Posts by Peter Brooks 1 30 posts • joined 11 Nov 2012
That's the point. If you want to spy on people with money and secrets, then selling a really expensive 'encryption' phone is the perfect way to trawl them in.
This is another fishing trawler for rich idiot's secrets:
https://en.wikipedia.org/wiki/Blackphone
Black phone promised to post the source code years ago - still no sign. Of course.
Usually the feeling that the gods and the forces of nature habitually conspire against us is a product of confirmation bias - we forget all the times that woes come as single spies, because the times they come in battalions are so much more memorable.
It's important to be aware that this is not always the case. You are not paranoid when the bastards really are out to get you.
In particular, in many circumstances, maybe even the case of a washing machine, the underlying problem can be one of capacity - capacity problems are difficult to detect because they are intermittent at first, and then, finally, and spectacularly, catastrophic.
There are few things quite like, honesty, integrity, and a concern for others, for upsetting spooks, and secret policemen.
On the bright side, I suppose, as evidenced by the redactions, is that at least some of these particular spooks are still ashamed of themselves.
Never base your decision to buy something on the price tag.
Look at the TCO - the total cost of ownership.
In those terms, Apple is cheap. Apple laptops are brilliantly over-engineered, so the last for ages. The keyboards are a dream to use - your first TCO saving. Every time you type anything, a good keyboard will help you be faster and more accurate, and reduce fatigue. Add up the savings there.
Apple machines are much cheaper to support - add up the savings there.
Apples machines don't crash, at least hardly ever - each time you have a crash, it costs money.
Most importantly of all. OS/X is designed - not thrown together. That means it is easy to use and navigate. A job that would take ten minutes of frustrated effort on a Windows box, and then need help from support, is likely to take seconds on a Mac. Add up all those, over the life of the machine, and you've saved weeks, or months, of time. You've also reduced you levels of stress, quite probably lengthening your life, and reducing you time off work for depression or burn-out.
Buying a Mac is better than cheap, it makes you more productive and happier, whilst saving you from all the costs that come from bad (or no) design.
If the code is rubbish, that would explain a lack of contributors, I agree. It's also a good reason to go for open source code, you can see if it is any good yourself.
If bad code goes proprietary, that's a good signal to leave it alone altogether.
I've long thought that one reason, apart from losing control of the spy portal it gives to the NSA, and, presumably, other high-paying customers, Microsoft didn't open source its software is that it didn't want the world seeing how bad it is. The world certainly suspects, from how badly it works, but you'd need to see the rats' nest itself to know just how bad it is.
Nobody with any concern for risk, who had any data of any importance would put any of it on closed source. Never trust a binary.
Banks also want to transfer risk to their customers, and, if that fails, to governments - they have succeeded, more often than not.
The only point of a bank, in economic terms, is to make money from absorbing risk. Once they stop absorbing risk they're simply a fiscal drag - like the Mafia.
Banks behave as idiots with technology, because they don't know the risks and, thus, understate them by a few factors of 10. This isn't an accident. Since they don't need to worry about the risk, since it is absorbed by their customers or by governments, why should they bother even knowing what it is?
It's exactly the same with the Western Digital WD Passport Wireless disc.
The difference is that the WD Passport has the source code provided, so you can download it, find the support trapdoors, remove them, recompile and install it.
You can remove the cruft you don't want at the same time.
Mainly the problem is poor design - something virtualisation encourages, along with poor demand and capacity management.
These things are difficult, because they involve thought and careful analysis. So they just shove it all on virtual machines.
What amazes me is how surprised they get when it costs a fortune and performs badly - precisely what you'd expect from that 'solution'.
From the point of view of the massive waste of energy and money, it'd be interesting to know how much computing power is used to:
- run exchange servers exfiltrating sensitive data back to the mothership
- mirror databases pointlessly because they share the same SPOF, the virtual environment
- run multiple linux consoles that nobody logs into
- keep the Regin botnet expanding
It must be many megaflops and petabytes.
"
Most of his trolling is much easier to explain in the context of a person lacking social awareness trying to participate in the commentard style prevalent here getting into an argument that to him seems somewhat legitimate and not having the emotional intelligence to realize the escalation of his own actions beyond the acceptable. Most of us have done this before (and likely will again), and we don't have missing pieces of mental software critical to such faculties.
"
I think you might have a point here. There's no doubt that some of the unpleasantness is, as the original article suggests, a result of bullying by those with the dark tetrad, it's quite likely that some more benign types are caught up in the net.
Calling such people 'autistic' or 'Aspergers' doesn't really help. These are extreme levels on the overall autism scale. http://www.mhs.com/product.aspx?gr=edu&id=overview&prod=asrs
It's quite normal for people who are reasonably high on the scale, but a long way from the levels that would be classified as being Asperger's syndrome, to have difficulty communicating socially. It's quite common with technical types, mathematicians and scientists, for example.
Cryptography is a complete waste of time if you have any closed-source software on your computer - Microsoft DOS, word, exchange, all that spyware will deliver your information to your US competitors in plain text before it gets to any encryption. Open source is the only protection - and even that isn't perfect.
An Ada microkernel - the long-awaited APSE (Ada Programming Support Environment) could be built on it.
If it was designed and coded well, it could be used under Unix - eventually you could replace the c-based UNIX with a superior (faster as well as more secure) Ada OS. If you start with the microkernel then, over time, you can re-code the other parts, leaving things like the user GUI until last.
Indeed - the conflict of interest is even more basic. It's a fundamental conflict in perspectives and attitudes. The bank's interest is not just in overcharging, but in, ideally, getting you into hoc to them - so they're actually interested in you getting a bad deal. The more you pay for the company, the worse for you, but the better for the bank.
That's not really a 'conflict of interest' it is completely opposite interests.
Paying anybody a percentage for advice is simply daft. If Google wanted advice from a bank, they should buy the bank, get the advice free, then flog the bank at a profit.
It's like Estate Agents. Once upon a time, people thought it reasonable to be charged a percentage by them for buying or selling a house - the point was it was difficult to find out about houses for sale. Not it is easy, the only reason to throw your money at an Estate Agent is because you're his mum.
Here's some extremely good advice on cyber-security. It's all the more remarkable because it is from 2012. It makes it abundantly clear that, if you are concerned for your security, only open source software offers you any hope at all:
"
The task of finding and eliminating every significant vulnerability from a complex product is monumental. If we also consider flaws intentionally inserted by a determined and clever insider, the task becomes virtually impossible. While there is a large body of literature describing techniques for finding latent vulnerabilities in hardware and software systems, no such technique claims the ability to find all such vulnerabilities in a pre-existing system. Techniques do exist that can prove a system implementation matches a design which has been formally verified to be free of certain types of flaws. However, such formal techniques must be incorporated throughout the design and development process to be effective. They cannot currently be applied to a finished product of significant size or complexity. Even when embedded into a design and development process, formal techniques of this type do not yet scale to the size of complete commercial telecommunication systems.
"
"
A security evaluation of potentially suspect equipment being deployed in critical infrastructure roles may seem like an answer to the security problems posed. Unfortunately, given the complexity of the telecommunications grid, the limitations of current security evaluation techniques, and the economics of vendor-financed analyses provide a sense of security but not actual security. Significant security is available only through a thoughtful design and engineering process that addresses a complete system-of-systems across its full lifecycle, from design to retirement and includes aspects such as discrete technology components, their interactions, the human environment, and threats from the full spectrum of adversaries. The result of such a process should be a convincing set of diverse evidence that a system is worthy of our trust.
"
This is who said it (full document):
http://ow.ly/z72DI
Have you thought of using mediawiki - the engine that runs wikipaedia? It's free, of course, but very flexible. You'd need to develop some modules yourself, but if you've got some PHP or python expertise ,it's not difficult.
Knowledge management, is obviously standard, so you can build on that. You've also got the power of the semantic web - you're not just stuck with categories, you've got semantic properties and the power of semantic queries. ( http://semantic-mediawiki.org )
You'd need to look carefully at all your requirements and decide what you needed in the short term and what you could develop in the medium term. ITIL service management advice could help you with the requirements for incident, event and problem management - it's only a tiny part of ITIL, but the book is: http://www.amazon.co.uk/dp/B00AHGVMTA/ref=rdr_kindle_ext_tmb
If you need event management, consider the flexibility of http://www.opennms.org
If you're working on getting your requirements right: http://www.amazon.co.uk/dp/B00CFIJRVI/ref=rdr_kindle_ext_tmb
Actually /dev/null is quite sensible. I've pointed out to people quite often that there's not much point in keeping stuff on tape that's going to take so long to get back that it'll be no use in a disaster. At least with /dev/null you find out quickly that there's no archive and do something else about the problem - instead of waiting three days to come to the same conclusion.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2020
