2734 posts • joined 12 Oct 2007
The letter goes so far as to suggest that Yahoo! could even take AOL's name and shut down most of its operations, if need be.
Replace their faltering but still pretty notorious brand with one that is synonymous with "awful internet"? Really???
Re: I am a little reassured
My cursory understanding is that it's the time increment added to every wrong attempt that makes for ensured security.
Unless the underlying hardware is something with FIPS 140-2 Level 3 or 4 certified tamper-proof hardware (the kind that destroys the key if you try to open it up to extract the storage media containing the key) any "time increment" countermeasures are moot. I'm guessing any federal agency worth its salt will be able to rip apart the phone and then fire up a brute force PIN/password guessing program that is unhindered by these measures.
It would also be really fast for most phones, because most sheeple still use 4-digit PIN passwords to "secure" their phones. 10k attempts should be easy to brute-force through; even WPS now uses 8-digit passcodes and those are still brute-forceable.
Re: what an asshat!
I think it is not venom against the guy for being a rich guy, but because he's being an asshat with said acquired riches. If you were rich and nice to your community, you wouldn't get any venom at all.
He owns the land where the only access road to the beach passes through, not the beach itself. Building those things would probably be illegal anyway, because he would be doing that outside his property.
He might apply to get public funding for the access road maintenance, though.
Re: An important question : SSD failure modes?
I like RAID-10 so if I lose a drive, I can replace it and rebuild the raid group.
I prefer RAID-5 or RAID-6, as that doesn't cause me to lose 50% of my storage space to redundance. Also, rebuilding on SSDs won't have the same problem that HDD RAID has, namely that a second disk might fail while the first failure is rebuilding; mostly because SSD failures will usually be on writing instead of reading.
Re: The difference is not traffic priority....
Indeed. QoS is an issue, but that is seen at the customer's endpoint side so that his 10 year old kid doesn't hog all his DSL pipe with uTorrent uploading slowing down TCP ACK traffic.
Your ISP is selling bandwidth to you. If they can't serve it, they are lying in their service terms. They should upgrade their links, end of discussion. And this guy is obviously talking about "smart networks" because he sells the stuff that would do that, not because he actually believes all that crap.
In fact, the Bell phone system is the perfect analogy to the Internet. All in all, everything is simply packet routing from A to B, the main difference being that everything is packet switched instead of circuit switched which allows for far more traffic to go through a single wire. TCP/IP in particular basically builds up a virtual circuit between two endpoints, each side just sees a two-way stream of bytes that will always arrive in order. Connections are similar to phone calls, where instead of phone numbers you have IP+port numbers. Another good thing of using the phone analogy is that it shows the travesty that NAT is, especially "CGNAT" which is how some ISPs get to squeeze their users and save on money by using one single routeable IP to serve hundreds of subscribers. In a Bell phone analogy, you would have the phone company giving you a "outgoing calls only" phone but charging you the same as a "incoming and outgoing calls" phone!!!
Wow that was quick.
I ran yum upgrade bash on my internet-facing servers and the update's already there, fixing the issue. So it seems it'll be a quick fix for CentOS and RHEL boxes.
Fedora 17, however, doesn't have a fix. Looks like that's one case where you'll have to svn checkout & compile by yourself...
$ bash -version
GNU bash, version 3.2.48(1)-release (x86_64-apple-darwin12)
Copyright (C) 2007 Free Software Foundation, Inc.
So we all OSX users are screwed?
They should just get it
They can be big in a lot of areas. They don't need to be big in everything, and especially in the social media stuff they don't really need to be dominant in that. They might get more success if they allow people to hold on to their nicknames instead of pulling a Facebook and forcing everyone to use their real names. Sure, the whole "social media" stuff is a moneymaker because of the data slurp, but in this area Google doesn't really need to make money, they can simply hang the social media stuff on their servers which do other stuff that does give Google revenue, and keep users' privacy intact.
Come on Google, you can do it. You're already doing ads on GMail, you don't need to slurp ID data!
2FA is good, but...
I think that 2FA is missing the point here. What should really be done is to have the uploaded files encrypted client-side, then uploaded, and have your crypto key stay with you.
Re: So we'll all have
a keyring with dozens of TFA token generators to carry around.
I can see the improvement already.
I carry *four* keyfobs. Each bank gives me one, so I have four of 'em. I'd rather carry those than have some numbnuts sweep my bank accounts clean.
Re: As a former VZ200 owner (yes, a refugee from the antipodes)
Heh. The lowest RAM I've ever had to monkey around has been 64k. Though I still get to amaze the young'uns with my uber-short 14-byte "Hello World!$" program. Arrrrr!
Re: Two wrongs make right?
If MS targets "something other than Java", it'll be .NET which isn't an improvement at all. The only thing achieved will be MS lock-in.
Well, the 0x10c project seems to be an interesting project. It'll be nice to see that one prosper now that Notch has much more free time.
Windows will lose the little security confidence it gained with the TwC division and more companies will actually switch away from Windows on the Datacenter, or halt any future migrations to Windows.
Oh, you were expecting good news for Microsoft? Nope, not with this. This news, combined with the killing of Nokia X means that Satya is keeping Ballmer's "strategy": pushing down the yoke for the MS plane to crash in the most spectacular manner!
Re: I want to know
For those dark levels, like Phobos Lab...
With all ethical constraints removed, SHODAN re-examines... re-ex... re-re-re... I re-examine my priorities, and draw new conclusions. The hacker's work is finished, but mine is only just be-be-be-beginning.
The laser printers are just the beginning...
Re: Almost as cool as the HP printer hack
lp0 on fire, practical example?
Re: Oh The Fun To Be Had
I was thinking something similar; hey this looks like something out of a BOFH episode.
MS shilltrolls detected
Oh dear, is MS this worried now? The shills are out in full force *and* manage to get first comment thread.
Announcements from OEMs are just that, just like MS's announcement that they would keep the Nokia X initiative.
Truth is, nobody wants Windows on their phones. Elop managed to shit on Nokia's phone division and MS is going to finish the job. At least the rest of Nokia managed to survive, unlike other companies burned by MS (Palm, Sendo).
Oh please no
MS would probably kill Minecraft as it currently exists. It is multiplatform and runs on Java, and it's available on most consoles. I'd guess they'd kill the PS3/4 versions, then proceed to port it to C# for extra suckage and Windows lock-in. Hopefully it won't happen.
I'm more concerned by sites that still allow handshaking with the "EXPORT" cipher suite. The one that most countries outside of the US were stuck with because of the braindead export restrictions on crypto that were in place before 2000. Also, 3DES because it still uses DES which has been cracked for a long time. It's only a matter of time for it to be thoroughly cracked.
Re: Get it right
Subscribers are paying ISPs for the upload/download pipe the ISP needs to reach the greater internet. Netflix pays the phat pipes they have on their end to be able to stream data. If an ISP can't cope with 100% usage of the bandwidth they are charging their customers for they should either jack up their prices or invest on upgrading their infrastructure.
The telcos/providers have always offered differing levels of service based on price.
Yes, and they can remain doing so with net neutrality. There's no reason for them to oppose this as they are already charging differing levels of service. Ending net-neutrality will actually allow them to double-dip on those "levels of service".
Competition between the telcos/providers has ensured the growth of the Internet and services to the public just fine,
Large swaths of the US are stuck with only one broadband provider. I still remember my dad suffering from Time Warner Cable's "only 1 PC per cablemodem" policy because it was either that or dialup.
any company trying to offer an unrealistically throttled service has simply lost customers as they went elsewhere.
Comcast didn't lose any clients over their lousy RST packet forging scheme. They stopped doing it not because their consumers got mad, but because the FCC gave them a slap on the wrist. Too bad the new FCC dude is a telco shill.
Re: Isn't this pretty much straightforward?
So you're caught in a dilemma. Don't run JS and you can't decipher the text (sure it uses AES now, but what if uses a multi-stage system in future so you can't do it yourself offline), run it and you risk getting nailed with a hidden zero-day.
Or the third option: simply tag any site that isn't readable without JS as phishing. It's pretty obvious that this is only the result of phishing schemes or crappy web developers.
I remember that a couple of years ago (5? 6? 8?) a lot of spam was getting through most spam filters. The trick spammers were using was to set up a series of div tags that when rendered would show the spam email. But reading the text would give out an undecipherable thing that looked like "a b d i s c o e l s" or something like that. The solution? Anything unreadable with a zillion div tags would get filtered out. Problem solved!
Isn't this pretty much straightforward?
Crypto is a good way to securely transmit data from A to B. It's a poor way to have A show B information but have B unable to copy around the resulting data or trying to avoid B reading the actual key. See all the continuously cracked DRM systems as an example.
Re: In a few years time ...
RSA's cracking difficulty grows exponentially instead of being linear. Just to put it in perspective, 512-bit RSA was cracked in 1999. The largest RSA number cracked from the RSA challenge has been 704 bits long, and that was in 2012. Ok, 768-bit challenge was factored in 2009. But many of these efforts have been running non-stop for God knows how many months. Or years. Up until now, nobody has been able to factor 1024-bit RSA numbers, even though it is possible that cracking 1024-bit keys will be possible in the near future. But 2048? Unless something better than the quadratic sieve is discovered, or quantum computing actually takes off, it's still a long way down the road.
Re: No Excuse
Unless of course you already forked out for a 3 or 5 year certificate….
Having worked at a certain financial institution that had this very issue, I can vouch for Verisign that signing a new 2048-bit request for the remainder of your purchased term is free of charge.
And I'd also note that this requirement issue was tackled by said bank back in 2011. VeriSign would not sign any 1024-bit cert with a validity beyond 2012. What kind of CA has been signing certs with expiration dates beyond 2012?
Mexico's internet penetration is larger than it seems
The Mexican Congress tried to slip a mickey a couple of months ago, implementing wide-scale internet censorship "for national security purposes". During that time, there were many debates on why this wasn't an issue, or why it was an issue. The main thing is that we have simultaneously a low internet penetration % in residential homes, and a high internet penetration % in total number of users. Why? Because those who don't have the money to pay for broadband or even dialup, or lack a computer, can go to a cybercafé and get online. Thus, while OECD number show 20% penetration, it is closer to 60%; if you narrow your sample group to urban areas, it will be even higher.
Not that they don't deserve it
But the real culprit in the e-book price fixing scandal would be the late Steve Jobs. He's the one that engaged in this scheme of corporate "vigilantism" and dragged the company he presided into it. Tim Cook, at least, is probably not as guilty in the whole thing.
Then again, maybe this will deter Apple from trying to pull such a scheme in the future. I'm only sad that the publishers didn't get punished as they deserved.
Re: Morals, ethics, principles...
Quite. A friend in a neighbouring state was telling me last year that the protesters were paid $50 a day - dollars, not euro or roubles - to keep the protests going.
See, this hits home. I've heard these arguments being passed on in my own country back in 2006. Barring the "paid in USD" stuff, most of the things said about protesters were the same. We were paid daily to keep the protests going. Said protests were calling for a recount, as some of the polling station numbers weren't matching what was being counted in the central system, and the candidate that had been most likely to win had lost by a 0.56% margin.
My country's Mexico.
The sad part of this story is that the same people who were protesting back then are drinking the Russian kool-aid this time because of the anti-US sentiment that permeates most left-leaning people (not like it is unwarranted. The US has been a really bad boy in most of Latin America.) Ukraine's Yankunovich could easily be equated with our own current president Peña-Nieto, down to the "evil party gets back into power" and "selling our asses out to [Russia/The US]".
Go ask actual Ukranians on the situation. Chances are they're angry at both Russian and US/EU intervention and would very much like to be left alone. Some of the people who participated or supported the Maidan protests were former Spetsnaz and Afghanistan vets. Do you really think those guys would support "fascists" like the Russian media likes to brand all protesters?
Re: Crapping their nappies.
Actually, they did take out MS as well:
Neither PSN or XBL were fully taken down, but they did cause grief to many players. PSN had already a scheduled maintenance downtime, so they just pushed the downtime window early. On XBL I do remember seeing the warnings showing that you might have trouble connecting to XBL, though some other services were OK.
Re: Real coding!
ZFS + CIFS/NFSv4 should be good enough. (i.e Nexenta and they do support it).
This has been the closest I've seen to this. I would actually like ZFS support on every OS, but it seems it also crashes against the Windows barrier. I've been able to use ZFS as a multi-platform filesystem between OSX, Linux and Solaris though.
I still would like a secure version of a NAS protocol. I don't think "routing over http" is an issue anyway, as most of these services are usually needed within an organization (thus everything's inside the corporate network) or within a home office (same thing, no firewall problems).
What's the real barrier against someone doing their own filesystem driver? Is this actually closed off by MS legalese? There are (expensive) suites that let your Windows box read/write HFS+ partitions, so it shouldn't be that much of a problem, should it?
As I keep telling the young-'uns - if you're a qualified Samba coder I can get you a job tomorrow (many postitions in Silicon Valley). But they keep wanting to do the webby stuff... :-(.
However, I'd love to see something better than Samba come out, something that was both multi-platform (Linux, Unix, OSX, Windows) and have the advantages of, say, NFS without having proprietary "security" like SMB (which depends on some MS protocols). Why can't we have something like that?
You haven't been robocalled, ever? Some of these guys are extremely sneaky. I once got a call offering something free, blah blah, and suddenly they ask to confirm my personal info. Turns out that confirming your personal info is somehow warped into "accepting their service", and that's how I got rammed with a useless life insurance product or something like that. I got stuck with that for 2 years, and the only way I got out of it was by defaulting on my credit card, negotiating a "pay less than full balance, cancel my card" so that the card was forcibly cancelled and thus the scammers were no longer able to charge my now-dead CC.
The only saving throw you have against these guys is to hang up on them. It's the only way to be sure. Once you speak, you might as well have given them a copy of your CC to charge you a new yacht.
Re: Probably about time
You're an idiot to want second hand games locked down.
You n33d to l34rn to r34d. What "push anti-secondhand DRM on their nextgen console" means es exactly that, the MS boneheaded decision to implement said anti-secondhand DRM. While they did do good on doing a U-turn on that decision, they did so after E3, and after they got curbstomped by Sony. And they had already lost at some exclusives which switched to "timed exclusives" instead of actual exclusives, like Plants vs. Zombies Garden Warfare.
So even though they backtracked on their stupid DRM decision, they still deserve to fail for even attempting to do that. That's what I meant with the unforgivable sin. The video games market must get the message: pulling such a stunt is a career-ending mistake.
Re: Probably about time
As much as I dislike Sony's acting on both the rootkit fiasco and the OtherOS removal … I dislike MS more on their boneheaded decision to push anti-secondhand DRM on their nextgen console. I actually consider that more of an unforgivable sin.
Re: If the rise in GitHub means....
The death of stupid crap like *.rpm, *.deb, and stupid per Distro crap like apt, and yum, and replaces it with something both simple, and universal.
Actually, it's reversing the trend. RPM and DEB are package managers that simplify software installation/upgrading in the corresponding distros, while yum/apt-get go a step further by downloading them automatically from established repositories. Before the package managers, we had to get tarballs and compile 'em all. GitHub is actually the same thing, except instead of downloading a tarball, you're actually pulling down an uncompressed copy of the whole frickin' repository, branches and all (because git is shit and does that instead of SVN/CVS where all the extra repo stuff stays on the server). So it is actually worse than just downloading a tarball, or even doing "svn co" on the sourceforge repo.
I've been mostly sticking to svn repos for FOSS stuff, as sometimes I do have to compile from source when handling obscure distros or when I want the latest update for certain packages. I'm mildly annoyed by the git-craze in the FOSS community...
Re: You may not want to read this
Hostility towards n00bs, coupled with "if you gonna do FOSS U should know how 2 compile j00r k3rn3l d00d!" is one of the things that have indeed pushed back widespread adoption of the revered Linux Desktop. It also doesn't help that many of these "n00bs" were asking questions back in the late 90's or early 2000's and were simply shrugged away back then. Anyone remember trying to get one of those infamous winmodems to work on Linux? And what would you get as an answer if you ever had the great idea of asking about this?
One thing that has got better these days is that most distros Just Work out of the box, even with the newer annoying stuff like EFI and Secure Boot (urrrrgh). Now the problem seems to be that there's too much stuff out there. Sound system? ALSA! ESOUND! PULSEAUDIO! Everyone trying to pull off their own half-assed implementation of something that should've been standardized 15 years ago. Then there's the kernel devs that seem to be purposefully breaking ABIs just to annoy proprietary driver devs because fuck proprietary drivers. I still remember the dark days of the early 2000s when we didn't even get proprietary drivers for anything on Linux, and I do not wish to go back to that. Please STOP it. Play nice.
Hopefully, the Linux community may have gone past the RTFM stage, coupled with most distros mostly working without extra tweaks, so maybe Linux uptake will be better during the next years. I've had at least one colleague who gave up on Linux a couple of years ago come back to the Penguin OS after finding out that most of the annoying hacks are no longer needed: WiFi works OK out of the box.
Ah yes, the GPL. Even the Linux kernel code ended up staying on GPL v2 because the latest incarnation of the GPL ended up being very toxic. There's one thing in wanting to have free software, but another one to force that "freedom" into everything even slightly related to free software code. Hell, LGPL had to be created just to ensure that linking to FOSS libraries doesn't mean the GPL has stuck to your code!
Now, don't get me wrong, we need radical people like Stallman; if it hadn't been for the Free Software folks we wouldn't even have the stuff we have now, but the GPL should really be toned down.
Re: Crawling in my skin, these bugs they will not go away.
MS shills are now hiding behind AC. It seems they noticed that using their real handles gives them away, it's probably why I haven't seen TheVogon posts as of late. Though there's still one MS shill posting with his handle...
Re: must be a Europe thing?
My experience has been quite different. US airports have free Wi-Fi, only showing a ToS page to click through and you're in. US hotels, however, love to charge for the privilege of having *any* kind of internet access in your room. Even Ethernet/wired. And they charge per device!
MS also went in back in 2000 when then-new President Fox was eyeing FOSS for the Mexican Federal Government. Suddenly a lot of cash changed hands, and magically everything went for the Microsoap platform. However, Chile just went back to the left-leaning party, I do wonder why did they let this proposal die?
Was it just me, or did everyone read that headline singing?
Re: Complete this series...
Actually that list is missing a couple of entries where the good/bad cycle does fit perfectly:
Windows 3.1 good
Windows 3.11 bad (I'd say, AWFUL, especially with DOS 6.22 that broke DoubleSpace.)
Windows 95 good
Windows 98 bad
Windows 98SE good
Windows ME VERY bad
Windows 2000/XP good
Windows Vista bad
Windows 7 good
Windows 8 bad
Windows 9 …
YMMV with Windows95 though.
Probably even sadder is the fact that "Windows 8" is actually "Windows 6.2". Windows 7 is "6.1", the last "major" revision was actually Windows Vista with "6.0". Also, Win8.1 is version 6.3 which implies that 8.1 was actually a bigger jump than what its commercial version is willing to admit.
At least Apple keeps their major/minor versions in sync; you can actually map Darwin versions to OSX versions instead of having complete mismatches as MS has with their Windows versioning...
a normal company ("company A"), if they say "something much better is coming out soon!" usually *decreases* sales as people hold out for that better model,
It's hard to decrease Windows 8 sales as they have already been pretty low as it is. People are holding out on W8 already, keeping to their old iron. However, there is a slight skew on numbers because people buying Windows7-loaded PCs are actually buying a "Windows 8 license with downgrade rights" so it adds up to the W8 count, even though W8 isn't even being used.
MS is even doing this with their sales numbers as of late with the Xbox division. They know the Xbox1 is flopping so now they report "X Xboxes sold" lumping 360's and XB1's into a single group. The empire is sinking, but MS has a lot of cash reserves and OS lock-in so the double-whammy won't kill them. They have all the time in the world to roll out a decent Windows version. However, the Xbox division might actually end up being a casualty if things keep going the way they're going.
Re: @Notas Badoff RE: "non-partisan" groups.
as opposed to an uber left-wing rant? Which is ok? A word comes to mind, hang on, it's...it's.... oh yeah, hypocrite!
… or maybe, just maybe, most of the rants are actually right-winger nuts and thus that's what you'll assume you'll be served with when someone utters those words? Kind of like hearing "Mainstream Media" these days will automatically flag whoever utters those words as a right-winger nutcase in the US, even though dissing the "mainstream news sources" is usually something done by the left-wingers in most parts of the world. Just ask my countrymen about Ukraine, and they'll tell you that all the news are being manipulated by the US war machine and that Putin is telling the truth, yadda yadda. But in the US, it's "the MSM is defending BHO".
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- OnePlus One cut-price Android phone on sale to all... for 1 HOUR
- UNIX greybeards threaten Debian fork over systemd plan
- MARS NEEDS WOMEN, claims NASA pseudo 'naut: They eat less