Posts by Matthew Poole
Last ←Newer Page 1 2 3 4 5 Older→ First
-
And now to return to your originally scheduled programming:
Key warned on Huawei, claims Curran -
Hard News: The Golden Mile, in reply to
It's the missing link :P
There's no good word, really, if one is seeking to avoid having to say more than one word. However, "loop" has its own connotations which are far more destructive to the project's image than any shortcomings of "link". -
Hard News: Belief Media, in reply to
the scientific approach says “we don’t know” and leaves it at that
I know vocal atheists who are certain that science will disprove <deity>. That's faith, no more, no less. They don't like it when I point that out, either.
-
Hard News: The Golden Mile, in reply to
CBD rail loop
Link, please, not loop. It's not needed so that trains can go in circles.
-
Hard News: Belief Media, in reply to
Yes, there is that option, but charities would ordinarily be exempt from any form of a capital tax in any case.
-
Hard News: Belief Media, in reply to
I still dont think they should have tax breaks
No more than any other registered non-profit charitable organisations, totally.That would be one way to take care of Destiny Church and Scientology. The mainstream churches that have actual charitable activities would be OK, but DC and CoS would really struggle to meet the registration requirements.
Bringing in capital gains tax would affect the large land holdings of some churches.
Only if they sell which, mostly, they try and avoid. In the same way as only being able to lose money on shares if you actually sell them, you don't get stung by a CGT unless you sell a capital asset.
-
Hard News: The Huawei Question, in reply to
No, I think his vision is more like the premier shopping streets in Australian state capitals and major European shopping cities: lots of medium-to-large shops (instead of lots and lots of little shops) that sell high-value goods.
The discussion has become about some imagined racist vision that wants no small Asian retailers, which wasn't, as far as I could tell, Brewer's real issue. His issue is that the street has lost its position as the premier shopping street and is, instead, becoming more like the shopping strips in the likes of Otahuhu. We already have a bunch of strips like Otahuhu, all over the city, but we only have one Queen Street.
-
Hard News: The Huawei Question, in reply to
I was talking CPE
Maybe so, but the hardware of concern with UFB/NBN is not the CPE. So we're back to discussing aggregation and distribution systems that handle dozens of customers at a minimum. Suddenly it's a whole hell of a lot harder to discriminately monitor flows. Doing it at the CPE level is absolutely feasible, and I hope I haven't given the impression that I think it's not, but unless I've misunderstood horribly the ASIO decision relates to Huawei supplying kit for the "in the street" parts of the deployment.
-
Hard News: The Huawei Question, in reply to
Having got access, it wouldn’t be hard to gather selective data, such as connections to servers in a certain country, login packets, etc
You still have to get that data back to you, though, and in sufficient volumes to allow gathering of useful quantities of interesting data you’re going to rise above the noise thresholds for network operators.
Yes, SSL decryption will probably become widely* possible within the next few years. However, the juicy nation-state stuff (ETA: which is not going over UFB, unless McCully goes back to his old tricks with classified diplomatic cables) is not encrypted with SSL and as much disdain as I have for the culture of the NSA I have no doubt that their cryptographers are outstanding. Devices that they have approved for use in securing their own government’s communications are going to be using much more complex encryption systems than anything available for free over the tubes. Even at the corporate level the interesting stuff is going over VPNs if it leaves the company network, based on what I’ve seen looking at the network security of some of our household names. It’s possible the Chinese can break those systems, but I think the word would have got out if there was believed to be a systemic weakness in any of the products. After all, a lot of those things are protecting networks used by US government contractors.
* widely at the level of well-resourced nation-state operator.
-
Hard News: The Huawei Question, in reply to
a dormant trojan that can be awakened as necessary by sending a specific command sequence would be straight forward to hide and might only return small amounts of data so be essentially undetectable under most conditions.
It’s not anything like that simple.
1) Any “magic packet” to wake up said trojan must be able to be routed through the wider internet. That is, it must be valid under the rules that govern packet structure and layout for IP networks. And on any network connected to the internet, there is always the possibility that such a packet could be generated through ordinary use. That’s why I’m leery about the idea that a kill switch could exist, because if a device suddenly went tits-up for no obvious reason and with no discernible hardware fault people would start with the wondering and the question-asking.2) This is not customer premises equipment (CPE) that we’re discussing, it’s equipment within the distribution and aggregation networks that CPE connects to. Which means that the best a tap might achieve is to monitor a whole neighbourhood, and that’s a lot of data. You cannot surreptitiously monitor a network at the level that the Huawei kit is being deployed, because it’s serving tens or dozens of customers. Even if the supposed Chinese intelligence services controllers of Huawei knew precisely which neighbourhood a given device was in they would still have to monitor all the traffic through the device in order to get the interesting bits (I’ll get my coat.)
ETA: Putting something into hardware, which would be the level something like this would have to be done in order to avoid code-review detection, also places significant limits on how sophisticated it can be. You can make silicon do some pretty amazing things, but those amazing things mostly rely on software. If you cannot do things in software, tapping a network as a sub-function of a wider network device is subject to quite drastic limits on just how fancy you can get.