Posts by Pseudonymous Coward 39 publicly visible posts • joined 3 Nov 2013
Not that I actually do this, but I keep thinking I probably should: How about having a sizable amount of reasonably thorough tests (Continuous Integration style) for the whole of your environment, then test the patch in a TEST environment, if those tests all pass it's pretty safe to proceed with an automated update.
If the tests find issues with the patch, alert the admin (and in the meantime monitor if further incoming patches work better as a whole).
>> If possible, people should try to contribute to the existing project, and that's where the problem with OpenSSL lies: many users but not many contributors. Theo can have a big mouth and fork it, but that only shows nobody really cared or contributed, because the fork was because of the code, not the community.
No, the point of the OpenBSD developers was that contributions/bug fixes were not integrated into the code by the OpenSSL maintainers, or at least not in a timely manner:
"At this point somebody pointed out that bug 2167 had been known to the OpenSSL devs for years. One line patches had been provided, but no action had been taken." --> http://www.tedunangst.com/flak/post/origins-of-libressl
That's highly incompatible with the OpenBSD way of thinking:
"Our security auditing team typically has between six and twelve members who continue to search for and fix new security holes. We have been auditing since the summer of 1996. The process we follow to increase security is simply a comprehensive file-by-file analysis of every critical software component. We are not so much looking for security holes, as we are looking for basic software bugs, and if years later someone discovers the problem used to be a security issue, and we fixed it because it was just a bug, well, all the better." --> http://www.openbsd.org/security.html
So they forked.
> You have to remember you're talking about an organisation whos director knew so little about what they did and didn't do/know that he effectively lied to the Congressional oversight committee.
I thought he knew full well what was going on and purposely answered "no", later explaining that his "no" answer as to whether data on millions of Americans was collected had been due to a fascinating definition of the word collect from the "1982 Department of Defense Procedures Governing The Activities Of DOD Intelligence Components That Affect United States Persons":
"Collection. Information shall be considered as ‘collected’ only when it has been received for use by an employee of a DoD intelligence component in the course of his official duties….Data acquired by electronic means is ‘collected’ only when it has been processed into intelligible form."
In other words, when they only collect data and machine-scan it that doesn't count as collected. It's only collected once it's been used by an employee.
> name one person who's been arrested because of NSA, and who was not an actual spy or an actual terrorist.
"...the NSA shares information with a division of the Drug Enforcement Administration called the Special Operations Division (SOD). The DEA uses the information in drug investigations. But it also gives NSA data out to other agencies – in particular, the Internal Revenue Service, which, as you might imagine, is always looking for information on tax cheats." --> http://www.forbes.com/sites/jennifergranick/2013/08/14/nsa-dea-irs-lie-about-fact-that-americans-are-routinely-spied-on-by-our-government-time-for-a-special-prosecutor-2/
"We already know the NSA passes data to the DEA and IRS with instructions to lie about its origins in court—"parallel construction" is the term being used." --> http://www.theatlantic.com/politics/archive/2013/10/why-the-nsas-defense-of-mass-data-collection-makes-no-sense/280715/
"... shows how the NSA had a plan to use the porn surfing habits of certain people they didn't like to discredit them. [...] It's important to note here that the "targets" in this case are not US persons, and they all do appear to dislike the US, and some appear to have advocated for jihad against the US. However, as the report notes, most of them are not terrorists or even connected to any terrorist organization. They're just activists and advocates who have spoken out criticizing the US." --> http://www.techdirt.com/articles/20131127/00243625384/nsa-spied-porn-habits-radicalizers-planned-to-use-details-to-embarrass-them.shtml
Makes you wonder, does the NSA go after all tax dodgers they find or just the ones they don't like?
> WIMP GUIs have always been designed to provide neophytes a way to discover functionality for themselves and learn the keyboard shortcuts as they do so.
Not a good way, though. If every time someone pasted by clicking on a menu item a little Android-like toast appeared with "Control-V" on the screen, then that would have a better chance of teaching people.
Google Docs has a more intrusive popup that you have to click away telling you that you can use Ctrl-C/X/V whenever you do it via a menu time. That's showing you want people to learn this sort of thing (though in this instance a bit too strongly, I feel).
An obscure and more easily ignorable entry on the right of the menu as most UIs (including Windows) offer doesn't cut it for the majority, I'm afraid.
Also while I am to a degree in the same camp and do prefer to use the keyboard I am fully aware there are situations when I don't. Like when I don't have both hands free because (I know what you're thinking but...) I'm eating, holding my phone, one of my kids sitting on one of my legs. It's nice to have decent mouse-based alternatives then and it's nice if these don't radically change from one version of Windows to another.
> Well it wouldn't make sense for W8 to radically change and still be W8, really. W7 is essentially Vista with the problems fixed, but it makes more sense it is a separate version.
Agreed. Why fix the crap for free now when you can offer a proper upgrade later and charge handsomely for it.
> thats not really what i use HTTPS for, its protect the actual data i enter into forms
Suppose you indicate you have cancer and the page flow then goes on to ask you about a lot of details on that. The traffic might give that away. And any other amount of detail you choose to enter later, provided the pattern of traffic the app generates is to an extent dependent on your entries.
> Does a little piece of a PR flack die every time they write this rubbish?
I seem to remember people getting worked up about eBay "simplifying" their fee structure by significantly raising everything to 10% a year or two ago. I'm not an eBay seller so haven't really followed that, but if true that beats this Yahoo stunt by miles.
In any case couldn't agree more, this PR/marketing wish-wash is nauseating.
Thanks, David, I mostly agree but I haven't seen the press make the claim that GCHQ staff were out looking for porn chats to watch but if you generally take Reg Headlines as intended statements of fact then, fair enough, we do get close. Note that by that standard Lindsay must have been outraged to read "LOHAN gets intimate with 50,000 hot-blooded pilots".
> I'm not exactly a fan of Mr. Bryant's politics
This is not so much about his politics. I find it perfectly acceptable for anyone to be of the opinion that privacy intrusions as evident are a necessary evil in the fight against terrorism, I ask that we can somewhat respectfully disagree and debate.
But "Mr Bryant" (that's not, he says, his real name by the way, he's a pseudonymous coward, too) goes well beyond that and feels the need to ridicule and insult those who disagree with him. What's worse, he frequently misrepresents what posters state or goes further and claims they've stated stuff they haven't got anywhere near. And then he rains down more ridicule and insults on them on the basis of what he made up they said. I'm merely holding him up to the high standards he demands of everyone else. We're all the better off for it, don't you think?
As you see he's just established for himself that I've got a pimply bottom so perhaps it's not working. Sadly he tends to be more successful at dragging me down a level than I am at getting him to improve his game.
Oh and I'm not British.
> GCHQ were developing face recognition tools for the project because they were AUTOMATING the monitoring. Which means NO-ONE was watching you
I see. They did not (do they now?) have automated non-human monitoring and that in your mind proves that no one was watching anyone and the GCHQ warning to staff was... just for a laugh?
You're making sense to the extent you usually do, Matt. Good to have you back.
> so [the hacks] took the GCHQ warning to staff and blew it up into the ridiculous story that GCHQ staff were out looking for pr0n chats to watch.
I haven't seen the press make the claim that GCHQ staff were out looking for porn chats to watch. Indeed they quote GCHQ as classing that as "undesirable nudity". Give us a ref, where did the press claim this? Guardian? Register? Or did you just need to make that up again so you can find your own alternative reality more convincing?
Have an upvote, Matt, for managing to make yourself heard in the face of adversity.
I bet the GCHQ staff have been celebrating al-Masri ever since for now getting paid to watch amateur porn.
I take it in your considered opinion it is wholly appropriate for GCHQ to not restrict themselves to metadata and get right in there?
> It's been a while since we've heard from Mattie boy.
> Do trolls go on holiday? Or has he crossed one line too many and got banned?
Not banned per se but his constant abuse has earned him a "lengthy trip to the pre-moderation naughty step":
http://forums.theregister.co.uk/forum/3/2014/02/07/snowden_documents_show_british_digital_spies_using_viruses_and_honey_traps/#c_2107586
http://forums.theregister.co.uk/forum/2/2014/02/10/tuesday_declared_the_day_we_fight_back_against_nsa_et_al/#c_2109478
I wonder if he hasn't commented on this thread or if he's just had a dozen attempts declined because he can't restain himself when the subject is too dear.
>> People talk about how open source is safe because it's open. It's not safe unless you both read and understand it. Relying on somebody else to do that for you is the absolute inherent basic root of insecurity. If you do it yourself, then you can say it's secure but why should I believe you? Are you infallible?
> Oops, did I challenge the orthodoxy and ruffle some fanboys with those irritating facts?
Well, I haven't downvoted you but...
I don't agree with your claim that there's only value in open source being fully auditable when you entirely audit it yourself. The fact that everyone can and many do have a look and voice their concerns, from University students to security experts and that even I could if I wanted to do my bit, does give me a stronger confidence in the security of open source solutions than closed ones. The crowd-funded audit of Truecrypt is a good example.
I think your point does hold though in the sense that the necessary complexity of software and the lack of a large body of independent auditors and the existence of agencies such as the NSA and GCHQ who are actively working to subvert systems means that you cannot really trust any piece of software.
Given that, I feel more comfortable with open source. Not using software at all is not a really option for me.
If I remember correctly the code given out for review is not complete. You cannot build it, you cannot compare the executable/installer to that Windows DVD you bought, so the whole exercise is a bit of a joke really.
> I don't get the Whatsapp business model anyway. It seems to depend upon small details in peoples' phone contracts. Eg. like many people, I get free unlimited texts with my package
What I liked about Whatsapp vs SMS was that it's free across borders while international SMS still do cost money, the group chats came in handy every now and again and you can send pictures (better/cheaper than MMS) and sounds, all for the cost of 99 cents per year.
> but the delay in my posting a reply [...] is because the moderator decided that one of your sheeple buddies breaking forum rules meant I should get automatic extended moderation on posts. Hence the delay. Hey, I'm sure it made sense to him, no bias at all
Matt, I thought people here were only moderated for going against the House Rules not on the basis of a moderator's bias. And I thought they were rather generous with you, seeing how e.g. "Seriously, STFU and go do some reading you ignorant moron" directed at me in your post here http://forums.theregister.co.uk/forum/1/2014/02/10/tuesday_declared_the_day_we_fight_back_against_nsa_et_al/#c_2104958 has been allowed to stand.
One among many I thought generous gestures towards you. Sadly, I have to say though, since I find that drags the whole forum down since I find even myself more ready to make disparaging remarks towards you as a result (though I'll never get anywhere near your levels of vitriol).
How exactly do you think the moderator(s) is/are biased against you?
@BlueGreen, misquoting or just making up shit appears to be Matt's way of coping.
I'm somewhat entertained that the Urban Dictionary definition of "having your ass handed to you" offers up this fantastically well addressed example:
"Matt, having your ass handed to you a couple of times can teach you a little humility"
Not evading, Matt. Just trying to ensure that you do understand what it is that I have and haven't said. There's little point discussing anything further if you are intellectually incapable of following a conversation and are evidently not even making an effort to do so.
So once more:
Matt: "You insisted all your own emails and Internet activity was being intercepted and analysed, you stated this was an invasion of your privacy and trampled on your rights..."
Me: "Should be easy enough to quote me then. The stage is all yours."
Matt: "You have posted numerous times stating (a) your coms are being intercepted (you dribbled about your packets being analysed), (b) that the NSA and GCHQ activities cause 'harm', and (c) that you continue to maintain they are 'illegal' long after they have been shown to be completely legal."
Just quote where I said this and we can move on. I guess by now we both know you can't and are too embarrassed to admit to it.
Matt: "You insisted all your own emails and Internet activity was being intercepted and analysed, you stated this was an invasion of your privacy and trampled on your rights..."
Me: "Should be easy enough to quote me then. The stage is all yours."
Matt: "You have posted numerous times stating (a) your coms are being intercepted (you dribbled about your packets being analysed), (b) that the NSA and GCHQ activities cause 'harm', and (c) that you continue to maintain they are 'illegal' long after they have been shown to be completely legal."
Just quote where I said this and we can move on and discuss your favourite topic, Matt. What's stopping you?
The fact that I never did say all this?
It's neither news nor a surprise that you struggle to keep track, Matt.
> "....The stage is all yours." Oh, what, so you can wriggle out of answering the points raised yet again? You have posted numerous times stating (a) your coms are being intercepted (you dribbled about your packets being analysed), (b) that the NSA and GCHQ activities cause 'harm', and (c) that you continue to maintain they are 'illegal' long after they have been shown to be completely legal.
If I had it'd be the simplest thing to quote. Stage is all yours. Still.
>> When have I spoken of rights infringement or harm caused to me? You're once more confused as to who you are talking to, Matt. That's something I reckon you may have discussed with killakrust but don't take my word for it. Your homework to find out really.
> You insisted all your own emails and Internet activity was being intercepted and analysed, you stated this was an invasion of your privacy and trampled on your rights...
Should be easy enough to quote me then. The stage is all yours.
> So you want to admit terrorists like AQ are finding it hard to act in the UK due to it being "stable", but desperately want to deny that "stability" is due in any way to the GCHQ monitoring?
What I'm saying is that from a comparison of the number of terrorist attacks in Iraq and the UK "yesterday" it does not follow that the difference is down to that GCHQ monitoring alone if at all, so your point is nada. That's so obvious, it saddens me that you need this explained over and over again.
> And how you are still evading the issue of providing any proof of how your rights have been infringed and you have been "harmed" by the NSA or GCHQ actions.
When have I spoken of rights infringement or harm caused to me? You're once more confused as to who you are talking to, Matt. That's something I reckon you may have discussed with killakrust but don't take my word for it. Your homework to find out really.
It's quite simple and obvious, Matt. It's much easier for terrorists to operate in unstable countries with worse border control and higher levels of corruption such as Iraq and Kenya than in the UK.
That alone does suffice to make your comparison non-ceteris paribus and gone is your point. Your verbosity illustrates how much that bothers you but it does not detract from the facts.
> I said we would be suffering far more attacks. You have avoided answering the question as to why you think AQ have been unable to mount such spectaculars in the UK or US despite them being able to in such countries as Kenya.
Iraq or Kenya vs the UK are not exactly ceteris paribus comparisons, are they, Matt? Is the level of comms surveillance the only difference here or could other contributing factors be
- large numbers of Sunnis and Shias in Iraq keen to do each other's heads in,
- similarly tribal hatred in Kenya,
- a higher number of willing terrorists native to the countries, poverty possibly contributing to radicalisation,
- an influx of terrorists, weapons and explosives from other, often neighbouring countries vs relatively decent border control on this island and in any country with a bit of a budget,
- a less corrupt and better equipped police force,
- a better chance to effect whatever change they want to in an already unstable country?
The presence of US/UK forces in Iraq again is likely to have an influence all on its own, even without comms surveillance.
In a nutshell, your whole comparison is ludicrous and pointless to start with.
> So you want to try switching attention by suggesting spelling mistakes by highlighting a part of my post with no spelling mistakes?
I don't know why you get off on lakkeys vs lackeys but in this very post you certainly did. I thought I'd point out to you that many people struggle with always perfect spelling. I'll include myself in that. But what better example than you making a fool of yourself right in this article's comments by first taking someone else to task for a spelling error, then failing so spectacularly yourself?
> I mean, I can understand why you'd want to switch the topic seeing as you have lost the argument, but surely you'd want to do so by highlighting an actual error?
Those are actual errors, Matt. Yours. It seems ever so slightly delusional of you to think because you made them in a different post they are unreal.
I'm not sure how I could have lost an argument that I had no part in. It seems you started a separate thread in which you delighted in someone being prosecuted for attempting to sell classified material to the Russians and being caught. And you know what, I feel he deserves everything he gets.
And if I'm following you think that has implications for Snowden, presumably because - as you've previously made clear - you're convinced Snowden is a Russian operative and has been all along.
You're certainly free to believe that with all your heart.
> please do check your "Idiots' Guide to being a Revolutionary" for the correct spellings of such terms as lackey, Imperialist running dog, etc.
Spelling is your strength, isn't it, Matt?
"buzzowrds", "abnout" and "definately" from your post yesterday are surely now legitimate alternative spellings on their way into the Oxford Language Dictionary.
> Firstly, the GCHQ and NSA are NOT reading every email or Tweet or whatever means you dribble by, so the comparison is very obviously flawed.
Installing a camera in everyone's bedrooms doesn't mean they would be watched 24/7 either. So the comparison does hold in the very respect you criticise here.
And it's definitely, not definately, Matt, just like it's lackey, not lakkey. It's ok though.
Of course cameras in everyone's bedrooms would be an exciting opportunity for some thrilling LOVEINT.
> Secondly, if the security services do get a warrant to bug your house...
That's very different. Especially if it's a proper judge-issued warrant for a particular person. Dragnet-style surveillance is the issue.
I'm glad to see you at least respect your Mum, Matt. Tears in me eyes.
I don't like DRM either but to be fair this may have been in error:
>> Amazon blamed the removal on "a temporary issue with some of our catalog data" which it says has been fixed, adding that "customers should never lose access to their Amazon Instant Video purchases." It says the database error was unrelated to Disney's request.
One customer told the blog Boing Boing that the company gave him a different reason: "Amazon has explained to me that Disney can pull their content at any time and 'at this time they've pulled that show for exclusivity on their own channel.'" <<
--> http://www.theguardian.com/technology/2013/dec/16/amazon-disney-christmas-tv-special-prep-and-landing
> Just to point out that's not true - for instance recent benchmarks show that the latest Windows is faster at graphics and large file copies than the latest Linux Mint
Show me your evidence. Besides, what about everyday usage, they are all fast enough for business graphics and large file copies are not exactly a common occurrence.
And good luck installing a new Windows version on old hardware that doesn't necessarily had its drivers ported to the newest version. Old hardware is an area where Linux clearly shines while it often struggles on brand-new hardware since it takes longer for drivers to come through.
> IE has been the fastest browser on the market at time of release for the last 4 major versions...
Man, that is nearly as ridiculous as your (assuming it's both you) EUR 30 million claim. Note that none of this really matters, all current browsers are reasonably fast and compatible.
You need to stray from microsoft.com when educating yourself about benchmark results.
tomshardware e.g. concluded in June this year in their article "Chrome 27, Firefox 22, IE10, And Opera Next, Benchmarked":
- JavaScript and DOM Performance: "Chrome is the obvious winner [...] and IE10 clearly last."
- Start-up: "Firefox commands an impressive lead at just under three seconds."
- Page-load: "category winner: Opera!"
- HTML5 and CSS3: "IE10 close behind in third."
- Native HTML5 Hardware Acceleration: "Chrome 27 shows a small lead over Firefox 22 [...] Due to sitting out the WebGL testing, IE10 and Opera 12 barely rate."
- Memory Efficiency: "IE10 places fourth"
- Reliability: "IE10 places third"
- Security: "IE10 is in third place"
- Standards Compliance: "Chrome is yet again the leader [...] IE10 scores just 70%, earning a borderline C-."
No one but Munich can really tell us what it has actually cost. And no one can provide anything but guesstimates as to what it would have cost had they stayed with Windows. Munich obviously have an incentive to mark this a success while MS and their shills (hi, there, btw) have an incentive to call it a failure, I wouldn't trust either much.
Having said that I'd be surprised if the difference ultimately wasn't in favour of open source, and I'm delighted that Munich has done it. Freedom's priceless.
Also: I'm currently working at a large organisation that is still migrating loads of desktops from XP to Win 7. It's a minor shambles and every developer in my team had significant struggles with various parts of the upgrade, costing us quite a bit of time to get resolved. You'd expect XP -> 7 to be a pretty straightforward upgrade but the devil is in the detail.
> "......the washing hands analogy would be more akin to having a police with reasonable - and limited - powers." The powers of the NSA and GCHQ are already limited - they DO NOT READ EVERYTHING, so stop pretending they do just to satisfy your paranoid, victim-complex wet dreams.
They most likely do not read everything. It's just that when an NSA employee wants to find out what their ex-partner is up to or their current love interest, they'll happily have a look. Utilise your favourite search engine on the term LOVEINT.
And of course they cannot even protect their own data from Edward Snowden which they presumably cared about not having shared, how safe is mine with them?
That's just a couple of the problems with dragnet style surveillance.
If they find I'm hanging out with Abu Hamza a lot and a judge agrees that warrants a closer look into my communications, so be it. If they then find I'm actually just an author researching for a book on a related subject and the judge refuses to extend the warrant, all the better.
Other than that, my data should be mine to share as I see fit.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
