Posts by alain williams 2644 publicly visible posts • joined 29 May 2007
So if they want a copy of your passport so that you can see what information they hold about you, does that not suggest that they did not do enough to assert who you were when you signed up on their web site in the first place ?
Surely: give the exact same information (be that true or false) should be enough.
Sending the list by (presumably unencrypted) email is a bigger problem. Sending email is like putting a post card into a letter box, it can be read by anyone who handles it. So: this email has potentially been read by all sorts of people.
This is the REAL cluelessness - it seems that el-reg's journalists have also forgotten this problem with email.
OK: in this case the NSA has already got this information, but who knows who else has tapped into the Internet routers that the email went through ?
who are defending them in court over their GPL infringement: https://sfconservancy.org/linux-compliance/vmware-lawsuit-faq.html
They will need even more money after they have lost to rewrite their code so that it does not rely on them just grabbing someone else's code and ignoring the license.
They would be very upset if others did that and used their product without paying them ... thinking about it - since it is based on GPL code, it must be licensed under the GPL, so you can do that - just take a copy and use it where you want to.
Well, you could even get rid of the country codes themselves. ....
It all depends on how people see their identity or that of their organisation. Many of us still see us as entities within a country, thus I am phcomp.co.uk. Larger or multinational/global entities might choose something different, eg ibm.com or one of the new TLDs that were recently created.
NSA/GCHQ or KGB ?
If I were any of the above I would be setting up companies that sell security products and put a few backdoors in all products. To deal with security companies that I did not 'own' - I would also get a few employees on side by helping them out of problems (financial/drug/marital/...) - problems which I would prob have put them into in the first place.
Maybe they are not doing this; but would anyone believe them if they said not ?
It is not worth the effort.
The main purpose should have been to make Linkedin take security more seriously so that this did not happen again. But the ''fine'' was a rounding error when compared to its turnover, so small that it will only figure as a footnote to a footnote in their annual report.
Only once we start to see the penalties for crap security actually hurt will we see real improvement.
That is because the ABI compatibility that Linux it talking about is *userland* ie programs. Compatibility within the kernel has never been a design goal - they want to be able to change the way that things work so that they can do things in new/better ways.
That is not at all a problem because all device drivers should be within the kernel tree and thus be recompiled (after perhaps some code changes) with a new kernel.
Binary device drivers are an anathema in the Linux kernel world -- so if you do it, what do you expect ? -- it was never intended to work in the first place! Everything in the kernel is supposed to be Open Source.
So: don't complain about something that was never a design goal.
A member of the British army 77th Brigade brigade ?
I have just updated some 8 machines, none of them rebooted. I restarted some services (exim, httpd, sshd, ...) - but a reboot was not needed -- these are Linux systems, not MS Windows.
I agree that a reboot is an easy way of restarting everything - but if you know what you are doing it is not necessary.
If I visit a web site by some means other than: doing a google search, using google as my ISP, ... it learns nothing about what I am doing (the NSA does not give them a feed!).
If google tells my machine where a domain's name servers are it will know that I am trying to reach the domain. It will not know why, or how long for - but it will know. This is why they provide a free to use name server at 8.8.8.8.
Yes: I do realise that if you use your ISP's name servers, your address is fuzzed and the ISP will cache results ... but google will still learn something.
Should there be legal limits one how data can be shared between the various different business units of large corporations ?
I do not have a problem with targetted surveillance where MI5 need to justify their concerns to a judge before they snoop. ISPs/website_operators must be given these decisions (judgements but not the evidence) as part of a request for help in an intercept. These applications to court must all be published after, say, 10 years. I do not like warentless hoovering of all communications data.
The other thing that I do not see is full auditing and a truely indepdendent auditor - ie not an establishment figure. This guy would be given free access to what is happening and will publish an annual report (yes: summary only) and when there is a 'bust' say how important surveillance was in achieving it - currently I get the feeling that how imporant e-evidence was in a bust is somewhat over played.
I doubt many people would be especially bothered about having to drink a specific soft drink brand at a concert
I would. If I have paid for a ticket for an event I do not expect to be further ripped off by having to buy some overly sweet fetid drink like coca cola or pepsi. I know that some people like them, to me they are disgusting.
There are all those snoops that were not noticed by anyone. It would be naive to assume that NSA auditors/... were able to catch them all.
We have been shown reports of a number of violations. I would not be surprised to learn that there were many more but that the NSA 'fessed up enough to make us all tu-tut and be satisfied that they have told us all that they know ... but the real number known internally is what ?
The NSA has been shown to lie in the past, we would be naive to assume that this is the full truth.
In England we have 70 years from the release date for music and 70 years from author's death for books - both a far too long, IMHO.
This Turla cd00r-based malware maintains stealth without requiring elevated privileges while running arbitrary remote commands. It can't be discovered via netstat, a commonly used administrative tool. It uses techniques that don't require root access, which allows it to be more freely run on more victim hosts. Even if a regular user with limited privileges launches it, it can continue to intercept incoming packets and run incoming commands on the system.
If it does not use elevated privileges then, I assume, that it has not tampered with the kernel. So how does it hide from netstat ?
Ah, later he says: The module statically links PCAP libraries, and uses this code to get a raw socket, ..., but use of PCAP requires superuser privileges???
I am not saying that this is not a threat ... but I would like to see something more plausible - if only so that we can protect ourselves -- without having to buy something from Kaspersky ... which is what I get the feeling this is all about - a marketing exercise.
If they put 10% of that into sponsoring open source projects I wonder how long before they have a royalty free suite that does what they need ? Run it on top of Linux using PostgreSQL, etc, and the bills would drop.
OK: open source projects will not do exactly what is needed, so pay FLOSS hackers to write the code and release it under the GPL. This code could be used/shared by different government departments, by industry and even other governments[**].
Do they not think that this is what Oracle is doing ? Write the code once and then implement it many times at different customers ?
I do realise that requirements will change, so any solution will need maintainance. I also realise that different use cases will have different detailed requirements, but well designed core components will be able to be reused.
[**] Hmmm, the thought of helping the French might put the kibosh on this :-)
Assange was about Wikileaks and, at the time, Snowden. It looks that the USA have succeeded in neutralising him as I seem to remember that there was a lot of talk about the rape charges being 'encouraged' by USA operatives. Assange has now been removed from this.
What would Assange have gone on to do if he were not holed up at the embassy ?
BTW: I wonder what he does with his time and how he pays for his keep ? Does he wash the dishes or perform office tasks ?
Is to ban exclusive deals, ie insist that every football match can be broadcast by at least 2 TV channels (or Internet stream). That gives the media the incentive to be cheaper than their rivals to get the eyeballs - thus introducing real competition. If the price paid to clubs drops, then so be it. There should be no minimum fee that has to be paid to a club; so if no (second) bidder bids more than your £100 to be there streaming from a web cam - then so be it.
The fans will gain from this.
The only losers will be the clubs & media.
Expect collusion between the clubs and the media and a few people going to prison as a result.
I remember all too well Tony Blair saying how Saddam could blast us in 40 minutes and lots of other stuff from the dodgy dossier. I remember him asking us to trust him. What Therea May and the chief spooks are saying today smells as it came from a similar source.
If they want to convince me then show me the real evidence, come out with real numbers - not ones massages to support their case. I accept that I cannot see everything as it may destroy current investigations, but they could show it later. Show how they got to feel the bad guy's collars, how much by wire tapping, how much by old fashioned investigation. Do not sex it up.
And please don't blather mindlessly about terrorists, drug lords & paedophiles while vaguely waving your hands - it just does not wash. Whenever anyone tries to use emotions to make me forget logic: I switch off and put them in the 'not to be trusted' box.
We need to start to name & shame ISPs who do not offer IPv6 support.
I will start with Direct Save Telecom. I used them when I set up IP connectivity for the local community group office. I was told that they would provide IPv6 soon. Querying this 6 months later I was told "Oh, that was just the salesman - we have no plans for IPv6".
where it will be perfectly safe! Ahem :-(
What could possibly go wrong ?
+1 to MOJ ignoring the cost to the tax payer through job losses & tax lost if it were done in the UK.
#100m over 10 years = #10m a year. Job loss: 65000 = #154/year saved for every job lost!
MoJ might gain; UK as a whole loses. Morons.
They say that it bears the hallmarks of a state-sponsored attack, so presumably the White House will say ''fair enough, this is a legal crack into our network'', after all Prosecutors in Silk Road raid trial: If you're outside the US, you're fair game for hacking.
What is sauce for the goose, is sauce for the gander.
Surely there must be some infringement under the Computer Misuse Act for it doing something that the owner does not want .... Oh, he agreed to it on installing it did he ? Does this thing record the number of people who did not read the agreement ?
Looking at what is collected - it is personal information. This information is being taken out of the UK.
However I agree with those above who say ''just say 'no' - don't use it''.
The difference between closed and open source is rather like the difference between religion and science.
Religion (closed source): you do not have evidence (source code) and have to just accept what someone says is true. Theory correction (bug fixes) is hidden - if it happens at all.
Science (open source): you know that you can look at the evidence (source code) and verify what you are being told. Theory correction (bug fixes) happens in public view.
You might not have the ability/desire to look at the source code, but know that other can.
Open source problems are visible for all the world to see, do you know what horrors lurk in closed source ?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
