Forgot your password?
typodupeerror

Comment: Re:This is clearly futile... (Score 2) 183

by IamTheRealMike (#48474139) Attached to: Google Told To Expand Right To Be Forgotten

If there was a public blacklist, then it'd be easy to build a search engine specifically for blocked content that ran outside the EU, and thus the entire scheme would work even less well than it already does.

What the EU court has set in motion here leads, eventually, to either a Great Firewall of Europe, or the EU getting to perform global censorship against everyone. Neither outcome seems plausible, so, what next?

Comment: Re:This is clearly futile... (Score 2) 183

by IamTheRealMike (#48474077) Attached to: Google Told To Expand Right To Be Forgotten

What's going through their mind is this - we are politicians and regulators. We are in charge. If our power is being challenged by a corporation, we need to slap them down as hard as possible, as fast as possible, so we remain the top dogs. We are not concerned with minor technical details that boffins like to witter about: we are the Democratic Representatives of The People and that means we must be obeyed!

The way this stupid "right" will play out was clear from the first moment the ruling was made. Lots of people with things to hide will try and get their misdeeds erased (check). Google will try and keep its results as uncensored as possible (check). EU will get pissed off that circumvention is easy and try to force them to perform global censorship (check). IP address based filtering will be implemented (not yet). Then people in America set up dedicated proxy sites so people in Europe can search uncensored (not yet). Then the EU will get mad and tell Google to drop the results from all search results, everywhere (not quite yet). And then there's going to be a big fucking showdown and we'll learn who needs who more. Or perhaps the UK will beat the EU to it with their parliament's retarded "Facebook should implement Minority Report" policies.

Whatever happens, it's looking more and more like there's going to be a big fight, either over this or spying, or both. Politicians are running scared because they suspect when forced to make the choice, a significant number of their citizens would side with Google/Facebook/WhatsApp/Apple over them .... and if you're a politician, that attacks the core of your power and identity. They won't be able to tolerate that.

Comment: Killer features? (Score 3, Interesting) 85

by IamTheRealMike (#48460087) Attached to: Revisiting Open Source Social Networking Alternatives

Here's the tricky thing about privacy and social networks: Facebook's privacy support is actually pretty good. Whilst people might tell you in the abstract that they want more privacy from Facebook, figuring out what they would change in concrete terms is very hard. For example, they might say "I don't want to see ads" - but given the choice, they don't want to pay for anything either. So this feedback ends up being pretty useless, equivalent to hearing "I want everything and a pony". It's not a basis for a product.

Google learned this one the hard way with Google+. The original way Google+ tried to differentiate itself from Facebook was with circles. The idea is, Facebooks relatively singular notion of "friend" doesn't reflect the way real people work, this means it doesn't respect people's privacy and so people use the product less .... therefore by giving them better tools, they'd win a lot of users. Facebook responded that they'd tried the same thing, it turns out people don't like making lists of friends and controlling their sharing at a fine grained level, so it wouldn't work. And guess what? Facebook were right. Sure, you interview people in focus groups and they say one thing. In reality they might do something else.

So - decentralised open source social networks. Not gonna work. People might sound enthusiastic when you pitch it to them in the abstract, but actually Facebook works fine for them, and the kind of privacy that matters to them (can people see who views their profile?! Can my parents see my drunken party pics?) is already well supported and tuned.

Ultimately what will do off Facebook, eventually, is a change in how people use social networking that for whatever reason they cannot replicate in their main product.

Comment: Re:And this is why... (Score 1) 180

by IamTheRealMike (#48459979) Attached to: Cameron Accuses Internet Companies Of Giving Terrorists Safe Haven

I think you know this but sometimes it's a bit hard to read tone on the internet.

HSBC processed transactions for Iran in Europe, at a time when the USA had not successfully forced Iranian sanctions onto the EU and thus they were entirely legal.

The USA did not like this one bit, because Congress had a 'fuck Iran at any cost' mentality that extended to trying to make US sanctions global. And one way they did that is by prosecuting or threatening to prosecute American employees of international banks for transactions entirely legal in both the source and destination locations. It's just empire, nothing more.

Comment: Re:It's not only SSL/TLS (Score 1) 91

by IamTheRealMike (#48456455) Attached to: Book Review: Bulletproof SSL and TLS

That's not "lack of diligence", that's a fundamental bootstrapping problem. CA's are meant to verify identities. If the identity you are trying to verify is not itself cryptographically verifiable, then the attempt to verify can be tampered with, but the only way to solve that is to use harder to verify identities. Which is what EV certs do, and my own experience of getting one was pretty smooth.

Comment: Re:It's an encryption layer (Score 1) 91

by IamTheRealMike (#48456447) Attached to: Book Review: Bulletproof SSL and TLS

You might think I'm exaggerating, but even major corporations fuck this up all of the time. There is no "just choose sensible defaults and give me a secure socket" call, because if there were someone would complain that it's not secure and shouldn't be used.

Sure there is. Perhaps not in C but what did you expect? Here we go in Java:


HttpsUrlConnection conn = (HttpsUrlConnection) new URL("https://www.google.com/").openConnection();
Certificate[] certs = conn.getServerCertificates();
InputStream stream = conn.getInputStream(); // read stream here ....

That'll do the right thing by default.

SSL is imperfect, but that's because crypto is hard, not because of some fundamental fuckup somewhere and if only we all used the alternative protocols (which?) everything would be peachy.

Comment: Re:Which 6? (Score 1) 107

by IamTheRealMike (#48456407) Attached to: Google Chrome Will Block All NPAPI Plugins By Default In January

Yes, but exploited browser rendering engines have been a large source of infections too. Sandboxing mobile code is just really hard. However the web is indispensable whereas Java applets aren't, so Java is the one that gets thrown out.

I suspect there isn't any way to build support for Java applets that satisfies Google's policies, therefore, they will end up being restricted to other browsers for the small number of people who need them (mostly enterprise apps).

These days the Java sandbox is actually a lot better than it used to be. Last I heard there had been no zero days this year at all. However, the Java update story still sucks, and Sun/Oracle have made Java supremely unpopular on Windows thanks to the crappy update nags and bundled adware. So nobody will be sad to see it go. Java is moving to JRE bundling for distributed apps anyway: I've written one with the new tools and it basically works like a regular desktop app, with a native installer / package on each major platform.

There are never any bugs you haven't found yet.

Working...