382 posts • joined Sunday 16th January 2011 00:26 GMT
Re: Another 5-4 decision
"Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise fhereof; or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."
A corporation is a usually peaceable organization and most of "the press" is corporations. Crossroads GPS is not materially different from much of what we think of as the press, and probably presents a view slanted to more or less the same degree, although in a quite different direction, as Mother Jones or Glenn Greenwald. A plain reading of the First Amendment suggests that any legal restriction whatever on political reporting or advocacy, including campaign expenditures and lobbying, is at best highly suspect, and quite possibly a violation of someone's constitutional rights.
Whether you're at a Customs checkpoint or stopped for a traffic offense it is unwise to sass the officials. You might win in the end at considerable inconvenience and expense; or you might not, probably at greater inconvenience and expense.
Someone at NRO has a sense of humor. We knew they were there (or should have); there is no reason to try to hide it. I tend to agree with Cubical Drone @ 1553.
"... NSA an most agencies have the SSL master keys."
NSA was reported to have a key provisioning service that could provide their analysts with keys *they had* but I don't recall a listing of those keys and do not think anything was said to indicate that Microsoft or anyone else had voluntarily shared keys with them.
Re: Not that easy to stop
I wonder if a small strip of duct tape over the microphone opening would do the trick.
How was the communication software installed on the systems? On its face some type of physical access would be needed on at least some of the communicating machines.
This idea seems to have marginal utility in that once the appropriate software is installed on both the isolated network and a nearby internet connected one, there would be potential for inbound control and outbound data transfer. The obvious countermeasure, in addition to removing or disabling audio input on the airgapped machnes would be to remove internet connected machines from the immediate area. I seem to recall that high audio frequencies don't turn corners very well and probably don't go through closed doors without serious attenuation.
This seems an interesting oddity but probably not very useful in practice.
According to my understanding it has quite a bit to do with interoperability, at least at the development level. Developers can use the Java language and related tools to develop for Android devices so long as they limit themselves to the Java APIs that Dalvik implements. That is a huge gain for them and for all users of Android devices. It hurt Oracle to the extent that they were planning to recover part of their Sun purchase price by licensing the mobile version of Java.
My recollection is that Google did not consider the mobile JVM fit for their purpose, and Oracle declined to license the full JVM for mobile use, at least at rates agreeable to Google. So Google did a reimplementation of the part of the API they felt they needed, similar to what Compaq did with the PC BIOS. To the great benefit of a great many
So the Germans are doing it too. So much for privacy laws.
Re: Who the hell cares what any Iranian News Agency has to say?
$1M ~8-10 people working for one year. The ARPANET packet switching IMP program was developed by three people in about a year. Since it was under a US Government contrac, I expect the billed amount was about an order of magnitude more than the implied $300 - 400Kt, though.
"If you subsidised a Samsung Galaxy for €100 then you were obliged to subsidise Apple for at least €100 per iPhone. You would be penalised for breaching that - either by paying Apple or paying in the equivalent marketing."
This sounds quit a lot like what Apple and the publishers were found guilty for trying in the eBook market.
Re: Monopoly Power
They are a monopoly (perfectly legal) in respect of the iStore, and used that as an inducement to the five publishers to engage in illegal price fixing for their mutual benefit.
The way I red it, he's assigning the work to himself, in his other role as a consultant, for an additional 15% fee, something that would be a clear conflict of interest if not for the fact that attorneys, as officers of the court are defined to be incapable of having a conflict of interest, or so I understood in a slightly different context a number of years ago.
Hard to feel sorry for Apple, though.
I've been running Debian on an Asus netbook for a few years now and it seems generally as adequate as the XP it came with. The install then was a bit hands on due to wifi driver needs, but I think that's been remedied. Not sure why this is such an absurd idea. The minecraft installation instructions are simple enough and appear to work (same for Ubuntu and Debian), and the applications ought to be fit for a 12yo in middle school.
Not as cool as an iPad, though a few orders of magnitude more useful
Re: Re:But hey, you don't care when having a good rant?
Made up statistic for today, Thursday, November 28, 2013:
83 % of Register posters can rant successfully in three or fewer lines.
Re: I thought the usual method was
But here you are just making things up. The Register article and the Greenwald article on which it is based described a program to find actual information.
There is enough reason for concern about the potential for national security agencies to misbehave without adding unsubstantiated fantasies to the list of "offenses".
Re: massive blackmail database being compiled...
Nothing in either this article or Greenwald's in the Huffington Post even remotely suggests that this is true.
The general drift of the documents released, many of which describe the controls on collection and self-reported errors, provides no support for these expansive claims.
Re: @Mayhem Chickens et al
It may be worth mentioning, also, that all but at most one or two in every hundred of the jihadi victims are Muslims engaged in their normal activities, or at worship, or many times attempting to assist other victims, or attending funerals of friends and family killed in earlier attacks.
Both the Motorola and National Semiconductor devices were far better than the rubbishy x86, hobbled as it was by register scarcity and backward compatibility to calculator chips. What a loss that they were too late for IBM to pick one of them for the PC.
Given the last uptake rate I saw for the Surface, I think it's the relative market share, not MS perfidy, that got Intel thinking about Windows alternatives in the tablet category.
Re: can Windows fork() processes yet?
Yep, a thread or two inside the same process so they can gleefully trample each other to death, neatly sidestepping the advantages delivered by multiple address spaces.
Multiple threads have a place; IBM had them in their mainframe OS at least as far back as MVS (1974 or earlier) and used them extensively in products like CICS and DB2. Separate address spaces provide protection from other processes and, for many applicatons, a far simpler, if less flexible, programming environment. Both techniques are useful, each in its place.
Re: Speaking as a recent apple convert....
@ukgnome: I do not own Apple equipment, so can't comment on the user experience. If it is as superior as you say, Apple will be taking market share from Samsung and the other Android based devices, and have no need to seek monopoly rents based on a broken patent environment.
On the other hand, the dominance of the Androids is powerful evidence that the overwhelming majority of purchasers value the lower-priced "poop" more than the golden "user experience" - at the time they sign a contract. Two years on we will know from the sales figures whether they changed their minds. For whatever it's worth, my (Verizon) Android serves me satisfactorily, and having recently moved to a new city I find the map and navigation applications especially useful.
Re: "scrolling and bouncing" is patentable?
"... on a touch screen"
" ... on a portable electronic device"
Such is the BS that is patentable.
Something I think might be useful, in addition to the obvious one of forcing disclosure of patents that are alleged to be infringed is a requirement to allow a defendant who wishes to pursue a patent challenge to completion before a lawsuit can be tried. I seem to recall that some years back RIM was put in a bind where they had to choose between paying a half billion dollars or so and shutting down in the US, based on infringement of one or more patents that ultimately were revoked.
Enough paranoid fantasy.
First, there is not the slightest reason to think the Federal government, let alone the NSA, had any reason in the past to be interested in the identity of anyone associated with Groklaw, quite a number of whom were openly identified anyhow. SCO (RIP), Oracle, and Apple are not the government, nor is there any evidence that any of them is in position to make claims on government police or military powers. And the proposition that potential Groklaw coverage of national security law would be harmful to the government's case is preposterous in view of Groklaw's fairness throughout its history.
Second, Groklaw is hosted on ibiblio, at the University of North Carolina, in the US. IF the NSA cared in the least about tracking those associated with Groklaw, they probably would have done it in a day or two, and by now it would be far too late for remedial action..
Concur fully. Groklaw could have been a forum to provide sensible guidance and analysis through the thicket of US national security law, which unquestionably is far more complex and subtle than anything, in any of the media, suggests.
I have seen nothing yet that even remotely approaches what Groklaw could have become.
Re: who cares ?
A substantial fraction of US Government computers, and probably also those in the UK and many other countries, run XP. Along with that, a very large fraction of those who haven't bought a new machine since Vista release, and a substantal fraction of those who could have purchased their machine with Vista but chose, rather sensibly, to accept the "downgrade" to XP. Those may total to a mere several hundred million PCs, but that hardly qualifies as "nobody".
I notice that on many of the HP systems now on offer, the descriptions prominently offer the option of a "downgrade" to Windows 7.
I had no clue about this until momentarily disabling Adblock Plus. Amazing.
Re: I dont get it...
The last time I looked at Oracle DBMS licensing, it was by the CPU, with a fudge variable that depended on the CPU archictecture. They didn't care how many instances you ran from the installed software, and where I was we commonly ran as many as the memory and CPU capacity of the machine would support.
(There also were named user licenses, but those only made sense for special cases).
Re: I expect to get a zillion downvotes but...
Maybe the framers of the Constitution distrusted the popular vote less than they distrusted each other, but they didn't trust the popular vote very much. As the Constitution was written, neither the President nor the Senator were elected by popular vote, only the Representatives.
The Senate election procedure was changed in a snit over purchased state legislators or something similar, and the "progressives", so called, full of knowledge about how well the Senate works, are agitating for elimination of the Electoral College so that those of us North of Texas, East of California, Oregon, and Washington (state), and Southeast of New England may be relieved of participation in the matter of choosing the President.
Re: This Annoyed the Hell out of Me
The law will not be changed to eliminate issue of sealed warrants and subpoenas that forbid disclosure. We are not talking here about a National Security Letter. (Actually, I'm not sure the highly indignant Senators or Representatives are, either).
TLS combined with DNSSEC would seem useful, but a government agency armed with a copy of the server certificate and warrant may be able to monkey with DNSSEC.
PGP is a bit messy, and not nice with web mail, but really not that awful. And the more you control directly, and the fewer entities you have to trust, the less open your message is to compromise.
The article seems to say that the only effective protection Lavabit offered depended on its certificate private key. Which the FBI (not NSA) obtained a warrant for.
PGP (or GPG) may be a bit of a pain, as is sidestepping webmail, but requires you to trust only the recipient (or the sender, if you are the recipient). And, of course, the PGP/GPG implementer, and the OS in use, and the compiler used to prepare it, and so on.
Ladar Levison may be more trustworthy than Google or Microsoft, but I really don't know any of them, and don't have, on personal knowledge, reason to trust any of them more or less than the others.
Re: Let's look at this...
Which works if you surround the antenna(s) with energy collectors and capture the entire signal, making it fairly useless for its intended purpose.
For a complete - quite funny - telling of the full story see
http://www.popehat.com/2013/11/06/another-hammer-drops-on-prenda-law/ (and links referenced there).
It would be very interesting to see some numbers - say the absolute amount of power extracted from a 100mw broadcast signal at a distance of 30 or 40 meters. My hunch says that at 100% conversion efficiency it would be at least an order of magnitude less than negligible - that if you used the 10 or so wifi sites you can detect from an average urban location, you would get no useful power. I am willing to be proved a fool on this, though.
The seven I can see right now from my house all are less than one nanowatt.
Re: Retrospective Reuters arse-covering ..
"[A] competent tech admin don't (sic) need passwords."
He needs passwords if he plans to access data which he is not permitted and knows that there is auditing in place that he cannot disable without being noticed. For example. What he needs is login details of people who plausibly could be accessing the data.
He could need login credentials to access systems to which he was not authorized. In that case, he might need credentials for administrative accounts. I seem to recall that shortly after Snowden's resignation, NSA announced a radical reduction in the number of administrators. These may be related.
It may *just* be possible that the employees whose trust Mr. Snowden abused had the honesty to come forward and own up to their error. In the end, though, they probably would have been questioned and with reasonable probability found out.
Re: Golden Rule
DoD password rules for administrator rules, as I recall from a few years ago:
Minimum length 13
Two or more upper case letters
Two or more lower case letters
Two or more numerals
Two or more punctuation characters
Changed no less often than every 60 days
Different from all of the last 10 passwords
Different from all passwords used in the last year
Put your story to that.
Re: trust us
NSA security lapses notwithstanding, it is not clear (yet) that Snowden took anything but the metadata - the slides and documents that describe the data being collected and its processing. From the NSA perspective that's undoubtedly quite awful, maybe worse than the collected data. For those about whom data was collected that could be good news, if you trust that he didn't have access to it, or chose not to bother.
Mention of borrowed passwords, though, suggests he took pains to gain access to systems that contained the collected data, so I would guess some of that went with him as well.
The drift of essentially all comments is that the Section 215 telephone metadata collection is plainly illegal and unconstitutional. As btrower observed, that will be determined in court; and until then, at least, it is lawful. Indeed, much of the evidence that it is being done derives from the warrants, issued by a federal court, that orders it, together with various US Department of Justice documents that prescribe limits on data collection generally.
It also is stated almost universally that it is clearly unconstitutional. That raises the question of whose rights are being violated. The data in question are records collected by the carriers, for business and system management purposes, of services they provided for their customers. It appears that case law, going back quite a few years, generally supports the notion that the customer has no special rights pertaining to it, so it may be the carrier's rights that are infringed. And, indeed, it is upon the carriers that the warrants are served, which makes sense as they are the only ones other than the mostly unknown customers who have the records. There may be laws requiring the carriers to stand in for their customers in such matters, but I would guess not. We may wish to consider some, but I would expect the RIAA and MPAA to fight against that to the bitter end.
I'm enough of a First Amendment hardliner to dismiss the whines about corporations not being people, but still find it a bit of a stretch to think of Section 215 as a restraint on freedom of speech or of the right to assemble and petition the government. And although I also support the EFF, I think it might be more useful to do the latter and address the issue with Senators and Congressmen directly, as they presently seem open to that, at least for public relations purposes.
Re: Can we haul GCHQ into court?
@Wowfood: Do you really believe everything you read on the Internet and in newspapers and hear on the TV and radio?
Re: But I don't need their passwords...
"Alternatively, I could provision a smartcard with their certificate on ..."
I am not sure that is possible in a USDoD agency for a lone administrator to do this. In the agency that employed me Common Access Cards are issued only in the security office, and programmable by equipment located there and online with a remote database that probably is used to verify the identity of both the issuing agent and the applicant; the processing would cancel the existing card and provision the new one with a new certificate. I believe the equipment used is physically inaccessible from the agency LAN. It is conceivable, however, that the old certificate revocation could be delayed for a short period, during which the authorized user would not be aware of the compromise. I am pretty sure that there was a hard line between those who could administer system and those who could issue CACs.
It seems doubtful that an SA would be able to generate a certificate, with the proper signatures, and install it properly to the network.
The problem with Dual_EC_DRBG in BSAFE was public knowledge (in Wired) in 2007, including the possibility it was inserted by NSA. Shame on RSA if they left it the default for 6 years, but one would have hoped professional users of cryptographic libraries would have taken notice and avoided it.
Criminals and terrorists may find the techniques of Stuxnet somewhat useful, but (a) lack of such knowledge didn't, as such, appear to impede them much before it became available, and (b) the authors, whoever they might be, might well have prepared to defend against it.
Spying on UK citizens by UK agencies certainly should be done in accord with UK law. It is quite silly, though, to expect a foreign intelligence agency to follow local laws. They're spies, after all.
As for relative access by foreigh/home grown security services to UK citizens' private data: that could be taken two ways, the likelier of which in practice would be to give the UK security agencies unfettered access, because that's what the foreigners have, constrained only by their consciences and the probability of being caught.
Square, unlike Twitter, has a real product/provides a useful commercial service. On the other hand, they would appear to be quite vulnerable to direct competition from the credit card services on which they depend.
Re: Still not "secure"
Nobody should have been using RSA-1024 (or less) any time recently, and I seem to recall that RSA-2048 becomes standard at the end of this year. RSA-768 was reported broken in 2009 - in about 2.5 years - and the authors projected that RSA-1024 might be solvable by their methods around 2020. RSA-2048 or larger should be good as long as I care about keeping my secrets.
RSA-1024 was reported cracked by a server attack based on creation of controlled power faults. Feasibility of a brute force attack is doubtful.
Re: Who's freaking who?
Theft of mobile devices is not terrorism, and the article does not describe it as such. Apple describes the device requests as arising from accidental loss or the perfectly ordinary criminal activity, both of which can lead to perfectly ordinary and legitimate police inquiries. Trash Apple and the governments for the things they did that were wrong, not those they did right.
Re: Who's freaking who?
"If it was democratic everybody would have a vote". Generally, only citizen are allowed to vote, and I expect that is the general rule in all democratic regimes; children, however defined, also are not generally eligible to vote, and those adjudicated mentally incompetent or convicted of serious crimes often are ineligible. Contrary to the unstated accusation, essentially all others in the US are eligible to vote, and around half of them actually do so. The present flaps over registration, voter ID laws, and gerrymandering are largely political theater on both sides aimed at gaming the system for partisan advantage.
While I think the facts favor manual pen ballot completion over voting machines of any type, and it has been established that the Diebold and other electronic voting machines have vulnerabilities, there is little or no evidence Diebold or orther manufacturers such as Election Systems and Software have acted to affect election outcomes. It's worth noting, too, that the now-preferred optically scanned ballots are, in the implementations I have dealt with, as dependent on uncorrupted software as the touchscreen voting stations.
The Electoral College was established because the electorate as a whole was thought likely to be ill informed and unduly swayed by emotion (see Federalist # 68 for a discussion). While this intent has been undermined by legal and technological changes, some might consider the rise of Tea Party Republicans as clear evidence the framers were quite correct. As an aside, "it's the electoral collage that really decides things" overstates the President's importance in the overall structure of government, an understandable error when the legislators have allowed or encouraged growth of the executive branch to the size it has reached.
Re: Ha ha ha
While I am not a fan of some of NSA's undertakings, I also am not aware of any instance of police turning up at someone's door because their web browsing activity was referred by the NSA. The story to that effect that turned up early in the current series of revelations turned out to have been referred by a former employer. Indeed, there was a noticeable amount of blathering after the Boston Marathon bombing to the general effect that the Tsarnaevs' activities ought to have been caught by network surveillance but were not.
Re: is this novel..?
It appears, perhaps unfortunately, that the original claim was filed February 3, 2009, preceding the dates for both Net::OnlineCode and Crypt::IDA. Superficially, that would seem to preclude their use as prior art, but perhaps they would be useful to dispute the Bittorrent's claim that the invention was non-obvious and was produced independently by one normally skilled in the applicable arts.
Re: Storefront Technology
Perhaps companies with management focus on the next quarter and next fiscal year bottom line tend more than they rationally ought to treat the enterprise as "manufacturing" process in which consumers are an input resource. This would lead naturally to vertical integration actions intended to ensure that the resource is is kept available for continued exploitation using such things as manufacturer specific hardware and software standards, and now locked down software stores. This is not materially different from vendor lock in as practiced, for instance, by document management system vendors who store the metadata using proprietary database schemas and thereby raise the cost to purchasers of switching to a competing product. Apple began it in the PC environment, I think, with or shortly after the Apple II, with longer run result of helping IBM, and the clone makers enabled by the open standards, to dominate the desktop market ever after. Based on sales figures, the same may be happening now with Apple/iOS v. Google/Android.
Sony and Microsoft seem to be trying the same approach. We've seen what happened to the Surface RT; it was not good, and I haven't seen reports of impressive Surface 2 sales. Apple seems still to be enjoying a healthy revenue stream, but from a declining fraction of the cell phone and tablet markets. Treating customers as cattle to be milked may have limitations.