Re: Re: Warmist

@Chet Mannly:

Like most FUD-merchants you repeatedly pedantically pick over the words of some one commenting on an issue rather than addressing the actual issue itself - because you have no *evidence of merit* to challenge the actual issue.

Picking apart the words of Prof. Phil Jones from a BBC interview or Audrey S. Thackeray here does not alter the fact that the BEST study (the most comprehensive and rigorous review of recent temperature data) showed that the planet continues to warm.

Add to this the recent NASA studies that demonstrate that it is non-condensing greenhouse gasses (CO2, methane, etc.) that are the major root cause of warming, in contrast to the amplifying effect of water vapour, and your alleged "open mind" is exposed for what it really is: denial by FUD.

re. re. The answer is obvious...

Quite right - and going on from that the most secure protocols are those that are open and used billions of times every day as then the inevitable flaws will be found and fixed.

The alternative is a bit of closed source code knocked-up by your bank who have a vested interest in claiming that it is secure and will use expensive lawyers against anyone who claims (or even demonstrates) otherwise. See Bagged and tagged's post above and the link to the truly excellent Light Blue Touchpaper security blog.

Give me a secure open source OS and a secure open source browser every time.

*ARF-ARF*

Gutted I missed that - well done sir, award yourself a pint!

G+ a "suburb service"

I never thought of it like that - marvellous Freudian typo-profundity!

Indeed...

"Of course, it's a move that also means Google can finally start to plump up those user metric figures over at Google+" - the cynic in me interprets that as: "fluff the stats to pump our share price" al la Farcebollocks > $50bn nonsense.

Still Gmail, Docs, Android integration, Maps/Street View, etc. remain handy enough to sacrifice a chunk of one's privacy for. However I won't be sentimental if & when alternatives like YaCy mature and we can leave the Chocolate Factory behind. Glyn Moody had some excellent thoughts on this recently: http://www.h-online.com/open/features/What-should-free-software-do-in-2012-1401813.html

LVM is not what *YOU* think it is - it *IS* aggregated storage

Try to engage your brain before you call someone else stupid. Yes we *ALL* know that mounting disk partitions in a filesystem is not aggregated storage.

Look up LVM - Logical Volume Manager. If you don't know how to use Google here's a link: http://www.centos.org/docs/5/html/Cluster_Logical_Volume_Manager/

LVM *IS* aggregated storage, it *IS* used in enterprise storage solutions, it has been around in Linux since the late nineties and has been a mature product for 5+ years.

Because Micros~1 doesn't want to slip more than ten years behind Linux?

The kind of features they are including with their "new" file systems put Windoze on a par with Linux in the mid-noughties as opposed to NTFS's equivalence to the mid-nineties.

Aggregated storage? Jeez! Amazing! I forget how long ago I first toyed with LVM on Linux!

So we may have to use our Windoze VM for a while to retrieve data from borked ReFS storage while waiting for stable kernel drivers. No biggie.

Correct me if I'm wrong...

...but my impression (admittedly from a rather old TV programme about Soviet phage research and use - Horizon from the late 90s?) was that the major advantage of phage therapy with reference to bacteriological resistance was that the phages, being DNA-based organisms themselves, were also capable of adapting by random genetic mutation to changes in their potential host bacteria.

It would seem to me that the approach of the Israeli lab would be one that the drug corporations would be happy with ("Don't worry, we can genetically modify a new phage for that and charge you an arm and a leg for it!") whereas the Soviet approach was much more low-tech and capable of being reproduced in local medical facility labs: the cataloguing and storage of collections of evolving phages used to treat infections prominent in that locality.

However good this "endless supply of ammunition" is, it is the way in which it is used that will determine if it benefits the rich few who are already over-treated or the large majority of humanity who are genuinely at risk from infections like TB or simple infected wounds.

As I said I'm not a medical professional in any way, I'd appreciate some enlightenment on this. And Wikipedia is down protesting SOPA! Panic!!!

More to the point...

...what is "spruiking" (Playmobil reconstruction?) and is it illegal back here in Blighty or just in the colonies?? Get the Reg Vocab Crime Desk on it, we should be told!

AMD could try ramping production too

Have you tried to get hold of A8 APUs over the past few weeks? Rare as rocking horse poop! Having built a box to order with a Fusion APU they seem to me to offer excellent value for all-round use but if AMD can't meet demand Fusion is not going to save them against Intel in the desktop market.

If a tree falls in a forrest...

...that man may or may not be wrong but he certainly cannot spell!

What hardware?

I have a Fedora 16 32-bit VirtualBox VM running Gnome Shell on a 4 year old Linux Core2 host with an equally old ATI card so I'd be surprised if it won't run on much newer hardware. It did take a little tweaking with help from the Fedora forums but it wasn't uberpenguingeek stuff.

Maybe these links will help:

http://www.fedoraforum.org/forum/showthread.php?p=1521005

http://www.fedoraforum.org/forum/showthread.php?t=269151

No effect on VMs

VMs don't see the physical BIOS and the physical BIOS doesn't start the boot process for VMs, the BIOS for a guest OS is virtualised by the hypervisor. Some virtualisation software like VirtualBox give the option of a virtual UEFI BIOS and it seems likely that they may offer the *option* of a virtualised secure boot. However M$ does not have the whip-hand over companies like Oracle and VMware the way it does over x86 OEMs so it's hard to imagine them upsetting a large chunk of their user base by effectively locking out Linux et al for no tangible benefit.

Even so this is no reason to accept the Beast of Redmond trying yet again to pull a fast one in using its monopoly position to undermine competitors.

DNSSEC doesn't fix the flawed trust model of the CA system

All you are doing by including certificates in DNSSEC is transferring your trust from one centralised and largely unaccountable group of organisations to a (partially) different group of organisations.

Say it was VeriSign that got hacked instead of Comodo and certificates for paypal.com were stolen, you're pWn3d under the CA system when you think you're logging in to PayPal. So let's get our certificates via DNSSEC and we're safe right? Wrong - because the TLD .com is administered by...well done: VeriSign! You are still pwn3d.

We need to start with a completely different trust model, one where individual users can genuinely decide who to trust to verify the authenticity of sites and can modify who they trust without vast swathes of the internet blinking out. Something like Convergence and its flexible notary system is what we need.

Additionally DNSSEC is something that would be of benefit in its own right without being over-burdened with certificates. Trying to lever this additional functionality into a system that has failed to be implemented for years already can only delay its widespread adoption even longer.

M$ Sockpuppet?

To say that Safeboot is not M$ mandated is technically true but effectively a big fat lie - due to M$'s monopoly position in the desktop OS "market" and consequentially disproportionate influence on OEM & motherboard suppliers.

@Giles "FUD" Jones

Astonishing, Giles! Who knew that 40%+ of worldwide smartphone users love hacking their phone from the CLI and re-coding the apps?? And that less than 5% of smartphone users have the good sense to buy a WinMo phone that "is a tool to do a job"?

You and Mr Ballmer are whistling in the market share wind, becoming a gale as WinMo rises without trace.

Open eyes --> yawn --> nose --> coffee cup --> sniff. 'Nuff sed.

True, but there's no Trust 'ere...

As usual for Trusteer "security bulletins" the only mitigation they suggest is the use of their software. In this case they are fairly subtle about it:

"The only way to defeat this new attack once a computer has been infected with SpyEye is using endpoint security that blocks MITB techniques."

However, even if this is more subtle than their usual "BUY OUR SOFTWAREZ NOW LUSERZ!!!" (directed at the banks with the cost inevitably added to our charges in the long run), it is at best a questionable claim. If one's PC or other device used for on-line banking has been pwned then the use of MITB social engineering techniques is the least of one's worries.

Trusteer? Nope.

That's a rhetorical question, right?

The only reason we know about this tiny insignificant bunch of mindless haters is that media types have wet dreams about them and punt them to the front page: a symbiotic relationship between two groups of people who share a similarly slender grip on reality.

Third-rate hardware...

If Apple added everything you wanted to the phone you might end up with an Android from HTC, Motorola or (lawyers rub your hands with glee) Samsung

@Micky 1 too

Hahahahahahaha! HAHAHAHAHA! AHAHAHAAA!!

I expect you're using Safari on a Mac so you don't need something like NoScript because your software is impregnable...err...wait a minute...

Back to the main topic, this is actually a good news story. All of the smaller players are gaining ground against the leader and no-one is in a monopoly position. This tends to keep them honest so nearly everyone benefits, even IE users, poor innocent saps that they are.

Forgive me if I'm teaching granny to suck eggs...

...but can you not unpack the plugin XPI file and edit the em:maxVersion tag in install.rdf? Of course there may be a more fundamental reason why it doesn't work with FF7 but I would have thought it's worth a try. And naturally this is unlikely to fix the attachment upload problem.

There are bound to be problems with Convergence at the start, as elegant as the idea is it is still a massively ambitious undertaking to turn the net's trust model on its head. Personally I think there is a responsibility on those of us that recognise the problem to actively participate in the solution. That may be just using the plugin, feeding-back issues to the devs and possibly running a notary but every little helps.

@Ken: No, the sky is not falling...

...but the current trust model means that we are perpetually at risk of a weak link (like DigiNotar or one of the many Comodo resellers - and by the way DigiNotar was a wholly owned subsidiary of Vasco not Comodo, the Comodo hacks were back in the Spring and beyond) being broken at which point many thousands of end users are likely to get burned in some way.

You may be lucky and simply lose a few hundred notes on a TV that you thought you were buying online. Or you may be unlucky and your government decides they don't like the e-mails you've been sending and arrange a blind date between your genitals and Mr Mains-Cable in a cosy cell somewhere.

And no you're not being stupid, those involved in the CA system are as tight-lipped about the risks as the banks are about card fraud: "Nothing to see here, everything is fine, carry on spending" - because it would hurt their profits if they actually dealt with the problems. On the other side the mainstream media seem blind to this issue: maybe because it's a bit technical or perhaps because they're all iPhone users and they've been told by Saint Jobs that they're safe.

But if you trawl around the geek press and places that focus on security it's all there. El Reg's coverage is pretty good, Heise Online (http://www.h-online.com/) is good and Bruce Schneier's blog (http://www.schneier.com/) is excellent. On this particular topic Moxie Marlinspike's presentation on the CA trust model is a must: http://www.youtube.com/watch?v=Z7Wl2FW2TcA

Destroy All Monsters: try reading the article in the link

(i) The world price of helium is artificially deflated by an act of the US Congress *forcing* the sell-off of the USA's strategic reserve of helium by 2015, i.e. flooding the market regardless of demand and price;

(ii) We *cannot* make helium, terrestrial reserves result from the radioactive decay of elements in the earth's crust: we have almost exhausted 4.6 billion years of production in about 100 years;

(iii) Helium is essential for all sorts of things that you probably approve of (if only you took the time to find out): MRI scanners, the LHC, keeping deep sea divers safe, making rocket engines viable, geoscience and solar telescopes.

Oh but yeah...you wanna have cheap helium-filled balloons at your overclocking party, silly me!

Naughtyhorse: Get back to mom's basement...

...and when you get that brain tumour 20 years from now from playing too much CoD on your overclocked processor let's hope that there's still enough helium left for an MRI scanner to save your life.

Collect your Darwin award as you skulk out.

Or...

"Your PC ran into a problem that Windows couldn't handle, try installing a non-legacy operating system."

</troll>

Here's an idea...

...like...you know...turn it back into a laptop again...erm...for free. It's trivial and if you partitioned your hard drive with a separate slice for /home it's even more trivial.

Surely that's one of the main reasons we love Linux and FOSS: we are free to pick and choose the bits we like and don't like and it's pretty straightforward to do so these days. Don't like Unity? Try Fedora. Don't like Gnome 3? Try Mint or Debian or the still excellent Umbongo 10.04 LTS. Don't like all the extra software? Xubuntu or Lupu or...so many to choose from!

Canonical have done good things for Linux but they are not Linux by a long stretch. Pick the bits they do well and spend the rest of your time finding other cool stuff to work with it rather than moaning about it. Linux: ROCK ON! :-)

@bazza: E-V-I-D-E-N-C-E

Unfortunately you are using the logic of the Daily Wail that leads to things like every known substance being declared both a cause of and a cure for cancer.

Actual studies based on what happens in the real world show that bugs & vulnerabilities in OSS are fixed significantly faster than in proprietary code. End of.

And as for your bizarre statement:

"Linux is a hodge podge of competeting ideas that has met some success in certain areas (servers) where this doesn't matter too much"

Yeah, those servers, they don't matter much, no point them being secure and reliable, it's not like they deal with anything important like financial transactions over the internet...hey...wait a minute...

Or a big fat fail for BOTH Apple & Adobe...

Both have been arrogant and treated their users as if they are cannon fodder with which to fight their pathetic corporate squabbles.

Adobe expected its various semi-monopoly apps like Flash and Photoshop to last forever regardless of their willingness to ditch/piss off chunks of their user base on a whim. Likewise Apple will brook no criticism, however constructive, of its products' failings or its arbitrary attitude towards other vendors that its user base find valuable.

A plague on both their houses.

Summed up very nicely,..

...that terrible Prof. Jones dismissing ***OPINION*** voiced against the overwhelming ***SCIENTIFIC EVIDENCE***. It's a bleedin' outrage! Call the Daily Heil now! And so what if most of that opinion masquerading as science if funded vested interests making billions from carbon-based fuels?

And, Andrew, as for your collection of ad hominem quips against Steve Jones and your final hyperbolic nonsense about the possibility that the Tories would be able to close the BBC, you can do so much better.

Shit...I blinked and M$ took over the world...

Yeah you can just hear all that chatter from Redmond not caring about the tiny minority of developers working on iOS/Android for smartphones and tablets and the tiny minority of developers working on Linux for the cloud and the web. And anyway all this stuff about mobile devices and the cloud will never catch on.

And then you woke up.

Simples: at any one time roughly 12% of the population are twats...

...and therefore at some point there is a very good chance that they will begin to use Twitter.

Not that *THEY* aren't watching you...

<evil_laughter>