Forgot your password?
typodupeerror

Comment: Re:CloudFlare is a f.ing nightmare for anonymity (Score 1) 66

by IamTheRealMike (#48027061) Attached to: CloudFlare Announces Free SSL Support For All Customers

Occams Razor says ...... networks like Tor which are incapable of handling abuse by design ...... get a lot of abuse! So not surprisingly networks that have advanced anti-abuse controls in place throttle it a lot. Otherwise you're just asking to get crawled by SQL injector searchers and so on. This is not CloudFlare's problem, it's inherent in how Tor works and what it's trying to achieve. Solving it means finding a way to trade off anonymity against accountability using user reputation systems or the like, but the Tor project has shown little interest in implementing such a thing, so all Tor users get treated as a whole.

Comment: No sensible person ever though it was impossible (Score 2, Informative) 158

by daveschroeder (#48027003) Attached to: Apple Fixes Shellshock In OS X

But even here, again, when you look at a typical OS X desktop system, now many people:

1. Have apache enabled AND exposed to the public internet (i.e., not behind a NAT router, firewall, etc)?

2. Even have apache or any other services enabled at all?

...both of which would be required for this exploit. The answer? Vanishingly small to be almost zero.

So, in the context of OS X, it's yet another theoretical exploit; "theoretical" in the sense that it effects essentially zero conventional OS X desktop users. Could there have been a worm or other attack vector which then exploited the bash vulnerability on OS X? Sure, I suppose. But there wasn't, and it's a moot point since a patch is now available within days of the disclosure.

And people running OS X as web servers exposed to the public internet, with the demise of the standalone Mac OS X Server products as of 10.6, is almost a thing of yesteryear itself.

Nothing has changed since that era: all OSes have always been vulnerable to attacks, both via local and remote by various means, and there have been any number of vulnerabilities that have only impacted UN*X systems, Linux and OS X included, and not Windows, over very many years. So yeah, nothing has changed, and OS X (and iOS) is still a very secure OS, by any definition or viewpoint of the definition of "secure", when viewed alongside Windows (and Android).

Comment: Re:There is no political solution. (Score 5, Insightful) 212

by IamTheRealMike (#47991211) Attached to: Australian Senate Introduces Laws To Allow Total Internet Surveillance

It would be nice if that were the case. Unfortunately it's hard to see how it can be. The technology industry has a poor track record of deploying truly strong end to end privacy protections, partly because the physics of how computers work mean that outsourcing things to big powerful third parties that can be easily subverted is very common. E.g. my mobile phone can search gigabytes of email from the last decade in a split second and rank it by importance, despite having nowhere near enough computing capacity to really do that itself, only because it's relying on the Gmail servers to help it out.

That same phone can receive calls only because the mobile network knows where it is. How do you build a mobile phone that is invulnerable to government monitoring of its location? It doesn't seem technically possible. The only solution is to ensure that anonymous SIM cards are easily obtained and used, but many countries have made those illegal as part of the war on drugs.

This trend towards outsourcing, specialisation and sharing of data to obtain useful features is ideal for governments who can then go ahead and silently obtain access to people's information without those people knowing about it. I do not see it reversing any time soon. The best we're going to achieve in the near term future is encryption of links between devices and datacenters, but this doesn't help when politicians are simply voting themselves the power to go reach in to those datacenters.

Ultimately the only long term solutions here can be political, and I fear we will need a far longer and larger history of abuses to become visible before the majority will really shift on this. The problem is a large age skew. Older people skew heavily authoritarian, if you believe the opinion polls, and are much more likely to support this kind of spying. Perhaps they associate it with the cold war. Perhaps the old adage "a libertarian is a republican who wasn't mugged yet" has some truth to it. Whatever the cause, the 1960's baby boom means that demographically, older people can outvote younger people as a block, and for this reason there aren't really any fiscally conservative, economically trusted AND individual rights-respecting parties in the main English speaking countries. People get to pick between borrow-and-spend socialists with an authoritarian bent, and fiscal conservatives with an authoritarian bent, so surprise surprise we end up with people in power who are authoritarians.

Comment: Probably not (Score 2) 76

by IamTheRealMike (#47962953) Attached to: Researchers Propose a Revocable Identity-Based Encryption Scheme

whether (in light of what's known) default strong encryption for everything is something users should just get whether they like it or not.

There are many unsolved problems for making strong end to end secured communications work. Key management is only one. A bigger and even more complicated problem is that people derive significant benefits from sharing their message contents with big, powerful third parties, for example spam filtering, importance filtering, ability to search 10 years of email from a cheap battery powered device, ability to receive messages when all personal devices are offline, ability to reset passwords if they are forgotten and so on.

To make truly end to end communication ubiquitous you would have to find a way to recreate all these features in the purely decentralised end to end context. Otherwise "giving" e2e crypto to people "whether they like it or not" is a quick way to find an angry mob with pitchforks outside your house. A lot of people care a lot more about those features than (somewhat theoretical) privacy against the NSA.

Comment: Re:The over-65's swung it for No (Score 2) 474

by IamTheRealMike (#47948465) Attached to: Scotland Votes No To Independence

Ouch. I've seen quite a few family breakup analogies, but this is the first time I saw Scotland be the child instead of the spouse.

If we're going analogise a country to a person, actually I'd say it's pretty natural to seek out unions even though they involve giving up some independence. That's why people get married. That's why the EU keeps growing. Even the most perfect couples don't always agree all the time, but they find ways to figure it out because it's better together than apart. Divorces are universally considered a tragedy in our culture exactly because we recognise that unions bring strength: when one partner stumbles, the other is there to help.

Salmond's behaviour with Scotland has been like going to a wife in a working marriage where decisions are taken together and telling her constantly, repeatedly, that she's too good for the man she's with. That her husband treats her unfairly. That she's oppressed by him. That everything wrong in her life is her husbands fault. She didn't get the promotion she wanted? Husband's fault. She doesn't get enough attention? Husband's fault. She can't afford the clothes she wants? Husband's fault. He's just so unfair. How could she not be better off without him? She's strong and pure and good and she needs to break up with this loser.

Oh, the husband objects? He doesn't want a divorce? That's just bullying. He's promising to give her more say? It's just lies. He's asking how she'll pay the rent without him? Scaremongering. Of course you can pay the rent. Sure you may not earn enough to pay all the bills each month and you've both been relying on the credit card, but selling off the family silver will take care of that.

I could go on but you get the idea. The ultimate legacy of Salmond's failed campaign is that a significant chunk of the Scottish population has bought into the idea that they're somehow superior or morally better than the emotionally deformed English, whereas such feelings were not previously widespread. This is a toxic legacy that could take generations to resolve. It will certainly not make anything easier in future.

Comment: Re:Free Willy! (Score 2, Interesting) 474

by IamTheRealMike (#47947199) Attached to: Scotland Votes No To Independence

Most importantly the Parliament Act allows the Commons to force a bill through Lords if it's been sent back twice already, regardless of what the Lords want. Therefore the most the HoL can do is slow things down.

Given this fact it's probably not surprising that nobody cares much about reforming it. It's another check/balance and all it can ultimately do is throw sand in the wheels, it has no real power.

Comment: Re:The over-65's swung it for No (Score 5, Insightful) 474

by IamTheRealMike (#47946305) Attached to: Scotland Votes No To Independence

it's sad that the concept of independence and sovereignty boils down to mere money for some (or most) people.

Why? Scotland is not oppressed, it does not have severe racial/religious/ethnic divides with the rest of the UK. It was not conquered by England. Nobody has family members that have died because of the Union. In fact the Union has been ruled by Scottish PM's twice in recent history.

That makes splitting it out into a new country a largely technical matter of economics and future government policy. It's quite dry stuff. The Yes campaign chose to ignore this and attempted to whip up a notion of Scottish exceptionalism through the constant "fairer better society" rhetoric, but ultimately they lost because when people asked questions about the technical details of why Scotland would be better and whether it'd be worth the cost, they had no answers. Given that the primary impact of independence would be economic, this lack of planning proved fatal.

Comment: Re:The over-65's swung it for No (Score 1) 474

by IamTheRealMike (#47946241) Attached to: Scotland Votes No To Independence

How would that split have worked out in the end? The UK would swing wildly right... Quickly get involved in lots of wars, crack down on "terrorists" etc... Scotland would have swung wildly left, and quickly bankrupted themselves with social programs. Balance is a good thing, even if you're currently getting the short end of the stick.

Just because historically politics has been dominated by two bundled sets of largely unrelated policies doesn't mean it has to be that way.

In a post-independence UK, the rUK would have been temporarily dominated by the Tories until Labour, freed from the need to constantly try and drag their Scottish MPs away from hard-socialist economics, found a new voice for themselves that didn't easily pigeonhole into left vs right. For example they could have campaigned on a platform of fiscal responsibility combined with pacifist policies, pro EU integration and raising taxes specifically for the NHS. That would likely have been an appealing combination even to many existing Tory voters. It'd be difficult for them to take up such policies with credibility because in fact the UK was taken into the Iraq war by Tony Blair, a Scottish Labour PM. And Cameron's similar attempt to go to war in Syria was rejected by a coalition Parliament. But staking out pacifism as a policy seems like such an easy win it's surely only a matter of time until Labour gets a leader with vision again and they try something like this.

With respect to Scotland, I suspect they would have ended up following economic policies closely aligned with that of rUK despite all the rhetoric about building a "fairer society" (means taxing the rich more up there). For one, they already have the power to raise income taxes even without full independence and they haven't actually used it. Actually the SNP's only post-independence tax policy they formally adopted was lowering corporation tax to try and grab businesses from the rUK. There are no socialist parties in Scotland with any real heft, so after the post-independence street parties died down the Scots who all voted to build a "fairer society" would have discovered that the neoliberal consensus is called a consensus because it turns out a lot of people agree with it.

Comment: Re:25%?!? (Score 1) 474

by IamTheRealMike (#47946137) Attached to: Scotland Votes No To Independence

Anybody who wants secession is just bad at economics.

Maybe. But I read that Congress has a lower approval rating than cockroaches. I doubt economics is the only thing they're thinking about. Much like the Scottish case, this 25% is being driven by disdain with Washington politics. And remember, when Salmond got started support for independence was only about 20-25% in Scotland too (maybe a bit higher, I forgot, but it definitely wasn't 50%). So watch out!

Comment: Re:The over-65's swung it for No (Score 4, Insightful) 474

by IamTheRealMike (#47946003) Attached to: Scotland Votes No To Independence

This reminds me the well known Americanism, "reality has a liberal bias".

I followed the BBC's coverage quite carefully and did not see any bias. What I did see is a lot of ardent highly emotional yes supporters interpret the stream of stories about the campaign as being against yes and therefore the authors must be biased. So let's take a look at your link about this "academic study" that claims to scientifically assess the bias of the BBC:

The study found that, overall, there was a greater total number of ‘No statements’ compared to Yes; a tendency for expert advice against independence to be more common; a tendency for reports to begin and end with statements favouring the No campaign; and a very strong pattern of associating the Yes campaign arguments and evidence with the personal wishes of Scottish First Minister Alex Salmond. Taken together, the coverage was considered to be more favourable for the No campaign.

Well fuck me. The evidence of this bias is that "expert advice against independence was more common"? Seriously? Did this guy even think before writing this so-called academic study? Here's another explanation: maybe expert opinion was against independence because it didn't make much sense?

What about "associating the Yes campaign arguments and evidence with the personal wishes of Scottish First Minister Alex Salmond"? The entire independence campaign can be summed up as the personal wish of Alex Salmond. He devoted his entire career to Scottish independence. He led the party that called for it. It has been his project since day one. No surprise that disentangling the arguments and evidence from his personal wishes is so hard, especially because the yes campaign was so lacking in detail and substance.

Last reason to see the BBC as biased, "a greater total number of ‘No statements’ compared to Yes". Well, that doesn't surprise me in the slightest. The entire yes campaign can be summed up as repeating over and over that everything will be better post-yes because Salmond says so and anyone who disagrees is a scaremonger. That was the entire argument for independence. If you're a journalist there's only so many times you can publish this viewpoint as a story before it stops being news. The arguments against independence on the other hand were complex and multi-faceted. There was the currency union issue of course, but also the question of how the EU would react, whether there'd be border controls, how assets would be split up, whether the oil projections were really accurate and then the steady stream of people either with expertise or in highly placed positions coming out against yes. There was lots to write about, new stories every day.

Given that state of affairs, I don't see how the media could possibly have published more articles that were pro-yes than pro-no simply because the yes side had nothing to say.

Also, the over-65's have the shortest time stake in this. plus have had the trappings of gold plated pensions that the generation behind them cannot look forward to. It's a disgusting state of affairs and as a Scot I am embarrassed for my country.

I'm embarrassed for your country too, partly because of absurd arguments like the ones you just deployed - essentially saying that old people can't use the internet and therefore must be stupid and uninformed. Perhaps you should take the next logical step and argue for their disenfranchisement too.

Comment: Re:What's your suggestion for intelligence work? (Score 1) 504

by daveschroeder (#47938235) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

An oversimplification. The US, UK, and allies variously broke many cipher systems throughout WWII. Still the US benefitted from this.

What if the Germans were using, say, Windows, Android phones, SSL, Gmail, Yahoo, and Skype, instead of Enigma machines?

Comment: What's your suggestion for intelligence work? (Score 1) 504

by daveschroeder (#47938053) Attached to: Apple Will No Longer Unlock Most iPhones, iPads For Police

I presume you wouldn't say it was "wrong" of the United States to crack the German and Japanese codes in WWII...

...so when US adversaries (and lets just caveat this by saying people YOU, personally, agree are legitimate US adversaries) don't use their own "codes", but instead share the same systems, networks, services, devices, cloud providers, operating systems, encryption schemes, and so on, that Americans and much of the rest of the world uses, would you suggest that they should be off limits?

This isn't so much a law enforcement question as a question of how to do SIGINT in the modern digital world, but given the above, and given that intelligence requires secrecy in order to be effective, how would you suggest the United States go after legitimate targets? Or should we not be able to, because that power "might" be able to be abused -- as can any/all government powers, by definition?

This simplistic view that the only purpose of the government in a free and democratic society must be to somehow subjugate, spy on, and violate the rights of its citizens is insane, while actual totalitarian and non-free states, to say nothing of myriad terrorist and other groups, press their advantage. And why wouldn't they? The US and its ever-imperfect system of law is not the great villain in the world.

Take a step back and get some perspective. And this is not a rhetorical question: if someone can tell me their solution for how we should be able to target technologies that are fundamentally shared with innocent Americans and foreigners everywhere while still keeping such sources, methods, capabilities, and techniques secret, I'm all ears. And if you believe the second a technology is shared it should become magically off-limits because power might be abused, you are insane -- or, more to the point, you believe you have some moral high ground which, ironically, would actually result in severe disadvantages for the system of free society you would claim to support.

Comment: Re:This isn't scaremongering. (Score 1) 494

by IamTheRealMike (#47929195) Attached to: Scotland's Independence Vote Could Shake Up Industry

Not really. Less than 20% Texans are polled to be in support of secession. That falls in line with the national average of all US citizens who want their states to cede

Well yes but watch out for that. When the independence campaign began in Scotland support for a Yes vote was sitting around 20% (I think?). After many months of campaigning it's reached about 50%.

So don't assume that the status quo in the USA will remain. The big difference is that when independence is not actually on offer, there's no real point to answering yes in the polls. Once it becomes possible and people start legitimately campaigning for it, opinions can change pretty fast.

It's been a business doing pleasure with you.

Working...