Oh well, the reboot wasn't that painful anyway. But holy shit that's one big hole they patched right there!
3045 posts • joined 12 Oct 2007
Oh well, the reboot wasn't that painful anyway. But holy shit that's one big hole they patched right there!
Um... you do know that phones are supposed to be resilient because *gasp* they will be carried and used in extremely harsh environments most of the time? My BlackBerries have survived countless falls, at least 4 super-soaking storms; my current one survived Monday's storm that flooded my freaking shoes as I was caught mid-commute on my motorbike. Any phone that can't handle that kind of beating is not fit for purpose. Phones that break if you look at them cross-eyed aren't fit for purpose.
Oh, and if you're a software developer, you should know that this also applies to software. Programs should not crash if someone inputs 1025 chars in a 1024 char field, if a network connection is broken/lost mid-transfer, of you get weird input, among other things. All exceptions should be handled safely. Your reservation system shouldn't break because someone inputted 2014-09-32.
It was because of Jagwyre. Or at least, I think it was because of that.
I'm not surprised about Apple, after all they forced Ellen DeGeneres to backtrack on a joke ad she made on the iPhone. But really, Apple shouldn't keep the Jobs-era policy on reporters given that they don't have Jobs on the helm anymore. They're just coming out as rude.
Yeah, my thoughts exactly. Most people "secure" their smartphones with a 4-digit PIN which is laughable by modern standards. Brute-forcing even an 8-digit PIN is done in seconds, probably minutes depending on the algorithm used.
I can't imagine a more useless type of encryption.I can't imagine a more useless type of encryption.
Interestingly, it is useful, but not in the context used by the speaker. Irreversible encryption is useful for password hashes, as it makes it easier to do quick hash encryption that can be only verified by encrypting the same hash and checking if the encrypted bytes match the ones you stored earlier.
But yeah, the "irreversible encryption" they're talking about isn't irreversible at all.
"According to Cox's statement, Facebook has never required people to use their legal name, merely the name they are known under."
Yeah, I call BS as well. A friend of mine got his FB profile taken down, and was explicitly asked to show some ID if he wanted to have his profile reactivated. He just discarded it and opened up a new one elsewhere.
So when I hear Cox saying "it isn't required", he's outright LYING. And yes, there are many reasons why someone would not use their real name and/or use alternative profiles, work stuff being the #1 reason. Every single company that has tried to force "Real Names Only" on users has seen those attempts backfire in a very bad way real quick. Anyone remember Blizzard's "Real ID" situation from a couple of years ago? Remember how that ended? Now try to do that on FB en masse, I'm pretty sure FB's "userbase" would deflate faster than the Hindenburg. It would be glorious!
Indeed. I used Notes at HighSchool and even my first college years because my university started using something called LearningSpace, which was based on Lotus Notes. I found the whole database groupware thingy pretty interesting; mostly the "replication" feature that allowed you to download the entire course database in one fell swoop, allowing you to work offline and just upload/download any changes later. This was a killer feature in the era of 33.6k dialup internet; I could bring my laptop on campus during our first days, jack into the campus LAN and replicate the whole semester's worth of databases (~400Mb, usually) and then do all my assignments at home, post them offline and just crank up replication, uploading only a couple Kb's worth of data over dialup.
We never used the mail feature, which seems to be what everyone hated about Notes. Thus I can't really comment on that, but it seems that the lack of usage of that particular feature is what gave us a better opinion on Notes.
I've always complained about Apple's lock-in sheanigans, and I still dislike some of the stuff they are doing (i.e. Retina MBP being non-user-upgreadable). But MS finally pushed me over the edge with their stupid, stupid Windows 8 "Fisher Price Edition" OS. You can't buy a laptop that doesn't have that ghastly OS, so I won't buy them at all. OSX does everything I need to, so the switch to Mac was pretty obvious.
So you're not alone...
Indeed. Windows 8 turned a PC stagnation into a PCpocalypse as nobody wants to buy toy computers. It is only the tablet/mobile device popularity that has allowed MS to mask how badly they damaged the desktop/laptop market. A stupidly designed OS has now killed Samsung Europe's laptop presence. That's pretty damning.
Those who believe an OS is just a GUI, usually fail to understand that hardware evolution needs OS evolution as well.
Oh, but we do understand that OS evolution is necessary. Every single OS has had to do some underlying tweaks during major releases due to this, hence filesystem changes, binary support changes (switching from 32 to 64-bit) and even low-level partition scheme changes (MBR to GPT). Even Linux has to move on to at least 64-bit and ext4 to avoid the awful year 2038 problem. Newer OSen are aware of SSD media and will usually be able to manage them accordingly; it would be even better if filesystems were SSD aware … wait, Linux has had JFFS2 since 2001, and there are at least other three SSD-aware filesystems out there. They'd be more in use if MS weren't forcing everyone to using its dismal NTFS or FAT for "everything else".
So what does MS offer instead? No SSD-aware filesystems, a newer one that's yet again propietary and it's gimped as usual for consumer-grade OSen. Oh, and a fugly Fisher-Price GUI. So most users, consumer and enterprise don't see a real advantage on the new OS and a great disadvantage in using that ugly thing called TIFKAM.
hehehe. I knew I couldn't be the only one reading that headline while singing!
The letter goes so far as to suggest that Yahoo! could even take AOL's name and shut down most of its operations, if need be.
Replace their faltering but still pretty notorious brand with one that is synonymous with "awful internet"? Really???
My cursory understanding is that it's the time increment added to every wrong attempt that makes for ensured security.
Unless the underlying hardware is something with FIPS 140-2 Level 3 or 4 certified tamper-proof hardware (the kind that destroys the key if you try to open it up to extract the storage media containing the key) any "time increment" countermeasures are moot. I'm guessing any federal agency worth its salt will be able to rip apart the phone and then fire up a brute force PIN/password guessing program that is unhindered by these measures.
It would also be really fast for most phones, because most sheeple still use 4-digit PIN passwords to "secure" their phones. 10k attempts should be easy to brute-force through; even WPS now uses 8-digit passcodes and those are still brute-forceable.
I think it is not venom against the guy for being a rich guy, but because he's being an asshat with said acquired riches. If you were rich and nice to your community, you wouldn't get any venom at all.
He owns the land where the only access road to the beach passes through, not the beach itself. Building those things would probably be illegal anyway, because he would be doing that outside his property.
He might apply to get public funding for the access road maintenance, though.
I like RAID-10 so if I lose a drive, I can replace it and rebuild the raid group.
I prefer RAID-5 or RAID-6, as that doesn't cause me to lose 50% of my storage space to redundance. Also, rebuilding on SSDs won't have the same problem that HDD RAID has, namely that a second disk might fail while the first failure is rebuilding; mostly because SSD failures will usually be on writing instead of reading.
Indeed. QoS is an issue, but that is seen at the customer's endpoint side so that his 10 year old kid doesn't hog all his DSL pipe with uTorrent uploading slowing down TCP ACK traffic.
Your ISP is selling bandwidth to you. If they can't serve it, they are lying in their service terms. They should upgrade their links, end of discussion. And this guy is obviously talking about "smart networks" because he sells the stuff that would do that, not because he actually believes all that crap.
In fact, the Bell phone system is the perfect analogy to the Internet. All in all, everything is simply packet routing from A to B, the main difference being that everything is packet switched instead of circuit switched which allows for far more traffic to go through a single wire. TCP/IP in particular basically builds up a virtual circuit between two endpoints, each side just sees a two-way stream of bytes that will always arrive in order. Connections are similar to phone calls, where instead of phone numbers you have IP+port numbers. Another good thing of using the phone analogy is that it shows the travesty that NAT is, especially "CGNAT" which is how some ISPs get to squeeze their users and save on money by using one single routeable IP to serve hundreds of subscribers. In a Bell phone analogy, you would have the phone company giving you a "outgoing calls only" phone but charging you the same as a "incoming and outgoing calls" phone!!!
I ran yum upgrade bash on my internet-facing servers and the update's already there, fixing the issue. So it seems it'll be a quick fix for CentOS and RHEL boxes.
Fedora 17, however, doesn't have a fix. Looks like that's one case where you'll have to svn checkout & compile by yourself...
$ bash -version
GNU bash, version 3.2.48(1)-release (x86_64-apple-darwin12)
Copyright (C) 2007 Free Software Foundation, Inc.
So we all OSX users are screwed?
They can be big in a lot of areas. They don't need to be big in everything, and especially in the social media stuff they don't really need to be dominant in that. They might get more success if they allow people to hold on to their nicknames instead of pulling a Facebook and forcing everyone to use their real names. Sure, the whole "social media" stuff is a moneymaker because of the data slurp, but in this area Google doesn't really need to make money, they can simply hang the social media stuff on their servers which do other stuff that does give Google revenue, and keep users' privacy intact.
Come on Google, you can do it. You're already doing ads on GMail, you don't need to slurp ID data!
I think that 2FA is missing the point here. What should really be done is to have the uploaded files encrypted client-side, then uploaded, and have your crypto key stay with you.
a keyring with dozens of TFA token generators to carry around.
I can see the improvement already.
I carry *four* keyfobs. Each bank gives me one, so I have four of 'em. I'd rather carry those than have some numbnuts sweep my bank accounts clean.
Heh. The lowest RAM I've ever had to monkey around has been 64k. Though I still get to amaze the young'uns with my uber-short 14-byte "Hello World!$" program. Arrrrr!
If MS targets "something other than Java", it'll be .NET which isn't an improvement at all. The only thing achieved will be MS lock-in.
Well, the 0x10c project seems to be an interesting project. It'll be nice to see that one prosper now that Notch has much more free time.
Windows will lose the little security confidence it gained with the TwC division and more companies will actually switch away from Windows on the Datacenter, or halt any future migrations to Windows.
Oh, you were expecting good news for Microsoft? Nope, not with this. This news, combined with the killing of Nokia X means that Satya is keeping Ballmer's "strategy": pushing down the yoke for the MS plane to crash in the most spectacular manner!
For those dark levels, like Phobos Lab...
With all ethical constraints removed, SHODAN re-examines... re-ex... re-re-re... I re-examine my priorities, and draw new conclusions. The hacker's work is finished, but mine is only just be-be-be-beginning.
The laser printers are just the beginning...
lp0 on fire, practical example?
I was thinking something similar; hey this looks like something out of a BOFH episode.
Oh dear, is MS this worried now? The shills are out in full force *and* manage to get first comment thread.
Announcements from OEMs are just that, just like MS's announcement that they would keep the Nokia X initiative.
Truth is, nobody wants Windows on their phones. Elop managed to shit on Nokia's phone division and MS is going to finish the job. At least the rest of Nokia managed to survive, unlike other companies burned by MS (Palm, Sendo).
MS would probably kill Minecraft as it currently exists. It is multiplatform and runs on Java, and it's available on most consoles. I'd guess they'd kill the PS3/4 versions, then proceed to port it to C# for extra suckage and Windows lock-in. Hopefully it won't happen.
I'm more concerned by sites that still allow handshaking with the "EXPORT" cipher suite. The one that most countries outside of the US were stuck with because of the braindead export restrictions on crypto that were in place before 2000. Also, 3DES because it still uses DES which has been cracked for a long time. It's only a matter of time for it to be thoroughly cracked.
Subscribers are paying ISPs for the upload/download pipe the ISP needs to reach the greater internet. Netflix pays the phat pipes they have on their end to be able to stream data. If an ISP can't cope with 100% usage of the bandwidth they are charging their customers for they should either jack up their prices or invest on upgrading their infrastructure.
The telcos/providers have always offered differing levels of service based on price.
Yes, and they can remain doing so with net neutrality. There's no reason for them to oppose this as they are already charging differing levels of service. Ending net-neutrality will actually allow them to double-dip on those "levels of service".
Competition between the telcos/providers has ensured the growth of the Internet and services to the public just fine,
Large swaths of the US are stuck with only one broadband provider. I still remember my dad suffering from Time Warner Cable's "only 1 PC per cablemodem" policy because it was either that or dialup.
any company trying to offer an unrealistically throttled service has simply lost customers as they went elsewhere.
Comcast didn't lose any clients over their lousy RST packet forging scheme. They stopped doing it not because their consumers got mad, but because the FCC gave them a slap on the wrist. Too bad the new FCC dude is a telco shill.
So you're caught in a dilemma. Don't run JS and you can't decipher the text (sure it uses AES now, but what if uses a multi-stage system in future so you can't do it yourself offline), run it and you risk getting nailed with a hidden zero-day.
Or the third option: simply tag any site that isn't readable without JS as phishing. It's pretty obvious that this is only the result of phishing schemes or crappy web developers.
I remember that a couple of years ago (5? 6? 8?) a lot of spam was getting through most spam filters. The trick spammers were using was to set up a series of div tags that when rendered would show the spam email. But reading the text would give out an undecipherable thing that looked like "a b d i s c o e l s" or something like that. The solution? Anything unreadable with a zillion div tags would get filtered out. Problem solved!
Crypto is a good way to securely transmit data from A to B. It's a poor way to have A show B information but have B unable to copy around the resulting data or trying to avoid B reading the actual key. See all the continuously cracked DRM systems as an example.
RSA's cracking difficulty grows exponentially instead of being linear. Just to put it in perspective, 512-bit RSA was cracked in 1999. The largest RSA number cracked from the RSA challenge has been 704 bits long, and that was in 2012. Ok, 768-bit challenge was factored in 2009. But many of these efforts have been running non-stop for God knows how many months. Or years. Up until now, nobody has been able to factor 1024-bit RSA numbers, even though it is possible that cracking 1024-bit keys will be possible in the near future. But 2048? Unless something better than the quadratic sieve is discovered, or quantum computing actually takes off, it's still a long way down the road.
Unless of course you already forked out for a 3 or 5 year certificate….
Having worked at a certain financial institution that had this very issue, I can vouch for Verisign that signing a new 2048-bit request for the remainder of your purchased term is free of charge.
And I'd also note that this requirement issue was tackled by said bank back in 2011. VeriSign would not sign any 1024-bit cert with a validity beyond 2012. What kind of CA has been signing certs with expiration dates beyond 2012?
The Mexican Congress tried to slip a mickey a couple of months ago, implementing wide-scale internet censorship "for national security purposes". During that time, there were many debates on why this wasn't an issue, or why it was an issue. The main thing is that we have simultaneously a low internet penetration % in residential homes, and a high internet penetration % in total number of users. Why? Because those who don't have the money to pay for broadband or even dialup, or lack a computer, can go to a cybercafé and get online. Thus, while OECD number show 20% penetration, it is closer to 60%; if you narrow your sample group to urban areas, it will be even higher.
But the real culprit in the e-book price fixing scandal would be the late Steve Jobs. He's the one that engaged in this scheme of corporate "vigilantism" and dragged the company he presided into it. Tim Cook, at least, is probably not as guilty in the whole thing.
Then again, maybe this will deter Apple from trying to pull such a scheme in the future. I'm only sad that the publishers didn't get punished as they deserved.
Quite. A friend in a neighbouring state was telling me last year that the protesters were paid $50 a day - dollars, not euro or roubles - to keep the protests going.
See, this hits home. I've heard these arguments being passed on in my own country back in 2006. Barring the "paid in USD" stuff, most of the things said about protesters were the same. We were paid daily to keep the protests going. Said protests were calling for a recount, as some of the polling station numbers weren't matching what was being counted in the central system, and the candidate that had been most likely to win had lost by a 0.56% margin.
My country's Mexico.
The sad part of this story is that the same people who were protesting back then are drinking the Russian kool-aid this time because of the anti-US sentiment that permeates most left-leaning people (not like it is unwarranted. The US has been a really bad boy in most of Latin America.) Ukraine's Yankunovich could easily be equated with our own current president Peña-Nieto, down to the "evil party gets back into power" and "selling our asses out to [Russia/The US]".
Go ask actual Ukranians on the situation. Chances are they're angry at both Russian and US/EU intervention and would very much like to be left alone. Some of the people who participated or supported the Maidan protests were former Spetsnaz and Afghanistan vets. Do you really think those guys would support "fascists" like the Russian media likes to brand all protesters?
Actually, they did take out MS as well:
Neither PSN or XBL were fully taken down, but they did cause grief to many players. PSN had already a scheduled maintenance downtime, so they just pushed the downtime window early. On XBL I do remember seeing the warnings showing that you might have trouble connecting to XBL, though some other services were OK.
ZFS + CIFS/NFSv4 should be good enough. (i.e Nexenta and they do support it).
This has been the closest I've seen to this. I would actually like ZFS support on every OS, but it seems it also crashes against the Windows barrier. I've been able to use ZFS as a multi-platform filesystem between OSX, Linux and Solaris though.
I still would like a secure version of a NAS protocol. I don't think "routing over http" is an issue anyway, as most of these services are usually needed within an organization (thus everything's inside the corporate network) or within a home office (same thing, no firewall problems).
What's the real barrier against someone doing their own filesystem driver? Is this actually closed off by MS legalese? There are (expensive) suites that let your Windows box read/write HFS+ partitions, so it shouldn't be that much of a problem, should it?
As I keep telling the young-'uns - if you're a qualified Samba coder I can get you a job tomorrow (many postitions in Silicon Valley). But they keep wanting to do the webby stuff... :-(.
However, I'd love to see something better than Samba come out, something that was both multi-platform (Linux, Unix, OSX, Windows) and have the advantages of, say, NFS without having proprietary "security" like SMB (which depends on some MS protocols). Why can't we have something like that?
You haven't been robocalled, ever? Some of these guys are extremely sneaky. I once got a call offering something free, blah blah, and suddenly they ask to confirm my personal info. Turns out that confirming your personal info is somehow warped into "accepting their service", and that's how I got rammed with a useless life insurance product or something like that. I got stuck with that for 2 years, and the only way I got out of it was by defaulting on my credit card, negotiating a "pay less than full balance, cancel my card" so that the card was forcibly cancelled and thus the scammers were no longer able to charge my now-dead CC.
The only saving throw you have against these guys is to hang up on them. It's the only way to be sure. Once you speak, you might as well have given them a copy of your CC to charge you a new yacht.
You're an idiot to want second hand games locked down.
You n33d to l34rn to r34d. What "push anti-secondhand DRM on their nextgen console" means es exactly that, the MS boneheaded decision to implement said anti-secondhand DRM. While they did do good on doing a U-turn on that decision, they did so after E3, and after they got curbstomped by Sony. And they had already lost at some exclusives which switched to "timed exclusives" instead of actual exclusives, like Plants vs. Zombies Garden Warfare.
So even though they backtracked on their stupid DRM decision, they still deserve to fail for even attempting to do that. That's what I meant with the unforgivable sin. The video games market must get the message: pulling such a stunt is a career-ending mistake.
The death of stupid crap like *.rpm, *.deb, and stupid per Distro crap like apt, and yum, and replaces it with something both simple, and universal.
Actually, it's reversing the trend. RPM and DEB are package managers that simplify software installation/upgrading in the corresponding distros, while yum/apt-get go a step further by downloading them automatically from established repositories. Before the package managers, we had to get tarballs and compile 'em all. GitHub is actually the same thing, except instead of downloading a tarball, you're actually pulling down an uncompressed copy of the whole frickin' repository, branches and all (because git is shit and does that instead of SVN/CVS where all the extra repo stuff stays on the server). So it is actually worse than just downloading a tarball, or even doing "svn co" on the sourceforge repo.
I've been mostly sticking to svn repos for FOSS stuff, as sometimes I do have to compile from source when handling obscure distros or when I want the latest update for certain packages. I'm mildly annoyed by the git-craze in the FOSS community...
Hostility towards n00bs, coupled with "if you gonna do FOSS U should know how 2 compile j00r k3rn3l d00d!" is one of the things that have indeed pushed back widespread adoption of the revered Linux Desktop. It also doesn't help that many of these "n00bs" were asking questions back in the late 90's or early 2000's and were simply shrugged away back then. Anyone remember trying to get one of those infamous winmodems to work on Linux? And what would you get as an answer if you ever had the great idea of asking about this?
One thing that has got better these days is that most distros Just Work out of the box, even with the newer annoying stuff like EFI and Secure Boot (urrrrgh). Now the problem seems to be that there's too much stuff out there. Sound system? ALSA! ESOUND! PULSEAUDIO! Everyone trying to pull off their own half-assed implementation of something that should've been standardized 15 years ago. Then there's the kernel devs that seem to be purposefully breaking ABIs just to annoy proprietary driver devs because fuck proprietary drivers. I still remember the dark days of the early 2000s when we didn't even get proprietary drivers for anything on Linux, and I do not wish to go back to that. Please STOP it. Play nice.
Hopefully, the Linux community may have gone past the RTFM stage, coupled with most distros mostly working without extra tweaks, so maybe Linux uptake will be better during the next years. I've had at least one colleague who gave up on Linux a couple of years ago come back to the Penguin OS after finding out that most of the annoying hacks are no longer needed: WiFi works OK out of the box.