First: switch providers. Do not put up with this behaviour.
The only thing you can do otherwise it use encrypted filesystems for your data (you don't need to encrypt *everything* including the root filesystem, just main data store(s) like/home & any databases & sensitive logs stored elsewhere and temporary storage areas) without storing any trace of the keys on the server or anywhere else accessible by the server. Have the server request (or otherwise wait for) the keys to be provided by you before it will mount the protected filesystems.
The major problem with this arrangement is of course the fact that if the machine does down unexpectedly overnight (power+USP failure, other hardware issues, service provider interference,...) you will either need to be disturbed so you can provide the keys or your services will be offline until you get up and notice the pending key request.
This won't stop them trying to root the machine by rebooting it and accessing the discs from cd-booted linux setup, but it will stop them succeeding unless that can convince you that an outage is a "normal" freak occurance and the server is requesting decryption keys as expected, rather than them hoping you'll provide the keys to their setup so it can ready the encrypted volumes.
But still: move provider. Really. Implement the above (and/or other protections) at your new provider for the sake of paranoia by all means, but definitely don't hang around.
The quote answers the article's own question, or at least give one possible part of the answer.
goes to great pains to deliver the least-skewed results possible
That is the problem they have right there, or at least one of the problems some of the publishers have with Google. The don't want any unhelpful unskewed sources out there. They either want things skewed in their direction or skewed so badly another way that they can gain public support "capital" (or just some common or garden PR fodder) by making an issue of it.
It was similar with 487 maths co-processors and their sockets.
The 486DX has a built-in co-pro, but the 486SX lines "didn't". Well they did, but it was disabled.
Boards would have 486SX (soldered on usually, but not always) and a co-pro sockets which was actually just a normal 486 socket. When you bought a 487 math co-pro unit it was actually a full 486DX - it didn't just take on the extra job like the 387 and 287 chips did, it actually took over from the 486SX chip completely. Overdrive sockets and chips were the same thing: just a standard socket and 486DX with a different label - plug it in and the motherboard turns the other processor off.
What? Other than FX, which hollywood is pretty good at, what exactly does this film show?
That at least one of the barriers to market entry (the cost of producing good FX) is much lower than many people expect. Lower barriers to market entry mean more competition, potentially, which could be good for us lazy consumers either through lowering the cost of our entertainment or, preferably, increasing the variety of it.
Why might it improve variety? Good FX this cheap means there is one less thing standing between some impoverished writer/directer with good ideas and opportunities for him/her to see those ideas brought to fruition without having to involve the big money people who will panel beat the ideas into a lifeless mush designed not to put off any of the lowest common denominator audience by asking them to think and/or feel something they haven't thought/felt many times before from watching the homogenised output the industry is often lambasted for. The FX don't need to be giant robots - if things keep moving this way (and I don't see why they shouldn't) in the near future anyone with the right ideas+talent+time could create a full CGI production (removing set and sound studio expenses and reducing casting issues) of any type, not just SciFi/fantasy.
In short, this guy has achieved something impressive on a very low budget. Given his achievement, even while accepting it isn't perfect by any means, don't you wonder what he and/or other people could do in future with more time+budget?
Every service based business plan that hopes to compete and make a profit is based on a certain amount of over-selling these days. The question is how much to oversell while still m,aintainnig reasonable service 99% of the time (or what-ever you decide your margin is here).
I wouldn't be happy with the in-place updates and lazy writing (http://blog.mongodb.org/post/248614779/fast-updates-with-mongodb-update-in-place) for anything of noticeable importance. Though for some tasks I'm sure the performance boost is worth the potential corruption suseptability this implies.
Is that how JSON took hold? By being easy to parse using eval?
It is also easy to not-bother-parsing - just send it down with wrapper code if you are calling a script or file that returns JS code (var somevar = <JSON_stuff>;).
Potentially as nasty as eval() for exactly the same reasons, so much sanity checking is still required if the JSON you send is coming (entirely or partially) the user or persistent storage like the DB.
It is a handy format for defining whole structures in their initial state in code - it can be much more concise, and easier to read afterwards, then a pile of code creating arrays/objects and setting values/properties.
I assigned all of my "game friends" into their own group and then used Facebooks group security to limit the personal information that they can see.
Does that actually work at the moment? A few months ago myself and a friend had a play with those features and no matter what settings he used I kept being able to see everything I could before we started. Admittedly we didn't report the issues nor have we bothered re-testing (so maybe our experience is just a fluke or a temporary issue at the time).
People of ill repute diong thingfs of ill repute
on
Hackers vs. Phishers
·
· Score: 4, Insightful
People of ill repute do things of ill repute. Even to each other. Is anyone really surprised?
This is no different from a car thief stealing cars from another car thief, aside from it involving the internet (therefore probably making it newly patentable!) and perhaps a matter of scale.
There really isn't any reason that text messaging *must* be implemented over SMS
With modern phones, no. But if a better method came along yesterday the networks would still have to support SMS for years to come. Of course better methods do exist (IM apps over an existing packet data connection) but the networks try to ban those as they compete with SMS which they may much more out of...
Actually, SMS isn't quite that simple. They are (at least on GSM - I don't know for sure about other network types like modern 3G arrangements) sent out-of-band on a low traffic control channel. That is where the "140 7 bit characters" limit comes from", to fit into the maximum packet size used on that channel. You can effectively DoS a cell wrt SMS capability by sending as little as 40 messages per second.
Having said that, many price plans and offers over here offer so many text messages in the package that they are effectively free (even sometimes on PAYG). I'm sure they claw back the missing income by other means though.
Exactly. Even if retooling a bit to make it past the censors would (after accounting for the cost of having an extra version to support if there are problems that need patching and such) increase the profit a bit, the difference is probably much smaller than that gained from free advertising garnered from "standing up to the censors". Also "banned in X countries!" will increase sales to certain demographics, and coincidentally some of these are demographics that an AvP game is likely targeted at.
Sounds to me about as fulfilling one of the South Park episodes where there's this like über-epic battle going on, except they don't actually show the battle, only the kids watching it and saying stuff "this is the best battle ever", "bigger than LotR" and "man, I wish I had a camera". Don't remember which episode that was, but "movies for the blind" can't be much better. Then I'd rather go with audio books, at least they're written with that in mind that people can't actually see the characters and have to imagine it.
Since they are classified as a religion (thanks to infiltration of CoS into the IRS) wouldn't his service be considered 'worship' and 'volunteering'. However it wouldn't surprise me if they actually were actually doing much worse than just killing people.
It wasn't infiltration, though I'm not saying they didn't try that too. They basically said "give us religious status for tax purposes or we'll all misfile out forms and delay payments as long as possible, good luck finding the resources to pursue even a fraction of our members", and the IRS conceded that it would cost less to let them have their way than to try force them to behave.
I've considered similar for when traveling by train. Not necessarily multiple mobile phone connections, but at least one phone and a connection to the train's similarly reliable and very crowded wireless (the train wireless is sometimes noticeably more lethargic than a GPRS link).
The thought is a simple UDP relay/tunnel that can load balance packets over multiple connections (I have a little server out there that would act as the other end-point) and run OpenVPN over that channel for everything else. That way when both are working and able to send+receive packets I get two connections worth of bandwidth and when one stalls (as both often do, but often not at the same times) or grinds down to a speed at which it might as well be stalled/disconnected I might still have connectivity (just a little slower).
This could easily extend to multiple phones too (if I can get the netbook to work properly with two bluetooth adapters and have the phones paired up reliably), to be on different networks (as I pass through some areas my vodafone signal dies but orange still has coverage, and vice versa).
Of course this will add latency, but only a couple of 10s of ms which is small compared to that already found on either mobile phone or train wireless connections, and will result in a speed decrease when only one connection is active+capable due to the VPNs overhead, but it should provide me with a more reliable experience.
Unfortunately I've not found such an UDP relay (or something else that would do the job of muxing the connections to the same effect) though and don't have time to write+test my own right now, but it might be an interesting spare-time project when I next have enough spare time for it (unless someone beats me to it).
To cut a long story short and actually answer your question: if they are donig something not dissimilar to this then they are getting around the multiple gateways issue by defining their own local gateway and remote end-point which are intelligent enough to bond the different routes into a single link.
If he is going to be away and there is no one left at home (or at least no one sufficiently techie) to fix the setup if something goes wrong then the arrangement is stuff, so "a friend's house" is more the way to go.
Though as poor latency is already going to be an issue I recommend a rented VM on a properly hosted server - then the extra latency of a residential connection will not compound the issue. Also, it might mean more than on VM location during the trip if he is traveling far, so at each location latency can be minimised by keeping the other end of the VPN relatively topologically local (within reason, of course, as he'd have to keep the other end of the VPN somewhere he considers safe enough).
Also if using OpenVPN or similar setup both TCP and UDP endpoints - UDP is preferable (TCP wrapped in TCP can cause noticable efficiency issues for some traffic patterns and network issues) but sometimes a TCP OpenVPN connection works better if only because it can get through bad NAT arrangements more easily. Also setup an extra endpoint on port 80 or 433 as well as the standard OpenVPN port in case of firewall issues, just for good measure in case of strict outgoing port use limitations. For extra paranoia/completeness setup a HTTP-to-generic-TCP gateway too, that way you can connect to the VPN through that if everything but port 80 is blocked and the ISP are using DPI to ensure that traffic on port 80 really is HTTP traffic (far from efficient, but maybe better than nothing at all if that is the only option). This may of course all be far too much work depending on how much the security of the information you are sending is if you can't simply avoid sending it until you get back to your home turf or some other location you consider sufficiently secure.
If they are talking about BT Wholesale then maybe the 25K/30K isn't massively far off expected, but I suspect they are talking about BT Broadband - the ISP part of the organisation. Most ADSL providers go through BT Wholesale for access to their exchange equipment and backhauls and officially BT Broadband is just one of those ISPs. BT won't have been monitoring traffic at the exchange/backhaul level, it will have been monitored at the ISP level so they would not see the users of other ISPs like Demon for instance. And an outside monitor would not see the exchange+backhaul part of the network - from a TCP point of view that is all transparent - so they too would not count users on other ISPs networks as being BT based.
I've found facebook chat relatively stable. Then again, I use it via Pidgin more often than not, rather then through FB itself, so maybe the problems you are seeing symptoms of lie in the client end. Try Pidgin's FB plugin )or other IM clients that have one) and see if you have any more luck.
Yes but several large ISPs have numerous resellers, so I still wouldn't expect such a strong skew to one ISP even considering that. Even allowing for resellers, BT's user base is not even close to that high a portion of the overall Internet connected population of the UK (unless you are counting the exchange equipment, but that is a separate matter).
I wonder how they found the 25000 BT users - it seems odd that 25,000 out of 30,000 come from one ISP if they found them by any public means (i.e by joining swarms on public trackers and seeing which IPs are also operating in the swarm).
My guess is that while they were testing Phorm's targeted-advertising-based-on-snooping technology they were also did something very similar to what Virgin are planning (from the earlier story today "CView's deep packet inspection is the same technology that powered Phorm's advertising system" - CView being what Virgin plan to use to inspect P2P traffic).
I occasionally have to send fairly large files (up to about 100MB) to my patent attorney; they are sent by ftp and are always encrypted using pre-arranged keys. There is a legal duty to maintain secrecy of an invention prior to filing a patent application. Having an unknown third party who is likely to read all of one's secret communications would grievously undermine this duty.
They are likely, if they ever did try to monitor encrypted P2P traffic, to try differentiate between your pre-encrypted FTP transfer example and P2P transfers using some sort of "expectation" clause, stating that as their newly found stats from this investigation say ~80% of P2P traffic infringes and ~5% of FTP/ traffic does (warning figures plucked from thin air). Whether this would hold *any* water legally would depend on how much money they have available for throwing at legal teams and politicians.
That is moot though as they couldn't do it anyway (at very least not practically) and the stink generated would cost them so much that winning any such argument by any means simply wouldn't be worth it.
Also in your FTP example: the pre-shared keys, assuming they were shared by means not involving the IPS(s) that are doing the monitoring, would circumvent the MITM scenarios the parent poster mentioned.
A review to me contains two or three things: advertising for the game, some more details about the gameplay that might be missing from the full-page graphic laden ad or TV spot, and possible it might compare the game to relevant reference points (other games, other relevant media, etc.). If I want an opinion beyond those bits of factual information I will look elsewhere - within days of a game being release there will be many opinions out there to pick from. Admittedly you have to assess each as there will be a mix of astro-turfers and particular-company-haters-who-don't-even-know-the-product-they-are-bashing but if you can find a good active discussion or two you can usually get a good gauge of the state of play.
You also have to remember that the person writing the review isn't you. Your opinions may differ greatly when you actually get hold of the game, so try to read the facts upon which the opinion is based more than the opinion itself. Have a look at Zero Punctuation's reviews - if nothing else he rants entertainingly (IMO), and while the reviews are slanted towards the negative (intentionally so) he will mix in what good points he finds. For instance the BioShock review which if you don't pay attention at the beginning (where he lists the games major good points) you'd mistake a "good and very pretty, but not close to the hype" review fro a complete slating. When he does say something nice you know he means it (as being nasty is what gets him his viewers and therefore his paycheck). Of course I disagree with some of his views, because as stated above he is not me - I liked DeadSpace a lot more than he did (the trick being not to expect too much depth in what is essentially an interactive action flick) but didn't much like PainKiller when I tried it on a friends machine (though a lot of that is based on "what it my kind of game" and "what mood I was in" as much as the game itself.
In summary: you are never going to get a true impression of how much you will like a game from any one review or collection of reviews, so stop trying. "Out of 10" and similar scores are even less (far, far, far less) meaningful.
Caveat: I buy at most on or two of major games most years, and sometimes those are last year's games or earlier (which are now at little as 25% original full price) and occasionally pay for a good indie "casual" distraction, so I'm not really the industries key target audience.
If the cookie is specific to their site, then yes the most likely method is that they set it based on referrer (directly from the referrer header in the HTTP request) or, more likely as referrer header is stripped by some proxies and other tweaks, from something in the query string of the request.
If the cookie is not specific to that site, and is instead something relevant to Bing more globally, then it would need to be recorded in cookie value(s) from Bing and somehow relayed to the viewing site by client-side jiggery pokery. Thinking about it, this is not actually likely to be happening as it would be too issue prone and not efficient making my previous assessment of "possible but unlikely" wrong - it should be "possible but *very* unlikely".
Slashdot Mirror
First: switch providers. Do not put up with this behaviour.
The only thing you can do otherwise it use encrypted filesystems for your data (you don't need to encrypt *everything* including the root filesystem, just main data store(s) like /home & any databases & sensitive logs stored elsewhere and temporary storage areas) without storing any trace of the keys on the server or anywhere else accessible by the server. Have the server request (or otherwise wait for) the keys to be provided by you before it will mount the protected filesystems.
The major problem with this arrangement is of course the fact that if the machine does down unexpectedly overnight (power+USP failure, other hardware issues, service provider interference, ...) you will either need to be disturbed so you can provide the keys or your services will be offline until you get up and notice the pending key request.
This won't stop them trying to root the machine by rebooting it and accessing the discs from cd-booted linux setup, but it will stop them succeeding unless that can convince you that an outage is a "normal" freak occurance and the server is requesting decryption keys as expected, rather than them hoping you'll provide the keys to their setup so it can ready the encrypted volumes.
But still: move provider. Really. Implement the above (and/or other protections) at your new provider for the sake of paranoia by all means, but definitely don't hang around.
goes to great pains to deliver the least-skewed results possible
That is the problem they have right there, or at least one of the problems some of the publishers have with Google. The don't want any unhelpful unskewed sources out there. They either want things skewed in their direction or skewed so badly another way that they can gain public support "capital" (or just some common or garden PR fodder) by making an issue of it.
It was similar with 487 maths co-processors and their sockets.
The 486DX has a built-in co-pro, but the 486SX lines "didn't". Well they did, but it was disabled.
Boards would have 486SX (soldered on usually, but not always) and a co-pro sockets which was actually just a normal 486 socket. When you bought a 487 math co-pro unit it was actually a full 486DX - it didn't just take on the extra job like the 387 and 287 chips did, it actually took over from the 486SX chip completely. Overdrive sockets and chips were the same thing: just a standard socket and 486DX with a different label - plug it in and the motherboard turns the other processor off.
What? Other than FX, which hollywood is pretty good at, what exactly does this film show?
That at least one of the barriers to market entry (the cost of producing good FX) is much lower than many people expect. Lower barriers to market entry mean more competition, potentially, which could be good for us lazy consumers either through lowering the cost of our entertainment or, preferably, increasing the variety of it.
Why might it improve variety? Good FX this cheap means there is one less thing standing between some impoverished writer/directer with good ideas and opportunities for him/her to see those ideas brought to fruition without having to involve the big money people who will panel beat the ideas into a lifeless mush designed not to put off any of the lowest common denominator audience by asking them to think and/or feel something they haven't thought/felt many times before from watching the homogenised output the industry is often lambasted for. The FX don't need to be giant robots - if things keep moving this way (and I don't see why they shouldn't) in the near future anyone with the right ideas+talent+time could create a full CGI production (removing set and sound studio expenses and reducing casting issues) of any type, not just SciFi/fantasy.
In short, this guy has achieved something impressive on a very low budget. Given his achievement, even while accepting it isn't perfect by any means, don't you wonder what he and/or other people could do in future with more time+budget?
You don't oversell your capacity
Every service based business plan that hopes to compete and make a profit is based on a certain amount of over-selling these days. The question is how much to oversell while still m,aintainnig reasonable service 99% of the time (or what-ever you decide your margin is here).
You don't even need to RTFA - it is in the summary. Miza is a binary of binaries and Alcor is a binary. (2+2)+2=6. So you would not guess correctly.
I wouldn't be happy with the in-place updates and lazy writing (http://blog.mongodb.org/post/248614779/fast-updates-with-mongodb-update-in-place) for anything of noticeable importance. Though for some tasks I'm sure the performance boost is worth the potential corruption suseptability this implies.
Is that how JSON took hold? By being easy to parse using eval?
It is also easy to not-bother-parsing - just send it down with wrapper code if you are calling a script or file that returns JS code (var somevar = <JSON_stuff>;).
Potentially as nasty as eval() for exactly the same reasons, so much sanity checking is still required if the JSON you send is coming (entirely or partially) the user or persistent storage like the DB.
It is a handy format for defining whole structures in their initial state in code - it can be much more concise, and easier to read afterwards, then a pile of code creating arrays/objects and setting values/properties.
I assigned all of my "game friends" into their own group and then used Facebooks group security to limit the personal information that they can see.
Does that actually work at the moment? A few months ago myself and a friend had a play with those features and no matter what settings he used I kept being able to see everything I could before we started. Admittedly we didn't report the issues nor have we bothered re-testing (so maybe our experience is just a fluke or a temporary issue at the time).
People of ill repute do things of ill repute. Even to each other. Is anyone really surprised?
This is no different from a car thief stealing cars from another car thief, aside from it involving the internet (therefore probably making it newly patentable!) and perhaps a matter of scale.
There really isn't any reason that text messaging *must* be implemented over SMS
With modern phones, no. But if a better method came along yesterday the networks would still have to support SMS for years to come. Of course better methods do exist (IM apps over an existing packet data connection) but the networks try to ban those as they compete with SMS which they may much more out of...
Actually, SMS isn't quite that simple. They are (at least on GSM - I don't know for sure about other network types like modern 3G arrangements) sent out-of-band on a low traffic control channel. That is where the "140 7 bit characters" limit comes from", to fit into the maximum packet size used on that channel. You can effectively DoS a cell wrt SMS capability by sending as little as 40 messages per second.
Having said that, many price plans and offers over here offer so many text messages in the package that they are effectively free (even sometimes on PAYG). I'm sure they claw back the missing income by other means though.
Exactly. Even if retooling a bit to make it past the censors would (after accounting for the cost of having an extra version to support if there are problems that need patching and such) increase the profit a bit, the difference is probably much smaller than that gained from free advertising garnered from "standing up to the censors". Also "banned in X countries!" will increase sales to certain demographics, and coincidentally some of these are demographics that an AvP game is likely targeted at.
Sounds to me about as fulfilling one of the South Park episodes where there's this like über-epic battle going on, except they don't actually show the battle, only the kids watching it and saying stuff "this is the best battle ever", "bigger than LotR" and "man, I wish I had a camera". Don't remember which episode that was, but "movies for the blind" can't be much better. Then I'd rather go with audio books, at least they're written with that in mind that people can't actually see the characters and have to imagine it.
I think that would be the fight between Timmy and Jimmy in http://en.wikipedia.org/wiki/Cripple_Fight though my memory is hazy.
Since they are classified as a religion (thanks to infiltration of CoS into the IRS) wouldn't his service be considered 'worship' and 'volunteering'. However it wouldn't surprise me if they actually were actually doing much worse than just killing people.
It wasn't infiltration, though I'm not saying they didn't try that too. They basically said "give us religious status for tax purposes or we'll all misfile out forms and delay payments as long as possible, good luck finding the resources to pursue even a fraction of our members", and the IRS conceded that it would cost less to let them have their way than to try force them to behave.
I've considered similar for when traveling by train. Not necessarily multiple mobile phone connections, but at least one phone and a connection to the train's similarly reliable and very crowded wireless (the train wireless is sometimes noticeably more lethargic than a GPRS link).
The thought is a simple UDP relay/tunnel that can load balance packets over multiple connections (I have a little server out there that would act as the other end-point) and run OpenVPN over that channel for everything else. That way when both are working and able to send+receive packets I get two connections worth of bandwidth and when one stalls (as both often do, but often not at the same times) or grinds down to a speed at which it might as well be stalled/disconnected I might still have connectivity (just a little slower).
This could easily extend to multiple phones too (if I can get the netbook to work properly with two bluetooth adapters and have the phones paired up reliably), to be on different networks (as I pass through some areas my vodafone signal dies but orange still has coverage, and vice versa).
Of course this will add latency, but only a couple of 10s of ms which is small compared to that already found on either mobile phone or train wireless connections, and will result in a speed decrease when only one connection is active+capable due to the VPNs overhead, but it should provide me with a more reliable experience.
Unfortunately I've not found such an UDP relay (or something else that would do the job of muxing the connections to the same effect) though and don't have time to write+test my own right now, but it might be an interesting spare-time project when I next have enough spare time for it (unless someone beats me to it).
To cut a long story short and actually answer your question: if they are donig something not dissimilar to this then they are getting around the multiple gateways issue by defining their own local gateway and remote end-point which are intelligent enough to bond the different routes into a single link.
If he is going to be away and there is no one left at home (or at least no one sufficiently techie) to fix the setup if something goes wrong then the arrangement is stuff, so "a friend's house" is more the way to go.
Though as poor latency is already going to be an issue I recommend a rented VM on a properly hosted server - then the extra latency of a residential connection will not compound the issue. Also, it might mean more than on VM location during the trip if he is traveling far, so at each location latency can be minimised by keeping the other end of the VPN relatively topologically local (within reason, of course, as he'd have to keep the other end of the VPN somewhere he considers safe enough).
Also if using OpenVPN or similar setup both TCP and UDP endpoints - UDP is preferable (TCP wrapped in TCP can cause noticable efficiency issues for some traffic patterns and network issues) but sometimes a TCP OpenVPN connection works better if only because it can get through bad NAT arrangements more easily. Also setup an extra endpoint on port 80 or 433 as well as the standard OpenVPN port in case of firewall issues, just for good measure in case of strict outgoing port use limitations. For extra paranoia/completeness setup a HTTP-to-generic-TCP gateway too, that way you can connect to the VPN through that if everything but port 80 is blocked and the ISP are using DPI to ensure that traffic on port 80 really is HTTP traffic (far from efficient, but maybe better than nothing at all if that is the only option). This may of course all be far too much work depending on how much the security of the information you are sending is if you can't simply avoid sending it until you get back to your home turf or some other location you consider sufficiently secure.
If they are talking about BT Wholesale then maybe the 25K/30K isn't massively far off expected, but I suspect they are talking about BT Broadband - the ISP part of the organisation. Most ADSL providers go through BT Wholesale for access to their exchange equipment and backhauls and officially BT Broadband is just one of those ISPs. BT won't have been monitoring traffic at the exchange/backhaul level, it will have been monitored at the ISP level so they would not see the users of other ISPs like Demon for instance. And an outside monitor would not see the exchange+backhaul part of the network - from a TCP point of view that is all transparent - so they too would not count users on other ISPs networks as being BT based.
I've found facebook chat relatively stable. Then again, I use it via Pidgin more often than not, rather then through FB itself, so maybe the problems you are seeing symptoms of lie in the client end. Try Pidgin's FB plugin )or other IM clients that have one) and see if you have any more luck.
Yes but several large ISPs have numerous resellers, so I still wouldn't expect such a strong skew to one ISP even considering that. Even allowing for resellers, BT's user base is not even close to that high a portion of the overall Internet connected population of the UK (unless you are counting the exchange equipment, but that is a separate matter).
I wonder how they found the 25000 BT users - it seems odd that 25,000 out of 30,000 come from one ISP if they found them by any public means (i.e by joining swarms on public trackers and seeing which IPs are also operating in the swarm).
My guess is that while they were testing Phorm's targeted-advertising-based-on-snooping technology they were also did something very similar to what Virgin are planning (from the earlier story today "CView's deep packet inspection is the same technology that powered Phorm's advertising system" - CView being what Virgin plan to use to inspect P2P traffic).
I occasionally have to send fairly large files (up to about 100MB) to my patent attorney; they are sent by ftp and are always encrypted using pre-arranged keys. There is a legal duty to maintain secrecy of an invention prior to filing a patent application. Having an unknown third party who is likely to read all of one's secret communications would grievously undermine this duty.
They are likely, if they ever did try to monitor encrypted P2P traffic, to try differentiate between your pre-encrypted FTP transfer example and P2P transfers using some sort of "expectation" clause, stating that as their newly found stats from this investigation say ~80% of P2P traffic infringes and ~5% of FTP/ traffic does (warning figures plucked from thin air). Whether this would hold *any* water legally would depend on how much money they have available for throwing at legal teams and politicians.
That is moot though as they couldn't do it anyway (at very least not practically) and the stink generated would cost them so much that winning any such argument by any means simply wouldn't be worth it.
Also in your FTP example: the pre-shared keys, assuming they were shared by means not involving the IPS(s) that are doing the monitoring, would circumvent the MITM scenarios the parent poster mentioned.
I never read reviews as reviews.
A review to me contains two or three things: advertising for the game, some more details about the gameplay that might be missing from the full-page graphic laden ad or TV spot, and possible it might compare the game to relevant reference points (other games, other relevant media, etc.). If I want an opinion beyond those bits of factual information I will look elsewhere - within days of a game being release there will be many opinions out there to pick from. Admittedly you have to assess each as there will be a mix of astro-turfers and particular-company-haters-who-don't-even-know-the-product-they-are-bashing but if you can find a good active discussion or two you can usually get a good gauge of the state of play.
You also have to remember that the person writing the review isn't you. Your opinions may differ greatly when you actually get hold of the game, so try to read the facts upon which the opinion is based more than the opinion itself. Have a look at Zero Punctuation's reviews - if nothing else he rants entertainingly (IMO), and while the reviews are slanted towards the negative (intentionally so) he will mix in what good points he finds. For instance the BioShock review which if you don't pay attention at the beginning (where he lists the games major good points) you'd mistake a "good and very pretty, but not close to the hype" review fro a complete slating. When he does say something nice you know he means it (as being nasty is what gets him his viewers and therefore his paycheck). Of course I disagree with some of his views, because as stated above he is not me - I liked DeadSpace a lot more than he did (the trick being not to expect too much depth in what is essentially an interactive action flick) but didn't much like PainKiller when I tried it on a friends machine (though a lot of that is based on "what it my kind of game" and "what mood I was in" as much as the game itself.
In summary: you are never going to get a true impression of how much you will like a game from any one review or collection of reviews, so stop trying. "Out of 10" and similar scores are even less (far, far, far less) meaningful.
Caveat: I buy at most on or two of major games most years, and sometimes those are last year's games or earlier (which are now at little as 25% original full price) and occasionally pay for a good indie "casual" distraction, so I'm not really the industries key target audience.
But does it also predict that time is an illusion, lunch-time doubly so? If not then there is still room for a more refined theory.
If the cookie is specific to their site, then yes the most likely method is that they set it based on referrer (directly from the referrer header in the HTTP request) or, more likely as referrer header is stripped by some proxies and other tweaks, from something in the query string of the request.
If the cookie is not specific to that site, and is instead something relevant to Bing more globally, then it would need to be recorded in cookie value(s) from Bing and somehow relayed to the viewing site by client-side jiggery pokery. Thinking about it, this is not actually likely to be happening as it would be too issue prone and not efficient making my previous assessment of "possible but unlikely" wrong - it should be "possible but *very* unlikely".