Slashdot Mirror


User: jimicus

jimicus's activity in the archive.

Stories
0
Comments
7,388
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,388

  1. Re:It's an appalling piece of legislation on In UK, Two Convicted of Refusing To Decrypt Data · · Score: 1

    You raise a very good point. So good, in fact, that I thought I'd take a look at the law myself. Bear in mind IANAL so take everything in this post with a pinch of salt.

    The relevant section of the law is here:

    http://www.opsi.gov.uk/acts/acts2000/ukpga_20000023_en_8#pt3-pb1

    I refer you specifically to section 49(2), which governs when a notice under this act may be given:

    2. If any person with the appropriate permission under Schedule 2 believes, on reasonable groundsâ"

    (a) that a key to the protected information is in the possession of any person,

    Further down, we get an idea of what sort of defences are open to someone who receives such a notice - section 53(3):

    (3) For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time ifâ"

    (a) sufficient evidence of that fact is adduced to raise an issue with respect to it; and

    (b) the contrary is not proved beyond a reasonable doubt.

    I note clause 3a is nicely open to interpretation.

  2. Re:One place to hide is game files. on Encryption? What Encryption? · · Score: 1

    but the evidence was still resident (possibly replicated) in the unencrypted portion of the filesystem anyway.

    You hit upon a very important point, which a lot of people advocating Truecrypt (or indeed any encryption software) seldom account for:

    1. Your operating system swaps RAM pages to an unencrypted part of the disk. Some of those pages may contain the data you're trying to keep secret.

    2. You've disabled swap. Aren't you clever? Do you plan on checking over every application that can open files in your encrypted area to ensure that it doesn't operate it's own on-disk swapping mechanism? Or put chunks of data in temporary files? No? Oh dear.

    Full-disk encryption solves these issues but I daresay is used even less often.

  3. Re:Comments on Encryption? What Encryption? · · Score: 1

    Erm... well, they say imitation is the sincerest form of flattery. Thanks, I think.

  4. Re:Self-incrimination on Encryption? What Encryption? · · Score: 2, Interesting

    Don't joke, this isn't a million miles from the truth. In general terms, it's not a good idea to carry a knife in public in the UK. Which makes the process of buying kitchen utensils rather awkward.

    To be fair, the shop I bought my last knives from had already had the "how do our customers avoid arrest?" conversation with the local police and advised me to keep it in its packaging and don't even take it out of the bag until getting home.

    When I take knives for re-grinding, I wrap them up pretty thoroughly though mainly for show - to show that if I wanted to use them for defence I'd first have to spend several minutes taking them out of a rucksack and removing several layers of tea towel, in order to reveal a knife about as sharp as a sausage. But even then I'm not certain and it's bloody ridiculous that I should feel that consulting a solicitor may be wise before doing something perfectly normal.

  5. Re:Self-incrimination becoming mandatory on In UK, Two Convicted of Refusing To Decrypt Data · · Score: 1

    Don't know about where you are, but we have no right to silence in the UK. The police can quite legitimately demand to know why you didn't tell them earlier when you present your defence in court and encourage the judge/jury to infer from that the reason why you didn't tell them is because you invented it some time between arrest and court appearance.

    Doesn't mean you should give them an easy ride by answering everything in excruciating detail, though.

  6. Re:Self-incrimination becoming mandatory on In UK, Two Convicted of Refusing To Decrypt Data · · Score: 2, Informative

    Technically, they're meant to ask "Do you understand?" immediately after that and you're perfectly entitled to say "No, I don't understand, Officer".

    In theory, they're then meant to produce a copy of the Police and Criminal Evidence act which you are free to read until such time as you do understand.

    Whether or not anybody's ever got away with something simply by "not understanding" indefinitely I really don't know, but it's nice to think it may have happened.

  7. It's an appalling piece of legislation on In UK, Two Convicted of Refusing To Decrypt Data · · Score: 5, Insightful

    It's an appalling piece of legislation for a number of reasons:

    1. It makes forgetting your decryption key/passphrase/whatever illegal. Yes, seriously. The burden of proof is on the accused to show that they can no longer decrypt the data - how the hell do you prove you don't have something?

    2. The people who it was originally intended to inconvenience - the real terrorists, if you like - aren't going to be even remotely concerned by it. They know full well that there is a risk they'll be caught and spend time in jail. If it's a choice between "reveal the decryption key, thus providing the police with the only evidence they're likely to find which implicates you and a number of others for so many criminal activities you'll be in prison for 20 years and when you get out you'll get a bullet in the head for the people who you dropped in it" or "keep your mouth shut, go to prison for two years", I wonder which one they'll chose?

  8. Re:6 years ago on Times Are Tough For Nigerian Scammers · · Score: 1

    No, I don't need your help. It's just like so many others I've read all about these scams and I'm surprised - and, to be honest, mildly impressed - that anyone's succeeded in getting money back out of these people.

    Fair play to you - I wouldn't fancy going over to Nigeria and risk being shot and left on the side of the road somewhere.

  9. Re:Even smart people are easy to fool on The Outing of Pranknet · · Score: 1

    Lots of people use the "personal responsiblity" defence for these kinds of pranks. Unfortunately, your brain is hard wired practically from birth to listen to authority.

    To a certain extent, this is kind of necessary for the continued survival of any animal that lives in social groups.

  10. Re:Only in a thoroughly corrupt society on AT&T Makes Its Terms of Service Even Worse, To Discourage Lawsuits · · Score: 1

    My point is that there is something terribly wrong when laws allow companies to decline liability via a standard form contract. The practice obviously favors large corporate interests over ordinary people. When companies large enough to have legal departments start to be dominant force shaping policy, we know we're the sick man of the world.

    In most countries, companies can't decline liability.

    The whole point of such terms is to discourage people from suing, the company knows full well that such terms won't stand up in court. Hell, if they're that certain the terms are solid they can simply refuse to attend court on receiving the summons, instead sending a short note saying "We refer you to this clause in our terms of service" but I bet you anything you like they wouldn't.

  11. Re:6 years ago on Times Are Tough For Nigerian Scammers · · Score: 1

    It's possible to get that kind of money OUT of a scammer?

    How, exactly?

  12. Re:Asymmetrical warfare on Twitter, Facebook DDoS Attack Targeted One User · · Score: 1

    It's called The Streisand Effect, Russia, and it's very real.

    IME, countries care significantly less about what others think of them than your average private individual or organisation does.

  13. Re:Outstanding. on UK National ID Card Cloned In 12 Minutes · · Score: 1

    The BBC wouldn't want to put the Government on the spot.

    They may be slightly more tame following the "sexed-up dossier" (which, it transpires, was actually a pretty accurate bit of journalism) but they have certainly not had a problem with putting the government on the spot in the past. They still employ Jeremy Paxman, don't they?

    http://www.youtube.com/watch?v=sCo7qbzEX3c

  14. Re:Good and bad points on Apple Working On Tech To Detect Purchasers' "Abuse" · · Score: 1

    Ah, but therein lies the problem. Assuming it ever got to court, it would be you suing Apple. Meaning the burden of proof is on you. Which is going to be very difficult to overcome when Apple trot out something like "the sensor works as designed 99.9something% of the time".

  15. Good and bad points on Apple Working On Tech To Detect Purchasers' "Abuse" · · Score: 3, Insightful

    The biggest problem I see with this is that these sensors won't be 100% accurate. Very few things in this world are.

    But manufacturers will almost certainly treat them as if they are.

    So let's say you have a faulty moisture sensor in your laptop and the laptop fails through no fault of your own - it goes back and you get a rude email a week later saying "You let it get wet. Go away."

    Obviously you can take the "sue the bastards" approach, but let's be real here, they're going to stand up in court and say "There is a moisture sensor in this unit which was triggered, therefore it got wet". How do you prove that in your case the moisture sensor was faulty without spending a small fortune?

  16. Re:If Mr. Mudoch is smart on Will Mainstream Media Embrace Adblockers? · · Score: 1

    You are making a huge assumption here, which to my mind does not quite marry up with available evidence.

    AFAICT, you are assuming that a man coming from very little who has, over his lifetime, amassed a fortune estimated at $4 billion is not smart. I would argue that any man who achieves this does not do so by being stupid.

    Murdoch is not by any means the first to propose that content be behind a paywall of some sort, though he may be the first to come out and say "The whole lot's going behind one". If he can persuade the remainder of the world's major media players (and there are remarkably few of them these days) to join him, then I can see it working.

    I would also add to this that if people sign up, there's a strong chance they'll be asked to provide all sorts of information - and I would imagine that if one can use this information to target ads more effectively, one can charge rather more for carrying those ads.

  17. Re:The Federal Agents weren't Pwnd on Feds At DefCon Alarmed After RFIDs Scanned · · Score: 1

    You're not the first person to point this one out - in fact, just to prove that everything you need to know in life can come from the work of Douglas Adams:

    Ha!

    He couldn't believe what he'd just found.

    He slowly drew out from the wallet a single and insanely exciting piece of plastic that was nestling amongst a bunch of receipts.

    It wasn't insanely exciting to look at. It was rather dull in fact. It was smaller and a little thicker than a credit card and semi-transparent. If you held it up to the light you could see a lot of holographically encoded information and images buried pseudo-inches deep beneath its surface .

    It was an Ident-i-Eeze, and was a very naughty and silly thing for Harl to have lying around in his wallet, though it was perfectly understandable. There were so many different ways in which you were required to provide absolute proof of your identity these days that life could easily become extremely tiresome just from that factor alone, never mind the deeper existential problems of trying to function as a coherent consciousness in an epistemologically ambiguous physical universe. Just look at cash point machines, for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant â" a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn't even remember they had, and about their recorded preferences for tablecloth colours. And that was just to get a bit of spare cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missile treaty or pay an entire restaurant bill things could get really trying.

    Hence the Ident-i-Eeze. This encoded every single piece of information about you, your body and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and therefore represented technology's greatest triumph to date over both itself and plain common sense.

    - "Mostly Harmless"

  18. Re:Open Office - Just lacks Outlook, that's all on Best Free Open Source Software For Windows · · Score: 1

    That works OK at home and in some corporate environments but in a lot it doesn't.

    I've been spending the last two weeks trying to migrate a bunch of sales people off Exchange and the reason Outlook/Exchange is so popular and migrating anyone off of either is twofold:

    • There are few serious F/OSS competitors. By the time you've eliminated all the ones that have serious issues (and believe me, most do), there are even fewer.
    • The migration path recommended tends to sit somewhere between "mildly absurd" (ask all your users to configure Outlook to connect to both systems simultaneously, drag & drop their old email - and there may be thousands of old emails - then export all their contacts, calendar appointments and tasks and re-import them) to "downright ludicrous" (sync emails via imap, don't bother with contacts or calendar appointments).

    Why is this migration path silly? Simple. For a lot of people that the business really cares about (eg. the sales team - don't dismiss them, without them the company wouldn't be able to pay your wages), email stopped being plain email the day they first used something as sophisticated as Outlook. These people live and die by their contacts list and appointments - they're often more important than old email and without them your sales team may as well pack it all in and go and re-train as plumbers because they sure as hell won't be doing much more selling. Experienced sales people in a particular industry could easily have a few thousand contacts in that address book, and they will make an effort to speak to all of them at least once a year.

    These people don't want to migrate their own contacts and address book, they're too busy selling products. And frequently they aren't IT experts so the likelihood of them making an innocent mistake (remember: one mistake at this stage and they've lost that oh-so-important contact list) is moderately high. A smart salesman knows this full well, and isn't about to jeopardise his contact list for anyone. There's no way he'll move it without some serious handholding.

  19. You're asking the wrong people. on What's In an Educational Game? · · Score: 1

    I'm assuming here that education is your primary goal, and the game is simply the means to achieve that goal.

    Here's why you're asking the wrong people:

    Most educational software is lousy. This is because the people who write it tend to fall into one of two groups:

    • Software developers. These people produce software which is stable, easy to deploy across a network and doesn't make assumptions like "the end user can write to any location on the hard disk they choose". Which is great - except it doesn't generally teach anything very well. Guess what - most teachers don't like this software much and won't use it.
    • Teachers with a side interest in computing. The software teaches ideas beautifully, but tends to crash randomly, actively resists being deployed using any automated mechanism ("what's wrong with going to every PC, inserting a CD and typing D:\setup?") and assumes that the end user can write to C:\Windows.

    Teaching is all about getting ideas across, so the people you need to talk to are the best teachers. Some may hang around on /., but by and large you're going to get ideas from people who have never tried to get ideas across in their life.

  20. Re:oh sit down and stfu on Student Sues University Because She's Unemployable · · Score: 1

    Doesn't solve the "will they fit in with the rest of the team" problem.

    Sites like http://www.thedailywtf.com/ are chock full of examples of people who were perfectly competent but were also prima donnas who believed they were brilliant and everyone around them stupid.

  21. Re:Very few people will happily change how they wo on 20 Years of MS Word and Why It Should Die a Swift Death · · Score: 1

    Probably about 40%. The other 60% should have been plain text.

  22. Re:openDNS on Bell Starts Hijacking NX Domain Queries · · Score: 1

    How much good does that do you on a domestic DHCP-allocated address?

  23. Re:Not really seeing an issue on Bell Starts Hijacking NX Domain Queries · · Score: 1

    Even without your VPN client doing that it'll break things because many applications don't make any subsequent DNS lookups as soon as they've had one successful one - or if they do it doesn't happen for some time.

    So if your end-user connects to the VPN after starting the application rather than before, the application will need to be restarted. And this is before we even think about things like operating systems caching DNS entries.

  24. Re:Cookie? on Bell Starts Hijacking NX Domain Queries · · Score: 1

    It isn't. Clearly Bell don't consider themselves an ISP any more, they consider themselves a WSP. (Web Service Provider).

  25. Re:Why is this bad? on Bell Starts Hijacking NX Domain Queries · · Score: 1

    The technical issue is this: Incorrect functioning of DNS is only a problem if the internet connection is used for nothing but web browsing.

    User has misconfigured their email client? Well, normally they'd get a fairly clear warning that the mail server they're trying to connect to doesn't exist. Now, it appears to exist but it doesn't respond.

    User is trying to connect to something over a VPN? Depending on configuration the internal DNS servers may only be consulted if the external ones can't resolve a hostname. So if you need a VPN to connect to some system your employer runs, all of a sudden it doesn't work because the host lookup points your PC at completely the wrong IP address. Even if this isn't the case, most operating systems will cache DNS replies for some time and many applications won't bother to re-query DNS once they've got an IP address from a hostname. So if your end-user forgets to fire up the VPN before they fire up anything else, their PC will mysteriously not work properly.

    Cue a bunch of calls to the helpdesk and an enduser who can't work properly.