* Posts by streaky

1234 posts • joined 5 Jul 2010

Page:

Not auf wiedersehen – yet! The Berlin scene tempting Brexit tech

streaky
Silver badge

Re: There are more levels than that

Literally no way Scotland gets an indyref before UK leaves the EU, even hell freezing over won't do it - and the EU won't let Scotland in post that because their economy makes even less sense than Japan's does.

FWIW moving your company because of the front page of the mail is daft.

Once the UK leaves the EU it'll be much easier to get non-EU skilled migration into the UK and skilled EU migration to the UK isn't going to be anything significant in terms of visas, think I've said it before, the US visa system is extremely over engineered and it's never been a problem for skilled workers nor academics to get visas. Trump might be an exception to that but he's an extreme exception and it's still fairly easy.

EU's problem is free movement of people creates free movement of labour rather than free movement of skills (right now the UK needs skills not labour and we're getting labour not skills in contrast to Germany who need labour more than skills - generalisation but in numbers terms it's true). There's been a lot of data recently showing that EU migrants to the UK are vastly overqualified for the jobs they're doing and that's what's creating the friction. Once it can be brought under some semblance of control it'll finally be possible to find the right balance. We can't do that from within the EU.

What none of these cities have that London does is infrastructure, and those cities just aren't capable of resolving that. You can't just pick up a chunk of London and dump it in Dublin or Frankfurt or anywhere else, nor spread it around, it doesn't work like that and that's borne out by the numbers.

0
1

Shooting org demands answers from Met Police over gun owner blab

streaky
Silver badge

Re: no surprise

FOI Act section 31 sub section 2 is a thirty two headed monster from the deep. You'll never get information like this out of a police force - one of the many reasons the FOI Act isn't fit for purpose; you could boil the entire exemptions list down to "because we said so".

1
0

Boss swore by 'For Dummies' book about an OS his org didn't run

streaky
Silver badge

Moral of the story?

Don't be indispensable.

From that moment on Roger treated me like I could fix anything, and came to me with all problems

As somebody who's done this before at several companies and government related jobs, this here is the worst thing you can possibly do. The things I could tell you about how my week gets off track by Monday afternoon..

2
0

Drupal sci-fi sex scandal deepens: Now devs spank Dries over Gor bloke's banishment

streaky
Silver badge

Equals.

seemingly at odds with the whole "hey, let's treat women as equals" thing going on in technology right now

"Lets treat them as equals as long as they don't enjoy something we don't like" is what you mean.

Why do people put up with this nonsense? Be who you gotta be, if you like kinky shit go nuts, if you're asexual don't go nuts, and everybody in between do your thing - and lets stay out of each other's personal shit.

33
0

In case you had forgotten, broadband body warns of risks Brexit poses to sector

streaky
Silver badge

Fake News.

"It noted the UK has integrated over 40 years of European regulation and has benefited from access to the EU Single Market."

Unproven, data suggests otherwise, go next. Yawn, this is getting old, fast.

Article summary: bunch of people who don't know how the internet works or technical standards are developed moan about Brexit.

2
1

Internet Society tells G20 nations: The web must be fully encrypted

streaky
Silver badge

Re: About f'ing time encryption was pushed as compulsory on the internet!

Probably something to do with the education system being f**ked. On a technical level and on a general internet (and non-internet FWIW) engineering policy level there's no reason any of this should be a problem.

I don't know why anybody would have a problem with that who doesn't work for the NSA or organised crime - if there's an excuse I'd love to hear it.

0
0
streaky
Silver badge
Black Helicopters

Re: About f'ing time encryption was pushed as compulsory on the internet!

they are both perfectly good protocols for certain requirements

No technical reason for any protocol to exist that transmits data in the clear. It's not really a question of should it be crypted it's why shouldn't it be. There's no technical reason to not do that.

Also FWIW it's a standards track issue not a policy one. Just because a protocol or usage of a protocol looks unimportant or like it doesn't matter if it's transmitted in the clear doesn't mean it won't some day no longer be the case or in the right hands provide useful information to attackers. Hell, look at the sordid history of DNS for proof.

The internet is broken and crypto of all protocols - all the time - is how we fix it. If nothing else it'll make pervasive mass surveillance a pointless exercise in futility - it is already but it should stop governments getting ideas above their station.

1
1

Mark Shuttleworth says some free software folk are 'deeply anti-social' and 'love to hate'

streaky
Silver badge

Re: Interesting

Clearly the linked community is actually rather active

Slightly propagandist take on the issue no? People use google+ because their platform forces people to when engaging with google sites, but they're minimally engaging with google+ itself. Which is perfectly fine but not at all what google intended for the platform.

It'd be like twitter not really being used and just providing identity services for all twitter's other sites (this is not a thing but I'm saying on comparable terms if they did own more properties). Like I said it's fine and does work for google but that doesn't really make google+ a "thing".

I can't see them ever killing it per se because it's how they unify their services together but lets be reasonable about it..

0
0

US border cops must get warrants to search citizens' gadgets – draft bipartisan law emerges

streaky
Silver badge

Re: non-citizens have an easy fix

Ask your government to flag any US congressman entering your country for a full search of their electronic devices

Have any US congressmen ever actually left the US, like, in their lives?

8
1
streaky
Silver badge

Re: Can Canada sue?

Or the Canadian could bring action against the USA for imposing a blockade on air travel.

If it's related to security* the WTO can't do anything.

* It doesn't actually have to relate to security they just have to claim it does and they're golden, else this laptop nonsense would have been in front of them by now.

12
0
streaky
Silver badge

Re: Another political 'feel-good' move

One if using a cluster bomb otherwise it's three

Yeah, maybe don't tell them about your 'reg account.

14
0

Startup remotely 'bricks' grumpy bloke's IoT car garage door – then hits reverse gear

streaky
Silver badge

Re: Got What He Deserved

God save us for the crap that's coming with IoT

Wake up and smell the apocalypse when governments, local and otherwise, start IoTing the shit out of everything. What we need is that nuclear power station and all those street lights and that bridge to be cloud connected so it can be managed by app from India. Oh cool we can fire all the people who work there now.

3
0
streaky
Silver badge
Facepalm

Re: re Why do you need the intermediate server, which is just another thing to go wrong?

my housemate wanted to be able to control the central heating from her smartphone

Sounds completely - completely - pointless. If you need to change your heating settings more than a few times a year it's probably set wrong or you don't understand how timers and thermostats work and probably shouldn't be allowed near an app anyway.. Just throwing that out there.

34
8

Assange™ keeps his couch as Ecuador's president wins election

streaky
Silver badge

Re: Immunity

I don't know if the outstanding warrant would still apply

He's still a bail skipper that would spend the time in jail on remand until it was all sorted out, which could take years.

0
0
streaky
Silver badge

Re: Did Wikileaks release any info on the opponent?

The thing that worried me the most about Assange's certainty that Wikileaks didn't get the DNC material from Russia

Right? He's so absurdly confident that it wasn't Russia the only way he could be sure was if the Russians had told him to say it wasn't Russia. Even if it was Russia he still hasn't done anything wrong in US law. The only other way it could be not Russia, and he knows for sure AND he's worried about US extradition is if he's more talented as a hacker than the record suggests he is; in which case he really does have something to worry about.

Thing about tradecraft is if your org is being infiltrated you're not supposed to know you're being infiltrated. Unless he's polygraphing everybody (which is itself massively unreliable) or subjecting them to fairly extensive torture - both of which are extremely unlikely - you're not *supposed* to know.

If you believe Assange he's already been caught in one honeytrap (CIA), two isn't exactly out of the question.

0
2
streaky
Silver badge

Why would Trump give a toss? FWIW most people can't really figure what Assange has done wrong in US law else there'd have been a extradition request years ago..

3
0
streaky
Silver badge
Trollface

Re: Did Wikileaks release any info on the opponent?

Not handed off by Russia obviously, Assange would know. Because he knows all of Russia's ops obviously that's how he'd know. Oh, wait.

1
1

Uber wasn't to blame for robo-ride crash – or was it? Witness said car tried to 'beat the lights'

streaky
Silver badge

Re: Pelican crossings

BTW -- "Pelican crossing"...? I've heard of "zebra crossings"; why "pelican"?

Don't forget Toucan, Puffin and Pegasus Crossings. I actually saw a Pegasus crossing for the first time a few months back but alas I forget where...

Also FWIW flashing amber always means you can go but give way to pedestrians (in the UK, to be clear).

0
0
streaky
Silver badge

Re: Yellows, no

My (admittedly extremely limited) understanding of US road rules puts rules on yellow/amber lights roughly the same as they are in the UK - which is to say that you're supposed to stop unless doing so is dangerous in some way. That's a judgement call that you might some day have to justify but certainly it should never ever be dangerous to what's behind you in any circumstance unless they're doing something they shouldn't be (and that's a universal reality).

1
1
streaky
Silver badge

Re: Missing an item

Eyewitness accounts are wildly unreliable. I'd be happier with video evidence.

FWIW attributing fault can be a complex issue with road traffic incidents, usually best left to insurers - those are the guys who will ultimately decide if Uber's cars are fit to be on the road.

5
0

Reg now behind invisible HTML5 Bitcoin paywall

streaky
Silver badge

Seriously though..

I tried this once as an experiment a few years back on one of my sites to a percentage of requests and it is, technically, a thing. Didn't really get out the lab because mining bitcoins even with asics is a complete waste of time but it was interesting.

0
0

Indian Business Machines? One-third of Big Blue staff based there and Bangladesh

streaky
Silver badge

Re: How to leak information...unintentionally

No the average management bod doesn't equate tech pay with quality of work. The look at people who do technical jobs like the person who empties the waste paper bin and cleans the toilets. Never mind the fact most of India's best tech people are probably working in the US and Europe already.

If I was dumb enough to be an IBM shareholder this stuff would bother me a great deal. But I'm not so..

IBM sales haven't grown because they're all about java, mainframes and patent exploitation - the first two are massively out of fashion, even in the classical places they did well. The patents they're creating have limited commercial value due to problems making the thing they're working on actually commercially viable. Millipede memory is the classic example, it was supposed to be the future of storage and they never saw flash coming which completely wiped out their ability to ever sell it and they had to write off all the investment they put in - and they couldn't really get it working right anyway.

The only thing IBM is renowned for being good at is AI and it's not exactly an area you can count on investment in. They obviously do a lot of business with governments but again, in times of tightening government IT budgets those sales can be extremely unreliable. The only time IBM ever got really crazy when they bought softlayer and all they've done with softlayer is pushed them to stuff they were already doing - as opposed to widening their business (and thereby sales) appeal.

4
0

I need an ISP that offers IPv6. Virgin Media: Whatevs, nerd

streaky
Silver badge
Flame

Re: need? really?

Sounds like either a return to or reconfirmation of Plan A: create an IPv6 backbone and carry encapsulated IPv4 traffic over it. Made sense back in the 1990's, makes even more sense now given the massive increase in consumer usage of the Internet.

It's not a return or reconfirmation, nothing has changed this is how it's done - the problem is there's a lot of ISPs who have as far as I can tell been badly advised by either vendors or consultants with regards to digging them out of the mess they caused themselves by not investing in IPv6 years ago.

There's no reason for any ISP to be using CG-NAT on its own. There's also conversely no reason to deploy pure IPv6 solutions to customers. Give people private IPv4 addresses AND public IPv6 assignments. CG-NAT the IPv4 requests (there's other ways to deal with this but given companies have wasted cash on GC-NAT gear this is probably easiest for them).

This is all very easy, and they've gone out their way to make it hard.

It's most egregious with Hyperoptic (I keep bringing them up because they're my ISP and I'm familiar with the damage they've done to their reputation despite otherwise being a great network and having a lot of goodwill shoved their way - the things they could have done with the money govt gave to BT) - because they're a new network with new gear and they should have had an IPv6 plan from day 0. Surely they would have seen they were going to have IPv4 availability problems. What did these people think was going to happen? Somebody would lift up the sofa cushion and find a few /8's they could have?

2
0
streaky
Silver badge
Mushroom

Re: need? really?

I would think ISPs will deploy carrier grade NAT before they deploy IPv6 to the end user, especially for existing customers

No this isn't how it works. You deploy IPv6 and THEN CG-NAT for IPv4 traffic. What you're describing is the incompetent nonsense Hyperoptic pulled. People have been trying to hit them with a cluestick ever since they BROKE their network. If you just roll out CG-NAT without lubricant things get sore.

7
1

Miss Misery on hacking Mr Robot and the Missing Sense of Fun

streaky
Silver badge

Re: Seen some of the first season.

who gets on a private plane to fly to a remote lights out DC and fiddle with some servers that are being hacked? if its that important either have remote kvm access, out of band access even if its by dial up, or have someone at the DC that can either turn something off or is skilled enough to stop the attack. Its cheaper and quicker than driving to an airport, getting on a private plane and then getting to the DC at the other side. even with dial up out of band i'd be able to sort a remote server or network device quicker than the drive to an airport from an office.

Uhm, you've clearly never dealt with remote hands, aten-based IPMI (which they all are and garbage and prone to failure) or general shit hitting the fan with critical hardware/software before on complicated issues. I've done everything but the private plane bit, and frankly in the show it wasn't clear if it was a private plane or chartered. When shit really hits the fan even true OOB management can and does fail - and is often a pain in the arse to arrange in cages, which this clearly was. Sometimes it really is just easier to show up and fix it.

4
1

Manufacturers reject ‘no deal’ Brexit approach

streaky
Silver badge

Re: Speculating

the best case scenario appears to be that the UK gets the same deal as other EEA countries, which can be summarised as applying the same rules as the EU (including freedom of movement of people, goods, services, and capital; plus rule of law, democracy, human rights, and all that) but having no say on what the rules are in the first place.

Neither remainers or brexiteers would like this option which makes it *extremely* unlikely. I think we'd remain in the EU before this happened which would lead to a lot of "over my dead body". The next option to a sensible deal would be we just leave and let the EU get on with it.

0
0
streaky
Silver badge

Re: It'll be fine

Thats nowhere near the point - it's not up to this government to trade away their rights

Their rights aren't being traded away. They can stay as they are and leave the EU with the UK or they can hold a referendum and be either an independent state (I'd advise against this, strongly) or become part of Spain and remain in the EU (gl with the tax thing). That's not a trade, that's they can chose their future. I'd put good money on what they'd chose to do because I know the reality. Gibraltar has a lot of options here, they can do whatever they like, but the idea the UK should drop everything for them is patently absurd.

Thanks for showing that at least some Leave supporters aren't interested in genuine negotiations though

I have no problem with negotiations with people that have found grip on reality. There's no grip to be found with the average remainer is the problem. The other thing we've learned is a basic grasp of economics, politics and democracy escapes them - which shockingly is probably why they want to be in the EU in the first place.

0
3
streaky
Silver badge

Re: It'll be fine

Those numbers are only what they are because we're *forced* to push trade to the EU. Point still stands, 10% (which is beyond an extreme worst case) loss (which isn't going to happen for many many reasons but lets pretend it did) equates to 4% real terms. 20% would be an ~8% worldwide trade gap to fill and frankly if 20% happened it'd be the end of the entire economic system globally because there's no reason for EU exports to fall 20%. They're going to fall worst case to whatever the tariff figures would be minus currency fluctuations (thanks Obama) and we already know what those numbers are. And that's worst case scenario territory.

people in Gibraltar are getting very irritated by the sweeping, and occasionally offensive, generalisations made by a lot of UK politicians right now.

*crickets*

I'm sure Spain will have them back. I was offended by the idea that the UK should base its entire foreign and trade policy on the votes of 20k people.

1
14
streaky
Silver badge

Re: It'll be fine

That has still to be seen.

There's a fairly large catalogue of evidence this is the case though, it takes the EU way way too long to do trade deals even when they're reasonably simple - and even then deals usually hang on a knife edge because of some nonsense.

If May, as she indicates she will do, goes into negotiations effectively saying "fuck you, we're prepared for these negotiations to fail, despite the massive collateral damage this will cause to both sides," then it's hardly a good strategy for dealing with the other member states.

I don't think those are the words she'll use up front but I suspect it's where it'll end up within 12 months.

You brought them to the negotiating table so if you want to soften their perceived intransigence, this strategy is pretty much guaranteed to achieve the opposite.

Fairly sure it's just a play to buy time to get diplomacy back up to speed. I'm a brexiteer as I said, I have no problem dealing with the EU as long as we're outside it and I don't particularly wish them ill although many groups of voters that will be left inside it should - I just don't see a deal being a thing that's going to happen beyond very broad issues. Certainly duty-less single market access is an impossibility as far as I can see. A EU-UK banking regulation agreement (or treaty) is fairly likely - the EU needs the cash flows and the Euro trading centre that London is and it'll save the EU from having to move the EBA which is looking like it'll do more damage to solidarity within what remains that Brexit ever could so it's a win-win for both sides. Intel, Europol, things like that look likely. Just not the single market. Again, that's fine, the EU is not a big export partner for the UK and it's not like those exports will cease to exist merely lose volume. 10% of not much is not much, and it's easily filled by trade expansion outside the EU. That's how we win.

Before somebody cries - despite the noise that's made if the EU cuts off London from the EU financial markets the jobs don't magically appear in Paris and Frankfurt what happens is the banks move to New York and Hong Kong and the funding flows into the EU slow down dramatically. They're welcome to give it their best shot though, I'll supply the popcorn.

5
5
streaky
Silver badge

Re: It'll be fine

There's no way to get a deal with the EU. They're intransigent no matter how much it benefits them and have a habit of focusing on silly side issues at the expense of dealing with the core issue. There's no way they'll agree to any deal as far as I can see, and I doubt an extension will either be acceptable to either the EU or the UK electorate.

I'm fine with all this because I voted for Brexit and we don't want a deal, multilateral trade deals are abusive. Just saying if you think there's going to be UK access to the single market as it looks now you might need a reality check. Duties are the price that we pay for accessing markets.

As for manufacturers they're welcome to move out the UK - but they should recognise that duties apply both ways.

6
21

UK digital minister Matt Hancock praises 'crucial role' of encryption

streaky
Silver badge

Re: opensource protocols

There is legal precedent in things like DeCSS and with encryption America's own export restrictions on cryptographic code.

Precedent in that it didn't work in a time before the internet was really a thing outside academia. I'd actually pay to see them try this. Good money.

Until they actually attempt it arguing over this is a bit stuck record like, the talking points are well covered but we should be ready to mobilise the day it ever actually is a thing.

Plus FWIW DMCAs at github won't work. Github would refuse and take it to court and US courts wouldn't allow it - and they can't block github in country because people like me would have them in court. Regardless even if all that proved wrong there'd always be somewhere you could get your bootleg copy of openssl.

2
1

UK Home Sec: Give us a snoop-around for WhatApp encryption. Don't worry, we won't go into the cloud

streaky
Silver badge

Re: perhaps itself encrypted with a key known only to law enforcement

My dear Streaky, PGP is very much a thing, You should google it.

Nono don't misunderstand, I know it's a thing, I'm telling you it doesn't work like you think it does.

4
0
streaky
Silver badge

Re: I wonder how...

I'm already using bitmessage and I have the source backed up, so they can do what the f they like. On a technical level the things being discussed are absurd. Nothing said by Rudd passes the laugh test.

8
0
streaky
Silver badge

Re: Colour me surprised

But if you know better, please explain in detail why this is the case - as I just aded to my post, this method is used by PGP amongst others, so I'm sure they would be delighted to hear your analysis.

What are you talking about. That's not a thing.

There is clearly an ability for a third-party to decrypt - that's the point - but it's not a technical weakness

It's a weakness that's been intentionally added by technical means. It's literally the definition of a technical weakness. It's not even a back door; it's a front door. We copy your data and use it as we see fit is not a private communications service any longer. People leave whatsapp and use stuff with even stronger privacy and crypto strength guarantees so they can't break it when applying massive computation to it. Better for the security services? Nope, I don't think so.

23
2
streaky
Silver badge

Re: Colour me surprised

However it's possible to encrypt the session key again with a second public key. The corresponding private key could be held by WhatsApp, perhaps itself encrypted with a key known only to law enforcement. WhatsApp (or whoever) stores the encrypted chatter between devices, and can decrypt it with that private key as required.

The fact you don't understand this is the introduction of a technical weakness is a problem.

For starters you double the chances of the [a] key leaking - that's a technical weakness that you've introduced. Secondly it's no longer end to end encrypted it's "end to end and we copied your shit and have the key" - at that point the service is *useless* for privacy and people will go elsewhere.

These services exist because governments and security services can't keep their nose out people's shit - doubling down on that is not going to make it easier for security services it'll make it harder.

38
0

UK.gov confirms it won't be buying V-22 Ospreys for new aircraft carriers

streaky
Silver badge

"long-range combat search and rescue" is code for special forces ops.

"long-range high-speed delivery of mission essential spares and stores" - it's called a C-130 and they're cheaper to get off the ground, and shift more/bigger mass, faster, for way cheaper.

They're a pig to fly and easy to crash, which is why it happens often. Use a plane or use a heli, there's no requirement for in between for UK forces. There's might be for US forces but honestly I doubt it, there's a reason the US navy AND the secdef in the US were against the project - it's not really fit for purpose or really any other purpose. US army in the end smartly ran away screaming.

0
0
streaky
Silver badge

It's probably not even down to economics. Flying them isn't like flying or helis or like flying normal turboprop aircraft. You're gonna need special training you probably don't even need and you can't even import it from the RAF because they don't use them.

Plus yeah not for nothing forecourt cost of these things is 70 million USD regardless (and you're going to lose them because they're not exactly subtle), for capability you might not need - they didn't use them when they took out bin laden did they? Use helis with close air support provided by f-35 or other helis or jump out a plane or frankly just flatten the place and call it job done. I don't get why this is even up for discussion. UK would never try to capture bin laden (equivalent mission) he's never going to come quietly, we'd just mess his shit up with tomahawks or something.

The US has all these aircraft and is having to go out of its way to justify their purchase by finding operations for them you don't actually need them for or they're completely inappropriate for. I'd like us not to do the same thing.

3
0

Good news, everyone! Two pints a day keep heart problems at bay

streaky
Silver badge
Pint

Re: A question

One of my favourite scientific subjects is what's known as the French paradox.

Simplest explanation is the idea that they're actually really terrible at attributing death in their statistics.

If you look at single-outcome deaths you can make all sorts of claims about all sorts of things; problem is when you look at all causes. That lower heart risk might also associate with higher risk from liver disease or cancer or aortic dissection or gangrene. This is all a roundabout way of saying I like coffee.

1
0
streaky
Silver badge

Re: A question

What is the cause/mechanism that gives 'never drinkers' a worse outcome than moderate drinkers?

Could be something as simple as stress in never drinkers. Entirely plausible. Study doesn't look at all cause deaths is what I'd draw attention to.

1
0

Ubuntu splats TITSUP bug spread in update

streaky
Silver badge

Re: Chekov here: my nyetwork

Curl in php-fpm reacted very badly to this. Thought it was me - used nscd as a workaround which solved it in the end but holy hell.

1
0

What should password managers not do? Leak your passwords? What a great idea, LastPass

streaky
Silver badge

Re: The perfect Password

Brute force attacks do not care which characters humans use.

Yes, yes they do.

Iamsostupidthatiforgetmypasswords%^£thetime2000 is way - way - stronger than Iamsostupidthatiforgetmypasswordsallthetime2000.

Larger the key space the less feasible the attack. Adding an extra possible character increases the complexity by an order of magnitude. This stuff isn't even complicated.

6
5

The world's leading privacy pros talk GDPR with El Reg

streaky
Silver badge

It's a commission regulation. It's arguably worse in many respects, when the European Parliament tried to get the fines (modestly) increased the commission did the normal EU thing and took them out to the woodshed and bashed them with a 2x4 until they complied - and it's still enforced by the Art 29 clowns under a new name. Same shit, different day. Also it's going to be all on Ireland once again and they're - again - mysteriously (nothing to do with tax collected, obviously) not going to have the resources to deal with the issues that arise. It exists purely to annoy US companies and promote the *appearance* the commission recognises the existence of the Charter rather than actually give EU citizens any protections.

The day the UK manages to leverage itself out this shitshow...

0
1
streaky
Silver badge

The UK will have a law that pushes all EU laws into UK law. But experts, or something, lol. Yeah you're completely right such a law won't need to exist because it explicitly already will. I suspect parliament might chose to remove a lot of the GDPR stuff because it's mostly garbage written by the same idiots who with stunning naivety brought you such hits as 'Safe Harbour' and their follow-up smash hit 'Privacy Shield' - no saying how many years that will take though.

There's no reason the UK needs this to exist in own laws, if companies want to deal with private data of EU citizens post leave they can chose to follow these rules for their data. Or chose not to deal with the private data of EU citizens (why would you want to anyway?).

0
1

Confirmed: TSA bans gear bigger than phones from airplane cabins

streaky
Silver badge

Re: I'm sorry for my country.

Tell us all how we were supposed to put a decent person in the White House when both choices are horrible?

Devil's advocate: by understanding that one's reputation is caused by the other and might not, actually, be factual.

The fact that there's people still saying they're both as bad as each other is exactly how you get yourselves into this mess.

3
0
streaky
Silver badge

Re: I'm sorry for my country.

I doubt this is trump, even he isn't *this* stupid. There's no obvious or non-obvious security or safety reason for it. Somebody at TSA thinks they're smarter than they actually are wild guess.

After decades of the US not really giving a shit about aviation security or safety one incident leads to huge overkill response rather than sensible measures. Nothing you can do with a laptop you can't do with a phone. Plus nobody involved has clearly every tried to actually open an iPad it's fairly clear. Not easy.

Wanna see the sharp glass I can get from a smashed phone screen? You're welcome, air travellers!

12
0

Git sprints carefully towards SHA-1 deprecation

streaky
Silver badge

Using two separate hash functions on the same doc would do it to be fair. If you used say md5 AND sha-512 the changes of there being a collision in the same input in both functions is infinitesimally small. It's mathematically effectively zero.

Yeah it's not the intent of hashing in git, arguably a side effect to a certain standard though. I'd pay good money to see somebody produce a collision and the resulting file not be garbage mind - therefore it would detectable in other ways.

3
7

Friday security roundup: Secret Service laptop bungle, hackers win prizes, websites leak

streaky
Silver badge
Facepalm

Re: Permission

Sure, Streaky, you know more about security than the USSS

Plis most of us here work in tech and many of us work in information security. "know more" - I'm commenting on the naive PR guff they put out not their actual procedures but the naive PR guff they put out is extremely naive. That's why I mentioned it.

2
0

GCHQ dismisses Trump wiretap rumours as tosh

streaky
Silver badge

tr1ck5t3r is not mad.

He's certainly angry about.. something.. and the "mad" part is strongly debatable.

His points regarding the extent of digital information collection, surveillance and monitoring are spot on.

Corporations collect personal information. Spending habits, personal details, photos, phone and email details, browsing history to name just a handful. This info is easily obtained by the TLAs.

It's not *easily* obtained but it is obtainable. Those are not the same thing. The problem is what comes next...

The NSA/GCHQ et all are fully connected to all ISP backbones - your network traffic IS monitored.

This is partial truth. They've been and probably continue to be able to access traffic flows between key points in the internet infrastructure and the carriers have been and are complicit in that. Where it breaks down is the tin foil hatter response of they can actually monitor all this information for every person all the time. They have to get useful intel out of the data they collect, and they can't monitor every packet because the flows are obviously far too big for that level of data collection - it'd take a secondary parallel internet infrastructure to make that work and it simply doesn't exist. The fact it obviously can't work as an intelligence tool is the entire problem with it. If it worked it wouldn't be so easy to question it's existence but it missed key events like the Boston bombing and the (numerous) Paris attacks so why should we have to give up privacy for a system that can't possibly - and provably doesn't - work. There's no amount of funding that can make the system they've (apparently) been trying to put together actually be functional at doing this.

None of the above is in dispute - multiple sources not of the tinfoil hat brigade show this to be true. Just look at the revelations of Snowdon or any number of articles on El Reg.

Snowden docs never really stated this though, you have to be clear about what Snowden actually said and not reinterpret them to mean they have more capability than they really do. They've gone too far but we're in the zone of total capability on all devices at all times and nobody is safe and the agencies concerned clearly don't have that; and nobody has said that - including Snowden who was running rings around them at the end, and arguably continues to with fairly basic security measures, crypto being a key one.

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017