* Posts by Doctor Syntax

16426 posts • joined 16 Jun 2014

UK's super-cyber-snoop shopping list: Internet data, bulk spying, covert equipment tapping

Doctor Syntax Silver badge

Re: Security Theatre and/or Snooping

'Unless of course they are using "perfect forward secrecy" schemes such as ECDHE. Oh, except we heard a few weeks back that this had been broken anyway.'

IIRC it was the original DH that had been broken for some values of primes & elliptic curve was the way forward - providing you don't use the NSA's preferred EC, of course.

Doctor Syntax Silver badge

Re: Security Theatre and/or Snooping

"It's a fact that a lot of criminals are stupid"

The sort who advertised on Craigslist for someone to hack his local court house, certainly. And many who the security services should be targeting are also stupid* but the prime targets aren't. Assuming the entire population is suspect, which is the basis for indiscriminate bulk surveillance, simply defies the presumption of innocence and that's the basis of a free society.

*And it wasn't particularly bright of some US bloke who explained how a drone attack had been made on the basis of some numpty's online activity.

PM wheels out snoop overseer minutes before latest snoops' charter bid lands

Doctor Syntax Silver badge

Re: who was first called to the Bar 50 years ago...

Ah yes, ageism is not only a politically correctly allowed form of discrimination, it's pretty well politically correctly mandatory. Have you take your A levels yet?

And did you mean "us all"?

Doctor Syntax Silver badge

"Turns out lots of us have something to hide but oddly enough, we don't like admitting it."

Actually anyone who does business on line, banks on line etc not only has stuff to hide but stuff that they're contractually obliged to hide.

Silicon Valley fights European Court of Justice ruling with small print

Doctor Syntax Silver badge

Re: Makes no sense

"but presumably can now sue the Commission for any costs in relocating to Bulgaria or Argentina"

What makes you think you can sue anybody for the costs of not breaking the law?

Mandatory car analogy: if the police pull you up & find that there's a fault on your vehicle do you really think you could sue them for the costs of getting it fixed?

Doctor Syntax Silver badge

Re: Lot of nonsense

"You should bother to simply read the Terms & Conditions"

True but he can save himself some time by not even getting as far as Carter's employer's T&Cs.

Microsoft's OneDrive price hike has wrecked its cloud strategy

Doctor Syntax Silver badge

Re: So entirely amusing yet completely unexpected!

I think Microsoft forgot that the secret of boiling frogs is that you do it gradually.

Doctor Syntax Silver badge

Re: Linux to the rescue! Again!

"Not least an OS shouldn't ever 'support cloud storage'"

It depends what you mean by "support" and, indeed, "cloud storage".

In a lot of cases the latter just means some form of remote synchronisation. ownCloud and Kolab are both OSS S/W which provide Linux clients for this and Dropbox is one of several commercial products which do the same. As the OS supports these clients then it's reasonable to describe it as supporting this style of cloud storage as a client in the same way as saying it supports a web browser or an office suite. And don't forget older flavours of syncing such as rsync.

At a more fundamental level of support, and taking "cloud storage" to mean remote storage in general, Linux has both NFS and CIFS available at kernel level which can let a client integrate remote file systems directly into its own tree.

Looking at it from the other side any Linux system can be set up to offer ownCloud, Kolab, NFS and/or CIFS as a service. I wouldn't be surprised if the Dropbox service was also running on top of Linux - in fact I'd be surprised to hear that it wasn't. Linux can also host VMs and containers to provide other cloud services.

The OP's claim was complete nonsense typical of the once common but now almost silent crowd of Microsoft boosters.

Doctor Syntax Silver badge

Cloud AKA someone else's computer

Someone else's computer to do with as they like. Remember that.

Doctor Syntax Silver badge

Re: Never had this problem...

'"Yea, got that covered too. External hard drives with encrypted content stored at family members houses "

What do you do about the hideously slow upload rate that your ISP provides? well mine does anyway.'

Whaaa? External drives! Unplug them & take them there, no ISP involved. Bandwidth similar to a van-load of tapes on the motorway. The bandwidth will be fine, it's just the latency he has to worry about.

Doctor Syntax Silver badge

Re: Linux to the rescue! Again!

"There's no problem with cloud storage as the shareware OS doesn't support that."

Your prejudices are showing again. Apart from the fact that you don't know the huge difference between OSS & shareware take a look at https://owncloud.org/ https://kolab.org/overview https://www.dropbox.com/install?os=lnx for a start.

I wonder what OS Dropbox's servers run on. And AWS...

Doctor Syntax Silver badge

@ Codysydney

You are, I think, correct in your first point.

However it's more likely that the bitching is coming from the people who put their trust in Microsoft. They've now been kicked in the face twice haven't you noticed all those posts in other threads from people telling us they've been MS stalwarts but are now moving to Mint because of W10? The rest of us are just standing on the sidelines shouting "Told you so!".

Doctor Syntax Silver badge

Re: Why are people still using Windows?

" Linux desktops still look like they were designed by 7 year olds."

Those must be the ones still trying to look like Windows for Teletubbies. You do realise, don't you, that with Linux you not only have a choice* of desktop systems but you can also theme them to a greater or lesser extent.

*If you're a Windows user - or a marketing shill who's probably actually using a Mac - you may need to look this up in a dictionary.

Doctor Syntax Silver badge
Windows

Re: Never had this problem...

"Of course, if you prefer the vagrant approach of carrying all your belongings with you then that's your choice."

Now there's a thought. Once upon a time we had Windows for Teletubbies. With the cloud first approach maybe they were aiming at Windows for bag ladies.

Hi, um, hello, US tech giants. Mind, um, mind adding backdoors to that crypto? – UK govt

Doctor Syntax Silver badge

iMessage

I've now read through the links purporting to show weaknesses in iMessage. They're dated a couple of years ago. In the recent court case Apple said that they could previously intercept messages but not with the current iOS versions. So is the Quarkslab analysis still relevant to current iMessage protocols?

Doctor Syntax Silver badge

Re: Tech companies not required.

@ Grikath

Who cares about average teens except average teens? HMG can ban all the shiny apps they want with no real effects except pissing off potential voters. If secure non-shiny alternatives exist they'll be used by anyone with the incentive and knowledge to do so. That, of course, includes those who HMG are most keen to eavesdrop on. Great idea, ruin the average punter's privacy to no useful end.

Doctor Syntax Silver badge

Thought experiment

I'm the organiser of a criminal/terrorist (the former includes the latter in my book) organisation. I want to arrange encrypted communication with my members. How do I go about it?

We'll assume I have access to some developer talent. If I'm running a terrorist organisation I may well have that in my membership, if not there are obviously criminal organisations out there with that talent so I can buy it in.

With that I commission its own S/W for my organisation. The developer talent doesn't need to have a cryptography specialisation as the libraries for this have been available for decades. One approach to take would be an application to create self-decrypting files - executables with the encrypted data built in.

I rent a server out of the jurisdiction of where my organisation is operating and upload the messages there. Or I can upload them to a binary newsgroup. Or pastebin. My members can download their messages, run the software, read the decrypts and then delete. Except for the brief period when they're downloading and reading there's no incriminating decryption software in their possession. Neither random stop and search of my members no seizure at border crossings will reveal nothing untoward.

I still have the problem of key distribution. I can set up a different distribution route for each channel. I identify some forum which members can read without suspicion. I occasionally post comments to that. The comment itself isn't the key. The key is a hash of, say the 2nd paragraph of the comment's grandparent and is a one time pad. The reader simply copies & pastes the paragraph into the self-decrypting file he's downloaded, the hash is regenerated & the message decrypted & displayed.

Such a method has its limitations; it's susceptible to traffic analysis if the authorities suspect an individual. However, if encrypted is banned on WiFi there will be an ocean of available access points; let the authorities try to perform traffic analysis on those.

The essential point is that making encryption illegal only bans legal applications. If people are already breaking the law you don't stop them doing that by furnishing them with more laws to break.

PC sales will rise again, predicts Intel, but tablets are toast

Doctor Syntax Silver badge

"The new form factors – including mini-computers – are also inspiring companies that haven't been big in laptops to get in the game he said, citing Microsoft's Surface Book and InFocus' $99 Kangaroo PC as examples."

Somehow these don't look like minis as I remember them.

Apple’s TV platform just became a little more secure (well, the apps at least)

Doctor Syntax Silver badge

Good

So 64% will still be plain old TVs.

Microsoft Windows 7 Pro: Halloween Horror for PC makers next year

Doctor Syntax Silver badge

Old news

http://www.theregister.co.uk/2015/11/03/food_water_batteries_medical_supplies_ammo_and_windows_7_pcs/

Web server secured? Good, now let's talk about e-mail

Doctor Syntax Silver badge

Re: People attempting proper SMTP TLS is terrifying

"If Blackadder had continued on to do a series in which he worked in IT"

Forget all the other stuff, will someone please pitch this to the Beeb.

Doctor Syntax Silver badge

"Unsurprisingly, any UK government email delivered via MessageLabs comes over cleartext SMTP - they don't even try."

Why try if it's going via a US-owned service provider?

Windows 10 is an antique (and you might be too) says Google man

Doctor Syntax Silver badge

Re: @Richard 12: Note on Windows 8

It is very hard to distil the behaviour of real people into bullet-points. This is why it shouldn't be done.

FTFY

Doctor Syntax Silver badge

Re: Matias sounds like a real prick.

He's a user experience specialist. They go round breaking things by taking something that was working flexibly and insisting on that it only do one thing and do it in one way.

Doctor Syntax Silver badge

Re: @Shadow Systems: Duarte, the Android UI guy (laugh)

"Or am i being unfair?"

I doubt it. ASAICS they shackled themselves by insisting on a one-size-fits-all user interface as an article of faith. That's stopped them offering a switchable UI, assuming the architecture would make that possible.

Doctor Syntax Silver badge

Re: Revisionist

"the PlaySkool tag"

Windows for Teletubbies was another.

Food, water, batteries, medical supplies, ammo … and Windows 7 PCs

Doctor Syntax Silver badge

Re: Windows 7

"Could someone rationally explain what's this thing is with windowz users, why all the clinging on to an old dying or unsupported version."

This has been explained before but clearly we need to explain it all again. Let me preface this by saying that not only am I not a Windows fan I'll be abandoning Linux in favour of BSD when my current version falls out of support on the grounds that the next version will be insufficiently Unix-like. But I have a fair degree of experience in the commercial world with both Windows and Unix.

Firstly you need to understand that system administrators don't like change. Change breaks things. Change brings them problems they don't need, often in return for fixing problems they don't have. This applies as much to Unix as Windows. Old, rusty and working is better than new, shiny and useless. Sysadmins are paid to run things that make money by working.

Secondly you need to realise that there are often very good* reasons why stuff is running on Windows & maybe specific versions of Windows. At the bottom, however, these reasons come down to money.

One reason is that the computer is tied to a very expensive piece of machinery. When I retired at the end of 2006 my last client was running a digital print centre on a number of industrial printers. These are not the sort of thing you go down to PC World to replace. They're massive beasts, bigger than some printing presses. The economic lifetime of such beasts would probably demand that they're still working. AFAIK the embedded version of WIndows was 95. That sort of kit doesn't get replaced because MS has decided to EoL W95. Or NT. Or W2K. Or XP.

Another reason is that the business is running, and depends on running, S/W that is tied to some quirk of Windows. If it was bought-in from an external vendor the vendor might have gone bust or simply stopped developing it and may not have ported it to another version of Windows. Even if it runs on later versions the vendor might not have certified it for those versions which, in highly regulated industries, might be a show-stopper. If the S/W doesn't run on the new version a replacement will have to be bought in - assuming a replacement is available. If there's no replacement on the market commissioning one will be expensive. If the S/W was specially commissioned in the first place it might need work to port it over to the new platform which assumes the source hasn't been lost, that there's anyone available who understands the language it was written in, that there's good enough documentation to rewrite from scratch if the source has gone - you name the problem, someone will be going through it.

Finally there is an investment in training and accumulated experience of users. To some extent this might be an overrated issue but a big change in interface will require expenditure on training and inevitably set back productivity whilst the users adapt to it. Linked to that is the amount of testing that has to go on to ensure that everything the business needs works on the new system (assuming that it does - see the previous paragraph). There may be other costs associated with migration such as converting data from old versions of S/W to new.

The bottom line with all this is that users have made investments in good faith only to find that those investments are now dependant on what's become abandonware.

*For given values of good. What may have appeared a cost-effective decision in the past is no longer such a good decision when seen in the longer term.

Skype founders planning non-drone robodelivery fleet. Repeat, not drones

Doctor Syntax Silver badge

We need more firms doing this. Then we can have some turf wars.

Doctor Syntax Silver badge

Re: It is still a drone

I look forward to seeing them (1) trying to climb the hill up to our house, especially in the snow (2) trying to right themselves when someone has turned them on their backs.

There's seems to be an assumption in the spec that all routes have footpaths. I live on a lane that's not only steep but also has no footpath.

'T-shaped' developers are the new normal

Doctor Syntax Silver badge

Re: Definitely, maybe...

He may not be a web hack but it's clear we've formed our opinions about what he is.

Doctor Syntax Silver badge

Years ago we were just APs (analyst-programmers for the youngsters who've never heard the term). We didn't have a methodology, we just talked to the users at different levels in the business to find out what they wanted & did it.

As the team varied in size from 1 to 4 we didn't have separate sysadmins or DBAs, we just did the lot. If you have to administer what you write what you write tends to avoid admin problems.

I can't remember what shape I was then but whatever it wasn't the shape I am now - things have filled out & sagged a bit.

If this is going to be a regular Monday slot I must remember to avoid it.

Doctor Syntax Silver badge

Re: I'm pleased I don't live in a mind...

"rounded and T-shaped at the same time"

T-shaped with rounded corners?

The $53bn 'startup': Hewlett Packard Enterprise begins life

Doctor Syntax Silver badge

Re: Diddums

"Poor Andy, had to cope with knowing everything. That must be a first for a senior executive, most seem to get away with knowing bog all about the businesses they run."

Some of them seem to insist on knowing nothing. It's called plausible deniability.

Anti-adblocker firm PageFair's users hit by fake Flash update

Doctor Syntax Silver badge

Re: Hah!

"advertising finances a large chunk of the internet"

Or, to put it another way, surely we can do better than this?

Doctor Syntax Silver badge

Tl;Dr: Always use an adblocker.

Windows 10 growth stalls during October

Doctor Syntax Silver badge

Re: XP

@A/C

'Navigating a KDE or whatever "start menu" is a PITA.'

Now you've got me really puzzled. The classic KDE start menu follows the original Win95 design principles quite closely; although I can't say I like the more recent alternative it's not that different to what Windows is throwing out at present.

Let me run through some of what I do to set up KDE to my liking which may well match what you like about W2K.

First, right click on what KDE calls the panel but we'll call the task bar for convenience, and click unlock widgets in the popup menu. Click on the classic menu option.

Then go into the menu and find KDE settings. In Common appearances etc>Application and System Notifications>Launch Feedback click any option you want for Busy Cursor other than that blasted bouncing cursor that's the default.

These two steps make for a more comfortable environment.

Whilst you're in settings you might like to go into Workspace Appearance etc>Workspace Appearance>Window Decorations & see if there's something you prefer to the default - Redmond will diminish the difference in appearance between W2K and KDE as will Common appearances etc>Application Appearance >Style.

Close settings, go to the so-called golden cashew (AKA the golden turd) at the right hand end of the task bar. Click on that & click Add widgets and add a Task manager plus anything else that seems useful. Then lock widgets.

Click on the golden turd on the top right and select Desktop settings. Change the view to Folder view and Apply. Go back into the golden turd menu noting that settings are now Folde view settings, into settings and choose Location, select Desktop folder and apply again. You can set up the Icons however you please - ordering, snap to grid or whatever.

You can now save things to the desktop as you wish. If you unlock the widgets again from the task bar right click you can select applications from the main menu with a right click and add them to the desk top and/or task bar.

This should take you a long way to getting your working environment as you wish.

I'm not sure about the keyboard - I wonder if that was set up correctly on installation.

In-a-spin Home Sec: 'We won't be rifling through people's web history'

Doctor Syntax Silver badge

Re: Read the story in the Telegraph today

"Town halls were granted permission to access private communications data 2,110 times last year, more than GCHQ and MI6 combined. "

This, of course, takes no account of the number of accesses without permission.

Whitman's split: The end of Fiorina's HP grand expansion era

Doctor Syntax Silver badge

The real HP - oscilloscopes, IR spectrophotometers, etc, is long gone. So sad, it was a really successful business.

Linus Torvalds fires off angry 'compiler-masturbation' rant

Doctor Syntax Silver badge

"Having a go at your staff is rarely, if ever, the way to get the best out of them."

What staff?

"I personally wouldn't contribute to a project with someone like that at the wheel and I can't believe I'm the only one that feels that way."

The number of kernel contributors suggests that there are plenty who feel differently.

Doctor Syntax Silver badge

Re: Stop being a dick.

"Educate"

How? There are thousands of contributors and many thousands of contributions. Would you have time to give individually written feedback educating them.

" and inform."

Well, they've just been informed, haven't they?

"If their skills or approach does not improve then remove them."

How? Remember he doesn't employ them. He doesn't call them into his office for annual reviews which will be sent up to HR.

Doctor Syntax Silver badge

@ Donkey Molestor X

"this is why you are all being replaced by Indians who do the work for 1/10th the salary and 0/10ths of the ego."

But are probably better than you at starting sentences with capital letters.

Seriously, consider your use of the word "boss". Nobody who submits code is managed by him. Either they do so off their own bat or they're employed by other organisations where he has no managerial role. The number of individuals submitting is far, far greater than any conventional manager would have to deal with. How would you cope with the situation?

Doctor Syntax Silver badge

Re: There is code smell in here

"Hardcoding the value isn't a good idea, as it reduces platform independence, maintainability, and readability."

And in case anyone missed the maintainability aspect it makes the code particularly vulnerable to any change in the struct.

Doctor Syntax Silver badge

" it's your old code."

And 6 months easily qualifies as old.

Doctor Syntax Silver badge
Happy

Re: The FORTRAN FEMA trailer has stopped nearby....

"a good FORTRAN programmer can write FORTRAN in any language."

Following our FORTRAN course (one week of which I missed the first day) I discovered from a colleague that it was possible to write bad BASIC in FORTRAN.

Doctor Syntax Silver badge

Re: his rant...

"In any professional organisation he'd have been fired for bullying"

I take it that by "professional organisation" you mean a company. In any company the coders would have annual - or even more frequent - reviews. There would be more formal disciplinary approaches. People not meeting standards would eventually cease to be paid.

The Linux kernel team isn't a company. Some contributors may be being paid by various companies to take part but even so, unlike a manager in a company, Linus has no influence on this. The only influence he has is to accept or refuse code according to his standards* and to make clear why code is being refused. With so many contributions coming in he can't simply afford to be deluged with sub-standard code and with such a large and loosely aggregated population of contributors and would-be contributors he needs to get the message out loud and clear.

So how, given the realities of the situation, would you deal with substandard code?

*I have to say I don't agree with all his decisions, lack of raw devices being one.

Doctor Syntax Silver badge

"The 80 chars come from the terminals used in the 1970s"

But the terminals were following on from the card widths of earlier days.

Doctor Syntax Silver badge

@A/C & @My Coat

Close.

1-5 were for labels - for GOTOs. The continuation character was in 6. 73-80 were sequence numbers.

E-mail crypto is as usable as it ever was, say boffins

Doctor Syntax Silver badge

At present encryption is an added extra to email. It needs to be built in to the protocol and hence into every application involved.

Until that's the case it will always be a minority sport. You can set up your PGP-equipped client and your key-server but how do you get your bank, your insurer and your aunt Mabel to make any use of them when 99.99% of their other correspondents (100% in case of aunt Mabel) have not only no interest but no knowledge?

At the very least we need extensions to SMTP to make it near invisible:

1. Your mail server is also where you hang out your public key.

2. Your server & client nag you until you click the button to generate a key & put it out there.

3. If your correspondent has published a key your client automatically uses it to encrypt outbound mail.

4. If you have generated your own key your client automatically uses it to sign outbound mail.

5. Your client automatically uses the key(s) as appropriate to decrypt and/or check signatures.

As an interim step new versions of S/W would have the features but tolerate their interlocutors not having them or their users not having published keys but the next generation would refuse to deal with unencrypted mail.

Yes, I know it's not as good as privately exchanged keys but it ensures that the infrastructure is there for those who want to go the extra mile. And no it doesn't do much for anybody who just wants to use webmail unless the decryption is built into the browser rather than the webmail server - but then they're not exactly bothered by security anyway. Actually that second point might not be as bad as it seems if the existence of routinely secure mail by other means were to prompt the webmail users to think again.

Or maybe you have a better method of moving to universal encryption in mind.

How Microsoft will cram Windows 10 even harder down your PC's throat early next year

Doctor Syntax Silver badge

Re: I shall be trying openSUSE on my last remaining Windows system

"That box has been sitting in a corner, unused and unloved, for the last 2 years or so."

Nice one! Reeled him in beautifully.

Doctor Syntax Silver badge

Re: wsusoffline - win

"If I were your customer, I'd be looking to get shot of you with a snotty attitude like that."

To whom was that comment addressed Spasticus Autisticus or Microsoft?

Biting the hand that feeds IT © 1998–2019