* Posts by alain williams

658 posts • joined 29 May 2007

Page:

Russia and China seal cyber non-hack pact

alain williams

They will just outsource it ...

to someone else. I doubt that they really believe that the other will stop trying to crack them, this is just for show.

2
0

Small WordPress sites leaking like sieves

alain williams

Re: There are benefits...

I dislike WP intensely largely for this reason. I want to install the programs/scripts read only - preferably using the OS installer (eg: yum/rpm or apt-get). It is also hard to have one copy of the scripts and use them in several sites. WP makes this very hard, they entire mindset of the developers seem to have little clue about large scale system admin and want WP to do everything.

Also: they seem to favour features over security -- get something working quickly, worry about good coding later.

2
0

Cop in gay porn film advised to put his helmet away

alain williams

carrying out extensive unauthorised checks on the Police National Computer database.

These are the ones that really concern me. The police are given special privileges to find things out about us - ANY abuse MUST be met by a high profile dismissal and loss of pension.

I could not see how many of these were caught, but I suspect that the numbers reflect no more than the top of an iceberg.

21
0

SHA-1 crypto hash retirement fraught with problems

alain williams

Old android

The problem here is that many manufacturers of phones, etc, lose all interest in some hardware once it is more than about a year old. However a lot of us buy a phone and expect to use it for many years - why throw out something that still works ?

4
0

France wants to make les citoyens' health data available to world+dog

alain williams

Let the first records to be released

to include those of the French president and all members of the national assembly.

What do you mean ... some should be excluded ... why ... is it not really safe then ?

7
0

Sweden releases human genome under Creative Commons licence

alain williams

What to do with it ?

What now ? Forks and distros ?

Yes - I have my own copy, slightly different from yours, and I have given versions, free of charge, to my kids.

Sue me if you don't like what I have done!

4
0

SEX: Naughty female stegosauruses offered it on a PLATE

alain williams

Would those plates ...

have made her dishy ?

12
0

Something's missing in our universe: Boffins look into the SUPERVOID

alain williams

It was being filled

Ah, so that is the hole that the bankers were trying to fill - I always suspected that they weren't quite as bad and selfish as they had been portrayed!

1
0

Ad-blocking is LEGAL: German court says Ja to browser filters

alain williams

Re: It's my computer

Adblock Plus should countersue for theft of bandwidth.

No, it is you & I who should sue for use of bandwidth - unless Adblock plus coordinated some sort of class action.

I can see the admen trying technological mechanisms to stop me viewing their content unless I viewed ads - but what they don't understand (or refuse to) is what I don't like:

* ads that start autoplay of video or sound

* ads that use up a lot of screen space

* ads that pop up/under

* ads that download a lot or slow my browser

* sites that run javascript off random servers/domains that I don't know what they are and suspect are tracking me

* intrusive ads

Nice, small, discrete ads I can put up with. Anything else - piss off!

52
0

VMware fires Photon torpedo – a homegrown Linux for microservices

alain williams

Will it really obey the GPL ?

Or will this be another case of VMware ripping off open source. There is already one case rumbling to court in Germany:

https://lwn.net/Articles/635290/

6
4

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe

alain williams

Re: Bad idea

You don't need one IP address per site if you use SNI (Server Name Indication). The main problem is that this is not supported by MS Windows XP - which although down to about 17% ... is still some time before web site owners consider it unimportant.

HTTPS is not secure if you can 'own' certificate authorities and/or DNS - neither of which is hard for governments -- so it comes down to who you want to protect against ?

5
0

Radio 4 and Dr K on programming languages: Full of Java Kool-Aid

alain williams

Re: “Goto statement considred harmful”

People forget that what he was talking about was that excessive use of goto is harmful. It harks back to a day when many programs had a goto every 3-5 lines -- that is spaghetti code. A small number of goto and corresponding labels can make the code cleaner by avoiding the use of ThereIsAnError type variables that are continually tested until the error handling code at the bottom of the function is reached.

Here is a nice article on the subject: http://david.tribble.com/text/goto.html

12
0

NSA: 'Back doors are a bad idea, give us a FRONT door key'

alain williams

Re: Github

Quite possibly: good encryption is hard; but just because one group got it wrong does not mean that they all will.

12
0

PHYSICS APPLECART UPSET as dark energy disappears, Universe slams on brakes

alain williams

100 watt bulbs

The findings are analogous to sampling a selection of 100-watt light bulbs at the hardware store and discovering that they vary in brightness

I always knew that these low energy bulbs were not what they were cracked up to be. Don't last as long as claimed either.

4
3

David Cameron's Passport number emailed to footy-head

alain williams

Re: Is it such a big deal?

So if they want a copy of your passport so that you can see what information they hold about you, does that not suggest that they did not do enough to assert who you were when you signed up on their web site in the first place ?

Surely: give the exact same information (be that true or false) should be enough.

0
0
alain williams

The wrong address is not the real issue

Sending the list by (presumably unencrypted) email is a bigger problem. Sending email is like putting a post card into a letter box, it can be read by anyone who handles it. So: this email has potentially been read by all sorts of people.

This is the REAL cluelessness - it seems that el-reg's journalists have also forgotten this problem with email.

OK: in this case the NSA has already got this information, but who knows who else has tapped into the Internet routers that the email went through ?

1
0

VMware channel confirms price hikes from next month

alain williams

They need to pay their lawyers

who are defending them in court over their GPL infringement: https://sfconservancy.org/linux-compliance/vmware-lawsuit-faq.html

They will need even more money after they have lost to rewrite their code so that it does not rely on them just grabbing someone else's code and ignoring the license.

They would be very upset if others did that and used their product without paying them ... thinking about it - since it is based on GPL code, it must be licensed under the GPL, so you can do that - just take a copy and use it where you want to.

1
1

Hello? Police? Yes, I'm a car and my idiot driver's crashed me

alain williams

Will it be easy to disable ?

Will it be legal to rip it out of your car ?

2
1

Respect mah privacy! EU delegation begs US to play nice with data

alain williams

Re: Lip service..

That is all the MEP delegates will get from the US...

Not true - Monica Lewinsky no longer works for the gov't of the USA.

0
0
alain williams

Even if the USA gives assurances

the lying toads will not lose any sleep by living up to the promise. The NSA will just continue to slurp up whatever it wants citing Four Horsemen of the Infocalypse: terrorists, drug dealers, pedophiles, and organized crime.

17
0

OpenSSL preps fix for mystery high severity hole

alain williams

Re: Software written in C contains bugs, that will include Java then...

The definition of debugged software is: software in which the bugs have yet to be found.

Ie all non trivial code contains defects.

6
0

VMware wants amicable end to 'meritless' Linux-lifting lawsuit

alain williams

Re: A nice donation?

There is a relief for breach of GPL that is written into the GPL: release the offending code. VMware could become GPL compliant by releasing its code under the GPL.

Quite simple really.

3
0

Crap employers banned from enforcing backdoor crim records checks

alain williams

Could I do a crim check on a prospective employer ?

That would be very interesting - especially in banking circles!

4
0

‪Obama criticises China's mandatory backdoor tech import rules

alain williams

Re: ha

Do the backdoors in iPhones have rounded corners ?

11
0

East Timor was officially removed from the internet yesterday

alain williams

Getting rid of country codes ...

Well, you could even get rid of the country codes themselves. ....

It all depends on how people see their identity or that of their organisation. Many of us still see us as entities within a country, thus I am phcomp.co.uk. Larger or multinational/global entities might choose something different, eg ibm.com or one of the new TLDs that were recently created.

0
0

Would you trust 'spyproof' mobes made in Putin's Russia?

alain williams

Who do you fear most ?

NSA/GCHQ or KGB ?

If I were any of the above I would be setting up companies that sell security products and put a few backdoors in all products. To deal with security companies that I did not 'own' - I would also get a few employees on side by helping them out of problems (financial/drug/marital/...) - problems which I would prob have put them into in the first place.

Maybe they are not doing this; but would anyone believe them if they said not ?

18
1

And the buggiest OS provider award goes to ... APPLE?

alain williams

Comparing like with like ?

It is very hard to see what they are comparing with what. If it is a default install then all operating systems will install a very different collection of applications ... this makes a naive comparison meaningless.

4
4

LinkedIn values your privacy at ONE WHOLE LOUSY DOLLAR

alain williams

Why bother to be secure ?

It is not worth the effort.

The main purpose should have been to make Linkedin take security more seriously so that this did not happen again. But the ''fine'' was a rounding error when compared to its turnover, so small that it will only figure as a footnote to a footnote in their annual report.

Only once we start to see the penalties for crap security actually hurt will we see real improvement.

5
0

May the fourth be with you: Torvalds names next Linux v 4.0

alain williams

Re: don't break compatibility since forever

That is because the ABI compatibility that Linux it talking about is *userland* ie programs. Compatibility within the kernel has never been a design goal - they want to be able to change the way that things work so that they can do things in new/better ways.

That is not at all a problem because all device drivers should be within the kernel tree and thus be recompiled (after perhaps some code changes) with a new kernel.

Binary device drivers are an anathema in the Linux kernel world -- so if you do it, what do you expect ? -- it was never intended to work in the first place! Everything in the kernel is supposed to be Open Source.

So: don't complain about something that was never a design goal.

16
0

IEEE rubber-stamps new patent policy

alain williams

What about open products ?

Eg GPL software that is free (as in no money) for all to use. If I compile and give a binary to someone will I be liable for license fees ? If so then giving something away will cost me money.

0
0

$10,000 Ethernet cable promises BONKERS MP3 audio experience

alain williams

Re: Nope...

A provider who has, presumably, moved to HiFi from the health food industry.

0
0

Zimmermann slams Cameron’s ‘absurd’ plans for crypto ban

alain williams

Who are you A/C ?

A member of the British army 77th Brigade brigade ?

http://www.bbc.co.uk/news/uk-31070114

9
0
alain williams

Nothing to hide if you have done nothing wrong ?

Having a crap is not illegal, so why do toilets have doors ?

50
0

Microsoft eyes slice of Raspberry Pi with free Windows 10 sprinkled on top

alain williams

With Microsoft nothing is free

you will end up paying sooner or later. The free bit is to get you hooked.

30
16

Google forced to – wah! – OBEY the LAW with privacy policy tweaks

alain williams

Subject access request

So does this mean that I can now give Google a subject access request and have it, within 40 days, give me a copy of all the data that it has one me ?

7
0

I ain't afraid of no GHOST – securo-bods

alain williams

I have just updated some 8 machines, none of them rebooted. I restarted some services (exim, httpd, sshd, ...) - but a reboot was not needed -- these are Linux systems, not MS Windows.

I agree that a reboot is an easy way of restarting everything - but if you know what you are doing it is not necessary.

13
4

LEAKED Qualcomm processors reveal sexy new specs

alain williams

Re: IS IT?

Yes: 64 bit.

For something that seems designed for handheld use not using big.LITTLE seems strange. Any device will have times when it has little to do, so why not save the battery by powering down the fast but battery eating big core ?

3
0

Ailing AMD battered by goodwill, inventory charges

alain williams

Re: They missed a trick

IIRC a couple of years ago AMD sacked a lot of R&D types. It improves the bottom line for a couple of years and then the chickens come home to roost.

4
0

Checkmate, GoDaddy – Google starts flogging dot-word domain names

alain williams

I wonder what google can scrape from this ?

If I visit a web site by some means other than: doing a google search, using google as my ISP, ... it learns nothing about what I am doing (the NSA does not give them a feed!).

If google tells my machine where a domain's name servers are it will know that I am trying to reach the domain. It will not know why, or how long for - but it will know. This is why they provide a free to use name server at 8.8.8.8.

Yes: I do realise that if you use your ISP's name servers, your address is fuzzed and the ISP will cache results ... but google will still learn something.

Should there be legal limits one how data can be shared between the various different business units of large corporations ?

1
0

MI5 boss: We NEED to break securo-tech, get 'assistance' from data-slurp firms

alain williams

checks and audits

I do not have a problem with targetted surveillance where MI5 need to justify their concerns to a judge before they snoop. ISPs/website_operators must be given these decisions (judgements but not the evidence) as part of a request for help in an intercept. These applications to court must all be published after, say, 10 years. I do not like warentless hoovering of all communications data.

The other thing that I do not see is full auditing and a truely indepdendent auditor - ie not an establishment figure. This guy would be given free access to what is happening and will publish an annual report (yes: summary only) and when there is a 'bust' say how important surveillance was in achieving it - currently I get the feeling that how imporant e-evidence was in a bust is somewhat over played.

27
0

Marriott: The TRUTH about personal Wi-Fi hotel jam bid

alain williams

I doubt many people would be especially bothered about having to drink a specific soft drink brand at a concert

I would. If I have paid for a ticket for an event I do not expect to be further ripped off by having to buy some overly sweet fetid drink like coca cola or pepsi. I know that some people like them, to me they are disgusting.

5
0

NSA's Christmas Eve confession: We unlawfully spied on you for 12 years, soz

alain williams

These are the ones that they have chosen to tell us about

There are all those snoops that were not noticed by anyone. It would be naive to assume that NSA auditors/... were able to catch them all.

We have been shown reports of a number of violations. I would not be surprised to learn that there were many more but that the NSA 'fessed up enough to make us all tu-tut and be satisfied that they have told us all that they know ... but the real number known internally is what ?

The NSA has been shown to lie in the past, we would be naive to assume that this is the full truth.

4
1

Denmark BANNED from viewing UK furniture website in copyright spat

alain williams

Re: The Danish legal system must be retarded to have 75 year copyright

In England we have 70 years from the release date for music and 70 years from author's death for books - both a far too long, IMHO.

18
0

Linux software nasty slithers out of online watering holes

alain williams

So how does it work then ?

This Turla cd00r-based malware maintains stealth without requiring elevated privileges while running arbitrary remote commands. It can't be discovered via netstat, a commonly used administrative tool. It uses techniques that don't require root access, which allows it to be more freely run on more victim hosts. Even if a regular user with limited privileges launches it, it can continue to intercept incoming packets and run incoming commands on the system.

If it does not use elevated privileges then, I assume, that it has not tampered with the kernel. So how does it hide from netstat ?

Ah, later he says: The module statically links PCAP libraries, and uses this code to get a raw socket, ..., but use of PCAP requires superuser privileges???

I am not saying that this is not a threat ... but I would like to see something more plausible - if only so that we can protect ourselves -- without having to buy something from Kaspersky ... which is what I get the feeling this is all about - a marketing exercise.

6
0

Government locked into £330m Oracle contract until 2016

alain williams

The public sector spent £290m in 2013 with Oracle

If they put 10% of that into sponsoring open source projects I wonder how long before they have a royalty free suite that does what they need ? Run it on top of Linux using PostgreSQL, etc, and the bills would drop.

OK: open source projects will not do exactly what is needed, so pay FLOSS hackers to write the code and release it under the GPL. This code could be used/shared by different government departments, by industry and even other governments[**].

Do they not think that this is what Oracle is doing ? Write the code once and then implement it many times at different customers ?

I do realise that requirements will change, so any solution will need maintainance. I also realise that different use cases will have different detailed requirements, but well designed core components will be able to be reused.

[**] Hmmm, the thought of helping the French might put the kibosh on this :-)

5
3

Microsoft hikes support charges by NINETY TWO PER CENT

alain williams

If it turns out to be a bug

in the Microsoft s/ware, will they pay the $499 back ?

Oh - look at the pigs fly by ...

3
4

It's BLOCK FRIDAY: Britain in GREED-crazed bargain bonanza mob frenzy riot MELTDOWN

alain williams

Re: Buying For The Sake Of It.

Dear Marjorie,

I have not felt the slightest urge to go out and buy anything today. Is there something wrong with me that even my best friend won't tell me ?

13
0

Assange™ slumps back on Ecuador's sofa after detention appeal binned

alain williams

The wrong story

Assange was about Wikileaks and, at the time, Snowden. It looks that the USA have succeeded in neutralising him as I seem to remember that there was a lot of talk about the rape charges being 'encouraged' by USA operatives. Assange has now been removed from this.

What would Assange have gone on to do if he were not holed up at the embassy ?

BTW: I wonder what he does with his time and how he pays for his keep ? Does he wash the dishes or perform office tasks ?

3
4

Ofcom tackles complaint over Premier League footie TV rights

alain williams

How to bring competition

Is to ban exclusive deals, ie insist that every football match can be broadcast by at least 2 TV channels (or Internet stream). That gives the media the incentive to be cheaper than their rivals to get the eyeballs - thus introducing real competition. If the price paid to clubs drops, then so be it. There should be no minimum fee that has to be paid to a club; so if no (second) bidder bids more than your £100 to be there streaming from a web cam - then so be it.

The fans will gain from this.

The only losers will be the clubs & media.

Expect collusion between the clubs and the media and a few people going to prison as a result.

5
0

Rosetta probot drilling DENIED: Philae has its 'LEG in the AIR'

alain williams

Re: One leg in the air?

It is looking for a lamp post to pee on -- wouldn't you be after 10 years ?

22
0

Page:

Forums