The problem with articles like this one is that they tend to under-represent the benefits of static analysis. Products like PVS-Studio are designed to work with C++ and because they have to run in a big compile job, they get run in batch at the end of each day.

This is a problem because (a) C++ is very hard to statically analyse so performance is often poor and (b) the most critical time when you need/want static analysis feedback is when you're actually writing the code itself.

So let me insert a plug here for IntelliJ IDEA by JetBrains. Up until I used this (free, open source) program I didn't really appreciate static analysis. I mean, I appreciated it in a theoretical way, but my experience was that running it tends to generate thousands of spurious warnings that rarely reveal serious bugs. But that was because by the time the analysis got to run it was on code that had long since crashed in production, been debugged, unit tested, etc. So there was little meat left to harvest.

IntelliJ has a thing called the Inspector, which runs constantly in the background on spare CPU cores. It scans for hundreds of different kinds of bugs and when it spots one it highlights the bogus code in yellow, right in the editor. What impressed me most about this is that often the editor can highlight very complex bugs within seconds of you writing them, long before any time has been spent on unit testing or in a debugger. It can do this partly because the languages the inspector supports (things like Java, Kotlin, Scala etc) are much easier to parse and analyse than C++. You don't need to invoke a full blown compiler. Also the use of annotations to give the analysers more information is widespread.

But the best thing about IntelliJ is that when it does find a bug (and it frequently does), you can just press a hotkey and get a menu that lets you either suppress the warning ....... or automatically fix it, right there in the editor! So not only does IntelliJ find brainfarts like writing an if statement that will always yield true, but it can do it in real time and then it can often even fix it for you! This video I recorded a while ago shows a few seconds of this feature in action.

holding someone liable for refusing to take down illegal speech hosted by them is not a free speech violation

That's rather a contradiction in terms, isn't it. Refusing to take down illegal speech is not a free speech violation. How can you have both free speech and illegal speech simultaneously?

I think this case sums up one of the most glaring problems with the ECHR which is obvious the moment you read the document they are interpreting. This list of rights is nothing like the American Bill of Rights. The BoR is quite specific, clear and the rights are fairly tightly defined, arguments about the meaning of "well regulated militias" notwithstanding.

The European equivalent (and I say this as a European) is a complete clusterfuck. It lists many rights that directly contradict each other, with no way to prioritise between them. Every "right" has exceptions. It is written so vaguely that anyone could reach any conclusion at all based on it. The fact that nobody knew about this so-called right to be forgotten before it was "found" in the text by a court ruling is indicative of the deep-rooted problems with the document. It's a design-by-committee wishlist written by people with no strong principles.

For instance Article 2 supposedly grants a right to life. It says governments may not engage in "unlawful killing". Except suppressing insurrections by killing the rebels is explicitly allowed. And lawful executions were also totally OK, meaning of course the entire article disappeared into a puff of contradiction as any execution at all could be considered lawful if the government so wished it. Eventually the absurdity of that one became too much even for the ECHR and there was a "protocol" passed (sort of like an amendment) that barred the death penalty. Of course, this article does not stop ECHR members from going to war either.

Article 4 forbids slavery and forced labour. Unless you're a prisoner. Or it's the draft. Or unless it's a part of your "civic duties".

Article 8 gives the famous right to privacy ...

except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others

In other words you get a right to privacy unless someone deems it inconvenient for almost any purpose. This article is such a joke it may as well not exist.

But article 10 is the best. The First Amendment and it's interpretation by the US Supreme Court is quite clear: freedom of speech and freedom of the press are highly protected. Article 10 in the European equivalent says:

Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. This article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises.

LOL! But it gets worse:

The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.

So freedom of speech can be subject to penalties if they "are necessary in a democratic society" for example "for the protection of morals". Oh yes, exposing state secrets is also included.

What kind of idiots actually write such things? Why say there is a right to freedom of speech and then specifically exempt almost every situation in which someone might actually want to use it?

The ECHR is barely worth the paper it's printed on: a creature of governments that wanted to look good but couldn't find it in themselves to actually trust their own people with basic things, like the ability to say what they think.

The European Court of Human Rights is not actually an EU institution, regardless of the similarities in naming. It's more like a court that countries submit to
voluntarily. I saw quite an interesting presentation about it from some human rights lawyers a year or two ago. Apparently it does some good work, especially in addressing more run-of-the-mill rights violations in former Soviet bloc countries.

Regardless, this is now the second time that some EU court has fucked up extremely basic internet related rulings. First there was the idiotic "right to be forgotten" ruling that makes it effectively impossible for anyone to make a search engine unless they have a vast human army of lawyers and money for lawsuits. Now they want to make websites responsible for everyone who comments on them? Like someone who runs a party should be responsible for anything anyone says whilst there?

It's quite clear that the judges at this place must either be interpreting extremely vague and piss poor laws, or have never used the internet, or both.

At the moment the Tory government in the UK is wanting to pull out of the ECHR, partly because it keeps blocking deportation of various 'undesirables' on the grounds of their right to a family life. They want to replace it with a British-specific bill of human rights. I don't really trust the Tories on this matter, their track record of upholding civil liberties is pretty terrible lately, but every time the ECHR produces a disastrous ruling like this I think - you know, maybe there's something in it.

How about sons outed as gay to their parents by their browsing history being used to target advertisements to the same IP address?

Citation needed. No ad network I know of targets anything by IP address, exactly because they are so often shared.

I know I've also heard of one pregnant girl outed in the same way.

Prove it. Then go ahead and explain why the fix for this is Belgium and not, say, user profiles on the computer in question.

It's not some nebulous thing that should require victim lawsuits before anything is done.

It's extremely nebulous, poorly defined and yes - generally we would hope to see actual victims before punishing someone for a so far quite literally victimless crime.

Straw man - I didn't say financial harm. I said ANY meaningful kind of harm. Embarrassment, family problems, whatever.

There have been a bunch of blowups like this over the years. The worst "harm" that anyone has been able to demonstrate was that some people, somewhere (who are nameless as none of them filed any complaints) might have seen a better targeted advert.

No, not yay for Belgium.

Don't these privacy regulators have anything else to do? Where is their input in the Snowden affair, for example? Suspiciously missing in action.

Here's a good place to start when evaluating the utility of these investigations: a list of people who have been objectively harmed in some way by the alleged action. Can't find anyone who has been harmed by Facebook's actions in an entire countries worth of people? Then maybe that suggests the taxpayer money is better spent elsewhere.

It was all over the British press. The BBC did run it but yes, they showed a great deal more skepticism and quoted other skeptical people. The BBC gets ragged on a lot but I tend to find it's still a lot more obviously neutral than newspapers are.

Oops, I forgot something important.

There is a simple web based IDE that you can use to experiment and learn the language at try.kotlinlang.org. For me it seems there's a layout issue with Chrome right now, but it works fine in Safari.

Is Swift suitable for writing applications for all? If not, developers would be writing for a limited, albeit popular platform, but limited to a certain subset nonetheless.

No, it's Apple specific. However that's OK because there's a language which is much like Swift, except it runs on pretty much every device you might have.

That language is new. It's called Kotlin, and it is from JetBrains, the makers of the highly popular IntelliJ series of IDEs (+ WebStorm, PHPStorm, RubyMine, PyCharm etc).

Kotlin targets the JVM and JavaScript. It interops perfectly with Java. That means code written in it runs on Windows, Mac, Linux and Android. Additionally, via the RoboVM project, JVM bytecode can be compiled to native ARM iOS/OSX binaries. There is no JIT compiler. RoboVM provides bindings to all Objective-C APIs on iOS so you can build native UIs and access all the same functionality as a native app. Programs written this way are on the app store, so Apple is cool with the technique.

Kotlin has a clean, concise syntax and many modern features that match those in Swift. For example it has nullability/optionality integrated with the type system. It has Markdown comments. It has extension functions. It has some support for pattern matching. It has named parameters. It has the ability to define "data classes" that have easy immutability, content equality, hashcodes, serialization etc all in a single line of code. It has type inference and compile-time inlined lambdas, so you can do high performance functional programming with it. It has features to support complex DSLs. It has a full IDE with many built in refactorings, online static analysis, and via the JVM it has high quality CPU/memory profilers and debugging support.

In short, programming with Kotlin is much like programming with Swift, except you have better tools, an IDE at least as strong as Xcode and in my experience stronger, and you can write apps with it that are indistinguishable from native iOS and Android apps.

google really throws a hissy fit when I send email from my home (on a vpn) using imap. mostly they grey list me and time me out. but this anti-vpn concept annoys me. I don't believe it rejects fraud.

It does reject fraud. I know this because I designed the system at Google that is rejecting your logins, back when I worked there. There's a blog post about the system here. Obviously location (actually: geographical coordinates) are not the only thing that is used, it's just a signal that's carefully blended with others.

The main reason location works as a useful anti-fraud signal is that the datasets that hackers are working off are very sparse. Normally only usernames and passwords. So they don't know where in the world you live, meaning that they have to guess. It's almost like a second password. And mostly their guess will be wrong, leading to an ID verification check.

Now if you use VPNs or Tor or whatever that actually move you around the world constantly, then you're in a tiny minority of people that this heuristic doesn't work for. That's not so great. But here's a tip - if you enable 2-step verification on your Google account and then give your IMAP client an "app specific password" you shouldn't see rejected logins anymore, as is documented in the Google support pages. If your IMAP client knows how to use OAuth to log in, that would also work, but most don't.

They didn't just "have" her number, it was on a list of numbers being tapped.

Also, the US admitted it and then said they weren't doing it anymore. That's kind of odd - normally a public admission backed by documentary evidence would be sufficient for a criminal prosecution, no? Certainly it often happens with less (like almost any rape case).

Sounds more like the powers that be didn't want to disturb the intelligence agencies cosy little setup. And let's face it, the BND were not exactly going to co-operate with any investigation.

What if the claim that the files have been decrypted is false?

That's almost certainly the case. The story reeks of propaganda. For instance, the claim that the UK has some kind of large Russian spy network is rather contradicted by the fact that they only recently started recruiting Russian speakers. Pretty hard to get intel from a country where you don't have any staff that speak the language.

The notion that a "cache of documents" was cracked also sounds like nonsense. None of the Snowden documents have dealt with human intelligence ("HUMINT" as they call it). We're being asked to believe that there's hugely detailed info about British spies in what Snowden leaked, yet, no mention of documents from MI6 has been made up until now? Not even alluded to?

And the Russians and Chinese, working independently, both managed to crack this cache ... at the same time?

And none of the spies that were found after this calamitous event were arrested or deported? Not a single one? Even though when Russian spies were found in the USA they were turned into a media circus and then put in front of a judge?

No way. None of the things we're being asked to believe make even a shred of sense. There's a far, far more plausible explanation that does fit the facts: British intelligence was far, far more reliant on SIGINT for insight into Russia and China than they wanted their bosses to believe. MI6, in particular, is stretched to the limit. We know that they routinely cancel surveillance of people they believe might be dangerous jihadis because they don't have the resources to continue. Lacking Russian language speakers, lacking any real motivation to spy on Russia until very recently, you can see how they might have become super reliant on the very fragile techniques used by GCHQ. Now I absolutely do believe that foreign governments became harder to spy on as a result of Snowden, but this terrible disaster that has afflicted UK intelligence is much more likely to be the result of foreign embassies upgrading their VPNs to non-weak Diffie-Hellman, than the result of moving agents who may or may not even exist.

There won't be any evidence offered, because this event is almost certainly a work of fiction. A careful reading of the articles and simply thinking things through will reveal colossal, gaping holes in the story the British government is peddling.

Firstly: we know beyond doubt that this story is at least partly fictional. We know this because the anonymous government sources (i.e. civil service officials) keep contradicting each other. We see for example this quote in the Independent, "However, despite a senior government official was quoted by the paper as saying that Snowden had "blood on his hands", Downing Street confirmed that there was “no evidence of anyone being harmed” as a result of his leaks". Different versions of the same story contradicting each other is a good sign that what we're being fed is a story: things always grow in the telling, especially when we're hearing a third or fourth hand account of what happened. The way US officials contradicted each other in the wake of the bin Laden assassination is a good example of that.

Secondly: this story asks us believe several extraordinary and completely implausible things.

In the UK foreign spying with people is the mandate of MI6, a separate agency to GCHQ, which handles signals intelligence only. It's like the split between the CIA and the NSA. Yet in several years of Snowden reporting there has never been any mention of documents from MI6. There has in fact only been a single mention of MI6 in the GCHQ/NSA documents, and that was a joint presentation about spying on climate change conferences! So the UK government is asking us to believe that journalists like Greenwald (who hates the UK because of the holding of his partner at Heathrow) would have a large cache of documents from an entirely separate agency and yet find nothing newsworthy in them at all ..... indeed, apparently MI6 is so boring that the existence of such documents isn't even worth mentioning? Apparently the UK has never done anything even embarrassing in many years of engaging in foreign HUMINT? That stretches the bounds of credulity beyond breaking point.

But it goes on. We are asked to swallow a second utterly ridiculous idea. Apparently the Russians and Chinese suddenly got access to a wealth of information on British spies, information so detailed it allowed them to be targeted:

The newspaper quoted a senior Home Office source as saying: “Putin didn't give him asylum for nothing. His documents were encrypted but they weren't completely secure and we have now seen our agents and assets being targeted.”

What normally happens when spies are caught? Well, they are normally arrested and tried, or at minimum thrown out of the country. Yet Downing Street is telling us that there was "no evidence of anyone being harmed". In short, we're being asked to believe that Russian and Chinese counter-intelligence suddenly found themselves with information so detailed that it amounts to a brain-dump of MI6, including lists of foreign agents ...... yet they walked away from the biggest gift in counter-intel history with nothing at all. Not a single arrest, not a single trial.

That the KGB and Chinese counter-intelligence are so incompetent defies belief - indeed, it is literally unbelievable.

There's a third totally implausible thing about this story. It asks us to believe that there is a cache of encrypted Snowden documents out there .... somewhere ..... and the Russians/Chinese were both able to obtain this cache, yet they could not obtain the accompanying password. So where did this cache come from? Again, the civil service is asking us to believe something utterly stupid: "Putin didn't give him asylum for nothing" .... in other words, he was given asylum in return for a secret cache of unreadable documents, that Snowden did not have any ability to unlock. What a great deal for Putin! Such a story makes little sense, and is also contradicted by Snowden himself: he said many times he did not take any documents with him. Once they were given to the journalists, that was it. And he clearly sees himself as an American patriot, so such a move would make sense: he knew he must leave America, and he knew if he had the documents he'd be forced to give them up. Solution: leave without the documents.

So if the story we're being fed here is just propaganda, where did it come from?

I strongly suspect that the genesis of this story is some kind of internal report from MI6 or GCHQ that tries to explain a drop in foreign intel performance. The home office official quoted above says only that "they have been targeting our agents and assets". I suspect the story evolved like this:

1) MI6/GCHQ - the quality of our intel has gone down. The Russians/Chinese seem to be harder to spy on than before. We're moving agents around to try and fix things. Possible explanations include a mole inside our operations, improvements in RU/CN counter-intel, or information gleaned from the Snowden leaks.

2) Home office flunky - the quality of our intel has gone down. The Russians/Chinese are using the Snowden documents to stop us from spying on them. We're being forced to move agents around.

3) More senior home office flunky - we've had an intelligence disaster. The RU/CNs have cracked the encryption on the Snowden documents and that forced us to move our agents. We're lucky no-one was killed. Snowden could have had blood on his hands.

4) Home office "official leaker to the press" - there's been a massive intelligence disaster, Snowden has blood on his hands after our enemies cracked the encryption and started targeting our agents and assets, we have been forced to move spies to keep them out of harms way.

With each iteration up the management chain the story grows in the telling. The "cracked the encryption" part is pure Hollywood - nobody who knows anything about encryption or hacking can really believe this story. But it's the sort of thing that'd sound absolutely convincing to a middle aged civil servants with an arts degree whose entire knowledge of spycraft comes from the movies.

Actually, I'll take my speculation a step further - I strongly suspect that in reality MI6 has very few or no agents inside Russia or China and they were almost entirely reliant on GCHQ SIGINT operations for insight there. Partly because their staff are all so busy running around after jihadi's, partly because the people running those agencies know that Russia and China aren't all that dangerous, and partly because pre-Snowden SIGINT was so much more effective. We know this because of this story from the British press in March which quotes the Foreign Secretary as saying:

Making a speech earlier this week, Philip Hammond, the foreign secretary, said Russia’s “aggressive behaviour” posed a significant threat to the UK, adding: “It is no coincidence that all the agencies are recruiting Russian speakers again.”

The lulz! They are so strong! So in March we're being told that Brit intelligence is "recruiting Russian speakers again" and in June we're being told that we have a vast network of spies and assets in Russia that are being "moved" instead of being arrested. Again this whole crap beggars belief. How exactly is MI6 supposed to run a spy network inside Russia if it didn't even bother recruiting Russian speakers until two months ago?

No, the more I think about this, the clearer it gets. This story is garbage.

If you can't beat them, destroy their revenue stream. It's the same reason Google released free online office software to combat Microsoft and why Android is free. It's just good business sense.

That analogy is really poor - Google Apps is only free for personal use. Corporates pay for it. And Android is free because they wanted to help unify the mobile OS space, and knew that doing an open source OS was one way to do that.

With this strategy Apple are trying to destroy the revenue stream not only of Google, but of lots of companies that don't compete with them and have nothing to do with them. In fact advertising is the revenue model of most of the web, ignoring a handful of paywalled newspapers and other services. If this is Apple's way to try and "compete" with Google, then it's a scorched earth policy that says they don't care how many enemies they make along the way. And it's not about making a better or cheaper product, like how Android competes with iOS, it's about using existing market share to quietly interfere with other people's businesses.

This is far closer to Microsoft strategies than Google's. It's only "good business sense" if you've confused legitimate capitalist competition with destroying your competitors via any means possible.

I thought that at first too. But if you read the reports more closely it strongly suggests this is Israeli intelligence, not NSA.

One strong indicator of this is that Kaspersky already found and analysed the current-gen NSA malware platform, they call the NSA the "Equation Group" and the things linking it to the NSA are extremely strong, to the extent that known NSA codenames are found in the binaries. However they also say that they found at least one victim that was hacked by NSA and "Duqu 2" simultaneously. It wouldn't really make sense for the NSA to have two entirely duplicative/redundant malware development projects over such a long period of time.

Additionally, various other things suggest Israeli intelligence, like timestamps and working hours indicative of Israel and the fact that one of the victims was linked to some anniversary of the liberation of Auschwitz.