In other news, Microsoft will be released the very best VCR you've ever seen in 2014: it'll redefine the way you use video tape, just in time for the next mid-terms.
The phone market is done and dusted. People have increasing investment (in money and in time spent learning to use) a collection of applications, and the market for "dumb phone to smart phone" transition is finished. The only market left is competing head-on to switch people away from iPhone (good luck with that) or from Android (fractionally easier, as there's evidence people can be switch to Apple).
In order to compete, Microsoft would either have to completely kill Apple stone-dead in functionality and quality, with a release one product going against a mature product with a mature eco-system (didn't Zune teach them _anything_?) or would have to undercut the commodity Android vendors on price, which is essentially impossible now, never mind in a year's time.
Microsoft are increasing slow to react, and are arriving both late and under-armed at every fight. Music Player, Smart Phone, Tablet: they've missed all three. They need to find a new place to innovate, and for as long as they refuse to do anything which isn't based around Windows, that's going to get harder and harder for them.
Some years ago, the F1 rules were changed so that cars were in parc ferme conditions, with strict limits on what can be done to them, from the start of qualifying on Saturday lunchtime until the race finishes on Sunday afternoon.
The purpose was partly to stop qualifying being its own arms race, with cars in completely different specification than for the race, and partly to reduce costs and the number of travelling staff. At the same time, "T Cars" --- a third car, available as a spare --- were banned, so that if a driver destroys a car in practice the team either have to rebuild it or not race. They're allowed to travel with a spare monocoque, but it cannot be built-up and it does not get pit space.
There were endless howlings from the teams, claiming that without a complete strip-down after qualifying, with a large crew working overnight to check everything on the car, reliability would go through the floor and races would finish with only a handful of stragglers fighting a durability battle (our US viewers may find this ironic in light of a certain US Grand Prix, of course).
The same argument was advanced, mutatis mutandis, over limitations on engines and gearboxes, limitations on the number of gear clusters available, limitations on certain forms of telemetry and a wide variety of "the cars can't just be left to run themselves, you know" interventions.
In fact, reliability is now far greater than ten years ago. It's not uncommon for there to be no mechanical retirements, certainly not from the longer-standing teams, and the days of engines imploding on the track are long gone. A front-running driver will probably only have one, if even that, mechanical DNF per season. The teams deliver a functioning car when the pit lane opens at 1pm Saturday, and that car then runs twenty or thirty laps in qualifying and sixty or seventy in the race, a total of perhaps 250 miles, without much maintenance work beyond tyres, fluids and batteries (section 34.1 on page 18 of the sporting regulations).
So again, we see that "preventative maintenance" turns out to really be "provocative maintenance", and leaving working machines alone is the best medicine for them.
That isn't quite the case. If a disk drive is seized under a search warrant or data is intercepted under a content interception warrant, then it's an offence not to hand over the keys when asked (although there are a set of defences which might hold: it isn't a strict liability offence). But the police can't ask you for the keys at their own initiative (search warrants require a court order, content interception warrants are rare beasts and require the Home Secretary's personal signature to an application) and the government can't (because they aren't the courts, and the Home Secretary is acting in his role as minister of state, not as a member of the government).
But the case of interception warrants issued by the Home Secretary is a slight side-show, as I'm not aware of any notices to produce keys for intercept product, and in practice it would be pointless to make such an order. There may be someone out there somewhere using a protocol which doesn't offer Perfect Forward Secrecy (for example, statically-keyed IPSec) but the vast majority of encryption protocols likely to be used over a network cannot be decrypted even by someone who retrospectively obtains all the static keys.
There have been notices to produce keys for disks that have been seized under search warrants, and there's a legitimate debate to be had about that. However, unless you're about fifteen and believe that sticking it to the man is a victimless crime and the police are all fascists, yah, the general contention that the courts of the land can issue search warrants and then demand that the product of that search be rendered intelligible does not seem unreasonable, nor is there the slightest evidence that the power is being over-used (about half a dozen cases in the past ten years, I believe). Moreover, the legislation quite carefully allows you to disclose session keys, rather than long-term keys, and quite carefully excludes any power to demand long-term keys.
There's a lot wrong with RIPA 2000, and a lot of the debates both at the time and more recently needed to be had. But claiming it gives the police or, worse, the government the power to seize keys (by implication long-term keys) is both untrue and unhelpful.
My point is that physical media, unencumbered by DRM, means that the content of that media is accessible in most cases, years or even decades later.
I've got some data on a reel-to-reel tape written on a Pr1me, and another from Multics. I've got some data written on QIC-11 on a long-obsolete low-volume Unix box. I've got some punch tape. All of these things might be readable in extreme circumstances (although I think the Multics data would be extremely challenging, what with 9-bit bytes and all) but for practical purposes they're dead.
On the other hand, I've copied my home directory from system to system for the past twenty-five years. I've got files with Unix time stamps in the mid 1980s (including, usefully, a Kermit'd copy of most of the data from the Multics system).
Data you want to keep needs to be on current systems, with current backups. Outside a narrow time window, older media isn't readable without extreme measures
Surely to God backup policies are not the responsibility of system administrators? They can propose, I guess, but the sign-off and the strategy must come from someone with a risk-management responsibility, and (in my experience in the UK) auditors won't sign off accounts without a discussion about IT resilience --- it's an "going concern" issue. If they are given a silly budget then ultimately there's nothing the Admins can do, but they should be banging at the door demanding sufficient budget and then telling the auditors the issues.
I wouldn't dismiss "emulation" so blithely. Macs can, of course, run VMware or VirtualBox and run Linux, Solaris or Windows (or other things) inside those partitions. I have a Mac running all those three. The performance is mostly native, certainly for the things I'm using it for. The days of having to use VirtualPC to run a software x86 are long gone.
Rowan Atkinson believes in having the right to offend, so long as he's not the one being offended. He reaches for the libel courts (see here) and secures a five-figure payout for things that are "ludicrous, hurtful and irresponsible" being written about him. If they're ludicrous, no-one will believe them. How can being hurtful be grounds for a libel action, when he says that other people don't have the right to be hurt?
"In this case it would have been reasonable to submit a complaint to Facebook that would result in the offending user being banned or having the offending account removed,"
It's not at all clear if the victims did complain to Facebook, but as he was posting under false details, banning the user or removing the account would have made little difference. He had been officially warned by the police in 2009, so presumably this represented an escalation of previous behaviour.
It turns out that his father is the author of this. It's not hard to imagine an alcoholic with Asbergers confusing that with what he actually did.
Your argument would be better were it to be based on the actual facts.
There is a clear defence at S.66 of the legislation in that showing that you were a participant and you (and others) were harmed beyond what you consented to. In principle, the person you shared the images with could be charged with possession and because they would not be a participant, S.66 would not apply; you, however, could not be charged, as you would be a participant.
However, as the offence requires the consent of the DPP in order to charge (which is code for "we've been forced to pass this law by public pressure, but you're out of your mind if you think we're going to use it more than we have to") it's highly unlikely that a scenario where you could produce the participants and have them testify that the acts were consensual would ever reach court, irrespective of whether the images were held by a participant or someone the participant had passed them to.
Of course, if the images portray acts that appear not to be consensual _and_ you can't produce evidence that they are, that's a problem for you, but that isn't the scenario you're outlining. However, "rough sex" wouldn't fall under the legislation at all, and nor would most BDSM. The legislation (op. cit.) and the CPS guidance make interesting reading.
Strangely, both the US and the UK have what we courts, in which sit what we call judges (or in this case magistrates), who are given evidence, and who weigh it up and reach verdicts. Or in this case, don't, because he pleaded guilty: had he pleaded innocent, we don't know what the outcome would have been, because there's never been such a contested case. That he'd been previously formally cautioned for the same behaviour says he knew exactly where the line was, hence his plea.
Neither the UK nor the US have the exact lines you ask for, in this or in any other matter, because that's what courts are for in common law jurisdictions (I guess Louisiana might be different). All we know is that in this case the CPS held there was a case that they felt would result in a conviction, but before it came to trial he pleaded guilty. Had he been convinced he was in the right, he could have pled innocent, could probably have opted for a jury trial, and could certainly have appealed any verdict he disagreed with. He did none of those things. So we have people on slashdot proclaiming the innocence of someone who pled guilty: a strange state of affairs.
They don't need to prove anything: he pleaded guilty. The chances of an alcoholic with Asberger's being a master cyber-criminal are approximately zero, especially as he had been suspected of being a long-term troll elsewhere http://forums.readingfestival.com/m995896-print.aspx.
To those that ask whether in UK law the same behaviour would have had the same reaction were a computer not involved, the likelihood is "yes". There was a recent case in which a very stupid woman decided that shouting "bang! bang!" to a policeman who had been blinded in a high-profile shoot-out was amusing http://www.capitalfm.com/northeast/on-air/news-travel/local-news/sunderland-woman-faces-jail-shouting-abuse-moat-vi/. She was extremely lucky not to get a substantial jail sentence, but there was no suggestion that it was part of a long-term or deliberate scheme (she hadn't, for example, travelled to find him with the intent of shouting "bang!"). In this case, it clearly was not the spur of the moment or impulse: you can't make a custom video for the purpose of being obnoxious in a moment of madness. And the chances are the Duffy would have been too much of a coward to do it face to face anyway: it was precisely because he thought he was untouchable that he did it.
The argument that people who leave open tribute pages should expect to be trolled is the sort of sociopathic nonsense we can expect from geeks. People had front gardens without barbed wire fences, but don't expect people to shit on the middle of the lawn. In fact, one reason why a heavy cluestick needs to be wielded at tossers like Duffy is precisely that they are willing to behave with a computer in a way they (probably) wouldn't in real life, and the idea that somehow things done online aren't real --- which was part of his "oh, it's my Asberger's" plea in mitigation --- needs to be stamped on.
I wonder if this will end up hurting Apple because it will start people thinking that if Apple is trying tactics like this to stop sales of the Galaxy Tab, then the Galaxy Tab must offer serious competition to the iPad.
What proportion of the potential iPad market follows technology court cases, forms an opinion on them and then uses that opinion to influence their purchasing decisions? 0.1%? More? You think?
There's a reason why in proper IA environments, people who are given actual sight of actual key material are trained, and that key material itself is classified to the level of the ciphertext it unlocks. No one comes out of this well: a bunch of people who don't understand how to keep stuff long-term safe playing at spies.
For the Graun to publish key material, even stuff they "know" to be meaningless, is irresponsible. Publishing that key assumed that the ciphertext had been securely destroyed, and I cannot for one second believe that a newspaper has the IA regime in place to do that, nor the ability to know that the initial transfer from Wikileaks to the Graun hadn't been observed by a state or non-state actor.
For Wikileaks to use the same passphrase for their insurance copy of the file and the copy they passed to their collaborators is insane: there must be fifty and more groups with that pass phrase if the same process was repeated for all the people working on those cables. That meant that a repressive regime had a large choice of people in many countries they could kidnap and extract the key from, for example.
There's no cross-check on passports as you describe. It would require each airport to only receive flights from countries that send API, which isn't the case in Europe.
If that interlock is in place, then my friend go airside with me, then exit back out with some arriving passengers (remember, it's an airport with poor in/out segregation). My friends have valid ID, remember, sufficient to check-in for an internal flight, so should have enough to exit airside.
The problem in some airports in inbound/outbound segregation.
Here's the attack. I check in, with three friends at London for a flight to Edinburgh. My three friends leave the airport and go home, while I go airside with four boarding passes. There I meet three confederates, inbound from random country X. We then board the flight to Edinburgh where we arrive as internal passengers, and do not need to pass through any controls.
So what happens at, say, BHX (which has weak segregation owing to its design) is that internal passengers are photographed as they go air-side, the photograph linked to the boarding pass. When you arrive at the gate, they confirm you're the same person.
LHR T5 was built to work like this, and the cameras have been there since it opened: they want the commercial opportunity of having inbound passengers using the restaurants and shops. BHX does the photo-matching with real people, but presumably LHR's volumes mean it needs to be automated.
These stories have very common themes: the male is some kind of famous, the girl is some desperate wannabe famous and is represented by Max Clifford. If the male is at the peak of his celebrity, it's a fair bet that he did not pay his protection money, er I mean is not employing Max Clifford and a PR firm is trying to snag him with a grappling hook in order to drag up their "victim" into the spotlight for fame and/or interview fees.
Sorry, I don't buy it. I'm not an "everything must be free, man" extremist, and I have over the years been involved in various privacy campaigns. But there's not the slightest suggestion in this case that the footballers involved are the victims of scurrilous falsehoods. If that is the case, they are entirely at liberty to sue for libel; in their current position that would give them an opportunity to have their day in court and to force newspapers to justify their stories. As Elton John proved, that can be a very powerful weapon.
If, however, they actually did have affairs with Imogen Thomas, then their only serious recourse would be an accusation of blackmail: that she slept with them and is now threatening to reveal that fact if she is not paid money. But that's not the case either: there's no suggestion that the footballers were given an "or else", and even if's shes gold-digging in her quest for tabloid money, she was just as much a participant in the alleged affairs as the footballers, and is just as entitled to keep or breach her privacy. Kiss and tell isn't the hallmark of a gentleman or a lady, but it's not a matter for the law.
And the footballers had a simple cure for this (as did Andrew Marr): if you don't want newspaper stories about your infidelity to upset your wife, don't be unfaithful. In each case, rich and powerful men have had affairs with less rich and less powerful women, whilst married, and then complained when in the aftermath the woman hasn't been prepared to keep quiet. Sure, they're all morally grubby, but I don't think there's a monopoly of virtue on the part of unfaithful men.
the fact that Twitter is American is more or less meaningless. Since they operate in Britain, they have to abide by British law
Do Twitter operate in the UK? They were talking about opening an office in the UK recently but I don't think they have yet, and the legal action is against their US operation. People who access their website from the UK have to do so within the bounds of UK criminal law, and if anything do is deemed to be "publishing" they are at risk under UK libel and defamation laws, but neither of these impact the website they're accessing.
You don't need to be a UK company for your website to be accessed in the UK, and it would be clearly insane to attempt to claim that should be the case. As I haven't been served an injunction by anyone, I'm not bound by it, and to attempt to claim that passing on 28th-hand rumours lays me open to an action for contempt of court is preposterous (it would open me up to a claim of libel, but as no-one including the footballer in question is contesting the truth of the matter I don't think we need to worry about that).
I think CTG's lawyers are going to be straight out of luck. Edward VIII couldn't keep his affairs secret for long, and that was in an era when international phone calls were close to magic. Spanish newspapers are openly publishing his name in the run-up to the European Cup final, for example.
There are no privacy laws in the UK, which is at the heart of the dispute. Judges are making caselaw out of the Human Rights Act, and therefore the European Convention on Human Rights. The balance between article eight privacy and article ten freedom of expression is unclear, and because European caselaw isn't incorporated into UK caselaw, and anyway there isn't very much of it, this is all pretty unexplored.
What's happened now is not that his lawyers are suing Twitter as a defendant, they're trying to get a Norwich Pharmacal order against Twitter. That's an order that says "I want to sue someone, and you have information that is important to that action". It doesn't injunct Twitter, and wouldn't even if they were a UK company, it merely demands they hand over information they have. It's going to be a car-crash, because Twitter don't (and don't need to) authenticate users, IP numbers have already been found to be insufficient evidence of identity as part of the ACS:Law debacle, and as others have pointed out there's US legislation (SPEECH Act?) which makes assisting overseas censorship an offence for a California company. "CTG"'s lawyers (like we don't know who it really is) appear to think the Streisand effect is a good thing.
The paper dates back to 2009. I can't get it through my university library, so the journal is clearly very obscure.
A key logger can log this information, and replay the recorded events to precisely mimic the rhythm of the original typing. It's hard to see how you get around this. It might be protective against shoulder-surfing, although I'd take some convincing that you can get the discrimination right without introducing a lot of false alarms, but it won't provide any protection at all against network or malware based logging.
For example, if someone modified the code to completely break the entropy generation in a widely used cryptography library in a major Linux distribution, with the effect that you only had to search 32768 possibilities in order break "4096 bit" cryptography, the benefit of open source is that it would be spotted immediately.
No, wait...
One interpretation of that disaster is that people who were completely unqualified to work on crypto code made a stupid mistake. Another is that people who were most certainly qualified to work on crypto code made an excellent move for the security services.
That doesn't work. It makes the password the hash, and means that an observer of the transaction can replay it later. The point about storing plaintext is that you can send the client a random nonce, which they catenate with the password and return as a hash. Whether that plaintext is abc or md5(abc) is irrelevant: the point is that the client and the server have to share a secret.
Re:What problem does Gnome 3 solve?
on
GNOME 3 Released
·
· Score: 1
" I don't want application designers telling me how to organise my desktop. I want them to give me the tools that let me organise my desktop however I want. But they're not. Why?"
One reason is that schools, employers and the vast majority of the public just want to get on with their work (or just want their students and staff to get on with their work), rather than investing large amounts of time seeking "better" user interfaces built out of a kit of parts. Fiddling around with your desktop (or dot-emacs, or shell, or whatever), claiming that you'll make the time back later in "increased productivity" is one of the classic procrastination techniques for postgrads, and I suspect it's of little interest outside a small pool of nerds. The lack of customizability that nerds deride about Apple's products is precisely why they've achieved such market popularity: they work out of the box. That's what most people want.
Slashdot Mirror
The phone market is done and dusted. People have increasing investment (in money and in time spent learning to use) a collection of applications, and the market for "dumb phone to smart phone" transition is finished. The only market left is competing head-on to switch people away from iPhone (good luck with that) or from Android (fractionally easier, as there's evidence people can be switch to Apple).
In order to compete, Microsoft would either have to completely kill Apple stone-dead in functionality and quality, with a release one product going against a mature product with a mature eco-system (didn't Zune teach them _anything_?) or would have to undercut the commodity Android vendors on price, which is essentially impossible now, never mind in a year's time.
Microsoft are increasing slow to react, and are arriving both late and under-armed at every fight. Music Player, Smart Phone, Tablet: they've missed all three. They need to find a new place to innovate, and for as long as they refuse to do anything which isn't based around Windows, that's going to get harder and harder for them.
The purpose was partly to stop qualifying being its own arms race, with cars in completely different specification than for the race, and partly to reduce costs and the number of travelling staff. At the same time, "T Cars" --- a third car, available as a spare --- were banned, so that if a driver destroys a car in practice the team either have to rebuild it or not race. They're allowed to travel with a spare monocoque, but it cannot be built-up and it does not get pit space.
There were endless howlings from the teams, claiming that without a complete strip-down after qualifying, with a large crew working overnight to check everything on the car, reliability would go through the floor and races would finish with only a handful of stragglers fighting a durability battle (our US viewers may find this ironic in light of a certain US Grand Prix, of course).
The same argument was advanced, mutatis mutandis, over limitations on engines and gearboxes, limitations on the number of gear clusters available, limitations on certain forms of telemetry and a wide variety of "the cars can't just be left to run themselves, you know" interventions.
In fact, reliability is now far greater than ten years ago. It's not uncommon for there to be no mechanical retirements, certainly not from the longer-standing teams, and the days of engines imploding on the track are long gone. A front-running driver will probably only have one, if even that, mechanical DNF per season. The teams deliver a functioning car when the pit lane opens at 1pm Saturday, and that car then runs twenty or thirty laps in qualifying and sixty or seventy in the race, a total of perhaps 250 miles, without much maintenance work beyond tyres, fluids and batteries (section 34.1 on page 18 of the sporting regulations).
So again, we see that "preventative maintenance" turns out to really be "provocative maintenance", and leaving working machines alone is the best medicine for them.
But the case of interception warrants issued by the Home Secretary is a slight side-show, as I'm not aware of any notices to produce keys for intercept product, and in practice it would be pointless to make such an order. There may be someone out there somewhere using a protocol which doesn't offer Perfect Forward Secrecy (for example, statically-keyed IPSec) but the vast majority of encryption protocols likely to be used over a network cannot be decrypted even by someone who retrospectively obtains all the static keys.
There have been notices to produce keys for disks that have been seized under search warrants, and there's a legitimate debate to be had about that. However, unless you're about fifteen and believe that sticking it to the man is a victimless crime and the police are all fascists, yah, the general contention that the courts of the land can issue search warrants and then demand that the product of that search be rendered intelligible does not seem unreasonable, nor is there the slightest evidence that the power is being over-used (about half a dozen cases in the past ten years, I believe). Moreover, the legislation quite carefully allows you to disclose session keys, rather than long-term keys, and quite carefully excludes any power to demand long-term keys.
There's a lot wrong with RIPA 2000, and a lot of the debates both at the time and more recently needed to be had. But claiming it gives the police or, worse, the government the power to seize keys (by implication long-term keys) is both untrue and unhelpful.
I've got some data on a reel-to-reel tape written on a Pr1me, and another from Multics. I've got some data written on QIC-11 on a long-obsolete low-volume Unix box. I've got some punch tape. All of these things might be readable in extreme circumstances (although I think the Multics data would be extremely challenging, what with 9-bit bytes and all) but for practical purposes they're dead.
On the other hand, I've copied my home directory from system to system for the past twenty-five years. I've got files with Unix time stamps in the mid 1980s (including, usefully, a Kermit'd copy of most of the data from the Multics system).
Data you want to keep needs to be on current systems, with current backups. Outside a narrow time window, older media isn't readable without extreme measures
Surely to God backup policies are not the responsibility of system administrators? They can propose, I guess, but the sign-off and the strategy must come from someone with a risk-management responsibility, and (in my experience in the UK) auditors won't sign off accounts without a discussion about IT resilience --- it's an "going concern" issue. If they are given a silly budget then ultimately there's nothing the Admins can do, but they should be banging at the door demanding sufficient budget and then telling the auditors the issues.
I wouldn't dismiss "emulation" so blithely. Macs can, of course, run VMware or VirtualBox and run Linux, Solaris or Windows (or other things) inside those partitions. I have a Mac running all those three. The performance is mostly native, certainly for the things I'm using it for. The days of having to use VirtualPC to run a software x86 are long gone.
Some people really don't get the hint, do they?
Rowan Atkinson believes in having the right to offend, so long as he's not the one being offended. He reaches for the libel courts (see here) and secures a five-figure payout for things that are "ludicrous, hurtful and irresponsible" being written about him. If they're ludicrous, no-one will believe them. How can being hurtful be grounds for a libel action, when he says that other people don't have the right to be hurt?
It's not at all clear if the victims did complain to Facebook, but as he was posting under false details, banning the user or removing the account would have made little difference. He had been officially warned by the police in 2009, so presumably this represented an escalation of previous behaviour.
It turns out that his father is the author of this. It's not hard to imagine an alcoholic with Asbergers confusing that with what he actually did.
There is a clear defence at S.66 of the legislation in that showing that you were a participant and you (and others) were harmed beyond what you consented to. In principle, the person you shared the images with could be charged with possession and because they would not be a participant, S.66 would not apply; you, however, could not be charged, as you would be a participant.
However, as the offence requires the consent of the DPP in order to charge (which is code for "we've been forced to pass this law by public pressure, but you're out of your mind if you think we're going to use it more than we have to") it's highly unlikely that a scenario where you could produce the participants and have them testify that the acts were consensual would ever reach court, irrespective of whether the images were held by a participant or someone the participant had passed them to.
Of course, if the images portray acts that appear not to be consensual _and_ you can't produce evidence that they are, that's a problem for you, but that isn't the scenario you're outlining. However, "rough sex" wouldn't fall under the legislation at all, and nor would most BDSM. The legislation (op. cit.) and the CPS guidance make interesting reading.
Neither the UK nor the US have the exact lines you ask for, in this or in any other matter, because that's what courts are for in common law jurisdictions (I guess Louisiana might be different). All we know is that in this case the CPS held there was a case that they felt would result in a conviction, but before it came to trial he pleaded guilty. Had he been convinced he was in the right, he could have pled innocent, could probably have opted for a jury trial, and could certainly have appealed any verdict he disagreed with. He did none of those things. So we have people on slashdot proclaiming the innocence of someone who pled guilty: a strange state of affairs.
To those that ask whether in UK law the same behaviour would have had the same reaction were a computer not involved, the likelihood is "yes". There was a recent case in which a very stupid woman decided that shouting "bang! bang!" to a policeman who had been blinded in a high-profile shoot-out was amusing http://www.capitalfm.com/northeast/on-air/news-travel/local-news/sunderland-woman-faces-jail-shouting-abuse-moat-vi/. She was extremely lucky not to get a substantial jail sentence, but there was no suggestion that it was part of a long-term or deliberate scheme (she hadn't, for example, travelled to find him with the intent of shouting "bang!"). In this case, it clearly was not the spur of the moment or impulse: you can't make a custom video for the purpose of being obnoxious in a moment of madness. And the chances are the Duffy would have been too much of a coward to do it face to face anyway: it was precisely because he thought he was untouchable that he did it.
The argument that people who leave open tribute pages should expect to be trolled is the sort of sociopathic nonsense we can expect from geeks. People had front gardens without barbed wire fences, but don't expect people to shit on the middle of the lawn. In fact, one reason why a heavy cluestick needs to be wielded at tossers like Duffy is precisely that they are willing to behave with a computer in a way they (probably) wouldn't in real life, and the idea that somehow things done online aren't real --- which was part of his "oh, it's my Asberger's" plea in mitigation --- needs to be stamped on.
What proportion of the potential iPad market follows technology court cases, forms an opinion on them and then uses that opinion to influence their purchasing decisions? 0.1%? More? You think?
For the Graun to publish key material, even stuff they "know" to be meaningless, is irresponsible. Publishing that key assumed that the ciphertext had been securely destroyed, and I cannot for one second believe that a newspaper has the IA regime in place to do that, nor the ability to know that the initial transfer from Wikileaks to the Graun hadn't been observed by a state or non-state actor.
For Wikileaks to use the same passphrase for their insurance copy of the file and the copy they passed to their collaborators is insane: there must be fifty and more groups with that pass phrase if the same process was repeated for all the people working on those cables. That meant that a repressive regime had a large choice of people in many countries they could kidnap and extract the key from, for example.
UK has far higher traffic density, though, coupled with probably higher speeds than the US.
There's no cross-check on passports as you describe. It would require each airport to only receive flights from countries that send API, which isn't the case in Europe.
If that interlock is in place, then my friend go airside with me, then exit back out with some arriving passengers (remember, it's an airport with poor in/out segregation). My friends have valid ID, remember, sufficient to check-in for an internal flight, so should have enough to exit airside.
The problem in some airports in inbound/outbound segregation.
Here's the attack. I check in, with three friends at London for a flight to Edinburgh. My three friends leave the airport and go home, while I go airside with four boarding passes. There I meet three confederates, inbound from random country X. We then board the flight to Edinburgh where we arrive as internal passengers, and do not need to pass through any controls.
So what happens at, say, BHX (which has weak segregation owing to its design) is that internal passengers are photographed as they go air-side, the photograph linked to the boarding pass. When you arrive at the gate, they confirm you're the same person.
LHR T5 was built to work like this, and the cameras have been there since it opened: they want the commercial opportunity of having inbound passengers using the restaurants and shops. BHX does the photo-matching with real people, but presumably LHR's volumes mean it needs to be automated.
Sorry, I don't buy it. I'm not an "everything must be free, man" extremist, and I have over the years been involved in various privacy campaigns. But there's not the slightest suggestion in this case that the footballers involved are the victims of scurrilous falsehoods. If that is the case, they are entirely at liberty to sue for libel; in their current position that would give them an opportunity to have their day in court and to force newspapers to justify their stories. As Elton John proved, that can be a very powerful weapon.
If, however, they actually did have affairs with Imogen Thomas, then their only serious recourse would be an accusation of blackmail: that she slept with them and is now threatening to reveal that fact if she is not paid money. But that's not the case either: there's no suggestion that the footballers were given an "or else", and even if's shes gold-digging in her quest for tabloid money, she was just as much a participant in the alleged affairs as the footballers, and is just as entitled to keep or breach her privacy. Kiss and tell isn't the hallmark of a gentleman or a lady, but it's not a matter for the law.
And the footballers had a simple cure for this (as did Andrew Marr): if you don't want newspaper stories about your infidelity to upset your wife, don't be unfaithful. In each case, rich and powerful men have had affairs with less rich and less powerful women, whilst married, and then complained when in the aftermath the woman hasn't been prepared to keep quiet. Sure, they're all morally grubby, but I don't think there's a monopoly of virtue on the part of unfaithful men.
Do Twitter operate in the UK? They were talking about opening an office in the UK recently but I don't think they have yet, and the legal action is against their US operation. People who access their website from the UK have to do so within the bounds of UK criminal law, and if anything do is deemed to be "publishing" they are at risk under UK libel and defamation laws, but neither of these impact the website they're accessing.
You don't need to be a UK company for your website to be accessed in the UK, and it would be clearly insane to attempt to claim that should be the case. As I haven't been served an injunction by anyone, I'm not bound by it, and to attempt to claim that passing on 28th-hand rumours lays me open to an action for contempt of court is preposterous (it would open me up to a claim of libel, but as no-one including the footballer in question is contesting the truth of the matter I don't think we need to worry about that).
I think CTG's lawyers are going to be straight out of luck. Edward VIII couldn't keep his affairs secret for long, and that was in an era when international phone calls were close to magic. Spanish newspapers are openly publishing his name in the run-up to the European Cup final, for example.
There are no privacy laws in the UK, which is at the heart of the dispute. Judges are making caselaw out of the Human Rights Act, and therefore the European Convention on Human Rights. The balance between article eight privacy and article ten freedom of expression is unclear, and because European caselaw isn't incorporated into UK caselaw, and anyway there isn't very much of it, this is all pretty unexplored.
What's happened now is not that his lawyers are suing Twitter as a defendant, they're trying to get a Norwich Pharmacal order against Twitter. That's an order that says "I want to sue someone, and you have information that is important to that action". It doesn't injunct Twitter, and wouldn't even if they were a UK company, it merely demands they hand over information they have. It's going to be a car-crash, because Twitter don't (and don't need to) authenticate users, IP numbers have already been found to be insufficient evidence of identity as part of the ACS:Law debacle, and as others have pointed out there's US legislation (SPEECH Act?) which makes assisting overseas censorship an offence for a California company. "CTG"'s lawyers (like we don't know who it really is) appear to think the Streisand effect is a good thing.
The paper dates back to 2009. I can't get it through my university library, so the journal is clearly very obscure. A key logger can log this information, and replay the recorded events to precisely mimic the rhythm of the original typing. It's hard to see how you get around this. It might be protective against shoulder-surfing, although I'd take some convincing that you can get the discrimination right without introducing a lot of false alarms, but it won't provide any protection at all against network or malware based logging.
For example, if someone modified the code to completely break the entropy generation in a widely used cryptography library in a major Linux distribution, with the effect that you only had to search 32768 possibilities in order break "4096 bit" cryptography, the benefit of open source is that it would be spotted immediately. No, wait... One interpretation of that disaster is that people who were completely unqualified to work on crypto code made a stupid mistake. Another is that people who were most certainly qualified to work on crypto code made an excellent move for the security services.
That doesn't work. It makes the password the hash, and means that an observer of the transaction can replay it later. The point about storing plaintext is that you can send the client a random nonce, which they catenate with the password and return as a hash. Whether that plaintext is abc or md5(abc) is irrelevant: the point is that the client and the server have to share a secret.
" I don't want application designers telling me how to organise my desktop. I want them to give me the tools that let me organise my desktop however I want. But they're not. Why?"
One reason is that schools, employers and the vast majority of the public just want to get on with their work (or just want their students and staff to get on with their work), rather than investing large amounts of time seeking "better" user interfaces built out of a kit of parts. Fiddling around with your desktop (or dot-emacs, or shell, or whatever), claiming that you'll make the time back later in "increased productivity" is one of the classic procrastination techniques for postgrads, and I suspect it's of little interest outside a small pool of nerds. The lack of customizability that nerds deride about Apple's products is precisely why they've achieved such market popularity: they work out of the box. That's what most people want.