Re: "Vacated their mind bowels" - a lovely phrase
Brain shart? It would have been a brain fart but a bit more than they really wanted to leaked out?
676 posts • joined 13 May 2013
Given the seriousness of this, I'm curious what their justification is for not informing MPs of it, given that MPs are supposed to be the ones who decide whether to allow it to continue, pass an Act to legalise it or pass another to ban it. Apart from the obvious "they might ban it" excuse, which basically admits to knowing it's illegal, or "they might talk about it", which would be covered by the official secrets act
Private companies give a better service at a cheaper cost than government ever could, so of *course* they shouldn't have to actually *compete* with government
Seriously though, if the local governments are able to give a better service and pay for it through the fees people pay, why not let them go ahead and do it? Hell, they could charge a bit more than the costs and have the extra go into the state budget to subsidise other responsibilities they have rather than having to increase taxes to do so
Good god, this is going to be bad isn't it? Tax rules are a good example of how IT infrastructure *could* provide a lot of streamlining and better functionality, but trying to change the whole thing over and having a fixed deadline like this is probably not a good approach, and given how badly previous IT has gone I seriously doubt they'll even ask the right *questions* on how to do this, never mind actually doing it right
Most NAS storage drives have some kind of cloud functionality these days, but you need to leave it running and you're capped at the upload speed of your connection (which generally is significantly lower than your download speed), making it often less practical than things like Dropbox or OneDisk
The charges expired due to duration, but I'm sure I remember them saying that they had to have him in custody before he could actually be charged as part of his due process under Swedish law, it's why they were so insistent that he be returned to Sweden for questioning rather than them questioning him in the embassy. Even if the questioning confirmed their suspicions the most they could do is fill out another warrant unless Ecuador revoked his asylum status
There's also the alternative, everyone is screaming "DO SOMETHING!" at the government so the government, knowing they can't actually do much which will show results quickly, turns to an easy scape goat to pin the blame on. "We can't do anything if they encrypt things! It's their fault really!" etc
In fairness I heard/read similar stories when younger, although I suspect now that the industry is becoming more structured (with training courses etc) it's going to become higher risk for less reward than just going to uni and studying security. It also depends on what kind of hack it is (DDOS isn't going to get you anywhere) and who the people you hacked were (could end up being blackballed because you targeted someone with clout in the industry)
A better approach would probably be to point them to the Pwn2Own contests, where there have been some fairly young winners who made good money doing the kind of hacks which could get you picked up by an agency later on in a high profile and positive way (having a Pwn2Own winner on the books would probably be good PR for a company), while at the same time removing the risk of jail time
I don't think they were intentionally pushing for that, but I do think they could have made a positive mention of the self-study side of things, maybe recommending some resources the kids could look at themselves (ideally with the parent's support/help). I just worry that their focus of "If your kid is doing this they could end up as criminals" and "Here's some ways to do it commercially" might result in parents (who largely aren't familiar with the field) trying to stop their kid from doing things which could be genuinely beneficial to the kid's future because they take this too literally
Is there really a need to talk about "using your powers for good" though? A lot of kids are probably just working with computers for fun, or maybe just looking to keep a Minecraft server running for their friends.
This kind of reads as "If your kids are interested in computers you should make sure they stick to the approved learning paths, as being self taught or a hobbiest risks becoming a criminal!", which I worry would result in parents pressuring their kids to start doing classes/certification they're not interested in because it's the "right" and "safe" way to learn it, resulting in a kid who might have developed an interest to the point they did it professionally instead burning out and losing interest in the field
Basically, while talking with kids about career paths is good, and making parents aware of what they can do to help their kids, this seems to do so at the cost of stigmatising people just doing it for fun
"The Qu'ran and the Hadith are quite clear that all non-believers are to be either converted or killed.
The 'moderates' are the perversions."
From what I remember it's apostates rather than non-believers, with that being something introduced by Wahabi-ism (which originates in Saudi Arabia, one of our allies). Also, by the same reasoning pretty much all forms of Christianity are perversions since they don't include the whole stoning for adultery or the wide range of other crimes punishable by death. Pretty sure apostasy is a crime under biblical law too now I think of it
So yes, the moderate may be considered a "perversion" of the original, but that doesn't mean the moderates aren't the majority of the religion, much like the majority of Christians don't follow the bible literally
"If you aren't passing parameters into a prepared statement then you are doing it wrong. It is the DB's job to handle the parameters."
That's the approach that PDO uses in PHP for exactly this reason. If you're using it then really the input filtering is largely going to be focused on filtering out things like cross site scripting attacks rather than sql injection. That said, a lot of sites don't use it, or use it wrong (technically it's possible to pass a full query through it rather than using prepared statements), in which case the sql injection prevention which is still part of the input filtering will kick in. It's not ideal, but it does add an extra layer of protections just in case it's necessary (the security, not the raw SQL which really isn't necessary)
Unfortunately, it's not uncommon for those filtered methods to have exploits found in them, and when they are it means every site built using those frameworks (since they largely assume the filtering will work) are sitting ducks until they're able to apply patches or upgrade, which depending how heavily modified the rest of the system is might take a while to achieve
It's as much a "platform" as Windows is, offering a desktop environment as well as lending itself to a variety of types of server environments to provide services from. Arguably they even have an "app store" via their repositories
Although you have a point that the term "platform" is vague as hell and isn't really good at explaining what it does
Obviously can't know for sure, but if I were in his situation I'd have assumed my line manager was aware of what was going on with this and was going to be dealing with it. The fact his line manager was made redundant immediately after him (which he might not have been aware of at the time, and I would have to assume *also* without handover meetings) would probably explain why they weren't aware of it and he didn't think he had to contact them about it
Somewhat contrary to that, Germany has generally been pretty strong on the whole personal privacy and was the target of hacking by the NSA, which apparently they got quite annoyed at. It wouldn't surprise me if they were having an audit done for internal use and someone suggested making a public statement of the results to try and counter some of the bad press from being part of Five Eyes
Hillary Clinton: " "So we need Silicon Valley not to view government as its adversary."
Reuters article in May: "A U.S. spying program that systematically collects millions of Americans' phone records is illegal, a federal appeals court ruled on Thursday"
Maybe the tech sector will stop viewing the government as its adversary when it stops behaving like an adversary which customers need to be protected from criminal acts by
Given that this was a third party asking another third party to try and compromise the network without ever running it by the target and putting a fair bit of money into doing so, I don't know if this really counts as "white hat" at this point. Grey hat at most, but doing it without the target's knowledge/consent and having a sufficient impact on their infrastructure that they caught it and had to release a patch might be enough that it slides into black hat.
It depends a lot on what the university was to do with the research afterwards, if it was to be shared with Tor then fair enough, that's probably enough to push it back to grey hat, but if they were only going to share it with the FBI department that paid for it, that's basically no different to selling exploits on the darknet except you know who's buying
Worth mentioning that the review wasn't done by Naked Capitalism, but rather they've based their article on a press release by Public Citizen, who actually have lawyers on staff who deal with this kind of thing and would be better placed to review it than journalists generally would
What it applies to will depend on what is considered under TPP as "critical infrastructure" and "mass market". If someone provides a piece of monitoring software for power plants which is available for purchase by anyone who wants it, rather than bespoke for a specific client, does that count as being mass market? This would probably be considered covered by critical infrastructure, but I could see cases where lawyers could leverage it to cover things which you would expect to be classed as "critical infrastructure" but technically aren't under the TPP definition
Wait what? Clinton wasn't taken down through a honeytrap, he was taken down due to perjury in front of a Congressional committee ("I did not have sexual relations with that woman" and all that), and the Straus Khan case fell apart because he *did* get due process, which Raymond claims men don't get any more. Or are you claiming the later charges against him in France were part of some massive international conspiracy spanning several years?
Actually, with DRIPA ruled illegal (after being pushed through at the end of parliament to prevent any debate on it), they are looking at a loss of powers by March or so. Powers they shouldn't *have* and which were part of an illegal bill, but loss of powers all the same
Al Quaeda were already found to be using staganography to hide images in videos/images rather than talking directly, which this would do nothing to combat (hell, I'm sure I remember the FBI publicly stating their existing systems couldn't handle having to scan through every image uploaded to Facebook and then trying to find messages hidden in them)
It's not a problem that the NSA uses open source, it's just an interesting bit of information made slightly amusing in that it shows a great example of how scalable the tool chain is but probably the majority of those involved in producing the software would be opposed to what it's being used for
There's a difference between a bug which hasn't been noticed and an intentional backdoor which has been added to exploit things. The latter of these by definition is something at least someone is aware of right from it's creation and is intended to be there, the former is quite rightly considered a mistake and will be patched out when discovered. Using closed source just makes it less likely that the bugs will be found and that any intentional backdoors can be kept hidden much more easily (since there's a much smaller pool of people looking at the code and they can be made to sign confidentiality contracts)
Open source isn't perfect, no system is, but it *does* show a drastic improvement over closed source with regards to this kind of thing
Generally the infrastructure, including things like database and backup servers, are run on *nix based systems which the Windows workstations are then plugged into. So in a solid setup the mission critical systems will be *nix but the machines people generally use will be Windows (workstations not being "mission critical" because you should be able to restore the whole thing from the backup servers if it needs replaced pretty quickly)
Eh, they're generally slow to act and can rely on the fact that none of their rulings are actually enforced to pass bills which would be politically difficult to do in most of the member states (like this one). They are generally pretty good though, and the ECJ and ECHR are generally pretty solid within their limited scope, with some fairly solid rulings being passed
Thing is, the whole reason for the last rejection is that they were trying to cover more than just people who were homosexual, but also included things like transexual. As a community they generally are pretty closely associated, but .homosexual would work for everyone they were trying to bring under the umbrella as well as .gay would
So more people supported it than opposed it? I'm not sure how this makes it somehow invalid, just over 1/3 of people supported it, less than 1/3 supported it and the rest were, in one way or another, happy to let those people decide it for them by not voting. Hell, most elections are won with a smaller proportion of the population than that
"I think it's absolutely vitally important that we enable parents to have that protection for their children from this material on the internet,"
More accurately, we have to enable parents to do nothing to protect or monitor their children's use of the internet, because why should parents be expected to show any interest in raising their kids?
Not quite, there's still the question mark over what happens with non-US hosted systems owned by US companies. I believe there's currently a court case with Microsoft over whether they have to hand over data from an Irish data centre which will probably decide this (Microsoft is understandably fighting it tooth and nail), and if it goes in favour of "companies are required to provide the data" then the EU will not be able to use *any* US company's services. Hell, even companies offering co-location like Rackspace might run into issues with this since the data is in their data centre and they have access to it
I messed about with Metasploit on a test VM a while back (was looking at possibly doing security stuff as part of the day job, test VM was part of a learning series) and it's pretty damn easy to use. Avoiding detection when running it on someone's site and then actually using the exploit are the bits that might be fiddly, and a 15 year old would have plenty of spare time to work it out
I do think it's less likely that a 15 year old would be doing a DDoS attack to cover his tracks along with the ransom threat though. It's possible, but it seems more likely a 15 year old would go the direct route of just hacking them rather than setting up a more coordinated scheme like this.
French Gendarmerie seems to be happy enough with the savings they've made, also I suspect that month of reduced productivity is somewhat exaggerated. With training you're looking at more like a week of down time. There's also the fact that the government isn't using Office 365, or at least in cases where they are they're going the self hosted route for security purposes, which adds significantly to the costs. In cases where they're not using 365 you're looking at a licence per machine rather than per person
Oh, and if you can wean people off of Office then that then opens up the possibility of moving to Linux too, since they'd be using the same software, with minimal retraining. This could then reduce the number of windows licences which are per machine rather than per person, much like non-365 Office, and is a significantly higher bill than MS Office is
You also have the question of where the money is going. If you're giving Microsoft £1.5 million for licences and support that does very little for the countries economy, but giving £1.6 million to local businesses to provide training and support for Libre Office, while slightly more expensive, is keeping the money within the national economy which benefits the country more
There's a lot more to the economics of procurement than just the base licencing costs, and you haven't cited sources for any of the numbers you've provided either (the 28 days, the 10% reduction in productivity, the cost of Office, the cost of training). You also have to consider that hosting things on Microsoft's servers is currently a no-go with the recent ruling on US safe harbour rules, and even without that a lot of information couldn't be put on there
This is something I hadn't actually considered. Since most of the costs of open source office stacks (OS, Libre Office, etc) are the support contracts, how much of that is going to companies within the country rather than foreign entities? Even if it were a little more expensive, if you're keeping it in the local economy it might still be a better option
It's always going to be a slow process weaning people off of MS Office, but this is certainly the first step. France's Gendarmerie got around this (when they switched to Linux) by mandating file format in contract and having a small number of licences to deal with cases where outside agencies can't provide a file they can use. The more government bodies using non-Office based suites the less of a problem they'll have with this and the easier the migration will be
While it might not necessarily be a *good* thing that these emails have been leaked this way, let's be honest. If he was using an AOL account for classified information and some kid managed to hack it and get all this data, chances are it was compromised a *long* time ago and rival governments are well aware of what it contains. Much like when people were invited to try and hack an electronic voting booth a while back as a statement of confidence, and not only were people successful but they found it had *already* been compromised before they got anywhere near it
From the perspective of people outside the US nothing, in fact it's a great opportunity, but for Americans this is their government literally piling on the damage to a large and growing industry in a way that will undermine confidence in them for years to come
Microsoft can agree to whatever they want, but unless Congress agrees to pass a bill supporting it (actually passing bills being something the current Congress is famous for... not doing?), this is still going to fall afoul of the ruling in German courts that US based companies can't legally guarantee protections if the government can override them, and the US companies can be held liable
The public might be though. If, y'know, they really needed to know about it. Like if the MP was sponsoring a bill to constrain GCHQ. They wouldn't *release* that information though, that would be unthinkable. There might just be a... leak, that such information should be requested via FoI between certain dates. Or maybe not even anything criminal, maybe just some interests the MPs have which might cause embarrassment or hurt election chances and they'd rather weren't made public knowledge
The point of the Wilson Doctrine isn't just to protect the public from being spied on, but also to prevent intelligence services from being able to build portfolios which can be used to pressure elected officials into towing the party line on security, whether directly through warnings about "national security threats" to places they know that MP cares about to third parties who the information is "leaked" to
Biting the hand that feeds IT © 1998–2019