I thought Who was on First
1867 posts • joined 21 Jan 2010
I thought Who was on First
"Here's the report you requested Captain Pickard"
"Do you wish to register a complaint?"
"Yes" > /dev/NULL
No, wait, let me explain that statement.
If governments are forcing the hand of the big multinational companies then those companies will have little choice to remove the end to end encryption since one product will not work in all countries.
We tend to use the biggies through laziness. It comes bundled and our friends us it. Without the proprietary biggies, the public will then turn to open communication platforms following open communication standards that no country can control. There will be dozens of different clients available from authors around the world and no country will have the ability to shutdown all the individuals who wrote those clients.
A country may be able to threaten a user, but then the (innocent) user has the option of handing the government their previous conversations (but you'll know they have them!).
OK, I'm not really saying the Russian law would be a good thing (or the Merkin, UK, or any other government back door). But maybe if someone points out how simple it is to circumvent then perhaps common sense will prevail (facepalm).
"Vaping is harmless"
They claimed smoking cigarettes was good for you. Until they found out it wasn't.
Ironically, isn't this the very type of "Service" that made CraigsList infamous???
American lawyer unfairly profits from legal settlement. Surely not. That would never happen.
So what about The Cloud, which is of course both The Cloud as a concept of some kind of service in, ear, well The Cloud, and The Cloud which is a company that provides wifi access.
In the UK, uber drivers still need to be licensed minicab drivers with full commercial insurance on the vehicle as a minicab. So no hypocracy over complying with the regulations.
Globally Uber has been the subject of 200+ plus lawsuits for not complying with local legislation. So no hypocracy about allowing multi-million dollar owners to make money from spare car seats.
The fact the multi-million dollar owners continue to break the law and haven't gone to jail yet is a different issue.
Now let's turn the ruling over metadata on its head and see where we get to...
"Dear Mr Phone Company.
Please give us the details of all phones that were within 50m of nn.nn.nnn, ww.ww.www on mm/did/yy* between hh:mm and hh:mm.
*its an article about Merkin authorities. We all know the real way to express a date is dd/mm/yy
ApplePay (which uses Apple Wallet) can be activated without unlocking the phone. So no reason the driving license couldn't be made viewable while protecting privacy. In fact, you've probably just proven this should be mandatory
"...and a certificate of your identity. The latter use only works at all if this is a physical card with security features which make it difficult to reproduce."
The latter use only works at all if this is a physical
card item with security features which make it difficult to reproduce.
Lothian Buses do M-Tickets on your SmartPhone - you activate a pre-paid ticket and show the screen to the driver. Sounds easy to "fake". But it's an image with moving elements making it impossible to screenshot. An active security feature is harder to fake, so there's no reason any digital document couldn't have similar features.
I don't know HSBCs average for years employed, but I do know the industry average is a little over 10 years.
So HSBC is getting rid of ~8,000 man years of site knowledge.
You can train new people about what's in the book (documentation), but you can't teach that "ah, we saw this fault a couple of years ago, dig out that email". But to an accountant, a techie is just a techie. I wonder when the board is going to notice that the same is true of accountants...
My boss caused chaos in the January sales :)
The office was across the road from a large shopping centre. There were around 50 IT staff in the office on the 1st and no catering staff. So for lunch, the boss went over to the shopping centre and joined the queue at Burger King.
On reaching the front, he started:
"Can I have 20 Whoppers, 20 Angus, 20 chicken sandwiches, 20 hamburgers, 20 cheeseburgers and 100 large fries please"
The rest of the queue were not impressed.
"... its the quality of the code not the length..."
Quality is a subjective measure. Heavily documented code that's clear and easy to maintain could be quality to one situation where tight efficient complex code is quality in a different situation.
"Surely the thing that defines a religion is sincere belief, nothing else.
If you sincerely believe in something/anything then who are "they" to say it is or isn't legitimately a religion?"
And there in lies the problem - what if your sincere "belief" is that some element of society is wrong and that it's your duty to execute them. Does that grant you the freedom to follow your religion?
There needs to be a consensus of acceptable behaviour, and Pastafarianism is a political tool to show a mirror to religion and religious beliefs. If there is anyone on the planet who truly believes in the FSM then they've missed the point completely.
If they're your disks and you refuse to comply then you're first person involvement.
If Seagate* were compelled to provide access to the content of your disks then they'd be a third party involvement similar to Apple.
*or your manufacturer of choice.
Never lose sight of why the FBI really wanted access to his phone. Hint, it wasn't to convict him.
It was to find his contacts - to find the other drug dealers and users he was interacting with so they know who to conduct the above searches against.
But do you own .jake
Didn't think so.
So you don't control *.jake
One wonders if Jake actually understand how TehIntraWebTubes (sic) work
I'm in no way defending HOW this has been done (government is shit), or some of the WHYs, but the statistical analysis and big data elements are actually groundbreaking. You find correlations in seeming unrelated data through proper analysis, and things like prescription rates and referrals are related data so they don't count as big data analysis.
Just wait until the digital proctologist comes along...
Surely all the state has to do is pass a law require transgender people to use their birth bathroom and the porn industry will remove its services from the people of the state ( see North Carolina)?
Isn't there a blogger somewhere who specialises in publish pay-walled articles for everyone?
On second thoughts sounds like this ones not worth reading.
And just how do Google (still) know where the wi-fi base stations are located...
Uber maintains the stance that drivers are "independent contractors" despite having lost a couple of cases over a few named "employees".
So while SF "can't have it both ways", neither can Uber, Lyft, or any other business
Perhaps its because its not my area of expertise, but are there really COTS options available for operating a Police force?
There are some Operational Management tools out there for managing workloads and mobile workforces, but do they really meet the privacy, security, integrity and audit requirements of law enforcement and justice?
"...by shutting down DFU updates "
I think we should be careful about what we prescribe as the "fix" for the challenge. There are many good reasons why it might be necessary for Apple to assist a person to access the hardware and content using a particular technical method, e.g. a failed update, a company owned phone, the owner being deceased and the family rightfully requiring access.
The issue is not technical. The issue is the government demanding access to private information, and their right or not to make such demands. Technical workarounds will fail - if the government has the power, they will use it, and they will penalise anyone who obstructs them irrespective of reality. We need to make sure they never get the power.
But that doesn't mean you author utterly stupid and dangerous laws that no one should be above!!!
So you don't buy into that philosophy, that's cool.
Perhaps you think it's OK not to serve a disabled person, or an old person. Perhaps you think we should take the vote off the Blacks and the Women, because let's face it, they're not worth.
We've had this debate. Not treating people equally is discrimination. The Suffragets fought for equality and the sane people knew it was right. Martin Luther King fought and died for equality, and the sane people knew it was right. Discrimination and prejudice are wrong, and I stand by my statement - if you're not prepared to serve the public equally don't serve the public. I'm not asking you to like them, not liking your customers is a whole different issue.
All people everywhere gain their personal "standpoint" from the views presented by people around them. From their family, their peers, their social groups (including religious groups), TV, film, and sports and all the daily media. Some of those around them may present conflicting views and they make a choice of standpoint.
They don't inherit it genetically.
"The state can't force you to deal with folks you don't want to."
Well, yes, and no.
If you offer a service to the public, then you must offer that service to all of the public equally. If you are not prepared to offer your services on an equal basis then you should not be offering your services.
Simple. Equal individual rights. Dig?
Encryption is useless if an authorised and authenticated "user" accesses the data, and this is actually the more common route for data loss.
Drupal 7.23 had major issues and Drupal 7.32 was the fix.
OK, it's utter pedantry, but I do wish software authors would look carefully at the version numbers they release, and if the numbers are close (e.g. easily transposed like the above) then increment to another number to avoid potential confusion. This is not the only example I've seen recently where similar version numbers caused much head scratching.
4. Centralised Authentication
If you're in the UNIX world then learn this now - it's a skill that's missing in so many companies. Some places do this integration very well, but many others haven't got a clue, and as time moves on the requirement to use a Directory Service for authentication not just at OS but at application level is going to become much more fundamental.
Don't reinvent the wheel. Integrate with a proven directory service, and if your company already has Windows AD then leverage Windows AD as that directory - the Windows world has been doing this for 16 years now, and while it's far from perfect, it's extremely pervasive.
I'm in no way suggesting this is anywhere near a reasonable justification for such legislation, but you've got to remember that most criminals are a bit thick, they'll use the standard features on their device, and law enforcement gaining access to the information will secure more convictions. I can therefore understand why some people think it's justified, however like you, I'd suggest any such legislation will just push the really dangerous criminals further underground.
Agreed there are issues that can only be diagnosed under the users credentials.
But the policy will handle that. The user must remain present during the support service. They cannot be permitted to "just bugger off for coffee". Now I know it's difficult for the PFY in his second week to tell the senior manager they can't just leave their password behind or even just leave the computer logged on, but if the senior manager has signed up to the policy in the first place the company should be behind it and the PFY. It doesn't take long for the right culture to be the norm.
Congratulations you've proven you're part of the problem and not part of the solution.
"If there's a bypass that will grant access to data without entering the passcode, then the encryption isn't as strong as it's claimed to be, is it?"
Nothing wrong with the encryption. It's the authentication that is weak.
"in the event of the aircraft losing cabin pressure Oxygen masks are available from the ceiling by presenting your contactless card to the panel above your head"
"The service runs as root? ... is just plain laziness..."
"If the input was sanitised, it wouldn't even matter that it was running as root"
Any single failure probably wouldn't be an issue, but this problem and more importantly the subsequent blindness in the comments just highlight that *ALL* areas of the system need to take responsibility for the security of the entire system. No piece can ever rely on security being provided by some other piece.
the old comparison being "Military intelligence is to intelligence what military music is to music"
"There a reason the worlds banks run on "old" technologies. Tried and tested for one. I'd rather go into space on a 50+ year old Soviet rocket, than the latest gee-whizz from anyone."
It's a balance between how proven the old and the new are. I'd rather go into space on this years model rocket if they've proven for a few months they can launch 10 a day than the 50 year old rocket that's only ever had 10 launched.
Banks are careful about the technology chosen, but as the proven technologies get older the number of experienced people in the world is actually falling.
Reddit have by removing the canary taken an action which tells everyone that a National Security Letter has been served, and that is likely in breach of the conditions of the letter.
It remains to be tested in court, but Reddit is high profile enough that I can see this being the first to be pushed by the government (I guess it depends on the content of the letter and when the relevant agency is willing to make the details public in court).
While the warrant canary is a nice idea, it's not as neat as people think.
That being the route in the FBI would like to take.
Back in the days when you could smoke on aircraft the maintenance crews found the yellow staining a great indicator for finding the leaks in the pressure vessel.
Even if such satellites were operating over the ocean at the time, the data will probably have been dropped instantly.
They weren't looking for the plane, so the chances of catching the incident by accident are minuscule, and given the vastness of ocean with nothing happening there wouldn't be analysts wasting time to look for anything in the footage, so it would just get dumped.
Can't speak for AndroidPay, but ApplePay tokenises the details from the App so that as they pass through the card machine and over the network they cannot be copied and used elsewhere.
If you just use your card (contactless or normal) then the card details can be stored or stolen and used elsewhere (and there are plenty of examples where this has happened with dodgy card machines and dodgy retailers).
Call me cynical, but one of the advantages of paid for tools is that there is a profit market for innovation and diversity. If all researchers use the same free tools they run the risk of making the same mistakes in their research.
OpenSSL was/is a great security library for developers. Open source is great because anyone can read the source code and find any bugs. It all fell down when it turned out nobody had read the source code and it had quite a serious bug.
Is the Pi running an Internet Radio Streaming app? Or should that be steaming app?