Posts by Glen 1 967 publicly visible posts • joined 17 Jun 2009
" If there are bad actors get rid of them"
Possibly. You put shoplifters/fraudsters even muggers in jail, don't shoot them in the back because you cant catch them. If only there was some kind of organisation that could JUDGE what a fitting punishment would be.
The UK we have a comic about what happens then the police do it themselves.
"keep tyrannical governments in check (looking at you UK)"
How is that working out for you guys?
State backed-thugs killing unarmed civilians. People brandishing semi-automatic weapons at protestors. The article we are commenting on *right now* full of the stuff that needs to be kept "in check".
Do *you* think those BLM/Civil rights folk should be tooled up? If only for self defence from the All/Blue lives matter brigade? Then again, regular folk would still be shot for no reason, except this time with the excuse that they were armed. Even if its still in the holster.
As others have said here, soldiers on active duty in war zones have stricter rules of engagement than bog standard US beat cops. Its about time you held your police to the same standard.
You supposedly live in a democracy, (lets see how that election goes), you can have guns if you want, but folk who still claim the purpose is to stop tyranny clearly haven't been paying attention. Or worse - seem to be aiding and abetting those perpetrating the tyranny.
" How will consensus ever be reached about changing the minumum crypto software release version being supported by banks across the globe or emergency changes after proof-of-concept hacks are developed and who's taking the hit for the inevitable account zeroing bugs in client software."
The same way it is now. What percentage of all "money" is just a number in a database somewhere? Who wrote the database, or the code that interacts with that database? That code was new and relatively untested at some point. Who gave the order to throw the switch?
Do you see the similarities to a (hypothetical) gov backed stablecoin? The specific gov doesn't have to be a western one, it just has to have enough trust to get the ball rolling. In such a situation, there would still be a central bank, able to create as many or as few coins as your preferred economic model likes. USDT or USDC could be contenders for that role right now.
The technical barriers are not unsurmountable, and stand a better chance of actually succeeding if the code is written by the kind of folk who *already* write that kind of code for a living (eg for mainframes in banks). Not the current wild west situation where we have a lot of enthusiastic amateurs with snazzy websites mixed in with those with a clue.
I suppose the main difference would be the difficulty in pinning accounts to owners. When you can have a new account for each transaction, doing KYC due diligence becomes... impractical.
Thinking out loud:
TLS cert verification for KYC? "Web of trust" type key signing with no transaction accepted from/to unsigned accounts?
I realise that's the opposite of what many in the crypto space want . It would certainly give the folks at HMRC a warm fuzzy feeling.
Cryptocurrencies already fill that niche - with varying degrees of cost/risk.
Wanting to get in on the act is understandable. People are drawn to low cost and convenience.
Deliberately putting roadblocks in the way of transferable stablecoins will just see folk move to ones outside of the G7s control.
The UK at least seems to be quite ok with crypto - as long as the taxman gets his cut, of course - and SEPA is both convenient, and low cost. (exchange rate notwithstanding).
There will come a point where the G7 will have to chose between letting their banks continue to charge over the odds, or see many of those transactions move out of their regulatory gaze - or at the very least become impractical to track. Not that the UK gov seems overly bothered about money laundering according to the FinSEN leaks.
How do crypto exchange fees compare to paypal+bank fees?
"I wonder if only OpenAI or someone with GPT-3 can detect it,"
"third party service of some kind"
Which would make it trivially easy for browser clients to isolate.
The point of the container is not to block everything (ala noscript of ghostery), as many sites deliberately break themselves if they detect ad blocker type behaviour. The point is to have every domain see its own browser, forcing third party services to infer/guess connections between sites rather than the tentacles we currently have.
Third party cookie isolation is just the start. No eTags outside of first origin. Each container getting its own cache etc
The main countermeasures to such moves include things like OAuth, where its the first parties sharing information directly with each other, cutting out the third party middleman.
Also, isolating separate accounts with the same service is still a pain. Log in to a family-facing Facebook account, then switch to an account showing a less culturally accepted side of you? That account is probably going to show up on your family's "people you may know" feed. Or worse - it will be given as a "helpful" option to login as on a shared machine - a potentially life threatening situation in certain parts of the world.
That said, if you are spending enough time on any single service, they probably have enough information (search habits, browsing preferences) on their own to build a useful ad profile on you, without having to link to any other site/service.
Surely its down to BROWSERS to enforce this type of thing? or at least mitigate against the snoopers?
Don't allow 3rd party cookies (and possibly code), or at the very least, don't allow them to persist across different first party domains.
Firefox has already started doing this for its "Facebook Container". This should be the default. A container for each 1st party domain visited, not "let everyone have everything" unless specified.
It boils down to the point others have already made. Asking someone not to collect/sell your data, when that is their entire business model, is like asking the wolves not to raid the chicken coop. Its in their little wolfy natures.
As exemplified by the hoops you have to go through to do anything other than "allow all cookies" on many sites.
Given the propensity for JavaScript libraries dedicated to graphing and similar, do you (the el Reg readers) think the move to web-based stuff is an improvement on Excel?
I suppose having a JS front end implies there is a proper database somewhere at the back...
"You don't have much work "managing keys" if you encrypt on one end and decrypt on the other."
Encryption isn't just a magic wand you can wave over something. It has 2 parts. The algorithm and the key. The key itself can be a key pair in the case of asymmetric cryptography. Unless you have invented some other type of magical keyless cryptography...?
Will they keys/algorithms ever change as technology improves? How do you switch from one to the other without disruption?
"they aren't going to ask you to decrypt in the middle of the Pacific"
They don't need to. Read the article. Its about cable landing in China. They just have to tap the network company on the shoulder and say a condition of operation is giving them the ability to do a "lawful intercept" - which is whatever they say it is. That includes putting the data in the form they receive it (ie undoing any decryption the network folk have done)
Submarine cable interception is useful when you don't have access to one or more of the endpoints. eg For 5 eyes countries , intercepting links between any 2 non 5-eyes countries.
"The customers WILL be managing their own risk, because they can encrypt whatever the hell they feel like before they pass the data to the submarine cable provider. "
That's what I said. Why is that hard for you to understand?
"You're kind of thick, aren't you?"
It isn't *me* who thinks encryption is just a question of shouting "ITS ENCRYPTED", magical encryption person.
Don't get me wrong, I think the traffic *should* be encrypted (see my other comment about STARTTLS). That way even the "lawful interceptors" only see an encrypted stream. However, I don't see it as the cable operator's responsibility. That's why spy agencies don't like end-to-end encryption,.
Saying "just encrypt it" then showing a basic lack of understanding of what that entails while calling other people thick... Are you a manager?
"No "
What part are you saying no to?
"No need to manage keys or be responsible for someone else's security"
That is literally what you are doing by encrypting the line.
Encrypting the entire wire is fine until you get a nice lawful letter saying "Decrypt it for us, or else. Oh by the way, you can't tell anyone you're doing it."
Like the person you are replying to says -
"A carrier or in this case the undersea cable operator would not want to maintain encryption keys for other people's traffic "
Its a cost to do it, a liability if its not effective, you can be legally coerced to undo it for powers that be, and you won't be allowed to tell your clients that you've been forced to undo it. Even if you were allowed, your business has just admitted the encryption is pointless.
Better to state its in the clear to begin with, and let your customers manage the their own risk.
Why would you be sending data unencrypted anyway? If your traffic is in the clear, that's not a problem checking transit routes will solve. Whadya mean your email provider cant even use STARTTLS? (firewall of china MITM notwithstanding)
Traffic analysis metadata (who talks to who and how often), can be obtained *lawfully* by any western government.
Why complain about other govs going it also?
I think that perhaps contributors should be in a more structured workshop such as "Don't be afraid to commit"
I think its more that the Raspberry Pi foundation takes a pragmatic approach to openness.
As in (paraphrased) "as open as we can be, but not minding some closed stuff where it makes sense".
It was thanks to pressure from Eben et al, that the first set of open source graphics drivers for the Pi were released. (although it turns out they were just a shim for the onboard functions). These days we have full OpenGL ES 3.1 conformance through Mesa, with Vulcan incoming.
Remember, the early prototypes for the Pi bore more of a resemblance to the Arduino Uno than the eventual Pi 1.
Quote from Eben referring to toolchain assistance:
"We believe that instruction-set diversity is important, and that open, free instruction set architectures are an important enabler for innovation. Our impression is that the hardware side of things is going pretty well. We think we can contribute on the software side, which is important if RISC-V is going to become a viable alternative for desktop general-purpose computing."
"telling people one thing (socialist utopia) and the required fact (cut public spending harshly)"
Those things aren't necessarily mutually exclusive. It would help if we stopped pissing money away on rich people. The Lords 'attendance allowance' is, per day about the same a job seeker gets in a month.
That's not to say I think the Lords shouldn't get anything, but we are currently nickel-and-dime-ing the poorest in society while spaffing - *picks at random* - £43m of public cash for a garden bridge that was never built - and even *that's* small potatoes compared to the current/impending clusterfucks.
I wonder what percentage of the recent "emergency contract" funding is now in the usual tax havens?
Given the recent assassination successes/attempts with Polonium and Novichok - our overt response has been... to eject diplomats. Oh no! I'm sure they are shaking in their boots!
We also sanctioned people close to Putin, but thanks to the weak link that is the UK financial system, that has not been as effective as we might have hoped (see recent FinCen leaks)
Russia can kill people in our countries with apparent impunity. They will keep doing it until there are consequences. That's without even mentioning Crimea... There is a reason a lot of the Baltic states were clamouring to join NATO.
Given the Brexit Politicians -> Aaron Banks -> Russia money trail, that the UKs *own investigators* were told *not* to investigate. It doesn't take a rocket scientist to see Russia as serious threat.
Like the man said:
“We have crushed the British to the ground, they are on their knees and they will not rise for a very long time.” - Aleksandr Yakovenko, summing up Russian achievements during his tenure as UK Ambassador, 2011-19.
Oh No! The wrinkly panels are there so they can freely expand and contract under thermal changes.
"The heat would have caused a smooth skin to split or curl, whereas the corrugated skin could expand vertically and horizontally and had increased longitudinal strength."
IGMC
That would come under the heading of "interfering with the space work".
Think of it as a sports sponsorship. You know the team, you know the game. Having a sponsor try to interfere with the game will piss off a lot of potential customers.
"you can't do X because it will piss Y off ... Government has already cut our budget "
Governments/space agencies have their own objectives separate from the commercial sector. If they actually want to get stuff done, they have to pay for it. Contributions from sponsors are greatly appreciated, thanks, but if an advertiser pulling funding jeopardises an actual mission, was the mission viable in the first place?
Its the disposable income of the gullible that is ultimately paying for the trip.
While I'd prefer the commercialisation to be a high-tech thing, if NASA can reduce their costs through sponsorship, I can only see a problem if it starts interrupting/interfering with the space work.
One of the the things missing from (some) typing trainers is a ghost keyboard on the screen highlighting the typed character.
When I mess up, I have to look down. It breaks the flow of things. Having it on screen means I no longer have to look down.
Anyone remember Typing of the dead? (Its sequel is available on Steam, and is Very NSFW)
How much is Liz Truss' salary again?
£80k for being an MP + £80k for being secretary of trade?
So her personal "win" is worth less to the UK than her salary.
Not to say there isn't other stuff involved, I'm sure she works very hard etc, but hailing this rounding error in trade as a win seems... desperate? Clutching at straws to overstate how good it is?
TBF, I haven't seen officials *themselves* mentioning the cheese specifically as a win, only the forever over-keen sensationalist press.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
