234 posts • joined Thursday 8th March 2007 10:55 GMT
For everyone getting het up about the existence of Java in this exploit, that is just an example of how it could be released into the wild. (If you can decrypt SSL, then you can probably add extra text into the connection to include your java)
BUT I don't think you need it.
I suspect you just need a packet sniffer and the code and away you go.
So, for example, sit in a public place with a dodgy wifi AP and everyone surfs through you thinking "haha, I'm safe, I've got a green padlock". In the meantime you've captured all their login/password information etc. Presumably you can decrypt it all at your leisure and then login to their paypal/bank account a few days or weeks later and pay yourself a little bonus.
If it takes java 10 minutes to decrypt, then a bit of nicely written OpenCL with a pile of GPUs will probably crack it realtime. That's something I'd like to see! (not on my connection)
Hard materials are harder to use...
When your material gets tougher, then it's probably more rigid, which means if you drop it less deformation and higher G for any connected components. (like the display)
The spongier materials need more thickness/weight to make them man enough not to bend/break in normal pocket environments.
All your case is just keeping a very brittle glass screen safe and dirt off the PCB. (and keeping it in one piece)
I reckon 90% of dead phones I've seen have been display breakages. As soon as someone invents a flexible display panel, this airbag patent is history.
Then the entire phone can be coated in the display instead of having a separate chassis!
(Then just need a method to wire all your internal components together with flexi wires rather than a rigid PCB.)
@ Danny 5
The scary thing about reading "Danny 5" is that he seems to believe that himself.
I am less surprised about the riots, if people like Danny, who have at least got enough brains to spell most words, think that they would have joined in the rioters.
I think we need an urgent dose of "community" lessons in school.
I like the book of "Starship Troopers" and the concept that only people who put something into society were able to get anything out of it. It did at least seem to recognise that some people were less able to contribute than others.
I'll have a couple!
I have no desire to hack FBI radio (don't live in the land of the massively oppressed) but it seems like these things are text based radio comms devices... Which could be quite handy.
Of course, it looks like I'd need to print a new box for it, the one shown looks a bit naff...
What's wrong with IR?
So, why do we have to use visible light and disturb people with the light. What is wrong with IR at various frequencies, in the same way as they are using visible at various frequencies?
I know my TV has a much lower bandwidth but it seems to work reasonably well at receiving signal from the remote even when there is stuff in the way. OK, if you block the tx/rx close to the device then it does fail, but "shadows" from objects in mid distance aren't a problem. A couple of tx/rx pairs per room, well spaced should be able to cover most of the room.
About 2/3rds of this is completely true.
The number of times I hear people recommending sub optimal solutions because they know the customer won't pay for anything more.
You've got to hit them with the gold plated option and when they decline it's their decision.
If you take the decision from them, they sue you for saying that taking a USB disk with all the company's data home every night was a secure off site solution.
Pushing people down a lift shaft for not taking holiday is probably not something I'd immediately link with that policy. Particularly as it's normally me who ends the year with 90% of my holiday allocation.
Unless they've changed things recently, kids with highers at scottish unis were expected to do an extra year before the course really got going. So a 3 year course would be a 4 year course.
I went from the England with a-levels to Scotland for a degree and found the first year was about half n half "easy" and "new".
I think degrees are too narrow focussed myself. I found after 2 years of studying electronics to what seemed to be pointless levels of detail, I just wanted to do something different.
I don't work in electronics now, but I can't imagine being able to work out the impedance of a cable from first principles AND how electrons flow through a transistor junction is going to be useful to most people. You might need to know the nitty gritty of some of the areas, where your work is focussed, but not all of it.
I'd suggest more vocational A-levels followed by something like an apprenticeship program in whatever the company want you to do, nationally recognised etc... so you could move jobs and keep your course going. AND continue that through life.
Unlike most companies I work for where you keep getting thrown new technologies and expected to figure it out because it's sort of similar to the old one you were working on. Actually have some sensible budget allocated for training. (One UK wide banking institution allocated about £500 per employee per year and then threw VMware at the Windows admin team. No surprise it was a bit of mess)
"Yes, if you limit yourself to PC gaming where the only FPS title of any note is Half-Life and an id release once every 5 years or more"
Sounds like a troll to me.
I can't resist biting though. I loved Crysis on the PC and can't wait for 2. It seems that it set a bit of a high h/w requirement which people are still bitching about now, years later.
Console ports are generally dismal. I recall playing through a FPS game and there was a cunning section where you could sneak round the back and explode some barrels in a room and kill a load of guys. Quite "entertaining" in a way. I was round at a mates and he was at the same section "here watch this" I say and what happens, no sneak entrance to the room and no barrels in it when you got there. It was like it was a different game, all the good tricky bits sucked out of the map.
Asking for service with your computer products is like asking for ketchup with a gourmet meal.
All I want is to slap down some cash and walk out with the item I went in for.
I do not want to be asked if I want an extended warranty. If I wanted an extended warranty I would have picked one up and presented it at the till, but I didn't so I don't please stop trying to second guess me.
What's next? I see you've bought a computer, would you like an extended power lead. You've bought an MP3 player, would you like an extended headphone cable. You've bought an iPad, would you like an extended penis. You've bought a webmail account, would you like an advert for an extended penis
I consider it to be sort of a disclaimer "We realise our product is crap and bet you it will fail within 3 years. Of course by the time it fails (probably only 6 months) it will be worthless so we're prepared to give you a *chuckle* 'new one' when it goes wrong"
Or get inferior and a mortgage
Apparently your local computer shop will :
"tell you that it is inferior to whatever they have in their PC at home and that they can sell you the best one if you are prepared to mortgage your house"
Unlike PC world who will sell you the inferior model and require you to get 2 mortgages.
Can I suggest you take the price you would have spent at PC world (check their website!) and quote this as how much something costs if challenged by her indoors/parents/PHB/etc... THEN go to your local shop/cheap internet retailer, buy 2 of the normal performance type and still have money for a bus fare and a pint of beer.
So who's trying to look clever now?
Are you trying to look clever by explaining all the faults in the original article?
Does that mean you're stupid or European?
Your post impresses nobody with your intellectual abilites. You couldn't even be bothered to look up the source for your quote.
Can I suggest you go back to reading something .com instead of .co.uk?
And in case you're wondering, in this country it's a "smart arse".
Won't someone think of the trees?
Consider the cost of making real books and what happens if it doesn't sell well. You print a few million copies anticipating some demand and only sell a few thousand. You've got a few trees worth of paper to recycle.
If you print a few thousand and it's popular, then you get told off for restricting supply etc...
I bet a large proportion of the initial cost of a physical book covers the risk. Compare new books costing >£10 with 6 months later when you can pick them up for under 5. I expect 5 is nearer the "real cost". So to inflate the eBook price to match the initial cost of a paper book is effectively susidising the publisher's risk on the paper book.
If they took the plunge and went all E, the prices should fall.
"Where authors and their agents sell their books directly to the consumers via an electronic marketplace"
That sounds perfect to me. Why do we need the middle men to do all the marketing BS. I very rarely want to buy a book that has been marketed (mass market trashy romance novels etc...)
I would be quite happy to pay the author directly for what they write.
They probably get a lot more cash that way than letting the publisher take their cut.
It stops being a receiver then...
If you AV receiver starts streaming video and audio then it kind of stops being just a receiver and starts being a networked media player. It will probably require firmware updates to keep up with all the new codecs etc and generally be a huge PITA for the manufacturers. Who can charge you another few hundred quid for a different box instead.
Price vs performance
Comparing aerogel with K17 you said it's twice the performance and then said with a big discount you did the room for £1500 as opposed to £170 with K17.
I'm all in favour of saving energy but comparing the £1500 with the cost of energy to heat the room, how long before it's cost is offset by the fuel saving?
Or you could loose another 4cm per wall and spend almost a tenth of the money... I think most people would find alternatives to aerogel when the bill came in.
UAC : waste of space
As far as I can tell UAC is completely useless.
"A program would like to make changes to your computer, do you want to allow it?"
What changes, where, why, etc....
There is a lot of apps that are borked by UAC and need to be "run as administrator" to work properly (like inability to create files even in areas you can create files in without being administrator)
And a lot of apps that require UAC confirmation when really they shouldn't need it.
So you get in the habit of pressing "Yes" because if you don't, you don't get to run 90% of what you want.
Next question, why does the MBR actually affect Windows? Surely you can replace the MBR with something else like lilo or grub and I wouldn't expect that to affect Windows' policy on deciding whether to allow unsigned drivers FFS.
Sounds like an easy fix/preventative would be to install lilo/grub and make sure that you see their boot screen before you get into Windows. If the MBR is changed then you wouldn't see them unless it's really f-ing clever.
Mainly because it was useless...
I had MBR protection turned on and did several tests changing the MBR, none of them were blocked.
I think BIOS writers realised it was useless and dropped it.
Doesn't happen in Sainsburys
I once leant on the partition by the till behind me's scales and was asked to move. Even though I wasn't touching the scales they seemed to get very upset if there was anything within a couple of feet.
Maybe my arse is more of a threat to accurate weight measurements than this lady's breasts were....
UPDATED NEWS : Do they care?
Microsoft issued the following statement: "Kinect for Xbox 360 has not been hacked -in any way - as the software and hardware that are part of Kinect for Xbox 360 have not been modified. What has happened is someone has created drivers that allow other devices to interface with the Kinect for Xbox 360. The creation of these drivers, and the use of Kinect for Xbox 360 with other devices, is unsupported. We strongly encourage customers to use Kinect for Xbox 360 with their Xbox 360 to get the best experience possible."
So what they are saying is that to hack something you have to change it's hardware or software. This distinction may come back to bite them/their peers.
"I didn't change your code to play that game without a serial, I wrote my own and put it in a wrapper around yours, therefore it's not a hack"
"I didn't hack my iPhone, I'm just running my own code on it instead of yours"
Obviously whoever made that quote has no clue what "hacking" entails.
Not like these modern IT companies then...
"Sinclair overdelivered on the hype and underdelivered on the execution, again making shortsighted technical choices"
So not like Windows Vista or OSX or pretty much any IT project that ever gets reported in the Reg?
Comparing the hype in the 80s with the hype these days, Sinclair was way behind the curve for hype and way ahead of the curve in actually delivering computers/etc.. that were slightly ground breaking.
OK, they may not have been 100% successful or reliable but they were generally more different than the rest than the difference between for example : OSX & Win7 or Vista & 7 etc...
Has anyone watched the video???
ROTFLMAO. The video looks like it was shot on a mobile phone and edited by someone with their eyes closed!
Wobbly shooting and clips that only appear for a fraction of a second. I'm watching in the office so have no sound, I'm guessing it's just as bad.
What a great advert...
"Folio will deliver up to seven hours' battery life, on the basis of a lot of web browsing, a little movie viewing and a quarter of the time in standby mode."
Does that mean that it will only standby for a quarter of 7 hours?
Or that they quote the battery life including some time as effectively switched off?
Why don't they claim a life of 5 hours of real usage?
Otherwise I can see this going like "unlimited" broadband <small print> with a cap</small print>
"My tablet has 12 days battery life <small print> with 4 hours use</small print>"
Go to OPSI and vote
Go to the OPSI website (listed above) and vote for those data to be opened up.
Now it's 118 and from a quick look at the list of others that's nearly twice as many as the best of the rest...
"had its internals poured over by propellerheads"
Should that actually read "pored" or "pawed"?
Or does it mean >EAL5 must have some sort of sauce poured over the source.
Which begs the question, what's the propellorheads' preferred sauce? Ketchup, Wasabi, gravy...
I don't get it
How does making people drive more slowly by imposing variable speed limits make traffic flow more freely.
Simple physics shows that if you put a restriction on a flow, the flow needs to speed up or pressure will increase until ... someone has an accident.
Lack of information
For more information check out Stonesoft's site "antievasion.com".
The only bit of real "example" of what they mean is :
"A: Technical: Consider the well known method of packet fragmentation, this alone would be caught. However, if this is combined with random IP options and a manipulation of how data is interpreted on the target, the attacker can successfully deliver a payload containing any attack."
Which means absolutely naff all to me. If a firewall is going to block a fragment, then it doesn't matter what options you put on it, it'll be blocked. If we're talking about a remote exploit, then how can you manipulate how the data is interpreted on the target? If you can affect your target remotely, then you've already hacked in far enough that the target is fubar.
They've fudged the whole issue of explaining these AETs to the community at large :
"Stonesoft is announcing the concept discovery, but it is not providing any details or tools that would arm criminals with the information needed to use these techniques. AETs are complex, and require the resources and funding that average hackers do not typically have"
Those "details" would not only arm the criminals with the attacks but also the world's security people with the defences.
Sounds like the biggest FUD scam for years!
Why is important to outsource DNS?
It's important to outsource DNS because it seems some sysadmins are not capable of understanding the difference between traffic routing a certain way because of BGP routing failures and traffic routing the right way by BGP but being told to go to the wrong IP address by DNS.
And as for some random DNS provider claiming it is fixing DNS's security problems by introducing it's own systems to combat cache poisoning etc...
What ? Why ?
Joining in with DNSSEC would be a more sensible solution than trying to shore up the existing technology. OpenDNSSEC is a open source package, so anyone can join in.
Then you just need a decent network/security administrator to put a security wrap around your systems and most of your "security" problems are solved.
No robot required?
Your suggestion that no robot is required is based on current usage patterns.
"You won't need a robot because every device in the drive will be connected."
But, with more "slots" available it probably makes sense to have a pile of cartridges ready to use, in a hopper, and an output hopper.
Then the robot can swap new RDX cartridge into drive and when it's written dump it in the hopper. Maybe even allow it to push daily rewritable carts back in the input hopper.
I can't see anyone producing a library that I can afford that allows me to connect my entire cartridge stock for the next year's worth of backups at the same time.
A lot of Indians I've experienced seem to be loath to admit that they can't handle something personally. A slightly different slant on the "disloyal" suggestion.
In some ways it is nice that someone takes a personal responsibility, BUT:
It can be annoying when you, as a customer, realise it's not going to be resolvable by a person at their level but you can't get them to transfer you to someone more senior who can make the change you want.
Which also agrees with your point of view that problems get sat on until something blows and it has to be escalated.
My suggestion is to put on a lot more excess pressure in the first place compared to talking to a Brit. Instead of "this might cause a problem if ...." try "This is causing major problems right now"
Of course, if it's a problem you aren't aware of, then you're screwed...
Nobody said it couldn't be pwned
No one ever said a badly configured box couldn't be pwned. In fact a badly configured *nix box is likely to offer more opportunity to the cracker than a windows box because windows protects you from being an idiot, whereas *nix assumes you know exactly what you're doing.
Of course as has been suggested, MS probably have excellent skills at securing windows and not much at securing *nix. So the box was likely not patched or configured with some insecure services running with bad config (like maybe NFS sharing the root filesystem to the world without mapping root to a different user, which is a common mistake).
If you want to get the "frother" community going, maybe we should mention that MS who WRITE their own operating systems, firewalls, mail, web and other software STILL feel the need to have Linux in their environment. Presumably because whatever they've paid millions to write and punt to the rest of the world isn't up to the job.
I don't think there is a single bit of software where MS haven't stuck their oar in, so what do they need Linux for? Unless their offering isn't actually any good... "Froth at will"
Given a choice?
OK, so you've got a choice between police and firemen today or no police/firemen today and a wonderful new anti crime/fire robot thingy next year, maybe.
I'd rather have the safety today thanks.
Of course, you could probably make some cuts somewhere else, but that's what the gov will propose as the only other option. Something you need vs something you'd like.
At the end of the day, they'll do whatever they want anyway.
Let me guess, you're an IT amateur...
"detach a cable, slip a sleeve on, and reattach it?"
You've missed out checking pre-requisites :
Check the car's serial number against affected models.
Check car hasn't already been fixed.
Visually inspect existing cable and decide if it needs replacing or patching.
Test entire system for faults so you can be sure that you haven't caused any new faults.
I'm sure I could think of a few more if I could be bothered.
Then, the "detach cable" part doesn't include the time where you have to extract it through a hole about 2" diameter hidden underneath some other panels that require you to remove half the car to get at.
Similarly, if you've bought a new car recently, you might have seen that headlamp bulb replacement is something that is a "main dealer" only task. They'll probably bill you an hour or so's labour just to change a bulb.
At the end of the day it's probably just that an hour is the smallest unit of time their maintenance process system can cope with. "Check your oil level sir? Takes an hour.", "Refill washer fluid sir? Takes an hour" etc.... "Charge your battery sir? Takes a week."
(I know a Tesla won't have engine oil, but presumably it still has gearbox oil.)
Can you remember 50 characters for 6 months?
Can you remember 50 characters for 6 months?
I have enough trouble remembering a handful of 9 character passwords after a couple of weeks on holiday, let alone 6 months spent, presumably mainly at her majesty's pleasure or undergoing stressful complicated legal wrangling...
So, blab your password straight away
"You have the right to remain silent ... mention now ... etc...."
Yes officer I'd like to say "zxplLkIujnn*&^fh44£$FklpkjbMHFGXFWzchbjn kju642dhvnblp}[1b36nndfj3jdnx^nbghfhkl;LHGGVBL"
Later in court :
Q: Would you like to tell us your password?
A: I already did. It's not my fault if the police didn't capture that evidence, is it? I've been stuck in a holding cell for the last 3 months awaiting trial and I've now forgotten what the password (if there ever was one) was.
Would that work????
I don't believe it...
I can't believe this crap is patentable.
Spelling checkers work now by finding words that have a few similar characters in, generally somewhere near in the alphabet or phonetically.
Finding a replacement character that is nearby on the keyboard doesn't seem to be too big a leap intellectually and something I've been cursing about the lack of ever since I started using a "soft" keyboard.
Surely it needs nothing to do with a "pattern of dots". Simply take the 8 characters surrounding each typed character and search each of them through the valid word database. I'm guessing there would only be a couple of matches, (bearing in mind the design of qwerty was that normal English would have minimal striker collisions on an old mechanical typewriter running at speed.)
I expect indexing could be clever enough to narrow down most words after only a few characters.
What about school sports?
I seem to recall what seemed to be a horrific number of injuries through supervised sports when I was at school. I have seen (during "games") :
One death (yes really!)
Several broken arms/legs/wrists/ankles
One broken face (blood everywhere and no sign of a chin, courtesy of hockey stick)
Several cricket ball/groin incidents
I reckon only about half of us made it through undamaged, we were the half that normally just hid during games, being typical computery geeks.
So, exactly what are these idiots complaining about?
Really, video games are the safe option, trust me.
Phones while driving are a bad thing
I drive to/from work along a motorway and most days there is some idiot in the middle lane getting slower and slower (down to about 40-50) and as you pass them you can quite clearly see that they are on the phone. Either talking or texting.
(Alternatively, someone in front slams on the anchors and veers wildly through traffic to the "slow" lane without looking in mirrors, to answer their phone. Because of course braking and veering on the M-way are much safer than continuing on your course at the same speed...)
I always find it amusing that American road safety people suggest that phones aren't as dangerous as :
"adjusting the radio, to eating and drinking, to tending a child in the rear seat, to reading, shaving, and applying makeup, to swatting bees"
Most of which are actually illegal in the UK, even while stationary.
I suspect even swatting bees would come under a generic "being distracted" category!
So if it's eco friendly, can we assume that they included the hours of processing time to convert from various common media types to Apple's own proprietary formats?
As well as needing to leave something else switched on to stream the media to it.
You could replace it with a bump on the wire and get your PC/MAC to "stream" HDMI to the bump and the bump can transmit it to the telly. Oh look, there's a set top box that needs no power at all.
It'll end up like speed cameras
Just like speed cameras, there will end up being a database online somewhere linked in to google maps or GPS systems etc....
Maybe like the #uksnow tag in twitter someone could make something that uses geolocation on photos of ANPRs posted to twitter to build the database. (don't use the geo info from twitter, by the time someone tweets, they'll have left the area of the camera)
Considering the entire IT estate gets changed out about every 5 years or so I completely agree with your plan to skip everything right now and start again from scratch. Big Bang solutions are always so good especially when done across the entire infrastructure like you're proposing.
As opposed to the obviously idiotic step of having a phased approach where as systems go end of life they follow their natural path to the bin and get replaced with something with "free" software.
At the same time they can take the people who know how to use a system that's gone and give them the training that they would naturally expect to receive when replacing one expensive system with another (in my experience that's about sod all).
"Basically the rag seems to exist to push the reactionary outrage button on closet facist readers."
It's taken you how long to realise this????
Why not post some more exciting comments :
Grass is green
Sky is blue
Water is wet
Fire is hot
Of course you could jazz it up a bit :
Basically fire seems to exist to push the thermal outlet button on combustible fuels.
Basically the grass seems to exist to absorb the energy from the sun with clorophyll.
Maybe it strangled?
Looking at the picture, it's got cord around it's neck. Maybe the people who found it haven't got the message about death by strangulation...
As a film watcher....
As a viewer of films, I'd like to ask a projectionist :
Why are films never in focus these days?
Why do you leave the blooming lights on?
Why do cinemas insist on charging 15quid for a tiny portion of popcorn that drives everyone else mad with the rustling through the film? (OK, so maybe this one isn't for projectionists)
And, I agree about phones :
Faraday cage the whole building and then stick a small signal jammer inside.
Provide "house phones" that connect direct to 999 (or 911 if you're mercan) for genuine emergencies.
If it's not 999 level, it can wait an hour or so.
If you're expecting an "emergency" call, don't go shut yourself in a room with a bunch of people who want to concentrate on something other than you playing with your phone and walking in and out of the room.
"oxygen tube" ?????
You've got an "oxygen tube" inside a "PVC tube".
PVC is quite rigid and easily formed into a tube. I am happy with that bit.
But how do you make oxygen stay in a tube shape and prevent it from diffusing into whatever surrounds it?
Do you mean "tube with oxygen in"?
Also, it sounds like you're not going to fill it with oxygen, just "air".
Maybe : "rubber tube containing mostly nitrogen" ?
I don't know much about rubber, but it's probably some sort of poly butyl something or other.
And it's got your Aluminium oxide in too.
Hotel / Prison ?
My guess is that the hotel was a prison or something similar with lots of equal sized rooms and has been repurposed.
Your room was one cell and the bathroom was the one next door.
(or maybe an office block with lots of equal sized offices)
- Analysis BlackBerry Messenger unleashed: Look out Twitter and Facebook
- Comment Mobile tech destroys the case for the HS2 £multi-beellion train set
- Nine-year-old Opportunity Mars rover sets NASA distance record
- Things that cost the same as coffee with Tim Cook - and are WAY more fun
- IT bloke publishes comprehensive maps of CALL CENTRE menu HELL