Re: You want your vulnerabilities traded in underground forums?
Well played Keef
2220 posts • joined 15 Mar 2007
Well played Keef
Feeling sad you don't have one?
You are right to a point. Someone who is above-average in terms of attractiveness is not guaranteed to get attention from folk that they want, maybe because they are afraid of rejection as the presume such a person is overwhelmed by offers.
But this is a site offering only other "beautiful people", and that alone suggests they are not looking for those missing Joe Averages who are average looking but underneath really a decent and interesting blokes.
Probably because they are vain tossers and quickly lose anyone initially interested in their looks once their personality (or lack thereof) is known.
But don't listen to me, I am just ugly, bitter & twisted...
You deserve two up-votes for getting Groucho & Carly in to one post.
If your data is all in the "cloud" and said cloud provider deletes it due to a contractual dispute or simple fsck-up, or goes bust, etc. What then?
Both your primary operational data and the backup/snapshot are gone in a flash.
The old adage about a backup having to be "off site" should be extended to the requirement that any backup is held by another organisation if cloudy, or better still, you have it in your own possession (but not the same building).
I am sure that €10000 would buy me quite a few good hours of "whiplash" experience that would be very NSFW. But then I have friends in low places...
When ever I am stupid/drunk enough to attempt karaoke there is often prompt feedback, typically in the form of thrown bottles or boo/hiss remarks. Just how will they provide the same "experience" in software?
Edited to add: The caption photo is of the portrayal of Ian Dury from the film "Sex & Drugs & Rock & Roll", well worth seeing.
Really, the key thing about autonomous cars is they are autonomous!
That means they can work in the middle of nowhere, not needing to find the roads to be exactly as surveyed, with temporary diversions and obstacles dealt with as they come, and without any sort of link at all so they don't bork with some ne'er-do-well armed with a £100 Chinese-sourced jammer comes close (or your favourite 3-4 lettered agency with its £200k jammer). WTF do these people think is going to happen if cars depend on networking?!
The difference is that folk should use TWO emails! (In fact 3+)
The first one for official business and that is subject to discovery. Of course, depending on the data retention rules and any legislation that forces that period.
The second one is your personal email account that you use for chatting to friends, ordering stuff from Amazon, arranging a hot date, etc... Since this is not used officially (and you are not dumb enough to do so and have a client's email reveal this so it IS then subject to discovery) you don't need to worry much. If it is not using the corporate servers, they don't have to touch it at all.
The 3+ ones are for spam accounts, like sites that ask for email to download articles, etc. You can more or less set that to self-delete after a day or two once you have the access you needed.
While MS might offer the Windows software recovery image, what about OEM-specific drivers? From experience they can be a pain for Windows and for Joe Average its just not going to happen.
Lenovo need a kicking over this, and maybe MS should get touch and put a stop to crap-bundling on any OEM deals.
I was deeply disappointed when I "upgraded" Opera to the latest version, as it has been dumed down and thing I used to like having, such as the ability to turn off GIF animations and generally block content per-site, are gone. Maybe some plug-ins will help, but overall its almost pointless.
Chromium gives me a webkit-based browser without Google's spying, so what is Opera actually offering to justify their existence? OK the "turbo" feature is occasionally useful, but that is about it.
Will Firefox quite copying Chrome's "users are morons" approach and stop dicking around with the GUI? You know, hiding thing and/or removing them because a couple of developers don't use them.
Actually, its an anti-rant as I am pleased MS has finally bitten the bullet and decided to ditch all of the legacy crap in IE. Yes, I know a lot of organisations are IE-bound but for the love of $DIETY just fix those. MS needs to move on and if they stick to open standards, and ideally open their browser (even if under a restrictive license) all will benefit.
Except goats. They just don't care.
Its a tricky one.
While you might feel guilty about revealing it, there is a good chance that someone else will (or has) found it and will exploit it. Until it is understood by AV companies (as we can assume MS knows now) there is nothing to protect those using XP from it.
Now MS told you its not going to be fixed as XP is EOL, but what of the embedded version that various systems use? Publishing might be the only way to force MS to fix that for those still expecting support until that version is finally EOL'd.
Finally, you might want to consider if the same underlying bug also impact on Win7/8.x as well. Disclosure would allow that to be investigated.
So really, it will come out one way or another, and probably best if done via an open forum than black-hat sales channels. MS know, so its their call about patching.
The deeper problem is the sorry state of SSL certificates in the first place, and why it was possible to go pretty much undetected until security researchers looked in to it.
Lenovo deserve a really big bollocking here, but all of the web browsers, and business in general, needs to be doing something more serious about stopping faked certificates being used to MIM https, or making them damned obvious to the users.
You might find this enlightening:
Don't these chips have thermal monitoring?
If so (which I assume they all do), why not scale back the clocking if they start to overheat?
You mean like we have has since 1985 (Cray UNICOS, first 64-bit implementation of Unix)?
Or 1994 (Silicon Graphics IRIX)?
Or 1998 (Sun Solaris 7)?
Or 2000 (IBM z/OS)?
Or 2001 (Linux becomes the first OS kernel to fully support x86-64, same year as XP 64-bit)?
Or 2003 (Apple Mac OS X 10.3 "Panther")?
[Shamelessly copied from http://en.wikipedia.org/wiki/64-bit_computing]
It also depends on how well the applications were written, and how they are linked. For example, if they only ever used the libc code for time calculations (mktime() gmtime() etc) then having a patched libc on the 32-bit system would allow this to be put off until 32-bit unsigned overflow, which is around 2106
However, if statically linked or doing things with time_t based on it being signed, then its going to have problems. Also note (as already covered) this is not a Linux problem as such, it is a C language problem and anything similarly UNIX-y that uses the time_t. A lot of MS software could well be using the C library, etc.
So really this is more a 32-bit application/data problem, and only code audits and (more importantly) testing will reveal what will actually happen.
There are some ways to work round this and some things might just work. But testing is needed, and more importantly there should be STANDARDS for all those embedded applications that demand testing with post-2038 dates just to be sure.
Currently 64-bit Linux works fine, of course, as time_t is natively 64-bits.
Even today, as time_t is generally used as that (i.e. a specific data type and not the generic 'int' or even 'long'), if it were defined to be a 64-bit integer then most 32-bit systems would re-compile and be all OK as the compiler should do all the necessary stuff. What would be broken is things like file systems and other file formats where 4 bytes is explicitly used and that is all.
Alternatively if the 32-bit integer was treated as unsigned then also most things would work. I tested the gmtime() function recently and found that 32-bit Linux "failed" post-2038 by design as it returned -1 to flag an error, same for the older MS VisualC++ 6 (also 32-bit). Ironically the old 16-bit MS-DOS C compiler got it right post-2038 if you treated time_t as unsigned!
Really old bean? I though GCHQ had nothing official to do with the US after that spot of bother in Boston with all of the tea...
I think you will find users want better content, rather than more content or quality. Sadly this is misunderstood to mean there should be more channels of utter pish, rather than the available revenue being spent on fewer channels with worthwhile content.
Also WTF is it that broadcasters/ISPs will spend billions on sports coverage and not nearly as much on creating worthwhile programs in other areas (arts, drama, comedy, science/education, etc)?
I applaud this just because it means we are starting to see 4k monitors at tolerable prices.
For PC use having a big 30-40" monitor in 4k would be great as the resolution would be usefully delivering the equivalent of 4 * 15-20" HD monitors but without the division and physical arrangement problems. Great for all sorts of things beyond speciality video!
This family of infections has a (rare) module that can be used to infect your HDD's firmware so even having bought a clean one is no guarantee it will never have this.
Arr, t'is the true way!
[closest icon to a flagon of rum]
Of course if it were not for the botched intervention in Iraq a lot of the terrorist problems would not exist.
Sure Sadam Hussain was a ruthless bastard, and a lot of his people suffered under his regime, but I'm not convinced that Iraq "post-democracy" is a better place to live with the lack of security, rise of religious power, and enormous society & infrastructure damage.
I wonder how much VPN use that $29/month "privacy fee" would get you?
A smart enough router and you could stuff some high-bandwidth but low interest things like YouTube direct on AT&T's network and everything else via the VPN.
Clearly you know little and/or have never used any significant number of single-parity RAID before. Maybe you got lucky, but others know that sinking feeling when a RAID rebuild throws up errors due to bad sectors on what you had hoped were the remaining good disks.
Of course "RAID is not backup" as everyone here should know, but unless you have a 2nd RAID or some serious money in a tape system you will have a tedious and probably incomplete data restore to face you.
By the way, that is one of the nice things about ZFS: it tells which files are corrupt, not that sector 1284529784 has an error and you have to either spend ages on your file system of choice to identify what that impacted upon, or go down the "nuke it from orbit" route of a fresh start and complete restore.
Rebuild times for classical RAID (including smarter ones like ZFS) is a bit problem with modern drives because the capacity has increased way beyond the read/write speed, so you can be looking at days or even a week or so. That is not, in its self, a problem but both the longer time and the huge amount of data means you have a much greater chance of another disk croaking (or discovering bad sectors) during this process.
This is why you really, REALLY, should be scrubbing your RAID array every week/fortnight. This forces the disks to read every sector and then to fix/remap bad sectors while you still have parity, so when you lose a disk in RAID-1/5/10 you have a sporting chance of a successful rebuild.
Better still, look to dual parity like RAID-6 or ZFS' RAID-Z2
I don't know if its still the case, but fsck-ing ext4 with large arrays needs lots of memory, more than 2GB usable, and that is a problem on small NAS.
You are better off with XFS for a lot of those NAS, but ZFS (and not on LVM as Thecus do - doh!) is much better (subject to much more memory though).
I have had Thecus and support was not that bad, but still crappy much like other NAS-in-a-box offerings.
Really, if you have the technical know-how (which usually is the case of El Reg readers), then a cheap server like HP ProLiant Gen8 G1610T MicroServer, some more ECC memory, and a copy of FreNAS will give you a much better box.
Yes, I worry when reports like this profile RAID-0 without dire warnings about how that is not really "RAID" because it lacks the redundancy pert of the acronym...
Chris, this "protection from lawful interception" you speak of is complete bollocks. If the police wants my data then they simply have to get a court order in my country and I will have to hand it over.
We are not talking about some free/anonymous service here, this is all about businesses paying for storage/servers/etc so its pretty clear who is responsible.
A much more useful measure of "cloud service" integrity would be some properly audited trail to show that YOU, the customer, sets a private encryption key on your clients and that is never made available to the cloud provider.
If the law want your data then they have the proper course of action by getting a court order in YOUR COUNTRY to force disclosure.
Anything less is just marketing whitewash.
You might want to look up "anonymous", it kind of is opposite to declaring a consistent name.
No doubt the manual also warns of the consequences of being a moron and making all of this visible & vulnerable to world+dog?
Various countries, any recently the UK, have already regulated the installation of electrical wiring to prevent stupid things being done the put lives at risk due to fire or shock. It is high time that those who put important stuff (or personal stuff via smart TVs, etc) on the Internet are held accountable for gross stupidity and not applying best-practice precautions that any 1st year computing course ought to teach.
I mean really, is there any doubt why all anonymous trolls should not be executed?
The problem is you can't buy chutney made with chillis in civilian establishments, so they had to improvise with chutney & chilli sauce in some unholy combination.
That I might have to try later, just in case it leads to the second coming.
I was going to make exactly the same point, regulation exists to prevent costs as well - crime, accidents, injury etc.
The goal of regulation should be to balance folk getting on with doing things, against folk getting on an ripping others off or exposing them to excess/unknown risks.
Simple, it is when they realistically expect it to ship!
+1 for that. I have no problem with folk liking the ribbon, just mighty pissed off that we are given no bloody choice in the matter.
I often use LibreOffice and its great, but rarely follows the document layout in .docx in my experience, better with .doc
Office 2003 + 2007 compatibility sort of works, but often it borks on newer .docx in my sad experience.
Office 2010 is not that bad, so I tend to use if if I can't handle documents in older versions, or simply to convert to a format that is better parsed.
"Negotiations ... have been going on for more than three years and ..."
Well if the EU just banned US corporations for handling our data until a satisfactory agreement was in place, you can be damn sure it would not take 3 years!
I was going to ask the same - just how useful is this in the real world?
I can see it matters if you can get close enough to a very high value system to record the EM signatures and (presumably) have it run stuff you know to help break the stuff you don't, but for 99.999% of computer users will it matter?
"As-a-service is more valuable in the world of cloud because it means repeatable subscription revenue as the onus is on the customer to
cancel their account keep paying or all their business data and established work-flow vanishes."
Some of us know its pointless...
Different log-in accounts?
But seriously, it is a point - I can imagine a lot of people not wanting all of their stuff in US clutches once they understand what this implies.
Oh I don't know, I would like to take part in a France versus Portugal smack-down on either food or nubile lady fronts.
Maybe both, but then I'm a dirty old man. Thanks, mine is the mac...
God I hope so! I mean, what if aliens have triangular sphincters?
Well, it is how governments treat all internet users after all...