* Posts by btrower

707 publicly visible posts • joined 9 Nov 2011

Page:

Microsoft SkyDrive, Outlook stricken by cloud outage

btrower

I am so surprised not

Single point of failure. What are the odds?

Your encrypted files are 'exponentially easier' to crack, warn MIT boffins

btrower

Fundamentally insecure

My research into what I call 'Data Packaging' leads me to believe that the universe of numbers that are likely to be used for these things is much, much smaller than you would expect from the number of nominal bits. As a matter of fact, the problem appears to be near intractably difficult. I found this early on and actually registered a domain name whose only purpose was to supply 'good' numbers to support encryption more than a decade ago.

A key that is hundreds of bits long has no realistic chance of being from a truly random sampling of that space unless the process used to get the number is intensive.

Google: Cloud users have 'no legitimate expectation of privacy'

btrower

Now I get it...

"Don't be evil" means you should not do evil because Google already has it covered.

Xerox admits there's no fix yet for number-fudging copiers

btrower

Pretty bad

Silent data corruption like this is the absolute worst. Who knows how much this corruption has ended up bleeding back into databases. Believe it: a lot of computer generated data ends up being re-keyed. A couple of generations with documents sent to the shredder means -- what?

DARPA calls Big Data boffins: Help us lock up everyone's privates

btrower

Paranoia sets in

Took a look at the referenced document.

We know that the NSA has assembled massive amounts of data and they even admit to having all the metatdata.

Big Brother has all the raw data.

Big Brother knows how to decrypt things using Rubber-hose cryptanalysis.

Big Brother only needs a little help in the subtleties of how to mine their data.

They *say* they are assessing vulnerabilities in large bodies of data, but they want awfully specific functioning tools to attack the data themselves as a proof of vulnerability.

From the referenced document:

"The goal of this topic is to develop tools to characterize and assess the nature, persistence, and quality of data. ... Also of interest are tools to characterize the quality of data for automated processing and analysis (i.e., a measure of how much manpower would be required to use a specific source). ... Additionally, the goal of this topic is to characterize the threat through the creation of tools, techniques, and methodologies to measure the vulnerabilities in a given set of public data. As an example, reconstructing the profile of an organization from many data pieces using low computational-complexity methods might indicate vulnerability. "

btrower

Simples

Make it so that people can have anonymous vested identities. Make it impossible through a combination of legislation and technical means for anyone to assemble a database of personal information that the subjects have not (with *real informed consent*) opted *into*.

Set expiry times by default on personal data so that unless there is an ongoing relationship and another opt-in, the data melts away.

Make it impossible for third parties to access or tamper with data:

Example:

Party A Creates Customer Name/VotingKey list

Customer gets VotingKey

Party B gets list of VotingKeys

Party B Creates Ballot/VotingKey list

Voter uses VotingKey to obtain and register Ballot.

Party A knows the customer had the right to vote, but not what they voted.

Party B knows what the customer voted, but not who they are.

Party B publishes votes and keys so that voter can check that their vote is counted as cast. Public can verify there are no more ballots than their should be.

The system is open to third-party audits without revealing how people voted.

To the extent that there is a vulnerability to collusion you just use the same principle to extend to more parties, including the entire population if it comes to it. If everybody is required to release the information

There are a wide variety of ways to partition data so that only the legitimate subject has control. The problem is twofold:

Most, including politicians and even technical people do not understand this stuff. More people who can understand need to skill up.

Those who *do* understand have vested interests in the status quo.

The technical ability is there in spades. This is entirely a matter of political will.

No distro diva drama here: Penguinista favourite Debian turns 20

btrower

Gold Standard

For me, Debian is the Gold Standard for a workable, ethical ecosystem. I have had to use downstream distros like Ubuntu or other distros like CentOS for various reasons, but I am now moving to Debian and hope to shift everything over there.

Debian has rock-solid integrity. As the years go by and more of your work accumulates on systems, the more important this basic integrity becomes.

Right now I work on Win7 for desktop and notebook,Android for tablet, iOS for phone, Ubuntu, Windows 2008R2 and Windows Server 2003 for local servers and CentOS, Win2008R2, Win2003 and whatever mutant variants of Linux or Window is currently running on Amazon. I want to shift all of those to Debian based distros and to only use Debian stuff wherever possible.

I trust Debian. I do not trust any of the rest of them. To me, anything that cannot drop back to a vanilla Debian release is a risk and I hate being exposed like this.

There she blows! Mid-October release date for Windows 8.1 sighted

btrower

More efficient this way

They did not get it even close to right *with* customer feedback. Without customer feedback it is probably hopeless.

I guess this way makes it faster and easier to ignore their customers and what they asked for while they work on something nobody asked for.

Please enter your comments in the line provided (64 character limit).

Beware the ad-punting crapware-laden Firefox, warn infosec bods

btrower

First to plant the flag on your territory

Re: Yahoo! toolbars!, McAfee scanners, Adobe Flash and the like

We have grotesquely invasive stuff on our machines from the people we are supposed to trust. You can't do much without eventually being coerced into signing up for things, downloading and installing things, etc.

To some extent, just as history is always written by the winners, malware is defined by the people who took illegitimate control first.

In this as in so many other things, we have let it go so far that 80% us don't even know where it belongs.

Bacon 'n' egg on his face: Hollywood heartthrob pwned by Twitter phishers

btrower

Saved his Bacon!

EOM

The secure mail dilemma: If it's useable, it's probably insecure

btrower

So many things...

Shutting down the systems was the only effective way to maintain security. They did the right thing. These two mail providers are to be commended on a taking a principled stand and 'walking the walk' by taking the action backing it up.

There are so many issues here and all of them have to be addressed to get even a reasonable sense of security.

First, this has to be a two pronged attack. A technological solution needs to be supported by a political solution. We need to make it very difficult to invade people's privacy by raising the bar. We also need to reduce the incentives to snoop by making ill-gotten information 'fruit of the poison tree' and by clarifying penalties that the state and its operatives incur if they are caught. The penalties must be high enough to remove any incentive to snoop.

For the technical aspects, we need to make it so that everything goes into an encrypted distributed pool such that only possession of the keys will allow retrieval and so that routing cannot be traced. These things are doable, but not with our current infrastructure as currently constituted.

My point is that neither a purely technological nor a purely political solution will do. We need both.

Data Security has many nuances and as the attacker becomes better armed it becomes increasingly more difficult to defend. As we can see from the current attack on key holders and intermediaries entrusted with our data, Rubber-hose cryptanalysis comes on to the table quickly and although crude it is a very effective line of attack.

You need to approach design like this with a sense that attack can be expected from all sides. Sophisticated side-channel attacks and exhaustive analytic attacks must have some design response. It may not be possible to implement EM and sonic barriers, but the design should have a place for them.

Attack can come from everywhere including the hardware and firmware as well as compilers and other software.

This entire area is poorly understood even by people in our line of work and it seems it is wholly misunderstood by the general public. We all have to skill up on this.

Child abuse ransomware tweaked to tout bogus antivirus saviours

btrower

Good news

I am oddly cheery about this. I feel for the victims and hope it gets shut down quickly, but I think it is good for this profound vulnerability to be publicized in this way. For some time now I have been concerned that pushing illegal material on to people's machines will be used to attack enemies and quiet dissent. I believe it still will be, but the more we see stories like this, the more ammunition people will have for defense.

I expect that, once you have any indication of a real child predator, you will be able to gather convincing evidence of their guilt -- *if* they are. I do not worry that by aggressively tossing out false positives we will somehow miss really bad people.

Bradley Manning suffered through hundreds of days of torture. The disregard for the law that allowed that to happen to him could well be turned on one of us next. A truly vicious vector for such a thing would be planted criminal imagery and horrific charges, quality and provenance of evidence be damned. For people with kids (like me), violent imagery against children is a real hot-button. It tends to shut down brains and people are so hostile about it that they don't care if the accused rights are violated. They should, because the mechanism used to violate anybody's rights is aimed squarely at them and you and I.

Super-SVELTE BLUSH-PINK planet goes too far with star

btrower

Re: At last, real scientific method!

@Loyal Commenter

Re: "What, you mean like come up with a hypothesis, test it, model it and tweak it until it fits with what you actually see, in order to make predictions. Y'know, exactly like what climate scientist actually do, when they're not too busy fighting propaganda and disinformation?

The tweak is one of the issues. Models only get changed to answer with the same prediction by incorporating the data and then fudging the model until it gives the future prediction desired. It is exactly what climate scientists do, but it is not proper science.

Climate Science is pathological science.

I am an increasingly fierce opponent of the Catastrophic Anthropogenic Global Warming narrative. Like just about all of the rest of the skeptical world, I am not paid for it. I was not 'sold' this position. I have a background in science and research. By happenstance, I wrote a paper in the 1980s related to this area when I was in University long before this hysteria began. I have spent plenty of time reviewing this mess. In every instance where I have education and expertise I have found the Climate Alarm camp in a shambles. Anybody with a software development history could tell with a quick read that the code released in the Climategate materials was just crap. Nobody has made that much about this, but I expect the reason is, as it was with me, that the code is so poor that it seemed cruel to discuss it. That is not disinformation. Anyone with the skill to make a determination can look for the code and see for themselves. It is as shoddy as the rest of the 'Climate Science' universe.

It is not 'propaganda' to demand evidence for a truly remarkable assertion bordering on the miraculous. The living world has evolved over geologic time to survive wide variations in temperature spanning more than 80 Kelvin from about 233 degrees or less to about 313 degrees or more. In the geologic time that shaped us, the ambient temperature has ranged further than a few degrees from its present value. An unlikely worst-case drift upward of about 2% (if we see a hyperbolic 6 degree rise) is hardly going to kill us all.

We have already invested far too much time and money in the Climate Change non-problem. Meantime, as the Climate Alarm camp cries for ever more money to investigate he bogey-man, a child dies every minute from Malaria. We could prevent many of those deaths if we could divert money used on patently useless 'Climate Science' to saving lives right here and now.

I have looked at this plenty through the lens of professional experience with data analysis with real (not 'enhanced') data, and a background in science and practical research. As far as I have seen, disinformation comes nearly exclusively from the Alarmist camp. That disinformation is ridiculous in its hyperbole. Does anybody with a working noggin and any kind of technical background really believe that the constantly tossed about '97% has merit? I could not have put a figure that ridiculous past my teachers in high school. The 'Hockey Stick' is tragically stupid. Anyone with any kind of experience with actual data would, as I did and as Steve McIntyre did, do a double-take at that unusual graph. It is wrong. It is simply incorrect and anyone with much experience generating and interpreting such things suspects it at a glance. The Alarmist camp is constantly attempting to suppress inquiry and refuses to divulge information. It took literally years and legal challenges to get some of their data to double check their calculations and when it was finally checked it was wrong.

Nobody with a modicum of sense can look at the facts surrounding Climategate and believe that the villain is a malicious cracker (the real word that they confuse with hacker). That good guy took a bullet revealing the data and he took pains to reveal only as much as was needed to raise the alarm. He devoted his own time to go through it to remove personal information. The villains were and are the 'Climate Scientist' cabal perverting peer review and creating a hostile work environment for anyone that stood in their way.

Nobody could look, as I have done, at the substance of the various Climategate 'investigations' and conclude that they were anything other than a cynical whitewash.

Here is a note taken by Michael Kelly, Prince Philip Professor of Technology at the University of Cambridge during the Oxburgh panel's review:

"(i) I take real exception to having simulation runs described as experiments (without at least the qualification of ‘computer’ experiments). It does a disservice to centuries of real experimentation and allows simulations output to be considered as real data. This last is a very serious matter, as it can lead to the idea that real ‘real data’ might be wrong simply because it disagrees with the models! That is turning centuries of science on its head."

Oxburgh, described as a 'carbon-trading wind farmer' (a frightening conflict of interest he had no problem with), went nowhere near mentioning the above. It was obtained with an FOI request.

Unlike the 'Climate Scientists' who ask you to shut off your brain, trust them and stop looking for their evidence, skeptics like me encourage you to do some digging and make an informed decision. BTW -- what honest man of science attempts to smear opponents by likening them to holocaust deniers? I am entirely unconvinced by their shoddy 'evidence', entirely broken methodology, relentlessly fallacious arguments and their patent dishonesty.

Can't agree on a coding style? Maybe the NEW YORK TIMES can help

btrower

Spaces

Tabs vs Spaces? 4 Spaces. Tabs create trouble. People go *from* Tabs *to* Spaces. Who moves the other way?

Discussions of Tabs versus spaces look like this:

Spaces: you can get more code on the screen. Tabs:You should not need to; refactor if you do.

Spaces: you can work with any editor. Tabs:You should not have to. Everyone should get, learn and use another editor.

Spaces:the world is not perfect so spaces and tabs get mixed and its a mess: Tabs:That should not happen.

Spaces:but it does. Tabs:but it shouldn't.

Spaces:good luck with that. Tabs:gtg, mixup with spaces and tabs check-in. Idiots.

Spaces:been there. Thankfully learned my lesson.

Eventually, as you move from environment to environment you will find that using Spaces just means less trouble.

Arrr! Comcast working on new tech to nudge PIRATES to go straight

btrower

Am I the only one ...

Am I the only one that objects to them snooping on my Internet activity? I have plenty of problems with this, but the main thing that bothers me is the way the whole conversation has gravitated to discussing the merits of this particular use of the surveillance system as if everyone agrees that surveillance per se is acceptable. It is not.

It as is if the argument is centering on recipes for cooking babies without anyone stopping to consider that maybe eating babies is a bad idea.

http://www.gutenberg.org/files/1080/1080-h/1080-h.htm

Sad shop-shelf-clinging BlackBerry Z10 AXED ... in price, contracts

btrower

Nail biter

Whether or not Blackberry can even survive is up in the air right now. It seems as if they are copying some of their competitors more noxious aspects in order to mimic their success. Unless they can come up with some unique compelling value proposition, it is hard to see how they can make it.

One thing that might be compelling is to create a pathway to sealing the phone up so that people can communicate securely without third parties eavesdropping -- at the very least not casually like they do now. It is nigh impossible to protect against elaborate targeted eavesdropping, but it should be relatively easy to protect against most other types.

I am from Canukistan, so I would like Blackberry to succeed. However, as a mobile phone user since the mid 1980s, my Blackberry 8900 was the worse phone of any type I ever used. It was monstrously inconvenient to the point of dysfunction. When looking for accessories or some type of relief for various issues, I always found (at that time RIM) Blackberry to be entirely interested in maximum margins and entirely disinterested in correcting deficiencies such as random lockups that required removing the battery. It was a horrible user/customer experience all-round. Example: The list price for a Blackberry USB cable is $29.95CDN. In Ontario, with tax, it is more than $33CDN, about $32USD or £21GBP. It is worth about one dollar. Because they used a particular micro-usb adapter, they were hard to find and on a road trip I was actually stuck buying one for the full price above. That still sticks in my craw. Sure, Apple try the same nonsense, but I have never paid more than $2 for an Apple cable and their adapter is even more peculiar.

After the Blackberry, I switched to an iPhone 4S, despite my strong misgivings about Apple. Apple has turned out to be just as evil or even more evil than I expected. The fact that I can't remove the newstand from my iPhone desktop makes me grit my teeth. It is a big Apple 'f*ck you' to the end user. However, even with all my issues with Apple, I found the end-user experience of the iPhone 4S much, much better than the Blackberry. Whereas the Blackberry was the worst phone I ever used in the prior quarter century, the iPhone 4S was by far the best.

As a user, for me to ever go near Blackberry again, I would need to see an entire attitude change in the company. I just do not see that happening. As a developer, I might be open to looking at the platform, but they would have to make significant changes to woo somebody like me and last I looked they were not near enough.

It will be a shame if Blackberry goes under. I think it is possible for them to survive, but right now it is a real nail biter.

Child porn hidden in legit hacked websites: 100s redirected to sick images

btrower

Fixable, just like SPAM, but good luck.

We live in a climate where the legal apparatus can snare anybody the state pleases. This is one of those things that someone like me knew about decades ago.

If having noxious content on your system is a crime, then we are all potentially criminals and someone like me with nominal control over a fair number of systems is likely a criminal in waiting now.

If a well funded attacker like the NSA decides to incriminate you, there is not much you can do to defend yourself. As an aside: if, for any reason, you are or may become suspect for any breach, leave the talking to your lawyer. If you are going to be targeted you will be targeted by people who are expert in getting you to incriminate yourself. If you engage them, you will lose.

We are about to face an extremely challenging environment where pornography of any type, no matter how depraved can be synthesized without involving any actual subjects. CGI will be able to produce whatever the creator can imagine. This will usher in a time where this material is available in effectively unlimited quantities and where it will seep into things, just like SPAM.

Consider this: if you are the type of person to consume illegal pornography, what better way to get what you want and keep yourself protected than to make sure the material exists everywhere, regardless of whether or not it is wanted? I just checked and a Bing image search for a benign cosmetic procedure turns up all kinds of images that would already be illegal in some jurisdictions. Those images are now in my cache, and if I were in the wrong place and under siege by the state, I would be on my way to jail.

We really need to get public minded people who understand this stuff to help educate legislators and the public so they understand the issues.

In my opinion, we need to legislate communications such that unwanted communication can be stopped. It is desirable and possible to eliminate the vast majority of SPAM. Whatever can be used to protect against SPAM can be used to protect against noxious SPAM like illegal images.

A trickier issue is material communicated from consenting individuals and trickier still is material both produced and consumed by the same individual. In my opinion, we need to bite the bullet and make it *not* illegal to possess any imagery of any type, but rather to make proactive communication of things outside of acceptable norms illegal and to be strict in our enforcement.

The most difficult thing about stuff like this is getting people to actually understand the issues.

Geneticists resolve human dilemma of Adam's boy-toy status

btrower

The most certain are the least likely to be correct.

"The whole problem with the world is that fools and fanatics are always so certain of themselves, but wiser men so full of doubts."

― Bertrand Russell

It is not necessary that there be one objective truth and nothing else. In fact, it is not likely there even *is* one objective truth for all values of 'truth'. Even if there were, I highly doubt many of us would be equipped to understand it.

The scientific narrative seems more explanatory (to me) for things like engineering or DNA sequencing. That does not preclude the utility of a religious narrative. The religious narrative may be, for some, a better fit for making 'organic sense' of the world. There is nothing wrong with that.

Religious and moral norms provide heuristics for calculating the optimal strategy for our near-immortal genes to continue to propagate. Very few people likely even understand that last sentence and less still have any likelihood of turning it into a reliable calculation. However, most people can likely use the cultural norms they were taught as children to muddle through.

It is possible to hold both scientific and religious narratives in esteem. They are not mutually exclusive. That is why you see them both on display all the time. People on both sides of the fence would be well served by a little intellectual humility and some time spent understanding the other side's point of view.

US Republican enviro-vets: 'Climate change is real. Deal with it'

btrower

They all go in, but they never, never come out again

We have seen this before, over and over and over again. The public appears never to learn:

http://www.gutenberg.org/files/24518/24518-h/dvi.html#prophecies

The broad strokes of the catastrophe narrative are so common and so foolish that many of us learn about it as children. It might be helpful for people to review this children's story and think about how such things are promoted, why they are promoted and how the story is likely to end:

Chicken Little

Chicken Little likes to walk in the woods. She likes to look at the trees. She likes to smell the flowers. She likes to listen to the birds singing.

One day while she is walking an acorn falls from a tree, and hits the top of her little head.

- My, oh, my, the sky is falling. I must run and tell the lion about it, - says Chicken Little and begins to run.

She runs and runs. By and by she meets the hen.

- Where are you going? - asks the hen.

- Oh, Henny Penny, the sky is falling and I am going to the lion to tell him about it.

- How do you know it? - asks Henny Penny.

- It hit me on the head, so I know it must be so, - says Chicken Little.

- Let me go with you! - says Henny Penny. - Run, run.

So the two run and run until they meet Ducky Lucky.

- The sky is falling, - says Henny Penny. - We are going to the lion to tell him about it.

- How do you know that? - asks Ducky Lucky.

- It hit Chicken Little on the head, - says Henny Penny.

- May I come with you? - asks Ducky Lucky.

- Come, - says Henny Penny.

So all three of them run on and on until they meet Foxey Loxey.

- Where are you going? - asks Foxey Loxey.

- The sky is falling and we are going to the lion to tell him about it, - says Ducky Lucky.

- Do you know where he lives? - asks the fox.

- I don't, - says Chicken Little.

- I don't, - says Henny Penny.

- I don't, - says Ducky Lucky.

- I do, - says Foxey Loxey. - Come with me and I can show you the way.

He walks on and on until he comes to his den.

- Come right in, - says Foxey Loxey.

They all go in, but they never, never come out again.

Apple: 'Average' iPad toiler does a mere 46-hour week

btrower

Be Afraid

It is a shame that these violations and more are taking place all over the world. This affects us more than you might think because it is only a matter of time before we devolve into a similar sweatshop economy. We should attempt to 'level up' things before we find ourselves on the wrong end of Economic Serfdom.

Work with Microsoft's stuff for a living? Its reorg will mean NOTHING to you

btrower

Deck Chairs, Titanic

Beginning of the end?

In my experience, reorgs are what happens when something is wrong and they just simply do not know what to do. They are followed by a couple more reorgs, finger pointing, firing and in my personal experience in a couple of cases, catastrophic collapse.

The thing I would do at the helm of Microsoft is split it into three or four separate companies with separate stocks and unleash them to fight tooth and claw like the old Microsoft. Move Steve Ballmer to one, bring back Gates to helm another for a while and promote from within for the other one or two.

I would release a Windows 9 that got rid of Metro and returned to sanity and allow anyone saddled with eight to upgrade for free. Get rid of the crippleware editions and have only pro/ultimate.

I would get rid of all the activation nonsense.

I would, if in charge of operating systems and servers, fix the F*9ad0ing bugs before enhancing stuff.

Microsoft has a *ton* of goodwill they need to recover. They have poisoned the well too many times. They need to take the part of their customers and partners for a change.

PHWOAR! Huh! What is it good for? Absolutely nothing, Prime Minister

btrower

The worst sort of tyranny

“Of all tyrannies, a tyranny sincerely exercised for the good of its victims may be the most oppressive. It would be better to live under robber barons than under omnipotent moral busybodies. The robber baron's cruelty may sometimes sleep, his cupidity may at some point be satiated; but those who torment us for our own good will torment us without end for they do so with the approval of their own conscience.” -- C.S. Lewis

btrower

Re: Internet, meet wedge (thin end of)

Re: "The internet is a sharp tool."

That is an excellent way to put it.

I am relieved that most comments oppose this stuff, but worried that the wrong arguments are being put forth. As a matter of principle, we cannot agree that it is OK for some people to decide what the rest of us can see and say. Allowing that thin edge to gain entry is akin to being a little bit pregnant. There is no such thing as 'a little bit of benign State censorship'. It is precisely that thin edge that is the most dangerous. It breaches our defenses. We have to draw a vary hard line there and I, for one, would like to see some sort of legislation that makes it much more difficult for these morons (apologies to actual morons) to mount this kind of assault on the commons. These idiots who think they know better than everybody else when they can't even tell that both ends of a Cat-5 have the same RJ-45 plug should not be given any say whatsoever in what *I* can access. By their line of reasoning, we should basically be shutting down *their* access to the Internet. Their speech is actively doing a lot more harm than a picture of somebody in their underwear.

Be clear, it starts with underwear, but it ends up at heretical speech and the most heretical speech of all is to challenge the State. If you allow them to inhibit any communication at all it will end up with a loss of your rights to that and much more.

It is clearly a difficult concept for people who have trouble with simple things like cables to grasp, but we need to try to hammer it into their heads: The *law* that allows them to restrict our access to things will restrict our access to things. They will *claim* that they are only restricting 'bad' things, but who defines what is 'bad'? Clearly they are the last people who should be rendering a decision on this kind of thing. This is a slightly difficult concept and they can't even deal with simple things like whether or not something is symmetrical.

I am not being sarcastic with the above. The person who can't get his short article straight is presuming to lecture network people on network access? That is his argument to get us to allow him much, much greater scope to amplify the effect of his mistakes. I support his right to publish something stupid. I do not support his desire to restrict everything I read to only things that stupid.

We already have, in Britain especially, a highly invasive creepy State waging a very active war on its own citizens. Instead of arguing about the *extent* to which they can have even more power, we should be discussing how to roll that power way, way, way back.

US secret court renews government telephone snooping

btrower

Terrible servants. Fire them.

"the Administration is undertaking a careful and thorough review of whether and to what extent additional information or documents pertaining to this program may be declassified, consistent with the protection of national security."

What the... Fuck the courts, they have been told by us to cut it the fuck out. Now. We should be taking names and vow to prosecute these fuckers in the future.

Think about it ... All they have to do is stealth contraband into your system and then send in the troops to snatch you up. These federal governments need to be declawed and defanged as soon as we can to it.

Apple, Google, Facebook, Microsoft, world+dog urge NSA transparency

btrower

It's all Bullshit

It is technically possible for those companies to expunge their user data and to conduct their business in such a way that blinded proxies are used instead of actual Meatspace identities. The government could not request the user data because it effectively would not exist.

Anybody with a lick of sense and some idea of technology has to realize that this entire thing is akin to 'security theater'. If we work *really* hard, we will get them to use a different scam to get what they want. Why not fix this once and for all.

Forget about that stuff. Get politically active, throw the lot of them out and make it illegal with severe penalties to conspire to violate our rights.

Microsoft splurges on single sign ons with Active Directory update

btrower

Insecure by Design

None of the players offering this stuff can be trusted. They are, in essence, offering to *maybe* keep your information from third parties of *their* choosing, not yours. Going in, they give themselves access. We know from recent events (well, all of human history, duh) that they can't be trusted to stop the snooping there.

To be reasonably trustworthy, these systems need be encrypted end to end and custody needs to be spread across different data centers in different countries with multiple custodians.

It is very difficult to secure systems. It is impossible if you don't try. Nobody is even trying. Systems need to be designed to be resistant to full on attack by some of the custodians as well as third parties. It is possible to do this. They will not be unbreakable but they will be a *lot* more secure than they are now. There has been zero will to do this on the part of people currently entrusted with control of the Network.

Google, Microsoft, Amazon, facebook, etc do not need nearly the access to our information that they insist on taking. They can all do any legitimate tasks with practically no knowledge of contents or destinations of messages. They could entirely curtail their own knowledge and greatly enhance your control over your information. They choose not to. They are profit making entities whose mission does not include doing the right thing. Unless we oblige them to choose to protect our privacy, they will never do so.

Many things can now be improperly accessed that were never accessible before. This demands legislation to make much of what could be improperly obtained 'fruit of the poison tree'. Where is that legislation? A lot of the snooping going on is because we allow the people spying upon us to use improperly obtained information. We should not incent bad behavior by allowing these people to further their careers by improperly obtaining and using information. Instead, we should create very strong sanctions to punish any individuals or organizations that indulge in this behavior

The ability to secure communications is proportional to bandwidth. The more bandwidth, the greater the ability to secure messages. Bandwidth is ridiculously and unnecessarily constrained here in Canada at least. It is not a technical problem or a problem of costs. Where is the political drive to radically increase bandwidth across the board?

Addressing on the Internet is an impediment to security when it should be one of its main supports. What is with the lame and unimaginative successor to IPV4? IPV6 should have been so much more. It offers so few sensible advantages it is still not in wide use even though the address space of IPV4 is now effectively exhausted.

Everywhere I look I see vested interests whose goals are antithetical with the public good given ever more control over the network and increasingly abusing that control.

The current flap over NSA surveillance demonstrates wide ranging breaches of trust on all sides, yet we continue to allow these bad actors to control our increasingly precious global network.

Network Solutions is the last company I would trust. They have been caught in fantastical breaches of trust on more than one occasion, yet we cheerily place them at the root of the chain of trust everywhere. If we place a known, unrepentant bad player like Network Solutions at the center of the web of trust, how can we possibly expect to have a trustworthy network?

Most of the players with authority and control over the network should not even be allowed full rights, let alone control, less still complete control.

What we have now is the most treacherous of treacherous computing and it is getting worse every day. Most people can't be expected to know all the ins and outs of this stuff. However, all of the major players know and have a duty of care to know. We should not excuse their ongoing violation of our trust.

Hitch climate tax to the actual climate, says top economist

btrower

Re: The debate

Re: "Why are there so few voices of reason in climate debate?"

Because it is a stupid debate whose opposite sides are stacked with people who think that attempting to predict and control climate makes sense. Most of the dedicated proponents are still, on both sides, people who prosper as long as this is an issue and funding flows into 'climate science'. It is like Democrats and Republicans arguing over how to spend the new taxes they create and ignoring the voices of people objecting to the taxes.

Consider this:

http://climateaudit.org/2013/06/28/cru-abandons-yamal-superstick/#more-18040

The 'trust us, we are climate scientists' crowd has, after seven years, produced the same graph as one of the original skeptics did years ago already. They do this with nary a peep about the fact that they completely wrong and the skeptics were right.

The climate is largely a non-issue. We are adapted, as is the rest of the living world to both large long term changes in climate and large short term changes in weather. If we are getting hotter, it is *good* for living things, not bad. Hysteria about species extinction is coming from people with a shallow understanding of evolution. Extinction is a logical outcome of evolution. As environment changes more rapidly, for whatever reason, species extinction is *expected* to increase as the living world responds to the changing selective pressure via the mechanism of evolution through natural selection.

The fact the living world *has* such radical adaptations to wide variations in climate means that this must have happened often. If wide swings were not the norm, you would not see the adaptations. They exist because of *past* conditions that varied. They did and do not anticipate change in the future. If you don't 'get' that last sentence you don't 'get' evolution. If you don't get evolution, you are not likely to have a nuanced view of the effect or lack thereof on living things.

To the extent that anything of real value to the living world is involved, a single species extinction has a vanishingly small chance of having any significant impact. Important genes are preserved across phyla and the most important mechanisms such as encoding proteins in DNA and RNA are nigh indestructible. It is the trunk and the branches and the totality of the leaves that keep the tree of life alive, not individual leaves.

Broadly speaking as far as species extinction goes: If it is important, it is not in danger. If it is in danger, it is not important.

I cite biology here because it is one of the things I know off the top of my head. I was trained in it. To the extent I know any other subject, the climate change industry is also ridiculously at odds with empirical fact.

As an aside, the mealy mouthed words used in alarmist documents such as 'may', 'might', 'could', etc are not how I was trained to express scientific results. You say what your stuff indicates forthrightly. If you can't make some sort of statement you have some or all of a crappy experiment or crappy data or crappy analysis or crappy education. Given the horrendously bad stats involved, I would say the latter is a distinct possibility.

Don't take their word for it. Go back and look at their data, if you can find it and wrest it out of their hands, and attempt to follow their arguments. Strike out the maybes and the coulds and beliefs in consensus and Pascal's Wager and see what you have left. There is not much there. Any alarmist climate change nonsense I have seen completely unravels under any kind of inspection. I do not know a single technical person who has looked at this nonsense and believed it.

Why do *I* bother? Climate change is fake, but the damage climate change alarm does is real. That tax money and those research funds belong elsewhere.

btrower

Not right, but less wrong

I doubt that McKitrick really believes this will be the cure as a mechanism. However, forcing a debate on the notion will be very constructive and even if this mechanism is adopted it is less damaging than current directions.

You can bet that when it comes to risking their own money on it, the alarmist camp will be decidedly less certain of their pseudo-science than they are now. This would at still the more contentious and noisy aspects of debate for a while.

One of things I like about this is that it will force alarmists to show their true colors.

Douglas Engelbart, PC pioneer and creator of the mouse, dies at 88

btrower

Re: Maybe they will know him now.

Re: "I think he was noticed by the people who matter. I'd rather achieve recognition by my peers than celebrity status."

Agreed; moi aussi. Still, he fueled the popular imagination. He belongs there as well.

btrower

Maybe they will know him now.

By coincidence, just last week, apropos of us not knowing our own, I wrote this:"

"Doug Engelbart is still alive as I write this. I wonder what percentage of people whose livings depend upon his work have even heard of him. You would probably need a decimal point to express it in numbers."

It is a shame that these people have to die to get noticed.

[http://www.theregister.co.uk/2013/06/27/2013_internet_hall_of_fame_inductees/]

Windows 8.1: So it's, er, half-speed ahead for Microsoft's Plan A

btrower

Summing up

I read all the comments and it is pretty clear that except for a very small number of MS fanboys the overwhelming consensus is that W8.1, lipstick edition, is unable to disguise the pig underneath. My recent experience with it was just torture.

There is no way to view this differently. MS should have *defaulted* to the old interface and made the new one optional. Is there any doubt even in the minds of the fanboys which interface would be used by most users?

There is something almost sinister in the level of arrogance of a company that does this at all, let alone even after the market place has spoken with a thunderous voice.

There is a huge opportunity for an up and coming executive in MS to spearhead a move to sell a 'classic edition'. They should talk to Coca Cola and see how they recovered their disastrous move to a new and improved product nobody asked for.

I will switch my two users with Win8 to the lipstick edition, but I don't expect them to stop complaining that they are still stuck with pig.

Andreessen, Metcalfe, Stallman and Swartz added to Internet Hall of Fame

btrower

Sometimes the good guys win

I am glad that rms made it on to that list.

What you are reading here likely came through code compiled with Richard's gcc. It could not get to you without somewhere touching on GNU code, of that I am sure. We might have had a free Internet without rms, but I doubt it. Look at how vigorous the makers of walled gardens *continue* to battle the open Internet. Imagine if Apple had even more control than it does now. Ugh.

I still think that rms gets a raw deal considering his contribution to the world.

Ten years ago, I wrote the following article:

http://www.theinquirer.net/inquirer/news/1012416/in-praise-richard-stallman

It was well received, but the world has continued to ignore rms as much as it can. A surprising number of technical people don't really know where all this stuff comes from. I am still peevish about how Dennis Ritchie's passing was overshadowed by Steve Jobs' passing. Doug Engelbart is still alive as I write this. I wonder what percentage of people whose livings depend upon his work have even heard of him. You would probably need a decimal point to express it in numbers.

I am, like rms, a 'hacker'. I am proud of that. In the culture of the people who gave you the Internet, it is a compliment. How many reading this do not even know that?

It does not happen nearly enough, but sometimes the good guys actually win.

A simple SSL tweak could protect you from GCHQ/NSA snooping

btrower

The devil you know is still the devil

Re: "US companies run most of the trusted root certificate authorities."

Most of holders of root certificates are among the entities I trust the *least* to protect me.

ICANN puts Whois on end-of-life list

btrower

Re: Money grabbing barstewards

Re: "ICANN has lost the plot. Quite some time ago to be fair."

Spot on. Whois is an essential tool for me. This seems like some sort of power grab.

Korean doctors: Smartphones really ARE doing your head in

btrower

Re: Cobblers

Aaaargh -- forgot what I was going to say.

Privacy activists sue FBI for access to facial recognition records

btrower

How well will it work?

Interesting problem. We can recognize people and often even distinguish identical twins from one another. However, we only get to that point with a few hundred people. With 7 billion people, is facial recognition going to be enough to essentially 'prove' it is you in that picture?

As for trusting the FBI with that database -- not a chance. We need to dismantle and replace entities like the FBI. They have over-reached to the point they cannot operate properly and they are demonstrably incompetent at their legitimate mission.

Windows 8 hype has hurt PC makers and distributors - Gartner

btrower

Win 8 -- Worse than you thought

Had access to Win 8 a long time ago. Tried a few times but never found it anything but an irritation.

This past week I purchased 3 cheapie HP notebooks and all had Windows 8 pre-installed, along with a vast selection of crapware.

After about 12 hours wrestling with Windows 8, I was tearing my hair out. It is just beyond awful. Worst Windows transition ever and that is saying something considering Vista.

MS are not letting up, it seems. The V8.1 stopgap does not look promising.

Unless Windows 9 comes quickly and vastly improves on Win 8, I will probably be shifting a lot of stuff to Linux for a back end and browsers for a front end.

Microsoft is soon going to discover how much more difficult it is to get an old customer back than it is to keep them.

Ed Iacobucci: Brains behind OS/2 and Citrix, nicest guy in tech

btrower

A giant

Iacobucci is a largely unsung hero of the age of PCs. I was intimately involved in early development for OS/2 and the APIs showed a maturity that NT never achieved.

I was also a Citrix dealer and a shareholder early on. I made a little money on the stock, but chickened out and sold before it really took a jump up. Sigh.

Here's why being a dealer did not pan out: I did a presentation on this to Microsoft in Canada, preparatory to getting to some of its customers. They completely shot it down thus: It is not Microsoft's direction to go with thin clients. Flash forward 18 months and MS had their own product. What are the odds?

There were and still are some good guys high up in the ranks, but they are far and few between and history is always working against them. For the most part, in IT, the bad guys won. Ed was a happy exception.

RIP

Wireless traffic-info networks could save BEEELIONS per year

btrower

Way to go

This is where we need to go, but...

Securing these things needs to be built in, not tacked on in response to attacks.

On an academic network somewhere people were posting about this subject and the majority all thought that these systems were relatively hack-proof and safe. Nothing could be further from the truth. In fact...

If they do not lead with their security strategy expect them to be insecure.

John McAfee releases NSFW video on how to uninstall security code

btrower

Re: When Intel bought McAfee, I cried.

Re: "It is not possible to secure a Windows desktop from its user."

Priceless poetry. This conjured up the most hilarious image in my mind. I actually laughed out loud. It's funny because it is too true.

btrower

Heroic

This is absolutely the way I expect a real computer guy to rock. Fuck Bill Gates and Steve Jobs.

Kim Dotcom victim of 'largest data MASSACRE in history'

btrower

Accusation should not equal guilt

Re: "That's really only one count"

And at that it is only an accusation. Sure, in the United States, accusation is operationally equivalent to guilt. However, it should not be. We have both a right and a duty to demand better.

btrower

The feds are not going to stop themselves

Personally, I suspect that DotCom is guilty of something. However, that has yet to be proven in anything approaching a fair hearing. Even if it were, proving someone at my data center has done something wrong does not give you license to destroy my data.

I would like to see a gruesomely draconian judgment against the people responsible that makes them pay what it would cost to restore that data, by typing it in by hand if it comes to it. If they can't afford the money, sit the bastards down at a keyboard and tell them to get to work.

Depending upon what content is there, a gigabyte of data could take a lifetime to assemble. If that was typewritten ASCII text it would be more than 120 million words. A programmer would not produce that volume of source code in a working lifetime.

Cretins unable to appreciate what is stored on hard disks should have absolutely no say at all what happens to it.

Nuke plants to rely on PDP-11 code UNTIL 2050!

btrower

Retire while you can

I designed, partially wrote and helped to implement a system that took over from a PDP-11. They were curiously able machines. However, the system that replaced them was significantly better and allowed continuity that would otherwise be impossible.

Like another poster here, I am not comfortable with a mission critical system running on a PDP-11 even now, let alone decades from now.

Sadly, in practical terms it is a tough call how you would realistically transition out of this particular situation. Stuff built on Microsoft's buggy shifting sands would be a disaster waiting to happen and it would not be that long a wait.

I would be inclined to hire hardened embedded C programmers and a manager and testing team that knew how to build mission critical systems *plus* I would design a failover and failover-failover to be on the safe(r) side.

I would look to purchase a huge indemnity policy on the work to force an insurance company to inspect the system close enough to bet their money on it. That would be very expensive, but considering the downside of failure, I would pay for it.

I would resist the urge to connect the system to the Internet :)

Remote code execution vuln appears in Puppet

btrower

What the fail?

Let me get this straight: Code designed to execute arbitrary code executes arbitrary code. Did I miss a meeting? Does the fix involve, stopping arbitrary code from executing? Who is doing security walk-throughs or auditing this stuff?

Google Brain king slashes cost of AI gear

btrower

Portable source code

Portable source code or GTFO.

NSA Prism: Why I'm boycotting US cloud tech - and you should too

btrower

Re: Brilliant article...

@xjy: Brilliant comment.

If you get dissed by the PTB fanboy here, you know you have struck a nerve.

Not just telcos, THOUSANDS of companies share data with US spies

btrower

No magic wand here

People in the government do not have a magic wand that turns the illegal into the legal.

Re: "In many cases, the report claims, companies voluntarily hand over information that intelligence agencies might otherwise need a court order to obtain."

If it needed a court order in the first place, it is not within the power of a federal bureaucrat to waive that requirement.

Re: "That exec will typically be given documents granting him or her immunity from all civil prosecutions related to the information sharing. ... Similarly ... major US internet providers ... have received letters from the US attorney general indemnifying them from lawsuits under US wiretap laws."

If a rogue civil servant sells the Statue of Liberty, that does not mean the Statue of Liberty has actually been sold. It is not going anywhere. They do not have the power to sell the Statute of Liberty. Similarly, the people purporting to grant immunity do not have the power to do so. They do not even have the power to grant indemnity. The U.S. public have not given their federal government Carte Blanche to do whatever they wish. There is not, to my knowledge, any civil servant with the power to accept open ended liability on behalf of the people of the United States of America.

Re: "... often the strict legality of such information sharing is unclear."

Ignorantia legis neminem excusat -- ignorance of the law excuses no one. Especially in a case like this, the people violating the boundaries of the law are culpable.

The murky events of September 11, 2001 have been used to justify all manner of egregious breaches on the part of civil servants. It is time to reign them in.

NSA: 'Dozens of attacks' prevented by snooping

btrower

Sure, we all *love* the PATRIOT Act.

Not.

re: "referring on multiple occasions to the unanimous support that the Patriot Act had received in the early 2000s"

Yeah, right. The PATRIOT act is an insulting attack on the Republic. The fact that these weasels are still frantically spinning this shows how bold they have become.

There is nothing even the tiniest bit complicated about the fundamental law of the land as embodied in the United States Constitution and they are well beyond any sane interpretation of it.

It defies the imagination that anybody in the know could seriously think the PATRIOT act does not conflict with the Constitution. Even courts already stacked by an over-reaching federal government have ruled that it contains provisions that are unconstitutional.

How does legislation so fundamentally at odds with the spirit and even the letter of the basic law of the land even get introduced, let alone passed?

Is it too much to ask that legislators voting on this are conversant with legislation they are passing? How about at least requiring them to have some familiarity with the Constitution they have sworn an oath to protect?

They should be seriously considering allowing recall elections and term limits. That would at least slow down this rush to the bottom.

Whoever recently showed us the secret documents: Do get in touch

btrower

RevengeOfTheNerds

Play on. EOM

Page: