* Posts by I don't have a handle

23 publicly visible posts • joined 6 Jan 2015

Barclays, Halifax and Tesco still being gnawed by POODLE

I don't have a handle

Re: El Reg is not vulnerable....

"Cargo-cult security. There are no "best practices" in a vacuum. (blah, blah...)"

Seems to me that you are being a bit fast and loose with the word vacuum. To me, a vacuum is devoid of anything. If it has just an ickle something in it, then it ain't no vacuum. Maybe you define it otherwise.

But yeah, you are surely right. I am in a cult where daily life involves words and phrases such as tls, pfs, encryption, hashing, key stretching, timing attacks etc. Nasty little cult it is. Really pernicious stuff going on in this cult. The bastards just don't let up about security, privacy and respect for other peoples' data. The m***er fcukers. But hallelujah brother. We shall be saved by the Vacuum! All hail the Vacuum!

*Sigh* Oh, how I long to belong to the cult of the 90's again. Flat files, plaintext passwords, no security and no respect for others personal data (no matter how small)*.

* Oh, hang on... I'm talking shit again. Anyway, enjoy the 90s... They are like so last century ;)

I don't have a handle

Re: El Reg is not vulnerable....

"I've said it before, I'll say it again. If you're reusing your El Reg login creds elsewhere, you're doing it ALL wrong."

You have to be honest though. What AC stated is true and really it does not call for a presumptuous, hypothetical and seemingly defensive retort.

In my world, requiring users to enter personal information such as first name, last name, email address, password, job role etc when registering without tls/pfs is about as bad as bad can be.

Still, I suppose if you are entering real-world details here, you're doing it all wrong ;)

I still see no excuse for ignoring good/best practice here on El Reg.

Quantum computers have failed. So now for the science

I don't have a handle
Coat

Re: Indeterminacy enters, with difficulty

"Surely what he calls the "failure of quantim computing" is actually the technical difficulty of mustering enough qubits with current technology. This does not sound like a failure in principle."

I'm inclined to agree - not that counts for anything, of course.

A linear array of nine qubits is a step forward from the three mentioned in the article. But it's still a a long way short of what is required.

I have a little heresy for the author, as he's a crypto-dude: Something not unlike Fermats Little Theorem, coupled with a little mathematical jiggery-pokery may just reveal something interesting about primes and pseudoprimes and provide a clue about how to reduce the complexity of factoring some mahoosive numbers (but I would not dare repeat it out loud, as I get laughed at enough elsewhere as it is - although it was inspired by another dude (now deceased) who, as it happens, was rather intelligent).

Anyway, I'll get my coat and head back into my padded cell. My meds are calling.

I see what you've done, there, twiiter.com: Tweet troops tackle tech twin

I don't have a handle

ſcreenſhot: Just wondering

"screengrabs"

Is screenshot now considered olde worlde and therefore consigned to the same bin as the long s? Am I now a redundant old fart because I still prefer a quill and a screenshot?

Boffins baffled by the glowing 'plumes' of MARS

I don't have a handle

Speaking of Mars...

Don't forget the Venus/Mars conjunction this month. And, on 20 Feb (west), we get the bonus of a thin waxing crescent Moon just 6 degrees to their right.

Seems that the ISS is also appearing over the UK on the 20th too. Nice and bright from my location. A quick glance shows this to be in a similar area of the sky.

Anyone think it'd be possible to nab a wide angle or fisheye shot of all 4*? Would make for an interesting photo :)

*This seemed a reasonable article to ask such a question.

French minister: Hit Netflix, Google, Apple et al with bandwidth tax

I don't have a handle

Re: Ignorant Politicians

"I guess that France just wants to rob American companies to pay for Frances inability to provide a better product or compete... Don't negotiate with terrorists or blackmailers."

They'll rob anyone to pay for their inabilities. To paraphrase Will Durant with a hint of Maggie: There is nothing in socialism that other peoples money will not cure.

Dissidents and dealers rejoice! Droid app hides your stash in plain sight

I don't have a handle

Re: Well, it is just a toy...

"It isn't intended to defeat a forensic IT specialist with the proper kit, it's just intended to hide stuff if an untrained copper takes a quick once-over."

I did read that bit but, well, I was just a little surprised to see the claim that obfuscation increases (data) security coming from within a uni. (I'm pretty certain that the students involved would have gained some useful knowledge/experience from the project, notwithstanding).

I could see the school-aged me making use of this just to piss off mum/dad/sibling, but alas I'm now old, withered and grumpy and see such an app causing more headaches than it allegedly solves - if used in ignorance.

I don't have a handle

Well, it is just a toy...

"It's not just me that sees this as vaguely lacking in credibility, is it?"

You are certainly not alone.

Beyond the Conceal API this all seems rather pointless to me. I mean, is it really possible to take this at all seriously when the authors state, "our approach provides an added step of obfuscation that increases security of the data". Well, so now obfuscation increases security? Hmmm. Does not compute.

DroidStealth relies on a simple PIN for decryption and the APK is distributed though untrusted sources? This is looking like good, secure logic - not.

To be honest, I should have stopped reading at their claim that 'obfuscation... increases security of the data' and gone back to doing something worthwhile.

'Revenge p0rn' kingpin Kevin Bollaert faces 20 years in jail

I don't have a handle

Re: WTF

"Umm, no it isnt."

True. But it sometimes seems that we are trying hard to catch up with them. I mean, I don't think Obama has yet claimed to be continuing the work of god* and I don't think he has stated that he wants to have conspiracy theorists labelled as terror-paedo's**, so we might be racing ahead in some specific areas. We are however equal in the bellend stakes. We each have one at the top of the political tree.

* à la Cameron

** also à la Cameron

'Revenge porn' law to arrive in spring – MoJ

I don't have a handle

Re: reasonable person?

Wouldn't that depend entirely on where in England the case took place. I believe there a cities where the "ethnic minorities" are only minorities when compared to the entire country but locally represent a very large part of the society. Therefore it is entirely possible, and not misplaced, to have a jury made up from 12 people who consider not wearing a headscarf a crime.

Even if the jury were made up of 12 such individuals, it would not make any difference.

A 'reasonable person' (aka 'the man on the Clapham omnibus') is not a juror, but rather a legal fiction used by the court as an objective test. This legal fiction, in essence, represents your average citizen and not the jury. Therefore, even with such a jury, it would be a non-issue in a UK court of law.

Quick example, different area of law, but the principle still holds: http://www.lawteacher.net/lecture-notes/tort-law/negligence-breach-lecture.php

Why Windows 10 on Raspberry Pi 2? Upton: 'I drank the Kool-Aid'

I don't have a handle

Re: Security???

"You are out of date. Windows is a long way ahead of Linux there. Just look at website defacement stats and then divide by market share. You are far more likely to be compromised these days running a Linux server stack than a Windows one."

That actually made me laugh: "Just look at website defacement stats and then divide by market share".

I can't decide if you are a shill, a comedian or just unbelievably naive. (Hopefully you were aiming for comedy).

Windows 10: The Microsoft rule-o-three holds, THIS time it's looking DECENT

I don't have a handle

Re: Will there be a real professional/enterprise version???

"those rental fees are where they're looking for most of their revenue"

What rental fees are those? You can't be referring to a Win 10 subscription model surely?

http://www.pcgamer.com/microsoft-windows-10-will-not-be-sold-as-a-subscription/

Last Pirate in Brussels: Put ME in charge of yer IP treasure chest. Yarr!

I don't have a handle

"That's Google News in trouble for providing links to the Financial Times and the Wall Street Journal that bypass their paywalls, then."

Maybe not. National courts appear take contrasting views on exactly what constitutes communication to the public/communication to a new public. There is even polarised opinion between courts within the same country.

It's also evident that the scope of such communication, and its elaboration in CJEU case law is somewhat confused and contradictory, and therefore still likely to be contested.

Whatever I personally think about Reda's general politics, one thing is certain... If the CJEU is muddled with respect to it's own rulings, then there's still some way for certain aspects of this run. I don't see her proposals helping much here, unless they somehow lead to a properly scoped and unequivocal legal definition of 'communication to...'.

But then, we are talking EU here, so it's never going to be clear, concise, efficient or timely.

I don't have a handle

Re 15:

"just a tweak to the law clearly stating that hyperlinking is not copyright theft."

More copyright infringement than copyright theft - but I digress before I start.

1) The CJEU have previously made clear that hyperlinks to content made freely available by a rights holder do not infringe (with a few potential exceptions however).

2) The CJEU also made clear that restricted content, accessed by a hyperlink - e.g. where the hyperlink circumvents some restriction (paywall or whatever) - would, without the permission of the copyright holder, mean the publisher of the link is committing copyright infringement pursuant to Article 3(1) of the EU Copyright Directive.

Whilst I may not like paywalls or similar, I see the above as perfectly reasonable. i.e. not copyright infringement where made freely available by a rights holder, but in other circumstances may well constitute infringement. Reda is a little vague here. Specifics will follow I am sure.

Re 20:

A mandatory exception for libraries works, but no doubt will seem a little blunt an instrument to some rights holders.

It would seem perfectly reasonable to me that the client copy of a library sourced e-book self destruct on it's normal return date, but unreasonable for HarperCollins (or whoever) to self-destruct e-books just to force libraries to re-purchase.

Re: 24

"It should not be illegal to ever break encryption if you are allowed to read the unencrypted file."

That would require careful clarification of intent. Unless of course we are to no longer consider intent?

As to whether "nobody in the EU superstate can really moan about this [harmonisation], since that's, you know, the entire point of the EU", well, there are a few hundred million in the EU who had absolutely no say at all in how we arrived where we are. Personally, I believe they have every right to moan, should they so wish. But that's a debate for a different day.

I don't have a handle

Head. Sphincter. Firmly.

Reda, on rare occasion, talks sense (i.e influences on politics must be visible and traceable, mandatory lobby register and auxiliary income transparency of all members of parliament), but generally she appears to live with her head orbiting the event horizon of a dysfunctional sphincter - as is the case here.

"The ability to understand the law is central to its acceptance and legitimacy", says Reda. Pfft. Head. Sphincter. Firmly, imo.

Having read the eval report, it's comes across as being just another harmonisation and 'single europe' piece, but with the added bonus of a degree of 'freetardness'. But then what else would we expect from a freetard who believes that the Merkel’s and Cameron's should have no say in how the EU develops (or fails).

It's fools like Reda that give lefties a bad name.

Node.js fork io.js hits version 1.0 – but don't call it production-ready

I don't have a handle

That's the thing with node.js - it has it's place, but that place is definitely not everywhere. i.e. there's no point in using it as a boutique framework or just because you can. (But then, I would say that about any framework, not just node.js).

From what I have seen, probably the biggest issue with the node.js environment is not the framework itself, but rather some nasty habits front-end developers* are bringing with them across to the server**.

* Don't take it personally if you are a javascript dev. It's just a personal observation, not a dig.

** For this reason (and others) I still not completely sold on the notion that it is good to blur the traditional boundary between client and server, just because we can.

What do UK and Iran have in common? Both want to outlaw encrypted apps

I don't have a handle

"To be fair, Call Me Dave has not said TLS is to be banned, merely that the government will break into it on occasion when the home secretary has given personal permission"

ISTM that government agencies are already doing this, with or without the permission of the Home Secretary.

To my mind, this is, to some extent, more about access (or a right of access), to private keys. Quite what shape this discussion may take, should the Tories be re-elected, is uncertain - but personally I have a feeling that access to, and perhaps distribution of (or control of), keys within certain boundaries will hold a degree of focus within any such future discussion(s).

Until we know more about his dastardly plan, we'll just have to live content with the knowledge that number theorists, along with anyone with a desire to make use of prime numbers, will probably be labelled, vilified and persecuted as paedo-terrorists by god's 'right-hand man'*.

*Reference to Dave's Easter 2014 bash, where he said, "I'm just continuing God's work". (Alternatively, just read as 'wanker' - either works).

I don't have a handle

Re: Surely...

He's on about both metadata and content. Quote: "...the powers that I believe we need, whether on communications data, or on the content of communications, I'm very comfortable that those are absolutely right for a modern, liberal democracy.

He then waffles on about revisiting DRIP if he gets re-elected.

I don't have a handle

Key escrow revisited?

DC passed reference to previous governments aborted attempts to curtail personal encryption. I read this as a reference to Labour's diabolical key escrow shite from the 90's. Maybe we'll be seeing an attempt to get shite like this through Parliament again soon?

French Google fund to pay for 1 million print run of Charlie Hebdo next week

I don't have a handle

Re: I don't for a second believe the 'Charlie' murderers were acting as Muslims.

"I think you missed the point. A gun-totting nutter is a gun-totting nutter whatever excuse he gives. Religion, nationalism, not liking Mondays? The excuse is irrelevant."

A nutter, is a nutter, is a nutter. I quite agree.

However, a comprehension of the base ideological framework of extreme religious fundamentalism is still key here. Religious extremism can be neither understood nor addressed if we consider religion a mere irrelevance.

On a different tack, and a thought that has just popped into my head whilst typing the above. I find myself wondering why it is only now that the UK government are making lots of noise about UK citizens travelling overseas to fight when, in fact, it has been happening for decades (Pakistan based groups engaging in so-called jihad in Kashmir during the 90's and their later links to the Taliban and others, for example).

UKIP website TAKES A KIP, but for why?

I don't have a handle

Re: Major update cockup?

"I agree with you!"

dogged, sorry. I didn't mean that to come across as having a dig at you. I agree with most of what you are saying :)

I don't have a handle

Re: Major update cockup?

"There are so many local newspapers. And then there's the BBC's Have Your Say to shit mindless racism all over too."

The problems nowadays is that the word racism is so overused and abused it has lost much of it's original meaning and context. That's not to say that racism does not exist, but rather that it really holds little real meaning, or indeed relevance, in many contexts in which it is now used.

It's reached the point whereby it's impossible to have an adult conversation without the champagne socialists screaming 'racist' at the beginning and end of every sentence offered in retort to anything that offends their often fragile sensibilities.

Let's all act like grown-ups, accept that others are free to adopt a position that is contrary that of others.

Arguments and debates are never won by scweaming 'wacist' at every turn.