1374 posts • joined 15 Mar 2007
Was going to add your point - if you want to enforce OpenDNS you also need to configure the router's firewall restrict port 53 to only the OpenDNS IP addresses (126.96.36.199 & 188.8.131.52) which some, but probably not all, home routers can manage.
But it is true the setting up a home router to implement this properly & securely is not trivial even for a reader of El Reg, let along Joe Public.
I also made in my submission the same point raised by Ken Hagan about what exactly should be blocked? Who decides and monitors this?
The consultation asked about 'blocking' but gave no indication of what would/should be blocked, and how much it would cost us, and who would pay when (not "if") it screws up and the innocent are blocked. Thankfully sense has prevailed for now, and they (the government, not necessarily certain MPs) appear to have canned the idea.
Point your home router to OpenDNS and set that up, easiest way to control all home devices on DHCP. Otherwise you get in to per-device configuration, either OpenDNS again, or filtering software and with a typical range of devices (Window PC, iPad, Android phone, etc) you won't get any software uniformity for filtering and a whole life of pain in tending to them.
Better still, talk to them and educate them about the risks on-line. Not easy to do I accept, but much better for their long term development.
Re: Rebuilding a Speccy...
I think (but don't have clear memory or facts) that the ZX series were cheaply made and used a double-sided PCB and not multi-layer boards with power & ground planes. That, if true, is probably the #1 reason for the poor EMC performance.
Also note they tested it without cables/peripherals, so real-world use would be significantly worse that observed in El Reg's article.
EMC who cares?
Really, the BT power line modems are also an abject EMC failure but due to the money behind them ofcom, etc, don't care. The solution? They re-draft regulations to allow more noise...
The key point is once you have licensed a VM (which for XP is fine though Win7 I think muddied those waters) is you don't have to worry about hardware changes, drivers, etc. Further more, if it is running in more-or-less isolation for specific tasks you have far, far less to worry about in terms of security. To the point where I don't care about my XP VM going out of support in a year or so time.
The manage-my-whole-network by Microsoft is very attractive for corporate users, and so far Apple & Linux are not nearly as organised, etc, but most people don't want Windows, they want stuff that works and gives them less trouble.
And MS don't really get that - they foist Metro [insert latest name here] and the office ribbon, etc, on us without the obvious and easy to implement option of just keeping the old way and that means re-training and so on. Change is annoying, and it is gradually getting to the point where going from MS to MS latest is as much trouble for users as going to an alternative.
OK, Ubuntu et al are not doing themselves much favours either...
Re: Game changer
The first point is that this always-on encryption means that they can't just seize the servers and go trawling (or trolling?) for evidence. They have to take you to a court and show good reason for a judge to compel you to hand over any password in your possession. At least you know they are investigating you and have recourse to legal advice early on, and the sheer effort of going after someone through the courts means they simply can't afford to do it for anything other than serious and significant cases. A few bootleg episodes of the Simpsons, etc, is hardly going to be worth it and copyright trolls (like the now defunct ACS:Law) will find that as well.
Second point is if you have forgotten your password, I think the ECHR would come down on them for any attempt to force you to reveal what you no longer have. Of course, if you were dumb to say you know but are not telling, or if a court might not be convinced of your genuine problems in remembering it, then its not going to work.
Third point is how long will it be before someone has a third-party service in another country that manages the passwords and can be set to destroy them if not used for a couple of weeks, so unless they can go through the courts very quickly (again, meaning you have to be on a really serious charge) then there is no longer a password to be revealed, as your memorable one will no longer recover the encryption one.
I would be amazed if even 33% was actually unique and valuable enough to protect.
Well she ate his little head, and that is where a lot of men appear to keep the controlling brain.
Competing app stores?
What is really needed is someone (e.g. the EU) to force Apple, Google & MS to allow alternative public app stores to be added under YOUR control, so you get real competition, and are not simply reamed by your OS supplier having bought a device.
Re: Works for me
<= You missed the icon.
"Just think of all the jobs that are lost"
By these big-name companies moving manufacturing to the far East for cheaper labour and using IP laws to defend high prices and blocking 'grey imports' of genuine goods at lower prices?
Think Tesco vs Levis anyone?
CD Wow! versus BPI perhaps?
A key problem here is a lot, in fact almost all, of existing control systems were NOT designed to be secure enough to have world+dog probing their nether regions over t'Internet. Even when bugs are found most operators are loathed to change a fully commissioned working system due to the risks of other unexpected side effects, the possible lack of current personnel fully understanding an older system, and the difficulties of testing everything on a safe simulator/system before you go live with it.
With expected life times of 10-20 years do you really think they will replace them sooner to fix the deep seated design problems, or just ignore the risks because its the "done thing" in this new business model?
Re: "Redmond has produced a turkey this Xmas"
I would be less disturbed is you had said turkeys can be tasty, instead of "very useful".
"If it does the job, and with a lot less cycles than ZFS, what is the problem?"
The problem is no integrity checking, same issue for Linux software RAID, etc. My data is valuable, so I want to know if it is uncorrupted, and this is something I have seen before.
"Why does Oracle Linux use OCFS2?"
Because ZFS' license is not compatible with the Linux kernel's GPL one, resulting in it generally being relegated to user-space where performance sucks (same for all other fuse systems). This is a legal issue, not a technical one.
"ZFS is just a ripoff of WAFL"
Hmm, I think the NetApp versus Sun/Oracle case was closed on that one after several of the patents were struck down. Odd you see that as a problem, as NetApp's customers like things like snapshots and copy-on-write. OK, they don't like the usurious license fees NetApp like to charge to actually *use* such features, but that is a separate issue.
"It also has problems with hardware RAID"
Not really, but if you use hardware RAID, or a separate software RAID layer to present the storage to ZFS, you then lose the key advantage of error detection and recovery of 'silent' HDD/bus/memory errors that most dumb RAID systems miss. It will at leat tell you the file(s) are corrupt, but too late to do anything by then.
I have wondered why you have such a problem with anything Sun-related, as your other posts on DB stuff are clear and rational. So why are you not so caring about data integrity in a storage system? What do you uses/recommend to verify data is exactly the same as when written?
The problem with simply monitoring the SMART status is it won't know about bad sectors until you try to read them. Often by then it is too late.
Smart has support for a surface scan, and while that allows marginal ones to be re-written, it just report any uncorrectable/re-mappable sectors as bad and you won't generally know about that until a HDD fails and you need to re-build the array.
Hence the advantage of the RAID scrub process:
1) It accesses all of the HDD sectors (or all in-use ones in the case of ZFS), forcing the HDD to read and maybe correct/re-map any that are marginal, just as the SMART surface scan will do.
2) For any that are bad, it, by virtue of being in a RAID system, can then re-write any bad sectors with the data from the other HDD(s) and that will normally 'fix' the bad sector (as the HDD will internally re-map a bad one on write, and you still see it as good due to the joys of logical addressing).
Recent Linux distros like Ubuntu will do a RAID scrub first Sunday of the month if you use the software RAID, which is good. But I don't know of any cheap NAS that pay similar attention to data integrity.
Not counting RAID-0, OK?
One critical issue in my view is data integrity. That is what a NAS it supposed to do, store data reliably. But the article fails to address that. Do they support internal file systems that have data checksums (like ZFS)?
If not (and important even with ZFS) do they support automatic RAID scrubbing where periodically all of the HDDs are read and checked for errors in the background.
Most folk at home will only have 1 HDD of protection (RAID-1 or RAID-5) and what happens later in life is a HDD fails, you replace it and find bad sectors on the other disk(s), thus corrupting the valuable data. With two HDD of protection (e.g RAID-6 or ZFS' RAID-Z2) you can cope with one error per stripe of data while rebuilding, but that is not always enough.
That is why you want to check once per fortnight/month that the HDD are all clean, and so so allow the HDD to internally correct/re-map sectors that had high error rates when read, and if necessary to re-write and uncorrectable ones from the RAID array if that fails.
Of course, sudden HDD failure happens, maybe even multiple HDDs, or PSUs, as does "gross administrative error", which is why you should all repeat "RAID is not a backup" twice after breakfast...
Re: not enough bays
Seriously, you think that a home/small business internet connection can support access to 20TB of data in the cloud?
" I can get built-in RAID on most PC mobos" - that is almost certaily 'fake RAID' where the BIOS can boot from it but it is the OS that has to actually do the RAID computation. OK for simple RAID-1 or similar its easier than ZFS, but it still lacks the advantages of data checksums.
ZFS is not the only file system that does that, GPFS has them as well, but most others I think only do metadata checksumming (e.g. Linux ext4, and MS' new and unproven RsFS unless you explicitly ask for the extra checks/load).
I can't believe you have not ever had that horrible feeling when you get a/multiple disk errors and no simply way to find out *what* has been corrupted by the failure of "sector 102345569" etc. Also I am not the only one I know to have had data corruption in a file system due to bus/memory errors that were 'silent' so it was only on decompressing a ZIP archive (which has integrity checks in it) that it was discovered. Most other files have no checksums so the true extent of the damage was not known and the tedium of complete backup restoration had to be undertaken.
We all know you have an irrational dislike of all things Sun, but from an integrity point of view ZFS is one of the best choices for file systems, unless you are playing big-league with IBM's distributed system.
"her daughter had managed to post gibberish" is so amazing, to be as capable as virtually all other Twitter users to post gibberish! Get her a mensa application now!
Indeed, the question remains for everyone outside the USA (and hopefully some inside) is do you trust Intel/McAfee?
If it can hide stuff from the OS, how do you check what is there and who put it there?
Where is the option for "fix the known damn bugs and quit pissing around with GUI"?
I'm no expert, but I think Mars once had a decent atmosphere but something happened a long time ago to kill the planetary dynamo the provided the magnetic shield to stop the solar wind stripping that away. Now we see little of what was once there.
Remember Venus is the same (approx) gravity as the Earth, but has a *much* higher atmospheric pressure.
Hopefully some more expert commentards will provide you with enlightement...
Re: Bravo the NZ PM!
Indeed, they will do anything if the prices is right. Even sadder is how low that 'price' often is :(
Re: Charles 9
The DRM aspect is why it is so important to keep TPB afloat - so they learn that DRM is bad for *paying* customers and the pirated sort is a better experience, you know, the sort you would actually prefer to pay for.
It took years for the music industry to accept DRM-free once the realised that the battle was lost and that the majority of customers, when treated nicely, are happy to pay for content.
So far we may have got past the "you are probably a thief" non-skipable crap with DVDs, etc, but we don't have freedom legally to use media on any platform we want and to skip crap like trailers as we wish. The move to HD and streaming is a new battle ground for DRM and it must be the public at large that wins this one, unless we all want to be digital sefs to the few biggest of corporations who hold the DRM-forged manacles.
Re: How much ....
Because you are paying someone else to do it.
In theory you get reliable operation and nice management tools, but in practice you often get a plate of donkey gonads to suck upon.
Re: AC 15:24
Microsoft's FAT32 patent is a very bad example, the reason no one else did it earlier was IT WOULD NOT WORK WITH WINDOWS until Microsoft did it their way.
No one in their right mind would choose to do thing in the FAT32 way unless they have to work with MS software, and their oligopoly status means you have to.
This is an example of why patents need reigned in - where you can't interoperate without infringing. The basic idea behind the patent system is good, the problems I have are those already stated, that the may be:
not very inventive
needed for interoperability
too long lasting in areas (e.g. software) where 20-25 years represents many, many generations of a product.
OK, that explains something and makes more sense. I had assumed this was an extension of the device driver signing process where they did look at your code.
One way mirror?
So am I right in assuming that to get approval MS get to see all of your 'trade secrets' of your source code, quite possibly to copy (sorry, "influence") for new MS products, but you don't get to see theirs?
If you have to bare all, at least go open-source and maybe get community help in bug-fixes, etc.
Re: Not as cheap as it sounds
Just read the blurb:
"Secure – Amazon Glacier supports secure transfer of your data over Secure Sockets Layer (SSL) and automatically stores data encrypted at rest using Advanced Encryption Standard (AES) 256, a secure symmetric-key encryption standard using 256-bit encryption keys. You can also control access to your data using AWS Identity and Access Management (IAM). IAM enables organizations with multiple employees to create and manage multiple users under a single AWS account and to set resource-based access policies."
So basically they encrypt the "tapes" (we presume they use tape ultimately) but the still have access to your data, i.e. it is not encrypted at your side, using a key that only your company has.
Bend over Blackadder, its PATRIOT time!
Re: Not as cheap as it sounds
For a small user at least you save the cost and maintenance of the tape drive, and the off-site storage of tapes in case of major local damage, etc, which makes it attractive.
But the lack of any obvious way to control the encryption yourself (unless I missed something) is not good.
Re: Hmm, where do I put all my sensitive data?
The only sensible option is to encrypt the data with *your* key before it gets to them. Of course that usually buggers up de-dupe and always buggers storage-side compression, so they won't like that being the norm.
Considering the other problem, that of up/down link bandwidth, you would really want to compress/de-dupe your data before considering backing it up, which would help them as well. Not quite so simple to use properly then.
Re: Whatever is bad for Microsoft is good for everyone else.
I up-voted you because some of what you said is true (i.e. we need more and real competition for the mass buyers of computers), even though I suspect you need to keep taking the dried frog pills...
Re: Is this really an issue?
"A surprising number of companies were still using 16-bit installers that should have been done away with a decade earlier."
Assuming they do/did a proper job that the business needs, why should they not be supported on 64-bit as for 32-bit OS?
The idea that *working* software has to be replaced simply because the OS supplier can't be bothered to support it is a worry, and is the best argument of all for going open-source where you have the ability (or paid contractors can) support legacy stuff if it is cheaper then throwing away years of experience and bug-fixes in the pursuit of 'shiny'.
Re: Your rival may get many more viewers by NOT banning it
There are no rivals - except the pirates, and of course then you don't need all of this technology to 'allow' you the watch the stuff you just paid for, you can watch it anywhere.
Really, in a number of ways I support the TPB simply because the low bar to accessing 'pirated' material has, or hopefully will, make the content industry realise its not so precious after all and that if they want my money they have to make the experience of legal purchase easy and effective for me, on any of my devices.
Does any one out there really want stronger DRM to be baked in to the hardware and further restrictions on what you can and cannot do with YOUR hardware becoming the norm? Screw you Apple!
What metadata should be protected?
The idea that removing any metadata should be stopped is a dangerous one, as it could lead to images being attributable to people who really don't want that in public (e.g. photo of a crime, personal adverts on dating sites, etc).
What is needed is some sensible machine & human readable metadata for copyright that is protected by law, and maybe some hash of the rest (date.time, camera settings, GPS coords, etc) if it is missing. That way images' ownership can be traced as needed, but are not identifiable so easily unless the photographer applied their public 'signature'.
Do you really want all of your data locked to the CPU, so if your machine dies and you swap the disk to another it is all unreadable?
At least with an iPad there is no real expectation of recovering data/physically upgrading if it has failed (or stolen, as likely), and their whole software model is based on cloud backup.
And yes, you probably should have a backup of your PC but we all know how easy and regularly done that is...and how successfully and well tested the restore process is...
It is not pointless because:
1) It makes Joe Public realise that this is OK and sort of MS-approved, and is safer than a random download.
2) It gives other browsers a chance, and not just Chrome that Google push relentlessly on their home page.
Remember, this is not for El Reg's typical reader.
Re: What a ridiculous situation
the market condition that exists when there are few sellers, as a result of which they can greatly influence price and other market factors. Compare duopoly, monopoly
The point you are missing is this is not about corporate users for whom a sysadmin sets up the approves configuration, nor for readers of El Reg who fully understand how to install other browsers and/or configure search engine choices.
This is about Joe Public who can't tell the difference between an address bar and a search engine, and for whom the blue 'e' was "The Internet". Once most of them are using an OS-specific browser you get the stupidity and lock-in seen, for example, in a lot of South Korean banks where you need an ActiveX plug-in for on-line banking.
And so you can keep your hands tightly around consumers genitals and squeeze them for all the money you can with little chance of them moving way from your cash-cow.
That is what the EU has acted for, and given the size of MS and their inability to keep a promise, I don't think 10% fine is out of the question. Please educate yourself on the whole anti-trust proceedings that started with MS moving against Netscape before arguing about it.
Re: What a ridiculous situation
You really don't get it do you?
"There is no law saying you MUST buy Microsoft" - go to any of the major vendors (HP, Dell, Toshiba, Leveno, etc) and see what proportion of consumer machines & laptops you can buy world-wide without Windows, then report back here.
Damn, I fed a troll again!
Re: What a ridiculous situation
I think you missed the Troll icon.
Can't you understand what the implications of monopoly / oligopoly status means? If Ford had 99% of all garages in their pocket, you don't think they would get such treatment as well?
As for the success of companies, you also seem too dim to realise that often that comes from misusing their position to crush opposition and/or disadvantage competitors. I have no problem with Google being the biggest search engine if it is due to them having the best algorithm, but it is an issue when they start promoting their own brands ABOVE competitors because of ownership, not relevance.
Geed, you break the rules then expect to get punished! Oh unless you are a US company in the USA where the DOJ drops things that might harm your profits.
Re: Unicorn sighted! Oh wait, it's just a donkey with an ice cream cone stuck on its napper :(
I did not even get that far, I read about it on this esteemed organ and immediately found it won't work on Linux. Now I do have access to an old copy of Windows, but it comes back to the point that Andrew made (as countless others have) that DRM sucks!
The inconvenience and high probability of paying for something and getting screwed later is too high, and suddenly them there torrents looks might good, me hearty!
It comes back to this issue of control-freakery, and I guess some of that comes back to Byzantine licensing terms for each and every country and media that exists having grown over the years. Also pointed out is 2/3 of users are 'honest', so why make life hard and irritate your paying customers to protect content that is mostly going to be paid for, and those who don't pay you can't practically stop anyway?
I wish that some sense could be injected to both sides of the copyright debate.
Seems I can't log in to my web email just now - merely a coincidence?
Still no big deal as I just use it for spam and facebook, which is the same thing really.
This is why I disable autorun on all possible media!
Autorun was a dumb idea - if you know so little about computers to be able to find and run a setup.exe file on some new software, you have no bloody business running arbitrary software in the first place! Learn, or get a knowledgeable person to help you (paid if necessary).
Re: AC 13:41
No my argument is more like: My friends/family/granny didn't understand it, it didn't work for them...
As for runas - why should it not have "just worked" like sudo? More skill required to fault-find.
Same for ACLs, the issue is not that I don't understand what they should do, more the fact you often need to use the tool to see what the effective ACLs are, and a lot of insight to see what those implications are for the system.
Then you get on to the thorny issue of execute permissions - can I use the ACLs to block all user-writeable areas like TEMP and their own profile from execute permissions and not break the whole machine? Not break Chrome? Linux has the execute bit that, by default, is disabled on downloads etc (OK, not on stuff copied from CD or FAT which is dumb...) which is another hump in malware prevention, ACLs should allow the same, but by default don't.
But you are 100% correct to say "they shouldn't have had to, the default user IDs are setup correctly for default user access" - it is this 'insecure by default' problem that plagued Windows for years, and while it is much improved now you still get the odd legacy application that only works with your admin pants down. You just pray that no one brings along a bucket of soapy frogs...
@ AC 11:09
Yes, Windows of the NT/2000/XP... range has many security features that ought to be more than a match for the UNIX model. But avoiding the fanbois arguments about how many bugs in Windows vs Linux and so on, there is a significant difference in that for most Windows users and a lot of older Windows software - it just did not work in practice.
The whole 'run as' option for windows often failed for installers, and a lot of crappy written software (including some from MS in the past) assumed the user had admin privileges and open firewalls, etc, for really stupid stuff. If you are on a tight budget and/or have some older specialised software you just have to run as admin and hope for the best.
The other big problem is the ACLs use for access control with NTFS installations (majority case from ~2000 onwards) are simply too complex for anyone other than a seasoned Windows administrator to understand. So for Joe Average all of the security features it just broke things, or in the case of UAC on Vista it just irritated them when it popped up so often that they disabled that as well.
So to say "just because some people didn't use it" is a gross misunderstanding of the majority of non-corporate Windows users' problems with using the security offered, where as most Linux users don't need to bypass the UNIX model's default security to nearly the same degree.
<= As an AC he/she just could not select the icon. Fixed it for you...
Really the whole "block the competition" aspect sucks, why not limit patent litigation to deciding on a parentage of the sales revenue based on how much the patent is of the whole device?
Given that most products have thousands of patents used in them it seems ridiculous that trivial stuff can command even a few percent of the cost simply because some big corp has enough lawyer funds to bully for it..
The "part of patent agreements" is really a wish list. Also sorry for the typos.
Re: patent extortion
Actually the FAT32 issue should never have been allowed as the point here was MS did some stupid things for compatibility reasons and got a patent on it. No one in their right mind would *want* to use FAT32 except for the need to talk to Windows machines (due to their de facto monopoly in the desktop arena, and inability to read/write much else then FAT or NTFS).
I am all in favour of protecting innovation, but anything that is to do with interoperability should be excluded from this.
Also why the secrecy? Any deal that is not public is mighty suspicious and part of patent agreements is they *should* be conducted in the open so that the "value" can be seen for trading, not just to stop predatory agreements being signed, but also to allow investors to see the actual value industry putts on the innovation concerned.
I thought it was Toyah Wilcox?
- Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
- Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
- FOUR DAYS: That's how long it took to crack Galaxy S5 fingerscanner
- Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
- Did a date calculation bug just cost hard-up Co-op Bank £110m?