Isn't it the case that the most basic connected home router only needs 1 routing entry for it's/64, and that clients would then have 18,446,744,073,709,552,000 different random addresses within that/64 to choose from?
Ah, just re-read, GPP said 'routers'. Agreed, having the router doing some sort of random address translation would be insanity. What if the client picked a new random address every, say, week? day? hour? minute?
Wasn't the paper followed by a press conference in which Wakefield basically said "So, I conclude that the vaccine causes autism"? Or did I mis-remember?
It wasn't so much the media being hysterical about the paper, more the media being hysterical about Wakefield's comments.
Whilst it may be true that the people who ride in such ways are perhaps less risk averse than you or I, I don't think any of them are taking those risks under the assumption that they will be protected by a comprehensively tested steel box surrounding them if they were to be hit by a car. My point was that a Gwizz driver might be assuming that, given that they think they are driving a car. In fact, they're driving a paper bag.
You're focussing too much on the specific security control. Namely 'remote wipe'. It's not about the ability to specifically remote wipe a phone, it's about the ability for a company to control its data.
What the company actually cares about is: "If a device leaves company premises and gets lost, can we ensure our data doesn't fall into unauthorised hands?". They don't need to be able to remote wipe laptops (although I'm sure there's software out there that can do that) because with full-disk encryption, you know your data is safe. So the fact that my employer can't 'remote wipe' my laptop is a little moot.
In any case, remote-wipe capability has been present in blackberries, which are used heavily by big corporates, for at least the past 7 years. I wouldn't exactly say it was new. What is new is people being surprised that a company wants to extend control of its data when it leaves a company-owned device and enters a personal device. I think it's surprising that people would expect anything different.
I agree, the corporate policy should be "We support users connecting personal devices to our network. However, you lose some control over your device if you do that" *or* "We don't support connecting personal devices to our network. If you do that, and something bad happens, fuck off."
I have a company laptop. It's got full-disk encryption as enforced by my corporate policy with a decent passphrase. If it goes walkies, they don't care about the data on it, so they don't need to be able to wipe it remotely.
If by 'sufficient RAM' you mean 'enough memory to allocate every single running process their 4GB of addressable memory (assuming 32bit arch)', then yes, you can turn off swapping. Otherwise, don't be surprised when the kernel starts to randomly kill processes when it runs out of memory.
People who are scared to give endpoints public IPs (because it's "too dangerous" or some sort of "privacy violation" are usually just hiding the fact they don't know to configure a firewall. Or a web proxy. Or, you know, the right tool for the job.
There is the concrete defence against libel cases in the UK - be able to prove what you say. Simple.
This isn't correct. Truth is not an absolute defence against libel under UK law (unlike, I believe, the US). You can be successfully sued for libel even if both parties agree that what you said was true.
Do you have any evidence Google exploited anything? I prefer not to point the finger until there's evidence either way.
You seem to be labouring under the misapprehension that any radio waves that emanate from an AP are somehow accidental and entirely not by design or the primary purpose of the device.
Exploiting design flaws in hardware not designed to emit RF as their primary function for the purpose of intercepting communication or gathering data is probably violating someone's expectation of privacy. Driving round with a radio receiver picking up radio waves output by radio transmitters isn't.
People create an expectation of privacy by putting up controls to signify that what they're doing is private. They build walls. They shut curtains. They use forms of communication socially accepted to be private (the telephone, talking quietly to another person, the sealed letter). If someone subverts a control established for reasons of privacy for the purpose of intercepting a communication, that's socially unacceptable. Unencrypted wifi has no privacy controls in place. None. Nada. Receiving unencrypted wifi packets can *by definition* not be breaching someone's privacy.
And I strongly disagree that they have any expectation of privacy. This isn't a passive thing they're doing - they've actively gone out and purchased a radio transmitter/receiver, and have configured it to broadcast data over the radio waves in a way that is unencrypted. The fact that the default setting may have been unencrypted, or the fact that they don't know how to use it doesn't suddenly turn anyone in the vicinity with a radio receiver into a criminal.
Lets say I go and buy a giant radio transmitter, plug it in, turn it on and press some buttons randomly. When the police come to arrest me for interfering with ATC, broadcasting without a license and perhaps various other crimes I may have committed, do you think "I'm not tech savvy, I didn't know what I was doing!" would be a valid defence?
And how exactly have Google exploited anything in this? They don't know, or give a damn about the intentions of the people broadcasting unencrypted wifi.
This is where it comes back to the 'expectation of privacy' and the intent of the observer.
If you have a quiet conversation with someone in a closed room, you have an expectation of privacy. If you stand naked in a closed room with no windows, you have an expectation of privacy.
If you post naked pictures on twitter, shout aloud in the middle of the street, or broadcast on the radio, you have no expectation of privacy.
And if her dishwasher has it's default setting of hyper-electricity-usage and she doesn't know how to put it into economy, should it be the manufacturer's responsibility to pick up the excess power bill?
It's not exactly beyond most people's abilities to ask for help in setting things up they don't understand. I usually find the manual a good place to start.
Broadcasting information on the radio is not the same as leaving your door open.
Even if you left your door open and I came in and looked around, as long as I didn't break or take anything, a crime hasn't been committed (in the UK at least - trespass is a civil offence). Receiving radio waves is a long way from trespass.
And yes, if you stand butt naked in your bedroom with the curtains open, it's not illegal for me to look at you.
People who configure their wireless access points to be unencrypted don't have an expectation of privacy. If they do, they're incompetent, and I'd rather we didn't have a legal system that strives to protect people who deliberately buy equipment and then are too stupid to use it properly.
Perhaps this 'ECPA' law is stupid and needs revising? Or perhaps the law is more subtle than you're representing?
If I broadcast something on the radio, my intention is for it to be received by anyone within range. If that's not my intention, then I've made a fairly foolish choice of medium.
One of the unique characteristics of radio is that anyone can receive it. One of the unique characteristics of a phone line is that it's largely private.
If you broadcast something on the radio, you're intending it to be received by everyone within range. By definition.
Inability to operate radio transmitting equipment in their house in a manner intended seems that it should be entirely the problem of the equipment's owner, and not Google's.
Slashdot Mirror
I've not had to log into a stackoverflow site since the first time I logged in, about 3 months ago.
I conclude "You're doing it wrong".
You think iTunes is *good*?
You must lead a sheltered life.
Isn't it the case that the most basic connected home router only needs 1 routing entry for it's /64, and that clients would then have 18,446,744,073,709,552,000 different random addresses within that /64 to choose from?
Ah, just re-read, GPP said 'routers'. Agreed, having the router doing some sort of random address translation would be insanity. What if the client picked a new random address every, say, week? day? hour? minute?
Maybe idiots in the UK are accustomed to assuming that localtime always equals UTC.
FTFY.
Wasn't the paper followed by a press conference in which Wakefield basically said "So, I conclude that the vaccine causes autism"? Or did I mis-remember?
It wasn't so much the media being hysterical about the paper, more the media being hysterical about Wakefield's comments.
Whilst it may be true that the people who ride in such ways are perhaps less risk averse than you or I, I don't think any of them are taking those risks under the assumption that they will be protected by a comprehensively tested steel box surrounding them if they were to be hit by a car. My point was that a Gwizz driver might be assuming that, given that they think they are driving a car. In fact, they're driving a paper bag.
I don't deny there are idiots on bikes though.
The problem comes because the people driving it think they have all the same protections of a care. A cyclist is under no such illusion.
You're focussing too much on the specific security control. Namely 'remote wipe'. It's not about the ability to specifically remote wipe a phone, it's about the ability for a company to control its data.
What the company actually cares about is: "If a device leaves company premises and gets lost, can we ensure our data doesn't fall into unauthorised hands?". They don't need to be able to remote wipe laptops (although I'm sure there's software out there that can do that) because with full-disk encryption, you know your data is safe. So the fact that my employer can't 'remote wipe' my laptop is a little moot.
In any case, remote-wipe capability has been present in blackberries, which are used heavily by big corporates, for at least the past 7 years. I wouldn't exactly say it was new. What is new is people being surprised that a company wants to extend control of its data when it leaves a company-owned device and enters a personal device. I think it's surprising that people would expect anything different.
I agree, the corporate policy should be "We support users connecting personal devices to our network. However, you lose some control over your device if you do that" *or* "We don't support connecting personal devices to our network. If you do that, and something bad happens, fuck off."
I have a company laptop. It's got full-disk encryption as enforced by my corporate policy with a decent passphrase. If it goes walkies, they don't care about the data on it, so they don't need to be able to wipe it remotely.
Company asserts remote-wipe control over devices that access company systems and data. News at 11.
If by 'sufficient RAM' you mean 'enough memory to allocate every single running process their 4GB of addressable memory (assuming 32bit arch)', then yes, you can turn off swapping. Otherwise, don't be surprised when the kernel starts to randomly kill processes when it runs out of memory.
I use gkg.net - they seem to support ipv6 glue.
People who are scared to give endpoints public IPs (because it's "too dangerous" or some sort of "privacy violation" are usually just hiding the fact they don't know to configure a firewall. Or a web proxy. Or, you know, the right tool for the job.
There is the concrete defence against libel cases in the UK - be able to prove what you say. Simple.
This isn't correct. Truth is not an absolute defence against libel under UK law (unlike, I believe, the US). You can be successfully sued for libel even if both parties agree that what you said was true.
Do you have any evidence Google exploited anything? I prefer not to point the finger until there's evidence either way.
You seem to be labouring under the misapprehension that any radio waves that emanate from an AP are somehow accidental and entirely not by design or the primary purpose of the device.
Exploiting design flaws in hardware not designed to emit RF as their primary function for the purpose of intercepting communication or gathering data is probably violating someone's expectation of privacy. Driving round with a radio receiver picking up radio waves output by radio transmitters isn't.
People create an expectation of privacy by putting up controls to signify that what they're doing is private. They build walls. They shut curtains. They use forms of communication socially accepted to be private (the telephone, talking quietly to another person, the sealed letter). If someone subverts a control established for reasons of privacy for the purpose of intercepting a communication, that's socially unacceptable. Unencrypted wifi has no privacy controls in place. None. Nada. Receiving unencrypted wifi packets can *by definition* not be breaching someone's privacy.
And I strongly disagree that they have any expectation of privacy. This isn't a passive thing they're doing - they've actively gone out and purchased a radio transmitter/receiver, and have configured it to broadcast data over the radio waves in a way that is unencrypted. The fact that the default setting may have been unencrypted, or the fact that they don't know how to use it doesn't suddenly turn anyone in the vicinity with a radio receiver into a criminal.
Lets say I go and buy a giant radio transmitter, plug it in, turn it on and press some buttons randomly. When the police come to arrest me for interfering with ATC, broadcasting without a license and perhaps various other crimes I may have committed, do you think "I'm not tech savvy, I didn't know what I was doing!" would be a valid defence?
And how exactly have Google exploited anything in this? They don't know, or give a damn about the intentions of the people broadcasting unencrypted wifi.
This is where it comes back to the 'expectation of privacy' and the intent of the observer.
If you have a quiet conversation with someone in a closed room, you have an expectation of privacy. If you stand naked in a closed room with no windows, you have an expectation of privacy.
If you post naked pictures on twitter, shout aloud in the middle of the street, or broadcast on the radio, you have no expectation of privacy.
And if her dishwasher has it's default setting of hyper-electricity-usage and she doesn't know how to put it into economy, should it be the manufacturer's responsibility to pick up the excess power bill?
It's not exactly beyond most people's abilities to ask for help in setting things up they don't understand. I usually find the manual a good place to start.
Broadcasting information on the radio is not the same as leaving your door open.
Even if you left your door open and I came in and looked around, as long as I didn't break or take anything, a crime hasn't been committed (in the UK at least - trespass is a civil offence). Receiving radio waves is a long way from trespass.
And yes, if you stand butt naked in your bedroom with the curtains open, it's not illegal for me to look at you.
People who configure their wireless access points to be unencrypted don't have an expectation of privacy. If they do, they're incompetent, and I'd rather we didn't have a legal system that strives to protect people who deliberately buy equipment and then are too stupid to use it properly.
Perhaps this 'ECPA' law is stupid and needs revising? Or perhaps the law is more subtle than you're representing?
If I broadcast something on the radio, my intention is for it to be received by anyone within range. If that's not my intention, then I've made a fairly foolish choice of medium.
One of the unique characteristics of radio is that anyone can receive it. One of the unique characteristics of a phone line is that it's largely private.
If you broadcast something on the radio, you're intending it to be received by everyone within range. By definition.
Inability to operate radio transmitting equipment in their house in a manner intended seems that it should be entirely the problem of the equipment's owner, and not Google's.
Isn't most of the CCTV in the UK privately run/owned?