Posts by The Other Steve

@Decline not due to safety rules

Hmm, I'm afraid I have to take issue with that, I for one lost interest when the number of participants killed or maimed fell below the level required to hold my attention.

And I want MORE jiggling bimbos, not less.

@Alex Hawdon

So, to clarify, you think that because your local authority are not competent to operate the surveillance system that they already have, they should therefore install a much bigger, more invasive, and much much more expensive one ?

I fell off my push bike. Should I therefore be given a Ferrari ?

Perhaps your LA needs to look at it's existing processes before it starts writing blank checks to security equipment manufacturers.

Or perhaps it's just that putting people under 24/7 surveillance doesn't actually have that much of a deterrent effect, full stop. Watched much Big Brother ?

Oh the memories...

The days when I wandered around with a school bag full of boxes of 5.25" floppy disks, a stack of fanfold printout, and a copy of the BBC Mater (Next after the model B, with software in ROM and numeric keypad) manual, and probably an Usbourne coding book or two.

Picking the locks on teachers desk to get the NetNurse disk, judiciously *unproting, watching the keyboard buffer remotely to get the admin password, getting super user status. Getting caught. Getting kicked out of school. Oh yes indeed my friend, those were indeed the days.

Being allowed back in, abusing the modem to dial into MicroNet over premium rate gateways, getting kicked out again...

Fond fond memories.

I don't care if it's legal (it isn't) or anonymous (it isn't)...

I don't care if Phorm's CEO gives me his first born son to hold in escrow as a guarantee of his promises.

I don't care if my ISP offers a water tight privacy contract signed in the blood of their customer service department who are consistently ignoring my complaints.

I don't care if they get the resurrected spirit of Jesus Christ to audit the source code.

I don't care if the God of the Old Testament manifests and writes "Hey guys, Phorm is OK by me" in letters of fire upon the sky.

I will not tolerate my ISP intercepting my communications in order to treat me as a chattel. Period.

I do not want Kent Spunkbubble and his merry band of cold warriors and root kit artists installing equipment anywhere in the UK telecomms network, for any purpose, ever. Period.

In other words, Fuck off, you shady bastards.

Well enough written

that this time I actually got a page and a half in before brain kicked in and I realised that I actually couldn't give a flying monkeys chuff.

Well done also for keeping the page count down, but I still can't help feeling that one page for a story about Wikipedia would be more than enough, thanks.

In fact, a single headline once a month along the lines of "Wikipedia : It's not like a proper encyclopaedia, and it's spelled different." would probably do the trick.

Sorry Cede, it's evident that you really do put a lot of time and effort into these reports, I just can't help myself.

@Whinging

Hi HamsterWheel, still holding those Phorm shares eh ? down by another 300 so far today, bummer.

See how quickly your anonymity was stripped away there, despite the fact that you posted AC, and the reg site does not allow me to see your IP address ?

Nasty, isn't it ?

As for your pathetic points, which display your continuing misunderstandings about technology and legal issues, lets have a quick look.

BskyB :

Don't use it. That's a choice, see.

Credit Cards :

Don't have em. Choice.

Banks :

No they don't, because it's illegal, and anyway I usually use cash. Choice.

Opt-out :

It isn't as simple as opting out, I would expect someone who claims to have "seen the technology" to know better. Order yourself some Clue.

Luddites :

ROFLMAO. Even wikipedia is smarter than you.

Legality :

Kent can say he's sure all he likes, but guess what, it isn't up to him to decide what's legal in this country.

As for "I'd like to see you hack Phorm", be very, very, careful. As a Phorm shareholder, that could be taken as implied consent to do just that. Would you really like to be responsible for millions of people waking up tomorrow and having the first page they see scream "Welcome to Phorm. Kent Ertugrul is a massive Spunk Bubble. We now return you to your normal internet experience." ? Would you like to be responsible for that ? To find that since you have implied consent, it's your fault, and Phorm have no recourse at law ? I somehow doubt it.

Of course, I'm sure that won't happen, there's no need for it, Phorm are going down all by themselves. You've been a big part of that, your clueless outpourings and transparent attempts to ramp Phorm shares have helped to anger many people who perhaps otherwise would have just sat back and watched the show.

You should be proud. As should Citigate Dewe Rogerson, whose "Jack and Jane do Pubic Relations" approach has wound up so many. So props to them for their continued efforts to dig the hole that bit deeper.

Oh, I forgot your other point, about "growing up". Personally, when some bunch of shady fucktards turn up and start plundering my personal data, illegally intercepting my private communications, playing fast and loose with the Data Protection Act, labelling me, categorising me, and treating me as a product to be sold to the highest bidder, I think the "grown up" response is to shout the fucking rafters down and not rest until the beast is slain. It's called "taking responsibility".

YHL HAND.

RE : it's that old if you've got nothing to hide thing again

DR ? Daily mail Reader ? Crikey you go for ages without seeing any, and then two pop up at once. I presume you're a DM reader or someone of similar comprehension skills, so a repeat, just for you.

The people who filled in their religion as "Jewish" during the German census in 1939 probably thought that they had nothing to hide, and therefore nothing to fear.

Millions of them died finding out how wrong they were, no one believed it was happening, because you just don't expect states to do those kinds of things.

Never, ever, ever allow the machinery of a totalitarian state to be built just because you think that you personally have nothing to hide. What you have to fear is not something that you can decide, it's something that will be decided for you.

A quick example that may appeal to you. Lets say that at the next election, a militant gay party emerges, and takes the nation by storm. over the next few years they gain in popularity and finally form a government. Drunk with power they covertly hatch a plan to hunt down all heterosexual men and execute them. Or maybe just fine them, if you require something less dramatic.

Do you have anything to hide now ?

How about greens ? They want to punish anyone who has driven a certain type of vehicle, consumed a certain type of product ?

Do you think the state is always a beneficent actor ? Hint : Turn on your TV.

@Steve Foster

" I bet I'm not the only one who thought "Mel" "

Oooh, I bet you are. The rest of us were keeping our Geek cred up by thinking "William".

@AC

"what does a Phorm cookie look like? What's in it?)"

http://webwise.bt.com/webwise/webwise-off.html

http://webwise.bt.com/webwise/webwise-on.html

<tinfoil hat>

Also, Kunt Spunkbubble says your opt-in cookie is a 'random' number, but how are we to distinguish between a 'random' number, and an encrypted set of key value pairs ? *

Oh yeah, because we trust him.

</tinfoil hat>

* Which is easy peasy stuff to implement, GIYF.

Potty mouth!

I'm a habitual user of foul language, spoken, written and indeed thought 'louder' than normal thinking. I can't imagine being involved in any accident severe enough to FUBAR my vocal chords putting in any better a mood either.

For me, this would be a disaster. In fact, having one strapped to me under any circumstances would be like some terrible kind of punishment, if not for me then for the countless people who'd have to endure a never ending diatribe of Dalek swearies.

"OH NO! NOT THIS FUCKNOZZLE AGAIN! ABORT ABORT!"

Top Notch!

Now there's no reason not to emigrate there in order to live under a less oppressive regime ! And while I'm there I shall plot with the Cubans to mount a military campaign to bring Democracy to the UK.

Re - fucking - sult.

@Michael J Welker Jr

"What liberal or uninformed bias!"

Yes, what liberal or uniformed bias ?

Perhaps you could help me understand that sentence by defining what you think "liberal" means.

Assuming you are using it as a noun, Websters thinks you mean :

1. A person who favors a political philosophy of progress and reform and the protection of civil liberties.

2. A person who favors an economic theory of laissez-faire and self-regulating markets.

What is it that YOU think you mean ?

I'm guessing you think you mean "Some unpatriotic communist homosexual NRA refusenik who thinks it's a dumb idea to allow anyone who can spell their own name to stockpile automatic weapons and leave them where children can gain access to them." Which is quite different.

Please feel free to educate me if I'm wrong.

@ Slimeballs (Phorm Tech Team) - Informed Consent

Firstly, stop cutting and pasting, and answer some points properly.

Secondly, you keep hiding behind the idea of choice, and more importantly from a DPA point of view, consent. Lets get this cleared up a bit, the DPA requires "informed consent".

Truly informed consent would be every user receiving a letter from their ISP phrased thusly :

"Do you [name of contract holder], consent to having every single web page you visit proxied through a piece of software written by ex Soviet cold war hackers, profiled, analysed, and then passed to a company whose last project was a massive effort to install intrusive spyware onto peoples machines without their consent in order to spy on their web browsing habits, sell the data to marketers and open pop ups advertising porn, gambling and dodgy pharmaceuticals to any user of said machines, including, quite often, minors. PS, they promised they won't do these kinds of things any more, and we believe them because they offered us money.

Optionally, you may also chose to see relevant advertising based on this profiling and analysis.

To consent to this, you must also accept a change of Terms And Conditions which abandons our existing privacy policy and effectively allows us to sell your data to all and sundry, opening the floodgates to a whole new future of web use where we make money from profiling our customers without their consent or knowledge because it says we can in our new contracts.

If this sounds like the kind of thing you would like, please complete the attached consent form, and send it by registered post to the Data Controller at [ISP]."

Sorry, but anything short of that is NOT informed consent from where I'm sitting. What users will get is a web page saying "CLICK HERE TO SWITCH ON [ISP]s NEW ANTI PHISHING SUPER SECURITY SERVICE IT'S GREAT (oh, and some ads).

CLICK HERE NOW."

Then they get a mutable, expiring, easily deleted by accident, couple of bytes of data on their machine. And guess what, if they DO delete it by accident, or they have a software failure, or have to reinstall their machine, or they switch browsers, you opt them back in by default without their consent AT ALL.

Bull Shit. You want informed consent, get it in writing from the Contract Holder, or end up in court. No informed consent, no interception for purposes other than those necessary in the course of the provided service. If ICO had any teeth, they would already be chewing your arse off. Get one of your legal droids to actually read the DPA. And stop spewing the same godawful dissembling copy'n'paste shit around the web. Get some REAL technical people on the front line with some REAL answers.

Tiny licence fee ?

http://www.mp3licensing.com/royalty/

Try 75 cents per unit for decode only, and five dollars per unit if you want a full codec.

Not so tiny for high volume/low margin manufacturer.

Of course, you can avoid this gouging by paying a USD 60,000 one time fee, which is nice.

@But what else can you do?

Ignore them, and they will go away. And even if they don't, so what ? The the TOTAL number of casualties caused by the PIRA, the loyalists, the military and the security forces between 1969 and 2001 is estimated at 3,524 [1], with only 2,056 attributed to PIRA.

So, for the entire THIRTY TWO YEARS of actual terrorists, regularly committing actual atrocities and actual soldiers actually shooting people with guns, the total casualty figure is only slightly more than the number of people who died in fatal RTAs in 2006 [2] (3,172) A figure which itself is higher than the number of fatalities caused by the attacks on the USA on September 11 2001.

Now remind me again, why am I supposed to be worried about terrorism ? So far the *average* score for the "islamic" nutters is ~18 fatalities per year (since 2005), including bombers.

It's getting tedious to hear, I know, but you really are, genuinely, much more at risk of being run over. And you manage to integrate that risk in to your daily life without any problems whatsoever.

[1] http://www.cain.ulst.ac.uk/sutton/book/index.html#append, I make no claim as to the accuracy or otherwise of these numbers, direct your flames to the authors.

[2] 'latest' figures, released Feb 7 2008, the intro on the website refers to Q3 2007, but all the tables in the report quote 2006, I don't know if this is 06/07, or if just takes a really really long time to count the dead.

http://www.dft.gov.uk/162259/162469/221412/221549/227755/rcgb2006v1.pdf

@Much ado about nothing

"Go on, show me a SNMP enabled device that coughs out usernames and passwords on demand."

DLINK DSL 604+ router, for a start. Read access to SNMP is sufficient to escalate privs and pwn the router.

Why is this ? I hear you ask in astonishment. Well because if external SNMP is enabled, so is external telnet. In fact, most DSL 604 owners wouldn't even know that they were switched on, since the option that you would tick (and which is ticked by default, IIRC) is "Enable Remote Administration" which makes the admin web page available remotely. Oh, and disabling remote admi doesn't stop SNMP or telnet from running inside the network either. In order to do that, you have to TFTP the config files off the router, edit a couple, and then TFTP them back. And as for TFTP, well, tha'ts also a lot of fun :-)

And the SNMP read community name is the same as the telnet access password. And you can't stop this from being true.

Oh, and for some more fun, if you get the SNMP read community name (which is defaulted to public) you can read the SNMP write community name (althogh since this defaults to private...) out of DLINK's enterprise MIB using snmpwalk or similar, as well as WEP keys, ISP login details, etc, etc. *

So there you go, there's one. Some older 3Com enterprise kit did similar stuff, although I can't remember which ones off the top of my head.

Often lots of juicy inph0s in the enterprise MIBs if you look, and there's lots of old forgotten kit out there running SNMP.

Now off you pop and run nmap and snmpwalk on all your network attached kit. You'd be suprised what sort of stuff is running SNMP agents without you knowing it. Got a network printer ? Running SNMP. Switches ? Probably running SNMP unless you disabled it. PABX got an ethernet card so you can run remote admin on it ? Running SNMP.

Also, bear in mind that SNMP (at least <= v2, I've never had any kit that actually bothered to use v3) won't log failed auth attempts, either.

Go, have fun, enjoy. And then come back and tell us whether you still think it's scaremongering,

*Now then, what was that someone said about 'Hackers' not doing their own research the other day ? :)

Skully, because, well, yarr!

BT privacy policy says...

" We do not use this information to:

* identify individuals visiting our website; or

* analyse your visits to any other websites (except that we do track you if you go to websites carrying our banner, but we do not identify personal details while we do this); or

* track any Internet searches which you may make while on our website."

http://www2.bt.com/btPortal/application?pageid=pan_privacy_policy&siteArea=pan

So I for one will be leaving for another ISP, citing breach breach of contract.

As for this "detailed custoner research", bollocks. They haven't asked me, although I /am/ in the process of giving them my unsolicited opinion. I somehow can't imagine any group of people answering an honest question, such as "Do you think it's OK if we monitor all your online activities so that we can then embed intrusive advertising and send you spam from our partners" with anything other than a resounding "FOAD".

In keeping with the way these things are done, I suspect it was a focus group asked something like "Is it OK if we use the data that we already have access to anyway, completely anonymously of course, to erm, give you some free chocolate ?"

Bastards.

Low spec, but then again

It's the same price I paid for my Palm Pilot, (1MB RAM) which I still use, and better specced than my current laptop, a Thinkpad P90, 40MB RAM, 1GB hdd, no usb ports, (which I love, but bless it, it's hardware is failing) which happily runs a bastardised and oft dysfunctional hybrid linux with a full development stack.

Splash proof keyboard not just a gimmick, but handy when I'm slurping wine and tea on a train and it passes over a set of badly maintained points (anyone who actually uses a laptop on a beech should just stay at home).

I'm in love with it, personally.

Ashamed

As a pro codemonkey, this kind of thing makes me totally ashamed of my profession. Any date handling code should include leap years and the 29th of Feb in it's testing. It's the canonical edge case, FFS,

And Andy and JP, it's because of jerkoffs like you that this kind of thing still apparently happens regularly. Andy, because if it takes you a dozen lines of code, you shouldn't be anywhere near a computer programming role, and JP because yes, it is quite simple, and yet you have manifestly failed to grasp the essentials (as the bishop said to the actress) despite the clues w/r/t to 1900 in the article, and then ejaculated a piece of code that exhibits EXACTLY the problem under discussion, all the while staring smugly at your output and thinking "Well, that's another problem sorted, fookin genius me". Fail

I'm sorry, but you are incompetent, and you give the rest of us a bad name. Either quit now, or have the decency to admit that you are neophytes at best and go and learn your trade properly.

Sorry if this sounds a little harsh, but I've spent far to much of my career wiping drool out of people's codebases.

@Daniel B

"A pseudo-random number generator exploit opened up the Lorentz cypher too"

Although, interestingly, the root cause of this was a very serious failure in operator protocol. As I understand it, an operator sent* a very long test message, and then sent almost the same message again after resetting the machine. The fact that the message was not quite identical** gave the allies a "depth", which allowed Col. John Tiltman to decipher large portions of the it, opening the way the for further developments (like Tutte's rather clever 'double delta' attack on the Lorenz PRNG) which then led to the automated breaking of the Lorenz cipher on an industrial scale using the Collosi and their precursors.

So in effect, Lorenz's security was originally busted by a user who didn't understand the operating protocols enough to realise that what he was about to do was really, really stupid.

It's amazing how little can change in ~67 years.

Black chopper (fnarr) because BP was on the QT

* August 30 1941, both messages had the indicator "HQIBPEXEZMUG", if anyone's interested in such trivia, or wishes to google it further.

** Had the messages been identical, they would not have constituted a depth and Tiltman et al would likely not have broken them (due to the nature of additive ciphers. GIYF)

Just, wow.

Ms Hillier, and I add my voice to those who read that as 'Hitler', clearly thinks that we're as stupid as she is. Quite apart from the excellent points made above, she seems to have stated, with concrete certainty, capabilities of a system that, AFAIK, hasn't even been /specified/ yet

She can give all the reassurances she likes, but until the system has actually been implemented (a spec is not sufficient, especially in a government IT project), they're all so much ill informed bullshit.

I particularly enjoyed her "two baskets" analogy, which demonstrates very clearly her ignorance of any technical detail whatsoever. Hint : Two databases, both of which must contain an identical unique identifier for each record (in order to JOIN them together, duh!), are effectively just one database you dumb bint.

And as for :

"How many organisations will have access to the database ?"

"Oh, to many to list" .

Oh well, that's just fucking peachy then. Thanks a bunch. Consider me properly reassured. And by the way, is the weather on your planet nice ?

Halo'd Bill, because this lot make even him and the Balmernator look like the diet pepsi of evil, and because we haven't got a suitable jackbooted facist icon yet, hint hint.

Gimpy little f'tard.

Proof, if more were needed, that Linus isn't actually some kind of demigod, but is, in fact, simply another mediocre geek who /thinks/ he is.

The really sad thing is that the Children Of Linus will now accept his gospel as the One True Way and continue to believe that the best way to do big iron computing is just to get a couple of thousand linux boxes and stack them in a big pile. A clue : no.

Of course once the exascale computing platform is perfected, they'll all say it should be running some version of gimpux. And if anyone so much as dares to file a patent on any of technology they spent squillions of dollars developing, they'll be round with the burning torches. Well, no, actually they'll just write impotent whining blog entries about it and quote Stallman and Levy just like they always do, tedious little f'tards.

Mines the one with the asbestos lining, ta.