173 posts • joined Wednesday 19th December 2012 17:01 GMT
So I want to text Joe. First our devices need to attempt to determine which exact version of the OS each runs, over an open data channel. Captured by everybody from our mobile providers (warranty voided) to NSA (no-fly/extra security search/finer grained PRISM lists updated). Then, if the devices manage to negotiate capabilities, they need to exchange keys somehow, without worrying over MITM (eh? see the above). Only then encrypted messages can be exchanged.
Am I missing anything in this picture or is it as much a security theatre as any modern airport?
"Books don't require batteries" - Today, some do, don't they?
@Don Jefe: "what the fuck is a 'co-traveller'?"
I believe this is some NSA PR drone's not-quite-successful attempt to remember the term "fellow traveller" - http://en.wikipedia.org/wiki/Fellow_traveler. I'll leave it to you to decide whether it should be deemed ironic or frightening or both.
A major procedural lapse?
Not being an expert on American (or other) law, I'll stick my neck out and try to apply some common sense to the situation (I know, I know...). The guy is appointed by the court to regulate/watch over Apple's practices - fine. He is not an Apple employee - fine. However, Apple are supposed to pay his fee and expenses as a part of the adjudicated remedy - fine.
What is not fine is a) why the fee and maximal expenses are not a part of the judgement; b) why the appointed lawyer is allowed to subcontract the task wholesale to another party, even if it is his own consulting practice (if it were his consulting practice that was appointed to do the job I assume even Apple wouldn't make an issue, so I assume the appointee was a different legal entity). I would expect that if a court appoints X a regulator these two terms should be an explicit part of the ruling. Seems like a major procedural lapse.
Unless the omission is intentional and stems from a surprisingly developed sense of irony on the part of the court... Hmm...
Re: Ethernet? Really?
You don't travel much, do you? In too many European hotels only wired in-room connectivity is available.
LAN of Things?
Trevor, I am not an aquarist. I understand the drive to automate certain mundane tasks, but can you explain how an internet connection is essential for that? As opposed, say, to a command and control server (read: PC?) that, I imagine, someone like you has already? Did you mean home LAN connectivity by any chance?
Will the future products default to providing genuinely useful functionality inside a firewall?
US, UK, China, Russia, NORKs...
... and you expect me to believe that the French didn't bother?
@obnoxiousGit: "I along with many others am genuinely interested in why you can't opt out of Google."
You may not have a Google account or an Android phone, but your emails end up on Google servers because you communicate with people using GMail. You also browse, and even if you never use Google's search you still wander, perhaps unwittingly, to sites using Google services and collecting information in the process (e.g., via Google Analytics). Thus Google can still guess your age, sex, tax bracket, interest in S&M, and other useful things with a significant degree of confidence and serve targeted ads to you. All this without you ever having agreed to their ToS or browsing to google.com.
You can go a fairly long way to protect yourself in a multitude of ways. That's not opting out though - mostly it's taking active measures against the effects (ads and analytics), which is a totally different kettle of fish. Do all that, but the uneasy feeling that some info is collected by the do-no-evil company will remain.
In this sense Google are much more pervasive, IMHO, than Microsoft. This is not so much due to them being inherently more evil, but to the difference in the main business model. It is easier to avoid Microsoft (I have, for most of my career), than Google. Blocking ads and 3rd party analytics is simpler, and if you do, it may even make Google less interested in you (spammers are not interested in the non-gullible part of their audience, either). That's still not an opt-out.
"Such attacks are extremely rare in the People’s Republic, in part because of the huge resources it devotes to monitoring its citizens..."
Oh, now I know why such attacks are extremely rare in Western democracies as well... Really, El Reg, that is the reason?
@solo: "NSA should put sat-video surveillance"
Picking a nit: that would be NRO, not NSA...
Personalized price tags?
Will the beamed price tags depend on how much the fanboi/fangurl is likely to spend today, based on an analysis of past buying habits? Will fanbois/fangurls start comparing the offers while in store? Who will clap harder: the one with the lower price or the one with the higher (presumably the more valuable customer)?
uses a smart phone ... as the remote control unit.
Seems a lousy idea to me. What are you going to do when the smartphone is ringing? The sound needs to be turned off or the volume needs to be reduced, but the phone call pushes the response/reject screen on top f whatever the phone was doing. Fiddling with the bloody phone to adjust the volume or mute while it is ringing is the last thing that I want to do.
I have all the sound in the living room go through one high quality receiver/amplifier that is connected to a good speaker set. The receiver has a remote which I use to adjust the sound regardless of the source of the signal. I definitely don't want a bunch of stupid apps on my smartphone for that. Moreover, the remote has a multitude of options and settings related to sound that no 3rd party ersatz is likely to match.
Not sure this is so impressive, and this is dangerous...
It sounds to me like the system does not really "recognize" cats or anything else. It groups together images that it thinks are similar. So it lumps >80% images of cats (I looked up one of the inked earlier stories) in a single category, and it *looks* to a human that it "recognizes cats". But (again, by a quote from an earlier story) it has no notion of "a cat" - all it does is clustering and classification (I dabbled in AI algos some years ago - clustering and classification based on a large number of parameters is commonplace all over AI and in neural networks in particular). Various cats look alike and are different from dolphins.
A for shredders, Quoc V. Le didn't say whether the sample included images of objects that look like shredders but aren't (rectangular garbage bins with lids viewed from an angle that makes aspect ratios look similar?), did he?
Now, can NSA sift through all the comms metadata they have collected so far to identify the TRAITOR who will tell SkyNet what a resistance fighter looks like? Oh, wait, most likely it will be THEM who will rat us all out, eh? They are probably programming the machines to recognize armed men on hilltops as threats right now. By the time the machines take over someone will realize that the cluster labelled "terrorists" will make grabbing a rifle and heading for the hills to save humanity not such a good idea. Especially at the 51% confidence level in the configuration file...
They had some cash to invest...
...after shorting the stock of office furniture companies.
Re: I feel your pain...
Hmm... In my experience problems like that are usually resolved by enabling cookies till the end of the session. Never saw this in any manual though.
Loss of minimize would not be a big issue for me as I practically never minimize anything - I just spread windows across multiple virtual desktops. People's habits vary though, so IMHO any decent desktop environment should allow the user to add minimize to windows, globally or per application.
I do use maximize often, all the variants of it - vertical, horizontal, and to the whole screen.
Luckily I am not a GNOME use - I hope KDE will not copycat.
"permission to warn people who are under online surveillance"
isn't that everyone?
Does anyone else find the AT&T 1994 ad actually impressive? Electronic books, in-car satnav, a tablet sending a fax from a beach? In 1994?! Amazon was just incorporated in 1994[*], in-car satnavs were not commercially available (in the US?) until 1995 (Magellan?), things like Newton existed but I don't think sending faxes wirelessly from a beach was feasible[**]. Easy to dismiss all that as trivial 20 years later, but it was quite a vision back then.
[*] Had to look it up, so googled "Amazon" - could not find the river anywhere in the 20 results on the first page... Sad...
[**] Maybe paired with a satellite brickphone? I have fond memories of hooking a Nokia and an iPaq via IR on business trips, but only around 2001 or so.
There used to be www.fufme.com some 15 years ago, just in case no one remembers. I suppose archive.org should remember it - go back to 1999 or 2000 (mildly NSFW).
Oh, hell, for the lazy:
Re: USA FREEDOM Act.
Actually, it seems that they intentionally created this acronym to mirror the PATRIOT Act that the proposed bill is intended to balance. It is not such a terrible idea in the context (I wonder if anyone has a bit of mockery in mind), thought the original PATRIOT acronym was dismal and if this becomes a habit or tradition... well...
"It ignored restrictions painstakingly crafted by lawmakers"
Never attribute to malice what can be adequately explained by stupidity... I am willing to make an assumption that Congressman Sensenbrenner did not have universal surveillance society in mind when he drafted the PATRIOT act. I will also give him credit for realizing it was a mistake (or so it seems). But it was his mistake, and he should honestly admit it. The act was anything but "painstakingly crafted" (if it were then what NSA has been doing would be illegal), rather it was hastily and sloppily created, obviously with no clear thought given to what it allows, how the language might be interpreted (and the language is the only thing that matters, the intent matters not at all), and what the potential consequences might be, especially in the worst case scenario. This is not how legislators are supposed to create laws affecting hundreds of millions of people (and that's not counting the billions who wish America well and are punished for it).
Now, Congressman, do say "*I* f..ked up. I intend to fix my mistake. I learned my lesson. I will be really careful this time around." Your voters will respect you more for that.
Not the same PFLOPs
While the scalability and the cost and the technology to schedule and manage a huge number of tasks are undoubtedly impressive it does not seem directly comparable to the Top500 supers. The Top500 rankings are based on the Linpack benchmark - those are massively parallel MPI jobs with lots of in-job communication between the processing nodes. That is completely different from running an awful lot of (mostly? totally?) independent jobs on disconnected or at best loosely coupled resources in a cloud and summing up the total FLOPs, which is what I think these guys did. I doubt very much the Amazonian beast would do well in Top500 tests.
Once again, the above is not an attempt to put down these guys achievements. It's a note to El Reg to point out that apples are not orange and that petaflops are not born equal. The rumour of the imminent demise of the Top500-oriented parts of IBM and Cray may have been greatly exaggerated.
Move to Israel?
Will it taste better than the wines and spirits I usually enjoy? How will it pair with different kinds of food? Will it enhance my anticipation of a delicious dinner as a good aperitif is supposed to do?
While it can be argued - and accompanied by vigorous hand-waving - that "the sensation of alcohol" may help, say, a freer flow of conversation and maybe some other social activities at the dinner table, such an ersatz does not seem all that compelling to me.
Confused by Netflix
I know of Netflix and I know it is not available where I live. I got curious though (>30% of US web traffic seems worth a bit of casual of curiosity) and I went to their website. I could not find any information regarding the content they provide, or anything about how high the "low monthly fee" is, or any link to ToS, or any hint AT ALL why I might want to use their services and pay them money. I naively expected to be able to check if they have content that might interest me, how expensive it is, basic kind of stuff. No such luck...
Is it "your IP address does not seem to be American - go away now" or is a normal person really expected to hear of it from a friend or an online forum, sign up for service, and provide credit card details as a leap of faith?
It is counter to my principles to express an opinion on a paper I have not read, but my principles are not as dear as the article itself - I am not going to pay dozens of dollars for access. All the same, I must say the basic premise as reported sounds suspicious to me.
So some 25 years ago there was a scare about an "ozone hole" over the Antarctic (there is a few per cent variation in moderate latitudes, but it is nowhere as frightening). I don't recall ever seeing a *convincing* explanation why the effects of human industrial activity - CFCs, halon, etc. - are the only ones to reach the stratosphere (the amounts are small compared to other sources, but it is argued that they are the only ones that are important) and magically concentrate over the South Pole. The depletion was soon seen to be seasonal - Cl, NO, etc., are supposed to be much more effective in "polar stratospheric clouds" that form in winter - I am still at a loss as to how the supposedly increased radiation penetrates through those clouds though. Anyway, discounting this last puzzle the Antarctic supposedly gets a few per cent more UV because of that, small change compared with the natural variation of incident UV over the globe (with latitude, not related to ozone at all, etc.). Not that it stopped the "OMG we will all be fried alive by this deadly UV!!!" panic among the vacationers who kept flocking to places with several times (!) more UV than at their main place of residence to get a tan. "This is more radiation reaching Earth hence more global warming" typically does not point out that only a very small fraction of solar spectrum by energy is blocked by ozone (UV is just a few per cent of sunlight, and most of it is UVA).
So now this paper says that a predicted *global* effect is not observed because we "fixed" a problem no one seriously said was related? Just a curious factoid: a couple of years ago the Arctic ozone hole reached a record level (problem fixed, eh? IIRC in the Antarctic any effect of the "fix" on the ozone hole has not been detectable with any statistical significance so far - unless this article says otherwise), which is attributed to really cold winters in recent years, which in turn are said to be related to global warming in some unspecified way (huh?).
Enough to colour me sceptical in this particular connection at least.
Knowledge is power
Hmm... So Apple want the information to be only available from their own web site and not through third parties? Is it conceivable that they consider the information gleaned from tracking who checks iPad Air availability in Junction city, OR both extremely valuable and very confidential?
Hmm... The Windows logo on her behind... Yes, it drew attention... No I do not mean the logo... And no, I was not quite sure it was not an upskirt shot, but if it was it only asserts Microsoft's 1st Amendment rights... Right?
the limits ... are something worthy of debate
Those limits are the only thing that is being debated. Everything else in your post is a figment of your imagination.
Redefining "reading" is not the biggest problem
In my mind redefinition of "reading" is not the scariest thing about the current situation. Far more serious is the fact that the slurped information is stored indefinitely, without your permission or, until the Snowden era, knowledge. [Yeah, yeah, we all suspected - we are not a representative sample.] This means that this information can be reused at will, accessed by either algorithms or humans, and practically inevitably open to abuse.
Redefinition of "reading" becomes practically irrelevant once the information is stored in a persistent form. Were your mails, search queries, news items you click on, etc., processed by algos in real time in order to create some short-lived (!) statistical "profile" for ad targeting, and were the actual inputs deleted after processing, it would not be as big a problem.
While users agree that Google store certain information (hard to imagine mail, calendar, contacts, etc. be useful otherwise), I suspect that the vast majority of people don't realize how much information is stored (search queries, news items clicked upon, location from mobile devices - obvious to us here but not to John Q. Public), or that it is stored whether or not one signed off on ToS or created an account, or that i can be shared with 3rd parties. And the government having it all without a warrant is an altogether different kettle of fish, indeed.
אמת (truth) would be appropriate and consistent with most Eastern European traditions. It is also a safe design - being a Reg reader you will appreciate the built-in "stop button": erase the first letter (א) with a wet cloth or whatever works on clay and you get מת (dead) - the usual way to "deactivate" a golem.
No need to thank me - I'll get my coat before you start QA.
Only Catholicism has scientific foundation... Only in England...
<<The Hebrew word translated here as "dust" can also mean "clay">>
Sorry, but no, it cannot. The Hebrew word is עפר, which means dust (also as "remains", in the "dust to dust" sense that is obvious in the context), dirt, soil, or earth, but I am not aware of any "clay" meaning ("clay" in different contexts is represented in Hebrew as טיט, חומר, חרס). "Clay" seems to me lost - or, rather, acquired - in translation.
I don't know how much one can blame the later influence of the Prometheus myth. Though the latter pre-dates the first translation of the Old Testament into Greek, Septuagint, by several centuries, the Septuagint (made by Jews) also says "dust".
I checked the English version of the Jerusalem Bible and the King James's version - both say "dust", not "clay".
As for the Quran, it offers different hypotheses in different places, and makes some attempts to reconcile them by suggesting they occurred in stages, etc.
Thus the newest scientific hypothesis agrees only with the *English* Catholic Bible (e.g., the Italian text says "polvere" and the French one - "poussiere", both words emphatically - strongly suggesting small particles rather than an amorphous substance - mean "dust", not "clay") - the only one I found that uses "clay".
"Elop lacks the track record
in the kinds of massive business change shareholders want to see..."
Hmm, am I to understand that the shareholders do not want to see the kinds of massive business change that he does have a track record in, eh? Because he does have a track record in massive business change...
What's the problem?
Looks like a lot of shouting over a perfectly normal situation. Stock options are a kind of compensation - for the corporation it is an expense just like the employee's salary is. Your salary and benefits are deducted from the company's income before calculating taxes (I gloss over payroll taxes here). You, the employee, get taxed on salaries and benefits. Nothing special here.
To clarify, the company's expense occurs when the option gets exercised - basically the company gives a share worth $X to the employee (executive or not) who pays $Y, where Y < X, so the company incurs a net "loss", and the employee benefits. Executives get taxed, generally when they sell the share for $Z and realize the profit or $(Z-Y) - this is no different from buying a share (at exercise) and paying capital gains. Non-executive employees or contractors or consultants who get "non-qualified stock options" are taxed at exercise - $(X-Y) is taxed as regular income - and later when they sell the share - $(Z-X) is taxed as capital gains. Executives may get their "alternative minimum tax" (all the companies mentioned are in the US) triggered at exercise as well.
Bottom line: whatever the details are the income is taxed and expenses are deducted, and overall the "transactions" related to compensation are taxed - I absolutely do not see what is so special in this case. Everybody is free to scream that whatever is not taxed today should be taxed, and whatever is taxed today (the usual situation) should be taxed at a higher rate. Point is, any attempt to present this situation as fundamentally abnormal is total bulls**t, IMHO.
Disclaimer: I am not an accountant or a tax attorney.
Re: Is there anybody who approves of this?
"How often do you take your phone or tablet apart?"
Even if you never do, wouldn't you prefer a technician to be able to open it and swap some insignificant (or significant, for that matter) broken part in a matter of minutes and at a cost or a few currency units, rather than throw away the whole device?
To say nothing about planned upgradability.
So they tested the system before launch
roughly as well as Obama prepares to important international meetings?
Re: So something like $400M-$500M has been spent on this website....
"If you have other information, please let us know."
If you insist... CNN quote $174M invoiced so far with more bills coming.
CBS quote much higher numbers including partial breakdown for states that decided to build their own "exchanges":
CGI only did a part of the work on the system.
The $500M figure was previously quoted by El Reg - maybe they can disclose the source for the number.
Most likely you'll never get a straight answer from either US government or reporters.
Re: @Moof (Is this really an IT issue?)
@poopypants: Not arguing quality of medical care or convenience or defending the Merkin system or anything, but I strongly suspect you delude yourself if you think yours is free. Not knowing where you live I'll venture a guess that you pay your taxes in one form or another. A fairer statement is that you do not know of-hand how much your health insurance costs.
"All you need to do then is provide your public key to DM encrypted with their public key"
But how will I know it is theirs?
You are still not paranoid enough. And in this case you *know* they are out there to get you... ;-)
lawyered out of his asylum
No need for weird laws: I don't know what he signed or did not, but IIRC Mr. Putin has publicly conditioned the grant of the asylum on Snowden "stopping to hurt the US". It is not a stretch to consider his testimony in the matter as "hurting the US".
IMHO, even if he testifies over Skype or equivalent he should first get written guarantees from the Russian government that his asylum will not be revoked.
I hope the presentation was as fascinating as the topic deserves. I found the slides rather boring, however - except one that I found curious.
I wonder what the context of slide 24 was. The slide title says, "Official Statement of Russian Federation Regarding Internet Policy". The only remotely related sentence in the slide is what looks like a headline from a western newspaper. There are two screenshots of what looks like Twitter feeds. On the left we see an apparently genuine account of "President of Russia," in English (nothing on Internet policy, though). On the right is an obviously fake but seemingly *much* more popular Russian-language account. It is obviously fake - multiple (intentional with a hint of crudeness) typos including the account name ("Persident Roissi") and handle ("KermlinRussia"), tweets include informal slang that a government source would hardly use, and the contents certainly do not look appropriate for Presidential communications (I am fluent in Russian).
Without attending the presentation, it sure looks like Lt.-Col. Hagestad did not do his homework while preparing the slides - inexcusable for a "leading expert", IMHO
Sir Spoon: This is exactly the solution I have in mind, all I am saying is 1) it is not SMTP-based; 2) key exchange is still an issue.
Eguro: I did not mean that DM will generate your keys. Of course you will generate the keys locally. However, how will you know that you are giving your generated public key to DM and not to NSA-in-the-middle, who will give *their* public key to DM pretending it is yours? [Assume that the CA that signed DM's SSL certificate is suborned.]
Then I will send you an email after getting "your" (really, NSA's, but DM tells me it is yours) public key from DM and encrypting with it. NSA will intercept the mail, decrypt it with their private key, store somewhere in Utah, re-encrypt it with your real public key that you were so kind to provide, and send it on its way to you. None of us - you, me, or DM - will notice anything.
Just when the galactic-scale hangover ensues is not explained.
Isn't it obvious? Thursday, of course, the next morning after you find out about the new bypass.
I looked at the blog post. The big item there is a bar chart of satisfaction scores (1 to 5) for 13 channels, based on a sample of 395 respondents. Facebook is at the bottom with 3.54. The top score is 3.84. Basically, all the channels surveyed are so-so and none stands out. Error margins are, unsurprisingly, not provided. Besides, no support is given to the assertion that FB is to blame rather than the marketeers who don't know how to deal with it.
Not to provide any endorsement or apology to FB, but in this case it sure looks like Mr. Analyst pulled his conclusions out of his ... erm... hat?
Doesn't that mean that the metadata - who emails whom when - will still be in the open? I'd say that any system that aims to provide privacy should recognize that this is way more important than encrypting contents. It is certainly possible to send encrypted emails around today, without Dark Mail.
A private system would encrypt the SMTP envelope (or equivalent) and upload the whole message (with the envelope) to a server, encrypted. The message will then be delivered to the recipient from the server, with the envelope still encrypted, possibly with a random delay to thwart correlation analyses. This way all that is leaked is that both sides communicate with Dark Mail servers, which is not ideal but better than SMTP.
Will there be a special client that makes encryption/decryption (including recipients' key retrieval) transparent? For what platforms? [This is still for the reckless - the mildly cautious will encrypt/decrypt on an air-gapped machine, right?]
The big problem, with or without Dark Mail, is key exchange, of course. How will I know that I am signing up to Dark Mail and not to NSA-in-the-middle? No, SSL cannot be trusted in this matter. Yes, I realize that NSA will have to fool Dark Mail, too, e.g., to read emails of lots of people they will not be able to access the servers from a single IP address for too long. I have to assume they are smart and resourceful, though.
Bottom line, looking forward to that whitepaper, even if out of pure curiosity. El Reg will report, right?
"check out plans and find out more"
but not join? Just out of curiosity, does it mean that it serves web pages but has a problem with DB transactions when people attempt to sign up, does it crash because it can't even serve up the information, or is the problem in the business logic tier because the available plans are so convoluted?
$500M, eh? Once you do manage to sign up the actual medical care is first rate, I hope.
Applying Dilbert's law of market segmentation
First sell to rich idiots. Then you can use the profits to up the volume and lower the prices and really reach the mass market.
- iSPY: Apple Stores switch on iBeacon phone sniff spy system
- It's true, the START MENU is coming BACK to Windows 8, hiss sources
- Chinese gamer plays on while BMW burns to the ground
- Pic NASA Mars tank Curiosity rolls on old WET PATCH, sighs, sniffs for life signs
- How UK air traffic control system was caught asleep on the job