429 posts • joined 5 Jul 2010
What I'd like to see - not just from Moz - is a discussion about why there are so many root certs included in the first place, a discussion and documentation of why each one is in there and information about who precisely some of these root authorities are.
Only then can people make educated decisions about the security of PKI and the removal of certain root certs from their browser. Most of them seem to be distributed for historical reasons and nobody cared about these companies - rogue cert authorities with lax security (physical and technical) can easily start quietly distributing certs for your bank or software drivers that can insert themselves into the kernel on windows boxes.
Re: Only blowback actually gets through to their addled brains...
"Getting more Sunni than you bargained for?"
Uhm. We /could/ walk away and leave them to kill each other - so lets go with no. The /actual/ issue is going to be it looks like we're going to have to pick a side and then it will get really ugly - looks like we're leaning towards Iran too on the principle of "stability".
More shi'ite than sunni's bargained for maybe.
Anyways, no - literally zero blowback just brainwashed converts who will get JDAMs dropped on them soon enough. Problems nowhere. All the Iraqi's I know think these toff english (and worse white english) kids are a bunch of twats for trying to tell them how to be muslims.
"Viewing the video could be taken into consideration if any other information comes to light"
I'd love to know what perfectly legal and above-board method they would use to know in the first place that you'd actually seen it.
Yeah that's what I thought.
The exemptions aren't all that narrow - there's two issues here really, they probably want money from twitter because that's the Murdoch way, and they're not looking to go to court - they're expecting them to be removed without fuss, no questions asked.
No lawyers needed.
Re: Ahh, vigilante "justice"
There is a counter-argument that this sort of nonsense breeds in an environment without transparency. They promised to name the chap involved but never did, citing safety - yet they happily parade suspected everything else (paedophiles for example are routinely and often mistakenly targeted for vigilante justice).
One could argue they have created a new problem where they have two officers under threat as opposed to just the one that was actually involved. Doesn't make it right, but it might be the case.
They advertise like that, but you'll find if you have relevant commercial experience you'll get hired regardless. I would be very careful not to use that as an excuse if you can prove you have the experience/ability because many companies don't know what the hell they want until they meet the candidates.
On a more general software jobs note; never sign a contract that bars you from open source when you're not working or the company claims ownership of code you do away from work - this stuff can be terminal to your career.
Re: Superfast? Infill more accurate
"Why don't you all go and shout at Virgin media then for not laying fibre anywhere outside of a major urban population centre??"
Because they're not pissing away taxpayer funds to provide internet a) where it isn't needed and b) at shambolic speeds. If *anybody* other than BT had gotten government funds and they sucked at it I'm sure we would..
Oh yeah and then they have the cheek to call their network 21CN when it just isn't..
Re: What is superfast?
24mbit allegedly. I call superfast anything >= 1gbit synchronous but apparently I'm stupid. But yeah IIRC the legal definition is >= 24bit down (don't even ask about up, apparently the internet is one-way) which is superfast if it happens to be 1998.
Also yeah the 1 million there have nothing to do with the government investment, and more to do with saviours like hyperoptic and to a lesser extent virgin if you happen to live in their better areas. You'll note neither of these companies received any government funds.
There is no crime - at best you'd be in contempt of court, but that's unlikely given how the relevant court orders aren't against you, they're against specific ISPs.
I'd sue the fecks and own my own police force by the end of the week.
This is an obvious case of misconduct in public office by whomever sanctioned the arrest which carries very very very long maximum jail sentences.
When they're questioning you don't answer anything, just ask the obvious questions "have you been smoking crack?" and "can plz haz solicitor?" and you'll do fine.
Easy defence: pot/kettle/black.
why does your bank's website still suck so badly?
Because that would involve, y'know, investing
some a tiny bit of the Scrooge McDuck mountains of cash their management swim in every night. My Bank's site has been the same as long as I can remember (like, since circa 2000) - they'd probably say security but I'm fairly convinced they're using old-school ASP on NT4 servers probably on a Compaq Proliant server, security my ass. It still hasn't been explained to me why their online banking systems have to go down for "maintenance" for an hour basically every night earlier. I don't work in banking and I'd get fired for that level of db downtime, we don't even really rely on them in the same way as banks do so what are they playing at?
Re: Priceless @streaky
Titus, makes no difference what protocol. It's all going down the same pipe and there's literally no way to tell until you're hoovering it all up. Completely different to a phone network that routes the call in a different protocol to the data.
"Do remember that this law requires the communications traffic data, and not the content of communications"
How do you get the meta data without reading the content? the meta data IS the content. How do you get the meta data without *decrypting* the content more to the point. The law is in and of itself self-cancellling. It states that you can't slurp up content of communications but that you have to store the meta, the punishment for mass data slurp without warrant is worse than refusing to store meta.
Also we *still* don't know who has access and how often it's used and for what.
Re: I find the timing interesting ...
I don't think all that many people have been more vocal in opposition to me but this:
"It's the middle-end of the wedge, next - using Tor = Criminal offense, then using VPN + proxy servers = banned."
Bit paranoid given how difficult it is to dig out (by design). I don't mean decrypt and track, so much as being able to tell that it is Tor over ssh or https or basically anything else.
Not for nothing but recent revelations suggest GCHQ relies on Tor fairly heavily so if the government made it an offence that might be a little silly ( though I grant you GCHQ is circumventing the laws we have in spirit and in letter already).
Re: You've got to ask yourself...
Last I heard NSA was flabbergasted just how much capability GHCQ can bring to bear against ordinary citizens minding their own business - I wouldn't count the US out entirely but as with many things they learned from us not the other way round.
The birth certificate *does* say the 15th. But apparently the BBC is a more reliable source than the legal document that states unequivocally when she was born. Is it possible she was born extremely early on the 15th? Sure - wikipedia's entry is more factually accurate than the BBC or anybody else because it cites factual (legally prescribed) documentation stating her date of birth.
What I'd say to reg is if you're going to get all pedantry at least get it right.
Re: esport trying to be real sport
"It's that kind of comment that makes a lot of women not WANT to play with men/jerks. And maybe that's how the organisers see it as well: How about a competition where a proportion of the entrants won't be derided and made to feel like second class citizens."
Cool story - it's a meritocracy. Win games, qualify, win tournament. Everything else is noise.
"You need to be a hardened hunter-gatherer to punch a mouse with the right level of aggression?"
No you have to be a hunter-gatherer to make the right decisions about when/how to attack and when/how to run away. Proof is in the pudding here - there's literally nothing physical about why female teams can't perform at male level. Are you going to tell me women are just too dumb to play games? No. So maybe it's something else?? Maybe it's what I said?
Like I said arbitrarily limiting females out of professional gaming is silly, but most pro tournaments are done by open qualifiers, therefore no excuse. See TI4 currently running, not a single female player and literally every single person in the world can get there if they're good enough.
Re: esport trying to be real sport
Honestly the same is true in gaming too. That being said an arbitrary limit on the "top flight" is silly - if any female gamers are up to standard people will be more than happy to watch them play - usually this involves qualification (beating other teams) which is the real barrier.
Problem is they can't do that because there's no money in it because they *can't* actually beat male teams. It's literally down to lack of killer instinct. Last year there was a Dota tournament for women (absurd thing that it was), one of the players got a killing spree and started running around the stage like they'd won the lottery - yeah the game is still going on actually what the hell are you doing?
Re: BS Flag
"How are the stores, which take power from the grid, powered by renewable resources"
Directly or indirectly? Directly they can't be, indirectly - by getting your power from a company that buys renewable power. Pretty expensive way to do business though.
New building over old building carbon saved versus cost of new building? Dunno, it's plausible. There's a lot of scope for more efficient lighting and lower cooling energy use to be fair to them.
"given a large/useful chunk of the world's certificate authorities could be secretly compelled to hand over"
Cert authorities only *attest* (counter-sign) *public* keys. Nobody ever sends a private key to a cert authority. Sure they can generate new ones and usurp your traffic (a flaw that's been discussed very often and there are people testing the certs of large orgs to look out for this) - but nothing about lets say the CIA getting into say Comodo is going to get them *your* private keys. PKI is built like this for a good reason, both foreseeing this very issue and that it wouldn't be safe to send them over the wire anyway.
Also this is what PFS is for - if they capture your traffic, then later break into your server and grab the private keys - it won't allow them to decrypt the old traffic. It will of course allow them to decrypt any new traffic as it goes over the wire.
"PFS doesn't involve any user keys, just server keys, at least in the implementations discussed for Microsoft"
PFS involves generating new (temporary) keys and dumping them when the connection is terminated. There's still keys each side, they just won't get you the temp key if they're compromised.
This is all dependant on your stuff not being backdoored day one, which frankly I'm not going to put any trust in without peer review.
There's no FUD factor; it's now well known that both the NSA and GCHQ (and others) are hoovering up every single bit of data that they can lay their hands on. Odds that they're hoovering up data from inside the network of the company that has a side business in selling everything in the world? Fairly high I'd reckon given the CIA ostensibly like what they're doing (for the CIA to like your kit you'd have to assume they have fairly decent insight into your kit and operations for sensible reasons).
Not for nothing but if you're aforementioned seller-of-everything, or microsoft, or google you're not going to be *allowed* to tell people that your customers have been breached by those agencies - even if you know it - so relying on public disclosure is a nonsense.
"Oh what I'd give for AWS (or an AWS-alike) in the public sector"
Yeah or just hand everybody's data over to the NSA on a couple of unencrypted HDD's. The obvious out the way: the CIA are patently mad to not be in control of their own data.
"for the sole purpose of partially explaining away declines in some of their consumer products"
Except for this: we're not really talking about consumer products - yes Windows desktop is a thing for Microsoft but it's actually doing well commercially, and that data from other companies supports the argument.
I see CoLP bobbies on the street all the time. They do exist - quite commonly actually. Once made the mistake of asking one for directions that every Londoner should know (when I first moved down to London) - absolutely no idea at all.
Re: It is not a cancer
"Apart from the fact that C# does not run on Linux. That'd be Mono, which is a subset"
Smoke more crack. Mono is the runtime, like .NET on windows - it's still mostly C# the language.
Re: It is not a cancer
"keeping C# relevant"
Spot the non-dev 4000 miles away. C# runs the roost in modern software on windows and linux. If it's not straight C for performance reasons it's almost certainly C#. Why? Because it's a decent language that's why. The way it executes is iffy but the language itself...
Re: I hope Apple do similar
"still sue and badger users for supposed infringements"
Users? You mean global megacorps like Apple and Google. Users?
"they've lost a good deal of their monopoly"
Did they really ever have a monopoly and have they really lost it or just missed new markets being created? They're still as massive as ever in the desktop (home/business) and ent server markets and MS office is bigger than ever. People have got pissy because Microsoft didn't have an iPod competitor and missed tablets (Microsoft shouldn't reasonably be getting into hardware on that scale anyways).
Re: Mathematician vs. a "Real" Scientist...
"I believe it is arrogance and hubris to think that we have the first clue about how this world really works"
Don't talk about "real scientists" then follow it up with "I believe", it looks a bit silly.
Not for nothing but it isn't arrogant - it's pretty clear to most people the planet is broken and the data correlates. The discussion is the final effect.
Re: What is your rant aimed at?
Sounds remarkably like a rant I've been levelling at Nutanix for quite some time. Their product is hardware boxes despite the fact it's all off the shelf gear and it's the software doing all the work - but can you buy just a software licence? Nope. The hardware is overpriced being the issue - you can't see the real costs of the software and frankly you'd rather just buy the software given the chance.
Edit: To be fair it looks like you can actually buy Nutanix as software now which renders their specific involvement in this story moot but they as-was were doing exactly the kind of thing I imagine the writer is talking about.
"not sure if you can get HPC programs to recognise and use a GeForce GPU without a lot of messing around"
As long as you can get CUDA drivers for it I doubt it'd matter (the software would use the CUDA API unless some fool put a nonsense arbitrary limit in the software in which is highly unlikely given there are supercomputers that use actual graphics cards out there).
By the way you're talking about a 4500 GBP versus an 800 quid card - for the sake of a bit of RAM if you don't need it you have a massive price:flops advantage.
Re: No public trial; no public evidence
To be honest - I couldn't imagine how you could try him in public, regardless of if he's right, if they try him in public they'd have to stick with their cover stories.
"Low Level Analyst"
The US govt spends a lot of it's time trying to frame him as low level - assuming they're right surely somebody has to be asking why, if true, he had access to so much information that is protectively marked in a way that makes people think maybe they're lying.
Is nobody in the Obama administration seriously asking this basic question assuming that's what they've been told and they're choosing to believe it?
Re: It's not my birthday today!
"If it is the gamer angle then seriously as a xbox owner and live user for a good 9/10 years I want Sony to succeed because if they fail and it is just Microsoft in the mainstream console industry then gamers will get screwed over royally"
Gamers already get screwed over because of *both* these companies inability to allow market forces to drive their products - they both throw money at bad game "exclusives" and distort the market, destroy the ability of the industry to be either an art form or creative and original.
Don't worry though because Microsoft is next.
"use of tnt has been banned"
Yarly? *digs out a hacked client*. Those protections never work if you don't want them to...
Re: Dear author
12 year old OS with a very broken SSL stack (which is something you want in the current security environment) - and no patches for new security issues, much less the old non-security bugs that were never and will never be fixed.
If your a) home or b) business IT environment includes basically any of this you should be quite possibly be fired and/or shot - and if you don't know why it's a problem: lynched.
"either you agree with free speech and democracy, or you don't"
Hold on are you seriously trying to deny this guy's right to comment here?
Also not for nothing but only banana republics enshrine a totally unabridged right to freedom of speech without consequences - for reasons that would be blatant to most toddlers.
Re: Kinda Missing the point
Completely different issues, and frankly there's no reason they can't do both.
This has just become a thing after computers being a major part of the business for many decades now? Also enjoy your flights to India!
Well anybody who bothered to read what their CFO said at the time knows they were in more dire trouble than Jobs would admit at Macworld - Microsoft could have in effect ended Apple with a protracted legal fight regardless of even that.
Also not for nothing but Apple's market cap is (provably) utterly nonsense. Claiming Apple to be the most profitable company in the world makes you look a tool - and anybody with eyes can see their YoY profits are walking backwards. This is not a company deserving of it's market cap.
Firstly - the whole Dell thing came about when Apple collapsed and had to be rescued from *bankruptcy* by Microsoft. The entire ADKC record should stop at this point, possibly with an apology.
Not for nothing but basically everything on there is either still true or Apple have taken steps to mitigate the issue. The city has a love-affair with Apple but their sales figures bear no relation to their market cap - in the real world they should fail, and as I mentioned before; actually have previously.
I've said it before many times - the key here isn't blasting code at kids, it's finding the ones who are naturally interested (not necessarily that they're good at heavy maths, we don't need that) via some sort of taste-based learning - and then nurture them, probably with some genuinely taxing, but fun, lesson structure.
I've been through this country's education system recently *enough* to know what the issues are and now I'm a professional software developer. Probably the biggest single issue for me is that teachers don't get paid enough to attract people who know what they're doing to teaching short of the possibility that they just sold their faceback app to google for 43Bn and now want to give their time to the public good (which realistically isn't going to happen).
It's true that all kids should be learning how computers work a bit more over just learning how to input data into excel (and how to deal with macs crashing every 30 seconds) like we did at school, but not all should be writing code.
As for misogyny, I don't think there is anybody who doesn't want more women writing code (and thusly - in context - girls learning it like us boys did when we were kids) but the issue isn't the men who are doing it so much as the way girls are raised to like barbie and play with their Mattel cooking-related toys which sets them on the path to being housewives in the first place.
Re: Hats off to the Troll who stabbed snoring Gulliver in the eyeball.
"Microsoft's taxation of Android"
Microsoft's "taxation" of Android is based in legitimate invention of an actual thing that Google has no issue paying. Microsoft have been making smartphone software since before Google even existed - huge difference.
Re: The rich get richer ...
"The green eyed envy of hypocritical socialists never ceases to amaze"
Ah you must have caught the disease known as "American".
The left loves Bill Gates to bits, because he does what the right claims to want to do instead of paying taxes but conveniently never actually bother whatever their real effective tax rate. If more of the right were like Bill we wouldn't need taxes at all. Instead they like to sit on dead money doing nothing.
Bill got his KBE from a left wing government, but whatever.
Isn't a billion unless you're at least 60 years old.
Also ask your nearest software developer why long scale is nonsense.
Re: Flawed assumptions, Dani Eder's proposed solutions
They will agree because it'll be easier to mine for transactions (in other words earn money for confirming them), it's simply a case of updating the protocol. The issue is more figuring out when it needs to happen.
Not for nothing but lets not pretend you can't use cash to anonymously buy drugs or have somebody killed.
Re: Have to legalize it to tax it.
"levy taxes on Bitcoin transactions" - if you're earning them in some way and you convert them into a real currency you're going to be liable for taxation as earning/investments anyways. Probably worth noting.
If you spent 100 quid and now they're worth 20k you're going to have a major cap gains issue, otherwise you're committing tax evasion.
Knowing people that do and have worked for apple:
... we call this perjury where I come from.
This is all :)
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Phones 4u slips into administration after EE cuts ties with Brit mobe retailer