Posts by Doctor Syntax 40432 publicly visible posts • joined 16 Jun 2014
"DVD drives are so common today that finding one in 50 years time (if only to reverse-engineer a non-functioning one) is likely to be easy."
It's not so long ago that 5 1/4" floppies were common. And 8" before that. There aren't too many about now. And good luck reverse engineering a non-functioning DVD drive.
You just have to keep migrating to new media.
"The new Bill must close all the old loopholes, and the new overly-broad powers that are in the current draft of the Bill must be eliminated if we are to avoid repeating this scandal of the Executive writing its own powers."
That's an overly-broad statement. We need more specific requirements. Here's my suggestion.
1. The presumption of innocence is an important principle in English law. A corollary of that is that, whilst an investigator will necessarily regard individuals as suspects prior to conviction, the population as a whole must not be treated as suspects. Mass surveillance is not an unacceptable means of investigation.
2. Any interception must require a warrant.
3. It is unacceptable that a warrant be granted by a politician or by an official of the investigating body. It must be granted by a judge or magistrate.
4. There must be a regulatory oversight of the process over and above that provided by the independent granting of warrants
5. The regulatory oversight should review the outcomes of intercepts. The percentage of significant outcomes should be compared against the sources of requests for warrants and against the granters of warrants. In the first case this would be to check for attempts to slip unjustified, overbroad requests through the system and in the second to check for regulatory capture. Suitable action should be taken in the event of the discovery of anomalies including withdrawal of the ability to make requests or to grant warrants. There should also be spot checks on the returns made for this statistical review.
6. The regulator should also respond to complaints from members of the public in regard to abuse of the interception powers.
7. The regulator should have the power to act when abuses are discovered. Available actions should include requiring agencies to take disciplinary action, criminal proceedings and ordering public apologies and compensation to victims of such abuse.
8. The regulator should publish regular reports including summaries of the statistical reporting, complaints and all actions taken in the event of abuse.
If the regulator needs a motto "Quis custodiet ipsos custodes?" seems appropriate.
"But interested to know what exactly you think is so special about the UK electricity supply sector that makes you think it is so different from others like Australia and NZ?"
I don't know about your environment but here we've had a stupid charge to "renewables"* which means supply is increasingly unpredictable.
In consequence the responsible govt dept, rather than admitting it's got things wrong & needs to take action to keep the lights on, wants to be able to balance the system by remotely switching the lights off. And we don't actually like the idea that someone in Whitehall or wherever should be able to remotely switch off our washing machine mid-cycle or our freezer or our fridge or our lights.
Given that smart meters are, in effect, remote switches, we see them as an essential element of achieving that. The irony, of course, is that when they start to exercise that ability, should they get it into their hands, the political consequences will finally dawn on the govt. with the result that there'll be a panic programme to build nuclear capacity at whatever cost.
"other than the government mandate"
That in itself is sufficient basis for mistrust whatever the colour of the govt. If anything the other lot would be even worse.
* Renewables here don't include much hydro nor, as far as I'm aware, any geo-thermal. And this comes on top of generations of technophobe politicians and administrators who have thrown away our early lead in nuclear generation.
"energy-engaged"
Engaged! More marketwanker-speak.
After I'd renewed my house insurance recently, my insurers decided to start spamming me except it's not called "spam", its "part of our customer engagement". (We'd had words about spam a couple of years ago after I found the email address of someone senior in their marketing.)
Using your own domain for email has benefits. Last summer I sorted out my email to give individual addresses to people I'm a regular customer of. So they've quickly found themselves disengaged when I deleted their address. They'll find themselves even more disengaged next time renewal's due.
"Also different leccy suppliers use different meters, different software... so if you dance to that other favourite gubmint tune and SWITCH - then your spiffy new smart meter immediately becomes a good old-fashioned dumb meter."
Sounds interesting should they ever try to insist on installing one here.
"In a letter to Rudd this month Henney had said the only beneficiaries will be the meter manufacturers."
Given standard IoT security this is wrong. Terrorists could also be beneficiaries. This is the line to push. It will stop the roll-out stone dead (assuming it isn't effectively stone dead anyway). And their security won't be able to be improved because encryption.
"The intelligence community is coming to the tech companies and saying sorry (not publicly, that would be too much) "
If you're right it's a good start but publicly is not too much, it's what's needed. However I don't see the tech companies being able to help the community out of their hole. If they were to try they'd simply find their customers turning against them and looking elsewhere for secure apps.
Missed the edit window.
The security community also need to accept that there is no magic bullet to solve their encryption problems. Code for strong encryption has been generally available for a couple of decades. It's not going to become suddenly unavailable.
Mandating weak encryption or key escrow systems are not going to satisfy public needs. If such restriction on strong encryption were imposed on suppliers in their jurisdiction the public would simply turn to suppliers from outside. If such external software were made illegal then the general public would suffer but anyone wanting to use strong encryption for illegal purposes would not be affected. As I've written here previously, you do not dissuade people who are or are planning to break laws by furnishing them with more laws to break.
The security community has a real problem with widespread use of strong encryption. It's a problem entirely of their own making. They can't blame anyone else. And frankly I don't see what they can do about it now except live with it.
"Admit what exactly?"
Exactly what I said: that they have lost the trust of the people.
The people who object to being spied on. The people who are the customers demanding end-to-end encryption of Apple etc's services. The people who are the demos in democracy. The people whose taxes pay their salaries. The people for whom they are supposed to work.
Clear enough?
The problem the intelligence community is stuck with is that it has lost the trust of the people it is supposed to serve. Neither Apple, Google nor anyone else can repair that trust for them, it's a job they have to do themselves. Frankly, I don't see how they can do that but a useful first step would be to stop all the bluster and admit it publicly. A few resignations would be the next step. Then someone with clean hands will have to do the hard work.
"the way that Linux Mint started insisting on having my password every single time, rather than just the first time after booting"
So if someone came up with a piece of Linux malware you'd be quite happy for it to install itself silently rather than draw itself to your attention by asking for the password?
@fatbuddha
Suggested strategy:
1. Linux (or BSD but in these days of systemd Linux is probably closer to what you're familiar with).
2. Use the native Linux or BSD tools as far as you can. This is probably further than you think and a lot further than the naysayers who last tried OO in 2008 think.
3. Where there's no suitable native tool run the preferred Windows tool under Wine or Crossover.
4. For the cases where the Windows tool won't run under Wine or Crossover run Windows in a VM. An old copy of W2K may do fine and won't try to install spyware even if you let it connect to the net.
"And the piece of equipment in question cost $AUD 800K+"
Yes, I should have put a price on the hypothetical piece of kit. Presumably there are people thinking you should just write off substantial chunks of capital equipment just because Microsoft EoLs an OS.
"If people can't cope with this then they are in the wrong industry."
The reasons why businesses are stuck on old versions have been gone over here many times. However, here's a clue.
Imagine you're supporting a system which is business critical. It depends on a piece of software which won't run on versions of Windows later than XP. It controls a machine which has a life expectancy of about 15 more years. The S/W vendor has gone out of business and there was no code escrow.
If you can't see the problems you face you're in the wrong industry.
'“The difference between us and everyone else’s backup is that theirs is time-based, whereas we’re based on transactions,” he said. This enables the destination side of a data replication to reconstruct incremental transactions after the bulk of the data has been moved.'
Is there any transactional RDBMS offering replication that doesn't include this?
The thing to remember about pets and cattle is that the latter get slaughtered. Whilst you're busy herding your cattle your salary is probably being paid by business running on some pet server. Or, looking at it another way, when some service goes TITSUP maybe it was because one of the cattle got slaughtered.
Apart from using deliberately weak encryption there are at least a couple of ways such a back door could be provided, both of which, of course, are simply disasters waiting to happen as far as legitimate users are concerned and easily bypassed by the intended targets.
One is for the application to lodge the key with the network operator or directly with the govt. The other is for the govt to issue a public key to the application so that all messages would be encrypted twice, once with the user's key & once with the govts key and the two versions combined in the message format so the govt can decrypt intercepts without approaching the network operator. The immediate issue, of course is which govt? Probably the 5 Eyes would get together on that. The big problem, of course, is that the escrow key store would be a major target for hackers and a single private key would sooner or later be leaked, effectively decrypting all messages.
The result of introducing such an arrangement would be a rash of 3rd party applications offering end-to-end encryption, either generally available or through the dark net.
What part of "it won't work" do governments not understand?
"The only way this could ever work is THE NORMAL LEGAL WAY"
Agreed but let me extend this. There needs to be a feedback mechanism to ensure the whole procedure isn't being used for fishing expeditions.
The requester is obliged to report all warrants to the regulator along with the results. The regulator compares the percentages of results from different requesters. Anyone who has anomalous results gets investigated and the judges are kept aware of the various requesters' results. And spot checks are made to ensure the requester's returns are correct.
As there's a risk of regulatory capture between requesters & judges the judges could be given feedback to compare their percentages of successful warrants with their brother judges.
Finally the statistics are summarised in the regulator's annual report.
One of the mistakes the ISPs have made here is to go along with the govt's anodyne vocabulary. On the first mention of "filters" they should have added "in other words a database" and then used that term in the rest of their submission. It's likely that the general media would pick up on this fairly quickly and given that the term is pretty toxic in this context the gov't would quickly have found itself dragged into defending the term and getting the whole thing more and more toxic publicity.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
