Re: Or lets go back 15 years in time...
Did that turn into a barroom blitz?
3023 publicly visible posts • joined 18 May 2007
The americans firmly believe, when they are anywhere but home, that if it's cheap it's shite.
The fellow firmly believed that since it was so cheap the stuff wouldn't work and was likely after the 'good stuff', thus giving the pharmacist a hard time was a requirement.
I told a coworker in the US (... job iteration -1 ) what we were paying for off the shelf naproxen here. He was utterly shocked.
Is chuckling at all you 'murricans south of the border and your 'vast swaths of unpopulated space'.
I'm on 2G/month unlimited voice and SMS, canada wide (tested it last summer, it is indeed canada wide) $70/month - with a grandfathered unlimited calls to US for $5, sadly no longer available.
Data speed throughout the GTA out as far as Barrie north, St Catherines west and Port Hope east are consistent and for the most part quite acceptable for browsing and VPN (as long as I'm sticking to CLI or API calls from my windows VM) - citrix and RDP suck over that vpn connection but I'm rarely in need of those when I'm on vpn to work.
Last summer, drove out to Alberta and we hit only 3 small 'dead' spots passing through Sask. and Man. Mind you, we did stick mostly to the principal highways in that stretch. In the backwoods around algonquin I've fallen back, but still generally get voice -- data - not so much, or in some cases I suspect GPRS (wince).
Overall, decent enough, would like more data for my money - but it gets ridiculous quickly.
Keep in mind, we're slightly larger in overall square footage, with 1/10th the population of the US.
Good to see others have sheet metal tools about.
My granpappy's toolbox has em in it. (offset shears, 60 and 80 degree pairs) <stowed in mom's basement at the moment> and it dates back to the 1890's, since it was *his* da's. And it has a pair of leather shears with the same feature.
(I periodically raid that toolbox, if only for the wood planes. Best damn planer I've ever used, and ... its *made* out of wood, what type I do not know)
1 Km FO cable in open ocean. Strung between two *fairly* hefty objects. One of which is about to get it's ass kicked by a rocket coming in fast and hard.
Jeffy, you don't get out much do you?
Give it up. You've clearly demonstrated by your mantra of "I wantz my UTubz" and "fix it now or I'ma bitch all night long" exactly where you're knowledge and priorities lie. You've been downvoted to hell and gone.
Have a beer for the troll attempt, take a deep breath and get on with your entertainment.
@ AC
"Have you any idea how dangerous ebola is? That really is one where you really, really cannot afford to rely on people doing the right thing.
From the CDC:
"Direct contact means that body fluids (including but not limited to blood, saliva, mucus, vomit, urine, or feces) from an infected person (alive or dead) have touched someone’s eyes, nose, or mouth or an open cut, wound, or abrasion."
As a contagion rate issue, it is not airborne, nor is it likely ever to become capable of airborne transmission, which drops the infection rate spectacularly.
Furthermore, since it has such a *rapid* infection manifestation (less than 7 days*) and is typically sourced to bushmeat consumption in a *very* limited portion of the planet, and the symptomatology is well understood in that area of the planet, folks that are symptomatic generally aren't allowed on transport that would allow them to spread it far and wide.
Measles is FAR worse as diseases go as it is airborne, has a contagion rate almost 70 times that of ebola, a longer infection manifestation (7 to 21 days), and as a result is capable of killing more people. Just thank the anti-vaccination crowd for *THAT* factor.
Trust me, the ebola outbreak was a medical disaster, but it was in no way a threat to the western world. That panic was used as leverage for *political* issues, including right wing racial paranoia, accelerating the concept of 'terrorist threats' and at least two attempts to further restrict western world freedoms. The *only* advantage that came out of the panic was that there were resources freed up and applied to the situation that assisted in containment, investigation, and resolution of the overall outbreak, which would have lasted much longer without the additional resources.
Is to ask the question "if one sysadmin gets really pissed - or his family is taken hostage - could he destroy everything from production data to all backup copies, or if he gets hit by a bus can we get at all of it?"
Thus my first rule to all the managers I've had to train. "There is always a bus out there with your name on it."
@ boltar:
Dammit! did we *agree* on something?
If you're code is *informing other programmers* of anything, it is likely not accomplishing anything. I'll guess that the comments in *that* code amount to
# This glorious communication device was written by MEE!!!!!
Oh my #$% god, there are SOOOooooo many broken, unsecured, terribly configured, badly managed, broken <insert relevant object here> on the internets!!!!
Look, we scanned < insert minute portion of the available IP space number > of IP's and found <insert massive statistically irrelevant number> of vulnerabilities!!!
<buzzword soup opinion piece>
<Corporate consultancy commentary>
Sorry, it took one name to mark that advertorial.
<grumpy as hell since I've got two dropdead timelines a week out and two funerals to go to today, as well as being down a quart of coffee>
Several folks have raised the Nvidia/AMD proprietary drivers! point.
Distribution is the other element of the pivot here - many distributions park the nvidia and amd video drivers < and often quite a few other odd creatures > in a separate distribution path, apart from the kernel itself. As pointed out above, not using certain APIs in the kernel and not using certain symbols exported from the kernel avoids the 'derivative works' contamination, and the 'kernel taint' switch avoids the secondary path of inheritance. I'm pretty sure the adobe licensed code(s) end up in the same territory as CDDL code, its fine to make it available, just don't put it in with our GPL stuff.
Gentoo and BSD both avoid the distributing from a repository 'binary code' issue, which is a third element of the GPLv2. <ports/emerge>
I gather the impression that Canonical intends to put ZFS into the primary distribution path <and at a guess into their installer>, which is where they will fall afoul of the combination of GPLv2 and CDDL bashing heads.
1) apple has not been asked to 'unlock' the phone.
2) apple has not been asked to 'break' their encryption of the phone
The court issued writ asks that apple create a boot time update of the software for the phone that is signed appropriately with apple's key, which will remove the functions in the OS that a) limit the number of attempts at the 'password' and b) remove the OS function that destroys the data on the phone when that limit is reached and c) adds a device path that will allow for mechanical input of the password to unlock the phone.
This specific writ is phrased such that the update should be specific to the individual phone. Essentially Apple has been asked to create an insecure version of the OS for a specific phone.
The use of the All Writs Act is peculiar in a legal sense and it is this factor that makes the overall request the basis of a legal precedent. This precedent will apply not only to Apple, and the version of the phone in question but to all systems where an update could be applied to modify an internally secured process, on any software driven device.
THAT is why we should all be screaming. Never mind that should someone leave a copy sitting around somewhere that it leaks out to the rest of the world it could be used as a template for pretty much anyone to do the same thing on any number of phones out there.
<Yes, it will be signed with Apple's own key -- however if it ends up on the loose, there are those that will spend ages working on getting that bit unlocked, and eventually someone will figure that out.>
Finally, if Apple successfully challenges the writ and wins their position in a court, this case will help make Comey's case for 'back doors in encryption have to exist for the government'
What needs to be recalled is that the FBI have the metadata on the phones communications over the provider's network - this is always collected, it is kept for a reasonable period - so they *know* that communications have taken place and what or who was on either end of that communication, what they do not have is the specific content of that communication. They have the backups up to a period of time before the events in question. They have not stated that they have any metadata indicating what they are after on the phone itself which for ME is the keystone against executing this writ.
1) disable AD account, (no permitted logins) <evict active sessions>
2) disable (Lock password, expire account) all unix accounts <kill active sessions>
3) change permissions on .ssh/authorized_keys to 744 < handy trick that most security folks DO NOT have in their processes> where the file exists.
Go back through the loop and modify the username details to include appropriate tagging that indicates the account is owned by someone no longer with the company.
and if your VPN isn't attached to AD or a unix account somewhere, *remove* the token generator from the system, and then lock the serial number out.
Oddly I've seen stupid s&&t like this done. Not once, but twice. Both times in our case was HR leaking details to the wrong bodies prior to the action. Both times, offsite tape backups to the rescue.
This just goes to show that Cloud is as light and fluffy as the name.
As for the commentary about the fibbies and the iPhone.
METADATA!!!! they have the cloud backups and they have the metadata. This is a legal move to set a legal precedent, and if Appple wins, it becomes even worse.
@AC
Umm. You missed a component in the equation:
Wall Street insists that if your profit ratios did not grow by a greater percentage than they did the previous X quarters, then the company is now failing, and must suffer from having the stock price collapse. Thus, insurance now is about making massive profits. It has nothing to do with making *sense*
From the least considered brain fart material to some well thought out and decently communicated responses. And this is (supposed to be) a technical website.
I've not jumped out the gate on this one and have had my moments to think it through. (although I have to admit in a haze from a major sinus/ear infection, and having two separate major tragedies in my immediate circle of friends this week)
1) The FBI have had this phone for a number of months since the events took place. Most of the data from the phone has been retrieved from the iCloud backups, but there are (I think I worked it out to) approximately 2 weeks worth of data that was not backed up to the iCloud.
2) Much investigation has been conducted based on who these two had interacted with in the months leading up to the event, however no further arrests or indictments have been issued relating to the event.
3) There is amongst the investigation team the belief that there is data on the phone, in the period of time since the last backup that might be relevant to the investigation and could lead to further arrests, or possibly link these two to additional terrorists or terrorist activities.
4) The FBI know that if they brute force the phone the data on the phone will be deleted/wiped after 10 incorrect passcode/pin/pattern unlock attempts. They want to examine the phone data.
5) The FBI are aware that the self destruct process is entirely functional in software, that is the firmware that runs the phone will enact the destruction of the data on the phone when the 10th failed password is executed.
6) The FBI have dug around and used an exceptionally old, massively broad law in the american legal code, to issue a writ to Apple requiring Apple to create an 'update' to the specific phone serial number to disable the self destruct code in order to allow the FBI to (either manually or mechanically) brute force the password on the phone. This functionality is specific to iPhones with a specific processor.
7) Quite some time has passed since the events in question. <it is relevant given some of the arguments we've seen both in this thread and on the general news>
8) Apple has publicly responded saying that they do NOT believe that they should do this, and called for an open discussion. (and man has there been some discussion)
My perspective is that the FBI has chosen a particularly emotionally bound legal event (Local US Muslim couple "radicalised" into jihad like actions), which will be unlikely to find any sympathy with the general US public in order to set a legal precedent to back up their demands for a disabling of effective and reliable encryption for the general public.
They've sadly done this rather well.
Tim Cook has responded to the request to have a one time only for this specific phone version of the firmware that does not include the self destruct code with a no. And I have to believe that this is the correct answer, Apple has no *choice* but to refuse to do this, since, in US law, this becomes a precedent that will be used in thousands, if not tens of thousands of cases in the future, and in fact will apply not just to Apple and phones but to any company that makes a device or software that uses or relies on encryption and automated data destruction functions to provide security and integrity to the users of those devices and software.
The law used in this case is very fragile in this particular context. <note hearsay> I've seen reasonably reliable commentary that there may be precedent for this law being used in this context </hearsay note> however there are far more relevant laws that could have been used. This indicates that Apple will have a fairly decent chance of walking away from this on solid legal ground, given the chance to argue in court.
That in itself sets a precedent.
There are as quite a few folks have indicated, several other possible methods of getting to the data. I believe that one of those methods will be undertaken, and will result in one particular set of data/facts being found that will lead to one or more additional arrests.
This pair of events will then become the lynch-pin of a legal framework for the legislation that will remove effective cryptography from the realm of public access in the United States.
I have to point out that *connection* -- meta data -- information for the phone comes from the telco that the phone is registered with - that meta data covers calls, SMS texts over the telco's own network, roaming data, and possibly some internet connectivity information, IF there was a data plan attached to the phone. They do *not* need to have the phone unlocked to find out who the fellow was talking to or texting. They *may* not need to have the phone unlocked to find out which websites he visited, or mail servers he communicated through.
Slippery slope? No my friends, this is far more than a slippery slope. No matter which way this particular sequence of events goes, there are consequences here that could be stunning human rights failures, for us and for many future generations.
Single grid feed 1440KVA transformer. Raccoon deciding that it wants up the pole, Phase 1 and Phase 3. Crispy critter. Battery and Diesel test (success). The carcass ended up staying in place, hanging off phase 3 for most of a year. I'm not certain why.
Don't have grizzlies at this end of the sledding hill, but we do have raccoons, foxes, bats, geese, skunks, deer, coyotes and every once in a blue moon we'll get a black bear. Skunks and raccoons mostly go for the trash bins, but can cause utter hell with cabling since their claws will tear the shielding open, and raccoons will climb on *anything*. Notably *all* the external (power, AC c&c etc) cabling is armoured now.
Personal worst case was finding (at the bottom of a rack in a rarely visited colo) a litter of skunks. I didn't get hit. But the clean up was very long and *very* difficult. (they had opened up the cut where the power feed lines from the diesel were coming through the wall).