Posts by Doctor Syntax 40485 publicly visible posts • joined 16 Jun 2014
"ISP's have to log activities because YOU voted for the idiots who made that a law that they collect the info."
Dunno about your environment but here the effective choice is between two parties each of who will put either such an idiot into the Home Office or at least one who will promptly go native.
"an FM baseband receiver that's either lying unused in a device, or could be cheaply added to it."
Oh yes? Here's a device without an FM receiver. Now how do you propose to cheaply add one? Soldering iron, piece of twin-flex & a cheap tranny? Or is "add" an abbreviation for "throw it away & buy a new one"?
"On civil construction / arquitecture[sic], normally, the project is sucessful when the building stands the test of time (aka doesn't fall due to structural flaws)."
The ratio of design/physical construction phases are very different.
The civil engineer/architect team draws up a design & then hands it over to the construction contractor who in turn hands over to the direct labour to the brickies, sparkies, plumbers etc. but a good deal of the detailed design to the host of manufacturing companies who make the bricks, the cement, the screws etc. (and good old nature which has been in the wood making business for millions of years).
In software the physical construction is trivial. The design team is responsible for a much higher proportion of the work. Where pre-built components (libraries) are available the effort needed by the design team in understanding their interfaces is much greater (how complex is the interface of the common house brick?).
There is also a difference in the regulative environment. The building client can't decide that proper lintels, electrical insulation and ventilation aren't needed but nobody will stop the software client deciding to forego proper encryption or sanity checks between the web front-end and the database.
I posted a comment under the T-Moblie/Experian report to the effect that one solution to dealing with major corporate failings would be that adopted after the Apple ebook pricing case: the appointment by TPTB of a competent, independent auditor/inspector to be paid for by the company. The role would be to investigate thoroughly and require any remedial action. I'll extend that idea to include vetting any statements made by or on behalf of the company during and after the event and to correct them and censure the spokesperson where appropriate.
Maybe the way to deal with this would be similar to the conditions imposed on Apple after the ebook pricing business. TPTB impose an auditor who the company has to pay for who can go through everything they consider relevant to the issue - in this case security - to ensure appropriate action is being taken.
@A/C
I think things are more nuanced than you imply. For a start some of the problems we've seen recently were implementation problems, Heartbleed for example. Then there's the question of computational resources and message value & currency.
Consider, for example that an announcement is due to be made tomorrow which will affect a company's share price. If you could get the content now you could make a killing but the message is encrypted with a system it would take you until next week to decrypt then you won't get any benefit. If it used a system you could decrypt in the next minute you could. According to your definition both would be broken but one is strong enough to do the job it's used for and the other isn't.
"they could easily have bought the tiny backstreet company."
But that would have involved headcount, HR and whatnot. HR would then probably end up making the only people who understand the code redundant because they don't fit into NHS pay scales - or pissing them off so much the just leave.
"To keep a name and address and in particular payment details once the transaction is completed?"
No. Earlier today I wanted to buy a book advertised on Abe books. To do that it wants me to set up an account. That would mean either giving them the current odds & ends email address that gets zapped after a few weeks in which case I wouldn't be able to reuse the account anyway or log into my email provider and set up another special address for them. As the shop isn't too far away I just rang them up, asked them to put the book to one side & I'll collect it later. The only downside is that SWMBO will probably come with me and letting her loose in a bookshop will cost several hours of time if no actual money. In the mean time Abe books lose their commission.
"You can use pgp with enigmail. It takes all of five minutes to set up. However, people at heart don't really care."
That is why it needs to be the default. Encrypted and signed.
Signed email? Even Microsoft's email spam filters might be able to spot "click here or we'll suspend your account" spam.
That way there would be no point in NSA or the like hitting anybody. To some extent it would take away part of ProtonMail's advantage but there would still be value being based in one of the few places that takes confidentiality so seriously.
Tackle it at OS level.
Store data in a drive or partition only accessible to specific servers. Applications request read/write through these services, similar to a database engine. ID is extended to include application as well as user so the service can be set up to limit write access to the correct application & maybe grant read access to other specified applications e.g. you can only update your contacts via the contact app but your email client can ask for an email address.
The server would need a mechanism for verifying the ID of the request and the application installation mechanism would have to be fairly closely guarded to ensure substitutions weren't made.
One tricky aspect would be having storage that out of bounds to the kernel - or maybe some sort of micro-kernel arrangement. I'm not sure Windows could manage this but maybe OpenBSD could.
"Team Economist advises that anyone who received what appeared to be a Flash update from the website should change all of their passwords on their computer, and notify their banks and other financial institutions to check for suspicious activity."
I hope they told their readers to get rid of the nasty before they changed their passwords, otherwise it's a bit pointless. Of course I could go to the Economist site & see for myaself exactly what they said but I think I'll give that a miss.
If any of their readers sustains damage from this who's going to be liable, the Economist or PlayFair?
"You could say maybe he's a dickhead for suing but not visiting those web sites etc"
Fair enough comment for that. But did he download and read the spec sheet from AMD before he bought. If the manufacturer's spec matches what he's bought then how can he complain? I bought the 1.6 turbo - why wasn't I given the 2.6 V6 4-wheel drive? Should I sue?
"It says nothing about open source whatsoever. If you *want* to circulate open source code, then nothing in this text prevents you."
I thought that at first. After a few seconds consideration I'm not so sure. The principle of the GPL is that if you distribute an executable you must provide the source. There have been a few instances of companies building products around GPLed code, modifying it & then distributing binaries without source. Although it doesn't stop you circulating code if you want to it seems to give a hiding place for companies who don't want to but should under the terms of the licence.
A while ago I had an email like that from someone I'd corresponded with a year or two earlier. Apparently some people from her address book had been spammed with one of those "help I'm stranded in foreign parts" scams. She wasn't sure who'd been spammed so she sent the email out to everyone on her list, about 200 addresses IIRC. I wrote back to her to advise her how to do it properly next time.
Oh dear, I've just remembered, I forgot to include her in my change of address emails earlier this year. What a shame.
As far as I can make out the situation was that Schrems was accusing Facebook of playing fast and loose with data beyond what it was provided for, i.e. beyond Schroepfe's "clear legal grounds to make sure that your feed isn’t limited to only the people who are also in the EU". His Austrian legal system had punted him to the Irish authorities who tried a "nothing to do with us, squire" on the basis that it was an EU Commission matter because of Safe Harbour, which was their baby. The ECJ kicked it back to them taking out Safe Harbour as collateral damage.
It's up to the Irish to investigate Shrems' complaint to see if it has merit. That could limit FB's use of the data beyond its nominal intended purpose but assuming that intended purpose was to enable FB's customers to blurt out whatever they choose to whoever they choose wherever they may be it's difficult to see that Safe Harbour could ever have been involved with that.
OTOH if a company based in the EU is shovelling customers' or, worse still, employees'* personal data to the US they have a real problem.
*They might stand a chance of defending a model clause as part of a customer contract but I can't see anybody getting away with making it condition of employment; "constructive dismissal" is the phrase that comes to mind.
"Enforcement against non-compliance with the Safe Harbour court ruling kicks in early next year."
So expect another trip to the ECJ next year if this is the best they can do.
Somebody in another thread mentioned groupthink in connection with TalkTalk. Clearly something similar is happening here if they think there's a way of rebuilding it short of a blinding revelation in the US govt.
"But in the UK class actions don't exist, and the burden of proof will be quite difficult for individuals to claim compensation"
However a host of customers wanting to leave & claiming in the small claims court against any attempt to extract fees could be a different matter.
Would they try to defend? If they tried and failed would they keep trying? If they overlooked one or two and ignored the judgements they might have a procession of bailiffs rolling up to the front door to seize bits & pieces such as the recepionists' PC. If a couple of well presented cases defeated them they could look forward to haemorrhaging customers.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
