90 posts • joined 10 Feb 2010
Mozilla CTO Eich: If your browser isn't open source (ahem, ahem, IE, Chrome, Safari), DON'T TRUST IT
What nobody else has mentioned as well is what use is a secure browser if its running on an OS with backdoors, running on hardware with potential back doors is transmitting unencrypted information or is relying on trusted certificates from companies that would probably provide any certificate requested by the government which incidentally has a whole number of side channel attacks. Just mearly saying "OMG open source will fix it" which seems to be a common reaction in these parts just luls people with a false sense of security. If the NSA/GCHQ wanted to implant back doors do you think they couldn't create people with a history to do that? Don't you think they could hide the back doors in such a way that it looks like a bug rather than simply adding something that looks like a backdoor? Do you think the NSA cant find ways to intercept passwords and code being passed to and from a CVS system, or can't find a way to have the CVS code repositories including but not limited to sending someone into the physical location of the server?
People go on and on about open source as though it automatically makes everything more secure. Given the size of most open source projects it would most likely be fairly simple for the NSA to slip in a back door and thats not even considering slipping something into libraries. Additionally unless you've actually downloaded and compiled the source you cant be sure that the source code online is whats been used to compile the executable you're using.
Surely if Capita have failed to deliver it madness to send even more money in their direction? Surely its time to put the work back out to tender?
Tweets weren't sufficiently detailed and came across with a presumption of guilt. It would probably be best to tie this into people actually being found guilty. I suspect a slap on the wrists is coming and is this prejudicial to the court case given that the tweets present it as someone is guilty rather than just charged.
Not always sometimes a business needs someone who is focussed on costs. Plenty of businesses go bust when they mature and change from a low volume, high margin product to a high volume, low margin business. I worked for a company that specialised in pay as you go mobile phones back in the 1990s for a few months they basically went down the pan as margins on handsets went from approaching 50% back to 1 or 2% in less than a year.
I notice they haven't threatened to sue. That to me speaks volumes.
IE 11 seems to be a trip back to the bad old days of microsoft. It crashes constantly on my PC I'll get around to turning off the hardware accelerated rendering soon, but I use Chrome day to day and its just for the odd site which is still IE only that I use it.
Is this the same yahoo email system where people are regularly complaining about having their accounts hacked?
What do I care on my personal equipment the only use I have for IE is the browser after installing/reinstalling windows to use to get a decent browser and for that's chrome at the moment.
How many tablets or phones currently have 4GB of RAM(And I dont mean flash storage) or more? Hell the highest I've heard of is some android devices such as Samsung note 2 that has 2GB.
Seems like the Americans regard the Chinese like a girl's father regards teenage boys. IT IS TOTALLY NOT ALRIGHT FOR YOU TO DO THE SAME AS ME!
Talk about payment for failure!
Re: It's stuff like this...
The private sector really helped the Olympics in 2012 didn't it? All of the privatized utilities have cut bills and improved service just as we were promised, Oh wait...
All that old stuff on COBOL and mainframes you are complaining about has worked in many cases flawlessly for 30-40 years. Its very easy to buzzword it with "REPLACE IT WITH LINUX" but I've seen many implementations along these lines fail because the people buzzwording often had no idea or experience in the scale of system being talked about.
To be fair to Microsoft this is 12 year old product and they have said for years they will not continue to support it. Apart from mainframes how many other OS or software releases are still actively supported 10 years after release? It costs money to continue to develop updates for windows XP and no organisation is going to continue developing something for free indefinitely. Microsoft are just pointing out that every flaw and vulnerability they fix in VISTA, 7 and 8 will be checked by those with malicious intent to see if XP has the same flaw.
I guess if there is a call for it maybe the AV vendors can potentially scan for and block any malware extending the life somewhat for those that arent ready to make the jump to something newer. Not as good as fixing the problem though.
Be realistic if you dont want the NSA to be able to view your mail you probably need to do the following :-
Not use SSL - US companies control most of the root CAs.
Not use US manufactured equipment and software - Think about that for a while, how many equipment manufacturers of chipsets and CPUs are there. How many BIOS chip designers are there world wide? How many server companies with no US links? Take it to the next step find an OS that's not made by a US company. Bar compiling linux from source I cant think of many. Then look at networks no cisco or juniper or any of the other US companies that manufacture(Huwaei so you can be snooped on by the Chinese instead).
Next consider encryption, I've no proof that the US can crack 256bit AES or triple DES quickly however the same department thats tasked with signals intelligence suggests to US companies publicly that they use AES-256 wouldn't you be a little bit suspicious? That doesnt count other parts of your encryption software is there problems with keys not being secure enough?
Ultimately I think it comes down to the most important thing though, do I think the NSA is bothering to read my comms? Nope, I'm just a normal bloke who lives in the UK. I've got no links to anyone interesting. Given that I am literally one of 5+ billion people if the relevant apparatus wasn't properly targeted it would be a monumental waste of time and resources.
Sounds great in theory!
Seems a strange fit to me. CISCO already have an IPS, and as much talk of the "next generation" firewall features as there is from sourcefire, its not a patch on Palo Alto, Checkpoint and Juniper. It is a very good IPS however.
Granted yes I do think CISCO need to up there game in the security field, the latest ASAs are a strange compromise.
I dont normally get warnings about malware or phising sites if I do I wouldnt ignore them and wouldn't continue onto the site in question unless I was just being nosy and was sure I wouldn't be infected myself. I often get warnings about self signed SSL certs or mismatched SSL certs and I consider each one. If I am logging into the admin console of a customer device I know that its nothing to worry about generally as I trust the management network involved and know the certs are supposed to be self signed. Again when browsing the web if for example my bank site or facebook presented an SSL certificate error I'd run away! Its not the fact I'm ignoring the warning, I'm considering should this site be using a self signed certificate? Do I need to login to do anything on the site? Are those login credentials likely to cause me a loss(bank or online purchases) or embarrassment(if someone gets my facebook login details and posts malware or spam as me). Sometimes the user knows best!
It depends on the context
I dont normally get warnings about malware or phising sites if I do I ignore them. I often get warnings about self signed SSL certs or mismatched SSL certs and I consider each one. If I am logging into the admin console of a customer device I know that its nothing to worry about generally as I trust the management network involved and know the certs are supposed to be self signed. Again when browsing the web if for example my bank site or facebook presented an SSL certificate error I'd run away! Its not the fact I'm ignoring the warning, I'm considering should this site be using a self signed certificate? Do I need to login to do anything on the site? Are those login credentials likely to cause me a loss(bank or online purchases) or embarrassment(if someone gets my facebook login details and posts malware or spam as me). Sometimes the user knows best!
Good luck trying to secure your traffic against US government snooping. US companies supply most network kit, most pc's are running windows and US companies run most of the trusted root certificate authorities.
The cloud is a good idea you just need to make sure you don't put all your eggs in one basket. Make sure you always have a datafeed to keep a local copy!
This is ofc assuming there isnt some sort of government/judicial order covering up data requests... I've not read the report but if a request for information had a secrecy clause then microsoft couldn't report it?
Surely the way forward is to put a tick box in everyone's profile saying "I do not wish to be part of expanded search?"
Ahh a step up?
So he's gone from selling shiny tat to apple fanboys to selling shiny tat to women? At least the women are more likely to be rational ;)
If I lived close to one of the <individuals> I would be happy to protest them when I had time. I'm sure if locals get together than can protest these people where they live, where the work and where they go for fun!
SSL/TLS is already being inspected. Most security proxies already have the technology. It wont even warn you that your traffic is being inspected if someone has installed a root certificate on your machine. Never assume SSL/TLS isnt being inspected if you dont own the device or have allowed the network/service provider to install stuff.
I guess getting rid of anyone that could potentially replace him is one way to try and keep his job ;)
Pretty crappy when these poor sods are losing there jobs in the run up to the so called festive season.
I'm guessing Saudi Arabia, Bahrain and all those other middle eastern countries that do exactly the same thing are next? No I thought not at least be honest and admit you are doing this because you dont like them.
How about craptro?
Re: Empires Rise...@nonesuch
What you mean you had a phone based on android 3.0? The OS that was only for android tablets and had no built in phone functions? Its no wonder you had a bad experience!
It wasn't IE's dominant position that was the cause of the browser choice screen. It was Microsoft's abuse of its dominant position in the OS market that forced the commission to act. Competition law is pretty much the same all over including in the US and it bans a company with a monopoly in one market from using that monopoly to push others out. This even includes for example not allowing companies to use profits from a monopoly in one market to use predatory pricing to try and gain a monopoly in another.
This is a good thing otherwise microsoft would be a monopoly for everything computer related now. Instead of just in the desktop OS market, and presumably in the office software market.
When that "bit of kit" cuts off 10% of your customer base(Thats gotta be what 100k people ?) for 24 hrs or so a single spend of £10 million looks essential to me. If people get cut off for a 3rd time for an extended period customers especially business customers will start to jump ship. Its not like o2 are any cheaper than the other mobile companies...
What they need to do is stop treating its customers like beta testers. The One X has a major flaw battery life and due to the design of the handset people are stuck with it. A few months later they release the One X+ with a far better battery leaving the poor chumps who bought the One X with a handset that looks very pretty but if you actually do anything with it the battery wont even manage standby for the day. Unless you turn off 3G, GPS, Wifi, stop syncng mail/facebook etc and at that point people might as well have bought a non smartphone.
Here is a hint HTC test your phones to make sure your mobiles have a good enough battery to last a day with moderate useage and stick a microSD card slot in. If you arent sure about battery life then at least dont make sealed all in one units so people are stuck with a phone for 2 years that they cant rely on to be able to receive calls if they actually use the damn thing.
Yah erm its far better to have no service and no likelyhood of service with plenty of competition for no service from many non service providers than for the government to stump up the cash to help people in areas deemed not to be commercially viable!
I'm sure that all 126 world wide playbook owners will be delighted its good for something ;)
It doesn't seem to me to be a great use of shake, now bringing up task manager that would be a great idea. Can't believe this is even patentable I mean how is it an innovation. I might patent Fart to unlock!
I have a HTC One X and if I could leave it plugged into the mains all day its an excellent phone. However if I am out and about and dare to actually use it the battery is dead before I get home again. In my mind its unacceptable to have a mobile that cant last from about 8am to 6pm if you use it for about an hour to play games/browse the web/email/facebook etc. For this reason I have ordered a samsung galaxy Note II it strikes me that the battery in the one X was a major design flaw and I wont be buying another HTC anytime soon as they dont even admit to the problem.
Well maybe the companies concerned need to be more imaginative? How often do you need to actually have everyone in a team actually sit down physically? In my experience with good management and using IM/conf calls/video conferencing etc for many roles its more than possible to have people literally being spread all over the world and still get the job done.
However it takes good managers with some creativity to make it work. In my experience probably something like 1 in 100 of all managers...
Its about time...
.... that microsoft were forced to add support into windows for non microsoft file system types like ext4, reiserFS etc that way third parties would not be forced via the microsoft desktop monopoly into paying microsoft money for people to be able to access files on devices attached to the host PC via USB etc. Although maybe it might be possible to add support for alternative file system support I doubt it would be a simple thing especially getting the device driver software signed as windows compatable.
IMO using for monopoly position to patent troll is anti competitive?
Re: I still don't get why this only appies to MS
MS were found to have a monopoly in the PC market for operating systems and were found to be abusing there monopoly position in the operating system market to try and get a monopoly in the browser market. Apple has never had been judged to have a monopoly in any market. Which ofc it doesnt in desktop or laptop computer systems. Again in the mobile phone sector there is plenty of choice and apple are not in a monopoly position there. Tablets is an area which apple might find itself in a monopoly position as ipad is still the biggest selling tablet although with others catching up now somewhat that will start to change hopefully.
I've had a play with one it wasnt as bad as the old version 6 XDA I had but it certainly wasnt upto the standards of the iphone or an android device. Given that microsoft have a habit of burning the platform they just made why would I want to find myself in the situation where the next version comes out and support for my version basically ends and if I am really unlucky at the end of my contract microsoft have pulled store support for my device?
The hardware sounds awesome why do Nokia insist on crippling it with trashy Microsoft phone operating system . How about listening to your customers and providing them with what they want ie this hardware with android. You can still sell the crappy windows version if you have too...
Can I have a badge, a gun, a kicking soundtrack, a subtly lit office, be surrounded by leggy attractive women and interview suspects all whilst having lots of slo mo action? Thought not! I'll pass!
Re: giffgaff, not C4
I still wouldn't want it even if it was FREE!
I'm with Jason if a game is worth paying for I buy if its not I dont bother paying for it or I rent it on a console. Maybe if companies like ubisoft actually produced quality games which were released without the need to download a 500mb+ patch on release day to make the game playable people might actually be more inclined to buy. They dont treat there customers with respect and the compound that by calling us a bunch of thieving pirates, thats another publisher I shall avoid unless the game is too good to miss.
I really cant understand why the damn thing wasn't working fully on the ground I mean who the hell would choose to do a remote upgrade over that distance! A little bit far for a mobile engineer to pop out to reboot the damn thing if it doesn't go according to plan.
Ah so its fine to copy a chrome "innovation" but the other way around is evil? I hope google sue apple for copying unified search/URL bar, unlikely though as google appears to favour INNOVATION rather than litigation unlike apple patent trolls.
As for dropping the windows version well I am sure all 3 worldwide users will be gutted by the change ;)
Banning the word torrent is ridiculous as its just a service that can be used for piracy like every other service, http, https, ftp etc.
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- 20 Freescale staff on vanished Malaysia Airlines flight MH370
- Did Apple's iOS literally make you SICK? Try swallowing version 7.1
- Neil Young touts MP3 player that's no Piece of Crap
- Review Distro diaspora: Four flavours of Ubuntu unpacked