... it is not as if Australia was a major military ally and NATO member we have deep defence relations with.
Oh, err, hang on a minute.
S H I T
134 posts • joined 4 Jun 2010
... it is not as if Australia was a major military ally and NATO member we have deep defence relations with.
Oh, err, hang on a minute.
S H I T
Suppose that the user has some unsavoury aspects to their life, such as pornography, or that their computer gets confiscated by the Police or HMRC in the course of their investigations. They would access the entire storage on the machine, not just the user / owner's personal data. This could compromise client sensitive data.
Not a fan of BYOD, although I have to say that I wouldn't mind bringing in my own 4K display to run from the company PC, if they came down a bit in price (my eyesight is to what it use to be). Would that count at BYOD?
"It recommended "advanced users" edit the Windows registry keys to delete specific registry keys. There's a sharp warning: "Serious problems might occur if you modify the registry incorrectly.""
Really? And what is my 84-year old mother supposed to do? She's convinced that she broke her PC trying to use it offline, due, rather appropriately, to it getting messed up by Microsoft 'updates'. She is not what anyone would describe as an IT expert.
I sense a trip to the Apple store in the near future.
@Anonymous Coward > "UK voters may notice that the ballot paper has a unique number on it, and the person handing them out in the polling station writes down your electoral registration number on a list of other numbers. That makes me uncomfortable every time I vote. It seems an easy way for votes to be connected to individuals.(*) Perhaps someone more observant (or knowledgeable) could confirm whether my suspicions are correct or I'm being unnecessarily paranoid."
I believe that one of the powers of the Speaker of the House of Commons is the ability to authorise a check on who voted for whom in an election. This would only be in very exceptional circumstances, maybe where there is evidence or suspicion that votes were being procured in illegal ways, such as bribery or coercion.
As Tom Stoppard pointed out, democracy is in the counting of the votes, so a system where everyone can verify the result, rather than relying on an old Widows XP spreadsheet would be good.
The reason why close results were often sent back for a recount is that hand counting ballots rarely obtains the same result twice. In the UK, a re-count would mean that postal ballots would also be counted, as they were generally not included in the first count.
(* this is the most (only) referenced part of my own humble contribution on cryptographic voting schemes, no mention of my proposed scheme, or what one actually wants from a voting scheme, no, just the fact that in the UK votes are no necessarily secret, sigh :o( mutters on and on and on ... )
Have you seen the Russian rockets that get astronauts and cosmonauts to the ISS? They start on their sides and are raised into the vertical for launch.
It may be that the aerodynamics means that there is no need for such a large horizontal tail surface, and the central, payload-bearing, wing section may be strong enough to cope with severe twisting in bad weather.
If a paper trail is produced along with the electronic votes, then it can be used as a sample test of the veracity of the electronic count, as well as for any re-count.
Election observers could have the right to choose which machines' paper trails were collated with the electronic votes they registered. Of course with human counted voting, you rarely get the same numbers twice, and with machine counted voting, you are relying on the machines.
However, in the USA where politicians get to decide on the constituency boundaries (Gerrymander comes from a US politician's name, man who designed the constituency boundaries to ensure he got elected), the electoral system has other equally or even more serious problems.
At least in the UK we have an independent electoral commission, but how effective they are at ensuring fairness, I do not know.
"Why on all earth does a normal application have stuff running as root?"
No idea. When I was a sysadmin for a cluster of Sun Workstations (tells you how old I am), we had a graphics package call SunAlis. It had to run with root privileges, so once a user had sent something to the printer, only I could stop it, and it had the 'feature' that if a diagram got to over 2Mb in size (it was a long time ago), it crashed and you lost the whole thing.
Deleting it was a relief, and the only time I have, as root, actually typed in "rm - r *.*" and hit 'return'.
No update for my (still in use) iPhone 3GS either. :o(
But then I've not been able to sync it for several years.
Well now, some people who work in 'security' have some, how shall I put this, 'interesting' phone numbers and e-mail addresses for work. You know, like when they do work for the government and need secure e-mails for sensitive communications. Wouldn't want the USA government selling or otherwise divulging those to a commercial organisation.
Is there any statement on what the USA DHS can do with the information? I get enough spam already. As the USA has a lamentable history of securing the personal information of its own employees on its own computer systems, it would be interesting to see how much security they are prepared to commit to for visa applications. And as the USA is keen on enhancing its own cyber-warfare capabilities, I presume that permission would have to be sought from the owning authority before divulging the details to a foreign power. Unless, of course, it is only personal e-mail and phone numbers they want, in which case they'll just hack away at their leisure.
"Financial attackers have improved their tactics, techniques and procedures (TTPs) to the point where they have become difficult to detect and, challenging to investigate and remediate."
So THAT is Dilbert's TTP project. I always wondered.
(I'll get my coat.)
So, I got 'diamonds' and 'nitrogen' (a friend told me it is easier to make diamonds in a Nitrogen atmosphere, but then you get Nitrogen embedded in the diamond), and 'lasers'.
The rest was, well, I'll just finish watching Zardoz shall I?
It s possible to have a form of key escrow which allows for message recovery without key recovery, BUT it is convoluted and expensive.(*)
I have two rather fundamental issues with the idea of deliberate backdoors in the algorithms (in addition to the ones listed by the august and intelligent readers of El Reg., of course):
1 I do not trust every member of the government apparatus not to use my backdoored credentials to impersonate me.
2 I do not trust all future politicians not to sign search warrants for the escrow agencies (something not considered the first time around by the civil servants in the late '80s / early /90s)
(* My paper on this languishes as yet unpublished, but hey ho, maybe it is time to dust it off.)
He pardons Bernie Madof and makes him head of the SEC.
when I wonder how HMG ever manages to procure a working IT system at all.
Too often the bidding or procurement processes or management of the transition are handed over to contractors or consultants who therefore have a conflict of interest when they should tell their client that what is required is to stop and think about what they want to achieve, and to sack the contractors and not start again until they actually have a good idea of what it is they are after, and how to get it.
At one (previous) employment I was informed that the job of the consultant is to determine the client's budget and spend it. (That was a serious statement by a senior manager, not facetious in any way.)
<Sorry, rant over.>
I read the requirement for the Secretary of State to consider the technical feasibility of the requirement to remove electronic protection as allowing for strong encryption without a backdoor. The text in the Act quoted in the article does not seem to me to require CSPs to provide only encryption services with a 'backdoor'. So if there is no feasible means of decrypting the data, that would be a defence,
Of course, in that case the CSP may then be considered to have deliberately frustrated the powers of a Secretary of State by providing strong encryption without a backdoor. But then the CSP could argue that parliament included the feasibility statement to allow for technical considerations of whether something is in fact possible.
The first few test cases may be interesting.
(Now where is that article form those nice people at Pincent Masons explaining the whole thing?)
I could be wrong, but I was under the impression that here in the UK (soon maybe not to be the UK, but that is another thread) the Data Protection Act gave people the right to know the algorithms they were judged by when decisions were taken by 'computers'.
My own CV is not the problem - I interview really badly :o(
"So long, and thanks for all the fish."
<I'll get me coat.>
What we need right now, is some good old 'statesmanship', from frankly, ANYBODY.
There will not be a second referendum, because the politicians cannot face another two months like that again (and neither can I). The real problem is that nobody had any sort of plan for the 'Leave' result. Not event the 'Brexiters'.
35 or so years of denigrating the EU by comedians, politicians, and business people has paid off. Tragically the areas where the leave vote was strongest are the ones which most benefitted from EU regional development grants. We all remember the foolish reports of EU regulations (straight bananas, standard cucumbers, quiet lawnmowers etc.) but who can name the good things done by the EU? (The Eden Project, working time directive, 20 days paid holiday a year for employees etc.)
Now a London centric British elite will have the freedom to ignore the rest of the country and invest everything in London. Supposedly national institutions are already almost exclusively in London. The Sainsbury wing of the National Gallery, the British Museum extenuation, the Tate Modern extension, all in London. The photographic archive of the Royal Photographic Society, which used to be in Bradford now moving to the V&A in London, as decided upon by the (exclusively London based) V&A trustees.
I expect that there is legislation in the EU and Germany about faking your exhaust emissions tests, but who at VW has actually been proved to have done the coding, and allowed it into the engine management system computers? That shows either an amazing lack of quality control on the software configuration and testing or management interference.
If anyone has proved anything about a named individual, please post a link.
In the days of the 'Wild West' (a term invented by one of the Bronte sisters), the local sheriffs were also tax collectors. And, probably, similarly uncontrolled.
It just goes to show the deplorable lack of competent computer science teaching in this country, when the examinations are seriously flawed.
@Esme > You should have sent in a proposal at 4x(your standard daily rate) to rewrite the examination questions.
The photo of the Gugnunc aircraft appears to show leading edge slots on the main wings. Is this the first aircraft to have such a feature, or were there others?
I thought the Computer Misuse Act made illegal any activity on a computer not authorised by the owner. The use of the 'close' box for assumed assent is clearly questionable, as is sending out an ultimatum requiring an owner to choose a data in the next 5 days. And yes, I do know that Windows OS is licenced, but I believe the Act refers to misuse of a Computer.
I expect the MS board reckon they can get away with it as they have a near monopoly on desktop and laptop processing OS.
Richard Dawkins has been succeeded in the Oxford chair for the Public Understanding of Science by the mathematician Marcus du Sautoy. Clearly there should be an associated chair to promote Politician's Understanding of Science.
On the other hand, maybe applications for grants to study, say, unbreakable backdoors in public encryption would be more successful. Time to sharpen those quill pens, methinks.
... it can be difficult to fix one bug without introducing 'minor' issues like making a device totally unusable.
At a customer site once, I discovered that saving a Word file that contained a DOS command* as ASCII text, with a '.BAT' extension meant the OS treated the file as an executable and did just that. Access to DOS commands was forbidden to normal users. The supplier's 'solution' was simple - stop the users saving files.
It did sort of work, but the users, and the customer did not fully appreciate the Dilbertesque elegance of the solution.
(* If you don't know what a DOS command is, you haven't lived. OK seriously, create a Word file with jus the single line of text
dir | files.txt
Save it as text file but with a file extension of .bat
Double click on the '.bat' file and then open the file named "files.txt".
Now, try it again with the line
But ++only++ if you have permission.)
I voted for the Scot, William S Bruce, whose privately funded scientific research expedition was highly successful and came back with no fatalities and under budget.
So, no chance that a government / publically funded research ship would be called after him then.
Still, best wishes to the scientists and crew.
What are they calling the helicopter?
I shall attempt to affix a sign declaring:
"Warning: Contains Nuts"
I was going to write some insightful comments about what can be done, but frankly it is Friday afternoon, and I am just stumped by the idiocy described in the article.
I read a few months ago that a person had managed to get her passport photograph to include wearing a colander as it was a religious item, and she was a Pastafarian. And this too in the good old, rational (yet God-fearing) U.S. of A.
I'm off to the shrine of Apollo to sacrifice a goat in the hope of some enlightement.
The USA does not acknowledge the concept of "Human Rights", and has not, as far as I am aware, signed up to the UN declaration of Human Rights. They allow for citizens' rights, but only for citizens of the USA. Everyone else is at the hazard of uncle Sam's whim.
If a company can obtain financial benefit form use of people's personal information acquired by their government, then why not? After all Dick Cheney was head of Haliburton, became USA Vice President under George W Bush, who gave the contracts for 'rebuilding' Iraq after the fall of Saddam Hussein to ... yup, you guessed it, Haliburton. And no-one at all in the USA seems to have complained about this.
The USA also does not accept the jurisdiction of the International Criminal Court, because they are worried that their citizens would be prosecuted in it. In effect they are behaving like every major power in history. If it cannot be forced upon them they are not going to play by anyone else's rules.
On a bus to the airport a few weeks ago (yes, I do go on holiday once in a while) I heard a builder complaining that he had applied for some jobs form a company and not heard back. When he enquired, he got the impression that the jobs were fictitious, and the company was merely creating a list of suppliers of building services which they could then approach when a real job appeared, presumably for a commission.
Just because the DPA applies in the UK does not mean it is being observed here.
"And Cisco reckons plenty of security bods will be in another job in five years"
Not this one, no siree! I shall be retired in five years if I have anything to do with it (the Equitable Life pension fund disaster notwithdstanding).
As for 'selling' the idea of security, I've found the following to be reasonably effective:
Your staff are paid to perform work for your organisation. Appropriate security protects their work from being lost to your organisation, corrupted or stolen by competitors. And if your staff's work is not worth protecting, why are they being paid to do it?
And no, security should not be invisible or 'transparent'. We may live in 'the global village' but we still lock our doors when we go out, or go to bed. We want police officers on the beat to provide visible security.
For IT security it is really worth knowing which malware your firewalls are trapping - if you don't check then maybe they aren't actually trapping anything.
The real problem with senior management on security is their policy of "fix on fail". They will only fix something that is wrong if it has failed, either for them or for someone else. Try getting a new preventive measure through that costs money before any actual exploit has happened (and no, I don't mean patches for newly discovered vulnerabilities in software, there have been lots of reports of zero Day attacks for management to hear about to motivate them).
Most domestic burglar alarms are sold to people after the break-in.
And with the Cloud, and virtualised security features: we've got two firewalls and a DMZ with the MTA and web hosts in it. OK so it is all running on one box with one comms cable and VPNs providing separation, but virtualisation is so much cheaper and more easily scalable, so that's alright then, security saving money, innit?
<and B R E A T H E >
In my very brief career as a reviewer for mathematical Reviews, I got a paper to review and international postal coupons to send my words of wisdom to the journal. My own first research papers were accepted for publication after free peer review (I assume the reviewers did the work for free as I did not have to pay). I got free copies to send out (still got some left, actually, if you are interested)
Nowadays looking at 'prestige' academic journals, the author has to pay just for a 'peer review', then, if accepted a page charge or publishing fee, and an extra fee (in one case £1000) for making the thing freely available on the Internet to the general public, irrespective of length. (Electronics Letters is an exception, although as they no longer publish in information security, not helpful for me personally.)
The problem with starting a new, prestige, journal is getting it established, and as academic status is often based on first publication, you want to get your paper into the highest prestige journal you can find so that all the right people will read it, and your department will get the 'points for publication in the right places. That helps with the research grant applications later on.
As anyone who has tried to persuade management in a large organisation to do anything sensible knows, publishing your ideas is nothing, getting people to read and understand what you have said is everything. Would you rather publish in The Journal of Symbolic Logic (established, prestigious etc.), or 'Peter's New Logic Journal' (which may last almost as long as an entire issue and then vanish forever)?
"The Lady of the Manor must quit now. We know she is pally with David Cameroon "
Well the Tories do complain that the House of Lords does not represent the way The People voted in the general election, so maybe she'll get a peerage, I'm sure someone thinks she deserves one.
Several decades ago, while looking our of my open bedroom window, I was almost struck by a meteorite, a very small one (about the size of a pea). I expect that many people have been hit by a meteorite and not realised or even noticed it.
It does however seem strange that a meteorite of the size mentioned in the article could have caused a fatality in this way.
As for Karma, we do not know the location of the deceased's spirit, maybe he has achieved Nirvana, and the meteorite death was a quick way for the Gods to show their satisfaction and joy, leaving the rest of us here to suffer a little longer.
the extreme loyalty to their crew and passengers of the officers of the Medusa*.
(*Look it up)
The more people who put their personal data archives onto the one medium, using the same or similar protocols, the more motivation there will be in 900 year's time to have a working reader.
Having said that, I'm not really sure that anything much I have is actually worth preserving for 1000 years in a digital format. Although three is a chap (who was on the BBC Radio 4's 'Saturday Live') who is collecting an archive of 'ordinary people's' diaries (definitely NOT politicians) for future generations of social historians. (A shame my aunt's 'wicked stepmother' burnt her wartime teenage diaries, really.)
I wonder how they steer? I am guessing that the twin propellers may be used for left-right control, but what else?
.. the financial services.
Of course the regulators were warned about Bernie Madoff several times before his Ponzie scheme failed, and our very own LIBOR fixers got away with it for ages.
Why is it that only people who let off bombs and carry guns and knives should be caught and not the rich financial whizz-kids in the City of London?
(I think I may have just answered my own question there.)
Although the published first priority of government is the protection of 'the people', every government's real priority is to remain in power for as long as possible. (c.f. Robert Mugabe, Vladimir Putin, Tony Blair etc.)
The bad publicity attending any terrorist killing in the UK, is what they are trying to avoid, and to be seen to taking every possible measure to prevent terrorist activity (short of actually having a humane and equitable foreign policy, of course). Hence the bulk collection of data, so that the PM, Home Secretary, Foreign Secretary, Met Police Chief Commissioner of the day can honestly say:
"We did everything we could to prevent the recent outrage, but, unfortunately, although in retrospect we had the data indicating that these people were a risk, the system was too short-staffed / overwhelmed to catch this one, but hey, we did stop 27.759 other atrocities which you never heard of because the trials were held in secret and we can't talk about them."
Politicians can only publically accept zero fatality rates for terrorist incidents on their home territory, so they want to be seen to be doing everything possible (even if with a little thought it is counter-productive), because DC will not stand up at the Tory Party conference and say :
"We must balance public safety with public privacy. I am happy to accept that on average 3.5 people will be killed in terrorist incidents in the UK in the next 5 years because the benefit to society of the government not keeping bulk data on everyone's use of the Internet means that criminals will have greater difficulty in accessing that data thereby resulting in a lower crime rate and actually probably saving 35 lives over the same period."*
(*I have no idea of the relevant statistics, I made up the numbers as a 10 to 1 ratio for impact. Hive mind of el Reg, please advise on the true values.)
Jack of Shadows wrote: "So, EU. How do we get to a realistic set of guidelines that all the intelligence services might adhere to?"
Sorry, don't understand. You think intelligence services adhere to rules anywhere? That is like asking the NRA to agree on sensible on gun control legislation.
The fact is that it is the politicians and judiciary who will have to enforce compliance with the law on the USA's intelligence agencies, and here in Europe the relevant government and judiciary, and possibly the European Court.
But don't worry, once we've signed up to TTIP, the secret tribunals will all rule in favour of large American corporations' 'right' to send our data to locations in the USA and sell it to whoever wants it. Allowing the intelligence communities to take whatever they want, because the TTIP and similar trade deals are outside of national legislation so not subject to inconvenient things like the UK's or EU's Data Protection legislation.
We are all slaves to the 'Masters of the Unverse'.
The ESA landed Philae on a comet. Whoever owns the (universal) patents for a viable asteroid landing system will be in the money.
As for what mineral might be sufficiently valuable to be worth mining, palladium would be my guess. Platinum is quite cheap in comparison, on a par with gold. Definitely not diamonds: de Beers keeps the price of 'natural' diamonds artificially high, and artificial diamonds can be bought for as little as £5.
Possibly the only thing that would actually be worth bringing back to Earth would be a microbe or catalyst which took in atmospheric CO2 and exhaled ethanol or long chain hydrocarbons
@ Chris G
I thought is was Mr Amherst (after whom Amherst College is named), a Brit (probably English too lazy to look him up), who suggested or used smallpox infested blankets to kill off those inconveniently stubborn aboriginal Americans. Hence the reason there has been a bit of a 'to do recently' about his image at Amherst College, I believe.
Suppose, for the sake of argument, that life is discovered on one of the Galilean moons. Who then owns the resources of that moon?
The requirement not to contaminate outer space, is all very well, but does that include not killing extra-terrestrial life? Would that life have 'ownership' of the entire moon, or just the part it lives on/in? And what if the resources which sustain that extra-terrestrial life are exactly what the corporation wants to mine?
On a more mischievous note, does the new legislation apply to Guantanamo Bay? It is, after all outside the scope of the Constitution of the USA.
.. surely the Ravenking* has returned and will sort it all out?
(*Jonathan Strange and Mr Norell 'summoned' him moths ago, as I recall)
or am I getting my series's mixed up, like my metaphors?
(Nice to read (presumably) adults commenting on children's TV so seriously.)
As far as I know, JG has not actually left BT yet, it was merely announced yesterday that he is to leave BT to take over at Nationwide Building Society in the first half of next year.
I read the proposal as not banning other, non USA, organisations form mining the same celestial resources as USA corporations. Two or more could mine the same NEO in the brief window of opportunity that it lies within a reasonable distance from Earth.
The unanswered question is how governments on earth will resolve conflicts in space.
(I'm sure there's a relevant 'Red Dwarf' sketch, but I just can't think of it at the moment.)
... includes advising Enron on corporate finances.
My personal experience of some things McKinsey did for my company was a questionnaire which was poorly worded, and which I could not guarantee would give the same results twice, took over an hour to complete (in Q1 2014) and we've still not had the 'results'.
They seem all to have firsts in PPE from Oxbridge, never have had a job they actually needed or where they had to clear up their own mess and suffer the actual consequences of their own mistakes and have no knowledge of the pain their 'recommendations' inflict on the people doing the actual work of the organisations they advise.
Any current or former McKinsey staffers reading this, please, please correct me (if I'm wrong).
Bronek Kozicki > "2) spend money by hiring security specialist with veto rights on design and architecture of anything facing 3rd party"
That's a good 'un. You should be on 'Live at the Apollo'. Honestly, security experts with authority to stop something? Are you mad? That will never be accepted by the board, it might cost them money off of their hard-earned, well-deserved bonuses. You'll be telling them to treat their customers with dignity and respect next.
Two scams (neither of which I availed myself of):
1 The (overseas) seller of new goods sends the item and the original packaging separately. The item is sent as 'returned' or 'repaired' goods, so avoids v.a.t.
2 The (overseas) seller sends an invoice or receipt for substantially less that the amount paid thereby reducing the amount of v.a.t due on importing into the UK.
As I have done some work for HMRC, I let them know the details, but they were not interested as the amounts were too small.
One was a US company, the other from Hong Kong. Typically used for small high value items like prestige cameras, lenses, and binoculars.
(I'm guessing that were the items defective, getting a full refund would be very difficult - "Sue me then, do you want to admit in a Court of Law that you conspired to defraud HMRC?")
Biting the hand that feeds IT © 1998–2017