2652 posts • joined 28 Apr 2006
It's hard for a reason
Using PGP properly is hard -- for a reason.
If you get any of the practical implementation details wrong, you can end up with a product that looks secure but isn't. Nobody wants to be selling that product.
Private keys have to be kept secret. You can't afford for there to be any way to leak a private key. Public keys aren't secret, but have to be verifiable; otherwise, you can't be sure some public key you've downloaded really belongs to that person, and not someone else who has the real public key, their own keypair and access to messages in transit and so can decrypt the message and re-encrypt it against the real public key.
By forcing you to use your own back-channel for key verification, which you can be reasonably sure is beyond the reach of a bent keyserver operator, the implementers can avoid that issue.
Unfortunately, that by definition makes it hard to use, for want of the very integration that makes for ease of use. But anything you did to make it easier to use would end up potentially compromising the security of the system -- maybe not now, but maybe in future, in some combination of circumstances that did not occur to the implementer at the time.
There are two fundamental limitations that you run into. These aren't limitations of technology, that will be solved with the right invention; they are limitations of the universe, that cannot be overcome by any amount of ingenuity.
(1) When you have several channels *in series*, the overall trustworthiness is determined by the *least* trustworthy link in the chain. But when you have several channels *in parallel*, the overall trustworthiness is determined by the *most* trustworthy among them.
(2) Anybody can build a cryptosystem that *they* can't crack. That absolutely doesn't mean *nobody* can crack it. You need rigorous mathematical proof of uncrackability.
Crypto software unavoidably has to trust the user not to do anything stupid; but if it trusts no-one else, then it's as trustworthy as the user. Making it easy for the user to do stupid things (such as exposing keys to tampering via the clipboard of an untrusted GUI, where any rogue application could read a private key or substitute a public key) potentially renders it less trustworthy.
Anything that's worth doing is going to be hard, and unfortunately the corollary is also true.
Re: Not saying PGP is perfect
The whole point is that you don't *have* to trust the key server, or any server in the e-mail chain.
Andrew Tridgell and Skype ?!
I hope this particular combination bears fruit.
Remember Ernie Ball
The NHS would do well to remember the tale of Ernie Ball and his "ten thousand abacuses" comment.
My suggestion is to do the following:
1. Have the NHS petition for the annulment of copyright in all Microsoft products they are currently using. If the USA can retroactively and in defiance of their own written constitution assert claims for copyright over works which have passed into the Public Domain, then Britain can retroactively place into the Public Domain copyrighted works which are the subject of ongoing lawsuits.
2. Use the time thus bought to begin a complete migration to Open Source software.
The NHS is a big enough organisation to have its own in-house IT department, which could then subcontract itself out to others during the slack periods which would inevitably follow such a move. This would create local jobs for local programmers, who would then contribute through local taxes directly into the local economy, Local employees tend to eat in local restaurants, drink in local pubs, buy goods in local stores and take their families to visit local tourist attractions -- and, by virtue of their gainfully-employed status, are not attracting the attention of local law enforcement.
Of course, it would be essential to take a holistic approach to such a task. A full ground-up systems analysis needs to be made, and procurement policies need to be written to ensure that equipment purchased in future must be sufficiently well documented to enable interoperation with an Open Source infrastructure -- which means first and foremost no obscure, proprietary file formats; all data must be stored in a way that allows any sufficiently-competent programmer to extract and manipulate it. At the same time, a full workflow study woukd enable the identification of shortcomings in the existing proprietary products and suggest improvements to be made in their eventual replacements.
I am not saying this would not be an enormous task; far from it. But in the long term, it's got to be better for everyone if we keep money circulating in the local economy, instead of sending it abroad to enrich foreign billionaires.
That would be CASHTEL -- Computer Assisted SHopping by TELephone.
You just needed a modem, a terminal emulator and a credit card. And somehow I got let loose with all three .....
Re: Hmm .....
Looks like patching from where I'm sitting .....
I smell an attempt by a proprietary software vendor to discredit Open Source software.
Would they resort to this sort of tactics? Undoubtedly.
I'm keeping an ear out for what the OpenBSD folks have to say about this. They are one of the few development teams I trust, and they don't distribute crap; if something isn't fit for OpenBSD, then they either patch it or drop it.
Don't. E-mail is dying in the water anyway. Within five years, it will be unusable thanks to the spammers and the hackers. There will be private e-mail server appliances for communication within offices, but that's about all.
If you want to communicate with people, you need a mobile app. Someone will put out a cross-platform Open Source construction kit, sooner or later, that will enable the creation of mobile apps that basically retrieve data over http that you might once have e-mailed ;and display it, with good integration to the phone's applications such as mapping and phone calls, very easily (address object with direct integration to the phone's address book, latitude and longitude properties, and direct map access methods; telephone number object with validate and call methods); most of the bits are already there.
In future, instead of, say, e-mailing a spreadsheet of sales leads to your customers, you will publish something like a stack of vCards, each with addresses that can be called up on the map and phone numbers that can be dialled with a single touch; and the app to retrieve and make use of the data will be automatically generated, for whatever target architectures you select, along with the database schema and the customisation of scripts for the server. And if the phone app just happens to write a .CSV file to the SD card, so much the better .....
Re: Ken Hagan
Publishing details of a spent conviction would surely be contempt of court, though; even if the material were deemed not to be libellous because it were true?
A fine line
There is a fundamental, irresolvable conflict between the right to know and the right to keep secrets.
Ideally, there would be circumstances in which a person should be obliged to make decisions as though they did not know some fact. So the offence would be committed not by, for example, looking up a spent conviction of a job applicant; but in using that knowledge to discriminate against them. In real life, it's impossible temporarily to forget something, and that knowledge might very easily influence someone's judgement.
This is exactly the sort of thing that it is proper for the courts to decide.
Re: Come on, it's not hard
When you have an ISDN30 (thirty B-channels and a D-channel), you get 30 numbers with it; but those numbers are not locked to individual B-channels. Anyone else who dials any one of those numbers will send a call up some available B-channel, and you can identify a call going down any one of those 30 B-channels as any one of those 30 numbers.
You change your CLI by means of D-channel messages (in Asterisk, the dialplan command is Set(CALLERID(num)=.....)), but BT will only let you identify as a number that actually belongs to you.
I have never actually worked with ISDN2 lines, but would imagine it is at least broadly similar.
An analogue line doesn't give you any access to the D-channel (and there is no in-band signalling anymore; it was the advent of ISDN that finally put an end to the Blue Box), so you can't change the CLI.
Come on, it's not hard
On the BT landline network, you are definitely only allowed to use caller IDs that belong to you. I happen to know this because we once had two ISDN30s; and due to an administrative cock-up, they were ordered in two different names. So the presentation number ranges we had paid for were effectively locked to one or other of the line groups.
So our Asterisk was asking for what should have been a permitted ident; but if the call happened to get routed over the wrong line, then the ident got silently dropped, with the call coming through as anonymous.
This was, as you can imagine, a 'mare to troubleshoot. It only even became obvious when we started running afoul of anonymous call barring services even despite supposedly setting an ident on every outgoing call .....
It's already possible to produce baby mice by using genetic material taken from a female mouse to fertilise a mouse egg. Humans aren't sufficiently different from mice for the same technique not to Just Work, if tried in humans -- the only thing standing in the way, is those pesky ethics boards.
So, we could still see an all-women society -- and I'm not even sure that would be such a bad thing.
(Before any insecure men downvote me, I am absolutely not suggesting that any of you need die of anything but old age to bring this about.)
Re: Lack of SD + KitKat 4.4 == good idea...?
If someone whose primary business was getting rid of mice started a sideline renting out houses, it's a rather safe bet that those houses would not have cat flaps .....
Re: Like, oh, 95% of the people on the planet
They don't have to do that unless they want to sell their phones in the USA. Mathematical operations aren't patentable in civilised countries.
I find this interesting, but for a different reason.
Face recognition is just a special case of shape recognition. And the abstract mathematics underlying shape recognition is the same as the abstract mathematics underlying decompilation -- "this vertex belongs to this shape" is isomorphic with "this instruction belongs to this loop".
It surely can't be long now before someone comes up with a program that, given a compiled binary, produces some Source Code that will compile to the same binary. That is going to be the game-changer .....
Re: Pragmatic Actual Immanent 3-D Realities
5. In my house, anyone entering at 3am without my permission will exit in a body bag, I don't care how much mess will be left to be cleaned off the walls. I'm an anarchist, gunz don't scare me, they make me think harder and plan ahead.Life is always worth more than property. Unconditionally and without exceptions. The lowliest human life is worth more than the most expensive piece of property.
And that means the life of a burglar breaking into your home is worth more than the property they are trying to steal.
Re: Their web page is already snooping...
So, all you need to do is run a less-than-truthful™ DNS server, which tells spare ribs about Google Analytics (and others who want to track your movements) and various advertisement servers. Certainly makes El Reg bearable.
Re: Useful with a gaming rig?
The trouble with deionised water, to paraphrase Terry Pratchett, is that it doesn't stay deionised for long. It soon picks up enough stray ions to become conductive.
Re: @ A J Stiles (was: It's going to fix itself anyway)
Well, having felt the exhaust blast from a stack of stage amplifiers, I know you can run silicon a lot hotter than room temperature -- when you have big, hefty transistors switching a few thousand times a second. My gut feeling is that a processor, with tiny transistors witching billions of times a second, would be rather fussier about operating conditions. But I'm ready to be proved wrong.
As a northerner who thinks any temperature in double figures is shorts and T-shirt weather, I could do with a special protective suit for the office sometimes!
It's going to fix itself anyway
The thing is, this is all going to fix itself anyway, with or without Greenpeace's efforts.
Fossil fuels are becoming more expensive, while renewables are becoming less expensive even as government subsidies are withdrawn. A crossover is pretty much inevitable, and more probably sooner than later.
Electricity -- most of which ends up being turned into heat on-site -- is the greatest overhead cost for a data centre. As new data centres come online, they naturally will be equipped with the latest energy-saving measures such as solar panels, wind turbines, passive cooling systems and so forth (need the machinery really be cooled to human-friendly temperatures for the benefit of humans working on it, or could it run hotter with maintenance staff wearing special protective suits?), as well as ways to do something useful with the "waste" heat. (Some installations are already using that waste heat for growing plants.)
Also, somebody who is sociopathic enough to go out of their way to pay more for a product just because it pollutes the environment more than the nearest alternative, is sociopathic enough to use a less expensive, less polluting product and lie to their customers that they are using a more polluting product.
Because there are people out there who would seek to do you harm based on who you voted for.
If you feel comfortable advertising your political allegiances to the world, all well and good for you; but if not, then nobody is forcing you to.
Re: This is a bad day for Mozilla and the web
Not clever enough to keep his odious opinions to himself.
And don't let the door whack you in the behind on your way out.
ProTip: If you must be a queer-basher, keep it to yourself. Or if you do go around showing off socially-unacceptable behaviour in public, then you shouldn't be surprised when you find yourself no longer socially accepted.
Re: Sounds like a well executed plan
I first read that as "clowns with ties".
Actually, it still makes sense that way.
Re: Am I the only one ....
No it isn't*. Please learn the difference between a quantity and a rate.
(*) Unless it actually can deliver 20 A at 5 V. I'd still lay good money that it can't.
It's called "cutting your losses".
It's a shame that it has to come to an end; but at least Canonical are going to do the decent thing and release the Source Code for the underlying software behind the service. This means someone else will be able to carry on providing a service which ought to be a direct drop-in replacement, perfectly compatible with existing Ubuntu One clients -- and someone else will be able to improve upon it.
Democracy is too important
Democracy is too important to automate.
The beauty of pencil, paper and ballot box is universal comprehensibility. Everyone can understand how the process works and what can go wrong. This means everyone is potentially an election scrutineer.
The more you complicate the paraphernalia used in an election, the fewer people to whom it is comprehensible. And if you use any proprietary technology at all (thereby elevating a corporation's "intellectual property" above the democratic process) then you have effectively blocked all scrutiny of the process. Furthermore, even if the specifications, blueprints, wiring diagrams and software listings for any voting machines are published, there is still no way in practice to verify that all the machines in use in an actual election correspond with the published data.
Everyone knows how pencil and paper work, how they can go wrong and how to minimise the probability of anything going wrong.. An election conducted using pencil and paper will never be stopped by a power or communications failure. And there is no way to tamper with a ballot paper once it has been placed in the box.
There is no such certainty with an electronic machine, which relies on making unverifiable copies at every stage. And adding a paper trail does not change this; it is always possible for the machine to record a vote for candidate A whilst issuing audit documents showing a vote for B.
Electronic voting does not solve any problems. It only creates new ones of its own. We always managed without it until now; and we neither need, nor want it.
No jobs for you in the North West? MOVE.Yes, because anybody can just move house anytime, at a moment's notice and at no cost to themself.
What's the view like from up there?
It is quite funny listening to the politicos and church leaders going on about payday lenders and loan sharks. Those just the top of the iceberg - there is much bigger pile of "respectable" bloodsucking parasites who specialize in leeching from the destitute.Indeed. I have a long-standing phobia about utility bills, so my electricity is paid for in advance through a key meter. The money is in my supplier's bank account, earning interest for them, before the juice comes down the wires to me. And yet they would give me a discount for paying in arrears by direct debit.
That is exactly backwards. In fact, now I come to think of it, it's borderline disability discrimination.
Re: A waste of money
it's when you try to enforce it and a judge tears it up that you realise you've paid for something completely worthlessAh, if only that happened .... That would be a pay-per-view moment.
Or at least an excuse for a beer.
So, what do you recommend then?
I want a web browser, obviously; and I want the same Source Code and Modification Rights as I've grown used to over the years. (So not Chrome, Opera or IE, unless they have had a policy U-turn recently).
What does everyone recommend?
Re: Head to head
These are things you take into account at the time when you're migrating. What you probably need to do is take a step back and look at the bigger picture. And more importantly, concentrate on ends as opposed to means.
A spreadsheet with loads of macros in it is -- in all probability -- a horrendous bodge, never mind how many people are trying to do things that way.
Whatever is in the spreadsheet probably really belongs in a database; which naturally belongs on a centralised server in the office. And then you can replace all your convoluted macros with a few simple scripts in Perl, Python or your favourite language. Instead of e-mailing a huge spreadsheet around everyone and it quickly getting out of sync with reality, why not display it in a web browser, straight from the database server?
Re: Ubuntu Includes Spyware
So, use something else then!
Re: Head to head
You keep parrotting the argument that "you have to use the command line", which has all the hallmarks of superstition about it; as though somehow there was something wrong with that.
Seriously, what is so bad about the command line?
For me, the command line is simply a way of issuing a precise command straight to the computer, in a way that does not depend on the user's personal configuration options. In answering a question asked by a user, I can write "Open a terminal window and paste in the following:" and be confident that it will Just Work.
If I had to describe the process of clicking through various icons and menus, it probably would break if the user had altered their configuration from the default as shipped. It would also take a lot longer to describe the process.
Why do you think there is a difference between entering a quick textual command without making any pretence of understanding it, and making a long series of mouse clicks without making any pretence of understanding it?
Wordwise Plus on the BBC. WordStar under MS-DOS. Both used a similar principle, with commands to control printing embedded right in the text. Wordwise on the BBC even used a 40-column editing mode with automatic reformatting for printing; true abstraction of presentation from content.
Re: Testing or Polishing?
This is the fundamental problem with all software: it's released half finished!Indeed. Half of all half-finished software is secure underneath but takes a conscious effort of will to learn how to use. The other half of all half-finished software is easy to use, even easier to use badly -- and thoroughly insecure underneath.
One more year -- and then what?
Unless the NHS get a strategy in place to migrate to Open Source software, this is going to happen all over again when Windows 7 goes EOL, and again when whatever replaces Windows 7 goes EOL, and again when ..... Well, you get the picture.
The NHS is big enough to have its own in-house IT department; which could earn its keep by being subcontracted out to work for third parties, whenever things in the NHS are ticking along smoothly. And certainly big enough to insist on Source Code and Modification Rights as absolute, deal-breaking conditions of procurement.
Re: If he had worked for NSA
That's the new way of doing security: Wait for some honest person to point out a gaping hole in your defences, then blame them for it.
Re: Deiberately missing the point???
So it would be fair for the property owner to have to pay 25% of the interest, and pay all the maintenance and legal requirements (not insubstantial) and still pay off all the capital themselves?Yes, that is exactly what I am proposing. (Apart, of course, from the fact that it will all eventually be paid by the tenant in the end.)
If you intend to let out a property, then either you should have finished paying for it already; or you should expect to have to rent it out for longer than the 25 years it takes to pay off a mortgage in order to turn a profit. Houses are for living in, not making money out of.
But no, there won't BE any rental properties because your lovely idealistic idea of limiting rents to under the interest payments would stop anyone from being a landlord.All those properties currently being rented out at extortionate rents aren't going to go anywhere; the landlords will just have to cut their expectations and make do with a fair (by definition, cheaper than buying) rent. (Did I mention that I would make keeping an empty property a punishable offence?)
Re: Deiberately missing the point???
There will always be a market for cheaper rental acommodation, and so there will always be landlords willing to offer it.No ..... there won't.
The rich landlords will just crank up the rent they demand to as much as they can get. The Government will pay most of what they are asking, and the tenant will simply have to make up the shortfall out of money that they might otherwise have saved for the future. And all the resentment will fall upon the benefit claimant, not the person who is actually getting fat off this.
We need government intervention to ensure that renting a property never costs as much as buying it would.
Re: Somehow this came to mind....
Um, yeah, but now we have two things that didn't exist in Marx's time.
Firstly, we have a labour surplus -- more workers than jobs. And secondly, we have a new "consuming class" who, if they work at all, don't do anything so indispensable that anyone would notice if they withdrew their labour.
Re: Deiberately missing the point???
The point is that everyone sees a poor person claiming housing benefit; but what they forget is that every last penny of that benefit money winds up in the pockets of a rich landowner. And, Daily Mail scare stories ("How dare these poor people have nicer things than us???!!1!") notwithstanding, that poor person has no choice. They can't live in a cheaper house, because the rich landowners have already conspired amongst themselves to make sure there are no cheaper houses.
Instead of limiting the amount of rent that (rich) landlords are allowed to charge (I suggest a fair figure would be 75% of the equivalent interest, excluding capital repayment, on a 25 year mortgage on the property, reviewed no less frequently than every 2 years. A mortgage will be paid off sooner or later, but you can keep on claiming rent as long as the property stands), the government instead use a "monstering" campaign to make it look as though the poorest in society are idle, undeserving scroungers and so garner public support for limiting the amount of housing benefit that (poor) people are allowed to claim. Totally glossing over whose fault it really is that the poor can't even afford a roof over their own heads.
Another thing the Government could do, would be to make sure that not being connected to the Internet is no barrier to full participation in society.
Nobody should ever be dependent upon proprietary technology; and any technology upon which people have become dependent, should be forced into the Public Domain.
Such a hardware firewall is also trivial to bypass by yanking the main network uplink and plugging it direct into the router, unless your system is playing the role of broadband modem as well.Well, that depends how secure you want it to be ..... and for many people, unplugging and replugging an RJ45 cable is hardly "trivial". But try:
ADSL modem connects to eth0 of firewall machine. eth1 of firewall machine connects to switch, wireless access point and rest of network. The ADSL modem is configured in SUA mode, so it simply won't work at all if plugged straight into the switch; there needs to be a router in between. Its configuration page is password-protected; and restoring the factory defaults in order to get around the password protection will wipe out the ISP login and password.
If someone can hack their way around that, fair play to them. They probably aren't going to be too badly affected by seeing a bit of naked flesh anyway.
Re: The News
Sometimes I wonder if news organisations deliberately want us to constantly live in fear and paranoia of the world at large.You can stop wondering now. That is exactly what they want.
Perhaps they would be better off creating and selling such a hardware firewall (perhaps even subsidising it), so parents can have a plug and play option?You can construct a hardware firewall appliance entirely from scrap parts (you just need a motherboard, some RAM and possibly another network card if the mobo has only one RJ45; it's actually possible to run without a HDD at all, or with one of only a few GB capacity) and Open Source software, so it would not need any subsidy.
Get a bunch of unemployed people onto the case; and have them sort through scrap computers diverted from landfill and turn them into home firewall appliances. Pay them out of the fines levied on people attempting to dispose of the aforementioned computers in landfill. Job's a good 'un!
Instead of various misguided attempts to try to make the Internet "family friendly", why not just accept the fact that (1) it isn't, (2) it never has been and (3) it never will be?
There are plenty of places in The Real World where you can't take a child, and people generally seem OK with that. Why does anyone expect it to be different on the Internet?
Re: Why tie these people into the MicroSoft symbiosis.
Because there is money to be made.
Microsoft's thinking goes like this: Sell a person a fish, and you have sold one fish. But teach a person to fish, and you can keep on selling them expensive, proprietary bait and tackle for the rest of their life. Any beneficial side-effects (like, the people you taught to fish not being hungry anymore) are just a happy accident; it's all about making money. And your accidental-on-purpose failure to mention that there are plenty of other ways to get bait and tackle, possibly at considerably less cost and/or capable of catching more fish than the stuff you are selling, means they are in thrall to you.
What the Third World desperately needs is field-maintainability -- the owners of equipment should be the ones to determine whether it is worth propping up with spare parts or needs replacing at last. But field-maintainability is anathema to dinosaurs who are still wedded to the old economics of scarcity -- precisely because the inability to maintain in the field works in their favour.
- Product round-up Six of the best gaming keyboard and mouse combos
- LinuxCon 2014 GitHub.io killed the distro star: Why are people so bored with the top Linux makers?
- China building SUPERSONIC SUBMARINE that travels in a BUBBLE
- Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM
- 6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)