This is got to be fun. It serves as proof that being a zealot on fundamentalist religious views just makes you stupid.
3021 posts • joined 12 Oct 2007
Hardcore creationist finds 60-million-year-old fossils in backyard ... 'No, it hasn’t changed my mind about the Bible'
You'd expect the FBI to not let their domains lapse at all. Seems they didn't.
I'm also amused that it seems they seemed to have just put a CNAME on those domains.
Re: "Can you survive without support?"
It's about being able to actually get some help from Microsoft when it all goes pear-shaped.
Support is a good thing to have ... when it is actually good support. In my experience:
- IBM Support: Send Business Partner to fix. If it requires more people, IBM sends 'em.
- Sun Support: Send BP to fix. If issue not solved after X time, send local Sun engineer. If it still hasn't been fixed, fly in someone from Silicon Valley that will fix it.
- Microsoft Support: Get sent to some Indian dude who will ask for logs and stuff, then answer 5 days later "don't know what happened!"
Want support? Go UNIX. Or Linux. Or even BSD and have your IT department fix stuff up by themselves!
Doom scared the willies out of me playing late at night in a dark room.
A Demon, in Command Center's dark maze, with a Rocket Launcher!!!!
That pretty much sums up the first time Doom actually scared me. I had selected the rocket launcher, was navigating through a maze in E1M4 when I started hearing growling noises behind me. I turn and find a Demon right in front of me. I panicked and shot the thing. At point blank range. With a freaking Rocket Launcher. Fortunately, I survived that with 11% Health. It also didn't help that the next level after that was the horribly dark Phobos Lab.
Re: This sums up the problem:
Ah yes, the "Call of Halo" genre of FPS. I really, really hate that most FPS games have dumbed down to the 2 weapon limit, linear levels, regen health and checkpoint autosave systems, it has even infested games that used to be better, like Bioshock Infinite and Dead Space 3. Oh, and Duke Nukem Forever, which didn't suck because it should've been released in 1998 ... it sucked because DNF was basically following all the BAD things from the "Call of Halo" genre.
The El Reg / Apple love hate thing goes waaay back. That said, El Reg basically mocks every single IT outfit. Remember the Itanic? They really abide by their motto: Biting the hand that feeds IT.
Happy Crypto Friends
The thing is that anyone reading the original article would notice that p could be divided by 3. Which was a dead giveaway that either the key was broken, or that particular RNG was, or the key validation procedure was b0rked. Even the dude that published that was less concerned with cracking a 4096 bit key and more concerned on what would generate a key with a stupidly small prime number.
Looks like our Prez Peña-Nieto is just extending his "Bad Luck Brian" aura to satellite launches as well. I also wonder why the hell haven't they just switched to SpaceX. It's closer to us, and those have better odds at actually not blowing up on launch. For those who don't know, Mexico has lost a lot of satellites thanks to shoddy Russian launches.
Re: Who killed them?
The BOFH, in the Server Room, with the Cooling Pipe!
Re: One party state
Welp, you guys decided to give the Tories an absolute majority (though a weak one). You're just getting to reap what you sow real fast. :/
Re: Will VM work
Win 10 looks so bad that I am seriously considering running a Macbook with VM so I can still use Visio, Autoroute and Microsoft Money which are the only reasons I still use Win 7. Anybody got any better ideas?
You're late into the game. I did exactly that in December 2012. My Win7 VM is rarely used these days, as I bought Office 2011 for Mac (it still has menus so you aren't forced to use Ribbon only) and Win7 is mostly used for Windows-only games or the few 2 or 3 programs that aren't available on Mac.
But yes, it's probably the best bet: you don't have to pay the MS tax, you keep an OS that does get commercial software, but also get a Unix OS underneath for other stuff. And you can run any other OS under VMs if you want to.
Re: see nothing worthwhile on windows 10 here
The XBox One had a small surge during holiday season 2014 because MS made a steep discount around those dates. I think it has reverted to its regular price, so there's a good chance the surge is gone as well. But it's probably too little, too late: PS4 is way too ahead. The XBO isn't quite a failure, but it seems to have definitely lost this generation's console war. Honestly, MS should just close up that shop and let a more consumer and gamer-friendly console maker enter the market.
I really hope you are joking and not that stupid?
I don't think he's stupid. He's probably right: the only way to have a truly secure browser is to disable all client-side running code. If code can run in your client, it can be theoretically exploited.
Re: Not the end of the world
On java applets, sure the applets themselves didn't really integrate with webpages, but there are some websites that do some kind of client-side Java that does seamlessly integrate with the websites. Classic Hushmail is an example of this, when you enable Java.
And the irony is that Java is probably the most secure of the "stuff that can run remote code" out there, even though it did have gaping holes a couple of years ago. But alas, it has been permanently tainted by those dark days.
Windows 8 probably did a better job of killing off PC sales worldwide than any other attempt ever. Windows 10 is hardly the anti-Windows 8 they've been touting, so I doubt they'll rebound.
Re: What an ass clown
Cisco gear does have graphical interfaces. But any competent sysadmin can and must be able to manage stuff using CLIs. In fact, the lack of CLI on certain products is a larger problem than lack of kiddie GUIs on stuff that is only managed by competent IT folks.
Someone actually noticed a switch was added? What gave it away, the sudden increase in productivity and decrease in complaining about network access?
The still-active DHCP usually does that, as it will wreak havoc on the rest of the network.
Even if you disable DHCP before connecting it, some mildly competent IT departments will notice that a certain switch port is now serving more than one MAC address, a dead giveaway that someone's plugged a switch in there.
One of my jobs involved that particular layout. It was funny, because the whole floor was remodeled from a "sushi bar" layout to the "aquarium" layout, supposedly to use them as conference rooms. But what really happened was that we were stuck into those conference rooms. The good thing is that we didn't have Ethernet port shortages, but we did need to raise a ticket so that the network dudes would enable 'em and put 'em on the correct VLAN. It was fun, as the conf room we were assigned to was small, so our 2 person team was very comfortable.
Wifi is garbage for anything that isn't residential use. Corporate networks use a lot of bandwidth and wifi is ill-equipped to handle that much stuff. Moving multi-GB files is already a lengthy process when most of your nodes are still stuck on 100BaseT, doing it on wifi would probably kill the wifi link for everyone else.
Wifi is for lazy people who can't be arsed with running CAT5e through the building.
An SSD easily knocks 2 minutes (it's probably closer to 5 minutes) off our fat client bootup and login to usable desktop.
Most companies where I've worked keep all PCs turned on. Desktop boot times don't matter if you aren't booting up that much.
If you scribble random data all over just one of the drives, your RAID controller won't notice, and will return that data 50% of the time, when it reads the relevant sectors from the corrupted drive.
Um... That only applies to RAID1. RAID5/6 does actual parity check on stuff and thus won't return corrupted data. Even better if you're using ZFS, which actually has data integrity checks. ZFS+raidz1 is the best option out there, if you really care that much about corruptible data.
However, sneaking Win10 onto home users' machines for free would probably be a benefit to everybody.
No it isn't. Given that Windows 10 hasn't fully backed off from the Metro UI disgrace, it's going to cause unending headaches to those of us who have non-IT family members, who will proceed to nag us on "where did everything go?".
Re: Rather interesting @martinusher
Yes, I'm very annoyed that H1B is basically "the Indian visa" these days. I've been offered a couple of jobs in the US, but it seems that these are offered via the TN-2 visa mostly because H1Bs run out real quick. TN sucks in the sense that you're locked to the same employer, if you quit or are fired you have to leave the country ASAP. No grace period, no looking for another job. H1-Bs are better for some of these cases.
But then there's even more reasons for immigration reform. Fix it so that both immigrants (and non-immigrants, as H1-B is a nonimmigrant visa) and US citizens aren't shafted by US corporations.
Re: Rather interesting
Lay off the Fox News koolaid, AC. H1B employers can't give lower wages to H1B holders, immigration law mandates a higher wage to avoid "taking them over a US citizen". They also have to prove there's a shortage of available US citizens to do the job. There is a real shortage, probably because CompSci degrees are still low in the US.
Oh, and Mexican illegals aren't looking for entitledness, they're looking for better wages.
Re: As someone from the con / geek community
As you see more and more busy body wannabe tech feminists (as opposed to women with actual skills) enter the tech circles... you'll see more and more of this.
It has even infested DEFCON. The one last year had Hacker Jeopardy get PG-ified as Vanna Vinyl didn't strip down on that edition, due to insistence of the feminazis. (Note: "feminazis" and "feminists" aren't the same thing. "Feminazis" are the radical zealot subgroup within the feminist movement, but not representative of feminism as a whole.)
I might get RSA banning booth babes, but DEFCON? That's just ruining the fun in an event that isn't meant to be business-oriented or PC at all. Reading this thread pretty much talks for itself.
Re: It was dail-up in more senses than the link....
Yes, that's how it reads given that Maggie Thatcher was involved in it. Another black mark on her history of oppression...
Solution looking for a problem?
This has the very distinct smell of being a solution looking for a problem. The only people worried about switch dev code are switch vendors themselves. Why add a useless API to that stuff? Packets aren't going to be routed easier with them. Switches and routers have to do minimal functions at very fast speeds, the less coe they have to execute, the better. Why bloat it with something that isn't even needed? It's not like I'm going to install IOS on a 3Com switch, which is the only thing I'd see this API being useful for.
Re: Bork IE<9
The Freakattack site says that it is still vulnerable, is that because it just checks for IE 11, or because even with these settings (AFAIK TLS 1.1 is still secure) IE 11 is vulnerable and can be forced to use a weaker protocol?
Yes, unfortunately TLS 1.x doesn't mean that EXPORT ciphers are disabled at all. I've tested a couple of sites, and TLS still can negotiate EXP-RC4-MD5, which makes cryptographers' eyes bleed. The problem is that EXPORT should have been removed from the default set of ciphers at least a decade ago.
Re: Never made it to civilisation.
Here in the civilized world we have Nespresso which really is an environmental disaster as the composite aluminium and custom plastics are prohibitively expensive to re-cycle.
The Nespresso is the Nescafé-branded version of those awful things. And no real coffee lover would be seen even close to drinking Nescafé. Yeech!
I'd guess it's the hipster version of "brewing" coffee. I decided to give the whole fad a pass, thanks to the first ones being marketed over here having the Nescafé brand. You know, the instant "coffee" made from coffee bean skin scraps and other assorted garbage. No self-respecting coffee lover would ever drink Nescafé, never mind a Nescafé-branded coffee pod.
The DRM just makes the whole thing even stupider. Screw that, I'm using a regular drip coffee maker. I'd even grind my own beans if I could, but alas, I don't have a grinder.
Re: keyword: either
OpenSSL, out of the box, is not suitable for use by developers and administrators who don't want to be bothered learning anything about SSL/TLS.
Pretty much any crypto API is not suitable for use by anyone who hasn't at least read something about SSL/TLS. I'm really surprised about the amount of devs, webmasters and sysadmins that had no idea about the existance of EXPORT ciphers at all. This is something they should know because a lot of them actually worked with the "international browser" versions from the late 90's which had the stupid 40-bit restriction hobbling SSL.
There's also a very high amount of developers who use self-signed certs in production enviroments. Another good bunch that outright disable SSL certificate validation to get their stuff to work, basically opening up their security infrastructure to MITM attacks within the organizational network. You've probably noticed that this sounds a lot like how SuperFish does SSL ... well, this is why those devs thought it was normal. They're used to doing this.
Oh well, at least some security-related products will have some kind of FIPS mode available. It's probably worth flipping that switch on as it will disable all EXPORT and LOW ciphers by default, including 3DES which is probably bound to be cracked in the near future.
BlackBerry OS 22.214.171.1244 invulnerable as well.
I would test it on OS 7.1.x but my 9790's logic board died 2 weeks ago.
I wouldn't see this as a minor flaw as long as the browsers support it. Yes, if the server doesn't accept EXPORT keys, it's a non-issue. But at the time of writing, 2 out of 4 banks I've tested are vulnerable to this. As long as these sites remain unpatched, this vuln will remain serious.
There is one use for EXPORT in OpenSSL though
I use it all the time to check for exactly this kind of stuff:
openssl s_client -connect www.my.site.with.ssl.com:443 -cipher EXPORT
I've been checking for both this and TDES usage since 2011. I've also made a point of disabling EXPORT, RC4 and TDES ciphers on whatever service I'm configuring from scratch. This is something that everyone should know about, but seems to be noticed only when someone discloses it.
I'd leave EXPORT support on OpenSSL for testing purposes only, but remove it from the "can downgrade to this cipher" list.
The fun fact about this is that it's the US Government's fault, and maybe the NSA's fault as well. The 90s had a lot of criticism on the ban on strong crypto export, and we all knew that was going to come back to bite 'em down the road.
Re: Ouch....sorry this is going to hurt.
Internet Explorer on Windows phone is NOT vulnerable.
Sorry for any embarrassment caused.
Blackberry OS 6 here, NOT vulnerable as well. Looks like I'm being vindicated about saying that BBOS was more secure than the popular stuff.
Re: GOPtards are already at it
Um... Tom Wheeler was also a "Big O" appointee, and he was all for allowing ISPs to charge extortion fees against content providers. It wasn't Obama who forced his hand, it was the general public. You know, US citizens, the ones that actually vote people into office. In fact, Wheeler was mostly seen as an odd choice for FCC chairman as he has been mostly associated with cableco lobbying groups.
No they don't deserve to be regulated. They BUILT the internet, the government is stealing it from them.
Nope, DARPA built the internet. If it weren't for ARPANet and NSFNet, there wouldn't even be an internet in the first place.
GOPtards are already at it
Now they're claiming "OMG now internet is going to get higher taxes, thanks Obama!" which shows how stupid the rightwingers are now. It's the FCC, not Obama, the one passing Net Neutrality rules.
And really, the telcos brought it up on themselves by challenging the Open Internet rules. They deserve to get regulated.
It seems that the Big Bad Telco/Cable operators are mad at this.
Which means it's probably good. Hopefully the FCC will be able to strongarm telcos into submission this time around.
I'd rather have a slow I/O OS that lets me do my job quickly, than a fast I/O OS that makes me spend 3x the time doing my daily work.
Of course, I chose neither: I jumped to OSX when all laptops turned into "Windows 8 or bust". Well played MS, I chose bust.
Re: This is why
Or be nice and send out an SSD with a clean Win8.1 on it, thereby giving customers a nice present for their trouble.
Giving Windows 8.1 is the opposite of a nice present. Better off with Windows 7, or a nice Linux distro. But not Windows 8.x.
If a phone finds a wifi signal it can connect to, that could also trigger a self-destruct.
Only if the phone had WiFi activated when it was taken away, and even then only if the phone can find a WiFi network that was previously added to its list of known WiFi networks.
Re: 1) remove battery (or turn the device off until you can get it to the lab)
I thought the anti-theft signal didn't care about SIM? If it does, then yeah, that'll work too.
It doesn't care about SIM, but it can't register with the mobile network without a SIM (it could do it with a different SIM card, or if it has WiFi enabled and registers with a known WiFi network.)
Crypto is not much of a hurdle against most people, because most smartphone users are security-stupid and will use 4-digit PINs or that annoying "secure" figure-point thingy instead of a really secure password. 4-digit PINs should be crackable within an hour, maybe less.
Re: Answered years ago!
Processes do need microsecond precision. You fail at UNIX. Or OSes in general.
Re: jail for superfraud
They are like the American version of Phorm (but far worse)
Yes, this is basically what Superfish is, only on steroids as Phorm would've been unable to tap into SSL connections. I was actually reminded of Phorm when this news broke out...
lolwut? Apple weren't even validating SSL certs, arguable an even worse situation for the end-user.
And yet, they issued an actual fix for that pretty quickly. Fixing the goto fail issue involved downloading the most recent update, while fixing SuperFish requires at least two actions, with at least one requiring the user to do advanced stuff (removing a root CA) by themselves.
Re: How not to do asymmetric key cryptography
But ... but... it's a PKCS8 protected by encryption! By a password!
And we stored the PEM file with the strings in reverse order so nobody will be able to read them even if they find them!
Re: Cue the ClassAction lawsuits in 3... 2... 1...
California USA is already "sue happy" with reguards to shit as lowball as being served a cup of hot coffee from McDonalds
Bad example for a frivolous lawsuit; coffee so hot that it causes third-degree burns is a real hazard.
Re: the fire rises
Maybe ASUS. But Acer isn't going to see my money, I got burned enough back in 2011 with crappy Acer laptops. Nevermore!
Still, neither will see my money as long as they sell Win8-only laptops. I'm not going to pay for the worst MS OS ever concieved.