Re: "The horizontal access ...."
That was a bit jarring. It is like this was dictated and lost something or ... whatever. Glad someone mentioned it.
700 posts • joined 9 Nov 2011
That was a bit jarring. It is like this was dictated and lost something or ... whatever. Glad someone mentioned it.
Re: "Apple has about 50% of the market with college kids."
I believe it.
My household was MS-centric for a long time with Linux only being used for server stuff. Then, my kids *had* to have iPods like all the other kids ... then, they *had* to have iPhones rather than Crackberries like their parents. I gave in reluctantly to keep the peace and we all ended up on iPhones. The iPhones turned out to be way, way more useful than the crackberries and iOS, while not perfect, was significantly more reliable than anything Windows based.
Cracks, and then holes, in the dike, then it nearly burst when my daughter insisted on a MacBook Air as her new machine for university.
Every new CPU here in the past couple of years has had a non-MS operating system. MS has been a terrible partner over the years and it seems as though their formula for responding to alienated customers is to alienate them further.
MS: I have made myself a promise that every machine you disable because I had to swap out equipment gets re-enabled permanently with Linux.
Re: "Still have my old slip stick."
Moi aussi. I have gone through a lot of equipment since then and it is the only thing that still has some value. Why? It will still work after everything else here is obsolete.
I expect they are in the midst of this stuff anyway. The overall strategy is to ethically join forces with users, suppliers and advertisers against the competition. Do a 'grand slam' attack sweep of all low hanging fruit by leveraging their existing user relationship. Justify it by honoring the security and privacy of users.
1) Keep the pressure on to retain users. As long as they have the revenue necessary to survive they should not be injuring the quality of their system to chase dollars. Treat click-bait as spam and get rid of it.
2) Add a very high quality search engine. They have the ability to marshall server resources to crawl the entire web in short order. Just removing some existing annoyances would go a long way. Make it possible for a website owner to mirror their service to facebook's servers.
3) Create a truly killer advertising system by working *with* users to retain privacy and promote only things they are truly likely to want to see. Example: Coupons! So many great ways to make this type of thing work. Make advertisers compete in a 'top ten' offers race where half the people who make it into the top ten are not charged for the advertising.
4) Set up real-time Q&A that can tie into people's mobile devices. Work to link to Siri and Cortana, etc.
5) Provide premium streaming content -- music and video. Apple Music, Netflix, Spotify can be beaten.
6) Make a dead simple online IDE that makes programming against a facebook 'App' API easy.
7) Move users to the cloud. Create an arm's length joint custody secure information and messaging system that replaces EMail and Messaging with a hybrid that includes trustworthy storage.
8) Issue facebook charge card to any established facebook user that asks.
9) Bundle premium stuff for a no-brainer $5.99 per month fee. Existing incumbents are not setting the bar very high when it comes to respecting their users. Facebook is in a position to blow away the competition by *cooperating* honestly with their users.
10) Issue streamlined facebook browser based on webkit to tightly integrate all of the above and ... make it a no-brainer open source system that anybody can download, customize and build. You go to a link, download an install file and it sets up the entire build system with source code and an IDE that allows you to simply click a 'build' button and it builds.
@Vimes: Agree that legal changes are insufficient. As far as I am concerned government agents are already well over existing legal lines and I don't see any of them being trotted off to the slammer.
Lots of things will have to change and unseating the large number of powerful incumbents will be a trick. However, the consequences of wholesale surveillance and tampering by the state are too dire to ignore.
We need to make technological solutions that make it technically impossible for the government to do what it wants. We need to couple that with severe legislation that provides harsh penalties for anyone attempting to circumvent measures people take to ensure their privacy.
It is possible to design a system that does not depend upon trusting one single particular bad actor. We could have mechanisms that make it technically feasible to unlock some things, but only with an m of n number of actors who can mutually distrust one another.
The exposure of current systems is well beyond anything reasonable and we are coming to grief on an ongoing basis because of it.
Bottom line, as can be seen by other comments here: You absolutely *cannot* trust the government with this.
@hellwig: Upvote for you. Explanation noted.
Looking around the Web it seems that this is the claim:
This is not a Cygwin variation, noted Dustin Kirkland, a member of Canonical's Ubuntu Product and Strategy executive team. Cygwin's "open source utilities are recompiled from source to run natively in Windows," said Kirkland. "Here, we're talking about bit-for-bit, checksum-for-checksum Ubuntu ELF binaries running directly in Windows." -- http://www.zdnet.com/article/ubuntu-not-linux-on-windows-how-it-works/
Huh. Re-reading the 'theregister' article I see that what is said is not inconsistent with that. It is improbable because it is something of a technical feat. I will believe this when I see it actually running a full complement of Ubuntu binaries. It seems to me that there are fundamental conflicts in the absence of virtualization...
I hope this comes to pass. It might tip the balance for upgrading to Windows 10. It would be fantastically convenient to have a working subsystem like this that is lighter than a VM.
How is this much different than Cygwin through which I routinely access grep, sort, ls, factor, du, df, gcc, etc -- and oh yeah -- bash pretty much daily and have done for years?
Don't trust ... ya think? Well, you can trust them as far as the other governments I suppose.
Regardless of the legal theories being bandied about, what the FBI is asking is wrong and dangerous. Men of conscience eventually have to take a stand.
The level of misinformed arrogance in all three branches of the U.S. federal government is downright scary. Safeguards preventing these people from acting should be increased, not decreased.
Yes, it is a hard world out there. No doubt there are scenarios where the contents of that phone are crucial to the point of saving lives. It will never justify the damage that would be done by forcing Apple to do something unreasonable. There is a cost associated with riding roughshod over the rights of a billion mobile device users. That cost is well beyond any value to be had with that phone.
We could save a lot more lives by outlawing the use of automobiles. That does not mean it is the right thing to do.
Obviously, the FBI is looking for a damaging precedent and we should not let them get it.
Long term, there have to be penalties associated with attacks on the commons like this. As long as there is no cost associated with the attacks, they attacks will continue.
This is similar to the argument from "if you haven't done anything wrong, you have nothing to fear". Proper privacy and security requires more than just the possibility of some people having it. It requires that it is the default for everyone and it requires political regimes in place that make it exceedingly costly to subvert.
Every step of the system from hardware manufacture on up to human interface design needs to be designed for security. Everything is subject to attack.
We should culturally and legally make any illegitimately obtained information 'fruit of the poison tree' and and make it illegal to make any use of it. For instance, its only use as evidence should be as evidence of the criminal breach of privacy used to obtain it.
We are rapidly approaching a point where it is simply impossible even for experts to prevent surveillance. It is surprising to see any expert making a claim to the contrary.
I am very suspicious of our current security culture whereby everyone is encouraged to use the same small battery of inter-operable standards with key sizes only ever just 'good enough'. Is there anybody who knows much about this stuff that would really set arbitrary limits on things like key sizes? How can any expert endorse, for instance, Certificate Authorities controlled by governments, financial institutions, predatory companies and other fundamentally compromised entities?
I would say that any advice that is security related should be taken with a very big grain of salt. That includes this, if for no other reason than its list of hazards is woefully incomplete.
This reminds me of a shipment of IBM 56K modems I received in our lab one time. They were huge -- half the size of a microwave and a card in the box actually gave CPR instructions with the warning. We laughed and laughed... but we made sure to have the network guys install them :)
As long as these weasels incur zero penalty for attempting to rip us off like this, they will continue trying. The solution is simple enough. Clarify the law and make it a criminal offense to attempt to disturb the commons like this.
Sorry for the necro-post, but...
It is hard to imagine how this is not negotiating in bad faith. That bad faith makes ICANN a non-candidate in my opinion.
OTH -- the fact that we have an abusive agent in charge lends greater legitimacy to the notion that these functions should be entirely separate from the control of any central organization and should be distributed among the Internet population at large. Perhaps their outrageous hubris will trigger a real change.
The current shabby state of the Internet helps to keep monopolists in power, creates multiple single points of failure (in that 'authorities' can shut down big chunks of the Internet), intrinsically incurable security vulnerabilities and an enormous attack surface.
I repudiate the notion that entities like the U.S. government have a legitimate claim to control over the global Internet.
From a security point of, view, you should not trust any single entity with control. No bank puts access to the vault under the sole control of one unsupervised individual -- not for long, anyway.
The existing set of rules for governance are so far beyond the pale it is hard to have a meaningful discussion about it.
@yosp I will never buy Sony again, no matter what you do, but you might save other clients:http://tiny.cc/sh8gwx
Doubt this will have any impact at all, but at least they can't say they never heard from anyone.
The cost of *not* pursuing you for infringement just goes up and up. You can hardly blame them. Where would they be without those increases? Those people hauling wheelbarrows full of money down the vaults aren't free.
Bit harsh, but thumbs up for you.
You can be sure that this is not over. The network itself is not baked and clearly even people with a fair amount of expertise are not really clear about what is needed.
First, the network is not nearly baked. Hopefully we will get there quickly, but the IP address issues have to be dealt with and it is increasingly doubtful that IPv6 in its current incarnation will take over. That is good IMO because it is a demented standard as evidenced by its lack of uptake over many years despite a critical need for an IPv4 replacement. In addition to this core matter, DNS is messed up. It is insecure in a variety of ways, but the one that alarms me the most is that it is under the control of a handful of miscreants with a bad track record of custodial care. It should be distributed enough so that it cannot, for instance, have the U.S. government (or the U.K. government) seize control of a domain. As it stands now, the U.S. government has the power to redirect a domain and forge a certificate so that they could hijack banking transactions. That ain't right. They have proven grotesquely untrustworthy over the years and they are actually getting worse. Our system of routing makes it much more difficult to anonymize and and secure traffic en route and to guarantee delivery. Our web of trust using PKI is beyond broken to the point that people routinely ignore certificate warnings. EMail has spam. This should be effectively impossible for all but the most well financed interloper and even for them it should be net negative financially. I could go on, but surely people can see that unless I am lying or mistaken about everything the network has issues to put it mildly.
The whole 'net neutrality' is a necessarily evil red herring that basically represents the lesser of a variety of evils. A properly constructed network offering the best utility at the best cost would of course prioritize traffic. We cannot trust the incumbent network operators not to abuse packet prioritization, so we have accepted a crippled solution. A proper technical and legal regime would of necessity be more complicated. That's a problem because as a matter of public discourse we cannot even deal with a simple case.
Proper convergence has still not happened and until it does, the network will change in significant ways as it subsumes other networks and gets reconfigured to take on new duties. To be honest, I was expecting power over Ethernet to be there already and it makes me wonder how long it will take, if ever, to align the power grid with the information grid.
Anyway, this is not over by a long shot. The FCC rules, whether good or bad, will change.
Yeah, because when it comes to financial crimes and banks, the US is all over that. Does this also mean they will clear their backlog of charges from 2008 that they never laid?
JK -- Australia already has a whole bunch of US military installations. There is no reason to make a fuss.
Corruption? In a Bank? Say it ain't so!
When will it become apparent that our copyright and patent and other regulatory regimes are killing us? Apple has the money right now to absolutely dominate this whole thing by buying up all the infrastructure and copyrights. The only thing preventing a Cabal of cash-rich monsters swallowing the economy are a bunch of rickety laws designed for an industrial age quite unlike what we find ourselves in now.
The people running Apple have more than $100,000,000,000 dollars ready to spend and a dominant position in a number of markets that absolutely *rain down* cash. When you have that kind of leverage, every dollar from your massive stash goes a lot further.
On the upside, either because they are actually afraid of getting caught or have not thought of it yet, I don't see Apple going entirely evil and end-running anti-combines rules quite yet. They could pretty easily create a Gordian knot of ownership and control that made it so they call the shots all-round. That notion of iLife could get downright scary when you have to pay to use your own genes.
I would say the Chinese economic takeover of the West is something of a fait accompli. The writing was on the wall when dollar stores opened all over and shortly thereafter just about everything you could buy said 'Made In China'. We didn't mind because, 'hey, inexpensive products'. For a while there we were importing things at prices below the cost of assembling the raw materials locally.
Here in Canada, we sold away our industrial infrastructure shortly after NAFTA (free trade, yay!) rendered our industrial economy no longer viable.
I think that free trade was inevitable, but it took a very evil form as our government and others threw wide the doors and let unregulated capitalist firms do as they wish. They did and now we know that their wishes and our wishes, contrary to what we have been told, do not coincide. We really should have had a plan for the post free-trade environment. A lot of jobless people took a pretty big hit because they were not paying attention on election day. It does not, BTW, look as though they took any lesson from that. Bill C51 is fixing to put the last stone in place for our shiny new police state -- you know, so we can harmonize tyranny with the existing US and UK police states.
Be careful what you allow your corporations to wish for.
Which will be the first (former) first-world nation to attempt to turn back and remake their industrial base? I would like it to be Canada and I would like us to be leveraging what we have in terms of an educated population and empty plants to build 3D printers and general purpose robots from raw materials on up. With high-quality 3D printers and a generation of capable general purpose robots Canada would only have to worry about energy supply and military attack. We have the oil sands for the energy and enough materials to build a hell of a huge robot army.
The only way back is for a country with enough natural wealth and an educated population like Canada to invest in stuff that can side-step the economies of scale or to specialize in guaranteed export value things like processed food where we have the scale and did I mention robots?
We (Canada) are in a heck of a bind. We are sandwiched in between the enormous economic and military powers of the United States and Russia and dependent for manufactured goods from the gigantic Chinese industrial powerhouse.
Side note: I do not think that our measures of economic wealth value China's position properly and I think it has been a long time since they have. The U.S. dollar is holding relative value together for the time being but it is only a matter of time before there is an adjustment. It is increasingly looking like that is going to be a very short sharp shock.
Tangential geopolitical note: Am I the only one that noticed there is more than $50 TRILLION (with a 'T') dollars worth of petrochemicals underneath the sand in the Middle East. Somebody should send troops in to secure that before ... never mind.
Man, I remember seeing the Symbolics people demonstrate their LISP machines at a trade show back in the 1980s. To this day, it seems miraculous what they were doing. If only they had been more open the world might be a significantly different place today.
Oddly, the same behavior that in my mind killed Symbolics and pretty much took LISP with it also triggered the beginning of the Free Software movement. Who knows if things worked out for the best after all?
I am still wistful about the demise of this company. Once upon a time they had real magic.
... but unbelievable. My response would be to push to alter the rules so that criminal penalties applied to anyone in the future attempting to interfere with public bandwidth. IMO, criminal penalties already apply, but I would support specific legislation that made it crystal clear. Marriott does not own that spectrum. If they want it, they should cue up and spend the billions necessary like everybody else.
For my money Java, MySQL, OpenOffice and VirtualBox all suffered. Sun machines and Solaris used to be fairly common in places I traveled, but no more.
Oracle is a company bent on serving Oracle/Larry to the exclusion of anything else. It seems to be a culture that values 'winning' regardless of whether or not it diminishes net wealth all round.
I am mystified as to why people stick with Java when it is *clearly* encumbered by Oracle. A proprietary programming language cannot and should not have a future.
Given that Adobe's Flash is purpose built to be a vector for malicious activities, it is hardly surprising that it is being used that way. When it works entirely as designed it is evil.
I have been responsible for millions of dollars in Revenue for Microsoft via purchase, recommendations, leading by example and contributing to their ecosystem. I have been a Microsoft customer since 1984. In the first decade they were not a bad partner, offered value for money and made the user experience tolerable or sometimes even good. It was clear by the 1990s that Microsoft was a terrible partner for larger businesses, but it still seemed OK for the little guy (developers like me, anyway). In the second decade they began to make licensing a nightmare, stopped making products better (making some worse) and became a significantly less valuable partner. I started the 1990s as a relatively enthusiastic supporter and recommended them. I ended the 1990s grudgingly recommending them, but cautioning people that the path forward was not looking too good. In the third decade they became a very bad partner. The disconnect between themselves and their partners became intolerable. In this fourth decade just started I finally made up my mind that Microsoft was simply not viable for me as provider or partner. They did not have much of a 'soul' to begin with, but they have lost even that.
The last PC purchased by my household was a Macbook Air and so far my household has purchased nine iPhones and zero Windows phones. These were not votes *for* Apple. I don't like Apple. They charge ridiculous premiums for things and are near psychotic about keeping people in walled gardens. These were votes against Microsoft and Google, both of which have broken faith so badly that they make Apple look good.
Bottom line: your experience that Microsoft was not good to deal with seems to be repeated on all sides. I honestly think that Microsoft's contempt for its customers and partners and its single minded concentration on financial advantage for themselves regardless of the impact on customers is what will be their undoing.
It takes a long time to get a customer. Keeping them is less work. Once they are lost, though, getting them back is very difficult and expensive.
At this point, only the most radical reversal of direction would return me to the fold and as of now they appear to be putting on the afterburners to continue forward on the course that made me part company.
Note when I say radical I mean a breakup of the company among other things.
Here is my analysis:
Precis: The fact that security was not addressed front and center means they may not understand even a bit what they are doing beyond the hardware and bare protocols.
I am gratified that others commenting see the problems. Note, though, that the IoT is already upon us and it is just not going away. Most useful things can be used for good or evil. Science and technology are not inherently evil. Cars kill a lot of people but our reaction to that has been to enhance their safety, not to stop using them.
I am not sure I get the big hate on for this guy. Sure, he was an asshole in school and said some pretty creepy things. He is probably not the statesman we would like to see in charge of a company with a market cap of $218,706,670,501.
He's still basically a kid and has made himself a billionaire. That's not too shabby. It's probably better than anybody commenting here will ever do.
I am not a big fan of some of the stuff that facebook did to get its critical mass. However, the operative word there is critical. Had they not gotten there fast, somebody else would have crushed them the way they crushed MySpace. The volume of users and user activity is what makes facebook worth so much and a lot of what I find objectionable that he did was basically necessary to keep the company alive, believe it or not. They had momentum and mass and they needed both to stay afloat.
Facebook is nearly unstoppable now, but it has a few vulnerable facets and it seems to me that this young man is doing his best to find and fix them. However, this has become a tricky game because the massive size of the company limits its room to move. The low hanging fruit is mostly gone and big stuff like search brings on pretty scary competitors and almost certainly government interference.
I am hardly a fan, but I really don't get the bashing. We *should* expect more from people who control massive assets and wield great power, but there is a limit to what is reasonable to expect. Somewhere back there we still have a thirty year old human being who is still forming. I think people should cut him some slack.
I will hazard a guess that a sudden windfall of a billion dollars or so would amplify faults in many of the posters here.
If I had to make a suggestion for something outside of facebook work I would say learn to enjoy helping others merely for the satisfaction of doing so. Get creative using money to reward the many less fortunate, not with handouts but with a hand up. Give people hope in communities where hope is hard to come by. Help to create a cultural ethic that values everyone, not just a few superstars.
Here, FWIW is one of the things I am doing outside of work that might be worth a go:
It is possible to enter a meditative state that is 'different' as sleeping is from waking. It is something that you can learn to do with a little practice. I learned to do it to make long waits in airports and flights on airplanes tolerable. I used to commute weekly and this turned something dreary into something pleasant. I use this to put myself to sleep from time to time and use it to get little calm spots as a sort of 'reset mechanism'. I have only used it to sort of 'escape' a state that is less comfortable. It only occurred to me when I was describing this to someone that I had never tried entering this state and staying there while I conducted my day. So ... I have set myself the task of attempting to enter this state and stay in it while I am actively doing other things. I don't know if this is possible but it would be pretty cool if it was.
A person doing this 'meditative living' is not likely to be particularly spectacular on the outside, but I think it might be really something for the person themselves.
The above might be something of a stepping stone to mastering and actively managing your mood. None of us can entirely control our environment, not even young billionaires. However, it is possible, I think, to get a great deal of control over oneself.
That fact that attack is cheaper than defense is hardly news.
To have reasonable security against attackers you need advice from people you can trust, trustee services from different people you can trust, secure algorithms, secure key sizes, secure hardware, secure storage and internal communication, secure operating systems, secure devices, secure device drivers, secure software, secure external communication and storage, trustworthy users and secure premises.
We don't really have any of the above and all of them are necessary (but still not sufficient) to have a system reasonably resistant to attack.
I am not going to pretend putting the right things in place is easy, but they are doable. The fact that they are not being openly addressed shows me that people who understand don't care and people who care don't understand. Anyone with much understanding knows that all traffic and storage should be encrypted. It is not.
In many security discussions you see something along these lines:
We can verify this with the appropriate keys.
Unfortunately, that is costly.
Solution: Don't verify.
As the Treacherous Computing Asshats have discovered, it is very difficult to secure anything that must be decrypted and then used outside of a controlled environment, especially if part of your agenda is to cripple security otherwise.
As a collective of some 500 million plus people with a vested interest in making things genuinely secure, we can overcome the attack/defense disparity even if it is many orders of magnitude. Step one in getting there is to stop paying the attackers to secure our system.
Re: " there is always a single point of failure regarding the domain name."
Yes, but that should not be the case. The very fact that the people who run DNS allow this to happen means they are not fit for purpose. A single entity should not be able to silence a site.
Re: Y'all need to build a fully decentralized internet, at the IP and DNS level, pronto.
Is there any other way that we can possibly have a network we can trust?
Re: "Bullshit. It remains completely lawful as you have failed to show how it has breached any actual law."
It was established at Nuremberg that some rules of conduct transcend the explicit laws of a particular state. Invading the privacy of every person at once goes well beyond any reasonable norm. It directly conflicts with the letter of the most fundamental law in jurisdictions like the United States. It does not matter how many toadies you trot out bleating that it is OK. It is not OK and as far as I am concerned it is something that warrants eventual prosecution and punishment.
Apropos of eventual punishment:
"Crimes against international law are committed by men, not by abstract entities, and only by punishing individuals who commit such crimes can the provisions of international law be enforced." -- Judgment of the International Military Tribunal -- http://avalon.law.yale.edu/imt/judlawch.asp
The ultimate harm to be done by massive illegal searches without probable cause and the apparatus used to conduct them is enormous well beyond the injury to mankind done by a few despicable acts done under cover of a 'hot' war. We should be taking names and ultimately be holding the various perpetrators accountable.
Re: btrower The gloves are off
Re: "But doesn't your right to security oblige the authorities to have the powers and means to ensure your security ... You can't have one without the other."
No. How is that even a question? It is as if you are saying it is necessary to shoot my dog in order to keep him safely in the yard. Completely invading my privacy in every way imaginable, putting me under constant surveillance, reading my mail, listening in on my phone conversations, constantly monitoring my whereabouts, spying on my friends and family and similar insane stunts are not reasonable or necessary to protect my privacy.
Re: "how are they using 'force' illegally, and how is their duty to protect the public not part of said covenant?"
Your slight misquote does not properly represent what I said. I said 'illegitimate use of force' because there is now some question as to whether or not laws passed in recent times are fundamentally legitimate. Plenty of laws have been passed and precedents set in the United States that do not pass muster against any reasonable reading of the Constitution. The coercive power of the state sits behind any provocative action it takes. Unless both warranted and necessary it is certainly illegitimate. Of course, in any rational system it is also illegal as a technical matter.
Here is a lovely story of a warrant-less entry that involves undeniable overt force which was, in fact, deemed illegal by the courts:
Glidden first demanded to be allowed into the home and was denied permission. So, according to the complaint, he pepper-sprayed Jason and then Laura.
“Glidden then turned to Jason, who was still standing, and shot him in the back with his Taser,” the complaint said.
When Laura closed the front door, Glidden continued triggering the Taser through the closed door.
Then White joined in.
“Together they forced open the door and found Laura and Jason lying on the floor,” HSLDA said.
They “slapped Laura, knocking her glasses off of her face,” they threatened to shoot the family dog, they threw a telephone across the room, called Laura a “liar,” handcuffed the parents and threatened to let Jason fall down, according to the complaint.
It all took place in front of the three children, ages about 13, 10 and 8, who were taken into state custody, where they remained for months.
Re: "The article was written as a whole and ratified as such by the then nations of western Europe which rather suggests that its original meaning is unchanged from what they wanted."
That's may be the theory. Sadly, that is not the practice.
"The last-minute change that was made in this bill… puts a real poison pill in this bill for consumer advocates such as myself," Polis said. "Many consumers won't be unlocking their phones themselves. There needs to be a market in unlocked phones."
Re: "except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others."
The purpose of the article is clear enough to me. The fact that they tack on weasel words to the effect "it is except when it isn't" does not fly with me and it should not with you either. If they are going to give any real weight to the part you cite then they might as well just strike the article altogether because it would have no effect and *yes* you are correct, they did go with that part of the article. That tells me that:
1) The article needs to be rewritten to properly accomplish what was obviously its original explicit purpose and that means striking the part you find so endearing.
2) The people and organizations doing the interpretation need a clean sweep to install people with some sense.
Improperly formed specifics of legislation require repair and in the meantime should not be followed when they conflict with reason and the obvious spirit of the law.
At its heart, the right to privacy is another aspect of the right to security of the person.
Our society and government are contingent upon covenants that we make among one another. Our current emerging police state is able, for now, to breach the covenant by the illegitimate use of force. However, that breach renders the covenant void and to the extent that the people operating the mechanism of state continue to act that way they act outside the law and should be ultimately be stopped and held accountable.
I did not miss the bit where an ill advised decision was made to pretend that such and such a breach was lawful. It remains unlawful in any meaningful sense. Yes, the UK in particular has absolutely horrendous legislation in place and a thoroughly corrupt administration. However, they may insist to a man that it is legitimate to execute innocents or do any other noxious and patently immoral, fundamentally wrong and ultimately illegal thing. That does not render it legitimate or legal. Some things are fundamentally beyond reason. No court decision can give them legitimacy.
The current U.K. law essentially reads in essence that the people are free from interference from the state except in the event the state deems interference desirable. It is just bad law and good men have no obligation to uphold such a law and a moral imperative to oppose such a thing.
Courts sometimes make mistakes; even very grave ones. A mistake by a court is still a mistake -- more tragic than normal, perhaps and harder to fix, but still a mistake.
This is *our* government and *our* society and there is not a whisper of a doubt that to the extent that we can make covenants with respect to *mandatory* rights the majority of informed observers insist that detailed unwarranted blanket surveillance is simply contrary to the deal we made.
Law enforcement and the legal system as it currently exists is becoming increasingly less of a solution and more of a problem. They have badly lost their way.
For law to have any legitimacy or meaning it has to fundamentally reflect the covenant we have mutually agreed to as a body politic. Constant surveillance of ourselves and our loved ones in our private lives, our correspondence and our relationships is not something we could have sensibly agreed to. I do not personally know anybody conversant with the issues who thinks for a minute we should be under constant intimate scrutiny by the state or anything else.
Below are some references to things that either form or inform the law in various jurisdictions. All the states involved here are signatories to the U.N. document and blanket surveillance is contrary to that agreement by any reasonable reading.
Universal Declaration of Human Rights
No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.
CANADIAN CHARTER OF RIGHTS AND FREEDOMS
8. Everyone has the right to be secure against unreasonable search or seizure.
In Lawson Hunter et al. v. Southam Inc., the Supreme Court stated that a major purpose of the constitutional protection against unreasonable search and seizure under section 8 of the Charter of Rights and Freedoms was the protection of the privacy of the individual.
The case involved a constitutional challenge to a search conducted under the Combines Investigation Act. The Court concluded that to assess the constitutionality of a search, it must focus on the search's reasonableness or unreasonableness in terms of its impact on the individual and not simply on its rationality in furthering a valid government objective. Mr. Justice Dickson of the Supreme Court advanced in this case for the first time the precept of reasonable expectation of privacy as a standard against which government action should be scrutinized.
The United States Constitution
Amendment 4 Search and Seizure
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
The Human Rights Act 1998 (the “Act”) incorporated the European Convention on Human Rights (the “Convention”) into UK law. Article 8(1) of the Convention provides that “everyone has the right to respect for his private and family life, his home and his correspondence.”
Convention for the Protection of Human Rights and Fundamental Freedoms
Being resolved, as the governments of European countries which are like-minded and have a common heritage of political traditions, ideals, freedom and the rule of law, to take the first steps for the collective enforcement of certain of the rights stated in the Universal Declaration,
Have agreed as follows:
Article 1 – Obligation to respect human rights
The High Contracting Parties shall secure to everyone within their jurisdiction the rights and freedoms defined in Section I of this Convention.
Article 8 – Right to respect for private and family life
Everyone has the right to respect for his private and family life, his home and his correspondence.
There is no rational theory whereby we have given these idiots permission to violate one of the very most basic of human rights.
The lot of them need to be swept out of any position where their deranged vision of what is reasonable can harm any of us.
I can't think of a way to do it yet, but as far as I am concerned, the entire body of people who do stuff like this should be on notice that their behavior is not without consequences. They think it is OK for people to be surveilled 24/7? Fine. Let *them* be surveilled 24/7 and let the public do the monitoring.
Re: "some point at which it becomes reasonable to warn that something is afoot"
Something is afoot right now. You can take that to the bank. There are so many attack vectors it is impossible for a firm to entirely secure your system.
I am not a big fan of the AV vendors, but I think they have been more than upfront about the fact that you are in ongoing danger.
Same as the old boss as Graham Marsden said above.
Having anything headquartered in the United States that affects privacy is belligerently foolish. It has to be a non-starter.
Fool me once.
I am sure that there will be all manner of interesting critique here at the Reg.
Anybody presenting a 'trust me' architecture vulnerable to abuse by an incumbent or collusion by a small number is either incompetent or dishonest. From what I have seen it appears to be both.
I don't have a design but surely there is some way to build a more secure system on top of the existing infrastructure using a distributed trust architecture that cannot be hijacked again.
Both sides of this get me worried. Neither alternative is very good from what I can see. Forking away from Debian seems like a doomed move. However, the people forking say that systemd is creating all sorts of dependencies. You have to worry when the people blithely working on a system which is already a nightmare of dependencies are complaining about a change the brings in 'too many'. OMFG.
Maybe one of the people who became billionaires off of the ideas and hard work of other people could step in with funds to sort this out.
Should it not be 'titsup(TM)'? I am pretty sure somebody must own that 'IP' and it might well be Oracle.
Re: "It carefully targets sites whose sole purpose is to make money off the back of other people's content while paying nothing back into the legitimate economy."
A truly legitimate economy would not even *have* players like the MPAA and RIAA, let alone be sending them money for the right to access cultural artifacts already bought and paid for by somebody else.
File sharing services are people voting with their feet. If it is a small number, then it does less harm than the draconian measures being taken and we should let it go. If it is not a small number then the 'rights' regime is de-facto illegitimate. Either way, concerted state backed attacks on people sharing files is not legitimate by any measure. Those things are *grants* extended at the pleasure of the body politic and only then because of an expectation that they are net beneficial. Once we collectively decide not to extend those grants, that is the end of them.
At some point it is time to start taking names. People attempting to wrest our culture away from us and those aiding and abetting should be put on notice and ultimately be held responsible for the damage they do.
Our government's only legitimate reason to exist is to aid and protect and advance the interests of the people that make up the body politic. Similarly, corporations are legal fictions whose only legitimate purpose is to make a net positive contribution with a minimum of disruption.
Nobody should be going to jail or having their livelihood taken away for sharing a song or reading a journal article.
There have been a series of poisonous precedents set that pervert the sense of our constitutions. Were judges referring reasonably to the spirit and intent of the fundamental laws nothing like what is described in this article would happen. These things are at worst civil breaches and it is not up to the people (us) to pay the bills to press those cases.
Faulty reasoning leads to faulty analysis and unless cooler heads prevail, immoral overreaches.
If the apparently wayward companies being mentioned were to hypnotize or even poison all of their users it would stop all kinds of mayhem from happening. Facebook offing its billion odd users would measurably reduce all manner of crime statistic. That does not justify that action.
Do the police have the right to inspect people's communications and personal material without a warrant? No. No they do not. There is a reason for that. It is clearly a reason they do not understand.
The people in the UK government bleating endlessly about this should be relieved of duty until they become fully clued.
Companies like Facebook do not need any more excuses to spy on people.
Me too. Had MS stuck to their knitting and properly upgraded VS6 we would all be light-years ahead of where we are now. Practiced VB6 developers can bang off a non-trivial working application including installation routine and documentation in a day or two. Except for Delphi I don't know of any IDE that has come close to VB6. It is still by far the easiest to use.
VB6 as a language has some serious annoyances and conflating forms and applications is brain-damaged. However, none of its warts are show-stoppers and in a pinch you can always just call COM objects or C/Assembly DLLs if you need more function or better performance.
I think VB6s big failing, ironically, is that it was so easy to use.
So we own something, in this case something nominally worth $34 billion and even though we need it, we sell it to someone else and rent it back from them. Will the profit be magic or will we end up paying it in the end? Is it not worrisome that something that valuable was sold when clearly the people selling on our behalf had a very poor understanding of its value?
We know the telcos cheerily charge whatever the traffic will bear, slip in fees never agreed upon and manipulate bandwidth allocation to maximize profits at the *expense* of harming the network. They are now going to take a $34 billion dollar investment, add *just* enough funds to allow them to charge for the new real-estate they own and then they are going to charge us for this thing that, remember, we need. How much will that cost? Well, whatever they can get away with. It is a safe bet that it will be a lot more than the sum of $34 billion dollars and what they spend on equipment.
The telcos most important investment in this enterprise preceded the $34B and the $34B sealed the deal. From here on in, whatever use we get of that bandwidth it will not be what it should be and it will cost a bitter premium over what it should.
Some will say 'yes, but we got $34B'. We did not. The people who run the government and their cronies got the money. Considering their track record, it is a safe bet we would have been better off holding on to bandwidth.
What really bugs me is that this type of piecemeal allocation of bandwidth is blocking convergence and its attendant benefits. It is just making it more difficult to unravel the mess.
The ridiculous security infrastructure in place along with holes deliberately punched through by agencies like the NSA make this not just likely, but inevitable. Sony will not be the last to witness such a breach.
If you have not had a visible breach of any kind and you have a valuable network I would not be too smug that I had a secure system. I would be suspicious that you have already been penetrated if you have never seen any visible sign of a partial breech. The really dangerous malware seals up your system so other malware (or legitimate attempts to reclaim the system) cannot break its grip.
You are not going to see a zero day exploit on your system if it has already been used, your system captured and the weakness fixed by the intruder.
By their nature at least some zero-day exploits are very hard to anticipate. In most cases, your just hoping that you get notice and a fix before a breech because some other sucker took the hit.
Mortals attempting to keep complex heterogeneous systems secure don't have much of a chance against strong attacks.
Having said the above, a down and dirty way for medium to large companies to at least make net facing systems less attractive as targets is to just get someone who knows what they are doing to make sure that hardware firewalls seal the perimeter.
Before the naysayers jump in -- yes this will be vulnerable to certain types of attack -- NO that does not make this useless.
The very fact that many messages are suddenly travelling encrypted means dragnet surveillance is much more difficult.
Hopefully other companies will follow this lead.
If you think about it, one man's extremist is another man's dissident. We need at least some small avenues that allow civil disobedience if we have any hope of maintaining our rapidly shrinking freedom.
Two thumbs up for the donation. It is a nice counter-point to the donation to Harvard we heard about recently.
Finally, we should not let the fact that something is not sufficient deter us from putting in place things that are necessary. The perfect should not be the enemy of the good.
Re: "Why must it always be THEIR bad guys...."
That information is classified.