Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
At this point I would be pushing it upwards and saying the it manager is an incompetent tbh and risking data breaches
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
At this point I would be pushing it upwards and saying the it manager is an incompetent tbh and risking data breaches
This was a pharmacy department and the IT manager needed to know passwords (this was the theory IIRC) in case of dispensing errors. There was a different password for correspondence , communication etc.
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
At this point I would be pushing it upwards and saying the it manager is an incompetent tbh and risking data breaches
This was a pharmacy department and the IT manager needed to know passwords (this was the theory IIRC) in case of dispensing errors. There was a different password for correspondence , communication etc.
That’s very poorly designed, although not the worst system I’ve come across.
IT managers should have their own accounts with the appropriate permissions to conduct administrative tasks and investigations as they need to. Each regular user should have their own account, connected to an audit trail for tracking down errors. No need for IT managers to know any passwords other than their own!
Fascinating piece on Wagenknecht and the BSW who seem to be the coming force in German politics.
This is one of the reasons why the terms "left" and "right" are so devalued as to be meaningless in modern political discourse though obviously they are still used as perjoratives by some.
Over here, I see the Reform voters and membership as much more aligned to Wagenknecht than the current Conservative Party. The Reform leadership (Farage, Tice) are basically Thatcherites but Anderson (to me) is a kind of Wagenknecht type figure - anti immigration, socially conservative, patriotic but wanting money to be spent in areas like his and similar WWC places (I'll throw out Great Yarmouth and Basildon as two other examples). Indeed, on that part of it, Anderson seems to be a traditional socialist interventionist (no small state for him?)
I get annoyed when people call Reform "right wing" and align it with the Conservatives - it's not and they won't. I'd argue further the 25% of 2019 Conservative voters who voted Reform in July were more likely supporters of Boris Johnson's levelling up aganda. Indeed, the distance between Johnson and Wagenknecht isn't great either. This kind of social conservative nationalist anti-immigrant agenda sits across from the more internationalist globalist and liberal aspect of what could be described as the more traditional social democratic parties (Owenite social democracy, I'd also argue, was the antecedant of Reform and BSW in Germany).
If that's what you think of as a fault line in modern politics, there you have it.
What I find fascinating is almost no one is advocating small state traditional conservatism. The argument is more over where and how the State intervenes - spending money in WWC areas for example. Stodge's Fifth Law of Politics states politics, like nature, abhors a vacuum. If a gap exists, someone will try to fill it.
Thanks. Very interesting. A useful mental/political discipline is to think about political difference without using any generic abstract terms like 'left', 'centre', right', 'conservative', 'socialist' etc, and focus remorselessly on the actual outcomes and policies being pursued. In my view this process reveals both how narrow the practical Overton window really is, and also how much is about the private interests of particular groups, and which group of mates you belong to.
Politicans prefer the meaningless generic labels. It keeps the proles (us) in their place.
(No-one is serious about 'small state' (sadly) because it is a practical and political impossibility once you put the tiniest bit of flesh on its skeleton.)
Thanks for the response, my friend.
I think a lot of the disgruntled Conservatives on here are aching for a party which is ostensibly pro-business, pro-small state anti-regulation and wanting to make the necessary supply side reforms to bring the public finances under control and generate economic growth.
As you suggest, rather like post-war Butskellism which ran out of road in the 1970s, the concept of a small state, pro-business anti-regulation party has also run out of road. The way many post-nationalised companies have comported themselves has trashed the reputation of capitalism whether it be obscene profits (British Gas) or incompetent governance (Thames Water) or the failure of the basic operating model (Transport for London).
That's not to argue for nationalisation but for private companies to recognise the provision of public service can't just be for the accumulation of shareholder profit or for moving that profit outside the British Isles to support the services being provided in other countries. Protectionism in terms of not allowing key services to be run by foreign-owned companies now looks back on the table.
Small statism died when the banks were bailed out.
It seems that many of the louder proponents of a 'small state' change their mind when they require state help.
I would suggest that it isn't a discussion about a small state versus a big state any longer but more of a discussion about what a 'fair state' would be.
Likewise 'free trade' is being replaced by a need for 'fair trade'.
With differences in opinion about what a 'fair state' or 'fair trade' might be.
Wishful thinking rubbish. The bank bailouts (vs. what happened in Iceland) were an object lesson in the merits of a small state vs. the big alternative.
The small state option would have been to have no bank bailouts.
Yes. Let them go bust, which has worked extremely well in Iceland.
They should have gone for
1) the bank gets taken over by the government 2) the shareholders are completely wiped out. 3) the management can either kill themselves, starve to death in a slum in Paris or get on their yachts, try and sail to Norway in winter and get murdered by financially astute whalers.
That's not that different from what did happen: the shareholders got completely wiped out at Northern Rock and Bradford & Bingley, while at RBS and HBOS, they lost 95% of their money.
Now, you can argue that they should have lost 100% of their money (and I wouldn't disagree with you), but the idea that shareholders were bailed out is really not the case.
A lot of the management remained.
Hilariously, the government got upset that Barclays didn’t fail with rest. They’d arranged re-finance on their own.
How much of the senior management of those banks were kept on? Of the top 20 people in the firm in 2007, how many were still employed in 2009? I suspect the answer will be close to zero. Certainly none of the CxOs kept their jobs, nor the heads of business units.
So, when we talk about "management", who are we talking about?
The nodding dogs who enabled the clown shows on the board.
They were firing them by the floor at Citi for years afterwards. Still tons of them left though.
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
At this point I would be pushing it upwards and saying the it manager is an incompetent tbh and risking data breaches
This was a pharmacy department and the IT manager needed to know passwords (this was the theory IIRC) in case of dispensing errors. There was a different password for correspondence , communication etc.
That’s very poorly designed, although not the worst system I’ve come across.
IT managers should have their own accounts with the appropriate permissions to conduct administrative tasks and investigations as they need to. Each regular user should have their own account, connected to an audit trail for tracking down errors. No need for IT managers to know any passwords other than their own!
Precisely my point it suggests if the it manager could retrieve passwords that they were at best poorly encrypted, at worst stored in the db as plain text....even then two different users having chosen the same password shouldn't of been an issue
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
At this point I would be pushing it upwards and saying the it manager is an incompetent tbh and risking data breaches
This was a pharmacy department and the IT manager needed to know passwords (this was the theory IIRC) in case of dispensing errors. There was a different password for correspondence , communication etc.
That’s very poorly designed, although not the worst system I’ve come across.
IT managers should have their own accounts with the appropriate permissions to conduct administrative tasks and investigations as they need to. Each regular user should have their own account, connected to an audit trail for tracking down errors. No need for IT managers to know any passwords other than their own!
General accounts which are used by multiple people are a traditional focal points for fraud and theft.
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
Also; passwords should never be stored in plain text anyway! The *most* IT could know would be that two password hashes were identical.
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
At this point I would be pushing it upwards and saying the it manager is an incompetent tbh and risking data breaches
This was a pharmacy department and the IT manager needed to know passwords (this was the theory IIRC) in case of dispensing errors. There was a different password for correspondence , communication etc.
That’s very poorly designed, although not the worst system I’ve come across.
IT managers should have their own accounts with the appropriate permissions to conduct administrative tasks and investigations as they need to. Each regular user should have their own account, connected to an audit trail for tracking down errors. No need for IT managers to know any passwords other than their own!
This was in the mid 90’s, to be fair. And the IT manager did apologize for breaking confidentiality. No idea what happens now.
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
Also; passwords should never be stored in plain text anyway! The *most* IT could know would be that two password hashes were identical.
Even looking at the hashes would be a breach in many places.
And telling someone they have the same password as someone else - you’ve just told them the other person’s password, in effect!.
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
Also; passwords should never be stored in plain text anyway! The *most* IT could know would be that two password hashes were identical.
If the hash is properly salted shouldn't have the same hash for identical passwords
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
At this point I would be pushing it upwards and saying the it manager is an incompetent tbh and risking data breaches
This was a pharmacy department and the IT manager needed to know passwords (this was the theory IIRC) in case of dispensing errors. There was a different password for correspondence , communication etc.
That’s very poorly designed, although not the worst system I’ve come across.
IT managers should have their own accounts with the appropriate permissions to conduct administrative tasks and investigations as they need to. Each regular user should have their own account, connected to an audit trail for tracking down errors. No need for IT managers to know any passwords other than their own!
This was in the mid 90’s, to be fair. And the IT manager did apologize for breaking confidentiality. No idea what happens now.
He should have been sacked then for producing such a system, now he should be tarred and feathered for producing such a crap system
My very, very off topic investigation today is ... Church of England churches with baptistries for full immersion adult baptism.
Reflecting on recent conversations around evangelicals and politics, I was musing on how to think about it. Demand for adult baptisms seems one indicator of where the church is engaged, and I couldn't find a list.
My gut feel is that there may be several hundred CofE places with a full immersion adult baptistry, correlated with growing congregations, major reordering projects, modern buildings say since the war or where a previous one burnt down, joint Anglican/Baptist Local Ecumenical Projects (LEPs), or liturgical renewal of various kinds.
So I've asked on xitter, and people are identifying some in places I did not expect - which is interesting.
There's a wonderful one in Portsmouth Cathedral which looks like a tomb, so the symbolism of Dying and Rising with a New Life is very strong.
Article 27 of the Church of England makes clear it supports baptism of young children. It allows baptism of adults not baptised before but if you want adult baptism prioritised really you should leave the Church of England and become Baptist or Pentecostal
One of the interesting features of the current evangelical Anglican scene (or certainly the growing bits of it, anyway) is that it's pretty much dumped the infant baptism thing. I'm part of a large Evangelical Anglican congregation, in the 16 years I've been around we have baptised a number of adults, dozens of teenagers, and zero infants. We nearly fulfilled your criteria by building an adult bapistry when we did some building works 10 years ago, only to be stymed by the structural engineers deciding it would be really expensive, so we've continued to use a substantial paddling pool outside on the drive as required. The exception to this is of course the ordained ministry staff, who have to sign up to the 39 Articles - which includes one on infant baptism which baptists like myself couldn't agree to.
IMO both "infant baptism then confirmation" and "thanksgiving for a child then believer's baptism" fall within Anglican doctrine, polity and tradition, and are a matter of conscience. "Baptism for those of riper years" is in the 1662 Prayer Book, as @HYUFD notes - aimed at converts (the BCP Introduction mentions "workers on our plantations", amongst others !), and in response to the Anabaptist movement, which *did* do baptism for adults who joined it. The 39 articles defer to the Bible, of course.
It seems appropriate for what is now largely a post-Christian society. According to the Statistics for Mission adult baptisms run at around 7000 per annum in the CofE.
Re-baptism (ie "My infant baptism does not mean a lot to me, and I would like to have an adult baptism") is a different matter, and is not in accordance with polity or discipline, and that's partly why Confirmation and a ceremony for Re-affirmation of Baptismal Vows exist.
One fascinating thing I have discovered today is that full immersion baptistries (or "baptism pools") have been installed in Church of England churches since ~1900. There is one in St-Mary-at-Lambeth literally 50m from Lambeth Palace (link to a photo below). Given the position, I assume that the Archbishop of Canterbury knew about it and took no action. It is now leased out to a museum (population moved?).
To me that feels like Tractarian priests working in the slums coming into contact with unchurched parts of society and baptising those who joined the church, but I'll need to dig a bit more to verify that. I'm seeing notes to 39 such bapisteries being created across the country, with only 2 left.
My former largish Anglican evangelical (with catholic edges - when I got involved in 1983, one of the staff members was a spirituality writer called Joyce Huggett) put in a baptism pool in 2010 in Phase II of a refurb which had had phase I done in 1990. In 1983 they used to hire a local swimming pool for the ceremony if it was an adult baptism. Other places use a local river or lake.
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
At this point I would be pushing it upwards and saying the it manager is an incompetent tbh and risking data breaches
This was a pharmacy department and the IT manager needed to know passwords (this was the theory IIRC) in case of dispensing errors. There was a different password for correspondence , communication etc.
That’s very poorly designed, although not the worst system I’ve come across.
IT managers should have their own accounts with the appropriate permissions to conduct administrative tasks and investigations as they need to. Each regular user should have their own account, connected to an audit trail for tracking down errors. No need for IT managers to know any passwords other than their own!
This was in the mid 90’s, to be fair. And the IT manager did apologize for breaking confidentiality. No idea what happens now.
He should have been sacked then for producing such a system, now he should be tarred and feathered for producing such a crap system
I don’t think the IT manager for the department had anything to do with designing the system. Anyway it was a long time ago and both of us have long since retired. Must say, though, I was surprised by the conversation.
My very, very off topic investigation today is ... Church of England churches with baptistries for full immersion adult baptism.
Reflecting on recent conversations around evangelicals and politics, I was musing on how to think about it. Demand for adult baptisms seems one indicator of where the church is engaged, and I couldn't find a list.
My gut feel is that there may be several hundred CofE places with a full immersion adult baptistry, correlated with growing congregations, major reordering projects, modern buildings say since the war or where a previous one burnt down, joint Anglican/Baptist Local Ecumenical Projects (LEPs), or liturgical renewal of various kinds.
So I've asked on xitter, and people are identifying some in places I did not expect - which is interesting.
There's a wonderful one in Portsmouth Cathedral which looks like a tomb, so the symbolism of Dying and Rising with a New Life is very strong.
Article 27 of the Church of England makes clear it supports baptism of young children. It allows baptism of adults not baptised before but if you want adult baptism prioritised really you should leave the Church of England and become Baptist or Pentecostal
One of the interesting features of the current evangelical Anglican scene (or certainly the growing bits of it, anyway) is that it's pretty much dumped the infant baptism thing. I'm part of a large Evangelical Anglican congregation, in the 16 years I've been around we have baptised a number of adults, dozens of teenagers, and zero infants. We nearly fulfilled your criteria by building an adult bapistry when we did some building works 10 years ago, only to be stymed by the structural engineers deciding it would be really expensive, so we've continued to use a substantial paddling pool outside on the drive as required. The exception to this is of course the ordained ministry staff, who have to sign up to the 39 Articles - which includes one on infant baptism which baptists like myself couldn't agree to.
IMO both "infant baptism then confirmation" and "thanksgiving for a child then believer's baptism" fall within Anglican doctrine, polity and tradition, and are a matter of conscience. "Baptism for those of riper years" is in the 1662 Prayer Book, as @HYUFD notes - aimed at converts (the BCP Introduction mentions "workers on our plantations", amongst others !), and in response to the Anabaptist movement, which *did* do baptism for adults who joined it. The 39 articles defer to the Bible, of course.
It seems appropriate for what is now largely a post-Christian society. According to the Statistics for Mission adult baptisms run at around 7000 per annum in the CofE.
Re-baptism (ie "My infant baptism does not mean a lot to me, and I would like to have an adult baptism") is a different matter, and is not in accordance with polity or discipline, and that's partly why Confirmation and a ceremony for Re-affirmation of Baptismal Vows exist.
One fascinating thing I have discovered today is that full immersion baptistries (or "baptism pools") have been installed in Church of England churches since ~1900. There is one in St-Mary-at-Lambeth literally 50m from Lambeth Palace (link to a photo below). Given the position, I assume that the Archbishop of Canterbury knew about it and took no action. It is now leased out to a museum (population moved?).
To me that feels like Tractarian priests working in the slums coming into contact with unchurched parts of society and baptising those who joined the church, but I'll need to dig a bit more to verify that. I'm seeing notes to 39 such bapisteries being created across the country, with only 2 left.
My former largish Anglican evangelical (with catholic edges - when I got involved in 1983, one of the staff members was a spirituality writer called Joyce Huggett) put in a baptism pool in 2010 in Phase II of a refurb which had had phase I done in 1990. In 1983 they used to hire a local swimming pool for the ceremony if it was an adult baptism. Other places use a local river or lake.
IIRC the missionary in Barbara Kingsolvers ‘Poisonworld Bible’ used to insist on total immersion baptism, which resulted in the villagers assuming that Jesus was a crocodile god, since there was a good chance a crocodile would be hanging about during a baptism service.
John Kelly: “The depths of his dishonesty is just astounding to me. . . . He’s the most flawed person I have ever met in my life.” Jim Mattis: “He’s dangerous. He’s unfit.” “The president has no moral compass.” “This degradation of the American experiment is real.” Dan Coats: “He doesn’t know the difference between the truth and a lie.” Rex Tillerson: “A moron.” Mitt Romney: “I think he’s not smart. I mean really not smart.” “A whack job.” Gary Cohn: “Dumb as shit.” H.R. McMaster: “Cannot understand Putin’s hold on Trump.”
So puzzle me this: There are two options for president. On the one hand you have a woman who just presented herself as a mainstream Democrat who plans to respect and uphold the fundamental American political traditions at home and abroad.
On the other you have a candidate who you have acknowledged is the most flawed person you have ever encountered, a danger to the country, and an existential threat to our system of government—a convicted criminal, an abuser of women, and a moron. How in God’s name do you justify silence in the face of that choice? This is not a close call!..
Also; passwords should never be stored in plain text anyway! The *most* IT could know would be that two password hashes were identical.
If you have identical password hashes you are almost certainly susceptible to attacks with pre-computed rainbow tables of passwords. A hash collision in itself ought to raise alarms. Nobody should know a damn thing about a user's password.
Also; passwords should never be stored in plain text anyway! The *most* IT could know would be that two password hashes were identical.
If you have identical password hashes you are almost certainly susceptible to attacks with pre-computed rainbow tables of passwords. A hash collision in itself ought to raise alarms. Nobody should know a damn thing about a user's password.
As I said this was a ‘closed’ system, used only for the hospital dispensary. We couldn’t, for example, send emails from it.
My very, very off topic investigation today is ... Church of England churches with baptistries for full immersion adult baptism.
Reflecting on recent conversations around evangelicals and politics, I was musing on how to think about it. Demand for adult baptisms seems one indicator of where the church is engaged, and I couldn't find a list.
My gut feel is that there may be several hundred CofE places with a full immersion adult baptistry, correlated with growing congregations, major reordering projects, modern buildings say since the war or where a previous one burnt down, joint Anglican/Baptist Local Ecumenical Projects (LEPs), or liturgical renewal of various kinds.
So I've asked on xitter, and people are identifying some in places I did not expect - which is interesting.
There's a wonderful one in Portsmouth Cathedral which looks like a tomb, so the symbolism of Dying and Rising with a New Life is very strong.
Article 27 of the Church of England makes clear it supports baptism of young children. It allows baptism of adults not baptised before but if you want adult baptism prioritised really you should leave the Church of England and become Baptist or Pentecostal
One of the interesting features of the current evangelical Anglican scene (or certainly the growing bits of it, anyway) is that it's pretty much dumped the infant baptism thing. I'm part of a large Evangelical Anglican congregation, in the 16 years I've been around we have baptised a number of adults, dozens of teenagers, and zero infants. We nearly fulfilled your criteria by building an adult bapistry when we did some building works 10 years ago, only to be stymed by the structural engineers deciding it would be really expensive, so we've continued to use a substantial paddling pool outside on the drive as required. The exception to this is of course the ordained ministry staff, who have to sign up to the 39 Articles - which includes one on infant baptism which baptists like myself couldn't agree to.
IMO both "infant baptism then confirmation" and "thanksgiving for a child then believer's baptism" fall within Anglican doctrine, polity and tradition, and are a matter of conscience. "Baptism for those of riper years" is in the 1662 Prayer Book, as @HYUFD notes - aimed at converts (the BCP Introduction mentions "workers on our plantations", amongst others !), and in response to the Anabaptist movement, which *did* do baptism for adults who joined it. The 39 articles defer to the Bible, of course.
It seems appropriate for what is now largely a post-Christian society. According to the Statistics for Mission adult baptisms run at around 7000 per annum in the CofE.
Re-baptism (ie "My infant baptism does not mean a lot to me, and I would like to have an adult baptism") is a different matter, and is not in accordance with polity or discipline, and that's partly why Confirmation and a ceremony for Re-affirmation of Baptismal Vows exist.
One fascinating thing I have discovered today is that full immersion baptistries (or "baptism pools") have been installed in Church of England churches since ~1900. There is one in St-Mary-at-Lambeth literally 50m from Lambeth Palace (link to a photo below). Given the position, I assume that the Archbishop of Canterbury knew about it and took no action. It is now leased out to a museum (population moved?).
To me that feels like Tractarian priests working in the slums coming into contact with unchurched parts of society and baptising those who joined the church, but I'll need to dig a bit more to verify that. I'm seeing notes to 39 such bapisteries being created across the country, with only 2 left.
My former largish Anglican evangelical (with catholic edges - when I got involved in 1983, one of the staff members was a spirituality writer called Joyce Huggett) put in a baptism pool in 2010 in Phase II of a refurb which had had phase I done in 1990. In 1983 they used to hire a local swimming pool for the ceremony if it was an adult baptism. Other places use a local river or lake.
Fascinating. I didn't expect to see the 39 Articles discussed in a modern political context, even if it's the state cult of (part of) the UK.
I can well imagine that local rivers are somewhat frowned upon as not necessarily having the primal purity, at least in theory, of a spring, and in fact perhaps a lot worse. A paddling pool and hose are much safer (HASAWA and more general liabilities in law apply, as I'm sure does the insurance company!).
John Kelly: “The depths of his dishonesty is just astounding to me. . . . He’s the most flawed person I have ever met in my life.” Jim Mattis: “He’s dangerous. He’s unfit.” “The president has no moral compass.” “This degradation of the American experiment is real.” Dan Coats: “He doesn’t know the difference between the truth and a lie.” Rex Tillerson: “A moron.” Mitt Romney: “I think he’s not smart. I mean really not smart.” “A whack job.” Gary Cohn: “Dumb as shit.” H.R. McMaster: “Cannot understand Putin’s hold on Trump.”
So puzzle me this: There are two options for president. On the one hand you have a woman who just presented herself as a mainstream Democrat who plans to respect and uphold the fundamental American political traditions at home and abroad.
On the other you have a candidate who you have acknowledged is the most flawed person you have ever encountered, a danger to the country, and an existential threat to our system of government—a convicted criminal, an abuser of women, and a moron. How in God’s name do you justify silence in the face of that choice? This is not a close call!..
"Woman stabbed on 'family day' at Notting Hill Carnival was with her young child, Met reveals: Police chief says he is 'tired of saying the same words every year' as event is once again marred by violence - with officers braced for more trouble today"
My very, very off topic investigation today is ... Church of England churches with baptistries for full immersion adult baptism.
Reflecting on recent conversations around evangelicals and politics, I was musing on how to think about it. Demand for adult baptisms seems one indicator of where the church is engaged, and I couldn't find a list.
My gut feel is that there may be several hundred CofE places with a full immersion adult baptistry, correlated with growing congregations, major reordering projects, modern buildings say since the war or where a previous one burnt down, joint Anglican/Baptist Local Ecumenical Projects (LEPs), or liturgical renewal of various kinds.
So I've asked on xitter, and people are identifying some in places I did not expect - which is interesting.
There's a wonderful one in Portsmouth Cathedral which looks like a tomb, so the symbolism of Dying and Rising with a New Life is very strong.
Article 27 of the Church of England makes clear it supports baptism of young children. It allows baptism of adults not baptised before but if you want adult baptism prioritised really you should leave the Church of England and become Baptist or Pentecostal
One of the interesting features of the current evangelical Anglican scene (or certainly the growing bits of it, anyway) is that it's pretty much dumped the infant baptism thing. I'm part of a large Evangelical Anglican congregation, in the 16 years I've been around we have baptised a number of adults, dozens of teenagers, and zero infants. We nearly fulfilled your criteria by building an adult bapistry when we did some building works 10 years ago, only to be stymed by the structural engineers deciding it would be really expensive, so we've continued to use a substantial paddling pool outside on the drive as required. The exception to this is of course the ordained ministry staff, who have to sign up to the 39 Articles - which includes one on infant baptism which baptists like myself couldn't agree to.
IMO both "infant baptism then confirmation" and "thanksgiving for a child then believer's baptism" fall within Anglican doctrine, polity and tradition, and are a matter of conscience. "Baptism for those of riper years" is in the 1662 Prayer Book, as @HYUFD notes - aimed at converts (the BCP Introduction mentions "workers on our plantations", amongst others !), and in response to the Anabaptist movement, which *did* do baptism for adults who joined it. The 39 articles defer to the Bible, of course.
It seems appropriate for what is now largely a post-Christian society. According to the Statistics for Mission adult baptisms run at around 7000 per annum in the CofE.
Re-baptism (ie "My infant baptism does not mean a lot to me, and I would like to have an adult baptism") is a different matter, and is not in accordance with polity or discipline, and that's partly why Confirmation and a ceremony for Re-affirmation of Baptismal Vows exist.
One fascinating thing I have discovered today is that full immersion baptistries (or "baptism pools") have been installed in Church of England churches since ~1900. There is one in St-Mary-at-Lambeth literally 50m from Lambeth Palace (link to a photo below). Given the position, I assume that the Archbishop of Canterbury knew about it and took no action. It is now leased out to a museum (population moved?).
To me that feels like Tractarian priests working in the slums coming into contact with unchurched parts of society and baptising those who joined the church, but I'll need to dig a bit more to verify that. I'm seeing notes to 39 such bapisteries being created across the country, with only 2 left.
My former largish Anglican evangelical (with catholic edges - when I got involved in 1983, one of the staff members was a spirituality writer called Joyce Huggett) put in a baptism pool in 2010 in Phase II of a refurb which had had phase I done in 1990. In 1983 they used to hire a local swimming pool for the ceremony if it was an adult baptism. Other places use a local river or lake.
IIRC the missionary in Barbara Kingsolvers ‘Poisonworld Bible’ used to insist on total immersion baptism, which resulted in the villagers assuming that Jesus was a crocodile god, since there was a good chance a crocodile would be hanging about during a baptism service.
A sort of trial by ordeal perhaps - but was it the sinners who got eaten, or the pure in heart who went straight to heaven?
John Kelly: “The depths of his dishonesty is just astounding to me. . . . He’s the most flawed person I have ever met in my life.” Jim Mattis: “He’s dangerous. He’s unfit.” “The president has no moral compass.” “This degradation of the American experiment is real.” Dan Coats: “He doesn’t know the difference between the truth and a lie.” Rex Tillerson: “A moron.” Mitt Romney: “I think he’s not smart. I mean really not smart.” “A whack job.” Gary Cohn: “Dumb as shit.” H.R. McMaster: “Cannot understand Putin’s hold on Trump.”
So puzzle me this: There are two options for president. On the one hand you have a woman who just presented herself as a mainstream Democrat who plans to respect and uphold the fundamental American political traditions at home and abroad.
On the other you have a candidate who you have acknowledged is the most flawed person you have ever encountered, a danger to the country, and an existential threat to our system of government—a convicted criminal, an abuser of women, and a moron. How in God’s name do you justify silence in the face of that choice? This is not a close call!..
"Woman stabbed on 'family day' at Notting Hill Carnival was with her young child, Met reveals: Police chief says he is 'tired of saying the same words every year' as event is once again marred by violence - with officers braced for more trouble today"
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
Also; passwords should never be stored in plain text anyway! The *most* IT could know would be that two password hashes were identical.
Even looking at the hashes would be a breach in many places.
And telling someone they have the same password as someone else - you’ve just told them the other person’s password, in effect!.
Not necessarily: I use several different passwords that share the hash with "password123" for added security.
Bearing in mind my header the other day about Iran:
"Harris wants to make the race about the future, freedom and unity; Trump wants to make the race about the past, his presidency and threats to the country. Harris has effectively cast the race as a choice between her and Trump, which helps her because he is so unpopular. But there is still time for this to change, especially if an unexpected or outside event suddenly shifts voter attention to safety or national security."
"But consider this: Harris has won the vast majority of news cycles since she declared her candidacy. And yet, she is only two or three percentage points ahead of Trump in the national polling average and effectively tied with him in the seven swing states that will decide the election. Structural factors — polarization, the gender gap, Republicans’ advantage in the Electoral College — are keeping this race tight."
"Woman stabbed on 'family day' at Notting Hill Carnival was with her young child, Met reveals: Police chief says he is 'tired of saying the same words every year' as event is once again marred by violence - with officers braced for more trouble today"
"But consider this: Harris has won the vast majority of news cycles since she declared her candidacy. And yet, she is only two or three percentage points ahead of Trump in the national polling average and effectively tied with him in the seven swing states that will decide the election. Structural factors — polarization, the gender gap, Republicans’ advantage in the Electoral College — are keeping this race tight."
The NYT seem to be ramping Trump. They also just published a guest essay "Why Trump can win on character".
Risky strategy, if Trump rejects a federal abortion ban that will depress evangelical and conservative Catholic turnout for him while women who are strongly pro choice will still vote for Harris and the Democrats anyway
Not really, they have nowhere else to go and can still campaign for abortion bans in their states.
State bans are largely meaningless when you just have to drive a few hours and can get it done anyway. It increases the cost but it worthless in preventing people who are even slightly determined from getting it done.
(a) Some states are very big.
(b) The states banning abortion are clustered together, so if you’re in the middle of them, you’re fucked.
That’s is usually a prerequisite for being pregnant
"But consider this: Harris has won the vast majority of news cycles since she declared her candidacy. And yet, she is only two or three percentage points ahead of Trump in the national polling average and effectively tied with him in the seven swing states that will decide the election. Structural factors — polarization, the gender gap, Republicans’ advantage in the Electoral College — are keeping this race tight."
It’s very simple.
45% will vote for Trump no matter what. 45% will vote against Trump no matter what
Seriously, though, it's fascinating, especially to Eastern Scots who suffered raspberry mites in the parental garden or farm fields. Wonder how many/few cultivars it can cope with?
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
Also; passwords should never be stored in plain text anyway! The *most* IT could know would be that two password hashes were identical.
Even looking at the hashes would be a breach in many places.
And telling someone they have the same password as someone else - you’ve just told them the other person’s password, in effect!.
Not necessarily: I use several different passwords that share the hash with "password123" for added security.
(For the avoidance of doubt, this is a joke.)
Same reason I set all the PALs on my nuclear weapon collection to 0000000…
Seriously, though, it's fascinating, especially to Eastern Scots who suffered raspberry mites in the parental garden or farm fields. Wonder how many/few cultivars it can cope with?
The technology is getting cheaper and better, very rapidly.
The biggest obstacle is the kind of “business men” who regard capital investment much as John Knox viewed the Papacy.
The probable early model will be renting the machines from specialist firms. Until the farmers realising they are paying for someone else’s profits.
Edit: one thing not mentioned in the article having lots of cameras at different angles on the machines - so they are much better at spotting fruit behind leaves than humans.
Been picking up something interesting stuff about the French arrest of Telegram guy.
Apparently the French government thinks it has found a solution to the E2E encryption problem.
For those who are already asleep, this is the issue that, increasingly, social media platforms are adding encryption behind the scenes. In a way that means *they* can’t read your messages either. This is spreading from 1-1 chats to chat rooms.
The problem is that E2E is required for financial transactions online. And just about any kind of online security.
Apparently the French are going to push for a European law that if E2E is used, without a back door for spooks/law enforcement, then it will only be allowed to be used for financial transactions or verification - severe limits on amounts of data.
If the state can’t get into a chat, the company in question will be held liable - if they build the platform so that they (the company m) doesn’t have access, that will simply make them guilty of a crime.
A courageous decision there, say goodbye to iMessage and WhatsApp for starters.
Cue someone setting up a messaging service which transfers 0.01c to the recipient of each message... and so all messages are financial transactions.
Which amply demonstrates the stupidity of the idea, as you can always piggy back bad uses on top of the legitimate uses. Any observable state change can act as a communication channel, I'm sure that even in France there are people who know that.
And you cannot unlearn what is learned: things like Clipper just don't work in the real world, because knowledge of how encryption works is so widely shared. Unless your government is willing to be exceptionally repressive, then people will find ways around these measures.
The point is that 99.99% of people - even criminals don’t bother. So if E2E isn’t provided for them, without asking them…
The remaining 0.01% can be tackled with practical crypto analysis
Yes, or find the password scribbled on a post-it note, index card, label on the bottom of the keyboard, etc.
At my old fund management firm, they had a stupid policy of forcing regular password changes, which meant either (a) people kept the same password, and just appended a number, making them no more secure than previously, or (b) wrote the password down on a post it note and stuck it to their monitor.
The classic "Choose a memorable password... Now forget it and start again." nonsense. At least ours just have to be changed every 3 months, rather than monthly. Otherwise I'd be appending a three digit number by now.
I once worked somewhere where we had to change passwords regularly. I was called in by the IT manager to be told that the somewhat ‘magical’ password I’d chosen had also been chosen by one of the junior staff, someone who actively disliked me. However, she’d picked it first, so would I change!
Blinks sorry but 1) the manager shouldn't have even known your password....bad it there, 2) it shouldn't have been a problem as your user name would be different
At this point I would be pushing it upwards and saying the it manager is an incompetent tbh and risking data breaches
This was a pharmacy department and the IT manager needed to know passwords (this was the theory IIRC) in case of dispensing errors. There was a different password for correspondence , communication etc.
That’s very poorly designed, although not the worst system I’ve come across.
IT managers should have their own accounts with the appropriate permissions to conduct administrative tasks and investigations as they need to. Each regular user should have their own account, connected to an audit trail for tracking down errors. No need for IT managers to know any passwords other than their own!
This was in the mid 90’s, to be fair. And the IT manager did apologize for breaking confidentiality. No idea what happens now.
He should have been sacked then for producing such a system, now he should be tarred and feathered for producing such a crap system
I don’t think the IT manager for the department had anything to do with designing the system. Anyway it was a long time ago and both of us have long since retired. Must say, though, I was surprised by the conversation.
A competent it manager would have taken one look at the system and said I can't work with this. If he didn't he was not a competent it manager so should have been sacked for being a know nothing....I am guessing this was public sector
Exeter airport would be in Exmouth and Exeter East, no? Which the Tories held entirely as a result of confusion in the tactical vote.
The tories held it because no party actually bothered to campaign here, I live in exmouth....no canvassers at all knocked on my door didnt even get a leaflet from anyone till a few days before polling days. I guess both labour and lib dems considered exmouth hopeless therefore
Comments
She's a Belgian MEP who was raised, and genitally mutilated, as a Muslim in (what is now) Burkina Faso
She is now threatened with death every day of her life for her apostasy, but she refuses to stfu
She's very pro Ukraine, and despises antisemitism
If you think that she's an islamophobe, give your head a wobble: phobias are irrational
https://en.wikipedia.org/wiki/Assita_Kanko
https://x.com/Assita_Kanko
However, she’d picked it first, so would I change!
IT managers should have their own accounts with the appropriate permissions to conduct administrative tasks and investigations as they need to. Each regular user should have their own account, connected to an audit trail for tracking down errors. No need for IT managers to know any passwords other than their own!
They were firing them by the floor at Citi for years afterwards. Still tons of them left though.
They should have been failed in any audit.
No idea what happens now.
And telling someone they have the same password as someone else - you’ve just told them the other person’s password, in effect!.
It seems appropriate for what is now largely a post-Christian society. According to the Statistics for Mission adult baptisms run at around 7000 per annum in the CofE.
Re-baptism (ie "My infant baptism does not mean a lot to me, and I would like to have an adult baptism") is a different matter, and is not in accordance with polity or discipline, and that's partly why Confirmation and a ceremony for Re-affirmation of Baptismal Vows exist.
One fascinating thing I have discovered today is that full immersion baptistries (or "baptism pools") have been installed in Church of England churches since ~1900. There is one in St-Mary-at-Lambeth literally 50m from Lambeth Palace (link to a photo below). Given the position, I assume that the Archbishop of Canterbury knew about it and took no action. It is now leased out to a museum (population moved?).
https://www.flickr.com/photos/alias-archie/53637706610/in/photostream/
https://vauxhallsociety.org.uk/StMary.html
To me that feels like Tractarian priests working in the slums coming into contact with unchurched parts of society and baptising those who joined the church, but I'll need to dig a bit more to verify that. I'm seeing notes to 39 such bapisteries being created across the country, with only 2 left.
My former largish Anglican evangelical (with catholic edges - when I got involved in 1983, one of the staff members was a spirituality writer called Joyce Huggett) put in a baptism pool in 2010 in Phase II of a refurb which had had phase I done in 1990. In 1983 they used to hire a local swimming pool for the ceremony if it was an adult baptism. Other places use a local river or lake.
Must say, though, I was surprised by the conversation.
So I call it demonising rhetoric by Islamists.
And if she did meet the definition, of course such behaviour can never be justified.
Doing the right thing is never the wrong thing.
https://www.thebulwark.com/p/republicans-who-served-with-trump-and-saw-the-crazy-should-endorse-kamala-harris
… Let’s just peruse a small sample of what a few of these MIA officials have said about Donald Trump, with an assist from Al Franken.
John Kelly: “The depths of his dishonesty is just astounding to me. . . . He’s the most flawed person I have ever met in my life.”
Jim Mattis: “He’s dangerous. He’s unfit.” “The president has no moral compass.” “This degradation of the American experiment is real.”
Dan Coats: “He doesn’t know the difference between the truth and a lie.”
Rex Tillerson: “A moron.”
Mitt Romney: “I think he’s not smart. I mean really not smart.” “A whack job.”
Gary Cohn: “Dumb as shit.”
H.R. McMaster: “Cannot understand Putin’s hold on Trump.”
So puzzle me this: There are two options for president. On the one hand you have a woman who just presented herself as a mainstream Democrat who plans to respect and uphold the fundamental American political traditions at home and abroad.
On the other you have a candidate who you have acknowledged is the most flawed person you have ever encountered, a danger to the country, and an existential threat to our system of government—a convicted criminal, an abuser of women, and a moron. How in God’s name do you justify silence in the face of that choice? This is not a close call!..
https://x.com/pbump/status/1827346472225939949
In the (free to read) newsletter, new data on how people compare the candidates outside the lens of politics. https://s2.washingtonpost.com/camp-rw/?trackId=596b02b6ade4e24119ac1a18&s=66c9e79cda896967aab23131&linknum=2&linktot=67
Trump wins only on imitating celebrity voices; giving better financial advice (absurd); winning a poker game; arm wresting…
The Church of England running a Miss Wet T-shirt competition.
I can well imagine that local rivers are somewhat frowned upon as not necessarily having the primal purity, at least in theory, of a spring, and in fact perhaps a lot worse. A paddling pool and hose are much safer (HASAWA and more general liabilities in law apply, as I'm sure does the insurance company!).
(For the avoidance of doubt, this is a joke.)
"Harris wants to make the race about the future, freedom and unity; Trump wants to make the race about the past, his presidency and threats to the country. Harris has effectively cast the race as a choice between her and Trump, which helps her because he is so unpopular. But there is still time for this to change, especially if an unexpected or outside event suddenly shifts voter attention to safety or national security."
https://www.nytimes.com/2024/08/20/opinion/harris-trump-election-polls.html
"But consider this: Harris has won the vast majority of news cycles since she declared her candidacy. And yet, she is only two or three percentage points ahead of Trump in the national polling average and effectively tied with him in the seven swing states that will decide the election. Structural factors — polarization, the gender gap, Republicans’ advantage in the Electoral College — are keeping this race tight."
https://thehill.com/homenews/campaign/4846433-harris-leading-trump-by-7-points-poll/
They also just published a guest essay "Why Trump can win on character".
Which I don't think was intended as satire.
45% will vote for Trump no matter what.
45% will vote against Trump no matter what
https://www.youtube.com/shorts/coAnaLQtNh0
https://www.theguardian.com/technology/article/2024/aug/26/improved-version-robocrop-only-picks-ripe-raspberries
Seriously, though, it's fascinating, especially to Eastern Scots who suffered raspberry mites in the parental garden or farm fields. Wonder how many/few cultivars it can cope with?
The biggest obstacle is the kind of “business men” who regard capital investment much as John Knox viewed the Papacy.
The probable early model will be renting the machines from specialist firms. Until the farmers realising they are paying for someone else’s profits.
Edit: one thing not mentioned in the article having lots of cameras at different angles on the machines - so they are much better at spotting fruit behind leaves than humans.
NEW THREAD