Posts by alain williams 2646 publicly visible posts • joined 29 May 2007
What is the purpose of this ? I think (we are told) that it is to save lives - first approximation. How many lives ? Let's be generous and say 100/year over 10 years: 1,000 people.
£2 billion is about the cost of building 10 hospitals (est £178 million). How many lives are saved in 10 hospitals over 10 years ? 1,000 would be 10 people per hospital per year -- I think that they do considerably better than that.
OK: very rough numbers, a big margin of error - but you get the idea.
I am not suggesting that the spooks budget be cut to zero but I think that there are much better ways in which we could use the money. Part of the trouble is that when many people are killed in a terrorist attack, it is spectacular and fills the headlines - whereas people dying of preventable disease do so one at a time and rarely get much of a mention in even the local newspapers. People judge the risk spectacular events badly when compared to common, low key ones.
The European Commission plainly wants to get back to 'business as usual' and stop having to think about pesky things like personal information security. What they are proposing is just as bad as what there was before ... but it will probably take another opinion from the ECJ and until then this gives everyone an excuse to pretend that all is OK.
I also suspect that many more than 4,000 companies depend of safe harbour: try any organisation that has personal data in the Amazon cloud to start with. I would suggest that you add 2 or 3 zeros to the end of that number.
Thinking about it: toilet paper would be a better analogy.
What is the rush ? If it took so long to agree the final version why so short a time for everyone else to come up to speed? Obama is giving reviewers 1/43 of the time that it took to cook this up. What is he hoping that we will not notice ?
Oh, note that 60 days includes time off for Xmas; so in reality less time than that.
It depends what a Party is but I think that's entirely reasonable for power stations, vehicles, or governments. Does this mean that can't happen any more?
No, the next paragraph deals with that:
For the purposes of this Article, software subject to paragraph 1 is limited to mass market software or products containing such software and does not include software used for critical infrastructure.
However: I do see that as an attack on the GPL of which a really important part is the availability of source code. Part of the trouble with a document like this is that there are some stark paragraphs that do not contain anything by way of real explanation or motivation. This makes it really hard to see the (intended) implications until it is too late.
You try getting FOSS on your iPhone - Apple will not allow it. I wonder: if enough people get seriously concerned about this will this impact on iPhone sales ? It is not just a matter of Apple releasing bits of source - but people need to be able to independently compile and install to be sure - this breaks their apple store walled garden model.
Unfortunately you cannot trust software that you cannot read the source and build a bitwise identical version of. All that it takes is the NSA to give Apple/MicroSoft/... a National Security Letter telling them to insert some malicious code into a program or library/.DLL/.so and they will have to do it and not be allowed to tell anyone.
So people needing security will have to use Open Source software; maybe on a proprietary platform, although it will be easier to validate everything it what you run is Open Source top to bottom.
Most people will not bother, but clever crooks, terrorists, paedophiles will do so - they will have the motivation. So those being spooked will be everyone other than the ones that we are being told that this is supposed to catch.
Stupid or a different agenda ?
These were given to MPs earlier this year, IIRC some were also given a few years ago.
It is safe to assume that anything on these iPads has ended up at the NSA via Cupertino.
30 years ago: British politicians were loudly telling us that life in East Germany was bad and that the Stasi watched your every move, spies everywhere!
Today: British politicians are trying to out spy the Stasi - we are now more snooped on than East Germans ever were and they want to make it worse.
Putting back doors into popular applications will only let them read the messages for the stupid and small time crooks. Their claimed targets terrorists and drug kings will use their own software and manage their own end to end encryption. Paedophiles have shown themselves adept at using technology and will simply up their game.
So: are our politicians (and their advisers) complete twats [a real possibility] or are they playing a different game, eg: trying to snoop trade secrets and political dissent - ie keep themselves in the money and in power -- so that long may we remain their underlings.
But, but, but ... politicians are smarter than mathematicians, they just try to legislate mathematical truths rather than waste time trying to prove them: Indiana Pi Bill
What needs to happen is a campaign (the people behind NoScript would be a prime driver for this) to let these bastards know that they're losing serious traffic because of this.
I would have hoped that the corporate website equivalent of Darwinian selection would happen here. The web site die through the lack of visitors. Unfortunately: most users have not heard of NoScript and probably never will, so these sites prey, and keep alive, on them but not more savvy visitors.
Partly because Linux is not counted properly. A week ago I bought a new laptop, it came with Windows 8.1 installed; I immediately upgraded it to Linux Mint - but it will be counted in the statistics as another MS Windows 8.1 installation.
I will be shortly replacing MS WIndows XP on my sister's laptop with Linux Mint, this will not be officially recorded.
Linux is under counted, by how much I cannot say.
It is quite simple: an agreement/contract is not worth the paper that it is written on if:
* the FBI/NSA/... comes knocking
* the company goes bust and the administrators sell off your data
The USA is complaining about the EU judgement, but it has a simple solution: legislate, some laws that guarantee personal data protection, something that all civilised countries should have anyway. Such laws are, however, unlikely since a lot of money is made dealing in personal information and the senators will not do anything to upset their corporate pay masters.
I've just bought a new laptop since the old one died. First thing that I did was to upgrade it from MS Win 8 to Linux Mint - works very nicely, although I'm not keen on HP ImagePad (no mouse buttons).
It came with a 1 year MS Office 365 - which is a waste of money unless I can find someone to give it to.
I've been using GUIs on Unix/Linux for 30 years, all MS Windows on new machines just replaced.
One worry that I have is legal restrictions that may come in as a result of TiSA/TPP that might make it harder for FLOSS.
I am also worried as to what MS may do in a year or two - by which time it will have almost all Windows machines being upgraded in a way that it never has before (the important ones being PCs owned by home users). I can see it introducing changes to protocols and things like .docx files (under false guise of security/... reasons) - which will not be properly documented; so LibreOffice, etc, will be playing catch up even more and MS will be shouting that Open Source software is no good - while pretending that it has not planned this all along.
It is not hard to put the really sensitive information in a separate table. Then not allow direct access to that table and provide some SQL functions to do the jobs needed: CheckThisPassword, UpdateThePassword, ... like that the web application can only pass in a candidate password or a new one to be set, ... it does not see the stored password, encrypted or not.
No, not perfect but it makes it harder to grab everything. Security is about belts and braces, assume that one will break and that the other(s) will keep you safe.
It looks like some bean counting droid who thinks that RBS can save a few bob with not setting up an internal communications system by getting Farcebook to do it on the cheap. So, how long before:
* Bank details are shared via facebook
* Security secrets are shared
* The NSA gets hold of this information
* It leaks to people who use this information more publicly than the NSA does
* Someone at RBS is quoted saying ''we will learn from our mistakes''
?
this declaration (and the recent one of the EU) will only have any meaning when USA companies are prohibited from taking our data out of the EU - in a way that really stops them; also when local companies and organisations are really stopped from moving data to the USA.
Until then - it is all just hot air.
China carefully looks at where its citizens are visiting - that is what their Great Firewall is all about. So, of course they know what is happening.
Pretty much the same as the NSA is trying to spook machines in China.
The announcement of a truce was for Daily Mail readers & Fox News viewers.
I would have thought that MS would have had the money to be able to do security audits - the money that it makes is more than enough to pay for it. But, as it has done though out its history, it has been more interested in adding new features demanded by marketing than making a solid product.
Download and use LibreOffice - this has fewer vulnerabilities in spite of having a development budget that is less than a rounding errors in Microsoft's accounts.
Several compression algorithms were named after a Swiss bakery product, brötli. In German 'bread' is 'brot', the 'li' suffix is (IIRC) a diminutive, ie something small, buns are small bits of bread. Even more idiotic in a multi language world.
So the name has got nothing to do with gender -- this is just another feminist stupidity.
I remember visiting a large IT room at HMS something in Portsmouth. At huge expense the room walls had been specially built to make it a Faraday cage**, but they then needed to get wires & stuff through so someone cut a 3 foot by 2 hole in a wall. The operators loved it since they could now listen to the radio.
The Faraday cage in The Flood also had a nice big port hole that they could look out of, I could not see copper wires criss crossing the glass.
** Presumably to stop the Ruskies from snooping on the computers, naval pay rates are secret!
The EU data protection laws do not make a distinction of who the data subjects are. You should thus look after data about people from the USA as well as you would data about people in the EU.
This does raise an interesting point: since the USA is unsafe how much data about USA customers should you share with people in the USA. In particular if the FBI ask you for what a 'mercan has been up to, should you comply unless they get a court order in a UK court to compel you to ?
thinks that this will be a hot topic to a few nerds in the IT/database world for a few weeks. Then some smart ass lawyer will come up with something that doesn't change anything at all but will allow everyone to go back to sleep. The company CEOs, etc, will-fully keeping their eyes shut tight while singing 'La-La' because they don't want to go through the bother of doing anything.
If someone complains, the answer will be 'sue us' (after being ignored for months). It will be up to a few individuals to do something - spending lots of money.
By the time it gets to court TiSA will be in force and muddy the whole issue - if not allowing anyone to do anything with anyone's data. If a government tries to stop them, the government will be sued under TiSA provisions.
The data protection registrar will remain quietly asleep.
said of the ruling earlier this week that businesses using Safe Harbor will need to review how they ensure that data transferred to the US is transferred in line with the law.
In other words ''business as usual chaps, wait a bit and some lawyer magic will fix it all". What he should have said is "the USA is not safe, review what items of data you send there. Stuff that is too sensitive you will have to not send and look to process it in Europe".
What a chocolate teapot organisation.
A Windows 10 automatic update trashed my dual-boot Windows 10 / Linux Mint laptop this weekend, re-enabled UEFI, deleted grub and the dual boot and made it Windows 10 only.
Since it is impossible to disable auto updates with consumer versions of Windows 10 it means that consumers will not be able to have dual boot machines - for long. It seems that MS have realised that desktop Linux is a threat and are trying to stop it.
This strikes me as anti competetive, I wonder how long before the EU jumps on them ?
A Windows 10 automatic update trashed my dual-boot Windows 10 / Linux Mint laptop this weekend
It seems to me that that would count as an offence under the computer misuse act. If you have partitioned it, then and changed the settings then undoing this (without you asking/agreeing) is criminal.
If the US government can get a legal precedent set, that US corporations must hand over data wherever it lies, then they wouldn't have to get cooperation from, or even inform, other nations that information was being requested
But getting a legal precedent will be in a court in the USA, not Europe.
Data held on a server in Dublin owned by an Irish subsidiary managed by Irish employees is still going to be subject to Irish/EU law. When the USA parent company is ordered to order an Irish employee of its Irish subsidiary to do something against Irish law we are going to see an interesting conflict. If the parent company tries to order sacking will the subsidiary be allowed to comply - or find itself having to pay compensation ?
Time to order the popcorn by the mega bucket load.
The argument here is complete bollocks. If data were held in, say, Ireland the USA would need to request an Irish court to release the data. If the Irish court was satisfied that there is good reason then it would probably order a release of the necessary documents, much as it would agree an extradition of a person.
Requesting a court in the USA for access to data held in the USA is also what the FBI should do, but it is just much simpler for them to go & grab it.
What this will stop is fishing expeditions and the use of data for purposes other than nailing criminals. There has long been a suspicion about the USA helping themselves to trade secrets.
So what is the timetable ? Obama's memo is published next month, legislation next year, before the Senate in late May ... but there is a terrorist attack mid May, lots of destruction a couple of people killed, the NSA says ''if only we had been able to read ...'', Senate and Congress both vote for mandatory back doors.
Five years time, Snowdon Mk II reveals that the FBI black ops department was responsible for the attack at the behest of the NSA.
What you need depends on how big you are anyway; an 8 stone lady will want to eat less than a 16 stone man. The only portion sizing that is common today is adult/child. So if they reduce portions are not larger people (who might well not be overweight) go hungry?
So will we see small/medium/large portions in restaurants ? If we do I would expect them to be priced differently and unfairly since the cost of the chow raw ingredients is generally a small part of the cost of a meal.
Simple way of stopping this: each take-down notice must be accompanied by a $50 bond that will be paid to the web site owner if the take-down notice is successfully appealed.
Even better if they want an immediate take-down (pending a decision) then the bond is $1,000; if they accept no take-down until an appeal (with a fortnight non appeal timeout) then $50.
Note that none of this costs the copyright holder if they make legitimate take-down notices, but goes a small way to compensating legitimate fair users for the hassle of an invalid take-down notice.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
