* Posts by SolidSquid

684 publicly visible posts • joined 13 May 2013

Page:

Official: Toshiba pulls out of European consumer PC market

SolidSquid

Re: Ah, well

> Apparently windows VM's run pretty well under OSX.

If this is for a business though then that VM would require a separate licence for Windows, adding a not insignificant chunk of change onto the change of what's already an expensive machine

FBI v Apple spat latest: Bill Gates is really upset that you all thought he was on the Feds' side

SolidSquid

During the discussions on the UK security bill, it was also pointed out by a former NSA director (I believe) that the amount of data they're getting is so much it's actually making their jobs *harder*, not easier, because there's no way for them to parse through all of it. So even if they can't access some phones directly, doesn't mean they're not getting an absolute ton of information, and even if they *could* access that data, doesn't mean they'd be able to use it

'I bet Russian hackers weren't expecting their target to suck so epically hard as this'

SolidSquid

Re: OmegaIsNull

I'd agree that the omega == null example wouldn't work, but given that the boolean value is already false, is it really necessary to include the alpha == null condition? I'm pretty sure it could be simplified a lot, even if it's not in the way they suggested in the article

'Leave' or 'Stay' in the referendum? UK has to implement GDPR either way

SolidSquid

Re: LEAVE EU would actually STAY in the EEA

As I understand, staying in the EEA would require negotiating something similar to what the Scandinavian countries have, but wouldn't be automatic and what we got out of such an agreement would depend on how the negotiations with the EU went after we left

US DoJ files motion to compel Apple to obey FBI iPhone crack order

SolidSquid

Re: Chain of evidence

Actually, even if Apple were to agree to this, the chain of evidence issue still applies. Are the FBI going to fully audit the software Apple provides before running it? *Can* they fully audit it with the device still locked, since they won't know for sure what it'll be interacting with? If no to either, can anything on the phone be considered evidence any more, given they ran software which could potentially have modified data on it?

SolidSquid

Re: Something doesn't compute

> Er, mixed messages. In their domestic legal systems may be, but that was not the only 'jurisdiction' in play.

> Hitler, had he been captured alive, would have ended up at the Nuremberg Trials like all the other senior Nazis did.

Being charged under laws which were written post-WW2 specifically for the punishment of the crimes committed by the Nazis and their allies and to prevent anyone else committing the same atrocities. While I'm not saying I agree with what they said, at the time they committed the crimes their domestic legal system *was* the only juristiction in play, it's just another one was created post-war so they could be charged.

And asserting Apple could technically do this isn't the same as them actually being able to, and certainly not the same as them being able to do it in as narrow a context as the FBI claims they can. They may well be fighting this to prevent a precedent being set rather than because, in this specific case, they don't want to cooperate

SolidSquid

Re: I am surprised ..

They can, but it's time consuming and they don't want to spend the money necessary to do so, so they offload that cost on to a third party

SolidSquid

Re: Here's what you do tim...

- what if Apple can't/is unable to, successfully*,--whether subject to un-appealable compulsion or after considered capitulation--re-arrange the phone into the desired configuration to satisfy their enslaving TLA?

Given this work is supposed to be specifically for a single device, they'd need to be doing any testing against the phone itself which could potentially run afoul of a software bug. The alternative is developing it with other phones for testing in a way that can then be safely moved to the iPhone which is part of this case, which would undermine the claims it would only work for one device

SolidSquid

Re: No, not really

> You think that, because you're Neu Tek and Oh, So Special!, that the laws don't apply to you...nor, to this case. But they DO.

It's not a question of whether the laws apply to new technology or not, it's whether the courts can compel a company to do a significant amount of work (in this case writing up a work around for their security systems) which will have a clear detrimental effect on the company itself, despite the company having done nothing illegal

Even under the same rules which would allow the FBI to get a warrant to search a safe, which is the closest parallel I can think of, they wouldn't be able to get one in this case, as that would require the FBI to provide evidence of *what* they know is on the phone, whereas they've just asserted that they think there's more data there than in the iCloud

SolidSquid

Re: Nope...

> Nope. Ubuntu is just as subject to US law as any other software. It doesn't have some magic exclusion.

Nope, Canonical is UK based, not US, so isn't bound by US law. Technically they could probably be compelled by the UK courts, but given the UK HQ is largely a technicality there's nothing to stop them just moving to a new location to avoid it

All-American Apple challenges US gov call for iOS 'backdoor'

SolidSquid

Even putting aside the (very important) issue of encryption and the bypassing of it, this does raise the question of how much a court can compel someone to do. Can the court require a company to develop new software without any compensation for it? If so what other companies could be compelled to work for free under this precedent?

New Monopoly version features an Automatic Teller Machine

SolidSquid

Re: Does it include ATM downtime?

"Your debit card was eaten. Lose the ability to swipe your card for 3 turns"

Brit spies can legally hack PCs and phones, say Brit spies' overseers

SolidSquid

Didn't the NSA run into similar issues after Snowden's files were released? I seem to remember there being talk of them being banned from attending DefCon at one point (yes, I know they couldn't enforce it, but it would be legally annoying and was probably intended as a token gesture)

I wonder if this is going to be what causes them to implode, not some big scandal but just a brain drain as more and more of the people they would like to hire turn away in disgust, leaving them with a smaller pool to hire from and probably a less qualified one

IT's Holy Grail, but is DevOps a Poisoned Chalice for sysadmins?

SolidSquid

Re: Bring on the Future

I've been messing about with Ansible and it's been pretty nice so far, although largely I've been using it to build a local development environment. Documentation seems pretty good now too, which I understand was an issue it had previously

This is why copy'n'paste should be banned from developers' IDEs

SolidSquid

man true: returns true

Don't Fedex your tapes, people! We're so fast it's SANdulous – WANrockIT

SolidSquid

Quick check of Amazon, a WD Red 6TB weighs 753g, so estimate for weight isn't far off but you can up the number of exabytes per plane to 6, making it 150TB/s

Alibaba security fail: Brute-force bonanza yields 21m logins

SolidSquid

Re: 2 factor?

It's a way of offsetting liability. If the company recommends 2FA and you don't use it, well they of course can't be held liable for any breaches if you haven't done as they recommended

Remember Netbooks? Windows 10 makes them good again!

SolidSquid

"Remember Netbooks? Windows 10 makes them good again!"

"The overall experience is not so pleasant that I'd use the machine for everyday tasks or foist it on the kids"

Surely these two statements are contradicting each other? If Windows 10 "makes them good again", surely that would mean they're usable on an every day basis and would make an ideal machine to pass on to your kids to use, as they would have been when they first came out

I realise there's a lot of people throwing about "just install linux" (and people annoyed at it), but in this case it does make sense. I've got an old Acer Aspire One which is running Linux and is a perfectly serviceable machine still for browsing, youtube and word processing. It's never going to run an IDE, but even when it came out that was a restriction on it because of the limited RAM expandability, but it definitely runs better with Linux and can do a lot more than you describe your machine in the article being able to use now you installed Windows 10

Official UN panel findings on embassy-squatter released. Assange: I'm 'vindicated'

SolidSquid

"As the UK is not a party to the Caracas Convention, we do not recognise ‘diplomatic asylum’."

This might be the key point raised by the UK. It sounds like (and I'll admit, I haven't read the full judgement) the UN court's opinion is based on the idea that "diplomatic asylum" (which is seems is largely intended for extracting diplomats from war zones) should be recognised by all parties under this convention, but the UK not being a signatory is not bound by it and so does not have to recognise Assange's "asylum" claims

edit: Also from a quick look for the convention, it seems it largely deals with things like ships, which are able to transport a person back to the country they were granted asylum to, rather than an embassy. If Ecuador were to put him in a diplomatic vehicle he may well have been able to leave safely under this convention (if the UK was a signatory), but they haven't done anything to try and extract him either

SolidSquid

We have nothing other than Assange's assertions about the possibility of rendition though. Plus Sweden has refused to extradite people to the US previously, and under EU law would need to do so in this case unless the UK was willing to sign off on it as well (one of the conditions for the EU arrest warrants). Frankly, he had a higher chance of being extradited by us to the US than by the Swedes prior to the high court case where the European arrest warrant was ruled to be valid

SolidSquid

It's worth pointing out that the UN decision is not a "judgement", but rather an opinion, and doesn't have any legal standing (whether it might lend moral weight is more of a grey area). It's also not a unanimous decision, the representative of Ukraine wrote his dissenting opinion and pointed out it was pretty ludicrous to categorise jumping bail and evading arrest as "arbitrary detainment"

IoT lacking that je ne sais quoi? Try the IoTSP

SolidSquid

"Internet of Things, Services and People"

So... the internet then?

UK taxpayers should foot £2bn or more to adopt Snoopers' Charter, says Inquiry

SolidSquid

Re: if they collect every ICR ...

Classic counter intelligence work though, pretty much what we did to prevent the Nazis properly countering the Normandy landings

SolidSquid

Re: if they collect every ICR ...

1) Plant virus on machine

2) Have machine generate ICRs which are known to get red flagged

3) Virus self deletes

4) Target is investigated for working with terrorists etc, with plausable enough evidence they did it that their public persona is tarnished indefinitely

SolidSquid

"We need our security services to be able to do their job and prevent terrorism, but as legislators we need to be careful not to inadvertently disadvantage the UK’s rapidly growing Tech sector.”

Or, y'know, infringe on the rights of the general public. I realise making money is important, but it's not the *only* consideration with regards to whether this is a good idea or not

Leak – UN says Assange detention 'unlawful'

SolidSquid

I'm curious what the details are on this if it's true. Seeing this is a ruling which should be based on international law, it should detail what aspects of his staying in the embassy are a violation, and also likely depends heavily on how the question to them was framed

Assange will 'accept arrest' on Friday if found guilty

SolidSquid

Re: Its not "rape" as almost every other nation understands

From what I recall the reason it was considered rape (or a variant of it) was that she had given consent on the condition that he wear a condom. If he continued despite knowing the condom had been removed or removed it himself without her agreeing (which was what I'd originally heard) that would mean that condition had been broken and it would no longer be considered consensual, even if she hadn't been aware until the end, and would be considered a crime in the UK as well.

I'm sure there was also an accusation that he had sex with her again after she was asleep, when she would be unable to give consent and so would be considered rape pretty much anywhere

SolidSquid

Re: Don't like his chances

"It would be hard even for them to show that an offence in US jurisdiction had been committed."

Iirc the closest they've come to a valid complaint is that he (apparently) assisted in the removal of the classified data by advising Manning on ways to remove it without being detected. It's still pretty flimsy, and depends on him being able to be charged for conspiracy to commit a crime while not within US jurisdiction, but it is a potential criminal charge

SolidSquid

Re: Maybe not Friday.

The problem Sweden have is that their legal process requires someone to be arrested and in custody before they can bring charges, they're not able to bring charges or hold trials in abstentia. They also agreed to a remote interview recently, but Ecuador insisted that they be provided the questions and do the questioning on Sweden's behalf rather than Swedish prosecutors being able to question him directly, which Sweden refused

US government's $6bn super firewall doesn't even monitor web traffic

SolidSquid

Re: "... six per cent coverage ... for $6bn"

Don't be silly, government IT spending is done on an *exponential* curve, not linear. They need $6 trillion to hit 60% coverage

SolidSquid

Re: Off-the-sehlf system

Considering the budget for this would allow you to buy over 8 million of those, I'd say scale isn't likely to be a problem with the off-the-shelf approach

For sale: One 236-bed nuclear bunker

SolidSquid

Of course there's still the big question. Can you get cable or are you stuck with phone lines for the internet connection?

Windows 10 will now automatically download and install on PCs

SolidSquid

Re: Sigh - Not again

Having had to do some setup work on my boss's laptop after he installed Windows 7, it really isn't the same UI and some stuff doesn't seem to work properly (in this case networked printer detection)

Chip company FTDI accused of bricking counterfeits again

SolidSquid

Re: Misleading title

From what I understand, the check this is using to tell fake from real is an implementation difference between FTDI and other chips which are based on the same standard, and because of that it's unlikely it will trigger false positives as the FTDI chips are explicitly designed in a way this wouldn't work on them

SolidSquid

Re: Not counterfeit

"They have FTDI's trademarked logo on them"

From what I remember of the last time this was going on, a lot of them actually didn't claim to be FTDI chips. They claimed to be generic chips which did a similar job, but were piggy backing off of the drivers for FTDI chips to make it easier to link up with Windows.

Also, in the case of those which *are* counterfeit, this isn't actually doing anything to harm the counterfeiters, just the end users who bought what they thought was a legitimate product. All it really does is tarnish FTDI's name and cause the customers to look elsewhere

State Department finds 22 classified emails in Hillary’s server, denies wrongdoing

SolidSquid

Re: Translation lost across the pond

"The only reason she is not in jail is because she is a Clinton"

Or they don't have sufficient evidence to bring charges yet, or they want to avoid bringing multiple cases and instead want to have a single case with all the charges they can bring (more chance of one sticking), or just possibly she hasn't actually committed a crime (doesn't mean it wasn't a colossal screw up, but not necessarily criminal)

Former tech PR Jeremy Hunt MP ordered by judge to delete tweet

SolidSquid

Re: The judge should apologize

As BurnT pointed out, it's only during the trial that there's any restrictions on discussing it, and it's intended to reduce the chances of biasing the case. Eg, if there's active discussion on it by people in the court then there's a better chance of the jury seeing it, or if they have to replace a jury member it becomes much harder to find someone who hasn't been biased by hearing an account from inside the court. Once the case is over though you can give whatever your opinions you like, including that the judge was wrong.

Also, while technically a judge might not enforce it against one side if he's biased, by definition this is supposed to apply to *any* discussion from inside the court, regardless of which side. Unless a judge has explicitly allowed it you aren't supposed to publish any of the court proceedings from within

edit: It also doesn't apply to people outside of court. Afaik people are free to give their opinions of what's going on in the trial, it's only when it's someone who's actually attended the trial that they run into issues with this

Continuous Lifecycle: Bursting with DevOps and CD goodness

SolidSquid

Re: So that explains...

As far as I understand it it's meant to encompass any tools and methods for using automation to make code management, testing and release easier for developers, as well as using them to standardise environments, reducing the chances of bugs cropping up as a result of, say, a different version of Apache on development machines and production

With web applications you might have it so, when code is merged into a testing branch it spins up a test environment using the same software versions etc as live, runs through any unit and functionality testing, then either forwards it on to QA for testing or back to development. Then once QA has tested it they can either reject the merge and send it back to the developer or queue it for release without needing to talk to someone who does release management. Desktop software would be similar, but would also do test builds and wouldn't release to production for initial release, then would be used for managing and releasing patches

Of course it does rely on it being properly implemented, as a bad implementation would probably result in more work/problems than doing without, and it also needs to be adapted to whatever your working at. It's nothing new really, just a shiny new badge which makes it a bit easier to sell management on letting you dedicate some time to something which should really be getting done anyway

Trump's new thought bubble: Make Apple manufacture in the USA

SolidSquid

Will Trump also be moving the manufacture of his ties and other clothing lines to the US? There's a few interviews now, starting with one with Letterman, where it's been pointed out he's manufacturing a lot of his products in China and Mexico

Adblock Plus blocked from attending ad industry talkfest

SolidSquid

Re: No browsing on phone...

Pretty much in the same situation, although I do have a few sites I white list. There's also the security issues which come with allowing ads, a friend of mine decided to do the whole "pay google for no ads" thing for a couple weeks and ended up with their first virus in years (a trojan caught by anti-virus fortunately). There's far too little work that goes into checking that ads are sanitized if they're going to have dynamic content

GCHQ summer schools to pay teenage hackers £250 a week

SolidSquid

"We encourage them not to mention it on CVs they upload to the internet"

It'll be good experience and look great on your CV! Just don't add it to a CV any technical companies are likely to see

French say 'Non, merci' to encryption backdoors

SolidSquid

"I'm not a mathematician or IT security professional, as you know. And once the facts had been made sufficiently clear to me I changed my mindrealised that, given the facts which have been uncovered since the events in Paris, and having had time to reflect on the current state of our security services and advice given by those who are industry experts, it would be worth considering alternative paths as well as those previously put forward so that we might find the best possible approach to improving our ability to discover and intercept attempts at terrorist attacks"

Followed by never mentioning it again. Except maybe putting together a committee to discuss the matter which never reports any findings publicly. No politician would actually admit to changing their mind after all, it would suggest they might have been wrong before rather than "over zealous with regards to a quick resolution of the matter"

El Reg mulls entering Robot Wars arena

SolidSquid

I understand the Mythbusters crew were asked to leave the American tournaments twice because their spinning wok with blades welded on threw so much shrapnel around, seems that would be a good starting point?

Fortinet tries to explain weird SSH 'backdoor' discovered in firewalls

SolidSquid

Not sure why backdoor and "management authentication issue" are necessarily mutually exclusive, it seems that the issue in question is them installing a backdoor into the firewalls

Reverser laments crypto game protection, says wares dead after 2018

SolidSquid

Re: Just works

"I have solved the DRM problem by simply not buying any game which has any DRM. So I have the witcher 3, and Kerbal space program, but not much else"

Take a look at GOG.com, you can get a lot more than just those two and none of their games use DRM afaik. Even the installers can be just downloaded and stored locally if you like

SolidSquid

Re: How long had you played it for?

Really wish I'd thought of this when I picked up a copy of GTA 5 and still hadn't finished downloading it when the sales came and the price dropped by 40%

SolidSquid

Re: Good

"Then is the time to break the DRM. Yes, DRM is stupid. But enabling "piracy" while the system is active is childish."

If you're working with an authentication server then, chances are, once the authentication server goes dead there's no way for you to work out what it was sending back. Listening in on the traffic between the game and the authentication server is a large part of bypassing it, so it really does need to be done while the system is still active. Also, as with the new Simcity game, there are a lot of single player games which use an authentication server and don't need to, and turning off the authentication is a way to play it if you don't have reliable/working internet all the time (someone who plays games on their laptop while travelling for example)

None of this justifies copyright infringement, but I can't really fault her with bypassing something which only hurts people who buy the game legitimately and risks the game going dark completely at some undefined point in the future

If you want a USB thumb drive wiped, try asking an arts student for help

SolidSquid

Re: Encrypted by default

Sorry, I'll need your public key to tell you what I was saying

Longing to bin Photoshop? Rock-solid GIMP a major leap forward

SolidSquid

Re: RAW?

Have a look at Darktable, it's got support for RAW formats and a decent amount of image processing. You might have to export to a non-RAW format to do some of the more advanced stuff in GIMP, but it should do a decent amount of the basics

ISPs: UK.gov should pay full costs of Snooper's Charter hardware

SolidSquid

Re: "UK.gov should pay"

Even raising taxes aside, announcing what's essentially a government IT project which is anticipated to have a £2 billion price tag from the beginning is going to cause a significant amount of noise in the media, especially with how badly past ones have gone and how bad the overspend tends to be (what's the chances this ends up closer to £20 billion?)

Page: