Posts by copsewood

subsidy to carbon burners

There was a snippet on Radio 4 this morning saying how 1/6th of UK homes are flood vulnerable, and that an agreement to keep insurance costs down by sharing costs around the industry is not being renewed, so the cost of home insurance of these houses at risk is set to increase 4 fold or cover will be refused. Of course the insurance industry are trying to use this threat to get the taxpayer to spend more on flood defences.

http://www.bbc.co.uk/iplayer/episode/b00vcn9j/You_and_Yours_18_10_2010/

However the subsidy is paid for, privately by those unfortunate enough not to be able to afford this insurance who take flood losses upon themselves, and by those fortunate enough to be able to afford it, and by the public purse through increased flood defence requirements, subsidies to carbon burning are being paid one way or another.

So perhaps the genuine believing GW deniers should setup a competitive home insurance business, pledging all their assets like Lloyds names do to underwrite this business, and if their scientific claim is correct, they would make a profit by offering lower premiums because flooding, damages and claims will go back to what these were 20 - 30 years ago. The fact that they won't tells me that what the GW deniers really believe is they want to have current carbon burning subsidies continue but they are not honest enough to admit it.

Very happy to get rid of subsidies to renewables when these are on a level playing field. But if they were we'd see the prices of untaxed carbon fuel (e.g. for electricity, heating, agricultural and aircraft fuel) a great deal more expensive than we've ever known them.

I run MiniDLNA to Bravia

http://sourceforge.net/projects/minidlna/ . This server works most of the time with a limited range of media formats. It took a bit of hacking to get it installed and working on Ubuntu (doesn't have an Ubuntu package and had to hack init.d scripts and a cronjob to restart it if that fails).

In practice the main issue is having to convert Video prior to streaming to support the limited formats accepted on the Bravia TV (Mpeg2 works OK but uses lots of disk space). So might be OK for hackers, definitely not workable for those without computing skills. Works OK with photos and music, but I store these in .jpg and .mp3 formats.

What else does FB have to sell ?

Anonymisation has to be reduced to a very transparent fig leaf so they can pretend not to be selling on your personal data while getting the maximum amount of money for it.

simple and complicated

How global warming is driven is very simple. Put a couple of clear glass demijohns, one with more C02 than the other into sunlight with thermometers in them. The one with more C02 gets hotter than the one with less C02. It's a simple experiment anyone skeptical about GW can do for themselves.

How this heating effect works through the climate and weather systems is much more complicated because of the inherently chaotic nature of climate and weather and other cyclical variables e.g. solar activity. The difficult science isn't figuring out what drives GW, it's eliminating all the other variables to identify which changes come from GW and which don't. For example I saw what to me seemed an apparently a very well researched TV program that suggested without manmade dust and soot generation GW would have a much greater effect than it does.

rubber hose cryptanalysis

I can't really see any difference in principle between the use of torture to obtain a password or the use of imprisonment. Many will argue that he must have been doing something wrong, but nothing has been proven against him other than breaking the controversial law on which he has been imprisoned. There is a wealth of legal tradition that he should not be obliged to provide evidence to be used against himself which this provision of the RIPA ignores, including the US 5th ammendment, the right to remain silent, innocent until proven guilty, and ECHR convention articles concering fair trial and privacy rights.

Black people in the southern US who sat on the wrong seats on segregated buses in the sixties and earlier were also breaking bad laws which did not stand up once finally tested against the US Bill of Rights. This case is little different.

http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis

I also suspect Google's making money claim is true

Many commerce areas of the Internet, once it started becoming commercial, were also self referential. If people are paying real money for mobile apps in what sense is advertising for these not genuine commerce ?

Aspects of accounting in connection with assets resulting from recent investment are also speculative e.g. "goodwill", meaning the probability that someone who has seen your adverts will buy something on the basis of such. But accountants do have to quantify such nebulous and virtual realities in annual reports. I and I suspect others didn't believe Google was profitable on such accounting bases in its early days as a free search provider until the reality that they were taking a lion's share of the genuine Internet advertising revenue became undeniable.

Bit like the RIPA

In one sense this genie was out of the bottle when Phil Zimmerman published GPG, source code and all on the Net, regardless of US export regulations in force at that time. It was further out of the bottle when the case against him collapsed. But just as with the RIPA, control freaks in government still want to put as much of this genie back into the bottle as they can. Staying outside this regime is optional for those willing to run their own email servers, especially in privacy friendly countries, and VPNs between themselves and their email servers.

For most of the population who have not got a clue what an email server or VPN is, they will get the taps installed. Those who want to opt out for reasons of corporate or criminal privacy or principle will do just that. Perhaps the FBI know this and are only really bothered about being able to tap the 98% of communications of those who care about these privacy rights very little. Chances are also likely that the FBI won't bother with the smaller ISPs, due to higher costs per email user of providing and securing the tapping equipment. They are more interested in the low hanging fruit.

So in my view the GNU telephony and related privacy projects (e.g. for secure filesharing involving family and friends) will only really succeed in this if they can create software which compiles to a very simple download on the platforms which those who don't care very much use and which self configures and just works thereafter. Creating networking software which can load onto minimal plug in hardware which can be bought for a very small price and which can provide reliable services is also relevant see http://plugcomputer.org/ .

Expect a baby boom

In around 9 months time.

naming and addressing of objects ?

Is anything else really "governed" on the Internet ? If no, is that maybe, why the subject gets boring ? My political self may be able to see very well in principle why this should all be done under the auspices of the ITU rather than a company registered in the State of California, but doesn't my engineering self generally tend to take the view that if something isn't broken then why waste time trying to fix it ? Would a UN committee and bureaucracy not take more tax from top level domain registrars and regional address space carve-up registrars than a private company that can't begin to be able to justify its own monopoly status ?

Way over the top

I could understand the sentence if he had _sold_ copies illegally rather than just shared them because he could. But I think this sentence will do the copyright extremists no good at all, by making Emmanual into a martyr, and making themselves even more disliked than they previously were. A hundred hours community service and a small fine might have been appropriate. As to asking us to spy on our neighbours in case they are secretly filming when I go to the flics, frankly the idea makes me feel sick.

Distributed social networking is a hard problem

Good on them for having a go and sharing where they have got to so far. At this stage (and this may be surprising to some) security probably isn't the main factor holding things back. Installing a standalone social networking server which you can invite a few relatives and friends onto doesn't necessarily open you up to attacks from world + dog. Having an invitation on a particular server instance to create accounts open to entire world + dog almost certainly does.

They'll need a process in which many more interested developers can participate, and creating that isn't easy. I participated in an invitation/recommendation only experiment with facilities similar to FB but used by about 100 people several years before FB existed. What killed this wasn't security issues which were never investigated to this extent, but the lead developer not open-sourcing the code so that other interested parties could continue it when he ran out of money.

The hardest part is going to be how very many independently-operated social networking servers (possibly implemented differently) talk to each other, so that friend of friend relationships can be used to enable easier cross authentication and communication of shared interest between different servers. If open source social networking developers don't achieve some kind of useful and secure federation protocol people won't migrate from a single global social networking platform to an archipelago of isolated social networking islands just because they don't like having a single company running the show and deciding all the policies.

alleged and real seriousness of Gary's offence

Whether he did it isn't in dispute, but there is dispute over the seriousness and cost of what he did. The US claims he broke into a great number of computers at very substantial cost. Gary's defenders will claim that Gary shouldn't be charged with the cost of basic security work which should have been done in the first place but wasn't. Bit like having someone try a couple of locks in a hall of residence and wonder in through a couple of open doors to look around then being charged with the cost of changing all the locks throughout the complex and for the cost of other crimes which occurred in the insecure establishment and for putting a security guard in the lobby.

The point about extradition is that this is totally over the top when viewed against a less serious interpretation of what Gary did. This means that for the treaty to be balanced, the country wanting extradition of a UK citizen from the UK should have to present very good evidence before a UK court that the offence can't be adequately handled by the UK courts and criminal justice system. For minor computer unauthorised access a sentence of more than a year would be wildly excessive.

human rights versus copyrights

The freedom to tinker and to express views on technical discoveries made through tinkering may be exercised legitimately by fewer than those who are interested in using similar techniques for copyright infringment. But that doesn't justify criminalising ownership and use of tools which have legitimate uses. It also doesn't justify criminalising expressions of knowledge gained using such tools, because freedom of expression is guaranteed by the supreme levels of law: the US Bill of Rights and the ECHR. Copyright has a lower legal status, so protection of copyright e.g. by banning devices whose main but not sole purpose is copyright infringement doesn't justify laws which suppress technical tinkering and expressions of knowledge gained from this, e.g. in the form of silicon chips.

For a story making this issue more accessible see: http://www.gnu.org/philosophy/right-to-read.html

good for cutting cost of professionally hosted servers

I'm not aware of any software on the current shared X86 servers split into virtual machines which I administrate which doesn't compile to run on ARM. This kind of thing could put a dedicated server within my small hosting budget. The applications are more likely to be RAM bound than CPU bound. Also a large part of the machine rental relates to the power requirement. So bring it on, as far as I am concerned.

being told to spy on our neighbours

I remember going to see a film a couple of years ago and we were told to spy on other members of the audience. If they were seen secretly recording, we were supposed to report them to the copyright police. It reminded me of what my mum said everyone was told to do by the Nazis when she was a teenager in Germany.

The similarity left a nasty taste in my mouth and left me less supportive of copyright policing than I was before I saw the film.

whistleblowers' clearing house

Without whistleblowers those making corporate/military/government decisions can do what they like, bully the timid, cover it up and avoid accountability. Whistleblowers are those who become aware of the pathology of decisions made by the corporations, organisations and departments they are working within, (some with personal and malicious axes to grind pretend to be doing this) and are taking big personal risks of being attacked by rich and powerful people who got where they are by making it as expensive as they can get away with for whoever would oppose them.

So what to do with information coming from whistleblowers ? Publish it regardless of the consequences ? Well that is generally the free-speech right of a news organisation or private individual, but It seems in this case that Assange of Wikileaks is taking a more responsible view, recognising that some of the information Wikileaks have been given could compromise the safety of innocent people, and enlisting the help of those who can help them sanitise it prior to publication.

haven't noticed any change over last couple of months

I get an email every time Denyhosts on one of the 4 machines on different networks which I administrate using SSH locks out a password-guessing attacker. Seems to be about a dozen a day between these 5 machines, 3 of which are servers on 24x7, the other 2 are desktops only on when their users are online. Most of the hosts denied are from the distributed database shared with other Denyhosts users, but the rate of a dozen a day new attackers which my machines are identifying themselves doesn't seem to have varied very much.

As to keys and passwords, I use strong enough SSH passwords to handle the amount of guessing which occurs before a host gets locked out and the number of attacking hosts logged, assuming the attackers are coordinating password guesses. Keeping keys online would be less secure, and having keys kept offline e.g. on a USB stick, would be too much hassle, and I'd probably not have a copy in the very unlikely event of one of my servers going down and I get an SMS to that effect while away on holiday.

Wrong standard of accountability

If these were Conservative promises in what sense are the Conservative part of the coalition expected to keep these without our Lib-Dem support ? Do please hold the coalition to promises made in both the Lib-Dem and the Conservative manifestos. Hold the government to the coalition agreement as published. As far as I am concerned everything else is negotiable, based on what I would hope and expect, is believed in the best public interest in consideration of the fact that individual party memberships can be cancelled at any time - mine's a monthly subscription. But don't hold us to what just one of the coalition parties wants without majority support from the electorate please.

Tried it, bit tricky

I used NoScript for a while, and now rely more on Adblock to block content from pushy sites because NoScript involves too much time making decisions for which you have too little information to make these fully reliably. Adblock and NoScript do different jobs. I know that without NoScript that I'm more vulnerable to XSS, but it still wouldn't protect me against a bad script I've wrongly chosen to trust.

As far as my online banking is concerned, I use a virtual machine kept on a USB stick, on which the web browser and accessible files have never been used and won't be used for any other purpose. This, as far as I can tell, protects me against XSS and many other threats far better than NoScript could.