Posts by Antony Riley
200 posts • joined Wednesday 21st November 2007 19:57 GMT
unearths your OLD stuff too*
*Provided you bought it from Amazon after 1998.
*Provided you live in the US.
That's a couple of fucking big caveats.
Re: VAT?
Furthermore, if the end customer is a VAT registered business they will claim any VAT back, not to mention that their UK operations will claim back VAT on anything they buy, it would surprise me if the VAT man actually paid these companies money rather than the other way around.
VAT?
VAT is only payable at the point of sale.
Online sales use the VAT of the source country (EU to EU).
I.E. Resellers pay VAT, and any VAT these companies do pay is going to mostly be in the country the item is sold from. Also services in the UK do not attract VAT (e.g. support contracts).
Re: "...unlikely to be something most non-techie users could pull off..."
You do not have to run your own code on a machine in order to modify memory, typically plugging in a device to the machine is enough.
e.g. http://md.hudora.de/presentations/#firewire-pacsec
I note that there are still DMA access to kernel memory over firewire issues in existence today on every operating system. If this is ever patched, there's a whole slew of badly written USB and Bluetooth device drivers left to target, reprogramming a USB/Bluetooth/Firewire client via an automated tool is well within the reach of most people on the street.
Having said that if you can modify kernel memory then all bets are off regards any sort of signed executable protection anyway, so the news that modifying a single byte can turn it off isn't much to shout about.
Irony
The ironic thing is that Ubuntu made the same mistake as Windows 8. Try to please two audiences with one desktop shell.
Given the ease with which you can change the desktop shell on linux per login it seems rather pointless. It's not like Windows where you have to go and change a registry setting, and then pray you haven't broken your shell and locked yourself out of your own account.
All in all it hasn't been a bad year for Linux despite the fuckups from Ubuntu and Gnome. The gaming industry (at least the indy/PC part of it) seems to be pay a lot more attention to it, and the lack of attention has long been one of Linux's biggests failings when it comes to gaining new users.
Re: Linux users..... (Humble bundle stats).
Almost worth the reg doing an article on the above link if they haven't already, trolling there readers seems to be par for the course around here.
Posted in MySQL gains new batch of vulns
Re: File System Permissions
If you already have access to the mysql user, and can write files owned by mysql, the ability to make a database user have full admin access is rather unsurprising.
Privalege escalation is not privalege escalation when you need privs higher or equal to the privs you are attempting to aquire.
The mysql user is a higher privalege than any database user account.
Re: Upping the ante by scaremongering
@LarsG
Pretty much yes, the worst part is the press love to go along with scare mongering which makes it all too easy for the gubbermint.
Can't find a source to this quote, but it's appropriate:
There are two ways to control a population: fear and hope.
Re: And who'd be able to afford the $500K tickets?
How very Golgafrinchan of you :)
Font handling in the kernel - wtf.
Re: Transactions
I suspect the scalability of transactional databases is the problem here, presumably they're queing up 90 seconds of transactions into a bulk transaction and trying to sort the mess out later.
Re: "The length of a password is less important than its strength"
I'm kinda curious how you reached the conclusion "You are still better off with 8 characters though.".
Re: "The length of a password is less important than its strength"
Ok, I never stated 'generated by a human', I was assuming a computer would generate both the random words and password, because humans are frankly shite when it comes to generating random sequences of anything.
Even 5000^5 is more than 64^8. That's ignoring the fact that a normal human vocabulary is *50,000 words (and we're still not including inflections). So your argument fails even on it's own rather suspect numbers.
*source: BBC http://news.bbc.co.uk/2/hi/uk_news/magazine/8013859.stm
"The length of a password is less important than its strength"
Strength is an exponential function of a password's length.
*Even if you throw together 5 random unrelated dictionary words, you still have ~ 200,000^5 possibilities.
320,000,000,000,000,000,000,000,000
An 8 letter password using a-zA-Z and punctuation is ~ 64^8 possibilities.
281,474,976,710,656
It would take 1136868377216 times as long to crack the password based on dictionary words using a brute force attack.
Clearly long passwords using just dictionary words are vastly more memorable and secure than 8 letter passwords composed of random characters.
The statement is at best misleading, though I'd go with just plain wrong.
*Assuming 200,000 dictionary words, OED estimates a quarter of a million not including inflections
RE: Russian/China handle it.
A lot of commentards seem to have missed the fact that Russia and China are not proposing they manage it, they're proposing a neutral international party handle it. Lets ignore the fact that they're holding American up as a fine example of a country that promotes *free speech.
ICANN aren't exactly doing a great job at the moment, maybe it's time for them to give the reins to someone else.
Having said that, I suspect the ITU might suffer from being unable to get anything due due to political conflicts, but I'm struggling to see how that would be a terrible thing.
*only applicable to US citizens.
Couldn't have put it better.
On a positive note, it's nice to see the courts being used in sensible ways for a change. More than half the legal battles reported on The Register leave you wondering if putting the two people in a padded room and leaving them to it wouldn't be a better option, and certainly waste less money.
Re: According to the policy on their website
More accurately they require a warrant if you happen to be a US citizen, otherwise you are screwed.
Re: Windows 8 is brilliant
Downvoted for astroturfing.
If you weren't paid for what you do you'd have commented on at least one thing unrelated to Microsoft.
Re: Yawn...
And what is the likelyhood that would happen given the amount of data collected?
Bloody Hell.
Who wrote this article, surely wasn't Matt Asay, I actually agree with it.
Has he outsourced his writing?
And...
Screen flicker: software fault will be fixed in an update, and if you can't wait you can force gpu rendering somewhere in the settings.
Loose screen: open it up and tighten some screws.
Screen calibration: will be fixed in a future firmware update, hopefully exposing the settings to the end user, or someone will make an app for it. (I believe this is the digital vibrance (tm) setting on the nvidia gpus).
These all seem pretty minor and fixable.
Not like say putting the wifi antenna and 3g antennas on the outside such that you can bridge them with a finger.
Be thankful the thing can be opened up, a lot of modern hardware isn't designed to be user modifiable.
You'd struggle to find a device that ships from anyone which doesn't have at least one major firmware glitch on launch these days.
I'm actually tempted to buy one now.
Hrm, Exclusivity deals with carriers.
I seem to remember these just serve to piss off the other carriers, which you are totally dependent on for all your other phones.
"However, as a result of our enquiries, we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files"
Presumably a standard vulnerability or poor password, and they left their fingerprints all over it (.bash_history etc) but they point back to a compromised machine somewhere which no longer exists, thereby putting an end to the waste of tax payers money.
Something smells.
Oracle are trying to commercialize a free version of a commercial linux, which is itself based on a free linux.
I remember Deadrat in the early days, no love from the developers because they were taking something essentially free and charging for it combined with a few bells and whistles. Then came CentOS, which basically exists by extracting the free and not so free work that Redhat do with Linux into a completely free version.
Along comes Oracle and they want to install a few binaries on top of CentOS which add a few bells and whistles and provide a few extra updates.
Disclaimer: I have no love for Redhat*, Centos or Oracle.
*I will concede without Redhat, Linux would not be where it is today.
Crap, I said this in a comment on the original article about BAE's technology and got downvoted for it.
Microsoft Windows Image Problem.
I don't think it matters if Windows 8 isn't great, I think the problem is that the requirements of a mobile phone's operating system are very different to that of a desktop PC. Reliability is far more important, everybody hates their phones being unreliable. Windows might be a associated with a lot of things but reliability certainly isn't one of them (to the general public, I'm ignoring IT professionals which have windows 7 PCs which never crash, because they know how to use a computer).
As far as Nokia goes, I think they've already signed over their soul to satan. Which is a shame, as far as their brand goes, at least outside of the US, they shouldn't be in this mess.
They've suffered from no good overall strategy for a long time, and unfortunately when they did get around to choosing a single strategy it was too late and they chose the wrong one. Maybe they have some sort of backup plan, but I think I agree with the article that they've burnt all their bridges and the chairman is selling snake oil.
Snoop onto them, as they snoop onto us
See title.
Mine's the one with the Hackers DVD in the inside pocket.
Posted in BAE proposes GPS-less location
Re: fire with fire
Even BAE's site says it can only use the GPS jamming signal under certain circumstances. It's a fair assumption GPS spoofing can't be used, and that under most realistic circumstances it can't be used at all (Mobile jammer? Jammer varies it's signal strength?). At the end of the day these guys are selling a product.
The technology is probably useless without the data uplink to HQ, and any GPS spoofing attack is probably going to attempt to jam the hell out of that anyway.
And yeh, it can always fall back to gyros, but then it can do that without this technology (Though the technology might be useful for identifying when to fall back to gyros, but then that isn't what they're saying it's capable of, hence my grumpy post).
Posted in BAE proposes GPS-less location
Isn't this called AGPS and currently used by mobile phones (though extending the signals used beyond phone masts and wifi).
Minor downside that it doesn't work without a data connection because you need a bloody big (and up to date) database to query your location against.
I also fail to see how this does not suffer from exactly the same problems as GPS regards spoofing.
A rights-holder's representative who spoke to us on condition of anonymity told us:
It's an example of astroturf: of a corporation using the collective action of not-for-profit groups to further its own interests.
Pot calling the kettle black?
Surely rights holders groups have been doing this for years?
The idea that in political debate everybody involved is entirely trasnsparent is laughable at best.
So long Nokia, sad to see you go, it's been fun, and thanks for all the third party suppliers in Finland which developed around you and have long since diversified away.
Minor correction: ~3,600 jobs in Finland lost this round of redundancies.
Disclosure: British ex-pat living in Finland.
The cars were looking for wifi networks of any type (encrypted included), mostly to build a database for agps.
The issue is that instead of just writing packet headers to the hard drive on the streetview cars, they wrote out entire packets, which in the case of unencrypted networks included private data.
My personal feeling is that if you transmit unencrypted data on a public channel then it's your own bloody fault, and frankly google grabbing your private data and not using it for anything is the least of your worries.
Still, the whole thing is entertaining to read about, not least for highlighting quite how clueless the people responsible for policing this stuff are.
And?
Register branch in foreign country where bribery is not illegal off local soil, do it in the name of said branch, claim it as an expense in that country, carry on as normal?
Re: Trust common sense
Call me stupid, but surely if your data is anywhere other than on your own hard drive someone else has it? Be it a hosting provider or 'in the cloud' (there's not a lot of difference). Explain how a startup is supposed to fund it's own data center, even with a 5 million first round (choose your appropriate currency).
As for private individuals storing their data on the cloud, that's barmy, but the article isn't about that.
And?
It doesn't change the fact that git was written by and for developers who live in a completely different world to developers who work on windows. Whilst there might have been some convergence between these two worlds in recent years they are still very far apart.
I wouldn't like to predict the meteoric rise of git or github to becoming the defacto industry standard, every few years a new one comes along.
Re: Windows is the OS of the Cloud
... in the alternative universe that marketting droids at Microsoft seem to live in.
Wonder if it's feasible to...
...power a gym by the users expended energy.
Well, at least the lights & music, I imagine heated showers would consume far too much energy.
And for bonus points you could make it a ridiculously up market gym catering to rich people who like to feel like they're doing something for the environment, to counter balance the ridiculously oversized vehicles they drive 500m down the road to the local school to pick up the kids.
Oh crap, already been done.
Posted in MySQL's growing NoSQL problem
Seriously.
Why is it news that a product in a new market segment shows more growth than a product in an old crowded market segment.
Worrying...
... that they seem to be more concerned about having their website defaced than private data stolen from it.
Posted in VIA outs $49 Raspberry Pi-alike
Re: gpu
Knowing Via is has some awful non standard homegrown chipset which has little or no support.
Dear Via, if you'd ever shipped the nano cpu with anything resembling a working & supported graphics chipset I'd have considered buying one.
Posted in Amazon takes on Microsoft Azure head on
The Cloud Formerly Known As Azure
You sir, owe me a new keyboard.
This would make a lot of crackpot astrologers right, I hope it doesn't go to their head.
So it's basically Sealand on a boat in a more useful location.
The fail is strong with this one.
Well they're kinda right, apart from the bit about "Did not tell share holders".
It was blindingly obvious from the point when they made the deal with the beast onwards.
Posted in Are Valley VCs playing hide-the-money?
So the question is: do VCs deliberately help the companies they invest in inflate their valuation so that they can be sold on for a profit?
Isn't that a bit like "Do bears shit in the woods?"
I wouldn't trust my payment details going through any big multinational payments company (visa, mastercard, american express). Unfortunately there's not really any alternative these days, one imagines phone/nfc payment will eventually replace plastic in ubiquity.
The bans there because PR firms don't seem to know the difference between factual and fanciful.
Posted in WTF is... UltraViolet
To Sum Up
Digital distribution platforms need to pay more attention to pleasing prospective customers and much less on making retailers and rights holders happy. What a piece of shit.
Posted in WTF is... UltraViolet
Re: Remind me?
I was going to downvote that until I saw the joke alert icon :)
I'd never say nature is fragile, but I'm not happy with the opinion that humans can't twist nature to serve them without unintended consequences. It's a very complicated and poorly understood system, and changing it often results in unforeseen consequences which often have a direct, negative impact on man:
Salination of crop land in Egypt.
Salination of crop land in California.
Dust bowl in the US and Canada in the 30s.
Soil erosion in the amazon rain forest due to deforestation.
Soil erosion in southwest China due to human activities.
I'd agree that nature will balance itself out in the end, but lets not forget that humans are a part of nature and we might be subject to balancing out.
