Posts by Peter

@ I'm curious

Thanks for that typo - "Leiderhosen" is a IMHO destined to be a classic for anyone understanding a bit of German.

The word is "Lederhosen", but Leiderhosen is soo much better given what they are. (Leider is sort of equivalent to "alas" :-). Quality!

She'll have my vote - the real one.

Trouble is, I'm not American. But that's OK for fake votes!

I think it's brave throwing a stick like that into the hen house. The risk is that the wannabee politicians woudl try to play games with it. Having said that, McCain already got a warning - if he doesn't recognise that he's in for some entertainment the moment his camp tries it again.

The kid's got brains - yeah!

Actually, a clamping tip.

OK guys, since you mentioned clamping as well, here's how I got out of a car clamp in London: I asked the clampers to identify themselves.

For ANY company to claim they have the right to take your property hostage they will have to prove (a) that they are indeed acting on behalf of the landowner and (b) their identity as employee of said enacting company.

The argument for this is simple: such companies ALWAYS insist on a non-traceable form of payment. No cheques or CC, cash only. This is perfection for a scammer: just throw a couple of clamps in the car, hike to the nearest place with people that can be misled into thinking they did wrong (hang your own sign if need be, plenty to unscrew in London) and start collecting. More rewards for those towing such cars away - we're all so conditioned by now that nobody will assume you're just nicking the vehicle if you stick a big sticker on the windscreen first. I'm waiting for this to become a crime wave of sufficient size to cause a clamp down (unintentional pun) on those jerks.

OK, back to the story. The clamping goon naturally stated he was "authorised" so I asked him calmly to prove it. He couldn't, "but his mate could when he got back". I was at that point already talking to the police on my mobile (who advised me they wouldn't act, probably because that would mean effort, but the chimp in front of me didn't know that so I finished the conversation with "yes, of course, I'll ring you as soon as they have failed to identify themselves"). Chimp #2 arrived, no ID either, but "he'd ring the boss". Boss: "we are fully authorized", me: "yes, I'd say that too, but where's the proof?". Boss: "I'll get someone to you with proof in a hour", me: "Yeah, right, I'll give you time to print some fakes. You have two options. Either you tell these goons to unlock that clamp and get their IDs, or I'll personally walk them to the police station and you can go and collect them there in an hour with your paperwork".

Boss took the sensible option.

The only thing I haven't done yet is forming a key squad. There is a nice hole in UK law which states that if you manage to remove the clamp without damaging it they have an enforcement problem. A group of people who have followed the MIT paper on picking locks or who participate in championships such as at http://www.toool.nl/ can could create a nice bit of havoc for a clamping team. They can also not prevent you from taking it off (without resorting to violence which gets them in the slammer). And they won't get help from the police either.

I would have had a little bit of understanding if these people actually did something useful. But ever since my late father in law got a ticket in front of the hospital when he got his cancer treatment they are off my Xmas list. And that ticket was never paid - they "cancelled" it after I wrote them two letters.

The last one contained his death certificate.

@ Daft question alert

Not a daft question, but the answer lies in not relying on an IP address to make the connection.

Most remote control products use a central server to which the remote software reports, and picks up any remote control requests from there. You will find that approach when you start looking at how to get VNC to work past a firewall, and the whole approach is neatly wrapped up in a product called "Teamviewer" (add .com for the website) which is (AFAIK) from the authors of one of the many VNC implementations.

You can install the product as "resident" which means it has a fixed password, or in "on demand" mode (which obviously wouldn't have helped here :-) which is a bit safer as you need to give permission and the password changes per session - I'm personally not too keen on someone gaining access to my screen when I'm using my bank account ..

I can recommend it - it's free for personal use and it's the first program I have been able to let loose on total non-tech parents without there being a problem..

So there - not that daft, and an answer :-)

Don't try this in London..

.. unless you want MORE equipment stolen.

The prime risk is that you provide an opening. Openings attract rats. Human ones. That is IMHO a problem you need fixing first.

But why no shielding ?!?

What I want to know is why the EU has not mandated shielding in the passport cover? It means any idiot can read the chip from a distance with minimal effort. I don't know what the coding standards are, but if the RFID allows identification of country of origin, the door is open to construct hidden bombs that only go off if enough, say, French passports were in the proximity.

One benefit, though. If you work with comms equipment the lack of shielding may "accidentally" result in a toasted RFID chip. Not my fault, gov..

To all who laugh at this effort

Guys, there are too many unknowns, and there ARE people out there who look for power without the upfront pain (there will be pain afterwards IMHO, but then they have spent the money).

This could be a good move for MS (and Cray) - it's IMHO *way* too early to tell. Distributed computing has at lest the ability to make Windows a bit stable, and ought to be enough to keep up with animated cursors. Having said that, if history tells us anything it's that MS engineering will soon get rid of those benefits..

Wait and see. Meanwhile, I'll stick with Linux. I go for what works for *me*..

Bottom line is that you're mentioning Windows..

I thought so. Here's a scary one for you: somewhere in the 90s (around the time of NT 4.0) it became "fashionable" to use Windows for process control systems as well. Fashion equates to "not being decided by logic" and today we are reaping the benefit of that idea: a mad scramble to get those systems at least a BIT secure.

Your observation is thus no surprise: again a case of people who have no clue dictating to those who have, instead of letting those people do what they're paid for. But it's exactly that sort of micromanagement and "politics ueber all" attitude that made me leave that whole scene.

There is a small flaw in your argument, though. The lot at the top isn't entirely useless. Their job is to get clients in, which they do. The mistake they made was to make decisions outside their competence as well - QED..

Just imagine ..

.. the LCH accidentally creates the first hyperdrive. We'd all be very impressed in the few nanoseconds before we plunge into some distant sun ..

Morbid joking aside, did anyone spot that 26 countries have actually managed to do something together?

That's worth celebrating in itself. I'll treat myself to some lhcconcerns baiting, I think.

Whohahahahaaa..

BBC has a liquid bomb demo video

They messed it up a bit to stop it from becoming a instruction video, but the article here [http://news.bbc.co.uk/1/hi/uk/7606892.stm] has video footage.

@ The Future (Daniel)

"the future for the human race?? well i picture an amorphous blob"

No, no, that's another politician, and that isn't Segway related. He has two Jags..

Keep your facts straight, please.

:-)

Evidence Google is now a BIG company ..

I think they simply screwed up here. Yes, the terms were plain unacceptable, but it appears a recycled template and they have fixed it now. Shame it needs a good bash before they caught that one, but look at the bright side:

People are actually starting to *READ* EULAs !!

IMHO that is a profound change, because this means it'll be a matter of time before the dodgy stuff in certain other EULAs gets objected to.

@ Unless you own the PIN machine, this will continue to happen (Brent Gardner)

You obviously haven't read up on cloned SIMcards, have you?

But you're right: the secure terminal isn't..

Dear Sirs,

Thank you for your letter.

After reading your letter, I have not found a valid basis to change my behaviour or how I use my Internet connection. I would, however, like to warn you that taking any of the actions you detail will have consequences and could result in legal followup.

.. the idea is to goad those idiots into correspondence. The moment they'll try to act it'll become apparent just what a bunch of goons they are (notice that teh above does not amount to an admission :-). And legal time is expensive - serves them right.

What happens when you treat a water bottle?

Just curious - do you end up with a bubble of water hovering 1 inch off the surface or what?

I have another good use for this: car windshields. Stuff like Rain-X works well, but needs bi-weekly renewal, and nano coating seems less effective after half a year, but both are good enough to repeat the effort to maintain the result. I can also see this work for seats and windows in general.

And it would be a fantastic practical joke to give someone a treated towel ..

:-)

@ Enough & black lists

Blacklists won't work.

They'll lose them..

Sorry to blow our horm, but the problem *is* solved..

Could I humbly suggest you look at www.axsionics.ch, a Swiss startup? I'm working on the docs so if you want decent details mention it (once I have this I will send El Reg a token to play with, give me a couple of weeks).

In short, it's a trusted display (graphical OLED), combining more or less all of your above comments. To address question one upfront: no, the use of biometrics does not mean that a "disconnected" finger is of use (or its friendlier equivalent, the copied fingerprint a la Chaos Computer Club). The reader is quite good at rejecting fakes, and you have to "name" your fingers - only you know which finger "g" is, for instance, if you used the word "frog" to name them.

A message for the token is AES128 symmetric dual cert encrypted, so it has to (a) come from a defined source (the token accepts 128 different origin certs) and (b) has to be encoded for that token or it won't be able to decode it. It picks that encrypted message up via a screen animation, and after taking a valid fingerprint it will show it, together with a password if an answer is required. So, "To: BT, A/C Household, Val. GBP 125,23, PIN ABC45F" is quite possible (or "Please call us on +44 1234 4568") - and that PIN is also meaningless to anyone but you and the sending server because it's a One Time Password, generated on the card.

This means that a Man in The Middle Attack won't work, and -VERY- important, that you do NOT need a secure terminal. There is no reason why you can't use one of the card's channels as a payment method, which ends the need for secure terminals altogether. Instead, you just pop up an iframe in the POS display (or an external one), supply the required finger sweep, read the message and enter the PIN (numeric or alphanumeric) if required. Ditto at home - regardless whether your system is virus infested or not.

To give you an idea where I'm coming from, I was consulting private Swiss banks on next generation eBanking, and the basic premise there too is that we have to assume the client PC *is* infected. Yet, you still need to supply secure eBanking.

Expect to hear more from us soon :-).

For a bit of balance..

I have been using mobile phones since the Motorola "brick", and was one of the first people in London to have a NEC P3 (yes, I'm that old :-). Presently I have two Motorola V3i (nice pocket form factor), a Sony Ericsson P1i (which also has Tomtom nav software installed) and a 3G iPhone (not my choice, it's a company phone). The Motorola's only ever come out if I need to travel far, mostly I use the P1i as I found the iPhone an iPain in the neck to use after the initial excitement about the gloss had worn off and I actually had to USE it.

For:

- a switch to make it silent. Briliant for meetings.

- adding 3rd party to call - one button!

- grouping SMS conversations - but it's also irritating

- looks - nice display, decent form factor, black's quite OK

- iPod inside. 'nuf said - and videos work very well on it too.

Against

- all have to pass "Start" - bleagh

- not really multitasking, thus sloooooow app switching

- SMS length or delivery feedback? Easy to overspend, oh , sorry, they get a cut of that

- app store. It sucks as the sole route. Easy for plebs, irritating for anyone else. Stalin may have liked it.

- apps - limited range, not open platform (Symbian now is, hurray).

- is "location" really a choice? Maybe it goes all the way back to Apple? Don't know - would like to know.

- PIM sucks. Not design, just switching in and out is a royal pain to the point of not being usable in Real Life

- the camera and software sucks seven ways to Sunday. It's been a while I had such a bad camera in a phone.

- can't use songs as ringtones. Pathetic lock in, which really was the last straw for me.

- no Bluetooth file transfer

- app authors appear to like putting suggestions in the box where you need to type - so you have to erase all that

- no cut & paste...

I have gone back to the P1i. It has a sensible keyboard, a decent OS, OK apps to go with it (that also sync with my PC desktop) and is in general quicker. It has a rather acceptable camera (which also doubles as the input for the business card OCR scanner app that comes with it) and is capable enough to combine PIM with phone - provided you use a headset. It's not perfect, but it WORKS, and does so reasonably fast.

I have the iPhone because the work we do uses web graphics, and an iPhone is easier to carry than a laptop. But it can't beat the Sony IMHO, so I suspect people espousing other iPhone-alternatives probably have a point too. It's OK for the average person, but as a working tool it needs a lot of improvement. But hey, it's an Apple iPhone 3G beta, no?

:-)

@ FFS People!

I think you need to losen up.

(and that one was deliberately mizpeled :-).

Thy evil overlort (dang, done it again).

Mwohahaha..

PH, 'coz she doesn't need to spell.

Can't you just Google for it?

I mean, everything's on Google, no?

OK, coat..

I like this one..

Clear: yeah, even cleartext

Focus: those with enough money to afford the program, i.e. those with enough money to give them the mother of all headaches in court.

Well done!

It's not the first time I've heard this

I've heard this in circles I expect to have real knowledge of such a capability, so I treat Skype like any other phone: potentially tapped.

If I want secure comms I'll set up an Asterisk server with VPN and accounts for those I want to talk to..

Classic fallacy

Same problem with a penetration test: you will only prove that one specific person with a specific skillset and specific tools could or could not break the phone at that specific moment he/she/it tried.

Whoever gets that job should (a) ensure legal protection, AFAIK it's illegal to do this - there are no exceptions in the law that make doing this legal, even if you have permission and (b) realise that it's a time bomb: it's you against a gazillion others, and you will get the blame if they find a way in.

Doesn't surprise me the job's still open..

Breach of computer access laws

Given that such data is collected without consent I would assume a case against these people for illegal access and use of computer solutions is likely to stand up. The shenanigans with the government are simply a way to take the eye off the potential for individuals to go after this mob with class action.

Having said that, IANAL. But the door appears to be open rather wide..

What did they do with the Aston they trashed?

I'm more curious if someone has been able to film the Aston Martin seeking the deep and use it in the film. There are VERY few films where they trash such a car, and this one looked thoroughy trashed when they fished it out of the lake.

"Oops" would have been a masterful understatement :-)

We'll see

From experience I'm not going to judge a distro until it's (a) actually released and (b) has about a month worth of use so the patches are up to date. I switched long time ago from RH to SuSE and then OpenSuSE - but that's because it matches what *I* need. I also run an Ubuntu desktop but I'm halfway between desktop and server for my needs and OpenSuSE seems to be right on the mark.

I'm looking forward to it.

Can we get one for pigeons?

I'm pretty sure we can get some serious wear and tear on a few of those machines at Trafalgar square :-)

Standard sales tactics: drop a load of stuff on the ground (seeds, in this case) and then offer to hoover them up again. Including pigeons.. Just keep the kids out of the way, mainly because they could clog up the machine :-).

Obvious conclusion..

Of course he would say that the UK is not a surveillance society.

What else do you say in front of a camera?

Of course they don't move around much..

.. with current fuel prices. Duh.

:-)

I actually *want* names in code.

I look at it from the developer's side. All they sometimes get from all the hard work is recognition. Who am I to deny that? They have to eat too, and I actually prefer myself to employ people who can prove they've coded in Open Source because it means they are capable of collaboration and integration (and I'll figure out the personality issues myself, thanks). The approach as described in the article would deprive these people of the one benefit (other than experience) such project could bring them.

This comes, of course, with a caveat: each piece of code must be seen as a contribution, not as a territory. It's courtesy to debate a change to someone else's code, but "ownership" must not get in the way of improvements, and THAT arbitration is the true role for a project leader - the big picture.

So, philosophically I can understand what they try to do (although it looks rather self serving from one angle) but I don't agree. And that's fine. Differences of opinion make for debate (not arguments, debate) and that is just as critical for quality as good coders. There is no better way to kill the quality of a deliverable than to stop debate or prevent dissent from being listened to.

Just look at the first days of Terminal 5..