The NCA, Mrs May's folly, may well think along those lines. Other agencies, e.g. the real expertise at GCHQ and its like, know better.
94 posts • joined 21 May 2018
Euro police forces infiltrated encrypted phone biz – and now 'criminal' EncroChat users are being rounded up
I may be wrong but my understanding is of encryption when using this device depending upon a dedicated chip. If so, the question arises whether relying upon a pre-configured chip is inherently less secure than when using software running on a generic processor. Among possibilities for insecurity are inclusion of a planned back-door or exploitation of an accidental vulnerability. Either way, an entire batch of devices becomes suspect. Vulnerabilities in solely open source, solely software, implementation of a reliable encryption algorithm can be identified and fixed without need of changing a physical component.
It would appear that both honest and criminal users of this device placed too much faith in the high cost of the service guaranteeing fitness for purpose.
The criminal element might have done better by using throwaway phones for each transaction. By not using potentially dodgy encryption they wouldn't draw attention to themselves. Moreover, open communication using, when feasible, agreed code words/phrases (perhaps decided in advance under encrypted email communication) can be made very secure for many purposes.
Perhaps, law enforcement agencies should offer expensive master-classes for criminals? There again, perhaps not.
Hey, Boeing. Don't celebrate your first post-grounding 737 Max test flight too hard. You just lost another big contract
Boeing in a serious bind?
Despite much deserved criticism of the manner in which Boeing has been operating in recent years (seemingly short-term profit maximisation and senior management perks at expense of all else), Boeing has accumulated immense aeronautical expertise; this embedded in the culture of its cadre of designers, engineers, and technical staff, and perpetuated by proven procedures and ways of doing things established during the course of the company's history. However, reputation is all. A series of (probably) avoidable misfortunes caused reputation to plummet and encouraged people knowledgeable about the industry to delve deeply into the company's current management culture, accounts, expectations, and procedures.
Boeing, similarly to other major defence contractors such as BAE Systems in the UK, has for decades led a charmed existence insulated from harsh realities of conducting business in a competitive market. The USA government has literally chucked money at Boeing and other defence contractors with little concern for detailed audit and considerations of value for money. Doubtless, many individuals in the higher echelons of Boeing and others in politics, government, and federal administration, have done very nicely from this but ultimately at expense of US citizenry.
In principle, largesse for defence manufacture could continue as is. However, Boeing manufacture for civil aviation in global markets looks to be in dire peril.
I suggest the only means of saving intact the intellectual and skill resource represented by Boeing is through the company filing for Chapter 11 insolvency. Placed into administration it would be feasible to dismiss Boeing's entire top management tier, to write-off stockholders, and to reorganise a slimmed down version with clearly defined business goals. Thereby the legacy of skill would be retained whilst abandoning a corrupted management ethos.
University of California San Francisco pays ransomware gang $1.14m as BBC publishes 'dark web negotiations'
Re: So, nothing important was encrypted
I grasp that running servers are always vulnerable to failure and malicious acts must be factored in as a possibility. Thus temporary disruption may not be wholly avoidable. Yet no organisation ought allow itself to be in the position of facing permanent loss of irreplaceable data.
Presumably mechanics of encryption extortion require some time for encryption of large sets of data to be completed (seconds. minutes, or hours?). Also, I assume miscreants must arrange secure deletion of original versions when the task is completed. This leaves the matter of how well backup and mirroring regimens operate.
Although an attack may obfuscate the entire collection of data available to legitimate users at the time it began that should not mean recovery from backup not in continuous connection to affected servers is infeasible. That raises the question of how frequently backing-up ought occur, and how many layers of independent backup ought be retained, in order to minimise irretrievable data loss from point of intrusion after the last backup. Presumably, someone has worked this out? Perhaps the answer varies according to the load on vulnerable servers?
Ransomware crims to sell off 'scandalous' files swiped from Mariah Carey, Nicki Minaj, Puff Daddy's legal eagles
After huffing and puffing for years, US senators unveil law to blow the encryption house down with police backdoors
Extraditable ITAR breaches presumably applied only to US citizens abroad. If so, the USA now is extending extradition reach regarding 'security' to include citizens of other nations with no particular connection (business or personal) to the USA: Julian Assange is glaring example. It doesn't end there because the same principle is applied to threats concerning US so-called 'intellectual property' (IP) hegemony too; a fact Kim Dotcom and his business associates can confirm. Then there is the senior executive of Huawei trapped in Canada awaiting transfer across the border.
Outposts of the USA, particularly 'Five Eyes' nations, comply willingly. Presumably there's something in it personally beneficial to senior politicians in the USA's four partner colonies.
Trade agreements coupled to demands for trading partners to conform to USA lowest common denominator cultural, food, and justice, standards are the closest the USA comes to diplomacy these days: US trade negotiation representatives wear velvet gloves covering iron fists: clout resting with US armed forces; perhaps in the UK Boris Johnson is fearful of US Marines coming up the Thames and grabbing him along with Assange, and other 'undesirables', should not full compliance with US demands be met concerning trade regulations (e.g. chlorinated chicken), draconian measures (not actually permitted in the USA itself under its Constitution) protecting IP, and other matters (Trident and NATO obligations) furthering the American Nightmare.
The only hope for Assange, Dotcom, et al rests with US societal implosion happening sooner rather than later.
Perhaps success depends upon what one seeks to achieve?
Drawing on discussion here it is evident that any particular 'unsuitable media filter' (UMF) technology is unlikely to fit all circumstances: these including age of child, locations/means of their access to the Internet, and range of 'content' deemed 'unsuitable'. Taking the last criterion, the less stringent it is perhaps the greater the prospect of success.
For instance curiosity about and desire to view naked bodies may be hard-wired into children and attempting wholly to thwart it a fool's errand. Maybe some societies have become so uptight and prudish about simple nudity that they fail to draw a line between it and a spectrum of sexual activities ranging from simply procreative/pleasurable through to bizarre and abusive indulgences straddling the line of present day legality. The degree to which children are at risk of emotional damage and of accepting attitudes the mass of the population regards as abhorrent, these arising from either exposure to 'content' they actively seek out or to that to which they inadvertently are exposed, seems likely to depend on a child's age/maturity. Once of school age children cease at all times to be under tight parental control.
A pragmatic response is not to wrap all matters nudity/sexual in one bundle and attempt to forbid access. Similar consideration applies to ideas beyond context of 'sex' which are deemed subversive (e.g. ideologies). Thus enable ready availability of text and images deemed not unsuitable for a particular child's maturity. In other words, from approved sources. Take away implication of 'smut' by openly including 'acceptable' imagery at appropriate points in the formal curriculum and in less formal discussions with teachers wherein it is attempted to place strands of the curriculum and current affairs in context. Younger children could receive protection from exposure to grossly unsuitable materials if the kind of filtering mentioned in this article is implemented.
Older children naturally seek to kick over the traces. Rather than attempting to ban access to everything beyond the most innocent it must suffice to impede access to that deemed by reasonable consensus as disturbing or depraved. Twofold measures ought suffice. Make available selected more explicit 'content' in context of 'sex education' films and of 'raunchy' cinema of the sixties and seventies geared towards the 'mackintosh brigade'. By present day standards "The sweet sins of sexy Susan", "Sexy Susan sins again", "Confessions of a riding mistress" and the contemporaneous German origin "Schulmädchen Reports" must be innocent indeed. The titles are seared in my memory because at one time I used to drive every day past a slightly disreputable cinema upon which the titles were blazoned. I reckoned them as being slightly more risqué versions of the popular "Carry On" series.
A universal adult verification scheme is unnecessary for present legal 'porn' sites. Just demand that each such register with a body supervised by the Home Office, offer proof of having implemented its own watertight arrangements, and institute means whereby non-compliant sites can be quickly blocked with minimal fuss. Admittedly, site blocking is not wholly effective, as the Premier League and the rentier film and recorded music industries know well, yet it offers a tangible obstacle.
Workarounds if device made compulsory?
Tracing depends upon direct very short range radio contact between devices; GPS location is too imprecise as would be tracking by cell phone bases. That being so, the question is how best to disable the device by simple means whilst wearing it yet retaining ability to re-enable it in anticipation of inspection or as necessity for entering a building.
Re: Come ON Blighty!
There is no reason for believing an asymptomatic (specifically not coughing and wheezing) infected person as other than posing trivial risk of infecting other people. Such risk as there is arises from deposition of virus containing body fluid on surfaces e.g. from sweat or after nose picking. Tiny risk of infection is reduced pretty much to zero when susceptible people adhere to hand hygiene recommendations and refrain from unnecessarily touching other people.
To pick up a point arising several times elsewhere, I note the difference between training and education. These need not be wholly exclusive but the latter ought be directed towards understanding principles underlying tools enabling completion of practical tasks.
For instance, academic disciplines (and associated vocational courses) with considerable reliance on using the optical microscope would be remiss if no basic grounding in optical principles, along with their realisation in practice, is provided. Not detailed account of optical theory but sufficient outline to enable efficient use of the instrument (e.g. Kohler illumination) and to recognise optical artefact (e.g. diffraction effects consequent upon excessive reduction of working aperture).
For that purpose it matters not in the least whether the instrument was manufactured by Leica, Zeiss, or Olympus. Employers of people called upon to use optical microscopes would anticipate previous education/training in deploying the instrument but not demand experience in products from a particular maker; it should take little time to acquaint a new employee with instruments that happen to be at hand.
Similarly, office software, design software, and image manipulation software, each entail understanding some fundamental principles before effective and reliable use is attainable. Employers demanding job applicants be signed up members of, say, the Microsoft and Adobe clans are short sighted. Thereby, they may be excluding consideration of superior candidates. After all, expectation is of graduates being quite bright, flexible of thought, generally adaptable, and able rapidly to become acquainted with variants of tools with which they are familiar; properly planned induction of newcomers takes care of this.
Whilst most people would regard Microsoft products (apart from Windows) and Adobe software fit for purpose they are not exclusively so. Clever marketing has made these tools appear essential, this reinforced by near ubiquitous use in education. Instead of allowing themselves to be increasingly tied into particular software vendors, under false impression of being offered a 'good deal', public educational institutions should support a range of open source free software and enable students to grasp that it's a matter of 'horses for courses' regarding specific tasks.
Nothing prevents Microsoft, Adobe, Wolfram, SPSS, etc. providing free of charge copies of their closed source proprietary software to compete alongside freely provided software from other sources; competition would be in terms of functionality, ease of use, adaptability for specified non-mainstream tasks: not on price per se.
Staff and students would discover that price and worthiness for use correlate weakly. Moreover, diversity of tools within an organisation rather than conformity to, say, a particular office suite, encourages convergence of data transfer (e.g. document) protocols.
UK govt publishes contracts granting Amazon, Microsoft, Google and AI firms access to COVID-19 health data
Routinely collected NHS patient data are a great resource for use as starting point for enquiries into factors pertaining to health and into how patients interact with services. For ordinary purposes fully anonymous data suffice; there being no reason why most such ought not be freely (or at transfer cost) available to any individual or group seeking access. Rendering data anonymous is by degree rather than absolute. For instance the ONS produces small area statistics at the finest level after having noise added to the numbers to make it impossible to identify an individual or household with confidence; yet it remaining clear that these data do pertain to a clearly delineated set of individuals.
Data not rendered securely anonymous ought be available for use only in the following circumstances.
(1) By clinicians exploring data sets they compiled for professional purposes (patient records) in order to produce descriptive statistics about their patient population and perhaps identify subgroups to target specific services (e.g. screening).
(2) Bona fide administrators of health service provision but these furnished with only such detail about individual patients/clients as necessary for administrative functions at their level in the organisation.
(3) Research - this within a spectrum encompassing clinical (e.g. specific studies into aetiology) and service management interests (e.g. seeking to understand reasons for 'non-compliance' with requests to accept an invitation to aortic aneurysm screening).
The third category merits considerable attention to confidentiality. Any use, not designated as routine or harmless, of data with identifiable characteristics ought go through independent scrutiny by trustworthy (to health professionals and to the general population) individuals. With respect to clinical research involving making contact with patients (e.g. via questionnaire), and perhaps making demands upon them (e.g. participation in a clinical trial), there is a well established set of geographically local and of nationally based committees charged with scrutinising adherence to ethical and legal principles.
It is inconceivable that under the present regimen of confidentiality and ethics any commercial entity would be permitted directly to approach patients (for legitimate research) or to market products to patients by any means.
In light of the above we need to know in detail answers to the following questions.
(1) Precisely what data are to be sold to commercial entities? Why should not these data be freely available (at distribution cost) to all legitimate research groups and scholars?
(2) How does the government justify extending the shaky notion of 'intellectual property' to communal data?
(3) Shall people in contact with the NHS be granted absolute right permanently to opt out from transfer of information about them beyond the confines of the NHS?
There is so much more that could be said about this dodgy exercise but, suffice to say, it is a natural consequence of entrenched neo-liberal pseudo-intellectual economic doctrine (Hayek was a third rate thinker even within context of the 'dismal science' of economics): everything can be assigned a monetary value and that which seemingly cannot is of no worth.
Privacy activists prep legal challenge against UK plan to keep coronavirus contact-tracing data for two decades
Not suffering fools gladly
I am a septuagenarian. I have absolutely no intention of participating in contact tracing or antigen testing.
My understanding of infectious disease epidemiology far surpasses that of any member of government and that of most of the so-called experts it has called upon for (sometimes self-serving) advice. Whilst some of those consulted have sound credentials in 'science' (at least by present day standards) the impression is of them ploughing narrow furrows.
What sorely is lacking is advice, this either not sought or not heeded, on risk assessment, weighing one risk against another, and balancing consequences of not taking an action against anticipated deleterious results of that action.
What appears on offer is a patchwork of understanding but with nobody capable of sewing the patches into a tapestry and thereby grasping the big picture. The whole sorry process being overlain by tacky political considerations. It is no consolation to be aware that clowns drawn from any other party at Westminster would have been unlikely to fare better though perhaps their leader might have displayed less hubris than Johnson.
We now have a spooked population with many fearful to emerge from their homes. There are cretinous individuals, sadly including some police officers, who worry over outdoor separation, almost to the inch, whilst not understanding the extreme unlikelihood of contracting infection in that setting. Technological solutions to contact tracing and testing for infection are an utter waste of resources and give false reassurance to the nervous.
Meanwhile, the general public, now very confused, is distracted from deploying the one measure which above all slows spread of the virus: hand hygiene. Somehow all the 'experts' failed to consider the relatively low-cost expedient of issuing, free of charge, hand cleansing gel for people to carry on their persons; its mass manufacture is simple and quickly organised by refocusing breweries and distilleries.
Released under the Creative Commons Attribution 4.0 international license.
Contributions to the author's wine and general comfort fund to the Bitcoin address below please.
Pi a great project
The Raspberry Pi reminds me of the BBC Micro (models A and B) of the 80's. They were excellent devices and met their dual purpose of education and general functionality. I acquired a Torch Disk Pack which piggy backed a Z80 on the base 6502. Not only was this combination very capable but also I had hours of amusement using xForth; I set myself the task of decompiling the editor software for which source was not provided and being able to recompile faultlessly thereafter.
Nowadays, the Pi 4 gives good service as host for Kodi connected to a 4K TV.
Laughing UK health secretary launches COVID-19 Test and Trace programme with glitchy website and no phone app
Re: Good and bad
Another factor is that it will encourage neurosis within a population already confused by cock-eyed advice, stern admonitions, and ill-informed police officers.
The sad reality is of few among the general population being capable of assessing individual risks, weighing one risk with another, and factoring in consequences of overreaction. Importantly, people must be made aware that there is no such thing as zero risk for anybody who is not in isolation, and even then it cannot be actually zero.
Worse is this ignorance among supposedly educated government ministers and among some of their chosen advisers, scientists, whose perspective can be very narrow, rather than disease control practitioners who grasp the bigger picture.
Re: Good and bad
I am sure. It is the same for common colds and seasonal 'flu.
Fomites (infection vectors from secretions deposited on surfaces) are overwhelmingly the principal means of transmission other than being in close proximity (when outdoors not the 2 metre silliness) with an infected person who is coughing, sneezing, or wheezing.
The point being, rather than all the current expensive and futile nonsense two pieces of advice ought be reiterated frequently without additional messages causing confusion: hand hygiene and stay indoors if a cough etc. develops until you are certain it is not Covid-19 infection.
A simple measure potentially far more cost-effective than contact tracing is free of charge issuance to everybody of containers of anti-viral hand-gel which can be carried in pockets.
Clowns at play?
Instead of all this nonsense why don't these people do something guaranteed to be helpful? I propose free of charge issuance to every person of pocket containers of anti-viral hand gel. Too simple perhaps?
On a different note, I foresee a great drop in prevalence of head lice among school children now that intimacy is forbidden. Perhaps, that will come to be known as Johnson's greatest contribution to public health.
Re: About ten years ago I predicted
The bullet Microsoft has yet to bite may be complete re-write of its Windows code. Windows 10 requires frequent bug fixes and security updates. These could reflect increasing vulnerability to error consequent upon maintaining the expanding set of code necessary to support 'legacy' applications and ways of doing things.
It is not clear, perhaps others could confirm, that the notion of a Windows kernel bears easy comparison with a Linux kernel. My suspicion is of the core of Windows being less detached from that which runs on it than is the case for Linux. Complexity increases because so many features are integrated within Windows and not optional. Users of Linux who are not developers have many choices available for configuring their system ranging from lean to a near Windows style multi-uses system with 'office' software and recreational uses easily to hand; the sheer range of Linux GUI's exemplifies this but my main point relates to what goes on at deeper levels.
Perhaps MS has a project running in parallel with desktop Windows maintenance and development. If so, this may be based upon the manner in which Linux separates levels of functionality and thereby eases maintenance of software running on the system. In that case, a logical approach might entail adopting the Linux kernel and rebuilding Windows features around it. Perhaps it will mean relegating desktop computing to running a kernel suitable for accessing cloud-based (subscription) software; if the kernel is mainstream Linux then 'power users', these not of major interest to MS at desktop level, would be kept happy too and they could ignore the MS cloud.
In that context, expression of interest in open source software by MS could indicate realisation of future profit lying with added value services rather than with vending a base operating system.
Re: Nothing to do with Linux, all to do with Windows.
In the early days of Linux, when it was distributed as free disks with computer magazines, I experimented with several distributions. It was revelation of things to come and potential nightmare at the same time i.e. fun to play with but not productive for most routine purposes when MS-DOS and Windows software already existed.
My recollection is that absence of device drivers for proprietary equipment retarded progress. Home-brew drivers made by the Linux community rarely fulfilled expectations arising from using the device, e.g. graphics card, under Windows. That problem has almost entirely gone away.
Nowadays it seemingly is game players who resort to Windows because they perceive no other option; for all others it is choice, habit, or availability (e.g. from employer). This puzzles me. Some players spend a small fortune on high end graphics cards yet have to be content with a bloated base system chugging away more slowly than would be enabled by a tuned Linux system.
I presume this is so because makers of games not targeted at specialised consoles believe the Linux-based potential market too small. Now if MS incorporates sufficiently fast and reliable Linux then market rules may change. Players would have the option of running Linux coded games on native Linux devices configured for an edge in speed and also suitable for other uses.
Re: Is there a fly on the Windows?
Indeed, MS is well positioned to check upon all Internet connected Windows devices for unapproved activity and to curtail it. Installing 'security updates' and 'new features' is pretty much compulsory. These easily could be made to scan for copyright infringement, much as when Windows Defender roots out malware, with a fee collected from rights holders'; least controversial would be simply disabling/deleting offending software and files; most controversial would be scanning for user information additional to ISP connection so that holders of rights may initiate civil/criminal action for 'infringement'.
The there is MS's relationship with law enforcement and security services to add to the mix.
That said, I don't grasp what's in it for MS by incorporating Linux.
NHS contact tracing app isn't really anonymous, is riddled with bugs, and is open to abuse. Good thing we're not in the middle of a pandemic, eh?
An end in itself?
Contact recording/tracing 'app' development appears to have taken on life of its own independently of the pandemic.
Various prominent politicians, UK and abroad, seem to have latched onto 'tracing' as if it were a magic bullet. Johnson, the UK PM, stated a couple of weeks back that a 'tracing app' and roll out of mass testing for antigen were his major planks for containing the epidemic. Politicians of the third rank, few others exist, have 'being seen to be doing something', no matter if risible, as automatic response to difficult circumstance; after all, politicians do politics; in stable times political activity - mostly noise - merely tweaks or retards economic activity which runs primarily on autopilot. Few present day politicians do 'leadership': the kind that strives ahead of the pack despite risking a bullet in the back, rather than the sort which follows the pack and claims successes as his own and dismisses failures as resulting from machinations of political rivals. One thing is certain: politicians do not do infectious disease control.
Discussion about 'apps' proposed here and abroad now centres upon details of implementation, persuading people to use them, and concerns over privacy. Muted are voices proclaiming the exercise inherently futile.
Our supposed leaders have learned much from Hollywood disaster movies. They understand there always to be a technological fix which will be provided by a 'scientist'. Plagues have become staple fare for dystopia enthusiasts.
Watch out for reports of zombies being sighted.
UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal
Automated contact tracing for Covid-19 is a fools' errand
Automated contact tracing regarding infection with Covid-19 is yet another fantasy arising from PM Johnson's ill-chosen gaggle of 'scientific advisers'.
Tracing is predicated on the assumption that asymptomatic carriers of Covid-19, some of whom go onto display symptoms, can pass the virus onto others. Apparently there is 'science' making the possibility plausible e.g. suggestion of the virus being present in bodily fluids such as saliva and sweat.
Symptomatic carriers who may cough, sneeze, and wheeze, are unlikely to be out and about. In principle they are recognisable and outdoors pretty much avoidable by sensible distancing (not the ridiculous 2 metres that panders to neurotic and obsessive persons). Theoretically, asymptomatic individuals may deposit infected fluids on surfaces others come into contact with; there is already good guidance issued regarding personal hygiene, particularly hand washing, as excellent protection.
In context of outdoors, fleeting proximity to infected persons has negligible prospect of viral transmission.
Indoors, e.g. shops and public transport, chance of airborne transmission by people already displaying symptoms could be considerable especially when there is poor ventilation or, indeed, recycled air as on aircraft. Yet no practical good arises from notifying people about having been in 'contact' with infected people regardless of whether they displayed symptoms at the time. Such as actually contract infection will remain harmless to others, assuming simple hygiene is maintained, until symptoms emerge; at that point self-isolation, or enforced isolation, becomes desirable.
Automated registration of proximity 'contact' will induce further anxiety among a populace already scared by the false doom scenarios of mainstream media and the even more ignorant tittle tattle on social media; dissemination of inaccurate statistics and silly 'scientific' prognostications by government are icing on the cake of panic.
It seems likely that automated contact screening will result in an overwhelming number of false positives; false in the sense that knowledge of genuine proximity 'contact' can make negligible impact on progress of the epidemic. It may give a false sense of security too by possibly distracting people from truly sensible measures such as hand washing when exposed to objects others will have touched.
People notified of having had 'contact' will be rushing for antibody tests. This testing too is a waste of resources except for giving peace of mind to people (families too) occupationally exposed to infected persons.
The UK manifestation of the pandemic has led to headless chickens running about in Whitehall. Neither the politicians nor many from whom they seek advice appear capable of weighing and prioritising risks, of balancing benefits of measures against adverse short, medium, and long term sequelae from the measures, and of convincing any but the ill-educated mass that they have a clue about what they are doing.
Why should the UK pensions watchdog be able to spy on your internet activities? Same reason as the Environment Agency and many more
Why all the fuss?
Since the time of Elizabeth I, England (later to be embraced by the UK) has possessed apparatus of surveillance. Modern technology merely extends ease and scope. Regardless of whether there is a body of law giving oversight of surveillance, only the naive would imagine anything will impede overzealous and rogue elements of the state from snooping in any manner they desire. These, sometimes sensibly, will believe pragmatism overrides principle.
Similarly, the general population ought adopt a robust view of surveillance being inevitable. Individuals and organisations must use their own initiative to ensure communications remain private. When feasible, technologies permitting blanket protection should be adopted; this on the basis that a handful rather than generality of secure communications draws attention. Content of communications is more easy to obscure than meta-data concerning transmission; nevertheless, some steps are available for making it difficult for meta-data to be attributable to specific users of communication channels.
At the present time neither complete surveillance nor complete protection against it is practicable.
Privacy and 'democracy' are distinctly different concepts. The latter pertains solely to a (deeply flawed) means of aggregate decision taking.
How is Vivaldi funded?
Please would somebody explain Vivaldi's business model?
Visiting the Vivaldi website reveals it having employees on a seemingly co-operative basis. That raises the question of how Vivaldi raises income.
Vivaldi uses a corpus of open source software and produces software of its own. It is unclear whether the entirety of Vivaldi code is open source or otherwise viewable under a more restrictive regimen.
April 2020 and – rest assured – your Windows PC can still be pwned by something so innocuous as an unruly font
Better to be an outlier?
MS Windows dwarfs in terms of usage other operating systems in government, enterprise, education, and household, contexts. Therefore a degree of passive immunity to general, not specifically targeted, attack arises from deploying a less commonly used operating system; this by virtue of criminals and mischief makers' anticipating greater return on their efforts by concentrating on attacking the most prevalent operating system.
Kicking Google might have undesirable consequences
It is tempting to side with French publishers against the Google advertising behemoth. However, that would be short-sighted.
A great strength of the Internet rests upon ease with which information (aka 'content') from divers sources may be collated. Presenting links to sources along with whatever is being quoted/discussed gives proper attribution. It is yet to dawn upon media with web presence that attribution is the only thing they realistically can demand; attribution is a courtesy and protects against accusation of plagiarism.
The Internet makes clear that, despite wishful thinking otherwise, digitally encoded information cannot be 'owned' in the sense (anachronistic) copyright would have it be. A battle for freedom of access is being fought on several fronts. These notably concerning popular culture (film, TV shows, recorded music, and sport) and academic literature. The former entails increasing disobedience motivated by objection to arbitrary restrictions and monopoly-based price-gouging. The latter is a principled stand against the idea of knowledge, and culture more generally, being fenced off with access determined by gatekeepers; victory is certain, this aided by the fact that academic literature and books carry small footprint during transmission consequent upon files sizes being tiny in comparison to those necessary for, say, film.
EU legislation doesn't, and could not, discriminate between major players such as Google and somebody's online 'blog'. Sharing news and other information with links for attribution of source would be stifled should a bevy of lawyers discern profit from going after smaller fry and engage in speculative invoicing. They would have the Internet consist of walled gardens and all transfer/sharing among them monetised. Needless to say, none of that would halt progress towards a sharing ethos or prevent recognition of need for new (actually pre-copyright) non-rentier means for supporting creative activities in absence of a plethora of middlemen. However, it would be an irritant.
Google and many other global enterprises are in need of taking down a few pegs. That is best achieved by nation states collaborating in demanding revenues generated from activities within the states' jurisdictions be openly declared and subject to taxation. Some of the extra tax revenue could be channelled into promoting infrastructure for creative activities. A much better solution than encouraging an elaborate billing system for use of quotation and Internet links.
Internet Archive justifies its vast 'copyright infringing' National Emergency Library of 1.4 million books by pointing out that libraries are closed
A most welcome and perhaps ground breaking move by the Internet Archive
This act of so-called 'infringement' by the Internet Archive may be the trigger for cultural renaissance.
Copyright always has been pernicious, it is inherently so. It controls distribution and treats ideas as commodities. Worse still, in order for it to function it is necessary to restrict creation by others of 'derivative' works. Derivation is catalyst for creation; a fact understood within academia where plagiarism and confabulated data are the only sins; copyright dispute in that arena is primarily confined to distribution supposed 'rights'. For culture more generally, preventing derivation until many decades have passed is akin to stifling thought during the interim. Vibrant culture demands immediate response.
Digital representation of cultural artefacts gives the lie to rentier economics based upon copyright. Pretence is made of vending luxury goods at monopoly protected prices as if they were physical artefacts subjected to scarcity and hence to supply and demand market economics. Being indefinitely reproducible and easily distributable, both at negligible cost, digital sequences have zero monetary worth; this regardless of expense in constructing them.
Copyright law has become an almost impenetrable thicket. Its ramifications are grasped only by specialist lawyers. For that reason alone, copyright is bad law. All law ought be intelligible for those to whom it applies. The digital era reveals it as bad law in another respect too: disobedience is easy, widely prevalent, and legal remedies are becoming near impossible to enforce; in the past, laws ceasing to garner popular support have either gone into abeyance (e.g. witchcraft) or been repealed (e.g. when right to roam open countryside law was introduced). Indeed, demand for right to roam bears close analogy to demands for culture no longer to be kept fenced with admission only by payment of an arbitrarily determined sum to gatekeepers.
As matters stand, genuinely creative people must constantly look over their shoulders lest their efforts infringe someone else's copyright. Opacity of law makes certainty of adhering to copyright righteousness impossible, hence play it unimaginatively but safe.
Prior to copyright, people internally driven to creative acts sought patronage from others. Leonardo da Vinci exemplifies this. As he built reputation so he obtained commissions for bigger projects. He lived off commissions and presumably set aside money for old age. Any notion that he should receive royalty payments when people viewed his works would obviously have been ridiculous. Also, nobody was barred from making copies of his works or derivations with innovations.
Authors of books, I have written some, have no obvious moral entitlement to perpetual income. Books are written to share ideas (this includes fiction) and information. Authors' motivations may differ but each imagines they have something their readers will find amusing, interesting, or informative. Nowadays they easily can self-publish in digital format; they can solicit or buy technical support from other quarters; there is no need of traditional publishers except when paper copy is desired; even in that instance the words easily may be assimilated into digital format should need arise.
Persons seeking to make a living from authorship must persuade others to commission works; completed works belong in the public domain regardless of an author's wishes. Authors, and anyone else, constructing digital artefacts must compete if money is required. Authorship skills, in every genre, are subject to a market for commissions; reputation, just as for Leonardo, brings in steady income for funding the next work. Commissions can take the form of small voluntary donations, a subscription carrying privileges of interaction with the author, and crowd-funding. Additionally, physical artefacts and services subject to scarcity can be offered as added-value products.
No longer is there a place for traditional publishers to act as gatekeepers to publication and gatekeepers to access 'content'. This applies across the board of culture. Would-be authors will succeed on their own merits and draw income pro rata to skill in attracting readers
Fuss about the Internet Archive's initiative arises from cosseted authors and the publishers who take the lion's share of income generated.
This viral pandemic stands good chance of leaving fundamentally different attitudes toward the legitimacy of rentier economics. This not only in regard to ideas but also to rental applied to private and commercial premises.
Who's going to pay for Britain's Aunty Beeb to carry on? Broadband users, broadcaster suggests to government
Saving a much admired institution from commercial exploitation
It is imperative for the BBC to remain free from constraints necessary for keeping advertisers and private owners happy. Also, it should feel only the lightest touch of government oversight.
The BBC has been an obvious target for neo-liberal privatisation for a considerable time. Powerful commercial interests have lobbied for emasculation of the BBC ever since Mrs Thatcher promoted the sterile, now disastrous, neo-liberal idea that the private sector always provides services better than publicly owned facilities. The BBC is regarded as 'unfair competition' by private concerns reliant upon monopoly practices sanctioned by copyright; describing that as disingenuous is to put it mildly.
Present circumstances arising from the (grossly overreacted to) pandemic have destroyed plans by Johnson and his chums to further dismantle the NHS, to castrate the BBC, and insinuate 'monetisation' of everything in sight into popular conception of proper governance. Their revered saint, the late Ayn Rand, must be shedding tears of toxic blood. The pandemic has smashed Mrs Thatcher's dictum of there being no such thing as society; deep interdependence of individuals, institutions, and commercial enterprise is evident to all.
Johnson, as always the opportunist, shall perceive where his best interests lie. They no longer those of his wealthy masters and in hitching the UK's wagon to the USA. Serendipitously, exit from the EU, done for the wrong reasons, turns out greatly to our advantage and to Johnson's. Both the EU and the USA face, for differing reasons, meltdown of core assumptions. One thing is certain, the USA's cocked-up healthcare system is demonstrably not fit for purpose and no exemplar to the rest of the world. It's unlikely informed UK citizens can be persuaded to look with favour on the American way of doing broadcasting and Internet streaming of 'content'. The BBC is a hive of creativity both with respect to 'content' designed to please/inform across the educational and cultural spectrum, and to technological innovation; anyone unclear about the latter need look only at BBC iPlayer and BBC Sounds.
The ultimate irony lies in strong possibility of Johnson, knave though he be, receiving credit for reversing 'Thatcherism' and for incidentally meeting a Labour pledge to take the homeless off the streets.
Zoom's end-to-end encryption isn't actually end-to-end at all. Good thing the PM isn't using it for Cabinet calls. Oh, for f...
Technical ineptitude of political class and its advisers
English government, later the UK, began infatuation with secrecy and surveillance during the reign of Elizabeth I and has taken it to a fine art. There are publicly acknowledged agencies such as GCHQ, MI5, MI6, and the military, with perhaps others lurking in shadows, able to draw upon some of the finest minds in present day communication technology and encryption. Yet, what does the Cabinet Office do when obliged to implement A/V conference calls with transmission of highly sensitive material? It draws upon services from an American company of obscure provenance. One it turns out able to permit US government agencies to listen in.
It would be surprising were there not technologies already in place for secure A/V communication, including possibility of conferencing, among military, security, police, and other agencies charged with protection of UK interests. What means of communication have been arranged for government ministers and regional co-ordinators when dispersed in emergency to second generation post Cold War bunkers and outposts?
It is almost unbelievable that the Cabinet Office would adopt a conferencing system for deployment by ministers and officials located in the UK, indeed most within short distance of Downing Street, that operates through servers under jurisdiction of another nation.
Had contingency demanding highly confidential/secret communication at Cabinet level crossed the minds of those responsible for thinking ahead a secure system would already have been to hand.
In devising such system there need be no call upon private contractors. A small team assembled from agencies containing requisite expertise could have written necessary computer code quickly. No cutting-edge brilliance would be required. It would merely be a matter of putting together existing communications and encryption technologies. Much of the necessary code is sitting within the agencies and anything else might be obtained from open source repositories. The experts' primary task would be testing fitness for purpose of whatever they assembled.
UK enters almost-lockdown: Brits urged to keep calm and carry on – as long as it doesn't involve leaving the house
Not actively treating, but making as comfortable as possible, people with little chance of recovery is not only good use of scarce resource but also kinder to patients and families. Ventilators, if the patient remains semi-conscious, offer an unpleasant transition from life to death. Also, 'saving' lives for its own sake is silly unless account is taken of anticipated length of subsequent survival and quality of life associated with it.
Unfortunately, we now live in an ethos in which many medical professionals take deaths of patients as personal failures. The professionals are technically proficient but ethically deficient: what they might regard as preventing personal failure intrudes on what could be the patient's best interests.
No one-eyed man to rule this kindom of the blind?
Misplaced priorities, ill-considered advice, and petty political concerns (e.g. trade sanctions against Iran and persistent vilification of China) have brought the global economy to its knees and induced exaggerated fears among ordinary folk.
Repeat of 2008/9 was widely predicted. The pandemic is merely a precipitating factor brought into play by panic response to the 'flu; many governments now face economic meltdown and handling what's deemed a public health 'crisis' at the same time. Most governments previously were able barely to cope with 'business as usual'; faced with a two pronged disaster they run around like headless chickens.
Italy faces economic collapse and social disintegration. The EU demonstrably is incapable of organising co-ordinated response. The USA is headed only God knows where. Boris Johnson has taken this as opportunity to brush up his Churchillian rhetoric.
Crying over spilt milk gets one nowhere. However, in this instance revisiting the initial muddled thinking is helpful because it leads to suggestion of how panic mode may now be abated and the painful task of revitalising economies begun (with measures introduced to place markets as servants of populations rather than their masters).
It was clear from the outset that recognisably vulnerable people were at high risk of sequelae from infection, particularly death. By the nature of things, prevalence of vulnerability increases with ascending age group. The age-structure of Italy naturally made it an epicentre for raw numbers of deaths arising but there is no reason yet to believe case-fatality by age group differs much from elsewhere. This 'flu virus clearly is more harmful to some than seasonal 'flu but the fact remains that almost all cases are minor illness. Nevertheless, government responses better match those appropriate for the smallpox outbreaks of distant memory, and some high fatality new plague, than the present circumstance.
The proper initial reaction would have been to encourage and facilitate isolation of known high risk people and suggest that the elderly in general voluntarily stay at home. A couple of billion pounds could, if necessary, have been deployed to make voluntary isolation quick to implement, comfortable, and with minimal risk of exposure; compare that to sums involved in mitigating economic meltdown. Meanwhile the epidemic could have been allowed to run its natural course through the healthy population. There would be minor inconveniences arising from sick people taking days off work. There would be some unexpected deaths among the exposed 'healthy' population - inevitable, sad, but no great disaster when put in context of life's other risks. The more quickly exposure to the virus occurs among the healthy population the less time vulnerable people need spend in isolation.
It remains feasible to institute that scheme and thereby salvage something from the economic wreck.
Good sense dictates simple solutions rather than false hopes reliant upon stocking up on ventilators to be used on people many of whom would nevertheless die and, particularly among the elderly, others emerge for continuing low quality existence. For good reason, pneumonia was at one time called "the old man's friend": the best choice among ways to go.
Released under the Creative Commons Attribution 4.0 international license.
Surge in home working highlights Microsoft licensing issue: If you are not on subscription, working remotely is a premium feature
Oust dogs from mangers
Setting aside the fact that response by the UK government, and some elsewhere, to the viral outbreak has been directed by ill-placed emotion (largely fuelled by MSM), panic (again MSM), and unsound advice (mathematical modellers usurping consolidated experience among public health practitioners and 'hands-on' infectious disease academics), this manufactured 'crisis' must not be permitted to allow consideration of so-called 'intellectual property' (IP) rights get in the way of sensible behaviour.
Governments, those not entirely in thrall to rentier interests, either posses or can concoct legislation enabling suspension (even negation) of IP rights when well-being of the general public merits it. In this instance, governments could prevent IP 'owners' from seeking damages/payment for infringing activities within their legal jurisdictions during the emergency.
Not just Microsoft should thus be dealt with but also a host of others. Patents relating to drugs and health technologies must not stand in the way of preventative measures and remedies. It should be permitted to ignore the egregious copyright attached to academic literature. Also, with large segments of populations confined to their homes it would be prudent to keep them entertained and one helpful measure would be an officially sanctioned blind-eye to copyright infringement relating to film, audio, and TV shows.
Incorrigibly avaricious among IP rentiers would squeal like stuck pigs (porcine analogy being appropriate). The more sensible, both through genuine concern over public well-being and preservation of brand image, would not require prompting by governments.
For instance, in the UK, Premier League matches are immensely popular; fans are charged exorbitant sums either through direct subscription or indirectly via what is in effect a surcharge on the price of beer and on products from 'sponsors' of the League. There are increasing efforts to stamp out unofficial live streaming of matches but success is limited.
Consider the following scenario. The Premier League along with other producers of popular televised sporting products could announce free access to live streams, some perhaps going through unofficial sources like Kodi add-ons, for the duration of the crisis. Matches, tournaments, and athletics competitions, could take place in stadia devoid of live audiences. Similar considerations apply to other manifestations of mass entertainment. A potentially restless population, particularly younger folk and school children (a low risk group foolishly being denied education), could be dissuaded from mischief arising from boredom.
Tears need not be shed for any rentiers (whether of patents or copyright). They would be 'doing their bit', possibly under duress. IP dependent industries accumulate considerable bulk of (porcine) fat; this acquired through monopoly protected price-gouging all along a chain of middlemen from producer to end recipient. Indeed, dissemination of digitally encoded entertainment, and information in general, no longer requires the plethora of intermediaries accumulated during the analogue era. Meanwhile, during the wailing and gnashing of teeth by purveyors of trivial 'content' there are previously solid companies, large and small, facing ruin and many (those without backbench MPs and government minsters in their pockets) unlikely to be bailed-out. Similarly, the pharmaceutical industry whilst promulgating lies about its price gouging being necessary for supporting R&D (basic research mostly takes place elsewhere and generally using public or charitable funding whereas development - testing of medicinal products - is given a hidden subsidy through access to NHS facilities) would benefit from shake-up arising from the current 'crisis'.
We have a government that barely concealed its neo-liberal agenda. Present circumstances, particularly potential economic collapse triggered by inept handling of the epidemic, have forced grudging admission of existence of 'society', this disavowed by the late Mrs Thatcher, and recognition of communal inter-dependence. Remarkably, the USA, adopted home of the late Ayn Rand, may be following suit
Microsoft shooting itself in the foot?
Fully functional Linux embedded within MS Windows presents opportunity for enterprise, public sector, education, and individuals, all currently in thrall to Microsoft, to explore and evaluate alternative non-proprietary software without trauma of full system change with possibly expensive reversion should the outcome be unsatisfactory.
For instance, staff time could be set aside for training/practice in use of alternative software without necessity of leaving their own workstations. If Linux fits the bill then Windows can be abandoned with minimal fuss. Whichever Linux distribution best meets collective needs could be adopted; for corporate entities consideration of cost and quality of external support should be factored in.
There is a collection of Linux graphical user interfaces to chose among and most work with almost every Linux distribution; many offer simplicity and lack of clutter found in Windows; thus transition from the Windows interface to an alternative should flow smoothly when people are already familiar with the new applications they will be using; all they need learn is how to invoke software i.e. where to find the menu and/or task bar.
If you're running Windows, I feel bad for you, son. Microsoft's got 99 problems, better fix each one
Perspective is required
Perhaps El Reg would care to commission from a suitable expert an article with intent to place code vulnerabilities and non-trivial bugs into perspective? The flow of singular (i.e. connections not obvious) reports within technical news media and general news media is hard to assess; one may ask the extent to which it is correcting hitherto ascertainment bias (lack of interest in the topic) and the degree to which it relates a growing problem; in particular there is the matter of whether there are avoidable commonalities underlying these events.
Specific questions to be posed include the following.
1. Has computer science come up with a workable and measurable conception of complexity in computer code? Obviously, sheer length of code is an inadequate measure because interconnectedness of code segments and possible pathways through them ought be taken into account.
2. Has any such measure been established as strongly (putatively causally) correlated with rates of occurrence of errors in released/deployed code?
3. How is the complexity measure influenced by efforts during the decades since digital computing was introduced to wall-off, e.g modularise, sections of code? Are lessons being ignored?
4. Is there a 'Tower of Babel' effect when sections of code in a complicated set of interrelating code-segments/programs are compiled from differing high level languages?
5. Is there insufficient separation between core operating system code and that of applications running on it? Similarly, are applications bundled as part of an operating system (e.g. tasks mediated by the human interface) becoming too interconnected to be of predictable behaviour?
6. Is there too much reliance upon accretions around 'legacy' code with consequent issues of backwards compatibility? For instance, during the past couple of decades coding options for developers and expectations by end-users have grown apace. Moreover, hardware capabilities are increasing rapidly such that 'legacy' code which may have entailed compromises and workarounds for hardware inadequacies now impede reliability and security of newly added code.
7. Are proprietary software vendors through excessive concern for their 'intellectual property' (IP) obstructing progress toward various helpful common standards and use by themselves and others of code known as trustworthy? Might there be a better way of conducting business and protecting rights/attribution? For instance, why must IP be protected at code level rather than just at end-product level? Trademark law offers opportunity for redress when a company passes itself off as another of established reputation. What does it matter if the ABC operating system or office suite DEF (each compiled from source) vended by company of long standing XYZ starts to be distributed by another company ZYX also compiling from source but with possibility of variations and enhancements? Company ZYX would be in the wrong if claiming its version of the software was ABC or DEF: this because software is generally not sold as a one-off but as is part of a brand package which includes customer support and other add-on features. At the high end of the market, e.g. large business and government institutions, proven reliability in support, fixes, and updates, will win against a cheaper identical (but not in name) version of less secure provenance.
It follows that major proprietary software vendors, many of international reputation, place themselves at little risk of sustaining losses outweighing advantages from working under a more liberal regimen. Newcomers, even if drawn from other major software houses, have a long uphill trek establishing themselves as trustworthy and reliable alternatives for products and associated services of long standing. Meanwhile, originators of successful software (plus services) can entice their customer bases with appealing innovations.
In a nutshell, it could be that software reliability overall would be enhanced by combination of coding practices drawn from the best currently known and openness about established code so that attempts to reproduce its functionality with different code in hope of avoiding copyright and patent disputes does not introduce new errors.
Perhaps I misunderstood but ...
Some of the discussion concerns feasibility of governments, commerce, etc., creating in-house encryption technology rather than reliance upon external suppliers. I grasp how such reliance may have been necessary for all but very big players during the early Cold War period but not in its latter days nor now.
Enigma machines were mechanical and, presumably, later variations on the theme were electromechanical. Given expected large traffic flow, pre-WW2 encryption/decryption using cypher clerks with pencil and paper became impracticable, so mechanical aids were introduced. Design and manufacture was both a highly skilled task and very expensive. Recipients of these devices would indeed be unwise to attempt their own modifications to the mechanism, there being risk of a botched job increasing vulnerability rather than improving security.
Gradual post-WW2 introduction of digital computers could not at its early stages easily benefit people engaged in encrypted/obfuscated communication. National agencies in some NATO countries and in the USSR immediately latched onto the new technology as aid to breaking encryption but rarely could deploy it to enhance encryption when messages were transmitted between local 'head office' and remote outposts; early digital computers were expensive, took up a lot of space, were temperamental, and required dedicated technicians to keep them operating: hardly things to be installed in the average embassy and consulate. Similarly, for military communication it may have been feasible to house digital computers on aircraft carriers for secure communication with base but not on aircraft, submarines, or with mobile ground forces.
Only upon advent of minicomputers and especially of what now are known as desktop devices could centres communicate at higher levels of security with peripheries, and could outstations thus communicate amongst themselves.
Software mediated encryption/decoding changed the game utterly. It cannot have been widespread much before the 80's and soon thereafter it became common in commercial settings and eventually for individual users. As someone here mentioned, home-brew encryption algorithms are fraught with dangers unless devised, and evaluated, by highly skilled and experienced people. However, there is little need for this other than in centres like the NSA, GHQ, and equivalents elsewhere. Open source algorithms, most scrutinised by many people outside state agencies, have been available for three decades and more. None such can be declared free of vulnerabilities, these either intrinsic or arising from a range of code-breaking techniques some of which are brute force and others more subtle; as supercomputer technology advances and becomes more cheaply available then so must feasibility of even brute force methods.
Yet, that's not the point. Nobody, professional or amateur, need fiddle with extant algorithms or attempt to make new ones in a hurry. A set of algorithms can easily be assembled to sequentially encrypt/decrypt. Indeed, this nowadays is commonly done. For very secure communication among designated individuals the chosen algorithms and their order of use can be kept private. For general use, openly published combinations offer considerable resistance to brute force attack. Nowadays simple 'consumer' devices are capable of immensely complicated computation with multiple algorithms.
One assumes agencies intent on decrypting private communications (military, diplomatic, commercial, personal, and criminal) have developed elaborate automated means for digging into encrypted communications to gain insight into the techniques used and to best target known means of attack. However, even these tools can be stymied, as we shall see, by very simple means when communication is between designated persons/agencies (e.g. embassies) each in possession of the master template.
What fool would these days use letter substitution? A non-fool might incorporate this obfuscation technique in his sequence of algorithms. What's more letter mappings could be triggered to differ according to some simple circumstance dictated by the message sender and known to the recipient. Incorporating naive obfuscation methods, of which there are many, into sequential encryption makes more difficult the task of code-breakers imagining their opponents to be highly technologically orientated. Another, rather better, simple minded approach entails taking the entire message as a sequence of binary digits and then interleaving the digits according to specified (changeable between messages) rules. Even should the attacker be able to break complicated individual algorithms by subtle means he is obliged to consider need for brute force at unspecified stages in the decryption process; the longer the message (perhaps padded) the greater the force needed. The upshot being of simple obfuscation, not necessarily resource intensive, adding confusion to the mix.
Bada Bing, bada bork: Windows 10 is not happy, and Microsoft's search engine has something to do with it
Microsoft has inertia batting for it
Articles in El Reg cumulatively give the impression of Windows 10 being a botched job in which attempts at fixes and enhancements reveal further shortcomings. By this time almost any other consumer product would have people abandoning it in droves and demanding money back.
Microsoft's strength lies in the grip it has taken on private and corporate computing at desktop level. People and organisations are trapped. They must grin and bear Microsoft's ineptitude. Also its software is licensed (worthless documents anyway) such that attempts to recover money for lost productivity are futile; at least so for individuals and small business. Large concerns, private and public sector, have considerable muscle - even more when acting in concert - to hold Microsoft to account; this to be exercised through unused buying power and/or refusal to pay subscriptions in full rather than via litigation.
They can't collect your bins or fix your roads. They let Google stalk visitors to their websites. Yes, it's UK local government
Worse than I thought
Having read the report compiled by the 'brave' team I was shocked by the extent to which commercial tracking and targeted advertising has ballooned in recent years. What applies to public sector websites must surely become an order of magnitude worse when commercial sites are considered.
For many years I have used Mozilla Firefox together with a set of seemingly reliable tracker, ad, and script blockers, on (Linux) PCs and Android devices. Visually they make visiting websites more tolerable. I was aware of an invisible underbelly of intrusive, possibly malignant, activity associated with sites; it suffices merely to use the NoScript add-on to obtain a list of intruders. Other blockers used in tandem reveal many more. Unknown is the number not trapped in that manner. Blockers and advertising malware creators presumably engage in constant battles.
Problems with social media sites, especially Facebook and Twatter, are well documented. However, not wishing to associate with morons I have no such accounts. Google, particularly on mobile devices, is problematic. It resides at the core of bundled Android systems. To rid oneself entirely of its baleful influence one must root a device and install either the open source Android or something else; rooting is risky because device manufacturers make it difficult to do; also some useful software, e.g. Barclay's Bank account connector, refuses to run on rooted devices for very good security reasons.
Google has released some Android applications it is hard to do without these days (e.g. maps and navigation). The only apparent solution to quandary is to use not-rooted Android on phones and restrict its scope for intrusion so far as the system permits. Given that virtual keypads, and even physical keys, are too small to make typing anything other than brief text messages using Signal frustrating, it follows that for the most part phones are suitable only for passive browsing.
Fortunately, VPN (hosted beyond '5 eyes' easy reach) is quite cheap and there is a reliable Tor application for Android. Even with this and all other mentioned precautions in place there appears to be little room for complacency.
Windows 7 source code shall enter the Commons regardless of Microsoft's wishes
Sooner or later, the entire Windows 7 source code will be published on multiple dark recesses of the Internet and parallel peer to peer nets. That is inevitable because digital sequences (in this instance source code files) cannot be corralled indefinitely. No matter how hard people try to contain sequences published for commercial purposes they succeed only for a short interval, this determined by how keen people are to get their hands on it. Proprietary source code takes longer to leak out than compiled versions but is certain to happen in Microsoft's case.
The sheer size and complexity of Microsoft's development apparatus makes maintaining absolute code security difficult. Moreover, resources available for security are best targeted at software still in production. My understanding is that Windows code is released to a privileged cadre of trusted external developers because it is in Microsoft's interest so to do. There must be numerous copies of Windows 7 code knocking about outside Microsoft, some perhaps 'borrowed' by Microsoft employees. These will range from the earliest Windows 7 versions through to final release.
Unofficial release of Windows 7 code will leave Microsoft with egg on its face: far better to garner credit by showing generosity. Perhaps it will spawn an underground hobbyist movement. It will pose no commercial challenge to Microsoft. Even should recompiled versions with enhancements circulate there will be no observable impact on Microsoft's revenue from routine price-gouging.
Linux Wine developers can do something useful with leaked code. Because of egregious copyright/patent law they will be obliged to include paraphrased Microsoft code in Wine source releases. It seems only fair given that Microsoft is drawing freely upon open source Linux code.
Brave, Google, Microsoft, Mozilla gather together to talk web privacy... and why we all shouldn't get too much of it
In this, as in most matters, society self-stratifies
Populations are not homogeneous. People self-select, or are de facto selected by others, into groups based on defining characteristics. We each 'belong' or have been assigned to many groups; some of these overlap.
The point being introduced is that 'one size fits all' is unconsciously taken as basis for discussion of topics like that discussed here. People who don't or choose not to 'fit' are outliers and may be designated pariahs. In this example, the advertising industry wears a badge of entitlement to pursue its ends and sometimes attempts to portray non-conformers to its economic model as enemies of market-capitalism, free-loaders, and worse.
I recollect seeing report of a prominent figure in advertising declare those who don't obligingly sit through TV commercials to be (paraphrasing) cheats in much the same category as people who steal candy bars. That bears parallel to copyright rentiers bemoaning (alleged) loss of income from people sharing digital sequences rather than pay outrageous prices for the official product. In both instances the rejoinder must be that those complaining ought engage in a spot of introspection over whether features of their mode of doing business are responsible for that about which they complain.
As matters stand, it is a small minority of the population taking active steps (additional to those offered by default in a browser) to protect themselves from advertisement intrusion and from those who would leech their private information. Indeed, the huge bulk of the population happily (seemingly) uses Windows and its bundled browser. Their choice of operating system indicates insensitivity towards opportunities it gives for Microsoft, its "trusted partners", advertisers, state surveillance apparatus, and a host of criminals, to filch information and track activities.
Readers of El Reg are a section of the population possessing technological nous regarding computers and the Internet. There are many more people drawn from the reasonably educated section (say 20%) of the population supposedly capable of making informed choices too. Some, by no means all of these possessing deep computer/Internet expertise, avail themselves of opportunities to protect their sanity by eschewing opportunistic advertisements and taking other steps to preserve privacy from intrusion by commercial and state agencies.
These people are a thorn in the side of aggressive commerce and of state surveillance. They won't go away. So far as commerce is concerned, loss to advertisers is likely trivial given that the target primarily is consumer culture built around acquisition of mass produced fashionable products. On the (likely false) assumption that leaders of industry and commerce don't use blocking technologies, are they bombarded with advertisements for super-yachts, expensive cars, sure-fire investment opportunities, and similar products befitting their incomes? Targeting with that degree of specificity doesn't seem feasible.
China tells America, with a straight face, it will absolutely crack down on hacking and copyright, tech blueprint theft
"IP thefts"? How can one steal that which is intangible and in its 'taking' doesn't deprive its supposed 'owner' of anything?
This sloppy thinking is encouraged by IP rentiers to bolster the false analogy between IP and physical property. Theft has connotations of 'badness' which they hope to carry forward. Yet, in what manner does stealing a chocolate bar from a shop equate to obtaining an 'illicit' copy of a digital sequence?
The only thing holders of 'rights' are deprived of by 'infringement' is capacity effortlessly to draw income (i.e. rent) almost in perpetuity. The age of the digital has exposed rapacious greed backed by legalised monopoly distribution powers. The 'right' to rental from that which inherently lacks scarcity hardly ranks with the conviction behind the 'Ten Commandments' injunction against theft.
Oddly, the notion of copyright sits uneasily with the now mainstream (US/UK) mantra concerning the wonders of economic neo-liberalism. Supposedly free-markets are rendered meaningless when monopoly/monopsony rears. Indeed, the USA has tough antitrust laws and until recently applied them rigorously, for only thus is market-capitalism, as understood by Adam Smith and by Karl Marx, credible. Monopoly over so-called IP has retained charmed existence over the last couple of centuries. That is an inconsistency macho capitalism in the form of neo-liberalism must not tolerate.
Alternative business methods for drawing income from creative activity exist. With respect to digitally encoded culture the Internet offers opportunity for all to seek voluntary support (patronage, crowd-funding, etc.) from would-be admirers. Impressive works build reputation. Reputation enhances credibility of the next work being desirable. Support is offered for the making of works rather than as payment for extant works. A simple pre-copyright mode of business. Of course this cuts out the behemoth rentiers. Their squealing is reaching a crescendo.
Copy-left behind: Permissive MIT, Apache open-source licenses on the up as developers snub GNU's GPL
Angels dancing on the head of a pin?
Discussion of software licensing inhabits a realm once the preserve of theologians. As evinced from the article and the resulting comments, people expend considerable intellectual resource picking through intricacies and consequences of licensing options. Doubtless, within their own terms, many of the points raised are subtle, indeed erudite. Yet, whether this has much lasting bearing on life in the 'real' world, as distinct from a metaphysical construct, is moot. That is the state of play among people obliged to take cognisance of licensing complexities in their daily work. When matters come to a head and require input from lawyers and adjudication by courts the game becomes promoted to the professional league of metaphysics. Whatever criticism may be directed at lawyers it clear that the highest echelon of legal minds is of comparable distinction to similar echelons in other professions, possibly a little sharper with respect to verbal reasoning. These elite players are in, to them, a fascinating, game and rewards more than match those of bone-headed Premier League footballers, this without risk of damaged tendons.
Lower tiers in the legal profession have an important role too. Their advocacy skills ('silver tongues') may often match or beat those of their professional betters but lesser grip on complicated reasoning ensures that constant 'noise' is added to debate over 'intellectual property'. This serves as grist to a productive money generating activity. Adding politicians and lobbyists to the mix ensures ever more complexity and chance of internal contradiction. Consider how infrequently legislators seek simplification (which encompasses restricting reach) as means of plotting a path through accrued complexity rather than repeated attempts to dot every 'i' and cross very 't' which inevitably ratchets up complexity which in turn leads to the next iteration of legislation.
Unlike matters of law such as defining murder, this broadly within the comprehension of ordinary folk, the concept of 'intellectual property' over centuries, with accelerating pace in recent decades, has by virtue of speciousness unrecognised at its inception, spawned increasing numbers of anomalies, contradictions, and restrictions. Culture has been comprehensively fenced in. Worse still, anyone tilling the soil of innovation must keep wary eye lest inadvertently the almost perpetual 'rights' of another are through 'derivation' from their work infringed such that the holder of rights cannot draw full monopoly benefit according to the rules of rentier economy. Just as fenced in countryside was broken into by a movement of 'mass trespass' so shall the domains of parasites upon culture.
It's ironical that the least long-term important component of culture, i.e. 'popular entertainment', is driving culture across the board into the ground: least important but appealing to the most people, most easily fenced-in, and greatest money-spinner. As so often these days, the lowest common denominator drives expectations of the rest.
Copyright legislation and enforcement is chasing its tail in attempts to batten-down glaring anomalies and challenges from technological advance. It spirals ever faster and confidently may be expected to suffer the fate of the oozlum bird.
Released under the Creative Commons Attribution 4.0 international license.
It's a no to ZFS in the Linux kernel from me, says Torvalds, points finger of blame at Oracle licensing
Innovation and 'rights' cannot co-exist
The 'disagreement' reported here is but part of a general escalation of disputation over copyright and patents across the range of cultural output. For instance, consider bitter disputes over interpretation of 'fair use' in materials uploaded to YouTube and similar publishing platforms; think on the recent EU effort to 'protect' supposed 'rights' of commercial online publishers by restricting how others may link to 'content' of the former; also ponder the efforts of bodies like the Premier League wishing to stamp out a black market in streaming which naturally arose in response to the League's restrictive distribution and price-gouging.
The foregoing, and much more too, represent deep malaise such as is retarding cultural advance. The flagship argument offered by holders of 'rights' is based upon supposed need to protect creative individuals'/teams' entitlement to draw money from their efforts; reality is of 'rights' being commodities tradable by owners which most often are conglomerate concerns, these seeking 'rent' at arbitrarily legal-monopoly determined prices - this regarding copyright almost in perpetuity (e.g. creator's life time plus 70 years).
Inimical effects on advance arise from provisions in law preventing unauthorised 'derivation' from works still in copyright. Intent being to protect income streams arising from the work derived from. This restriction is a necessary consequence of the concept of copyright. Exceptions and relaxations (e.g. 'fair use') enshrined in law are impossible to define absolutely and thus have given rise to a plethora of litigation. Persons of creative aptitude must constantly look over their shoulders lest their expression of ideas somehow intrudes on the 'rights' of another, some such persisting for a century and more.
Given that hardly anything, if at all, is created without attachment to cultural context, i.e. that which came before, derivation becomes bedrock for all cultural advance. One area in which derivation is welcomed is presentation of ideas/findings in academic literature. The more that others acknowledge and derive from an academic work the greater becomes the reputation of its author(s). Reputation is the currency of academic success. The second greatest sin in academia (the first being confabulation) is plagiarism. Dispute over activity by Sci-Hub and Lib-Gen focusses on right of distribution rather than ownership of ideas embedded in 'content'. This separation of threads within copyright is helpful for understanding issues in the general application of copyright, notably in popular culture, where the two threads have been intertwined into a single strand.
Current ferment about so-called 'intellectual property' was brought about by introduction of digital encoding for 'content' and by inception of the Internet for mass use. The former incontrovertibly established that the 'message' has separate existence to that of the 'medium' in which it is embedded. For example, printed books and vinyl records are physical media; they are objects tradable according to conventional market-economics because they possess scarcity of supply; not so a digital sequence representing the 'content': it is indefinitely reproducible at full quality for negligible cost; moreover, it can be sent anywhere on the world via the Internet by using simple equipment to be found in most households; supply and demand cannot apply and thus neither can price-discovery (in a market not 'fixed' through monopoly powers). Put thusly, digital sequences carry no intrinsic monetary worth (despite cost of initial production), yet cultural worth, measured on scales to which money-men are not privy, could be immense.
The concept of 'intellectual property' rests on shifting sand. It seeks to protect creative activity but results in stifling it. That suggests a form of reductio ad absurdum. Further suggestion of lack of fitness for purpose is evinced from increasingly complicated, nay impenetrable, law seeking to bolster a time-expired idea. To be borne in mind is law and morality are not coincident circles in a Venn diagram. Their overlap shifts according to general societal diktat. Physical property rights, some nowadays worthy of deep reappraisal, do not carry forward into the falsely analogous rights claimed for 'intellectual property'. Thus, individuals may choose to disobey copyright restrictions with clear conscience. Unfortunately for businesses and agencies objecting to the reach of copyright and patents they remain easy prey to parasitical lawyers.
Copyright and patents exist solely through consent within and between nations. Nation 'A' may decide to block access by nation 'B' to manufactured widgets: the stuff of trade wars and sanctions. Nation 'A' cannot block access to published ideas and those embedded in widgets (patents). Now that 'intellectual property' is established as restrictive, price-gouging, and destructive, 'third world' nations may soon abandon all pretence at obeying copyright and patents (especially for pharmaceuticals). These perhaps soon to be followed by other nations and trading blocks not in thrall to the USA.
Take away copyright and patents, what is left to motivate innovation? The only tradable commodity related to supposed 'intellectual property' is the imagination and skill to produce new cultural artefacts (ranging from pharmaceuticals to recorded caterwauling of a 'pop star'). In that competitive market reputation is all. Reputation can be protected under extant law should one person attempt to impersonate another in order to 'steal' money-making capability. Reputation depends, in part, upon attribution from others when they re-issue, modify, extend, and otherwise derive from an existing work. 'Entitlement to attribution' replaces copyright and patents. It is 'moral' entitlement few would object to and enforceable by people at large, rather than through law, through shunning blatant plagiarists.
Bear in mind, digital sequences have no monetary value. However, individuals/teams producing work others admire can raise funding for further works through voluntary patronage (donation, subscription, crowd-funding, etc.) and sale of associated 'added value' physical products and services; success being predicated upon reputation accrued from previous works; as reputation grows then so might income. People seeking to make livelihood from digitally representable cultural artefacts have no 'right' to do so; they first must gain reputation; also take note that most of the greatest contributions to culture (e.g. in science, mathematics, philosophy, and 'serious' music) were not, nor intended to be, vast money-spinners: present day cultural expectations of revenue generation are distorted by the tawdry rentier economics underlying distribution of popular 'content'.
The Internet places distribution in the hands of creators should they wish. Perhaps they might form distribution co-operatives. Cottage industry supporting roles could arise; these would have no 'rights' over material passing through their hands', they would receive money for services rendered. Collapse of the rentier economy for culture would impact solely upon the behemoth distribution/publishing houses (and upon some talentless caterwaulers manufactured according to the wiles of marketing), these populated by people whose only acquaintance with originality being through 'creative accounting'.
Huge sums of individual and national discretionary disposable incomes will be released upon demise of current middleman distributors. No longer shall it be syphoned off to 'intellectual property' monopoly dependent nations like the USA or to tax havens. Removal of distributor stranglehold (and cynical shaping in cahoots with the advertising industry) on popular culture shall enable many more people to dip toes into producing 'content' and earning respect and inflow of money from admirers. Although bland culture shall continue to have a following, the post-copyright regimen, based upon a truly competitive market, will encourage risk taking e.g. compare the independent film industry and 'content' displayed at film festivals with output from Hollywood.
The above is largely generic. Yet impact upon computer/Internet related enterprise will be immense. Software, both published code and that decompiled/disassembled by users) shall be freely available for use, modification, and extension by anybody under discipline imposed by attribution (more or less as now applied by many open source producers). Monoliths like Microsoft shall go the way of the Dodo to be replaced by numerous cottage industries. Rentier economics shall be superseded by competition among the skilled and without need of the present thick overlay of corporate and conglomerate structure.
Cotton weavers were displaced from their cottages by 18/19th century technological advance; those protesting, i.e. Luddites, were condemned as impeding progress. The tables are now turning. Large aggregates no longer are the best source of impetus for intellectual ferment and innovation (for instance Microsoft is stuck in the rut of Windows and Office). The mantle returns to cottages. Modern Luddites are to be found in computer behemoths, the recorded entertainment industries (plus streaming outfits), and companies like Elsevier living off borrowed time; instead of smashing equipment these seek to prop-up, ever more ineffectually, their defunct business models via buying legislators and imposing increasingly knotted 'intellectual property' law to protect themselves against competition. Gordian knots just beg to be sliced asunder.
Released under the Creative Commons Attribution 4.0 international license.
How do cameras with tiny diameter lenses offer high resolution?
I need a point of reference in order to understand present day digital camera technology: I shall take this to be fine-grain 35mm film emulsion (say ASA 25). How do bog-standard phone/cameras rate in this regard and how much better is the device mentioned here?
A point of puzzlement is how lens systems of tiny diameter collect sufficient light to offer impressive resolution? Cameras used by professional photographers boast lenses of large physical diameter just as did the previous generation of cameras for analogue photography.
I am aware that numerical aperture can be defined as the ratio of focal length to effective lens diameter. Presumably miniaturisation of lenses coupled with tiny focal length enables maintenance of a good working ratio. Even so, there is the matter of how lens aberrations such as chromatic and spherical are corrected in such tiny optical assemblies; in general this entails a combination of lenses.
A pointer to an authoritative source would be welcome.
Re: Is Joepie91 fer real??
That is a very clear exposition leaving nothing to quarrel over. I raise some connected general points.
There likely is no such thing as absolutely assured online anonymity and/or privacy. Also, bear in mind that people doing dodgy dealings (e.g. illicit drugs) using generally pretty secure tools like Tor/Whonix are usually reported caught by traditional investigative techniques rather than computer wizardry. A vulnerability in security occurs at points where the digital world intersects the physical world e.g. drugs must be paid for (even Bitcoin is not wholly anonymous) and delivered (trust a postal service or trust meeting a stranger in a dark alley). People active in discussion fora may become traceable elsewhere through fingerprinting their vocabulary, spelling, grammar, punctuation, sentence construction, linguistic idiosyncrasies, and topics of interest to them. Linkage to physical identity results from painstaking observation of activity by trained human investigators rather than automated processes and encryption cracking derring-do.
Investigation of that nature is resource intensive, not least of which is human operatives, and its use must be well-targeted and have prospect of success. Thus, very serious crime, espionage, terrorism, and suchlike enter the spotlight. Somebody using BitTorrent to download the latest Hollywood offering to culture or via Sci-Hub 'stealing' from Elsevier that which actually is communal shared property has nothing to fear from the likes of GCHQ and the NSA. Attacks upon so-called 'pirates', that is on individuals rather than black market providers of 'content', are sponsored by copyright rentier industries using private sector companies; these are easily deflected.
Thus, online security is a balance between resources invested by individuals/organisations and those invested by legitimate security/crime investigative agencies. It becomes a matter of horses for courses. Simple file sharing, assuming not state secrets or highly criminal 'content', can be undertaken without fear of consequence by using easily obtained tools of which VPN is one. Even should a disreputable VPN provider keep detailed logs and submit to civil action demands for revealing user activities the best that copyright rentiers could achieve would be sending out speculative invoices; even within context of USA jurisdiction it's highly likely evidence of wrongdoing and causation of damage would not suffice for civil litigation.
The report giving rise to comments begs the question of why anyone with even rudimentary nous would opt to pay for Mozilla's within-browser VPN service. Even should it provide a 'secure' channel for all activities on a device it is unnecessary for browsing and with Mozilla being under US jurisdiction potentially a risk. Simple browsing of harmless intent is far more convincingly protected by Tor. Also, although not suited to Torrenting Tor is acceptable for ordinary file download but probably not streaming. Tor is easily installed on mobile devices (e.g. 'app' for Android). The greater the number of people using Tor the more quickly it will become established as a confidential (but not top secret) parallel WWW.