I'd wonder if they're going down the James Bond route, the Jason Bourne one or (please no) the "Mr. Bean" err… "Johnny English" one.
Hopefully it'll be more Bourne-like.
2794 posts • joined 12 Oct 2007
I'd wonder if they're going down the James Bond route, the Jason Bourne one or (please no) the "Mr. Bean" err… "Johnny English" one.
Hopefully it'll be more Bourne-like.
One of the funny things about Swordfish is that at least some of the "techno babble" was accurate: 512-bit RSA can be cracked via quadratic sieve while 1024-bit still hasn't been cracked in a useful timeframe.
Other movies have at least tried to make some of the hacking plausible; Matrix Reloaded had Trinity use an ssh exploit, while Elysium had the Deus Ex Machina reboot/rewriting code written in some weird derivative of x86 assembly (and in true hacker fashion, segments of it are shown in shellcode).
I'm guessing it'll all fall down on which experts they're going to get, the real ones or the "Visual Basic GUI" dudes.
Run --> cmd
Read "Physical Address" for the appropriate NIC.
That's exactly what he said he did. But you shouldn't need to do that if the info is also accessible from the Control Panel, and it isn't easy to relay these instructions to a regular user over the phone.
The difference is, cryptocurrencies allow you to be your own bank (well, except the loaning part) and not having to trust an untrustworthy third party.
Nope. You can be your own bank if you wish with "fiat" money, but you need to be really good in accounting. And doing a crypto currency bank, yes you can do it, and yes you can do loaning. The problem there is that it's going to be harder to collect unpaid debts.
My uncle Frank was a volunteer ambulance driver in Spain when Hitler was testing his new toys. Forgetting their sacrifice borders on criminal behavior.
Indeed. May I remind you that the US and the rest of the Allies gave Francisco Franco's regime a free pass? That's the same guy who asked the Third Reich for help, which was given in the form of said toy testing.
The Allied Victory, by the way, was also shared with the USSR, which pounced Nazi Germany from the East as well.
I wanted MSFT's failure to be massive, and these changes are probably going to stop the Xbox FAIL boat from leaking. If only Sony hadn't made PS+ mandatory for online gaming, MSFT might've just given up on Gold-for-online-play as well. But at least it does show that mandatory Kinect, mandatory Gold for stuff you're already paying for is a no-no in the gaming market. And of course, the stupid secondhand-banning DRM as well.
I wonder if the Kinect-less XB1 will silently replace all the unsold ones gathering dust in the stores?
Why does a joystick need so many pins?
I'm guessing you've never seen the first gen joystick connectors? They had a lot of pins.
But the RFC1918 addys were needed … for IPv4. IPv6 added the link-local and site-local addresses, in addition to the global-scope addys. You can, and should, use the local addys for most internal networks stuff, while the global ones are supposed to be used only for internet-bound traffic. Even Microsoft has got that right, with Windows stuff using link-local whenever possible.
I'm not quite sure why site-local was deprecated, because that was basically RFC1918 for IPv6. But something similar was drafted for private addresses anyway, so it isn't like the need isn't covered already.
I remember a specific command I could use in Solaris 10 to set up my own preferred device ID when using SLAAC. Can't remember the exact command but it was something like
ifconfig en0 inet6 token ::1337:b00b:cafe/64
you had to put something akin to this on the hostname6 file for it to persist across reboots. The end result was that even using SLAAC you would get a "static" IPv6 addy with the added benefit of having all the IPv6 routing configured automatically.
Sadly, I haven't seen if this is possible on Linux.
NAT is an abomination in the world of IP and should be thrown away. It only exists because we were running out of IPv4 addys and needed a quick fix while IPv6 came out. Of course, IPv6 itself is now 15+ years late in being globally deployed so NAT has become a "given" everywhere. But it has damaged the network mindset of at least one IT generation, which now thinks that NAT is extra security. It isn't.
The reason most people think NAT adds security is because every NAT device is also running a firewall that blocks incoming requests as well. But the added "block by default" security can be implemented even without NAT. This myth should be put out to pasture and the real internet concept of "every node reachable in the net" should be reinstated. Sure, for all means you should have firewalls to block unwanted access to servers in the backend, and servers that don't need internet access should get only private IPv6 addys. But no more NAT voodoo tricks please!
I remember some security firm taking over a botnet but they argued that telling the botnet to "self-destruct" or uninstall could cause unintended consequences in the infested PCs so they didn't do it. I'm guessing that it had more to do with "I don't want to get in trouble with the law" than actual problems.
If they're using RC4 they're doing it wrong. Not just because RC4 has been deemed possibly crackable or exploitable, but because they shouldn't be using symmetric crypto for these things. Oh well, better for us as it's going to be easier to shut down these things.
Nokia the non-MS-Borged company might simply resume work on Harmattan and have that as an EU OS for mobile platforms. Or reacquire Symbian from Accenture. That would give the EU a non-US OS. And the rest of their operations? Simply base 'em off Linux.
Anybody who could've had issues with the Snowden leak was already wary of US-based services thanks to the PATRIOT Act. And then there are the warantless SWIFT data grabs by the US, while SWIFT did side with the US on that issue, they subsequently moved all EU banking data and processing outside the US.
By the time Snowden leaked the NSA/PRISM thing, the possible clients had already been scared away.
We theoretically could solve the issue with PKI, but even "type down this password on your device" is too much of a hassle for non-techies. Interestingly, the one place where I've seen PKI used for "public" WiFi access is at DEF CON, but then that's because you know most people going there are going to be tech savvy to boot. And the one thing that was made to do this easily (WPS) has the stupid PIN method which can be cracked easily, thus the method being disabled by anyone tech savvy these days...
Downvoted for liking something.
Happens all the time. Though it's usually harsher when the "liked" thing is rarely liked by people who aren't shills, or are outright splitting the world into X and Y brand. See the iZombies that dismiss non-iZombies as either "Windows fans" (on PCs) or "Android fans" (on Smartphones). The OP explicitly said "down voted for not praising Android" … where are the other mobile OSen?
"Cue downvotes for daring to like something that's not Android."
Nope, you're going to get down votes for liking WP8. Symbian, MeeGo and Harmattan had their appeal, and any of those three (even Symbian) could have made a far better competitor to the iOS/Android ecosystem than measly WP. That thing only succeeded in killing Nokia's market value and market share, from being the worldwide #1 smartphone market share platform to being the one in a neck to neck race with BlackBerry to be the one just above the "Others" category. And given the awful talk from actual WP owners vs. iOS/Android/BB/Symbian handset owners, I doubt they'll gain ground at all.
At least it seems we're finally watching the MS empire slide down. The Xbox1 is losing the next-gen console wars, Windows8 fails to gain traction, WP8 seems to stay stagnant and the Nokia X seems to be the hottest stuff in the now renamed "Microsoft Mobile" division has to offer...
Ray LaHood was proposing installing exactly the same kind of device on all cars. My argument against that back then seems to be the same reasoning behind this fine: blocking calls like that also blocks emergency calls, and that's a big no-no.
The purpose of a patent is to protect an invention, allow a monopoly for a limited time in which the inventor can profit from his invention … and document the exact thing being patented so that anyone can build the invention themselves. During the patent's validity, anyone building the patented product has to pay the patent holder a fee, to be set by said patent holder. Once the patent expires, the invention is fully documented as to be useful to the rest of the world.
Vague patents are thus useless in this sense. They must be struck down.
Ok it can see cyclists doing turn signals. But the real question is: how do they handle motorcycles? Lane sharing is legal in many jurisdictions, but has some restrictions in others. For example, here in Mexico City you can't lane-split unless traffic is stopped or moving veery slow according to the Greater Mexico City traffic rulebook. So a self-driving car should know that it should yield to a lane-splitting motorcycle if traffic starts rolling. It should also detect motorcycles quickly as to not swerve into/against a bike running on the adjacent lane; humans do that every now and then, I'd be scared shitless by robo-driver failing to detect me! Some automated toll booths already ban motorcycles because their sensors don't detect us; I've also read about "smart" street lights in the US that detect cars to pre-empt green lights but fail to detect motorcycles. Sorry, but I'm very skeptical on self-driving cars unless they're given dedicated lanes to run on.
I'd think that the ET dig is because it was the first time a game flopped so hard, the manufacturer had to do this dump. Then there's a certain curiosity to find the game that was so bad that it not only bombed, it brought down the whole video game industry into the Great Crash of 1983. To put it in more recent history, this would be as if Battlefield Earth had sent all Hollywood Studios into bankruptcy.
Then again, ET is probably 'buried evil' in this sense. Microsoft funded the expedition, maybe that's why their Xbox1 isn't selling?
It proved that the Atari ET cartridge dump was real. But it seems that part of the myth was indeed untrue, as the cartridges aren't crushed. Maybe they couldn't crush them all?
They'll probably add the Xbox1 there as well. And the now defunct LucasArts will probably want to bury their unsold copies of Star Wars Kinect as well...
The "under 13" thingy means they're using that stuff for marketing purposes or selling your info for marketing. Oopsie!
Most mobile games are of the arcade variety because they fulfill the "kill some time" requirement. Back in the day, it was more about who could set a high score on PacMan than beating the game, thus the infinite never-ending nature of PacMan. Many of the mobile games like Flappy Bird cash in this concept, especially as many of the 80's arcade gamers are usually the same people carrying iSlabs these days. And when they fire up games, they're usually trying to kill some time.
Actual games, the ones made for consoles have evolved far beyond the good ole Pacman days.
Indeed, Pac-Man Championship Edition is closer to the arcade experience and IMHO, it's far less frustrating in that sense. It was also the one game I could play during my 2 month one-armed handicap period (motorcycle accident, clavicle fracture. immobilized right arm, very annoying!).
One thing I like about El Reg is that they slam everyone. On the ebook scandal, its sad that the publishers didn't get to foot the harsher bill but then Apple could've had it easier if they had entered the deal as the publishers did. They knew they were wrong, otherwise all five publishers wouldn't had wimped out...
No they didn't. What they did is write their own wrapper around malloc so that they could cache memory instead of releasing it.
Hm… this could be interesting. If they have a wrapper around malloc(), they could theoretically zero out recently allocated memory before returning the new pointer to the caller. That would render Heartbleed (and any similar attack) useless as the whole allocated bunch would be full of NULLs wouldn't it? I'd fill it out with 0xDEADBEEFs but that would probably be more costly to pull off...
It's even easier: They're giving vanilla Win8 the Vista treatment. IIRC Vista was EOL'd shortly after 7 came out. Probably justified as Vista remained in the under-10% range for most of its life, and 7 was basically "fixed Vista" so it made more sense for businesses to simply upgrade to 7 as "compatibility issues" weren't a problem if you already had Vista.
Will this new update bring up the Start Menu? At least it seems that TIFKAM apps now get windowed mode...
Says the people who would have recommended the noSql solution in the first place.
I use a lot of open source stuff. Yet I would never recommend NoSQL for the same reasons these dudes switched to PostgreSQL: it's got issues. Never mind that NoSQL's name itself shows the real motive behind most of those "newfangled" DBs: they're built and promoted by crybabies that hate SQL so much they made their own DBs that don't do SQL or ACID. The same kind of crybaby attitude made me switch back from MySQL to PostgreSQL, as MySQL's documentation couldn't stop whining that transactions and foreign keys were for losers or lazy developers, we won't implement them ,yadda yadda yadda. (Ironically, they had already added the multi-engine support and InnoDB did support all those things. Yet the documentation still had this baby rant.)
NoSQL stuff has its place. But devs should really see if they need it or if they just have relational data that doesn't need those other things. It'll pay in the long run. :)
Nice to see reuseable stuff being tested. I've always thought that one-use rockets are a stupid waste of money. At least the Space Shuttle was mostly reused sans the fuel tank...
Most people definitions of "simple" mean something like a 10 line script sending one or 2 strings down the line. Not 300 lines of code doing challenge response.
Are you a script kiddie? I didn't get ROP but I do know what ASLR is. And indeed the script is simple as the only thing it does is send a malformed package (the phony heartbeat request) and get the juicy bytes in response. Compared to the weirdness usually involved with exploits like stack smashing/injecting shell code, it's pretty straightforward.
I have to concur with Rackspace, even when that means I don't get super cheap virtual servers. Price wars are good for us, but if nobody stops at some point it becomes a bloodbath where only those with deep pockets will be able to survive.
As far as my experience goes, Rackspace does have pretty good uptime and support, and its pricing is still within the decent range. They're now offering IPv6 and extra "storage blocks" which seem to be just extra virtual HDDs. My only complaint in the earlier days was that you had to up everything, not just the HDD space if you needed more. This seems to no longer be the case and that's good.
Haven't been able to do AWS as they don't do CVV2 validation and all my cards bounce because of that; and Google is one company I just don't trust for private data. So I think I'm staying on Rackspace Cloud even if it is now a bit more expensive...
The main issue that caused the whole controversy is that he was appointed CEO. For years he was CTO and nobody peeped a thing about his donation on Prop8. But the moment he gets into the CEO chair, he's able to manage donations for the Mozilla Foundation. Which means that coupled with his beliefs, he theoretically could have started making Mozilla give donations to groups like the "Kill the Gays" organization that caused the Chik-Fil-A controversy last year. In fact, that other scandal was uncovered because of that company's CEO speaking against same-sex marriage, which led to LGBT groups checking out where Chik-Fil-A donations were really going.
On the other side, Eich doesn't seem to have had the intention of steering Mozilla into 'fund the crazies' mode, so the pressure on demanding his resignation does seem to be overkill. His whole contribution was a relatively minor one, and it was made years ago. Views have changed in the years between, what some people did a couple of years ago might not be indicative of what they think right now. Maybe Eich's "mistake" was not to say he's no longer against same-sex marriage… but that was probably not a good reason for him to be pressured into resigning.
My parents were told by my psychologist about games that were so hard they were more frustrating than fun would just cause frustration and that this was a known thing. Kids playing these games would start going frustrated, then start getting violent fits o' rage with these games.
We're talking about the Atari and C-64 era. I'd say these effects are probably well documented since the 80's but not everyone got the memo...
"If 85-90% of business used *nix there would probably be 85-90% of El Reg's readers using *nix."
Or they're using Unix stuff, just not in the desktop PC's.
Adding an encrypted V2.0 TCP-IP stack is perfectly doable, just like adding IPv6 support.
We already have it, it's called IPSec and its available in IPv4 and IPv6 flavors. It is kind of a problem with IPv4 thanks to horrible things like NAT and the fact that moving around means your IP is always changing… but theoretically IPv6 should simplify a lot of things and thus IPSec over IPv6 is easier to pull off.
But server-to-server comms can be secured via IPSec...
I have a better proposal: just KILL that freaking systemd monstrosity!!! Go back to SysV init. The whole thing is causing more headaches than actually solving stuff. There's also that 2048 character password bug where typing in a 2KB password will get you on. Come on!!!!
Not surprised that the resident MS shills are slamming the article or quoting FUDy extra costs. It's becoming predictable...
The Nokia got 0wn3d, but it seems the BlackBerry didn't. Maybe BB should capitalize on this? They've got "we're the only one authorized to operate on the DoD networks" but adding "NSA proof" has got to give them some extra points.
The one video I did see of one of these Teslas catching fire was the one in Mexico. The dude crashed its way doing something near 200 km/h, went over a bridge, crashed through the railing, crashed down to the street, then plunged into a fountain or something like that before crashing yet again. Yet the driver managed to get out and run away from the scene before the car lit itself up. I'd like to see a regular car take that much abuse and not catch fire!
Seeing as those are both by miles the market leaders in their fields, the answer would undoubtedly be very few extra ones on Linux...And why would you want to - all those extra Linux security patches to integration test - not fun.
Ah, the MS shills are fast to react. As ACs yet again.
I'll give you a point: Exchange doesn't make much sense in Linux as it depends on Active Directory, MS's take on LDAPv3 and Kerberos5. But there are quite a bit of systems that can do what Exchange/Outlook does and they only require an LDAP server. And they're pretty secure as it is. On security patches, no platform is free from that. Especially Windows.
It depends on which 20-somethings group you're checking. Even 30-somethings. I've mostly retreated to Netflix (I'm 32) because I am rarely at home so I don't see the value in having cable TV, and Mexican OTA programming is awful. Series on OTA lag so far behind current seasons that the teens and 20-somethings are simply watching 'em online instead.
I really really know that I'm mostly using my TV as a PS3 screen most of the time, the exception being late-night TV when some interesting (but sadly, cancelled in the US) series show up.
Seen this at least a decade earlier with Hushmail. If you use the Java-enabled version of their service, encryption takes place on the client. The private key does reside in Hushmail's servers but it isn't decrypted on-site as long as you're using the Java-enabled version of the service.
Sure, the client code is stored on the server and could be tampered (and this being the NSA, they might even have a valid cert to sign their tampered code as well) but the logic's there.
What this MIT stuff does is something I've already done at least once for secure cloud storage. Somewhere on my 'land of dead project code' I have a piece of Java code that uploads stuff to Rackspace's Cloud Files storage but encrypts it in-transit and adds the key to metadata … said key is encrypted with someone's public key. Thus the data can be only decrypted by someone who has the corresponding private key. The concept isn't groundbreaking at all and anyone who is security conscious has been doing this for years. At least one employer basically crammed sensitive data inside a TrueCrypt portable drive and uploaded that to the Cloud Storage service du jour.
Looks like using Windows for ATMs doesn't sound as bright right about now.
I have always been miffed at this, especially given that I have worked at certain banks (yes, MEXICAN banks) and most of them snub Windows for everything else. But the ATMs are on Windows, no surprise they're getting 0wn3d on the ATM side.
Oh well, beats having the whole ATM stolen, which happens every now and then.
Heh. Been a while since my country appeared on El Reg, and I'm not quite surprised it came up with an ATM slurping malware bit. But it does confirm that I was properly annoyed when I realized they had switched from OS/2 to WinXP on ATMs … and I was thinking "geeze, we shouldn't be putting that OS on ATMs!"
Being neck-deep in debt does mean you can actually have negative wealth. It's a basic concept few people grasp, otherwise we wouldn't have so many people who go broke as soon as they spend more than a month without a job.
And not all people in debt are using their CCs to buy useless crap; some have to do so to survive.
So the "news" is actually hearsay. Haven't these rumors been doing the rounds for a couple of years now? And yet, Blackberry does seem to keep the edge on security, being the only ones with "Authority to Operate" by the DoD. If the White House were to switch smartphones, they should use their own NSA-approved Sectera Edge handsets, instead of going for stuff from other parts of the globe. At least most of my Blackberry handsets are made in Mexico, which at least is within the US's vicinity vs. "somewhere in China".
Dear MS shills, if you're trying to pass off as actual users, stop using the AC flag.