A fact that even Google, Facebook, etc. are learning, as they start to encrypt ALL traffic between their datacentres and not just rely on the promise of privacy from governments / ISPs.

This is the natural evolution of the Internet, prompted by such spying and interceptions - being used for nothing more than transporting encrypted packets whose payload cannot be determined to any significant degree. The Internet is fast becoming a darknet of its own.

I know that, for years, I haven't accepted unencrypted communication for FTP, telnet etc. and now it's progressed to the point where Google are pushing people towards using TLS, etc.

Even my SMTP server lets you talk TLS to it if you try. Not everyone who emails me tries, of course, but it will let you do it so my "end" is secure.

I find it ironic that all the wiretapping etc. controversy has achieved is to make it even HARDER to spy on people.

But I have to say, I'm still wary of EC at the moment - being pushed as "the" alternative for a variety of problems such as PFS, etc. - I can't help wondering that while we're looking for the next "trick", it's already been done to us.

Despite the fact that it's a commonly-held belief in the scientific community that, at least in part, we walk because we were shore-based waders, that our brain development was linked heavily with consumption of fish and fish oils, and that there are still entire communities that with the help of a simple tool (a net, or even just a series of wooden stakes in the rivers/oceans), they can capture enough food to sustain themselves indefinitely?

Wanna take down a cow single-handed? Good luck. Seen what a carrot looks like before the modern age of fertilizers and heavy cross-breeding? Want to see the effort involved in turning wheat into something you can actually eat?

Don't talk bollocks.

I think that's pessimistic. That might be how they work NOW but there's no reason that an end-to-end secure cellphone network cannot exist.

Security of the conversation is basically guaranteed using TLS etc. Provide a certificate to your contacts, instead of a phone number. That certificate can encrypt communications to yourself so only you can decrypt them.

The biggest problem is routing, but that's something that can be layered over using the data network facilities and software like Tor.

The problems all along are really metadata related. If your contact is caught, gives up the phone and all his access details, you can be linked to have communicated with him (but with perfect-forward-secrecy, hopefully the contents of those communique will remain secret). Correlation attacks, etc. also exist and would be your biggest attack.

And, at some point, someone is providing the service you use and you're paying them somehow. Total anonymisation is possible, but difficult.

But if your definition of security is "no-one can know what I said to Fred on the phone when I know Fred and I are both in secure (un-eavesdrop-able) locations" then - yes - that can be done. Now. Today. Using existing technologies. I'd be amazed if there were thousands of people doing just that, especially given the sheer existence of things like PGP etc. many decades ago.

Absolute security is possible. And most realisitic definitions of security are more possible. It's really the trade-off between practicality, side-channel attacks (just following you and hearing what you said), and how much technology you want to use.

Physical access to any electronic device is basically an avenue for compromise. You really can't avoid it - at that point, it's no longer a question of "is the device secure?" as "is is STILL secure"... the only factors are how long it's out of your possession and how many obstacles are in the way of compromising it.

Same as anything with computers - physical access to the machine means it's game over. This applies for everything from games consoles to dvd players to phones to DRM schemes to "secure boot".

Physical access is game over. If you're lucky, you've used perfect forward secrecy and implemented it perfectly and know the device is missing and immediately blacklist it from your systems. Anything else (like real-life) is a security hole.

1) If something requires a government subsidy (which is the selling point of every solar installation in my country), then it's haemorrhaging money but someone, somewhere "wants" it to do that. (In the EU, that's normally governments doing it to meet their "green" obligations at whatever cost is cheaper than the "fine" for not doing so).

2) The electricity companies are not under any obligation that I know of to take your electricity. In the same way that you can't just turn on a generator and demand they let you sell the excess electricity back to them, you can't just slap a solar installation on your house and demand they take your excess. Certainly not "for free". Hell, you can be charged £10,000 to run a broadband cable to a town that isn't wired already, so I'm sure the cost of a "one-off" solar installation to feed back to the grid from wherever you are is MUCH more expensive.

3) If they are paying (or, more accurately, being forced to pay) retail price for your spare electricity, it's a con. They should be paying you no more than it costs for them to buy an equivalent amount of electricity to send that same wattage back to your house. Which, en masse, is literally pence. If they're paying you more than that, you have to wonder why, especially when they are private companies run by shareholders. Hint: Green credentials, government subsidies.

4) The cost of taking your crappy, varying pittance of power, cleansing it, transmitting it back to somewhere they can distribute it (even back to the end of your road, and probably on a separate cable to normal), and sending it on to another customer safely basically means that it's probably not worth their effort to even LOOK at it, unless they are forced.

5) Yes, there are countries/states that pay for your solar "overspill". There are countries that will pay YOU to install solar to save YOU money on your bills (does that not just set off alarm bells in your head about their current marketability / profitability?). It doesn't mean that it's anywhere near a sensible thing to do. And even with those subsidies and cost reduction, sometimes the maths STILL doesn't work out - certified electrical installation costs alone can obliterate a year's operational "profit".

Personally, every setup that someone has tried to sell me or my workplaces (private schools with large roofing surface area, large attached land ownership, desire for green credentials, high electrical demands, lots of spare cash, etc.) has been one that WOULD NOT give them profit even with all the incentives in the world.

Entire finance departments have sat and pored over the numbers in every school I work in. And then the one install I've personally seen, when I ask the bursar about it, there's lots of shifty eyes and "Yeah, I know, don't ask" when profitability of it is mentioned. They just aren't ever going to pay back the installation costs, let alone profit from the energy, but they have a pretty meter ticking up a "KWh" number that impresses visitors.

Like the petroleum industry in the US... complaining about your gas prices starting to catch up to the rest of the world. We set them that high to discourage you from using it, because it's a limited resource. We set solar prices to be profitable because we want YOU to buy them so we meet EU and other pollution obligations. But when we have to PAY YOU to make them work profitably, they are just a waste of plastic.

Alienware laptop.

'Nuff said.

As stated below by others, just because it's "dark" doesn't mean it's not just ordinary matter.

It's just that we can't actually see it.

Given the twists and turns of galaxy-sized gravitational pulls, it's hardly surprising that there's stuff out there that we can't directly or indirectly observe (but that we believe has to be out there for other things to look like they do).

The only reason that something is "dark" is because we think it should be there but can't actually find it. Having 95% dark matter/energy just means that we know LESS about the universe than we did before - which is not at all unusual when you've just passed a cusp of understanding.

When we "knew" everything was atoms, we thought we had 100% knowledge. When we split the atom, we then realised that we knew only 1% of what was happening. Then we caught up again to something approaching 100% "understanding". And hit a wall. When we scale that wall, our "understanding" will drop dramatically.

That's what's happened with dark energy/dark matter. Think of it as our ignorance quotient increasing because of the discovery of new evidence. Not as some vast debunking of existing science - that's like saying "atoms don't exist" and abandoning all the working atomic science we already have just because we find out that the atom isn't the complete story, or abandoning all Newtonian physics because of the discovery of quantum physics.

It just doesn't work like that. The best bit of dark matter science is ahead of us. We're in ignorance, looking for the light. Or, in this case, the dark.

Maybe buy an OS that lets you configure some of the basics of where you store things?

Hell, most of my users don't even know where their profiles, documents, favourites, etc. actually end up unless they bother to look into it. And you can set whatever you want to be an SSD and store whatever you want on it.

The biggest thing I hate about MacOS is "we know better, so you don't get the option".

From what I can tell, a mail server has two options when receiving this mail:

Accept it.
Reject it.

The default, with software that doesn't understand this RFC yet (which seems to be... just about everything), is to reject. So trying to use this as an email is not only going to mess up every form you try to fill in online (because they won't see it as an email address either), but quite likely just gets you bouncebacks from everyone you email.

What was needed was surely a system similar to the IDN system for internationalisation, which would allow those with ASCII-only DNS servers etc. to STILL WORK, by converting the Unicode characters to ASCII subsets and then sending the email as normal, through the entire PLANET-worth of working email servers out there that could accept it.

Having a content negotiation option at the SMTP level, that mail servers have to implement and handle specifically, is just ridiculous, and even with GMail's kickstart it could be decades before you can guarantee that your UTF-8 email address will work across the Internet and even then there'll be some old legacy server that will just bounce all your email BECAUSE of that character set in your address. And it will be perfectly legitimate to do so.

However, as others have pointed out, if this goes through, it will be nigh-on impossible to spot phished/faked email addresses, just like it is with IDN links unless you know how to find the original ASCII-encoding of them.

Sorry, but do you live in the real world?

I've seen any number of products use the word "free" when they quite clearly aren't. Free* (Postage & Packing not included). Free to play. Buy one, get one free* (cheapest one only, some products not eligible, etc.). Free phone on our monthly contract.

The problem is not using the word "unlimited" or "free". It's not clarifying what you mean. Technically, an "unlimited" connection would have no upper speed limit either (that's a limit, isn't it?). One person could buy an "unlimited" account and supply the entire world.

It's deceptive business practice to use Unlimited or Free without clarifying what's unlimited or free. And there are advertising laws that say exactly how that has to be done. As a rule, any text larger than 12pt is probably not the complete truth, and anything less than 12pt will explain why.

Sure, it sucks, but "free" was already destroyed many decades ago. Unlimited is just the new free.

In my field, education, it's quite common for the IT guy to be the one with absolute access to more things than anyone else. Nobody else, not even the data-protection officer, or the people on the senior management team, or the people ultimately in charge of the school (the heads and governors) has as much access to information as the IT guy.

Senior-management team files, HR databases, etc. are part and parcel of the job. The web filter logs are generally very revealing and, hence, why I anonymise them by default (Usually squid logs - which only contain source IP addresses, which can only be correlated to a machine using the DHCP logs, which can only be correlated to a user using the Windows event logs on the AD servers - NOT something you can do accidentally, but also allows you to analyse, spot trends and find dodgy things without immediately revealing the source. When I come upon something that worries me, I go to my boss, ask permission to de-anonymise those records, provide them with my results. I've had to do it a couple of times and it turned out to be nothing, but I've also worked with colleagues who've spotted a paedophile on the staff that way and got them prosecuted).

Despite all that data access, tou don't look. It's that simple. If I'm asked to work on a confidential file or database, that's what you do. It's just data. What you see is just numbers and letters and then forgotten. You do not dig. Not only are there alerts and warnings for digging into certain things (and I don't want to KNOW what triggers those alerts or warnings necessarily, but I know that they are in place on the MIS databases, for example - I only trigger them when it's been part of my job to go into that part of the databases), but it's a matter of professionalism.

If I become "exposed" to salary details, or witness protection details (children in schools rarely have as simple a home life as they might at first appear to have), or that some child's father is a Colonel in the Army who's asked for his address details to be maintained private, or whatever... that's what you do. You're not there to suck up data, you just treat it like anything else and move on.

If I suspect illegal activity - there's a lot of activity you CANNOT ignore in a school - I'd go through the proper channels and report it however I'm supposed to. It came up as part of my job, it's not like I was snooping for it.

I *STILL*, fifteen years into my career, look away when I ask people to set their passwords. I don't WANT to know. I want the deniability if someone gets into their account to say "There is no way I could know their password, without triggering a reset of their account, which would lock them out and inform them immediately anyway". My boss keeps trying to tell me his password "to save time". I don't want it. With it, I could - in theory - change my own salary, or modify any amount of details. Chances are it would get picked up eventually but if you were clever enough, you could get away with an awful lot very quickly, or very discretely.

Hence, I don't WANT to know those things. I choose to forget them, unless there is a reason to immediately report them. I suggest you get into the habit of doing the same.

Microsoft Ireland is incorporated in Ireland. Which is in the EU. They are therefore separate companies. And thus a binding agreement on one does not form a binding agreement on the other.

Even if it did, the act of exporting personal data of EU citizens FROM the EU without due EU process is a criminal offence in the EU. Which is where Microsoft Ireland are based. Thus anyone in Ireland that facilities or colludes to make this offence happens will stand before an EU court, for trying to comply with a US courts ruling that DOES NOT apply to them.

Precisely.

I work in independent (private) schools. We have a few "star" pupils who want to be coders. They generally don't become them, not because they're not skilled, or couldn't do it, but because they've never sat down and done it outside of lessons that they waltz through. Following a course by-rote isn't learning.

I also get asked an awful lot (by the younger years) how I type so fast and how they can "learn" to type that fast. Type. For years. Bang, you've learned. This is no shortcut, there is little technique, no amount of learning the home keys will help you type fast. You just have to type, lots, all the time.

Same for coding. You can learn some theory. But to learn to code, you have to code. And with kids it's really easy - pick a game, program it. They know every kind of game, they will rarely fully complete anything approaching a full game before they get bored, disillusioned or just plain hit the limit of their skill level. The way past that point is determination and learning what to do. And that comes by just demanding that you code and discipline yourself.

The true "stars" are the ones that persevere through those problems, solve them and come out the other end with ANYTHING approaching a complete program that isn't entirely trivial. Next time they have a coding problem, they know they just have to work at it to get past it.

There's datacentre-level maintenance but otherwise, yes.

However, where you get rich is not in mining the coins for yourself - have you not seen the "mine your own bitcoins, just $X/month" adverts? You lease that crap out to people hoping to make a fast buck and/or hide their trail somewhat in converting currency to Bitcoins (sure, they bought a Bitcoin server - but which Bitcoin did they actually MINE? - it's quite difficult to trace if the hosting firm is willing to not keep traffic logs).

But then, there are multitude of companies that employ other companies to do things that they could do themselves, and pay for the full cost + that intermediary's profit in order to do so.

And when you have no customers? Well, you're not "losing" much on the business operation and always have a stock of "cash" coming in even with zero customers....

Ah, the American answer-to-everything.... :-)