Posts by TRT

There's a lot of chatter on here about weakening encryption...

but, thinking it through out loud here, I suspect that any legislation will be along the lines of:

It will be prohibited for any software, hardware or other digital computer mechanism to be supplied for use within the UK (excepting where such sale or supply has taken place under a contract approved by the home secretary) whereby such mechanism is either i) designed to prevent or ii) coincidentally through the manner of its operation prevent, compliance with requests from the security services of the UK, made under warrant, for the supply of human readable information processed, transmitted or otherwise handled by said mechanism.

The practical upshot of this will be some means of having the software return whatever key can be used to decrypt any message or transaction, probably itself in an encrypted form, along with that transaction, to be stripped off and stored at whatever intermediary server it passes through before it is relayed to the end point. Of course, due to territorial limitations on statutes, an asymmetric key used to encrypt a reply to an actor outside the UK would not necessarily have the corresponding private key sent with the reply, so presumably the client end would have to be designed to create a second, encrypted using the vendor's public key or the now known keys of the sender, version of the message to leave at the interception point.

Next would be a test case brought where software was bought or obtained overseas and brought in on a phone purchased outside the UK's legislative territory. So the legislation would be rewritten to prohibit the USE of a mechanism falling under that definition.

Then there would be a test case of a company that only triggered the "key leaking" routines of their software AFTER a surveillance warrant was issued for a subject. Packet inspection of the transmitted messages would then reveal the extra payload and flag up that the surveilled was on a warranted watch list.

The legislation would then mutate again such that either the storage of and supply of the data was warehoused until a warrant was issued, OR that the mechanism employed to ensure compliance with the act was undetectable to the sender or recipient, so dummy padding out of the payload.

And then it all becomes so messy that people will just hang up the lot of it, get fed up and ... do what? Anyway, it's ALL WRONG, May. Just forget it.

F*** you, BBC

I never saw why this wasn't part of the BBC Player anyway.

I've got four titles on there, Power of the Daleks ( & the colourised version), a Dr Who boxset and a Torchwood bundle. So... where the flaming heck do I get do I... Just WTF? Huh?

Hm.

Odd.

Seems considerably more than an Apple device.

I work in a hospital / university...

and we have quite a number of older OS's, and it's not simply a matter of software compatibility.

An all too common scenario has been:

£450,000 budgeted spend on a microscope or other piece of equipment.

£320,000 of that is the actual hardware of the microscope, lenses, lasers, cameras, power supplies, cooling systems, heating systems, incubator enclosures, motorised stages etc.

£125,000 of that is a service contract for the next 10 years or so.

£5,000 is a PC (or two) to control it all, gather data etc, with the usual OEM markup. It's a Windows XP machine, custom built, no antivirus because that cocks up the timing and eats up clock cycles and you've bought it from the manufacturer and they've done everything in their power to find an anti-virus that works without stuttering when you're trying to count individual photons on some Intel Core CPU that was state-of-the-art at the time.

5 years later on, and XP is unsupported. The PC is showing signs of capacitor rot, and the storage is getting all filled up in a single experiment. Not only that, but the ISA slot that the custom built capture card fits into is getting as rare as unicorn shit. Can we get an updated PC please, Mr Microscopemaker? Yes, of course, comes the reply. If you get a new microscope at the same time. Because we do a Windows 7 PC, but we can't get hardware with ISA anymore, it's all PCI now, and the PCI version of the card has a different camera. And the camera has a different whatever which means you'll have to change the 'scope's nosepiece, which means a whole new incubator box, which means... etc etc

And if you CAN find an older PC with the right interface, it's got some form of incompatibility with a newer OS probably, or it's too slow for the bloatware OS.

Oh, what a joy it was when the cameras fitted to microscopes started using IEE1394 cables, and were all industry standard! You could fit a decent Firewire card, fire up some generic video program and see the camera output without having to start Zeisslympuskon Control V11. The control interface for moving the stage and switching objectives was still PCI or serial port or parallel port, but now you get PCI-e and PCI-x and PCI-whatevertimeswhatever... and if you CAN find a motherboard with a plain old PCI slot on it, it's usually just the one and bridged with a chip that introduces a few cycles delay, or hasn't got the full range of interrupts available. Or if it was RS232, or parallel try finding one of THOSE on a modern PC without having to compromise on some other part of it.

So then they started using USB for controller interfaces.

And then IEE1394 started to mutate.

And USB started to mutate.

And suddenly the lifecycle of a usable piece of equipment starts to shorten...

So now what we tend to do is to buy several PCs, put one into storage as a spare, put another outside the room on a dedicated link to the first and have that one sitting on two networks, and then push data from capture PC to process PC, run antivirus on the processing PC along with the manufacturers analysis software which ALSO runs on the capture PC, push from process PC onto a network share. It means TWO copies of the expensive software, and extra PCs at the time of initial purchase, but it's the only way I can see to actually being able to keep these rigs going for anything exceeding or even approaching 10 years.

If I had a Ford vehicle...

say, that I purchased in 2002, and there was a flaw in the door loc... oh wait. Not a good analogy.

Anyway, yes, the train of thought I was having then was, for a flaw of a critical nature, with a weaponised exploit just sat there, waiting for some script kiddy to turn it into a WMD (Windows Malware Doomsday), wouldn't that really be a trigger for them to NOT differentiate between paying support customers and non-paying customers? I mean, would a car manufacturer fix a flaw that allowed an attacker access to your vehicle but ONLY if you bought the extended service deal? Despite the fact that the cost of fixing that flaw was (1) nil in real terms and (2) the unknown potential loss of paying extended support customers?

At least the competition isn't...

from Microsoft. If they made a vacuum cleaner, you can bet it would be the only thing they made that didn't suck.

"...inefficient old dot matrix..."

I thought they were very efficient, tbh. Relatively low power consumption, highly reliable, versatile. But not as efficient as the old rubber hose along the roof of the bus that blows a lightly sprung plunger onto a brass bell in the driver's cab. Now THAT was very energy efficient.