* Posts by bazza

1950 posts • joined 23 Apr 2008

Germany gives social networks 24 hours to delete criminal content

bazza
Silver badge

Re: This will be interesting and maybe nasty

@Tom Paine,

Taking CCNs from customers, even if they don't charge them, to verify identity - or any other method - would go down like a slurry-filled lead balloon with the social media providers, for obvious reasons. You can expect them to make that the very, very last resort.

Indeed. But it kinda shows how vacuous and frivolous the whole thing has become. These things really aren't Utilities (like water, telecoms etc).

We used to have paid-for services (Compuserve), there's no reason why such a thing couldn't be profitable today. WhatsApp used to be paid-for. Many argue that it was far better when it wasn't free.

0
0
bazza
Silver badge

Re: This will be interesting and maybe nasty

@Doctor Syntax,

One problem: credit card fraud.

Another reason to check one's statements... Besides, the new system would make it easier to ID the fraudster!

0
0
bazza
Silver badge

Re: This will be interesting and maybe nasty

@EricM,

No, the law "just" requires websites to hand over the IP address and time stamp a comment was posted from. It also requires ISPs to give out names and address of their customers based on that IP address and timestamp records to lawyers.

No credit card required. The lawyers get their names & addresses directly from the ISP - without a court order or any other due process.

Aha, well that's a "let off" for the OtT social networks, and a cost burden for the ISPs. I wonder how the ISPs feel about that...

Question is, how reliable that is? If it were to come to a prosecution, one wonders whether the combination of the social network's and ISP's records would be good enough to identify a user's identify beyond reasonable doubt. Given the poor quality of most ISP's systems it would be comparatively easy for a defence lawyer to argue that there is some doubt about the accuracy of the records.

And it doesn't work if the ISP is using NAT at their level (like some ISPs do to make IPv4 addresses go a bit further).

Anyway, it may not have to work very well. If there's a sudden rush of people being held to account for things they post, it might just lead to people generally behaving better on line.

That, combined with very high fees of up to 50M€ for non-complying companies nearly guarantees abuse of this legislation to curb all sorts of private, political or commercial critics.

So looks like using TOR will become mandatory for posting anything potentially controversial in Germany...

I doubt it. Justifiable comment is always going to be dependable, so long as it is backed up with actual evidence.

At least, we all need that to be the case, and German courts aren't noted for their irrationality. A proper court is never going to interfere with fair comment, subjective opinion, political differences of opinion, humour, etc.

Such evidence can range from actually having the documents, VHS tape, cinema ticket, log book, photos, whatever. And it would be unwise of a complainant to take someone on in court if it turns out they really do have the documentation to prove a claim. Doubt is better than the absolute certainty having taken a critical to court and losing.

Indeed, if people get used to the idea that they have to have documentary back up or some other unarguable justification before posting something like an accusations, embarrassing revelation etc, it might lead to fewer libel cases. Complainants would also know that the defending party would likely have taken care to prepare a strong collection of evidence to defend themselves.

Anyway, it's a good thing that if someone is simply making some unjustified dross up about someone else they get to explain themselves.

I do wonder though if there ought to be some guarantee of legal aid, to defend one's self in such cases. It would be very easy otherwise for someone rich to use their wealth to out-lawyer someone poor. The inquisitorial systems of justice are better for this, less so the UK, US, Common Law adversarial system.

1
0
bazza
Silver badge

Re: Enforcement?

No yank, this is just demanding that local law be respected, rather than everyone in the world being governed by Californian law. And if you can tailor adverts, you can certainly tailor content.

Social media was a mistake.

This may be the point in time at which the Si Valley outfits discover their free ride is over. Their only real way to comply with this new law and whatever it evolves into is to stop being free (they know who the users really are then).

That raises an interesting problem. Would you pay to use:

1) Google Search

2) Google maps

3) GMail

4) FaceBook

5) Twitter.

For me the answers are 1) hmm, maybe, 2) hmmmm, 3) no, 4) definitely no, 5) over my dead body hell no.

Even if I did pay to use such services, I would not want to be seeing any damned adverts, or be seeing any of my personal data being mined for advertising cues.

2
3
bazza
Silver badge

Re: Greetings from Germany

Is that's what's written into the law?!

Well, they're going to get that wrong sometimes, aren't they. €50million fine vs the ire of a deleted user... There's no contest, accounts are going to get deleted at the drop of a complaint email in their inbox.

1
0
bazza
Silver badge

Re: This will be interesting and maybe nasty

The only way a social network can comply with this part of the law is if they force users to actually provide accurate data when user accounts are created. The only practical way of doing that is to get a credit card number and take some money from it, to establish the useful identity through the banking system.

If they wanted to be a "free to use" network they could simply refund the money.

The networks currently have no ability to discover anything else other than IP address of users. They cannot translate that into a street address without support from the ISPs. And the ISPs in Europe are not allowed to give that information out without the consent of the customer, or a warrant.

So I think we may start seeing the credit card route being followed, which is certainly going to put a dent in the popularity of Twitter, Facebook, and YouTube.

Their biggest problem though could be deciding whether or not to agree to a request for identity revelation. That's a quasi-judicial role, so they may not be being asked to fulfil that role. Otherwise, if they got that wrong and they get done for breaches of the local Data Protection laws. Do it too slowly and there's a fine, maybe. I don't know how much compulsion has been put into this new law concerning identity - perhaps the networks are not being asked to act as judge, maybe they simply have to reveal identity if ordered by a German court. But the biggest step in this would be what obligation the networks are now under to know the proper name and address of their users.

0
0
bazza
Silver badge

Re: Pssst

John Cleese (who may have invented the line in an episode of Fawlty Towers, he certainly used it) tells a story of being recognised in a German airport, and some large German repeated the line back to him whilst laughing his head off. Apparently it's one of Cleese's fondest outcomes from the whole Fawlty Towers thing.

I think we underestimate their capacity for appreciation of Properly Funny Stuff!

9
0
bazza
Silver badge

Re: Enforcement?

Germany doesn't care one way or the other, so long as it has the desired effect in Germany.

It's relatively easy for a website to serve content based on IP address, which would allow them to serve content accordingly. So the networks can easily pander to differing "free speech" sensibilities around the world. The problem the networks really face is if this works in Germany, expect to see similar laws passed everywhere else too.

Another point; the article ponders how to enforce this against smaller networks that have no corporate presence in Germany. Well, I think they're less concerned about the smaller networks, they have less of an impact anyway. And they can still put out an international arrest warrant for the network's company directors.

3
1

NY court slaps down Facebook's attempt to keep accounts secret from search warrants

bazza
Silver badge

Re: Does not compute...

"Ah, you mean the old "arrest by appointment" the wealthy and famous seem to enjoy here in the UK"

Well, they're busy people (the police that is). May as well schedule it!?!?

1
0
bazza
Silver badge

Re: Does not compute...

"However, adding that the only party legally entitled to challenge the warrant is not permitted to be advised of the warrant is a non sequitur."

It's fairly normal for defendents' lawyers to challenge the admissibility of evidence during a case, where the admissibility is in doubt. Anything collected under a warrant that is later challenged and held to be invalid would not be admissible, and therefore would play no role in the case. If it was the only evidence the prosecution has, case dismissed, possible claims for wrongful arrest, wrongful prosecution, etc.

Judges don't just let any old tripe be presented as evidence to their juries, at least not here in the UK. Pretty sure American judges make such rulings on admissibiliy all the time.

It's not perfect - invalid warrants may have led to the violation of someone's rights - but there are (or jolly well should be) consequences for police / prosecutors / judges involved, a probable acquital for the accused, and likely a dose of compensation too.

1
0
bazza
Silver badge

Re: Does not compute...

@GingerOne,

"So if the Police had a warrant to enter your house and read post you have received from a friend of a friend (because they suspect that friend of a friend of committing a crime - you are as clean as a whistle) you would be happy for them to do it while you were out and without your knowledge."

They wouldn't have to. If I knew that a friend of a friend had committed a criminal offence, I'd phone up the cops and tell them.

Wouldn't you?

Or would you seek to protect the scumbag and prevent justice being administered? Obstructing justice is also a criminal offence, at least it is so in the UK.

If the cops want to read someone's mail, they'd get a warrant and take a look at it in the post office. Much easier. The old arts for extracting and replacing letters in envelopes still work.

1
0
bazza
Silver badge

Re: *uckerBerg does it again

There'd be a lot less of all that if it wasn't free. Free = effective anonymity (except in the most extreme circumstances), and some people behave pretty badly if they can get away with it.

If the services were paid for then user identity is something easily discovered, and that might cause users to behave better; the consequences of their nastiness would be more easily and efficiently dished out.

4
1
bazza
Silver badge

Re: Does not compute...

Well it's easy. They either already know because i) the existence of the investigation is public knowledge and they feel that it covers their own behaviour, or ii) they get arrested at some point.

It'd be a pretty silly legal system if suspects had to be publicly named in advance of their arrest and given a chance to hop it out of the country...

2
12

Ubuntu UNITY is GNOME-MORE: 'One Linux' dream of phone, slab, desktop UI axed

bazza
Silver badge

Re: When prototypes go too far

My BlackBerry Z30 has HDMI, and becomes a computer when one pairs it with a Bluetooth mouse and keyboard. And the USB2 port is still free for charging! The problems with UI aren't quite so severe as you describe for Android, but it's still not that great.

I've never understood the drive for UI unification either. I've always felt that the proponents of such an approach (MS, Canonical, etc) missed the point of the word "user" in UI.

6
0

Mac Pro update: Apple promises another pricey thing it will no doubt abandon after a year

bazza
Silver badge

Re: Is it too much to ask?

One of the problems Apple has is that the profit is in iPhone. So, wealthy though the company is, it still has to justify expenditure to the shareholders. Saying "we're putting billions into doing smart Mac Pros" is going for drive the share price down, because most investors would see it as a waste of money.

So if the senior management are renumerated in part with stock holdings, saying "let's give ourselves a pay cut" comes hard. The result is that they're always going to be slow to put funds into their line of workstations.

I think that this shows how little imagination they have these days. The PC market is dying because of Windows 10. There's a ton of people out there who don't want Win10, but there's no other choice (setting aside Linux for the moment, that's still not seen as a mainstream alternative). There is still a lot of people out there wanting workstations. Apple do not fill that gap with their current line-up.

If Apple did a well priced (something near PC prices), well spec'ed, smart but not extravagant desktop machine (e.g. a decent PC case, not some highly polished ultra compact expensive to make jewel), anyone who needs a workstation would flock to them. They'd be able to kill off Windows pretty easily. And they'd end up with a ton of customers they currently don't have.

5
2

Android beats Windows as most popular OS for interwebz – by 0.02%

bazza
Silver badge

Google is currently working on their own kernel to replace Linux in Android. Should they ever manage to pull that off all the apps written for the Android SDK will still run on the new OS, even without Linux underneath.

And with that, Android becomes even more proprietary, which hands Google an actual monopoly. They're making handsets too these days, so Samsung, etc (who are all now competitors to Google, not partners) will be told to go hang themselves, or pay up.

They're clearly not paying attention to the mood in Europe. There's already a couple of EU investigations into Google's dominance of search, Web advertising, and Android (Play Services). Proprietary Android would simply make it impossible for the EU to find in Google's favour, and might finally perturb the moribund US regulators into considering action against them too.

It's like there's no communication between the senior management in Google and stock holders. It feels like someone in control of the technical side of Google is driving this expansion towards a monopoly position knowing that for a brief time they will "own the world". That'd be a good time to sell the stock. Once the regulators get involved and start dismantling the monopoly, the remaining stock holders are going to lose out. No wonder some of their shareholders are suing the company.

4
1
bazza
Silver badge

I and probably many many others developed apps for android on Ubuntu

I started with with Eclipse and really loved it, but have since moved over to Android Studio.

You didn't think EVERYONE used Visual Studio did you?

Huh? Wherever did he mention Windows or Visual Studio?

Ubuntu=>PC just as Windows=>PC. You still need a PC to run Ubuntu, unless one is going to get some less mainstream hardware together.

The point is that almost everything about Android wouldn't exist unless people had cheap PCs capable of running the OS of their choice. Remove PCs from the equation and Android effectively ceases to exist. Whilst it may be possible to do some small amount of development on Android itself, no one is seriously going to set up an entire CI environment building the whole stack of Android OS and all its apps using Android phones to host it all. They use PCs, that's what they're for.

So if the world's PC manufacturers give up and stop producing them, from where are we going to get hardware to run Android Studio? There's some server-oriented ARMs coming out of Qualcom, AMD, etc. They'd probably make quite good workstation CPUs. No real sign anywhere of them being built into workstations.

But unless someone somewhere keeps the supply of cheap workstations (of whatever flavour) flowing, anyone who creates anything is going to be left high and dry. Which means the things that they create cease to be developed.

OK, so that's not going to happen. There is always going to be a big enough market, but it's going to be expensive. Fortunately if it becomes expensive to own a workstation (or host the virtualised equivalent), that's going to make it uneconomical to develop all those crap ad-stuffed free apps for Android.

Hackintosh is interesting. Quite a lot of the effort behind Hackintosh is iOS / OSX developers fed up of Apple no longer making workstations meaty enough to support the work they do. Apple don't even bother updating their workstation hardware, so people have cooked up their own. Laptops are all very well and good, but there's some jobs for which you need several screens, a ton of RAM, and a big GPU, things you generally don't get in a laptop.

The final irony is that Visual Studio is becoming a good way to do software development for Linux, Android, etc. It's significantly better than Eclipse. I can't speak for Android Studio, but Google would have to go at it pretty hard to make it the equal of Visual Studio.

8
1

Ford slurps 400 BlackBerry devs in smart car software push

bazza
Silver badge

Re: How Many?

Or to put it yet another way, it's a mature and useful POSIX OS that doesn't come encumbered with the GPL, so there's no copy left issues. If part of the car manufacturers business model is to include partial lock down of the infotainment system, the proprietary natural of the OS could be a consideration too.

3
0

Boeing and Airbus fly new planes for first time

bazza
Silver badge

Re: So a 5 meter increase in lengths delivers 38 more passenger slots?

Yes, in a 2-4-2 configuration as in the cattle class of the 787 this is what you get.

And that's before one considers that most airlines run the 787 with 9 seats per row, not 8.

Airbus with the A350 have been ever so subtle. It's about 6 inches wider than the 787 and is a slightly oval cross section, but that's all it takes to make 9 per row seating pretty good. Good for the airlines (they get their 9 seats), good for the passengers (they get a bit more room at the shoulders).

Airbus seems to have a thing about passenger comfort that Boeing doesn't. A380 is wildly popular with passengers, to the extent that Emirates cannot mix 777 and A380 on the same routes (passengers weren't buying tickets for the 777, they were always choosing A380). A350 is also pretty good, and done in a way the airlines cannot squeeze in a 10th. A320 is just a little bit wider than the 737.

787 has been turned into a sardine can, 737 is still a sardine can (always has been). The new 777 is going to be 10 across as standard which doesn't sound promising, that's what a lot of current 777 carry (the few that still are 9 across are apparently very nice!). Apparently Boeing are doing something to thin the insulation and lining of the airframe, so that might make 10 across OK.

10
0

UK gov draws driverless car test zone around M40 corridor

bazza
Silver badge

Re: "that buyers of driverless cars"

@Mage

There is talk of changing the design of aircraft autopilots so that that the human is more involved and thus able to correctly assess what to do (c.f. Air France over the Atlantic, the human intervention was the opposite of what was needed).

Indeed, it's already happened. The A350 apparently 'makes' the pilots do more flying themselves, though this is as much about mandating more pilot hand flying time in the operations manual (which airlines have to follow to be licensed) as any technical changes to the autopilot itself.

The same approach won't work with cars; people's driving isn't logged, monitored and regulated like a pilot's flying, and introducing such oversight isn't going to be an option. So I think with driving it's an all or nothing situation. Either we do all the driving ourselves (adaptive cruise control is allowed), or the car automation is perfect and does it all the time.

The difficulty for the self drive industry is as follows. A self driving system that is nearly perfect is more dangerous (in the long run) than one that is rubbish.

In the UK, roads are designed with driver psychology taken into account. We don't build straight roads anymore to stop drivers getting too bored.

3
0

Reg now behind invisible HTML5 Bitcoin paywall

bazza
Silver badge

April 1st?

5
0

Trump's America looks like a lousy launchpad, so can you dig Darwin?

bazza
Silver badge

Re: It's been looked at before, but its never been financially feasible...

It kinda depends. AFAIK the Ariane launchers are manufactured in France and shipped to French Guyana (apologies for spelling if wrong). Could be shipped elsewhere.

So the Australians would have to 1) be attractive to someone who has a shippable rocket, or 2) give them a good reason to manufacture it in Australia.

1) sounds easier, I suggest tax breaks, etc.

0
0

iPhone-havers think they're safe. But they're not

bazza
Silver badge

@BigAndos,

The big disadvantage for Android is that are two middlemen for most users between Google releasing a patch and a user getting it.

For most users yes, but there are some exceptions. BlackBerry are very fast indeed with Android updates. That, plus the other things they do (proper permissions controls, messaging Hub) are seriously tempting me.

Otherwise it is as you say - a lot of abandonware that's just sat there for the taking by any old piece of malware.

In fact it's only Google who got it wrong. Even MS got updates for Win phone right (there's a common hardware standard), BB10 is a closed ecosystem like iOS.

0
0

UK.gov confirms it won't be buying V-22 Ospreys for new aircraft carriers

bazza
Silver badge

Re: ->The V22 has a less than stellar safety record, bring back the Fairey Rotodyne

Or another one, didn't we used to have a very effective V/STOL jet fighter?

The F35's spec is far better than any Harrier, and it's weapons system is phenomenally good (it needs to be to make up for the [minor] lack of agility).

They're gradually getting it working properly, once it's finished it will be awesome. It recently came out very well in a Red Flag competition, knocked everything else out of the sky.

1
1

As ad boycott picks up pace, Google knows it doesn't have to worry

bazza
Silver badge

Re: They've taken the 'no' out of 'do no evil'

@DougS,

Google are definitely heading towards scumbag status...

The terrorist funding laws beg to differ. If there was a case to be made, Google would be the ones getting prosecuted, not their advertising clients.

Google should be the ones being prosecuted, but this is the Internet. Google can avoid having a prosecutable legal presence in a country where they are vulnerable to prosecution, but still sell advertising in that country.

The UK government in particular and European governments in general have form in passing novel laws to bring about a desired outcome it matters related to terrorism. For example back in the late 80s early 90s it was illegal for the press and media to report bomb scares on the London underground. That put a stop to the IRA phoning in hoaxes. In the UK it is illegal to fail to report someone to the police if you know they are preparing a terrorist act. People have gone to jail for that.

Such a law would be unthinkable in the USA.

I think Google and Facebook don't realise their American thinking won't always translate to Europe well. After the events in Europe and London I think there is a strong appetite for legal frameworks that begin to sort out the problem of extremist online content.

A law setting out a system of blacklisted Web sites where it is illegal to place advertising is not a big intellectual leap for most European legislators. It would get strong support in parliaments everywhere. And companies like Google would absolutely have to do everything they can to stay off that list. If such a law were ever put in place there'd have to be thresholds of reasonableness, but those are only ever going to be ratcheted one way...

That would be in addition to making Google, Facebook directly responsible too. Germany is already heading down that line slightly with Fake News.

3
0
bazza
Silver badge

Re: Excellent

No, it won't. The money goes where the users are. The users are on YouTube.

You're forgetting the laws covering the funding of terrorism. Basically it is illegal to put money into a terrorist cause.

Now, whilst a big advertiser can probably argue that it's Google's job to prevent their fee being directed to some jihadist's pocket, Google aren't doing that. Indeed, Google have been criticised by Parliament and Government for not doing it.

That casts a serious degree of uncertainty as to whether or not an advertiser making a defence in court "it's Google's responsibility" against a charge of funding terrorism. OK, that may sound ridiculous today, but Parliament is clearly heading in a direction towards advertisers being held responsible. What they have expressed recently as a moral obligation could, at a stroke of a civil servant's keyboard and Her Majesty's pen, become law.

The whole episode shows just how stunningly naive or cynical Google, Twitter and Facebook are being concerning the unsuitability of their American practises to doing business elsewhere. They are used to lobbying being effective in the US. It's far less affective elsewhere, especially in Europe.

Criminal Responsibility

It's like they're saying "you can't make us responsible for our content". The UK and Europe are very close to saying, "Well, let's see about that". Making Google's, Twitter's and Facebook's advertising customers criminally responsible for where their money ends up would do it just fine.

Such a result would probably kill advertising funded services outside the US. We'd be heading back towards the old (and successful) Compuserve model. With a paid subscription there is a strong identity trail between a user and their account, strong enough for criminal responsibility to be assigned quickly and easily to the user.

Personally speaking I think that'd be a good idea. Every wage earner in the UK is currently spending approx £150 per year via the price of goods in the shops to pay for online advertising (it's about £7billion per year). I'd quite happily pay that to get subscription mapping and search services that are guaranteed to have no adverts whatsoever, with no data slurp.

8
0

It's happening! It's happening! W3C erects DRM as web standard

bazza
Silver badge

Re: Oh, please.

@MNGrrrl,

Sounds like you need to quit the USA, come to the UK, go down the pub, put your feet up in front of the fire, have a beer (a proper one, none of this larger nonsense) and chillax. We find this soothes almost all of the world's woes. Solving them becomes a problem for tomorrow, not this evening. Perhaps the day after that. Bringing ones chums is optional, though by definition everyone else in the pub is a mate.

Have enough beer and even the price of beer stops being a problem.

5
0
bazza
Silver badge

Re: Oh, please.

The music industry went almost universally DRM free after an initial stint using DRM technology, so I don't see why it's impossible for the same thing to happen with the movie/TV industry as well.

That's true, but the consequence is that a lot of artists are being paid almost nothing by the likes of Spotify. It used to be the case that even musicians with quite small followings could make a living selling LPs, but nowadays it's hopeless. Selling CDs whilst busking is probably the only way to get a decent return for recordings.

The money now is in the concerts; you cannot digitise and stream the 'experience'.

2
3
bazza
Silver badge

Re: If you can see it or hear it

Indeed. If this extension is supported on Linux, and the Linux is using open source video and audio drivers, these can always be modified to allow copying.

I'm not sure DRM is intended to piss off customers (though it is annoying that it curtails what used to be 'normal' activities, like lending a DVD to a mate), I think it's primarily intended to annoy pirates!

3
1

New iPad revealed. Big price cut is main feature

bazza
Silver badge

Re: Same Old Tricks?

Because that's what they've judged to be the market value, or rather what the market will bear.

I know all that. I was really questioning whether Apple's view as to what the market would bear is accurate. The article itself refers to a decline in iPad sales, and a big part of the reason why is price. If Apple want sales to improve markedly, charging $130 extra for a variant that really doesn't do that much more is sending a poor signal to punters. Who wants to buy it when they know they're being taken advantage of?

Amazon are selling 4G USB dongles for less than £50. Wholesale price of the components is going to be, what, 10% of that, less if you're a big buyer like Apple?

2
1
bazza
Silver badge

Re: Same Old Tricks?

@anothercynic,

"bazza, primarily UK price differential = US price is tax excl vs UK price is VAT incl,"

Yes you're quite right. I wasn't intending to lay that particular point on Apple's doorsteps, other than they're another multinational which quite happily exploits the benefits of free trade and tax loopholes, whilst lobbying to prevent individual customers from benefiting from grey imports, etc. This distortion of the global market does no one any favours apart from the companies who can afford to wine/dine/lobby the politicians who make it the rules.

3
0
bazza
Silver badge

Same Old Tricks?

$130 price differential for installing a cellular modem chip? WTF?

Surely that's taking the piss. What am I missing here? Does that include airtime too? In which case it's arguably quite good value. Otherwise it seems they've swapped their habit of gouging the market over the price of flash for charging huge amounts for a $5 part.

It's also running contrary to what's going on in the cellular world. Data allowances are getting to be huge on even quite moderately priced contracts (I get 30GByte / month for £20). I can't remember the last time I bothered switching WiFi on on my mobile. And WiFi is slower than my cellular connection.

The WiFi ones are quite temptingly priced though, I could always tether it to my mobile, but I'm expecting the UK price to be higher :(

11
5

Android O my god! It's finally here (for devs)

bazza
Silver badge

Re: What do all these things do?

I seriously doubt that all of those services are there for the benefit of the user. 387 in Play Services alone? Given Android's role as a revenue generator for Google, there's going to be a lot of them there for the benefit of Google, not the user or the phone's battery life.

3
0

Fix crap Internet of Things security, booms Internet daddy Cerf

bazza
Silver badge

Re: I hope "the answer" isn't EVEN MORE gummint...

"I believe liability is all that's required. Make the producers responsible for the safety and security of their products just like we do with other industries.

I don't think that's realistic. There's nothing about IoT devices specifically that would warrant such liability being imposed on the manufactures whilst not imposing the same liability on Microsoft, Apple, Google, the Linux kernel development community, all publishers of Linux distros, etc. All software everywhere throughout time has come with zero guarantees of correctness, suitability, etc, including software on IoT devices.

I do not see there being any realistic solution to this problem. The manufacturers don't care because their sales are OK. The sales are OK because the customers don't care either. The customers don't care because when the hackers take over a device they normally take care to ensure that the customer rarely notices anything happening; once in control, some of them even apply patches to stop other hackers getting in. How thoughtful!

The problem may get solved if a truly big player (e.g. Apple, Google, etc) manages to get a decent ecosystem running that solves the problems of patching, updates, access control, etc. Trouble is that so far both Apple and Google have failed to enthuse the market with their offerings. They're probably charging silly money for access.

1
0

'Sorry, I've forgotten my decryption password' is contempt of court, pal – US appeal judges

bazza
Silver badge

Re: Actual case aside

This is just ridiculous. How could the judge have "found that Doe remembered the passwords needed to decrypt the hard drives but chose not to reveal them"? Obviously, he couldn't. He just assumed it, because of.... thought police?

There's also the sister's statement to consider. From the article:

Authorities in Delaware investigating the case already had a sense of the contents of the drives because, according to court documents, the defendant's sister had told police investigators "that Doe had shown her hundreds of images of child pornography on the encrypted external hard drives."

So unless she's making it up and the other evidence doesn't amount to damning, it seems reasonable to assume that Doe knows it's not in his best interests to unlock that drive. That's a motive. He's been ordered to unlock it, and has been sat in front of a computer to unlock it. That's an opportunity. And, as no one can read his thoughts, that's a means of ensuring it remains locked*. Sounds like the three elements of an offence...

* Until the NSA/FBI/CIA improve their capabilities. I'm just waiting for Trump to accuse GCHQ of being able to read encrypted US gov email. If he does that's "just got to be true", and perhaps they could help in this case, and someone in Cheltenham would need a pay rise.

1
12

Linux, not Microsoft, the real winner of Windows Server on ARM

bazza
Silver badge

HPC teams already use heterogenous hardware mixing x86 with GPUs because x86 hardly shines at parallel vector work.

Well, it depends on the workload. Xeon Phi is quite a big beast, and we'll suited to some workloads. As ever, it depends.

GPUs are problematic for some workloads. Their downfall is latency; they're (still) all about loading up some data, doing a lot of math very quickly, and then unloading the results. For some problems this is less than ideal. Machines like RIKEN's K is very impressive because they did so much to reduce data sharing latency in the machine, which gave it an unparalleled peak:mean performance ratio.

ARM chips already come with optional hardware acceleration packages, throw in FPGAs and GPUs and, at the right price*, the HPC crowd will be drooling.

Drooling, but facing a massive code rewrite!

If you look at some the biggest HPC installs it's obvious that purchase price is not that important.

That's mostly because the chips they use are the same (more or less) as gamers / server farms use.

It costs Intel around about $6billion to do a step in their design, and it's about the same for everyone else doing circuits that complex and fast (be it GPU, Ethernet switch, whatever). If Intel stops bothering, or if NVidia give up because we're playing games on phones instead of PCs or consoles, the HPC community would have to bear the cost themselves. The cost is enormous.

The only reason NVidia engaged with the HPC community in the first place was a reduction in PC sales.

5
2
bazza
Silver badge

This is huge. SBSA is the real threat to Intel.

It is huge.

It's also something Microsoft could have defined back in 2008 when they first acquired their own ARM foundry license. Had they done that (they even demonstrated Win 7 + Office on ARM) then instead of doing their level best to Utterly Ruin Windows by trying to be cool and down with the mobile kids by pushing Metro, Windows 8, etc (something that they continue to do to this day, plus they've added snooping into 10), we'd now be used to ARM servers and desktops, MS would still be top of the mountain, and we'd probably be happier with Windows too. Instead were seriously wondering about not bothering with anything MS at all.

Cock up.

This is definitely bad news for Intel, and by extension all current users of X86. That includes the supercomputer guys. Anyone who actually needs all that compute offered by Intel's biggest chips will be finding their lives becoming expensive. ARM is fine for what it's intended for, but a fire-breathing high performance general purpose CPU suitable for weather forecasts it is not.

Interestingly Fujitsu /RIKEN are contemplating ARM plus their own specialist extensions to make their next super computer. Expensive.

15
4

Git sprints carefully towards SHA-1 deprecation

bazza
Silver badge

Re: @Deltics

@Paul J Turner,

You end up with less bits (which you can pack to a fixed size) but there is only one possibility for the source file.

If you fix the output size, that's no longer ZIP or 7z or any other compression. The only way you could fix the output size is to pad the output up to a given size, and then fail with an error if the input were too large for the compression output to fit within that given size.

An interesting feature of a perfect compression is that the output bit stream is (if one did not know that it was a compressor's output) perfectly random.

You can even verify that by unpacking and comparing, which makes it a bit useless

I wouldn't say that was useless at all, at least not from the point of view of certainty. If you have a zipped up file, and someone else is claiming to have the same file, being able to do a bit comparison on the two uncompressed files is a mathematically certain test of equality in a way that is stronger than any hash test.

What makes it useless is that it's an inefficient use of storage and bandwidth, and instead we use a hash function to allow us to be almost certain of equality.

1
0
bazza
Silver badge

@Streaky,

Google's demonstration of a SHA1 collision was two valid PDFs which hashed to the same value. That's a lot harder to achieve than just two arbitrary, unintelligible byte streams that hash the same, but it has been achieved now.

It is a mathematical certainty that you could have two pieces of source code that compile and have the same hash, but it's still tremendously hard to do that.

3
0

Europe will fine Twitter, Facebook, Google etc unless they rip up T&Cs

bazza
Silver badge

Re: Long overdue

@John Brown,

As I understand it, that's not what is being asked of them. Germany in particular is asking that Facebook implement a proper complaints procedure which requires Facebook et al to actually act on said complaints in a reasonable time. Germany has posited 24 hours as reasonable.

Yes, that's certainly the case. But this, the criticism coming from the UK parliament, and various other things that are going on are all driving the situation towards a point where social media websites are liable for the content on their site. And if it goes that far (and I think it eventually will) then the sites cannot operate as they do today.

I'm sure Facebook et al will have a whole raft of "technical" reasons why it can't be done in 24 hours, but will probably claim they can do it 7 days. At which point Germany and/or the EU will demand 4 days and they'll probably all walk away happy, both sides feeling they gave a little and took a little from the other.

Perhaps that's what will happen, but the time thing is going to be critical. An item of Fake News running round FB, Twatter, etc for 4 whole days just before a general election could do tremendous harm. Especially if it is replaced by a similar item from a different account.

Anything that allows stuff like hate posts, fake news, etc. to persist for any period of time is simply going to result in further calls to stop it getting posted in the first place. And they currently have no way whatsoever of doing that other than 100% screening. The only option is deterrence, but there's no deterrence at all at the moment, especially for those posting something as "harmless" as fake news who can so easily hide behind a screen of effective anonymity granted to them by the site's unwillingness to demand true legal identity prior to granting an account.

5
0
bazza
Silver badge

Re: Good luck

Well, they've already fined Google quite a lot of money. There was, or is, a bunch of Google shareholders suing Google over the loses associated with that. There's also a criminal investigation into Google's tax affairs in France. And there's a separate inquiry information Google's gouging of the Android market through their control of Android due to the terms under which other manufacturers get Play Services. And that's looking like another few billion down the plug hole.

So there's no fear of chasing these American companies with their distasteful and exploitative terms and conditions.

12
0
bazza
Silver badge

Re: Long overdue

Long overdue indeed, and definitely heading the right way.

The problem for the companies is that that have no real way of policing the content on their sites. For all this talk of AI, filtering, etc. they cannot be effective at policing content unless there is a human involved in the process.

That means that for every single thing that goes up on Facebook, Twitter, YouTube, a human needs to look at it if the company is to be certain that the content is OK. For a Tweet, or picture, that's just a glance. For a video, well how long is the video?

In short, it's unrealistic for these sites to do 100% screening by humans.

Even if they focused on new accounts for an initial period before deciding that the poster was behaving, that just sets up a minor challenge for someone intent on getting dodgy stuff up on the site. Post a few pictures of bunnies, flowers, etc, wait for Facebook to lose interest, then start posting whatever you wish.

User Identity

The only way to really improve is to be able to truly identify site users, so that transgressors can be effectively barred. At the moment anyone who's account gets closed simply opens a new one and carries on posting. User anonymity (so far as the site operators are concerned. I'm not talking about one's public user name) is what allows users to get away with it.

But how can these sites identify users? Being 'free' means no real identity check.

Their only option is to become not free, to require paid subscription. If there is a financial arrangement with users, then there is a strong link to the user's identity too. Users wanting to post dodgy material are going to think twice about it, or wind up in jail.

That'll put a dent in their business model.

A subscription fee. Very Compuserve. Very AOL.

7
4

Friday security roundup: Secret Service laptop bungle, hackers win prizes, websites leak

bazza
Silver badge

Re: Permission

Well, the thing apparently has full disk encryption, so it's hardly likely to matter one way or the other.

Backing up a soft control (the no classified content policy) with a hard, reliable control (full disk encryption, if done properly) is perfectly reasonable. So long as the laptop was powered down at the time and not just sleeping, there's almost nothing to worry about.

4
0

Google borks Nexus 6 with screwy over-the-air Android 7.0 downgrade

bazza
Silver badge

Re: Move along nothing to see

Anyone who sideloads an OS onto their phone should be familiar with the risk of potential data loss especially when they okay the downgrade.

Hang on a mo, that's a pretty far stretch. Unlike a lot of other software companies, Google seemingly cannot make an installer that does version compatibility checks. I mean, not even Microsoft have pushed out an update that downgrades one's OS to a previous version by mistake. Which is a shame, there's a lot of people who'd like to go back to Win7...

2
0

Google borks its Drive Windows app – after pushing out unfinished buggy version to public

bazza
Silver badge

Re: Not just MS

Seemingly not.

Doesn't look like the Chocolate Factory have their A team working on this thing. Which is a bit odd.

If they wanted to be taken seriously as a provider of stuff for business, to have one major component of their offering (Google Drive) effectively useless on one of the major OSes for businesses (Windows) means the whole thing is not worth it.

8
0

Today's WWW is built on pillars of sand: Buggy, exploitable JavaScript libs are everywhere

bazza
Silver badge

Re: C

So long as it's running server side, why not!?!

0
0
bazza
Silver badge

Re: "Google may be OK with this but ultimately it's a big risk for them"

@LDS,

These security issue may prompt the two companies to "suggest" they become the library repositories, to "improve" and "warrant" their quality - albeit some antitrust body could object (an EU one, I guess...)

It depends on how they do it. If they do it for free, make it fully available, for the public good, in the manner of a beneficial dictator, then I think the anti-trust bodies would have no interest whatsoever. If they make it so that only Chrome does it and then only for code from Google, then I think the objections would come thick, fast and expensive.

If Google or Facebook made a case along these lines, I doubt that they'll be able to bring enough of the community with them. The world hasn't been able to fully expunge Flash. There's going to be too much stuff that's important to lots of people that doesn't fit in with a potential Google/Facebook vision of how things should be. We're in this mess partly because there has been poor standards, not much adherence to those standards anyway, and the whole thing is effectively nothing more than one global hack-fest of software putrefaction which somehow has come to be seen as hot, cool and modern. There's a lot of momentum to overcome. Conforming is not in every web-developer's mindset.

0
0
bazza
Silver badge

Re: "Google may be OK with this but ultimately it's a big risk for them"

@Tom38,

Right, but we aren't talking about reality at the moment, someone posited the thought experiment "If JS was to disappear, companies like Google would be up shit creek and they don't seem to acknowledge those risks".

It's more philosophical than that.

It's a bad thought experiment because either there is an equivalent language to replace it, in which case a Dart-to-new lang compiler would remove the risk, or that there are no more browser apps possible, in which case Google write a Dart-to-C compiler and deliver native apps.

The point is that "new lang" would also eventually succumb. The problem is that all interpreters / run-times, browsers, OSes and CPUs are mathematically certain to be flawed in one way or other. We as a species simply cannot generate provably flawless code or hardware, so it's not really an option. For example, until a couple of weeks ago everyone assumed that ASLR was a strong defence, but it got thoroughly trashed by a Dutch research group who showed that it could be unwound. In Javascript. In a Web browser. That's a major calamity.

Besides, we like fast-moving, new, dynamic stuff. To be provably secure means slow-moving, mature, never changing stuff. Shiny-shiny wins every time.

There's also the point that the introduction of "new lang" would simply expose a whole load of new-out-the-box flaws that will inevitably plague a new pile of code. Just like Javascript did initially.

The only sure solution to the problem of dynamic web pages is to forget about client side execution in the browser altogether, and replace it with a Turing incomplete remote display protocol for code running server-side. A bit like HTML used to be. A bit like X server protocol, and (AFAIK) RDP, VNC, etc. We're not very good at implementing such protocols problem free either (buffer overruns, etc), but it's a much easier challenge.

If we don't go down that route then we're condemning ourselves to having to re-write the whole Internet every time our latest Web browser client side execution environment becomes too dangerous to use. Based on our experience in trying to expunge Flash from the world, it'd be very hard to replace Javascript.

1
1
bazza
Silver badge

Google is perfectly OK with this. Any attempt to tackle this issue would go through more standardization of web development, and that would tie Google hands too.

Google may be OK with this but ultimately it's a big risk for them. No Javascript = big increase in costs for Google. If you take Javascript away, what of Google's empire is left? Android? Web based Google Docs, Maps, Search, Gmail, etc are toast. That's a massive part of their business. Google absolutely need Javascript to be safe and secure.

We've seen recently that Javascript can be used to unwind the ASLR of the Web browser, meaning that Javascript exploits could be made reliable. This study now shows that the anarchy of the Web can have real consequences. It's early days in the death of Javascript, but these papers highlight that Javascript is potentially hazardous, and no on eis doing anything from improve it.

If that's not on Google's business risk register, then they're not doing their investors any favours.

1
1
bazza
Silver badge

I don't think there's anything that we can do. But a big outfit like Google could show some leadership and do something and impose it. Very Microsoft. Very evil. Very necessary?

Google had better get on with it. Their entire empire is built on Javascript, and it's not too far from being deemed to be a massive security hazard. If that actually happens, and the world at large goes off Javascript like they have gone off Java, Flash, activeX, etc, then Google are in deep trouble. "Please run Javascript on our search page, please, otherwise those ads are going to be far less effective! And we'll do a native gmail client soon, honest.".

4
1

Forums

Biting the hand that feeds IT © 1998–2017