I remember the days when the highest rated comment on Slashdot would be a nice summary of the salient point of the article with some insightful agreement or disagreement.

Thus spake sexconker, on advertising-supported Slashdot, which he has been reading and posting to for five years.

Well, it wouldn't be the first Sony-signed rootkit...

In practice, a certificate is nothing more than a long password

Fail. A certificate contains a public key. This is nothing like a password. You're thinking of a private key. The whole point of a certificate is that you can prove your identity to someone without sending them your password.

Unlike the password in somebody's head or even on a sticky note behind the monitor, these certificate files can often be stolen remotely!

Double fail. Firstly, nobody actually steals certificates. Certificates are public. When someone says something was signed with a "stolen cert", what they actually mean is "stolen private key the public part of which is contained in a certificate signed by a trusted third party", but that's a mouthful, so we simply and say "stolen cert".

Secondly, private keys can and absolutely should be protected with a password! Or they can be kept in special hardware. However, as you may have noticed, Sony got pwned pretty hard so presumably whatever private key was stolen either had no password, or they were able to just keylog the password when it was used.

These people are a joke.

The joke is on you ..... certificates are not a replacement for passwords and if you think they are, you didn't understand what they're used for.

More news (seems this story is unfolding right now) - apparently the driver did NOT have a prior conviction for rape at all, but in fact had only been arrested due to an accusation. So it seems that the first possibility was the correct one, and there's really nothing that could have been done here (unless you believe anyone should be able to ban anyone else from being a taxi driver for life with nothing more than an accusation).

W.R.T background checks, someone on Twitter has found a photo of a notarised police certificate stating the guy has no criminal record. So either whoever reported he has one is lying, or the police verification process in India is as unreliable as people say it is.

Regardless, I expect it will make little difference in the court of public opinion.

If that is the case, and the guy came up clean but yet still went on to do X, how is Uber any more culpable than a taxi company hiring a cabbie with no record, who subsequently goes out and does X, or a tour company hiring a bus driver with a spotless background, who nonetheless does X?

They aren't. But it seems like there's a new trend in town - when a foreign tech company could potentially have guessed that someone using their service might potentially have done something bad, they're automatically at fault. See: Facebook and Lee Rigby in the UK.

In this case, the logic seems fairly simple - the guy apparently had a prior conviction for rape, thus, should not be allowed to be a taxi driver. If Uber had checked then the rape wouldn't have happened (assuming it did). The problem is the guy's prior conviction was also for raping someone in a taxi cab, so obviously this isn't a solution to all such problems because there's always a first time. Another problem is that I've read India doesn't actually have a national conviction database system, indeed they barely have a coherent national identity scheme at all (I remember reading about programmes to try and introduce biometric identity nationwide to fix this but it's a huge job). Apparently the way you do a background check is walking in to the local police district office and asking. If the crime happened elsewhere, tough luck. For anyone who knows the real situation in India, I'd be interested to know if this is true.

Anyway, even with reliable background checks, you can quickly end up in a situation like the USA where former felons cannot get jobs anywhere (see recent /. story about this problem), and then you get rules like in Europe where former convictions get wiped from the record after a few years to stop that happening, so there are no solutions that make everyone happy.

This is all BS. Apple didn't remove anything - iPods have always supported non-DRM music as well as Apple's Fairplay DRM music just fine. Apple doesn't care what you load on there. What they did care about was Real hacking Fairplay to sell their own DRM versions using Apple's proprietary DRM. Apple fixed their DRM impl and it broke the Real's DRM. That is all that happened.

you think they put in the caps because they dont have enough bandwidth coming from their towers? you, sir, are sadly mistaken. they do it for one reason. PROFIT.

Do you think radio spectrum is an infinite resource?

Mobile networks absolutely have capacity constraints, often very complicated ones that exist in multiple dimensions or vary by region. But that'd be too complicated for people to deal with, so we end up with an approximation of 1 or 2 GB/month. Which by the way is very standard across the developed world. In Switzerland most carriers are also providing this sort of quota and there are several competing, with a new (UPC) just entering the market now. They are all doing roughly the same thing, although I'm sure they could hoover up customers by offering a lot more bandwidth for the same price. For what most users are doing on the move 1G is currently enough and giving everyone lots more quota would simply result in a small number of people doing craploads of torrenting or downloading multi-gigabyte operating system updates over the air instead of over wires.

You can sum up this situation as "PROFIT!!!1!" if you like, but in reality the market is just optimising for resource usage - building more towers and more backhaul and more core routing capacity so a tiny number of users can chew up 10 GB/month instead of 1 GB/month is just not a good use of limited resources.

Still, bandwidth quotas have gone up over time as technology improved. Remember the days when 3G was new? I wrote a J2ME app back then and we counted every last byte.

Not true. They went bankrupt because they sold crappy cars which cost them a fortune in warranty repairs.

I purchased a GM car in 2005. By the time we got rid of it in 2009, it had received the following repair warranties:
2 wheel bearings, 3 steering columns, 2 ECUs, 5 replacement door hinges, 2 brake discs, 2 auto transmissions and 1 door window motor.

In compensation, we were promised a $400 check but we never did receive it and to be honest, I don't care. We don't have the deathtrap anymore.

With all the billable hours that the vehicle spent in the shop, the vehicle must have been a big fat loss. Given how busy they were fixing up other vehicles, ours wasn't a unique case. This is what made GM go bankrupt.

I have never had a vehicle which was so unreliable before or since. As a consequence, I shall never buy another GM vehicle.

If there was a public blacklist, then it'd be easy to build a search engine specifically for blocked content that ran outside the EU, and thus the entire scheme would work even less well than it already does.

What the EU court has set in motion here leads, eventually, to either a Great Firewall of Europe, or the EU getting to perform global censorship against everyone. Neither outcome seems plausible, so, what next?

What's going through their mind is this - we are politicians and regulators. We are in charge. If our power is being challenged by a corporation, we need to slap them down as hard as possible, as fast as possible, so we remain the top dogs. We are not concerned with minor technical details that boffins like to witter about: we are the Democratic Representatives of The People and that means we must be obeyed!

The way this stupid "right" will play out was clear from the first moment the ruling was made. Lots of people with things to hide will try and get their misdeeds erased (check). Google will try and keep its results as uncensored as possible (check). EU will get pissed off that circumvention is easy and try to force them to perform global censorship (check). IP address based filtering will be implemented (not yet). Then people in America set up dedicated proxy sites so people in Europe can search uncensored (not yet). Then the EU will get mad and tell Google to drop the results from all search results, everywhere (not quite yet). And then there's going to be a big fucking showdown and we'll learn who needs who more. Or perhaps the UK will beat the EU to it with their parliament's retarded "Facebook should implement Minority Report" policies.

Whatever happens, it's looking more and more like there's going to be a big fight, either over this or spying, or both. Politicians are running scared because they suspect when forced to make the choice, a significant number of their citizens would side with Google/Facebook/WhatsApp/Apple over them .... and if you're a politician, that attacks the core of your power and identity. They won't be able to tolerate that.

Here's the tricky thing about privacy and social networks: Facebook's privacy support is actually pretty good. Whilst people might tell you in the abstract that they want more privacy from Facebook, figuring out what they would change in concrete terms is very hard. For example, they might say "I don't want to see ads" - but given the choice, they don't want to pay for anything either. So this feedback ends up being pretty useless, equivalent to hearing "I want everything and a pony". It's not a basis for a product.

Google learned this one the hard way with Google+. The original way Google+ tried to differentiate itself from Facebook was with circles. The idea is, Facebooks relatively singular notion of "friend" doesn't reflect the way real people work, this means it doesn't respect people's privacy and so people use the product less .... therefore by giving them better tools, they'd win a lot of users. Facebook responded that they'd tried the same thing, it turns out people don't like making lists of friends and controlling their sharing at a fine grained level, so it wouldn't work. And guess what? Facebook were right. Sure, you interview people in focus groups and they say one thing. In reality they might do something else.

So - decentralised open source social networks. Not gonna work. People might sound enthusiastic when you pitch it to them in the abstract, but actually Facebook works fine for them, and the kind of privacy that matters to them (can people see who views their profile?! Can my parents see my drunken party pics?) is already well supported and tuned.

Ultimately what will do off Facebook, eventually, is a change in how people use social networking that for whatever reason they cannot replicate in their main product.

I think you know this but sometimes it's a bit hard to read tone on the internet.

HSBC processed transactions for Iran in Europe, at a time when the USA had not successfully forced Iranian sanctions onto the EU and thus they were entirely legal.

The USA did not like this one bit, because Congress had a 'fuck Iran at any cost' mentality that extended to trying to make US sanctions global. And one way they did that is by prosecuting or threatening to prosecute American employees of international banks for transactions entirely legal in both the source and destination locations. It's just empire, nothing more.

That's not "lack of diligence", that's a fundamental bootstrapping problem. CA's are meant to verify identities. If the identity you are trying to verify is not itself cryptographically verifiable, then the attempt to verify can be tampered with, but the only way to solve that is to use harder to verify identities. Which is what EV certs do, and my own experience of getting one was pretty smooth.