* Posts by btrower

707 publicly visible posts • joined 9 Nov 2011


Reality check: We should not expect our communications to remain private


Re: Privacy. We've heard of it.

Everyone/thing everywhere should be using strong encryption. Until encryption is the norm, things that are encrypted can/will be targeted for attack.

I arrived at my pessimistic assessment because no matter what I could think of that could be done, I could not trust the safety of something important enough to invite attack by an enemy with sufficient resources.

Government agencies have colluded with industry to compromise enough hardware that you have to assume it has all been compromised.

It drives me nuts that Canadian border guards can and do demand passwords to your devices and seize them if you refuse.

We can't stop total surveillance, but we can change laws and procedures so that use of surveillance data requires more than just the arbitrary demand from a single individual.


Re: Privacy. We've heard of it.

Completely agree.


Privacy. We've heard of it.

Re: We should not expect our communications to remain private.

I am surprised enough that at this point the 'for' camp is less than 40%. This is a slam-dunk 'Yes, we should not expect our communications to remain private'. There are many routes to failure and exposure. The only hope of modest privacy is being someone who is not interesting enough to look at. Given the value of successfully targeting you as a consumer, you are indeed interesting to look at for anybody who can capitalize on this.

If you know about Snowden's revelations, know what side-channel attacks are, know what social engineering is, understand how various types of data correlation and statistics work, are aware of things like undocumented instructions to alter CPU microcode, fundamental weaknesses in security code, deliberately weakened security standards by entities like the NSA and collaborating security experts, laws allowing government agencies to demand private data from service providers, hardware backdoors in things like hard disks , etcetera, it is hard to imagine how you think you can ensure you keep communications private.

I have a K210 developer kit here so I can examine the feasibility of using a custom made open source system based on a custom open source RISC-V device to increase security by eliminating possible back-doors in the chips.

You have no hope of privacy if a powerful enough adversary targets you.

Use our stuff for free and sell your application? That's Qt. Time to give something back


I reviewed many times over the years, but avoided QT because of misgivings about the license and how they handled it. I am glad I did!

Windows 10 1809 looks unlikely to overtake prior build before 19H1 lands


Re: My Own Voyage of the Damned

I feel your pain.

I am obliged to update notebooks and workstations here for myself and family members and the last rounds were nightmares that took days of my time. Windows 8, 8.1 (nein?) and 10 have been disasters.

The last system we bought here was an Apple Macbook and likely the next system will also be an Apple. Microsoft has been downright hostile for years, but lately is has been making our machines unusable.

Machines that are not used on a daily basis spend most of their time running Microsoft updates of one kind or another. Microsoft literally uses most of the capacity of those machines, sometimes rendering them unusable for many hours.

Civilians have no hope of doing this stuff on their own and market rates for professional help can quickly exceed the cost of simply replacing the device.

I have a feeling that the reason Microsoft is not seeing much more vigorous push-back is because people are switching to their phones for many tasks.

Junk food meets junk money: KFC starts selling Bitcoin Bucket


Issues with Bitcoin

I am surprised that nobody has made much of the technical issues with Bitcoin. There does not seem to be a way around them except a fork and I don't know what that fork might be.

As of this moment, Bitcoin is still a pretty good store of value. It may continue to rise well beyond this point on that alone. However, it is hardly fit for online transactions at this point and there is no reason to expect that to get better. I was going to qualify that with 'barring a fork', but I have no idea how a fork would cure it. Bitcoin's strength is also its weakness and it may be that there is a fundamental tradeoff for which there is no workaround.

Bitcoin may well stay up there and rise. However, crypto-currencies offering better anonymity and transaction times are bound to rise too.

Long term I expect that Bitcoin will either become a rock-solid store of value like gold or will lose its value entirely. It is a close call, but if I had to bet right now I would bet on it losing its value and a competing currency with better features becoming the equivalent of cash due to predictable value, anonymity and better transaction features. Disclosure: somewhere in the TBs of information on my network there may be a wallet with .05 bitcoin.

Putting on my tin-foil hat I wonder if an unaccountable U.S. government agency with an essentially unlimited black budget has pumped money into Bitcoin to forestall the movement to a currency they can't control and track. Actually, the more you know about this stuff the more promising an investment in tinfoil looks :)

OVH data centres go TITSUP: Power supply blunders blamed


I have sites hosted at OVH and they are up right now. However, I have had trouble with them in the past.

I have had sites hosted on more than half a dozen different hosts and every one has eventually failed me -- more than one of them catastrophically.

My stuff is not mission critical, but if it was, the only way I could feel comfortable they would stay up would be to host on three entirely different unrelated hosts with an elaborate fail-over mechanism.

You would think in 2017 you would not have endless failures in basic services.

We're all saved. From the killer AI. We can live. Thanks to the IEEE


You got it backwards

Or maybe upside down.

Re: "only to see his premise undermined the next day by hapless security robot tumbling into a fountain."

That is solid support for his premise. Something went wrong with a robot and something bad happened. His premise is that AI will have more control over more resources and when things go bad they could go very, very bad. In this instance, 'not supposed to fall in fountain' went wrong and turned into 'fall into fountain'. If that had been 'do not launch nuclear missiles' and it went wrong, well... Somebody is telling you not to put that power into the hands of an AI system without appropriate safeguards. The only wrinkle is that he is saying you cannot effectively put the safeguards into place after the fact with AI, you have to anticipate unknown problems in advance and put safeguards up *before* things go wrong.

Here is a tip from an old programmer (moi):

The crucial thing about the unexpected is that you don't expect it. In the case of AI, an 'assert()' statement is not going to cut it as error handling (not that it ever does).

A corollary is Murphy's Law -- "Anything that can go wrong will go wrong".

Why XPoint SSDs won't meet original speed claims: A guide


Re: "The horizontal access ...."

That was a bit jarring. It is like this was dictated and lost something or ... whatever. Glad someone mentioned it.

Windows 10 a failure by Microsoft's own metric – it won't hit one billion devices by mid-2018


Re: Perhaps ....

Re: "Apple has about 50% of the market with college kids."


I believe it.

My household was MS-centric for a long time with Linux only being used for server stuff. Then, my kids *had* to have iPods like all the other kids ... then, they *had* to have iPhones rather than Crackberries like their parents. I gave in reluctantly to keep the peace and we all ended up on iPhones. The iPhones turned out to be way, way more useful than the crackberries and iOS, while not perfect, was significantly more reliable than anything Windows based.

Cracks, and then holes, in the dike, then it nearly burst when my daughter insisted on a MacBook Air as her new machine for university.

Every new CPU here in the past couple of years has had a non-MS operating system. MS has been a terrible partner over the years and it seems as though their formula for responding to alienated customers is to alienate them further.

MS: I have made myself a promise that every machine you disable because I had to swap out equipment gets re-enabled permanently with Linux.


Re: Perhaps .... slipstick

Re: "Still have my old slip stick."

Moi aussi. I have gone through a lot of equipment since then and it is the only thing that still has some value. Why? It will still work after everything else here is obsolete.

Facebook clickbait cull


Top ten things facebook should do

I expect they are in the midst of this stuff anyway. The overall strategy is to ethically join forces with users, suppliers and advertisers against the competition. Do a 'grand slam' attack sweep of all low hanging fruit by leveraging their existing user relationship. Justify it by honoring the security and privacy of users.

1) Keep the pressure on to retain users. As long as they have the revenue necessary to survive they should not be injuring the quality of their system to chase dollars. Treat click-bait as spam and get rid of it.

2) Add a very high quality search engine. They have the ability to marshall server resources to crawl the entire web in short order. Just removing some existing annoyances would go a long way. Make it possible for a website owner to mirror their service to facebook's servers.

3) Create a truly killer advertising system by working *with* users to retain privacy and promote only things they are truly likely to want to see. Example: Coupons! So many great ways to make this type of thing work. Make advertisers compete in a 'top ten' offers race where half the people who make it into the top ten are not charged for the advertising.

4) Set up real-time Q&A that can tie into people's mobile devices. Work to link to Siri and Cortana, etc.

5) Provide premium streaming content -- music and video. Apple Music, Netflix, Spotify can be beaten.

6) Make a dead simple online IDE that makes programming against a facebook 'App' API easy.

7) Move users to the cloud. Create an arm's length joint custody secure information and messaging system that replaces EMail and Messaging with a hybrid that includes trustworthy storage.

8) Issue facebook charge card to any established facebook user that asks.

9) Bundle premium stuff for a no-brainer $5.99 per month fee. Existing incumbents are not setting the bar very high when it comes to respecting their users. Facebook is in a position to blow away the competition by *cooperating* honestly with their users.

10) Issue streamlined facebook browser based on webkit to tightly integrate all of the above and ... make it a no-brainer open source system that anybody can download, customize and build. You go to a link, download an install file and it sets up the entire build system with source code and an IDE that allows you to simply click a 'build' button and it builds.

Microsoft's Brad Smith on encryption: Let the politicians decide


Re: Must not be possible...

@Vimes: Agree that legal changes are insufficient. As far as I am concerned government agents are already well over existing legal lines and I don't see any of them being trotted off to the slammer.

Lots of things will have to change and unseating the large number of powerful incumbents will be a trick. However, the consequences of wholesale surveillance and tampering by the state are too dire to ignore.


Must not be possible...

We need to make technological solutions that make it technically impossible for the government to do what it wants. We need to couple that with severe legislation that provides harsh penalties for anyone attempting to circumvent measures people take to ensure their privacy.

It is possible to design a system that does not depend upon trusting one single particular bad actor. We could have mechanisms that make it technically feasible to unlock some things, but only with an m of n number of actors who can mutually distrust one another.

The exposure of current systems is well beyond anything reasonable and we are coming to grief on an ongoing basis because of it.

Bottom line, as can be seen by other comments here: You absolutely *cannot* trust the government with this.

Bash on Windows. Repeat, Microsoft demos Bash on Windows


Re: How is this different?

@hellwig: Upvote for you. Explanation noted.

Looking around the Web it seems that this is the claim:

This is not a Cygwin variation, noted Dustin Kirkland, a member of Canonical's Ubuntu Product and Strategy executive team. Cygwin's "open source utilities are recompiled from source to run natively in Windows," said Kirkland. "Here, we're talking about bit-for-bit, checksum-for-checksum Ubuntu ELF binaries running directly in Windows." -- http://www.zdnet.com/article/ubuntu-not-linux-on-windows-how-it-works/

Huh. Re-reading the 'theregister' article I see that what is said is not inconsistent with that. It is improbable because it is something of a technical feat. I will believe this when I see it actually running a full complement of Ubuntu binaries. It seems to me that there are fundamental conflicts in the absence of virtualization...

I hope this comes to pass. It might tip the balance for upgrading to Windows 10. It would be fantastically convenient to have a working subsystem like this that is lighter than a VM.


How is this different?

How is this much different than Cygwin through which I routinely access grep, sort, ls, factor, du, df, gcc, etc -- and oh yeah -- bash pretty much daily and have done for years?

Former FBI spy hunter: Don’t trust China on ‘no hack’ pact



Don't trust ... ya think? Well, you can trust them as far as the other governments I suppose.

Apple tells iPhone court 'the Founders would be appalled' by Feds


misinformed arrogance

Regardless of the legal theories being bandied about, what the FBI is asking is wrong and dangerous. Men of conscience eventually have to take a stand.

The level of misinformed arrogance in all three branches of the U.S. federal government is downright scary. Safeguards preventing these people from acting should be increased, not decreased.

Yes, it is a hard world out there. No doubt there are scenarios where the contents of that phone are crucial to the point of saving lives. It will never justify the damage that would be done by forcing Apple to do something unreasonable. There is a cost associated with riding roughshod over the rights of a billion mobile device users. That cost is well beyond any value to be had with that phone.

We could save a lot more lives by outlawing the use of automobiles. That does not mean it is the right thing to do.

Obviously, the FBI is looking for a damaging precedent and we should not let them get it.

Long term, there have to be penalties associated with attacks on the commons like this. As long as there is no cost associated with the attacks, they attacks will continue.

Global crypto survey proves govt backdoors completely pointless


if you haven't done anything wrong

This is similar to the argument from "if you haven't done anything wrong, you have nothing to fear". Proper privacy and security requires more than just the possibility of some people having it. It requires that it is the default for everyone and it requires political regimes in place that make it exceedingly costly to subvert.

Every step of the system from hardware manufacture on up to human interface design needs to be designed for security. Everything is subject to attack.

We should culturally and legally make any illegitimately obtained information 'fruit of the poison tree' and and make it illegal to make any use of it. For instance, its only use as evidence should be as evidence of the criminal breach of privacy used to obtain it.

We are rapidly approaching a point where it is simply impossible even for experts to prevent surveillance. It is surprising to see any expert making a claim to the contrary.

I am very suspicious of our current security culture whereby everyone is encouraged to use the same small battery of inter-operable standards with key sizes only ever just 'good enough'. Is there anybody who knows much about this stuff that would really set arbitrary limits on things like key sizes? How can any expert endorse, for instance, Certificate Authorities controlled by governments, financial institutions, predatory companies and other fundamentally compromised entities?

I would say that any advice that is security related should be taken with a very big grain of salt. That includes this, if for no other reason than its list of hazards is woefully incomplete.

Cisco recalls switches that could short power to the case. And hurt you


Apparently it is 'a thing'

This reminds me of a shipment of IBM 56K modems I received in our lab one time. They were huge -- half the size of a microwave and a card in the box actually gave CPR instructions with the warning. We laughed and laughed... but we made sure to have the network guys install them :)

For fsck's SAKKE: GCHQ-built phone voice encryption has massive backdoor – researcher


Need to up the cost

As long as these weasels incur zero penalty for attempting to rip us off like this, they will continue trying. The solution is simple enough. Clarify the law and make it a criminal offense to attempt to disturb the commons like this.

How ICANN pressures 'net engineers to give it behind-the-scenes control of the web


Late to the party but...

Sorry for the necro-post, but...

It is hard to imagine how this is not negotiating in bad faith. That bad faith makes ICANN a non-candidate in my opinion.

OTH -- the fact that we have an abusive agent in charge lends greater legitimacy to the notion that these functions should be entirely separate from the control of any central organization and should be distributed among the Internet population at large. Perhaps their outrageous hubris will trigger a real change.

The current shabby state of the Internet helps to keep monopolists in power, creates multiple single points of failure (in that 'authorities' can shut down big chunks of the Internet), intrinsically incurable security vulnerabilities and an enormous attack surface.

I repudiate the notion that entities like the U.S. government have a legitimate claim to control over the global Internet.

From a security point of, view, you should not trust any single entity with control. No bank puts access to the vault under the sole control of one unsupervised individual -- not for long, anyway.

The existing set of rules for governance are so far beyond the pale it is hard to have a meaningful discussion about it.

Sony tells hacked gamer to pay for crooks' abuse of PlayStation account


Re: He needs to escalate it

Tweeted this:

@yosp I will never buy Sony again, no matter what you do, but you might save other clients:http://tiny.cc/sh8gwx

Doubt this will have any impact at all, but at least they can't say they never heard from anyone.

VMware channel confirms price hikes from next month


Protection racket economics

The cost of *not* pursuing you for infringement just goes up and up. You can hardly blame them. Where would they be without those increases? Those people hauling wheelbarrows full of money down the vaults aren't free.

This ISN'T Net Neutrality. This is Net Google. This is Net Netflix – the FCC's new masters


Re: @Trevor Something to consider...

Bit harsh, but thumbs up for you.


Not over

You can be sure that this is not over. The network itself is not baked and clearly even people with a fair amount of expertise are not really clear about what is needed.

First, the network is not nearly baked. Hopefully we will get there quickly, but the IP address issues have to be dealt with and it is increasingly doubtful that IPv6 in its current incarnation will take over. That is good IMO because it is a demented standard as evidenced by its lack of uptake over many years despite a critical need for an IPv4 replacement. In addition to this core matter, DNS is messed up. It is insecure in a variety of ways, but the one that alarms me the most is that it is under the control of a handful of miscreants with a bad track record of custodial care. It should be distributed enough so that it cannot, for instance, have the U.S. government (or the U.K. government) seize control of a domain. As it stands now, the U.S. government has the power to redirect a domain and forge a certificate so that they could hijack banking transactions. That ain't right. They have proven grotesquely untrustworthy over the years and they are actually getting worse. Our system of routing makes it much more difficult to anonymize and and secure traffic en route and to guarantee delivery. Our web of trust using PKI is beyond broken to the point that people routinely ignore certificate warnings. EMail has spam. This should be effectively impossible for all but the most well financed interloper and even for them it should be net negative financially. I could go on, but surely people can see that unless I am lying or mistaken about everything the network has issues to put it mildly.

The whole 'net neutrality' is a necessarily evil red herring that basically represents the lesser of a variety of evils. A properly constructed network offering the best utility at the best cost would of course prioritize traffic. We cannot trust the incumbent network operators not to abuse packet prioritization, so we have accepted a crippled solution. A proper technical and legal regime would of necessity be more complicated. That's a problem because as a matter of public discourse we cannot even deal with a simple case.

Proper convergence has still not happened and until it does, the network will change in significant ways as it subsumes other networks and gets reconfigured to take on new duties. To be honest, I was expecting power over Ethernet to be there already and it makes me wonder how long it will take, if ever, to align the power grid with the information grid.

Anyway, this is not over by a long shot. The FCC rules, whether good or bad, will change.

Listed US tech provider bribed Oz bank worker say cops


Re: More arrests to follow?

Yeah, because when it comes to financial crimes and banks, the US is all over that. Does this also mean they will clear their backlog of charges from 2008 that they never laid?

JK -- Australia already has a whole bunch of US military installations. There is no reason to make a fuss.


Blow me down!

Corruption? In a Bank? Say it ain't so!

Apple about to make Apple TV WAY LESS SUCKY - report


I wonder

When will it become apparent that our copyright and patent and other regulatory regimes are killing us? Apple has the money right now to absolutely dominate this whole thing by buying up all the infrastructure and copyrights. The only thing preventing a Cabal of cash-rich monsters swallowing the economy are a bunch of rickety laws designed for an industrial age quite unlike what we find ourselves in now.

The people running Apple have more than $100,000,000,000 dollars ready to spend and a dominant position in a number of markets that absolutely *rain down* cash. When you have that kind of leverage, every dollar from your massive stash goes a lot further.

On the upside, either because they are actually afraid of getting caught or have not thought of it yet, I don't see Apple going entirely evil and end-running anti-combines rules quite yet. They could pretty easily create a Gordian knot of ownership and control that made it so they call the shots all-round. That notion of iLife could get downright scary when you have to pay to use your own genes.

China's make-your-own DRAM ambitions growing all the time


Sort of old news...

I would say the Chinese economic takeover of the West is something of a fait accompli. The writing was on the wall when dollar stores opened all over and shortly thereafter just about everything you could buy said 'Made In China'. We didn't mind because, 'hey, inexpensive products'. For a while there we were importing things at prices below the cost of assembling the raw materials locally.

Here in Canada, we sold away our industrial infrastructure shortly after NAFTA (free trade, yay!) rendered our industrial economy no longer viable.

I think that free trade was inevitable, but it took a very evil form as our government and others threw wide the doors and let unregulated capitalist firms do as they wish. They did and now we know that their wishes and our wishes, contrary to what we have been told, do not coincide. We really should have had a plan for the post free-trade environment. A lot of jobless people took a pretty big hit because they were not paying attention on election day. It does not, BTW, look as though they took any lesson from that. Bill C51 is fixing to put the last stone in place for our shiny new police state -- you know, so we can harmonize tyranny with the existing US and UK police states.

Be careful what you allow your corporations to wish for.

Which will be the first (former) first-world nation to attempt to turn back and remake their industrial base? I would like it to be Canada and I would like us to be leveraging what we have in terms of an educated population and empty plants to build 3D printers and general purpose robots from raw materials on up. With high-quality 3D printers and a generation of capable general purpose robots Canada would only have to worry about energy supply and military attack. We have the oil sands for the energy and enough materials to build a hell of a huge robot army.

The only way back is for a country with enough natural wealth and an educated population like Canada to invest in stuff that can side-step the economies of scale or to specialize in guaranteed export value things like processed food where we have the scale and did I mention robots?

We (Canada) are in a heck of a bind. We are sandwiched in between the enormous economic and military powers of the United States and Russia and dependent for manufactured goods from the gigantic Chinese industrial powerhouse.

Side note: I do not think that our measures of economic wealth value China's position properly and I think it has been a long time since they have. The U.S. dollar is holding relative value together for the time being but it is only a matter of time before there is an adjustment. It is increasingly looking like that is going to be a very short sharp shock.

Tangential geopolitical note: Am I the only one that noticed there is more than $50 TRILLION (with a 'T') dollars worth of petrochemicals underneath the sand in the Middle East. Somebody should send troops in to secure that before ... never mind.

Fizzy bubbles at the ready: Dot-com celebrates 30th birthday



Man, I remember seeing the Symbolics people demonstrate their LISP machines at a trade show back in the 1980s. To this day, it seems miraculous what they were doing. If only they had been more open the world might be a significantly different place today.

Oddly, the same behavior that in my mind killed Symbolics and pretty much took LISP with it also triggered the beginning of the Free Software movement. Who knows if things worked out for the best after all?

I am still wistful about the demise of this company. Once upon a time they had real magic.

Let's be clear, everyone: DON'T BLOCK Wi-Fi, DUH – FCC official ruling



... but unbelievable. My response would be to push to alter the rules so that criminal penalties applied to anyone in the future attempting to interfere with public bandwidth. IMO, criminal penalties already apply, but I would support specific legislation that made it crystal clear. Marriott does not own that spectrum. If they want it, they should cue up and spend the billions necessary like everybody else.

Five years of Sun software under Oracle: Were the critics right?


Yes. The critics were right

For my money Java, MySQL, OpenOffice and VirtualBox all suffered. Sun machines and Solaris used to be fairly common in places I traveled, but no more.

Oracle is a company bent on serving Oracle/Larry to the exclusion of anything else. It seems to be a culture that values 'winning' regardless of whether or not it diminishes net wealth all round.

I am mystified as to why people stick with Java when it is *clearly* encumbered by Oracle. A proprietary programming language cannot and should not have a future.

Another day, yet another emergency Adobe Flash patch. Because that's how we live now


Given that Adobe's Flash is purpose built to be a vector for malicious activities, it is hardly surprising that it is being used that way. When it works entirely as designed it is evil.

Wall St wolves tear chunk off Microsoft: There goes $30bn!


Re: OK, it's a personal issue, but...


I have been responsible for millions of dollars in Revenue for Microsoft via purchase, recommendations, leading by example and contributing to their ecosystem. I have been a Microsoft customer since 1984. In the first decade they were not a bad partner, offered value for money and made the user experience tolerable or sometimes even good. It was clear by the 1990s that Microsoft was a terrible partner for larger businesses, but it still seemed OK for the little guy (developers like me, anyway). In the second decade they began to make licensing a nightmare, stopped making products better (making some worse) and became a significantly less valuable partner. I started the 1990s as a relatively enthusiastic supporter and recommended them. I ended the 1990s grudgingly recommending them, but cautioning people that the path forward was not looking too good. In the third decade they became a very bad partner. The disconnect between themselves and their partners became intolerable. In this fourth decade just started I finally made up my mind that Microsoft was simply not viable for me as provider or partner. They did not have much of a 'soul' to begin with, but they have lost even that.

The last PC purchased by my household was a Macbook Air and so far my household has purchased nine iPhones and zero Windows phones. These were not votes *for* Apple. I don't like Apple. They charge ridiculous premiums for things and are near psychotic about keeping people in walled gardens. These were votes against Microsoft and Google, both of which have broken faith so badly that they make Apple look good.

Bottom line: your experience that Microsoft was not good to deal with seems to be repeated on all sides. I honestly think that Microsoft's contempt for its customers and partners and its single minded concentration on financial advantage for themselves regardless of the impact on customers is what will be their undoing.

It takes a long time to get a customer. Keeping them is less work. Once they are lost, though, getting them back is very difficult and expensive.

At this point, only the most radical reversal of direction would return me to the fold and as of now they appear to be putting on the afterburners to continue forward on the course that made me part company.

Note when I say radical I mean a breakup of the company among other things.

The Wi-Fi Alliance wants to get you off Wi-Fi


Analysis complete

Here is my analysis:

Executive Summary:


Precis: The fact that security was not addressed front and center means they may not understand even a bit what they are doing beyond the hardware and bare protocols.


I am gratified that others commenting see the problems. Note, though, that the IoT is already upon us and it is just not going away. Most useful things can be used for good or evil. Science and technology are not inherently evil. Cars kill a lot of people but our reaction to that has been to enhance their safety, not to stop using them.

Zuckerberg asks the public to tell him where to go in 2015


Can't feel the love here.

I am not sure I get the big hate on for this guy. Sure, he was an asshole in school and said some pretty creepy things. He is probably not the statesman we would like to see in charge of a company with a market cap of $218,706,670,501.

He's still basically a kid and has made himself a billionaire. That's not too shabby. It's probably better than anybody commenting here will ever do.

I am not a big fan of some of the stuff that facebook did to get its critical mass. However, the operative word there is critical. Had they not gotten there fast, somebody else would have crushed them the way they crushed MySpace. The volume of users and user activity is what makes facebook worth so much and a lot of what I find objectionable that he did was basically necessary to keep the company alive, believe it or not. They had momentum and mass and they needed both to stay afloat.

Facebook is nearly unstoppable now, but it has a few vulnerable facets and it seems to me that this young man is doing his best to find and fix them. However, this has become a tricky game because the massive size of the company limits its room to move. The low hanging fruit is mostly gone and big stuff like search brings on pretty scary competitors and almost certainly government interference.

I am hardly a fan, but I really don't get the bashing. We *should* expect more from people who control massive assets and wield great power, but there is a limit to what is reasonable to expect. Somewhere back there we still have a thirty year old human being who is still forming. I think people should cut him some slack.

I will hazard a guess that a sudden windfall of a billion dollars or so would amplify faults in many of the posters here.

If I had to make a suggestion for something outside of facebook work I would say learn to enjoy helping others merely for the satisfaction of doing so. Get creative using money to reward the many less fortunate, not with handouts but with a hand up. Give people hope in communities where hope is hard to come by. Help to create a cultural ethic that values everyone, not just a few superstars.

Here, FWIW is one of the things I am doing outside of work that might be worth a go:

It is possible to enter a meditative state that is 'different' as sleeping is from waking. It is something that you can learn to do with a little practice. I learned to do it to make long waits in airports and flights on airplanes tolerable. I used to commute weekly and this turned something dreary into something pleasant. I use this to put myself to sleep from time to time and use it to get little calm spots as a sort of 'reset mechanism'. I have only used it to sort of 'escape' a state that is less comfortable. It only occurred to me when I was describing this to someone that I had never tried entering this state and staying there while I conducted my day. So ... I have set myself the task of attempting to enter this state and stay in it while I am actively doing other things. I don't know if this is possible but it would be pretty cool if it was.

A person doing this 'meditative living' is not likely to be particularly spectacular on the outside, but I think it might be really something for the person themselves.

The above might be something of a stepping stone to mastering and actively managing your mood. None of us can entirely control our environment, not even young billionaires. However, it is possible, I think, to get a great deal of control over oneself.

Tragedy strikes Vulture News Central but details remain scrambled



Master Bait

Security SEE-SAW: $3 MEEELLION needed to fight a $100k hack


Do not know how yet, but...

That fact that attack is cheaper than defense is hardly news.

To have reasonable security against attackers you need advice from people you can trust, trustee services from different people you can trust, secure algorithms, secure key sizes, secure hardware, secure storage and internal communication, secure operating systems, secure devices, secure device drivers, secure software, secure external communication and storage, trustworthy users and secure premises.

We don't really have any of the above and all of them are necessary (but still not sufficient) to have a system reasonably resistant to attack.

I am not going to pretend putting the right things in place is easy, but they are doable. The fact that they are not being openly addressed shows me that people who understand don't care and people who care don't understand. Anyone with much understanding knows that all traffic and storage should be encrypted. It is not.

In many security discussions you see something along these lines:

We can verify this with the appropriate keys.

Unfortunately, that is costly.

Solution: Don't verify.

As the Treacherous Computing Asshats have discovered, it is very difficult to secure anything that must be decrypted and then used outside of a controlled environment, especially if part of your agenda is to cripple security otherwise.

As a collective of some 500 million plus people with a vested interest in making things genuinely secure, we can overcome the attack/defense disparity even if it is many orders of magnitude. Step one in getting there is to stop paying the attackers to secure our system.

The Pirate Bay SUNK: It vanishes after Swedish data center raid


Re: Disappointing

Re: " there is always a single point of failure regarding the domain name."

Yes, but that should not be the case. The very fact that the people who run DNS allow this to happen means they are not fit for purpose. A single entity should not be able to silence a site.

US Ass. Commerce Sec hits back at claims global DNS is DOOMED


Re: Dear God.... /\ What he said

Re: Y'all need to build a fully decentralized internet, at the IP and DNS level, pronto.

Is there any other way that we can possibly have a network we can trust?

Nothing illegal to see here: Tribunal says TEMPORA spying is OK


Re: btrower The gloves are off

Re: "Bullshit. It remains completely lawful as you have failed to show how it has breached any actual law."

It was established at Nuremberg that some rules of conduct transcend the explicit laws of a particular state. Invading the privacy of every person at once goes well beyond any reasonable norm. It directly conflicts with the letter of the most fundamental law in jurisdictions like the United States. It does not matter how many toadies you trot out bleating that it is OK. It is not OK and as far as I am concerned it is something that warrants eventual prosecution and punishment.

Apropos of eventual punishment:

"Crimes against international law are committed by men, not by abstract entities, and only by punishing individuals who commit such crimes can the provisions of international law be enforced." -- Judgment of the International Military Tribunal -- http://avalon.law.yale.edu/imt/judlawch.asp

The ultimate harm to be done by massive illegal searches without probable cause and the apparatus used to conduct them is enormous well beyond the injury to mankind done by a few despicable acts done under cover of a 'hot' war. We should be taking names and ultimately be holding the various perpetrators accountable.


Re: btrower The gloves are off

Re: btrower The gloves are off

Re: "But doesn't your right to security oblige the authorities to have the powers and means to ensure your security ... You can't have one without the other."

No. How is that even a question? It is as if you are saying it is necessary to shoot my dog in order to keep him safely in the yard. Completely invading my privacy in every way imaginable, putting me under constant surveillance, reading my mail, listening in on my phone conversations, constantly monitoring my whereabouts, spying on my friends and family and similar insane stunts are not reasonable or necessary to protect my privacy.

Re: "how are they using 'force' illegally, and how is their duty to protect the public not part of said covenant?"

Your slight misquote does not properly represent what I said. I said 'illegitimate use of force' because there is now some question as to whether or not laws passed in recent times are fundamentally legitimate. Plenty of laws have been passed and precedents set in the United States that do not pass muster against any reasonable reading of the Constitution. The coercive power of the state sits behind any provocative action it takes. Unless both warranted and necessary it is certainly illegitimate. Of course, in any rational system it is also illegal as a technical matter.

Here is a lovely story of a warrant-less entry that involves undeniable overt force which was, in fact, deemed illegal by the courts:


Glidden first demanded to be allowed into the home and was denied permission. So, according to the complaint, he pepper-sprayed Jason and then Laura.

“Glidden then turned to Jason, who was still standing, and shot him in the back with his Taser,” the complaint said.

When Laura closed the front door, Glidden continued triggering the Taser through the closed door.

Then White joined in.

“Together they forced open the door and found Laura and Jason lying on the floor,” HSLDA said.

They “slapped Laura, knocking her glasses off of her face,” they threatened to shoot the family dog, they threw a telephone across the room, called Laura a “liar,” handcuffed the parents and threatened to let Jason fall down, according to the complaint.

It all took place in front of the three children, ages about 13, 10 and 8, who were taken into state custody, where they remained for months.


Re: btrower The gloves are off

Re: "The article was written as a whole and ratified as such by the then nations of western Europe which rather suggests that its original meaning is unchanged from what they wanted."

That's may be the theory. Sadly, that is not the practice.


"The last-minute change that was made in this bill… puts a real poison pill in this bill for consumer advocates such as myself," Polis said. "Many consumers won't be unlocking their phones themselves. There needs to be a market in unlocked phones."


Re: btrower The gloves are off

@Mike Flex

Re: "except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others."

The purpose of the article is clear enough to me. The fact that they tack on weasel words to the effect "it is except when it isn't" does not fly with me and it should not with you either. If they are going to give any real weight to the part you cite then they might as well just strike the article altogether because it would have no effect and *yes* you are correct, they did go with that part of the article. That tells me that:

1) The article needs to be rewritten to properly accomplish what was obviously its original explicit purpose and that means striking the part you find so endearing.

2) The people and organizations doing the interpretation need a clean sweep to install people with some sense.

Improperly formed specifics of legislation require repair and in the meantime should not be followed when they conflict with reason and the obvious spirit of the law.


Re: btrower The gloves are off

@Matt Bryant:

At its heart, the right to privacy is another aspect of the right to security of the person.

Our society and government are contingent upon covenants that we make among one another. Our current emerging police state is able, for now, to breach the covenant by the illegitimate use of force. However, that breach renders the covenant void and to the extent that the people operating the mechanism of state continue to act that way they act outside the law and should be ultimately be stopped and held accountable.

I did not miss the bit where an ill advised decision was made to pretend that such and such a breach was lawful. It remains unlawful in any meaningful sense. Yes, the UK in particular has absolutely horrendous legislation in place and a thoroughly corrupt administration. However, they may insist to a man that it is legitimate to execute innocents or do any other noxious and patently immoral, fundamentally wrong and ultimately illegal thing. That does not render it legitimate or legal. Some things are fundamentally beyond reason. No court decision can give them legitimacy.

The current U.K. law essentially reads in essence that the people are free from interference from the state except in the event the state deems interference desirable. It is just bad law and good men have no obligation to uphold such a law and a moral imperative to oppose such a thing.

Courts sometimes make mistakes; even very grave ones. A mistake by a court is still a mistake -- more tragic than normal, perhaps and harder to fix, but still a mistake.

This is *our* government and *our* society and there is not a whisper of a doubt that to the extent that we can make covenants with respect to *mandatory* rights the majority of informed observers insist that detailed unwarranted blanket surveillance is simply contrary to the deal we made.

Law enforcement and the legal system as it currently exists is becoming increasingly less of a solution and more of a problem. They have badly lost their way.

For law to have any legitimacy or meaning it has to fundamentally reflect the covenant we have mutually agreed to as a body politic. Constant surveillance of ourselves and our loved ones in our private lives, our correspondence and our relationships is not something we could have sensibly agreed to. I do not personally know anybody conversant with the issues who thinks for a minute we should be under constant intimate scrutiny by the state or anything else.

Below are some references to things that either form or inform the law in various jurisdictions. All the states involved here are signatories to the U.N. document and blanket surveillance is contrary to that agreement by any reasonable reading.

Universal Declaration of Human Rights


Article 12.

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.



8. Everyone has the right to be secure against unreasonable search or seizure.

In Lawson Hunter et al. v. Southam Inc., the Supreme Court stated that a major purpose of the constitutional protection against unreasonable search and seizure under section 8 of the Charter of Rights and Freedoms was the protection of the privacy of the individual.

The case involved a constitutional challenge to a search conducted under the Combines Investigation Act. The Court concluded that to assess the constitutionality of a search, it must focus on the search's reasonableness or unreasonableness in terms of its impact on the individual and not simply on its rationality in furthering a valid government objective. Mr. Justice Dickson of the Supreme Court advanced in this case for the first time the precept of reasonable expectation of privacy as a standard against which government action should be scrutinized.

The United States Constitution

Amendment 4 Search and Seizure


The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.


The Human Rights Act 1998 (the “Act”) incorporated the European Convention on Human Rights (the “Convention”) into UK law. Article 8(1) of the Convention provides that “everyone has the right to respect for his private and family life, his home and his correspondence.”

Convention for the Protection of Human Rights and Fundamental Freedoms


Being resolved, as the governments of European countries which are like-minded and have a common heritage of political traditions, ideals, freedom and the rule of law, to take the first steps for the collective enforcement of certain of the rights stated in the Universal Declaration,

Have agreed as follows:

Article 1 – Obligation to respect human rights

The High Contracting Parties shall secure to everyone within their jurisdiction the rights and freedoms defined in Section I of this Convention.

Article 8 – Right to respect for private and family life

Everyone has the right to respect for his private and family life, his home and his correspondence.


The gloves are off

There is no rational theory whereby we have given these idiots permission to violate one of the very most basic of human rights.

The lot of them need to be swept out of any position where their deranged vision of what is reasonable can harm any of us.

I can't think of a way to do it yet, but as far as I am concerned, the entire body of people who do stuff like this should be on notice that their behavior is not without consequences. They think it is OK for people to be surveilled 24/7? Fine. Let *them* be surveilled 24/7 and let the public do the monitoring.

Kaspersky: That 2 years we took to warn you about Regin ? We had good reason


Re: How long is too long to have kept quiet?

@Jason Bloomberg:

Re: "some point at which it becomes reasonable to warn that something is afoot"

Something is afoot right now. You can take that to the bank. There are so many attack vectors it is impossible for a firm to entirely secure your system.

I am not a big fan of the AV vendors, but I think they have been more than upfront about the fact that you are in ongoing danger.

While the web stares at cat pics, the glue of the internet is being shifted from US govt control



Same as the old boss as Graham Marsden said above.

Having anything headquartered in the United States that affects privacy is belligerently foolish. It has to be a non-starter.

Fool me once.

I am sure that there will be all manner of interesting critique here at the Reg.

Anybody presenting a 'trust me' architecture vulnerable to abuse by an incumbent or collusion by a small number is either incompetent or dishonest. From what I have seen it appears to be both.

I don't have a design but surely there is some way to build a more secure system on top of the existing infrastructure using a distributed trust architecture that cannot be hijacked again.

systemd row ends with Debian getting forked


Evil FlusterCluck

Both sides of this get me worried. Neither alternative is very good from what I can see. Forking away from Debian seems like a doomed move. However, the people forking say that systemd is creating all sorts of dependencies. You have to worry when the people blithely working on a system which is already a nightmare of dependencies are complaining about a change the brings in 'too many'. OMFG.

Maybe one of the people who became billionaires off of the ideas and hard work of other people could step in with funds to sort this out.