* Posts by alain williams

778 posts • joined 29 May 2007

Page:

Brit spies want rights to wiretap and snoop on US companies' servers

alain williams
Silver badge

Please save me from terrorists!

This terrifies me, I worry about it, I am afraid of the spooks in the NSA & GCHQ.

Who will save me from terrorists ?

0
0

Official UN panel findings on embassy-squatter released. Assange: I'm 'vindicated'

alain williams
Silver badge

The USA has won ...

They have succeeded in making Assange the story and not what he revealed through Wikileaks.

We seem to have forgotten that this was started when evidence of USA government wrongdoings was published; so standard procedure was activated: discredit the messenger, something that they have done many times before - Bradley Manning for one.

20
28

TalkTalk admits losing £60m and 101,000 customers after THAT hack

alain williams
Silver badge

Doing security properly costs ....

but is often cheaper than screwing up and having to pay the cost of the f**k up.

The problem comes when a bean counter wants to know if a few £k can be shaved off some budget or a marketing manager wants something delivered a couple of weeks earlier - so security is not done properly. After all: you can have a system that appears to work well even if the security is paper thin.

By the time the short cuts come to light: those guilty of forcing the change are forgotten, but just in case the universal 'hacker' bogey man is invoked/blamed.

This is not just a Talk Talk problem. I recently saw some email from https://references.clearviewtr.co.uk/ to someone wanting to rent a house. Login details all in clear text, one email: URL, username, password - this is somewhere where a lot of financial data is entered (bank a/c details, home + work address, ...) just what you would want if you wanted to spoof someone. Management at clearview should be shot.

0
0

HSBC online banking outage: Moneymen are 'still under attack'

alain williams
Silver badge

How can you defend against a DDOS ?

If all the traffic comes from somewhere that you can put into a firewall you might have a chance with some kind of attacks, but not all.

1
1

Windows Mobile users suffer backup super-slurp as Redmond forgets Wi-Fi switch

alain williams
Silver badge

You get what you pay for ...

is what Microsoft says when trying to tell people that Linux is pants. That doesn't seem to have worked here does it ?

So: will Microsoft do the honourable thing and pay consumers for their excess data charges ?

While at it: also pay for people who's broadband limits were blown by them shoving MS Windows 10 at them without asking.

4
1

Show us the code! You should be able to peek inside the gadgets you buy – FTC commish

alain williams
Silver badge

The code is not enough

You also need the ability to replace the compiled code that comes on your device with code that you have inspected and compiled. The point is that how can you be sure that the code running in the device corresponds to the source code that you have been given ? - Especially if the likes of NSA/GCHQ are around with laws that can compel vendors to silently subvert their own products.

The ability to extract the installed code and check that you can build something bit wise identical would also be good.

OK: it will not be for everyone (recompiling) but being able to reinstall firmware should not be too hard.

Also: knowing that someone has verified the manufacturer's binaries will reassure the many for who reinstalling is too hard/much-effort.

If this were to ever happen, then NSA/GCHQ will set up organisations to do the recompiling/checking but lie about the results and so give a false sense of security; so it is not as easy as you might imagine.

2
0

Confirmed: How to stop Windows 10 forcing itself onto PCs – your essential guide

alain williams
Silver badge

Re: Paying for Windows 10 after July

AFAICR Microsoft, as one of the settlements of one their regulatory run-ins, have to share details of the SMB protocols so unless this settlement expires your scenario seems unlikely.

That is true. But when will they release the spec ? "Sorry guys, we forgot to put this on our web site. This is why Samba has not been working for 4 months." They won't need to do this very often to give the Linux desktop a bad reputation. Do they care if the EU fines them a few hundred million ?

Also have you looked at some of these things ? Not examples of clarity.

1
0
alain williams
Silver badge

Re: Paying for Windows 10 after July

If anything was ever going to usher in the Year of the Linux Desktop, having Microsoft basically act like the Mafia demanding protection money to maintain access to one's files would be just that.

And once the use of Linux desktops gets to the magic 15% all sorts of nice things happen:

* hardware vendors need to release specs so that Linux support becomes a no brainer

* software vendors will start to feel the pressure for that Linux port

However: I dread what MS will be able to do once it has all MS Windows machines being updated within a few weeks to their latest release. Consider the following:

* MS quietly release protocol update to SMB (file sharing), all machines are capable of the protocol, but none use it; use older protocols.

* 3 months later: new update, that protocol is now mandatory (excuse is a security flaw in the old protocol); will no longer work with old protocol.

At a stroke any machine using Samba (ie Linux, BSD, ...) cannot do file sharing with MS Windows machines. MS announces that "Linux is broken, come back to Microsoft, it just works"

7
1

Irked train hackers talk derailment flaws, drop SCADA password list

alain williams
Silver badge

Re: Who the fuck ...

... would put this kind of kit on a network available to the general public?

It has been known for a long time that SCADA systems tend to have poor security controls; many are ancient having been built in an era before today's world where everything is connected. Plenty of time to address the issues but this has not happened.

So: regard this as a boot up the backside, not just to the vendors but also the users who have been reluctant to invest in upgrades. Granted that upgrading a rail system is not an overnight job.

Hopefully the result will be more secure infrastructure in a few years time.

8
0

Forget anonymity, we can remember you wholesale with machine intel, hackers warned

alain williams
Silver badge

Code layout

About 30 years ago at a LUUG (London Unix User Group) meeting in a pub DT asked how an if/else should be formatted. There were 14 of us and 13 different answers; we were all prepared to defend our own style as being the best - all their arguments were wrong since it was obvious that my own style was the only good one.

Many preferences seem to depend on which languages you cut your programming teeth on, how they were laid out.

As regards your examples:

* the opening '{' should be on the line with the 'if', the '}' ends the 'if' the '{' is less important and just makes the if body multi statement.

* there should not be a space after the 'if' - why, in my case, because snobol did not allow it.

0
0

Watch out, er, 'oven cleaners': ICO plans nuisance call crackdown in 2016

alain williams
Silver badge

Pity no one honours the TPS, especially cold callers !!!!

The TPS is a subsidiary of the British Direct Marketing Association, so of course they do as little as possible - this is the fox in charge of the hen house.

12
0

Apple on the attack against British snooping bill. Silicon Valley expected to follow

alain williams
Silver badge

Will terrorists, etc, quake in their boots ?

Oh, no - we can't plot to blow up the UK any more since we cannot use outlawed technology!

Of course they won't -- who does Theresa May think that she is kidding ?

6
0

Free Wi-Fi for the NHS, promises health secretary Jeremy Hunt

alain williams
Silver badge

Re: Self-monitoring for patients

Provide instructions for patients to perform their operations while you're at it.

Brilliant: then any complaints about delay can be blamed on the patents.

2
0

UK government names Cloud Foundry Her Majesty's preferred PaaS

alain williams
Silver badge

Self hosted can be:

* More secure. Good, I want my government to keep my data secure (and inside this country)

* Cheaper. Government will be a *big* user, economies of scale could work in their favour

2
0

Apply online to go to Mars. No, seriously

alain williams
Silver badge

Why the ungenerous salary ?

There is every likelihood that they won't collect ...

1
0

Typo in case-sensitive variable name cooked Google's cloud

alain williams
Silver badge

binary OR with 00100000

Well, that might have worked in times past, but now non ASCII characters are being used - case folding is more complicated. Think Unicode.

3
0

Putin's Russia outlaws ECHR judgments after mass surveillance case

alain williams
Silver badge

Re: If Russia's surveillance is incompatible,

Because no one has (yet) complained to the ECHR.

6
0

Russia's blanket phone spying busted Europe's human rights laws

alain williams
Silver badge

What is the difference ...

between what Russia is doing and what Theresa May wants to be able to do (or legalise what GCHQ is already doing) ?

14
1

Kids charity hit by server theft

alain williams
Silver badge

Encrypt file systems ?

For a run of the mill office server, encrypting the important file systems should not really slow it down too much. A quick search finds: Ubuntu extra overhead of 5%, others should not be vastly different. Thus acceptable on a modern server that has more CPUs/cores that you know what to do with.

If you are smart: do not encrypt the file systems needed to get it up & running, then on a reboot you can ssh in and get the encrypted file systems mounted.

7
0

VMware lawsuit fallout causes funding issues for GPL lobby group

alain williams
Silver badge

''GPL campaigning ... at odds with corporate sponsors''

In other words the corporates expect to be able to take GPL products for free, make a few changes or incorporate it as part of their own software and sell it on.

Parasites.

If you get something for free don't insist that others have to pay for your tweaked version.

16
4

'Hypocritical' Europe is just as bad as the USA for data protection

alain williams
Silver badge

Two different discussions

He was arguing about how European governments poke into data. We all agree that that is bad; however the NSA is just as bad.

He ignored limits on corporate use of private data. Here Europe is streets ahead of the USA. In the USA personal data is fair game, a commodity with which to make money. In Europe companies are (in theory at least) restricted as to what they can do with it.

When doing a compare and contrast: do not ignore the bits that do not bolster your point of view.

18
0

WordPress.com ditches PHP for Calypso's JavaScript admin UI

alain williams
Silver badge

Arrrgh!

I went to https://cloudup.com/ with my standard browser set up and all that I saw was 5 links to JavaScript that the NoScript plugin had blocked. Come on guys, at least show a basic page without me having to enable JavaScript - if you do not then I will probably just go elsewhere rather than try to work out what I should enable, indeed what I want to enable.

6
1

Who's right on crypto: An American prosecutor or a Lebanese coder?

alain williams
Silver badge

Re: Nope, don't care

There are plenty of stories of corrupt government and of the rich being prepared to do anything to stay rich. There seems to be a lot of evidence, I am not a historian or journalist so it is hard for me to verify things like: JFK - 9/11 except to say that much of it I have heard before.

Something worth reading is this: Shock Doctrine and also Shock Doctrine.

It is easy to label as conspiracy theory, but there are plenty of unanswered questions.

3
4

ICO fines PPI claims firm £80,000 over 1.3m spam SMS deluge

alain williams
Silver badge

Re: Good

Fine the company directors personally, not the companies. Those fines should be paid out of income on which tax has been paid - ie not tax deductable.

8
0

Doctor Who: Even the TARDIS key can't unpick the chronolock in Face the Raven

alain williams
Silver badge

We will see her again

She stepped into the Dr's timeline which means that she is in his future as well as his past.

Anyway: she has died before and come back.

0
0

'Hacked by China? Hack them back!' rages US Congress report

alain williams
Silver badge

So does that mean that ...

if a USA company is cracked by the NSA that they will legally be able to try to crack the NSA ?

6
0
alain williams
Silver badge

Money would be better spent ...

securing your systems in the first place; a good half of the budget should go to training staff in good security practices.

8
0

ISIS operates a crypto help desk – report

alain williams
Silver badge

''deranged sys admins''

Derogatory & belittling attacks on your enemy is silly, the result is that you tend to dismiss them as fools and so not take them seriously. You may not agree with what they are doing (as I do not) but we must understand that they have intelligent people and are thus able confound the best that we can use against them. To assume any less is to leave us wide open.

We must also assume that their top commanders get better advice on secret communications than those lower down.

14
1

TalkTalk: Data was 'secure', erm, we beat rivals on price. Um, scratch that...

alain williams
Silver badge

Time to face up to it ...

it seems that lying by corporations is now normal. Even being caught out is hardly a problem, the lie will soon be forgotten as they dream up the next set of fibs.

Government won't do anything: politicians lie just as much.

10
0

What the Investigatory Powers Bill will mean for your internet use

alain williams
Silver badge

Re: I was wondering when the Reg would start reporting on this

The Git/Repo command downloads gazillions of small packets, each one requiring a DNS resolve.

Any sensible system setup will have a local DNS cache, so only the first one would be logged.

0
0
alain williams
Silver badge

Re: I was wondering when the Reg would start reporting on this

It also will have zero effect on any criminal with 1/4 ounce of IT knowledge.

Exactly: so it could help to catch small time crims/paedos/terrists - but not the clever, well organised ones - ie this is designed to not catch the people who it is supposedly aimed at.

11
0

One Bitcoin or lose your data, hacked Linux sysadmins told

alain williams
Silver badge

Re: ZFS is looking more and more attractive...

SELinux isn't much protection against an attacker with root access!

Although running SELinux would help prevent someone who has exploited the Magento vulnerability from going on to gain root access. That is part of the point.

1
0

UK's internet spy law: £250m in costs could balloon to £2 BILLION

alain williams
Silver badge

Cost benefit analysis

What is the purpose of this ? I think (we are told) that it is to save lives - first approximation. How many lives ? Let's be generous and say 100/year over 10 years: 1,000 people.

£2 billion is about the cost of building 10 hospitals (est £178 million). How many lives are saved in 10 hospitals over 10 years ? 1,000 would be 10 people per hospital per year -- I think that they do considerably better than that.

OK: very rough numbers, a big margin of error - but you get the idea.

I am not suggesting that the spooks budget be cut to zero but I think that there are much better ways in which we could use the money. Part of the trouble is that when many people are killed in a terrorist attack, it is spectacular and fills the headlines - whereas people dying of preventable disease do so one at a time and rarely get much of a mention in even the local newspapers. People judge the risk spectacular events badly when compared to common, low key ones.

3
1

Brussels flings out Safe Harbour guidelines, demands 'safer' new framework ASAP

alain williams
Silver badge

tissue papering over the cracks

The European Commission plainly wants to get back to 'business as usual' and stop having to think about pesky things like personal information security. What they are proposing is just as bad as what there was before ... but it will probably take another opinion from the ECJ and until then this gives everyone an excuse to pretend that all is OK.

I also suspect that many more than 4,000 companies depend of safe harbour: try any organisation that has personal data in the Amazon cloud to start with. I would suggest that you add 2 or 3 zeros to the end of that number.

Thinking about it: toilet paper would be a better analogy.

8
0

TPP: 'Scary' US-Pacific trade deal published – you're going to freak out when you read it

alain williams
Silver badge

7 years of negotiations, 60 days to review

What is the rush ? If it took so long to agree the final version why so short a time for everyone else to come up to speed? Obama is giving reviewers 1/43 of the time that it took to cook this up. What is he hoping that we will not notice ?

Oh, note that 60 days includes time off for Xmas; so in reality less time than that.

18
0
alain williams
Silver badge

Re: Source code

It depends what a Party is but I think that's entirely reasonable for power stations, vehicles, or governments. Does this mean that can't happen any more?

No, the next paragraph deals with that:

For the purposes of this Article, software subject to paragraph 1 is limited to mass market software or products containing such software and does not include software used for critical infrastructure.

However: I do see that as an attack on the GPL of which a really important part is the availability of source code. Part of the trouble with a document like this is that there are some stark paragraphs that do not contain anything by way of real explanation or motivation. This makes it really hard to see the (intended) implications until it is too late.

17
0

UK cyber-spy law takes Snowden's revelations of mass surveillance – and sets them in stone

alain williams
Silver badge

Re: foss...

You try getting FOSS on your iPhone - Apple will not allow it. I wonder: if enough people get seriously concerned about this will this impact on iPhone sales ? It is not just a matter of Apple releasing bits of source - but people need to be able to independently compile and install to be sure - this breaks their apple store walled garden model.

0
0
alain williams
Silver badge

Move to Open Source comms s/ware

Unfortunately you cannot trust software that you cannot read the source and build a bitwise identical version of. All that it takes is the NSA to give Apple/MicroSoft/... a National Security Letter telling them to insert some malicious code into a program or library/.DLL/.so and they will have to do it and not be allowed to tell anyone.

So people needing security will have to use Open Source software; maybe on a proprietary platform, although it will be easier to validate everything it what you run is Open Source top to bottom.

Most people will not bother, but clever crooks, terrorists, paedophiles will do so - they will have the motivation. So those being spooked will be everyone other than the ones that we are being told that this is supposed to catch.

Stupid or a different agenda ?

3
0

GCHQ 'smart collection' would protect MPs from spies, says NSA expert

alain williams
Silver badge

Want to protect MPs ? - Take away the iPads

These were given to MPs earlier this year, IIRC some were also given a few years ago.

It is safe to assume that anything on these iPads has ended up at the NSA via Cupertino.

9
3

Licence to snoop: Ipso facto, crypto embargo? Draft Investigatory Powers bill lands

alain williams
Silver badge

How times change ....

30 years ago: British politicians were loudly telling us that life in East Germany was bad and that the Stasi watched your every move, spies everywhere!

Today: British politicians are trying to out spy the Stasi - we are now more snooped on than East Germans ever were and they want to make it worse.

34
1

Microsoft Windows 7 Pro: Halloween Horror for PC makers next year

alain williams
Silver badge

So what about the Windows 10 data slurp ?

Especially since the EU court has said that safe harbour agreements are no longer safe with data going to the USA

13
1

Hi, um, hello, US tech giants. Mind, um, mind adding backdoors to that crypto? – UK govt

alain williams
Silver badge

Are they that stupid, or who are they really after ?

Putting back doors into popular applications will only let them read the messages for the stupid and small time crooks. Their claimed targets terrorists and drug kings will use their own software and manage their own end to end encryption. Paedophiles have shown themselves adept at using technology and will simply up their game.

So: are our politicians (and their advisers) complete twats [a real possibility] or are they playing a different game, eg: trying to snoop trade secrets and political dissent - ie keep themselves in the money and in power -- so that long may we remain their underlings.

11
0
alain williams
Silver badge

Re: Mathematics...

But, but, but ... politicians are smarter than mathematicians, they just try to legislate mathematical truths rather than waste time trying to prove them: Indiana Pi Bill

10
0

Anti-adblocker firm PageFair's users hit by fake Flash update

alain williams
Silver badge

Re: NoScript

What needs to happen is a campaign (the people behind NoScript would be a prime driver for this) to let these bastards know that they're losing serious traffic because of this.

I would have hoped that the corporate website equivalent of Darwinian selection would happen here. The web site die through the lack of visitors. Unfortunately: most users have not heard of NoScript and probably never will, so these sites prey, and keep alive, on them but not more savvy visitors.

1
0
alain williams
Silver badge

NoScript

That is why I do use NoScript and get it to block 3rd party (often == advertisers) javascript.

I also don't run MS Windows which always helps a lot when it comes to security - for all sorts of reasons.

8
0

In-a-spin Home Sec: 'We won't be rifling through people's web history'

alain williams
Silver badge

Re: Kite flying

Not necessarily, they've always got the the choice of a minor tweak via the 2016 IPB Amendment Act, followed by another tweak via the 2017 IPB Amendment Act etc etc

Or even better a statutory instrument - which will sail through virtually unseen.

6
0

Windows 10 growth stalls during October

alain williams
Silver badge

Re: Interested to see how this turns out...

Partly because Linux is not counted properly. A week ago I bought a new laptop, it came with Windows 8.1 installed; I immediately upgraded it to Linux Mint - but it will be counted in the statistics as another MS Windows 8.1 installation.

I will be shortly replacing MS WIndows XP on my sister's laptop with Linux Mint, this will not be officially recorded.

Linux is under counted, by how much I cannot say.

12
18

UK watchdog offers 'safe harbor' advice on US data transfers

alain williams
Silver badge

Force of law needed, not agreements

It is quite simple: an agreement/contract is not worth the paper that it is written on if:

* the FBI/NSA/... comes knocking

* the company goes bust and the administrators sell off your data

The USA is complaining about the EU judgement, but it has a simple solution: legislate, some laws that guarantee personal data protection, something that all civilised countries should have anyway. Such laws are, however, unlikely since a lot of money is made dealing in personal information and the senators will not do anything to upset their corporate pay masters.

16
1
alain williams
Silver badge

That is why when I filled in my last census form I answered the question on how many bedrooms I had and left all other questions unanswered.

2
0

Microsoft scares the bejesus out of Skype users with x12 price hike

alain williams
Silver badge

MS must be coining it!

Lots of fees from the users on top of what they get from the NSA to snoop in on calls ...

5
1

Page:

Forums