Posts by Dave 189 publicly visible posts • joined 4 Jul 2007
from (I know it is not authoritative) wikipedia:
"Channa argus, which is native to northern China (Amur River), was introduced to Central Asia (Kazakhstan, Turkmenistan, Uzbekistan). It was introduced to Japan about 100 years ago due to fisheries motivations. Its introduction to Czechoslovakia by the government in the 1960s failed due to cold winters."
even the bleak (no pun intended) R Witham doesn't get as cold as Czech Rep
"To create an innovation hypercycle, a pseudo-arbitrary but finite number of Symbiotic Innovation Nodes are created. It is important to note here that the contextual competencies of the Communities of Practice within a SIN are deliberately symbiotic and it should further be noted that there is an absolute requirement for a representative (representative relative to organisational scope) socio-economic and capabilities mix to deliver balanced noetic product that has realistic implementation ..."
means:
"get the right people together in the same room, enough of the correct booze and other drugs, good music and then you're ready to parttttyyyyy! ! ! ! ! ! ! !!!! ! ! " (I think)
For Tim Lane: noetic = "of, or associated with, or requiring the use of: the mind". So: "Paris seldom finds herself in any noetic situation"
don't worry about ship motion
don't put the ship on stilts
don't steer the flippin' slug
map the wind speeds and directions between 'here' and 'there' up to 20 or 30 kilofeet
do lots of sums v quickly in a machine called a compooper (or summink like that)
shoot the slug on a high paraboloid trajectory with the initial aiming angles compooped to account for all the variables
PH avatar - 'cos she could have told you this!
You mean we are sending learner drivers to IOWA to take the theory part of the test????
Or has the DfT got a business model that says: 'send the details of theory test applicants to Iowa and throw it away there in the faint hope that noboby back home will notice'?
Inspired concept, but less than optimal implementation.
HMG should look at exporting all sensitive data to Kyrgyzstan where its subsequent loss would really really go unnoticed...
but Kilgetty was ported only to MT4 (no personal experience, but I gather it was a bit of a clunky b****rd to use)
Our MinDef wasn't quite accurate when he stated that MoD use something better than that available to us mere mortals. Currently the full-disk encryption for laptops processing up to RESTRICTED (pertinent level of Protective Marking in this instance) approved by CESG is AES@128-bit.
AES@256-bit is approved for downgrading SECRET to be treated as if it were RESTRICTED.
For higher levels of Protective Marking and for purposes other than full disk encryption CESG approved algorithms tend not to be public domain. In the lack of any evidence to the contrary, I will not provide any opinion about acceptability of security-by-obscurity.
A Govt Minister in charge of doling out the dosh feels the (natural for a politician) need to see some quid pro quo; in essence he feels that if he pays for research he should own the researchers.
Researchers are habituated to being owned, so no problem there...
The proposal by Edward Barrow seems initially appealing; unfortunately, the results of 99.9% (estimate) of all research is of litttle direct applicability to 99% of people's lives. Of that which is, or should be, of interest there is the issue of the accessibility of the findings.
If I may provide an example (copied from a pubished paper, rights of original authors recognised) that actually *should* be of interest to most
Anonymity vs Information Leakage in Anonymity Systems
Zhu & Bettati
Texas A&M
presented at IEEE International Conference on Distributed Computing Systems (ICDCS 2005),
The abstract reads:
"Measures for anonymity in systems must be on one hand simple and concise, and on the other hand reflect the realities of real systems. Such systems are heterogeneous, as are the ways they are used, the deployed anonymity measures, and finally the possible attack methods. Implementation quality and topologies of the anonymity measures must be considered as well. We therefore propose a new measure for the anonymity degree, which takes into account possible heterogeneity. We model the effectiveness of single mixes or of mix networks in terms of information leakage and measure it in terms of covert channel capacity. The relationship between the anonymity degree and information leakage is described, and an example is shown."
Attempt at a 'publicly accessible' abstract
"There are a number of different ways a web site designer can choose to tell you apart from all the other users of the site without using your actual identity. This research looked into a new way to measure how well these different ways work and how good they are at preventing sneaky unexpected leaks of information from these web sites."
To which 99.9% of The General Public will say: "and? ..."
twaddle. Pray tell how an incompletely populated distinguished name directory 'solves' secure-enough email problem??
And anyway, as the authors of the RFC for SPKI discuss (x.509 is the specification ofr the certificates used in a PKI):
"X.500 was to be a global, distributed database of named entities: people, computers, printers, etc. In other words, it was to be a global, on-line telephone book. The organizations owning some portion of the name space would maintain that portion and possibly even provide the computers on which it was stored. X.509 certificates were defined to bind public keys to X.500 path names (Distinguished Names) with the intention of noting which keyholder had permission to modify which X.500 directory nodes. In fact, the X.509 data record was originally designed to hold a password instead of a public key as the record-access authentication mechanism. The original X.500 plan is unlikely ever to come to fruition. Collections of directory entries (such as employee lists, customer lists, contact lists, etc.) are considered valuable or even confidential by those owning the lists and are not likely to be released to the world in the form of an X.500 directory sub-tree. For an extreme example, imagine the CIA adding its directory of agents to a world-wide X.500 pool. The X.500 idea of a distinguished name (a single, globally unique name that everyone could use when referring to an entity) is also not likely to occur. That idea requires a single, global naming discipline and there are too many entities already in the business of defining names not under a single discipline. Legacy therefore militates against such an idea."
and therein lies the rub - and perhaps the answer to Rich's question.
PKI is hierarchical - great for the military and those who work with them, it reinforces familiar (and comforting!) notions of 'superiority' and 'inferiority' - it specifically does not address the 'global village' appeal of insecure email.
A globally secure-enough email infrastructure based on PKI would require a huge single hierarchy (ultimately),a 'triangle of trust' if you will, based on certificates; no real performance penalty that anyone would notice, just an administrative nightmare. Oh! and the question of finding the ultimate head of the triangle in whom all trusters trust...
Mircosfot? doubt it!
*any* commercial organisation (why? on what basis?)
The UN?
Paris Hilton? (only reason for including avatar)
There are mechanisms for the distribution of trust that do not grow quite as quickly as a function of user numbers; there would still be the administrative issue around each user 'opting in' or not; the candidates of which I am aware (SPKI/SDSI) seem not to have been adopted in practise...
This committee of MPs concludes, inevitable given that they are merely legislators, that the appropriate response is *more* law.
They are, of course, completely right to conclude: "There is evidence of a widespread problem within government relating to establishing systems for data protection and operating them adequately"; the proposed response of adding new offences with associated swingeing penalties to the Data Protection Act is a knee-jerk 'shutting stable door after horse has bolted' answer that is sadly completely wrong.
The problem needs to be addressed by prevention. There already exists a vast body of guidance material and basseline security measures that is mandated for all HMG departments about how to "establish systems for data protection and operating them adequately" - it is called the Manual of Protective Security. All HMG departments are required by the MPS to develop a departmental security policy that captures the minimal baseline measures in the MPS the resulting departmental policy should then add measures tailored to the business needs of the department. All information systems are to be accredited (a process of 'permission to operate' based on some form of assessment of correct implementation of technical countermeasures and relevant and appropriate procedural measures) prior to being used. All systems in all departments are SUPPOSED to be audited, frequently (enough). There is a growing body of evidence that many HMG departments are rigourously and dangerously ignoring pretty much everything that the MPS requires of them. Clearly, HMG has not provided sufficient resource to enforcing adherence to the MPS, this is young Milliband's job at the Cabinet Office.
A previous AC has it correct in writing: "As I recall the problem with the HC3 getting it's full flying certification was that without knowledge of the software used (source code, documentation etc, so a very IT angle) no one was able to say it was safe."
The spec on Boeing (written by MoD) is the source of the f***-up, in that the associated Statement of Work did not require Boeing to accompany delivery of the kit with the relevant s/w documentation items that are needed for the safety and particulalrly software safety assessment processes. Without insight into the design of the s/w, the assessment processes could not start to determine if what Boeing had actually done was necessary and sufficient to meet the acceptance criteria for the whizzy avionics to be adjudged 'safe enough for the intended purpose in the defined operatonal environment'.
A bit of MoD yet again showing superb aptitude at taking aim, shooting and damaging their own feet. F***wittage of an outstandingly high level of achievement.
If TeeCee has grabbed EdificeOfShite, I hereby notify that FeatOfArse(TM) belongs to me. I reserve the right to make money by foisting inadequately specified, understood, designed, documented, implemented IT systems to enterprises too dysfunctional to detect this and too poor to operate them adequately.
Pace Mike Richards: I, too, wonder if NAO actually found 85% of systems designed to report on performance acceptable - seems a tad high. Or perhaps they have actually only surveyed ~23% of all systems...
UK Trade Invest have apparently done a lot of market sector surveys. The jokes are near endless on the 'automotive' sector page here:
http://tinyurl.com/2yxxmk
Seems we have good opportunities to sell cars to China, Poland, Czech, Hungary &c - erm...
aren't these the places that are making the cars we buy???
UKTI have completely and utterly failed to assess the UK's ability to generate Paris Hilton related foreign exchange, a national disgrace
there are a number of well-respected test suites for randomness available, here, here and here:
(NIST) http://csrc.nist.gov/groups/ST/toolkit/rng/index.html
(Diehard) http://stat.fsu.edu/pub/diehard/
(l'Ecuyer) http://www.iro.umontreal.ca/~simardr/indexe.html (in English)
(en francais) http://www.iro.umontreal.ca/~simardr/
there is (was?) a French development in the area of collecting entropy from modern CPU internal state, here:
http://www.irisa.fr/caps/projects/hipsor/old/HAVEGE.html (in English)
There are a number of hardware entropy generators, the performance of these varies, see here:
http://www.robertnz.net/true_rng.html
Also, go to Robert's home page for more stuff
MiNobleLord Drayson was - in truth - one of the very few compenet MinDP we have ever had - ever
For an insight into our proud history of helicopter silliness I heartily recommned Lewis P's book; essentially, the UK Armed Forces have exercised silliness since the damnations against common sense were invented
and yes! it was LP who started the "give everyone in Yovile half a million quid" line, I can only imagine LP has never been to Yovile...
Nicole Richie is getting married some time in the near future (date subject to adjustment, but I digress) and her old pal Paris Hilton resents not being the center of attention any more. So she dropped by and asked Nicole if she was really sure about the identity of the baby's father. Nicole has now removed Paris from the list of wedding invitations, but Paris is satisfied because she's got her attention and headlines.
I'm a Brit, but I am given to understand that Paris, France represents a more difficult challenge than Paris, Texas (AI vehicles probably don't need to swerve to avoid tumbleweed) and that Rome, NY is probably far too boring (traffic wise) than the capital city of Italy. The latter does, of course, represent Stage IV of the DARPA challenge (vehicles to ignore all traffic controls but stop dead on a dime as una bella ragazza crosses the road NOT at a crossing place).
Whom found Xen disappointing? Well, well - seems VMWare failed to read the F*@3$ng manual, misconfigured it and disappointed themselves.
See here: www.cl.cam.ac.uk/research/srg/netos/xen/performance.html
versus here: www.vmware.com/pdf/hypervisor_performance.pdf
the latter being a calumny, a disgrace, an outrage
that <any> stock is over-valued is a stock market problem...
virtualisation is a great, relevant, widely applicable technology; all these qualities are irrelevant to the fear, greed, avarice and loathing that are the touchstones of the 'stock market'
This Reg article is a well-balanced appreciation of the situation
There we go then, one major World problem solved at a stroke.
The sheer levels of inability and incompetence organisations that may have identitites such as CrapGemini, EDerS, NoSerco, CrapServiceCentral (! ! ! !) et al applied to conflict?
Let's place contracts on em all with the easiest-ever Service Level Agreements (e.g."a Level1 conflict must never be resolved quicker than 896 days at risk of a penalty payment to charity of $1 000 000 per day in the case of resolution earlier than required")
In the spectrum of technologies with potential military application there comes a point where 'camouflage' could be referred to as 'invisibility' by lazy, ignorant hack journalists. (@ 'Hate2Register') Lewis P included sufficient blindingly obvious hints in his reporting ofa Sun article to indicate that he understood full well the particular journalistic approach that had probably pertained.
I think the Brits have been in the forefront of camouflage research for a v long time; Project Dazzle attempted - sucessfully in many cases - to modify the visible signature of ships in WW1, years before the 'Philadelphia' episode.
Sympathise with the many commenters who have exprssed righteous indignation that military scientific research needs to be applied to the immediate situation of our troops today; situation IS improving, sadly too slowly.
@breakfast: apply for a research grant? You are WAY beyond that stage, you plucky inventor, you would appear to have successfully completed the 'Demonstration' phase and you should now receive Main Gate funding to put this wonderful new 'rock' defence system into Full Scale Production. Well done! We should all be encouraged that this selfless act of sheer genius with no thoughts of profit should flourish in a countrry constantly exposed to the horrors of lipstick/hairgel/lemonade trinary weapons.
@AcidBase: SATA cables are OK for HT leads so long as you have not fitted one of those Bosch oil-filled 'super coils'; the really tricky bit is getting a good crimped connection at the sparking plug end of the lead, tends to fall apart after 50 or so miles in my MkIII Defender.
Not sure what the Coward intended to convey with the phrase: "when you load 100 virtual desktops onto a server "
Methinks writer has a mental image of virtualisation that is more akin to Thin Client
Still trying not to completely stop all work in the office with out-loud gufffaws thinking about all those destroyed Chinese dumplings (wonton destruction); even 'wanton' as an adjective is not quite correct, as the original meaning is 'casual and unrestrained sexual conduct' until Franklin Delano Roosevelt used it to convey thoughts of 'without motivation or provocation'.
Phill's notes are great ! ! ! (except possibly #4, do hope you don't get caught)
Thad's scheme is great ! ! !
AMFM is not mental - he merely has an oblique form of XXXXpression
Client - side virtualisation will be the platform to support multi - level secure computing. Imagine a single box hosting 3 machines: #1 is the company confidential business / marketing environment; #2 is for not-so-sensitive business matters including external e-mail and #3 is permitted (by corporate policy!) to expose itself (oo-er!) on the Public Internet (and nobody cries too much if it gets 0wNed - killing & replacing being so easy). Corresponding multi - level secure Serverside architecture, of course.
... will security ever be taken seriously, even then only by those directly affected.
Conversely, the lizards have poisoned our water supplies so that we have complete confidence in all our procedures and the technology that we are all comfy accessing corporate sensitive data from a public wifi hotspot
Sadly, Lewis P has merged two completely different classes of device in his rambly article. EMP is easy to produce and does not suffer from the inverse square law. HMP is an order (or two) of magnitude more difficult to produce and does so suffer. There are people in UK actively researching both.
Popular media reference: in the George Clooney remake of Ocean's Eleven the English tech 'geezer' provides a brief disruption tactic by discharging an EMP 'weapon' to disrupt the electrical distribution system for a couple of blocks around the "Bellagio".
Wonder if this xoserve mob bothered to think about putting one together? Seemingly not, otherwise it would have identified being able to rollback as a fallback when Oracle, M$ or whomsoever's 'upgrade' poos all over their heretofore stable system.
Thankfully, in this case, it seems the business is forward capacity planning rather than must-be-done-Now transactions.
1. Straying off into religion / faith. Bush, Blair may or may not be driven by 'greed' (a term that may require further refinement); however, this does not mean that they are not also driven by their faith. They have both publicly declared that they are so driven. In my personal opinion people of faith who also seek political power need to demonstrate the intrellectual horsepower to *separate* the two - not combine them, as these 2 dangerous people have done.
2. Ken, when Morley Dotes writes, e.g. 'deny from 81.95.144.0/22' you can take it to mean 'block all inbound traffic from that IP range', i.e. 'blocking Russian IP addresses' will stop everything including 'you accidently viewing Russian web sites'. Blocking outbound requests also helps ;-)
3. Agree with AJ S when he writes: "The statement "requires Acrobat Reader" which often accompanies PDFs on web sites is just flat-out untrue"; however AJS's open-source advocacy (proselytising) needs also to be taken with a pinch of ('show the evalaution report!') salt.
Morten Ranulf Clausen's 2 facts are apposite; my suggestion to address his invitation to 'discuss the infrastructure to handle it' is the classic security engineering approach: Layered Defence (aka Defence in Depth).
Defence at the application layer (buy applications with a proven behaviour {admittedly, not universally available}). Defence at the network interior layer: appropriate corporate security policies (expressed, understood, monitored, enforced) about acceptable use, principle of least privilege, host-based intrusion detection and alerting, locked-down host computer configurations, network-based intrusion detection, heuristic analysis, automated alert & response, anti virus. Defence at the corporate boundary: firewalls (stateful, deep packet inspection), AV, content and application proxies. Defence at the ISP / service provider layer (duplicating all approaches already listed). Use a 3rd party service provider for mail filtering (perhaps).
Downsides?
A.It all costs a bundle
B. Will take everybody (everybody!) *years* to implement it all; especially the
"applications with a proven behaviour" & "defence at the ISP / service provider layer" bits - I admit that.
In summary: in the meantime - good luck to you all and plenty of work for me for years to come.
Let the buyer beware still apples, but this is based on the unvoiced "let the buyer be aware". Software is purchased by wonks in business organisations who DO NOT CARE or even bother to try to understand the distinction between open- and closed-source. The other category of purchaser is those who just want to get on t'internet to see PH's bedroom antics NOW! The remaining 0.00236% (us) understand your point and agree with you.
The correct economic incentive for purchasers in business organisations is to make the Purchasing Boss and all his team PERSONALLY liable for the cost of business disruption arsing from a published exploit.
The cake analogy could backfire...
M$ 'disclosure' would be along the lines of: "this software contains 5.7 % enumerated types and gives the user a wide range of rich application execution experiences" i.e. typically fatuous and unhelpful.
This A2 thingy is nowhere near as aerodymically 'ambitious' as the 'Fireflash' in Thunderbirds - no triple bank of 'atom engines' sat atop a Y-form tailplane.
Actually, this A2 thingy looks more like the Lockheed F-104 Starfighter, which "gained a reputation as a 'flying coffin' and 'Witwenmacher' (Widowmaker) for their high accident rate. In Germany and Italy alone, more than 400 airplanes were lost in accidents" - bodes well!
Mr John A Blackley has expressed the real points with great clarity; I just wonder why he thinks Bruce's 'position' restrains his articulation. Am I to infer that the acquisition of Counterpane by BT limits Bruce's freedom of expression? (not trolling for 'anti BT' flame wars)
Mr Stiles' evangelism of open source has overstepped the mark. Of course NO security 'solution' seller will reveal their source-code - it embodies proprietary algorithms! The points made by Richard are apposite.
awful - 1000 cuts, 25% - later on 18,000 members of a union
???
The best bit is: "Ministers, chiefs of staff and our most senior officials will lead this process by example and with greater direct accountability for areas and budgets."
are they all volunteering for redundancy?
I am a smoker. I am doing my bit to reduce the appalling strain on the NHS all the people my age who do not smoke will be placing on it by surviving to 123.
Accordingly, I fully anticipate being less of a burden on the national purse.
I claim my Dying At A Proper Age Rebate
(form DoH/Lun/001(c)-7i/reb/9j_smo\2(reb) refers, I think)
Colleague of mine is so relieved that this admission has come to light; he had got a little confused and admitted that some days he was struggling to down the entire 21 units 'ration'.
PH angle? The correct amount to drink is where you get to the conclusion that there might be some point to her existence - then STOP
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
