP tells me that he couldn't get the IT folks to do anything useful with his mail for several days when the account to which he was forwarding his mail became inaccessible in a fumbled ISP move.
I'd imagine that many MPs are the worst combination of arrogant and clueless, so I'd probably want more than 2k/p.a. to support one of those, but the fact that they were unable to sort out an MP's mail for about a week, and so wasted a load of his time would seem to indicate that they're not earning the money.
its the hardware, and the software
In a stroke of genius, the folks that came up with Fibre Channel decided to use that name for the protocol that runs over the hardware, for the Fiber-optic hardware, and even for the copper cables that the majority of the kit I've seen seems to use.
So, you can do stuff like run Ethernet protocols over Fibre Chanel copper wires if you want to max out your confusion.
Let's spend another 100k
on an artist's time to take the debris and create an artwork that will remind future politicians what the British people think of this sort of nonsense.
I'd prefer it if the disk platters were left largely intact, so that one could tell the sign-ups that their personal data had been welded into an artwork, and if they didn't like that they shouldn't have been in such a rush to hand it over in the first place.
@Ian Michael Gumby - "Ad Revenue"
You state: "The only one making money from it is Wikileaks because ... more eyes on their site and more ad revenue generated."
I'm stunned that, despite the fact that you've been spouting bile about wikileaks with such volume that one might be forgiven for assuming that you're being paid to do so, you seem not to have bothered visiting the site about which you are so exercised.
There are no adverts on the wikileaks site
What else can you do?
How about something constructive?
What have I done in response to the Wikileaks debacle?
I set up a Tor exit node:
I could be devoting the 50 Mbit/s that machine is now consuming to taking down Mugabe's web site, but I think it's probably more important to allow dissidents and the oppressed unfettered access to the Internet.
If it was a little more runnable under Debian, I'd also be running a Freenet node. When the software wrinkles get sorted out, I'll almost certainly do that too.
Things like Tor and Freenet make the net much more resistant to authoritarian control, and can be tuned to use only whatever resources you can afford to spare. So when you get bored with running LOIC, please consider devoting the same effort to Tor and/or Freenet instead, and leaving that running long term.
That's not to say that I think that people shouldn't entertain themselves by attacking Mugabe and his chums. Having been to Zimbabwe a few years ago I'm fully aware of what sort of bastard Mugabe is, but I seriously doubt that he'll even hear about his web site being inconvenienced (not if the sysadmins want to be alive next week, anyway).
funny how a quick search on the contributors turns up...
credit where it's due
Just in case the people who contributed quotes are upset about the fact that their names flashed by so fast as to be invisible, here's the list of quoted people for Google and posterity:
James Fleming -- Infrastructure and Support Manager, Speedy Hire
Jeff Cimmerer -- Director of Technology for the Pitsford School District
David Sterling, ICT Manager, Central Scotland Police
Bülent Türker, Product Manager, Scarves Department, SARAR Group
Eugenio Mariotto, ICT Director, Cobra Automotive Technologies
Eros Borgogelli, Information Systems Coordinator, Ciar
Eugenio Mariotto, ICT Director, Cobra Automotive Technologies (again)
Randal C Kennedy, InfoWorld
Tisome Nugent, Educator, Orange County Public School
Sergey Sakharov, Buisiness Process Optimisation, Art of Transport Logistics
Darek Muraszko, Information Systems Administrator, Kaczmarski Inkasso
Igor Gentosh, Head of System Integration Department, Kredobank JSC
Tiziano Battilana, Information Syatems Coordinator, Euromobil Group
Joerg Lenze, System Administrator, Heinrich Berndes Haushaltstechnik GmbH & Co. KG
Leonid Medvediev, Head of IT Department CISC SPC "Borschagivskiy Chemical and Pharmaceutical Plant"
Bailey Mitchell, CIO, Forsyth County Schools
I do hope that it improves their employment chances being involved in a FUD campaign in which most of them say things that boil down to "we didn't properly plan and fund the migration to an alternative, so the project failed and we had to scuttle back to mummy with our tails between our legs".
Re: Testing lab?
Yeah, I'm pretty suspicious about the claim that it was in a testing lab.
What are the chances that this was down to some PHB buyng a shiny new router, and plugging it in in defiance of company policy, utterly failing to secure it, and then forgetting that they'd done it (hence making it difficult to find the thing)?
When such a scenario comes to light, do you:
a) declare that you have a moron in middle management, who plugged something unauthorised in near his desk (thus also admitting that your infrastructure has more general security issues).
b) describe the location as a test lab
"Network Hardware Devices"
Microsoft called the things "Network Hardware Devices", which sounds more like an ADSL router or some such to me than a Linux Server. These days most commodity network kit is running Linux, and sadly the people that throw together the firmware for these things are often reasonably clueless and rushed embedded hardware engineers, who have no interest in whether the result of their efforts is secure, as long as it provides the main functionality that they've been told to implement. Then they kick it out of the door and forget about it, more often than not failing to provide the board manufacturer with the source, thus setting the manufacturer up for a GPL violation case.
If MS had such a widget in their test lab, well that's no surprise, they were probably checking that uPnP worked on it or some such. Being in their test lab, it probably had the Admin/Admin password still set. I suppose, depending on what exactly they were testing, it's even reasonable that it had to really be plugged into the Internet with no intervening firewall.
The problem is likely to be that quite a lot of these devices default to having ports like FTP and Telnet open on the outside. That is the fault of the rushed engineer that knocked up the firmware. There is also the person that set the kit up, and probably didn't immediately check that it had no port open on the outside, and didn't bother changing the password. The only thing you can really blame Microsoft for is not tracking the problem down more quickly after they were told about it.
Trying to use any of this to draw conclusions about the security or otherwise of GNU/Linux in general is moronic.
He resigned, didn't he?
The implication that the circuits would need to be reinstalled in order to be safe seems a little odd. He was presumably fully trained and qualified before he resigned, so one might expect him to do at least as good a job when he's working for himself, as the bloke that's now doing his old job that's going to rewire it.
Presumably, the only difference is that EDF will now know about the meters, rather than him being their only EDF contact. I doubt that he'd manage to accumulate 1500 customers without a leak if he'd told people what was really going on, so presumably he's been telling the customer that he's signing them up with EDF, reading the meter regularly, and then knocking up bills for them.
Suspicions were probably aroused when the customer service was better than expected.
A quick rummage around their web site seems to indicate that the software (or perhaps only a "Lite" version of it) is available under the GPL, but that they're also willing to sell commercial licenses to people that cannot live with the conditions of the GPL -- that could certainly have been made clearer that the article's: a $500 commercial license ... licensed under GPL
... was my first thought when reading this, but I thought I'd have at least a brief glance at their shiny new site, and within one click, found:
on which we see that a) it still says Codeplex all over it, and b) they've got exactly zero messages in the forums (sic).
Presumably they changed their name because they were lonely, and thought that might help.
pre-alpha code conatins bugs shock!
Yes they're naive, but they are clearly open to suggestions, as we can see from this addition to the readme:
so if you have security criticisms you can now make them constructive by mentioning them to: email@example.com
It is indeed brave (and perhaps stupid) of them to release the code this early, and it should probably have more health warnings on it, so the enthusiastic puppies that are keen to run it in public have at least been warned _before_ they get burned, but to some extent the point of their work is to provide a condensation nucleus around which the focus of community interest can crystallise.
As for RoR's scalability -- diaspora is decentralised, so if it scales to dealing with one person's content and contacts, that's already enough for it to be useful. I seriously doubt that the implementation will remain if s uch things get in the way. The useful outputs of this project will be the protocols and the community that forms around the project -- there are bound to be alternative implementations if the current implementation causes any problems.
at last -- site licenses are tool to maintain vendor lock-in
As long as the last machine on site, or the last instance of an application appears to have a marginal cost of zero, there is no incentive or budget to replace that machine/application with something cheaper.
Even it it's clear that the overall solution is an astounding rip-off, nobody is going to be able to offer an instantaneous replacement of the incumbent system, and only a very brave manager would even think about it (anyone seen brave management in the NHS recently?)
Of course, this is probably all just negotiations -- I'll not be surprised if some idiot at the NHS will be crowing about the marvelous deal they've got when agreeing to pay MS 'only' £100m per year, rising at 20% per year.
This might actually allow the high-speed Free Software mammals in the door to start nibbling at the vulnerable extremities of Microsotf's lumbering dinosaur.
Alan Johnson -- poor loser
Sad how he's trying to spread FUD about this. It seems awfully undignified for him to be trying to defend the fact that even after they slapped the Police's wrists over routine abuse of this power, they still managed to use it on 148,798 "exceptional" occasions last year.
All those searches resulted in exactly zero terrorists being caught, and yet Mr Johnson says that the police need to be able to abuse the innocent in this way, because otherwise we'll all die in a huge scary explosion.
What a fuckwit.
As someone who walked within a yard of the Harrods bomb about 5 mins before it went off, I was pretty relaxed about my odds then, and didn't let it change my behavior even slightly. People I know who were actually involved in the 7/7 thing seem equally stoical, so why do the Labour party insist on trying to scare people when most of these Terr-idiots think that all you need for a bomb is a bucket of petrol and some fireworks. It's pathetic.
was a member once
as a student, about 25 years ago. On graduation the rate jumped from a fiver or so to a significant chunk of cash, so I looked into it and couldn't find a single reason to be a member.
I've dipped in occasionally over the years, and find each visit slightly more depressing than the last. They seem positively hostile to Free Software (which means I'll never join, as that's how I pay the mortgage)
More embarrassing than that is the fact that their infrastructure is hopeless -- The seem to have an ongoing WiFi SNAFU. How can they not notice that? How is it that they put up with it? Can they not find anyone that knows how to fix it? Surely one or two of the PHBs that run the place can order their Dilbert to sort it out.
Clearly, they don't actually use computers at the BCS,
... hence the need to drop the C word from their name.
Ofcom's rules only work for people who obey rules
On a brand new number, which has been on the TPS since it was ordered, we got tens of calls a day, of course with CLI withheld.
The thing is, that for UK originated calls, even if the CLI is witheld, it's passed to your local exchange, it's just not passed down to you at the last hop. That being the case, Ofcom should insist that TelCos provide a number along the lines of 1471 that one could use to report annoying calls of all sorts (particularly morons offering to deal with all your debt, and witholding CLI -- these people are clearly criminals)
So, you get an annoying call, and dial 17726, say, which provokes the exchange to log the CLI of the last incoming call to your line, which it should know even if it was withheld. (International calls are another story)
Then Ofcom, or some watchdog with teeth, gets to peruse the list of flagged CLIs, and can investigate the owner of the number at the top of the list. Depending on their explanation, they get told to stop that, or forced to cough up a couple of quid per complaint, which gets split between the victims and the costs of investigation, or you send the police round.
So the savings will be minimal, eh?
When Labour signed these contracts in full knowledge that the scheme would be scrapped in the highly probable event of them losing the election, they should have ensured that the cost to the public be minimized in that case.
I presume that the individuals all paid for fire insurance on their own houses in the last year, despite the fact that the chances of a house fire are infinitesimal compared with the chances of the ID scheme being scrapped. Funny how they value their own property so much more than our property.
Those responsible for signing such contracts should lose their pensions at the very least.
NAS without RAID?
What sort of idiot is going to put any data they care about where they are hostage to the reliability of a single disk -- hopeless.
The Tories seemed pretty happy to say that they wouldn't honour contracts that were associated with the National Identity Database -- why don't they just do the same here.
i.e. "All contracts signed by the incumbents between now and the election will be up for review, and will only be honoured if they are deemed a worthwhile use of public money. Suppliers will have the choice of either suing for breach of contract, or not. Of course, their ability to cooperate will be taken into account in future tendering rounds."
That's the new site BTW.
Network Solutions are such tossers. I ran screaming from them at the first opportunity, and have been very happy at gandi.net ever since (who were the first registrar I found who's T&Cs stated that the domain belonged to you, and they were simply hosting it for you -- it's run by Debian geeks as well, which I find reassuring)
As for NSI, before I fled I tried submitting one of their web forms to make a change to my domain, not realising that the form would simply send me a mail with my submission in it, which I'd then have to mail in anyway. Four months later, I got the mail. Examining the Received: headers revealed that it had spent 4 months going from _their_ web server to _their_ mail server, and then seven seconds later it was in my inbox -- and these were the people being trusted to keep the internet running at the time -- scary.
No idea what their percentage is (tiny, I'd guess) but they seem to do a pretty good job with the results, and they're not tracking you in order to target results, unlike Google.
I particularly like the fact that they do an excerpt of the wikipedia page and a link to a project's official site as the first couple of hits, when appropriate.
Try reading the BBC's proposal before saying it's shit
I know it's almost certainly too much to ask, but people should try reading what's being proposed.
The DRM <b>does NOT</b> involve encrypting content. It involves little more than setting a flag saying "don't copy this to the net please" or "only allow one extra HD (but still as many as you like SD) copies" -- the content is unaffected. The BBC explicitly states that license for the DRM stuff will be granted to Open Source folks royalty free, on condition that they agree to enforce the restrictions -- it's basically a software implemented gentlemen's agreement.
Clearly, the BBC are aware that any technical measure that tries to enforce such restrictions will get broken, so they're effectively not bothering -- if you want to strip out the DRM bit on your copy of MythTV, I'd imagine it'll be a case of flicking a config option .... but, do that and start publishing this weeks new HD Dr Who special on the net, and I do hope you get shat on from a great height.
So, basically the BBC are setting things up so that they can claim to content providers that they've got DRM, and they'll get the boxes in the shops before anyone else, because they don't have to agree industry-wide crypto standards for the content, as they're not encrypting the content, which will mean that they'll be the de facto standard, and anyone inflicting real DRM later will piss their customers off.
So, tell Ofcom how lovely you think this is and lets help the BBC kick the real DRM industry in the balls.
Don't believe me?
Try reading: http://www.ofcom.org.uk/consult/condocs/content_mngt/condoc.pdf -- specifically Annex 6, from page 48 onwards.
BTW I have no affiliation to the BBC, and was half way through flaming the BBC to a crisp on the Online Response form when it occurred to me that I might want to try reading what I was knee-jerking about -- it was a rather nice surprise
Were do I send money for the fighting fund?
RIPA is pretty much the first thing (to which they've been busily adding) that cased me to despise the current government.
I mean, FFS, Jack Straw? He used to actually give a shit about human rights as a student -- do they take these people off for special conditioning on election to parliament?
I have a USB stick that, at some point, I filled with /dev/urandom -- the stick has since died. If some arse decided that they needed the "secret data" on that stick, having done something clever to make it work again, how exactly am I supposed to prove that I zapped it with random data?
I'll cheerfully send 200 quid to a fighting fund to get this case quashed just because I'm willing to fight the creeping (or should I say galloping) conversion of the UK into a police state.
And for all those who seem to be saying: well why didn't he do this or that sane thing -- well, he's not actually sane -- Duh!
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Windows 8.1 Update 1 spewed online a MONTH early – by Microsoft
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON