2518 posts • joined 12 Oct 2007
One thing I like about El Reg is that they slam everyone. On the ebook scandal, its sad that the publishers didn't get to foot the harsher bill but then Apple could've had it easier if they had entered the deal as the publishers did. They knew they were wrong, otherwise all five publishers wouldn't had wimped out...
Re: No, early
No they didn't. What they did is write their own wrapper around malloc so that they could cache memory instead of releasing it.
Hm… this could be interesting. If they have a wrapper around malloc(), they could theoretically zero out recently allocated memory before returning the new pointer to the caller. That would render Heartbleed (and any similar attack) useless as the whole allocated bunch would be full of NULLs wouldn't it? I'd fill it out with 0xDEADBEEFs but that would probably be more costly to pull off...
Re: Does ANYBODY still believe this tripe?
It's even easier: They're giving vanilla Win8 the Vista treatment. IIRC Vista was EOL'd shortly after 7 came out. Probably justified as Vista remained in the under-10% range for most of its life, and 7 was basically "fixed Vista" so it made more sense for businesses to simply upgrade to 7 as "compatibility issues" weren't a problem if you already had Vista.
But the real question is...
Will this new update bring up the Start Menu? At least it seems that TIFKAM apps now get windowed mode...
Says the people who would have recommended the noSql solution in the first place.
I use a lot of open source stuff. Yet I would never recommend NoSQL for the same reasons these dudes switched to PostgreSQL: it's got issues. Never mind that NoSQL's name itself shows the real motive behind most of those "newfangled" DBs: they're built and promoted by crybabies that hate SQL so much they made their own DBs that don't do SQL or ACID. The same kind of crybaby attitude made me switch back from MySQL to PostgreSQL, as MySQL's documentation couldn't stop whining that transactions and foreign keys were for losers or lazy developers, we won't implement them ,yadda yadda yadda. (Ironically, they had already added the multi-engine support and InnoDB did support all those things. Yet the documentation still had this baby rant.)
NoSQL stuff has its place. But devs should really see if they need it or if they just have relational data that doesn't need those other things. It'll pay in the long run. :)
Nice to see reuseable stuff being tested. I've always thought that one-use rockets are a stupid waste of money. At least the Space Shuttle was mostly reused sans the fuel tank...
Re: Simple script? @boltar
Most people definitions of "simple" mean something like a 10 line script sending one or 2 strings down the line. Not 300 lines of code doing challenge response.
Are you a script kiddie? I didn't get ROP but I do know what ASLR is. And indeed the script is simple as the only thing it does is send a malformed package (the phony heartbeat request) and get the juicy bytes in response. Compared to the weirdness usually involved with exploits like stack smashing/injecting shell code, it's pretty straightforward.
I have to concur with Rackspace, even when that means I don't get super cheap virtual servers. Price wars are good for us, but if nobody stops at some point it becomes a bloodbath where only those with deep pockets will be able to survive.
As far as my experience goes, Rackspace does have pretty good uptime and support, and its pricing is still within the decent range. They're now offering IPv6 and extra "storage blocks" which seem to be just extra virtual HDDs. My only complaint in the earlier days was that you had to up everything, not just the HDD space if you needed more. This seems to no longer be the case and that's good.
Haven't been able to do AWS as they don't do CVV2 validation and all my cards bounce because of that; and Google is one company I just don't trust for private data. So I think I'm staying on Rackspace Cloud even if it is now a bit more expensive...
Re: Should have told protesters where to go
The main issue that caused the whole controversy is that he was appointed CEO. For years he was CTO and nobody peeped a thing about his donation on Prop8. But the moment he gets into the CEO chair, he's able to manage donations for the Mozilla Foundation. Which means that coupled with his beliefs, he theoretically could have started making Mozilla give donations to groups like the "Kill the Gays" organization that caused the Chik-Fil-A controversy last year. In fact, that other scandal was uncovered because of that company's CEO speaking against same-sex marriage, which led to LGBT groups checking out where Chik-Fil-A donations were really going.
On the other side, Eich doesn't seem to have had the intention of steering Mozilla into 'fund the crazies' mode, so the pressure on demanding his resignation does seem to be overkill. His whole contribution was a relatively minor one, and it was made years ago. Views have changed in the years between, what some people did a couple of years ago might not be indicative of what they think right now. Maybe Eich's "mistake" was not to say he's no longer against same-sex marriage… but that was probably not a good reason for him to be pressured into resigning.
My parents were told by my psychologist about games that were so hard they were more frustrating than fun would just cause frustration and that this was a known thing. Kids playing these games would start going frustrated, then start getting violent fits o' rage with these games.
We're talking about the Atari and C-64 era. I'd say these effects are probably well documented since the 80's but not everyone got the memo...
Re: Underlying meaning of the data ...
"If 85-90% of business used *nix there would probably be 85-90% of El Reg's readers using *nix."
Or they're using Unix stuff, just not in the desktop PC's.
Re: It isn't too late.
Adding an encrypted V2.0 TCP-IP stack is perfectly doable, just like adding IPv6 support.
We already have it, it's called IPSec and its available in IPv4 and IPv6 flavors. It is kind of a problem with IPv4 thanks to horrible things like NAT and the fact that moving around means your IP is always changing… but theoretically IPv6 should simplify a lot of things and thus IPSec over IPv6 is easier to pull off.
But server-to-server comms can be secured via IPSec...
Yadda yadda yadda
I have a better proposal: just KILL that freaking systemd monstrosity!!! Go back to SysV init. The whole thing is causing more headaches than actually solving stuff. There's also that 2048 character password bug where typing in a 2KB password will get you on. Come on!!!!
Re: The man from Munich
Not surprised that the resident MS shills are slamming the article or quoting FUDy extra costs. It's becoming predictable...
The Nokia got 0wn3d, but it seems the BlackBerry didn't. Maybe BB should capitalize on this? They've got "we're the only one authorized to operate on the DoD networks" but adding "NSA proof" has got to give them some extra points.
The one video I did see of one of these Teslas catching fire was the one in Mexico. The dude crashed its way doing something near 200 km/h, went over a bridge, crashed through the railing, crashed down to the street, then plunged into a fountain or something like that before crashing yet again. Yet the driver managed to get out and run away from the scene before the car lit itself up. I'd like to see a regular car take that much abuse and not catch fire!
Re: beginning of the end or the end of the beginning?
Seeing as those are both by miles the market leaders in their fields, the answer would undoubtedly be very few extra ones on Linux...And why would you want to - all those extra Linux security patches to integration test - not fun.
Ah, the MS shills are fast to react. As ACs yet again.
I'll give you a point: Exchange doesn't make much sense in Linux as it depends on Active Directory, MS's take on LDAPv3 and Kerberos5. But there are quite a bit of systems that can do what Exchange/Outlook does and they only require an LDAP server. And they're pretty secure as it is. On security patches, no platform is free from that. Especially Windows.
Re: Stating the obvious ..
It depends on which 20-somethings group you're checking. Even 30-somethings. I've mostly retreated to Netflix (I'm 32) because I am rarely at home so I don't see the value in having cable TV, and Mexican OTA programming is awful. Series on OTA lag so far behind current seasons that the teens and 20-somethings are simply watching 'em online instead.
I really really know that I'm mostly using my TV as a PS3 screen most of the time, the exception being late-night TV when some interesting (but sadly, cancelled in the US) series show up.
Seen this at least a decade earlier with Hushmail. If you use the Java-enabled version of their service, encryption takes place on the client. The private key does reside in Hushmail's servers but it isn't decrypted on-site as long as you're using the Java-enabled version of the service.
Sure, the client code is stored on the server and could be tampered (and this being the NSA, they might even have a valid cert to sign their tampered code as well) but the logic's there.
What this MIT stuff does is something I've already done at least once for secure cloud storage. Somewhere on my 'land of dead project code' I have a piece of Java code that uploads stuff to Rackspace's Cloud Files storage but encrypts it in-transit and adds the key to metadata … said key is encrypted with someone's public key. Thus the data can be only decrypted by someone who has the corresponding private key. The concept isn't groundbreaking at all and anyone who is security conscious has been doing this for years. At least one employer basically crammed sensitive data inside a TrueCrypt portable drive and uploaded that to the Cloud Storage service du jour.
Windows on ATMs
Looks like using Windows for ATMs doesn't sound as bright right about now.
I have always been miffed at this, especially given that I have worked at certain banks (yes, MEXICAN banks) and most of them snub Windows for everything else. But the ATMs are on Windows, no surprise they're getting 0wn3d on the ATM side.
Oh well, beats having the whole ATM stolen, which happens every now and then.
Re: ¿Plata o plomo?
Heh. Been a while since my country appeared on El Reg, and I'm not quite surprised it came up with an ATM slurping malware bit. But it does confirm that I was properly annoyed when I realized they had switched from OS/2 to WinXP on ATMs … and I was thinking "geeze, we shouldn't be putting that OS on ATMs!"
Re: ..a multimillionaire already ..... can afford to walk away
Being neck-deep in debt does mean you can actually have negative wealth. It's a basic concept few people grasp, otherwise we wouldn't have so many people who go broke as soon as they spend more than a month without a job.
And not all people in debt are using their CCs to buy useless crap; some have to do so to survive.
So the "news" is actually hearsay. Haven't these rumors been doing the rounds for a couple of years now? And yet, Blackberry does seem to keep the edge on security, being the only ones with "Authority to Operate" by the DoD. If the White House were to switch smartphones, they should use their own NSA-approved Sectera Edge handsets, instead of going for stuff from other parts of the globe. At least most of my Blackberry handsets are made in Mexico, which at least is within the US's vicinity vs. "somewhere in China".
Dear MS shills, if you're trying to pass off as actual users, stop using the AC flag.
WP8 got FIPS 140-2 certified. While it is commendable (IIRC other non-BB devices haven't got that yet), WP8 still needs the other cert, the one from DoD mentioned in the article. And well, vulns can and will be patched, while having 0 known vulns doesn't mean there aren't any.
Re: My own view
Except they are still relevant, and are still the only ones with "Authority to Operate" by the DoD. As long as the competition doesn't get this, BB will remain in government and military sectors. Of course, there's also the Sectera Edge, but I wonder how many people in the DoD actually have one of those...
Yeah, the first thing that popped into my mind was the lame Scientology attempt to kill one of the USENET groups that was critical against them. Which of course was ignored.
Re: The devil's in the detail
"I'm plesantly surprised by the lack of gloating from Windows-only people"
You didn't stay long enough. The very first post here is an MS shill/troll, followed by a lot of replies made by ACs gloating. It does seem that most of 'em are hiding behind the AC mask though.
The cannibal thingy is called 'Wendigo' IIRC.
Re: "exploits poor configuration and security controls"
Yup. It's pretty much a given that those 0wn3d servers are the kind that someone set up and then proceeded to ignore. I still remember one site that spilled its MySQL creds, someone posted said creds in some forum and the trollosphere proceeded to DROP TABLE everything. 3 *months* after that, it was still missing its DB. There are a lot of people out there that have lax security practices and I'm guessing that is biting them back right now.
Seems to me that someone in that NSA team has been playing too much Metal Gear Solid.
Linux didn't exist until a decade AFTER the first release of DOS. DOS was 1981, Linux didn't exist until 1991.
So I assume you didn't read the full statement you yourself quoted:
All UNIX derivatives, including Linux, have had "remote management" capabilities for a decade before even DOS existed!
UNIX is the one that has had remote management since its inception, which dates back to 1970 (probably earlier). Linux got it since it was born due to being a UNIX derivative as well. Windows had to have the remote management stuff added later, and even then it had to be changed at least once from the proprietary thing they had on NT4 and earlier to the LDAP/Kerberos5 thingy they made in Win2000.
"The banks mainly use Windows because of the excellent remote management offered which isn't/or wasn't until recently available for Linux."
You're joking, aren't you? All UNIX derivatives, including Linux, have had "remote management" capabilities for a decade before even DOS existed! And it's also why most banks actually use AIX, Solaris, Linux in their server stacks instead of Windows. Even AD is basically a pirated implementation of LDAP and Kerberos5. And before that we had NIS and NFS. What the Windows world was barely achieving in the late 90's/early 00's was already standard in the UNIX world!
I'm guessing banks chose Windows because of their choice of running OS/2 on earlier ATMs. WinNT is after all a breakaway "pirated" OS/2 so it's possible that Windows would be able to run most of the OS/2 software without a problem. Also, at least until Win2000, NT had an OS/2 subsystem and that might help as well.
Me? I would've probably gone down a hardened Linux route, or simply gone down an even safer route with QNX.
Though she is right. The CIA is forbidden from operating within the US. That alone makes it unlawful for them to have deleted stuff from the oversight committee.
So MS is either still going "la la la can't hear you" or they've already written Win8 as a loss and are re-coding Start Menu and "traditional" UI as something for Win9. Even the MS shills over at ZDNet are starting to say that MS screwed the pooch by now.
Re: Rationalization over Reality
I think I know who h4rm0ny is!
I thought he was the anti-Eadon, formed after the original one was nuked. Maybe he possessed Sinofsky?
Re: separate UI for pc or touch?
Ah, someone that actually remembers how System 7 looked like when Windows 95 came out. Indeed, Win95 was basically "pirated System 7" and even then it wasn't even an actual OS; Win95 was DOS 7.0 with a shell extension. You still had to run WIN.COM the same as it was with Win3.1 (don't mention Win3.11, that's the ME of the 3.x days) but now WIN.COM was automatically executed after config.sys and autoexec.bat so you didn't notice this. Win95 basically copied the System 7 look & feel, dumping the horrible Program Manager interface.
Incidentally, Windows 8's Start Screen is the Program Manager revival...
It won't. They did put something touchy-friendly, Launchpad, and it proceeded to be the least used app on OSX. They did notice this and thus no forced touchy interface for OSX. Compare to Microsoft.
Looks like he leaves at a moment where the SCEA division is going strong.
Problem with this guy
Keeping the BTCs on Mt. Gox. Sure, many people were speculating and thus going to and fro between BTC, USD, EUR and such. The thing is, if you really care about the amounts, you really really shouldn't leave a large balance on the exchanges. I learned that the hard way during the Second Life bank collapse of 2007. Though the worst money loss wasn't the broken banks … it was the World Stock Exchange which basically made off with a lot of money. Hell, the story even was similar to Mt. Gox sans the legal action.
The PDA market was mostly created by the Newton in the early 90's. It had even built up a thriving ecosystem up until Saint Jobs second coming got it killed overnight (his revenge against Sculley). But even by then, Palm had already entered the market and for years they were the leaders on the PDA business. MS was the ugly duckling there, mostly starting with their Handheld PCs (remember those?) then switched to the PocketPC format to compete with Palm. They had limited success with those, but the main problem was that MS just stuck the "Windows Experience" upon a PDA instead of doing something different. Hell, even Symbian was king during the early smartphone years, and that one's basically rebadged EPOC (we miss you Psion!).
Then there's the thing that MS loves to deprecate their stuff. Look, we have Windows CE! Oh no, now it's Windows Mobile! Oh no, scratch that, Windows Phone 7 is totally new and anything from WinMo won't work here! Eventually the developer base evaporated and went to platforms that didn't do the deprecation dance every 2 years. Oh yes… and MS is responsible for the death of the one platform that did survive the PDA to Smartphone transition: Symbian. :(
Easy fix MS
Kill TIFKAM. You'll get a lot of XP holdouts to jump. As it is, they're going to 7 if they can, staying on XP if they can't.
Windows 8.x is a disaster. Kill it.
Didn't I read that Ford was choosing QNX/Blackberry for their cars? Wots this?
I casually noted that the Japanese stuff seems to use a different year system for some reason?
26-2-28 instead of 2014-2-28? Is Japan using another year as their "year zero"?
¡Ahora puedo postear en mi idioma natal! jajajaja ¿Qué pasó El Reg? ¿Aprovechando el manejo de la lengua española después de haber pasado meses en España por el proyecto PARIS? ¡Saludos desde México!
The pro-censorship dudes behind SOPA also used China as a shining example when they were pushing their draconian bill as well. It's a disturbing trend all right, but it's there.
Re: Ah yes, Colbert. Another unfunny guy.
The humor seems to be lost on people that don't know (or refuse to believe) Kissinger was a war criminal. He's got a lot of blood on his hands.
Re: 2007 hardware obsolete?
2007? a 7 year old machine? So you'd expect a machine bought in 2000 to run the Vista in 2007 or a machine bought in 1993 to run Windows 2000 in 2000 or a machine bought in 1986 to run Windows 3.11 in 1993 or a…
Or a 1986 Mac Plus to run System 7.5.5 (released in September 1996). And that's even after Apple had transitioned the Macintosh platform from Motorola's 680x0 to PowerPC. Sorry, but Apple (used to) have a pretty good record supporting older hardware.
The point's moot on 2007 hardware anyway. The real reason for those Macs being unable to run ML and Mavericks is that 10.8 and newer are now 64-bit only. Apple jumped ship to Intel too early, they should've probably waited 'till the 64-bit processors came out. PPC was 64-bit already after all. They'd probably have all users on Mountain Lion as a minimum if they hadn't killed Rosetta on Lion and newer.
Re: This is funny
I have been using a Mac since the 1980's and have never had a virus, been hacked or lost data and I have never spent a single cent on anti-virus software.
Had you said "early 2000's" it would have been believable. I was a Mac user during the early Mac+ days, up until sometime around 1998. I came back to Mac sometime around 2012 as most of my work is now based on UNIX and Linux, thus no real need for Windows (and gah! Win8! yuk!). But there's no way you're going to hear me say Mac has never had a virus. Frickin' Symantec Antivirus was born on the Macintosh ecosystem. And yes, we did get hit by a couple of virii, in fact we got to lose a couple of HDDs thanks to them. MacOS Classic had quite a bunch of virii roaming about, it was OSX that started the virus-free claim.
I will agree that it is at least more secure than Windows, but most UNIX/POSIX based OS can claim that feat.