1610 posts • joined 15 Mar 2007
I doubt the MD5 vs. SAH-1 etc argument is important, as I suspect large-ish rainbow tables already exist for most common hash functions. At least it was salted, which is more than some DB leaks have shown, though how much entropy the salt has is not stated in the article and that probably is the major factor in the effort to recover a significant number of original passwords.
Re: No, no, no, no and no - this is NOT a technical problem
Yes it is partly a technical problem - because that is what allows other gov to see your data without your knowledge or permission. Cryptography means they need to obtain the key(s) by one means or another, which could be stealthy (e.g. trojan a machine on your system and sniff it that way) or by the more obvious means of a court order.
However, if it is under your control, then at least you know the request has been made by your courts. And it is under a law that, theoretically at least, you have a democratic input on it. You don't get that with a foreign gov, by definition.
As to the possibility of a gagging order, if that mattered a lot (e.g. wistleblower site) you could split the keys to two holders in different legal regimes so they need to gag under to sets of laws. Possible, but it ups the effort and so is only likely for really, really, important stuff. And lets face it, most people/comentards have a far higher opinion of their importance that spooks are likely to have.
Of course, if it is software-as-a-service or similar the data is unencrypted while in use, so not technically practical to protect in most cases. But you could have some shared/useful things like email and dropbox-like document sharing that is decently protected by encrypting the data before it is sent/hosted and relying on client-side processing that works through the encryption layer.
You are perfectly correct - same with Google and Yahoo, etc.
In fact, it is a key "design" feature of any hosted application - they can (and do) bugger around with it and you have little or no choice but to bend over and take it.
Re: And when
If its making enough money it will be available, but once your <choice of tender parts> are in the vice, they can screw you for ever more money because you can't migrate away with any ease.
More likely the issue will be them dicking around with the user interface and what features are available, all without any consideration to what you want.
Sorry, but having all of my sensitive documents accessible on someone else's' machine, under different legal jurisdiction, and subject to secret data requests by another gov - NO THANKS!
If it is on my machine(s) then at least I have a decent idea if access is requested.
Re: Let's run the numbers...
If using a NAS then you need to consider what happens when a HDD fails, and often the raid rebuild will cause others to croak (or at least reveal sector errors). So you should:
1) Use double parity if at all possible (i.e. RAID-6 or similar like RAID-Z2).
2) Perform regular scrubs (i.e. weekly check where RAID system reads all disks and repairs any sector errors).
3) Use ZFS please, as it has much better error checking and correction, and it will tell you which files are trashed (which a lot of file system's don't).
4) Use a server with ECC memory (OK, getting expensive I know...)
I'm not kidding, see the following list of papers:
Re: Use the cloud dude!
Cloud is for sharing (esp with NSA, etc) not for critical backups. Put them off site somehow, but on your own terms (no vendor lock-in, and encrypted, and with a *tested* recovery plan).
Can't say my experience of low-end tape has been good, but equally not so great with optical disks either. Whatever your media is, you need also to plan and budget for recovering it all and re-writing it on to a new medium every 5-10 years to avoid obsolescence (and media degradation).
Personally for several TB of storage I would go with a ZFS-based NAS (ideally from someone who will bug-fix it, so not Oracle). First sync it on-site, then move it off site and do any diff backups/additions that way.
Excellent journalism here, but might I suggest "minge-monger" as the correct adjective for Penthouse's quality service?
Re: Magnetic field
Yes, I kind of want magnetic monopoles to be discovered just so Maxwell's equations have the full symmetry that would result from it:
Good point there, and one that makes me think hard about buying a new laptop:
1) There are mostly nasty plasticy things, except the very expensive ones.
2) Most, and all of the very expensive ones are following Apple's bad example of no repair/service options as the things are glues together, use non-standard parts, etc.
3) The screens are CRAP. I mean, WTF is this business where you have to pay £1000+ to get even 1080 lines resolution? I can get that from a sub-£100 monitor which is bigger than any of those laptops!
A few years back you could get decent vertical resolution from most manufacturers, now it is uniformly crap at 768 lines except for a few at the very top, and most of them (MacBook Retina and Chromebook pixel aside) are still pretty piss-poor at 1080 lines even when you are looking at a near £2k 17" machine.
So no - I won't be buying any of that crap. However, putting Ubuntu on a Chromebook pixel is very tempting if I could only justify the cost...
Won't get fooled again!
"And the partition on NTFS,
is now a partition on ext4,
And the beards have all grown longer overnight"
When, and more importantly, why did the icon move from the left to top-right of the comments?
Now is the time?
before we move from "customer" to "hostage."
This is just the latter stage of boiling a frog, it started with XP's "product activation" and the same thing moved to all of their products.
The move towards "higher margins" via cloud-based subscription lock-in, the means of screwing more out of its customers is no real surprise, as they can see the desktop market and OEM fees under serious pressure now, added to the lack of any real incentive for upgrades. Machines are fast enough for most user's needs, and other than fixing dumb security holes, what is there *new* in most OS to justify the pain and cost of migration?
This sort of move is not going to help MS in the long run, but I can't really say I care much.
<= Tux! Not perfect, but my choice because at least I have the freedom to use it as I please, and to modify and improve it should I have the ability or time to do so.
It seems the fundamental flaw that you are talking about is using software that stores your data in a propitiatory format. Are there not tools that stick with open formats where you can recover data without problems using another vendor's software?
Re: Apple seems to have had a history on this.
No problem, just plug in the Ethernet cable!
Re: .Net was the answe. Too late now...
The problem for Office is it was already developed and in use, along with the VB interpreter, long before .net came along. It has been rumoured that the stuff they did not port for Office, specifically the legacy VB stuff, was due to a lot of it being unintelligible code written in x86 assembly and thus going to be a major PITA to port and debug for other non-x86 platforms.
For Visual Srudio the problem would not be the GUI but things like the JIT debugger that has to hook in to the OS at a really low level to trace through code, etc. That is the sort of thing you really have to write for the native CPU in C and/or assembler, thus it becomes a major project for each target CPU to implement.
For most other software, had they supported win32 API and old-style GUI then compiling it for ARM should have been a fairly painless experience. But they did not, so unless vendors used .Net and are willing to re-do the GUI in TIFKAM they can't be ported.
Given the small market share of WinRT compared to x86 laptops, etc, where you can get a traditional desktop (even if the damn thing keeps jumping to metro for no obvious reason) you can see why the MS store is a touch bare still. Oh yes, and MS wanting a cut for the pleasure of allowing your customer to install it on WinRT (MS store-only) compared to x86 Win8 (any way you please).
Re: So much negativity and none sense
"a full version of Office" - but can't run any legacy VB code, so not full after all, and initially no Outlook which is often a business must-have (fixed yet?).
"a full version of IE" - you say that likes its some advantage, why? Can't you get other web browsers for WinRT that are not hobbled by TIFKAM that MS has not applied to IE? Oh, sorry, forgot about that down side as well...
"the iPad need a lot more Apps to go around it's shortcomings" - really, most iPad user I know (not got one myself) found most things they wanted were free and they had plenty of choice. Hardly a downside, except maybe for Office, but alas - not even a full version on WinRT.
You seem to have misunderstood what I said.
You also seem to have confused 'serious business' as I defined it (those business-critical stuff cobbled together over the years with Office macros and VB scripting - yuch! - and unusual x86-only CAD software, etc) where you need full x86 compatibility and really a decent keyboard as well, with managers who just want a shiny presentation device.
If you want shiny, ease of use and lots of programs, the iPad has a big advantage over WinRT. Even price until recently (perhaps, depends on how MS discount)!
The problem is that such an instruction set emulation would make the machine both slow and power hungry when running x86 stuff, and that removes the advantage that ARM currently has over x86 devices (might be OS issue then just CPU of course).
If you must have a Windows tablet, just get the x86 one and forget WinRT.
"WinRT not bad for it's purpose"
But that is not for 'serious business', as in those with years of Office VB lock-in that has requires code not been ported to the gimped version of Office that ships with the WinRT slabs, which is a reason why they have to stick with Office in the first place.
For other users, yes if it was significantly cheaper than the equivalent iPad/Android set-up it may be quite attractive. But it is not, and unless they are in to loss-leading hardware in a BIG way, unlikely to become so.
"Of course Windows 2000 and Windows ME didn't affect XP market share.... they both predate XP."
However, w2k was rather good and lasted me until 2008, and olny reald advantage I saw from XP was better USB support (which was missing completely from NT4).
On the other hand, ME was an abomination by any accounts, so XP would be a huge improvement on it!
But really, and already said, most folk don't have much spare cash and older PCs work just fine. De-crap an older XP machine, or better still stick Linux on it (as then you can usually do without the burden of AV bloatware), and it will do 99% of what the average user wants for little cost.
"Almost, but not quite?"
Who guards the guards?
How do we know the block list is KP and not used to add other unrelated but politically undesirable sites (as the leaked Australian "great firewall" attempt showed)?
This is exactly why ISPs should not be allowed to have close arrangements with other services, the whole "net neutrality" principle, as they won't act in favour of their customers but for their partner's profit margins.
As this is an European site, if they are breaking copyright law in Sweden, why not prosecute them there?
The blocking of web sites is a very dubious act, almost acceptable in the case of kiddie porn, but really not when it is being used to enforce artificial copyright boundaries that free trade should permit. What is bad about it is there is little chance (or inclination) for a foreign site to fight in a UK court even if it is in the interests of the UK public, so such court orders tend to get rubber-stamped and not subject to any proper test.
Re: UN966 Hong Kong to Moscow
More likely FSB operatives waiting with a bottle of decadent western champaign and a request for an autographed copy of his files...
An article about an NSA project. The advert runs "Office 2013: A Breakthrough In Productivity".
Productivity for whom?
You forgot to mention this is also the site of the UK's best bacon sarnie, as voted by El Reg readers.
I guess probing bacon sarnies is what you do when not following the UK's leading on-line lesbian magazine?
Re: Yeah, right
I hear them, and I am paddling as fast as I can to escape!
How times change
1765, colonial America: "no taxation without representation"
2013, rest of world: "no snooping without representation"
Re: What Security?
That is a valid point, and not just about Android.
It is high time that all devices with embedded software had a legal requirement to provide timely fixes for all notified security exploits for at least 5 years after purchase, along with proper financial penalties for the companies selling such devices that fail to do so.
Think of all of those phones, printers, routers and numerous other semi-smart devices that have a network connection and no one looking after them.
I agree that changing the doctors sex and/or colour makes no sense. But would be happy to see Freema Agyeman again (ideally with less clothes).
<= mine is the dirty mac.
Re: My vote goes to
Yes, I am sure we could all find some way to slip Nigella in...
Re: Bill Clinton
That would suck!
Will this info on "unified communications" cover how best to talk to your NSA handler?
Maybe the looked at the success (or otherwise) of the French before acting?
Really, there is a need for providers to grasp the inevitable which is no geographic limitations and DRM-free formats that users want. The 'stick' of DRM and legal threats has not worked and is unlikely ever to work, where are the tasty carrots?
Re: The Swivel Eyed Loons carry the day
Claire Perry who is both dumb and anti-pr0n has a failed marriage?
Sadly it iis cruel to laugh at another human's misfortune.
Oh wait, its a politician? HAHAHAHHAHAHAHHAHAHAHHAHAHAHHAHAHAHHAHAH...
Difficult to tell if you are just trolling or not.
Who makes up these lists and/or equipment? Last time I looked it was USA or Chinese suppliers. Do you really think they give a rat's cock about what the public should be seeing by the UK's laws?
Really, but on who's definition of illegal? And why can't we see this block list?
Re: Baby steps
There needs to be a way of seeing the block list, and penalising them if they make mistakes. Shame I don't have the resources to force a law decision on the matter.
Hard to say, but OpenDNS works for me and they offer *you* the choice of categories if you want to block stuff home-wide.
Having said that, their system is stupid in needing a client on your home machine so it knows your IP address to match any preferences to, without that it cant be controlled. Should be a router setting like dynamic DNS support.
So who will get to see the block list to verify it is only for pr0n?
Who will compensate any business incorrectly blocked?
How much do you want to bet it will just be for pr0n, as clearly sex is bad, but not for violence?
You are stupidly naive if you don't believe this will be abused for Gov policy, and business reasons by the ISPs.
"Theft of intellectual property has resulted in the greatest transfer of wealth in history"
Outsourcing everything to the cheapest country, irrespective of morals, has resulted in the greatest transfer of wealth in history
Fixed it for you...
Re: @The Man in Black
Some say they are the one and the same, the only difference being the recent dosage of dried frog pills.
"The truth is, my toddler, Kit, responds better to good-looking people"
Funny, for a moment I read that as "my todger, Kit", I wonder why?
Really, it was MS' fault?
Having seen the attitude of most GUI developers, not just Linux but MS and others, where they jump from one way to another announcing that their way is the best, I have to wonder about the underlying idea behind this article:
1) Did MS' vauge patent threats actually matter or get taken seriously, or
2) Did the various Linux GUI designers simply spend too much time with their heads down their Y-fronts?
I liked Gnome 2 and it was such an obvious option for XP-escapees due to its similarities, and yet Gnome 3 was a re-write with the attitude of "users are dumb, lets make all our options dumber" (even if there were technical reasons for wanting to fix some G2 stuff) and the apparent desire to move things around for no obvious reason. See Linus' comments on Gnome 3 for further information.
AFIK Unirty was Ubuntu's attempt at a touch-friendly desktop for small devices with the modern p[iss-poor HD style screens, hence the side icons and default-to-full size operation.
So as afar as the fall of Gnome 2 and something sensible on the Linux desktop it is more a case of incompetence and managements problems of the Gnome teams that being forced off. The same irritating design decisions are also part of MS' TIFKAM cluster-fsck so it seems to be one of industry-wide phone/tablet fixation taking precedence over what a power-user's desktop should be doing.
Re: Less neurotic BDSM practioners?
Most fucked up, really?
Like boxers who spend 12 rounds punching the shit out of each other and sometimes ending with brain damage, detached retinas, or even death? As a sport?
I thought Unity sucked until I experienced a work mate's Windows 8 laptop and realised its not that bad after all. I also think Gnome 3 sucks due to the things removed from Gnome 2 (basically user choice as Gnome seem to be suffering from the same "users are idiots, dumb it down" fascism that both MS and Apple have) but so far have not had the time and inclination to properly try out XFCE or KDE, etc, to see which I think is better.
But...at least I have a choice!
Sorry, but a better analogue is DRM is like someone else installing locks on your doors and promising to let you in and keep others out.
If you behave.
And they can be bothered keeping your support up.
Re: A standard for a plugin by another name
Having a lot of hassle for DRM is good - it stops everyone else getting in to it unless they are really paranoid and have something sufficiently worth while for the end user to jump through hoops.
DRM in HTML5 is going to lead to web sites where you can't block adverts or skip crap or copy prices for comparison, etc, becoming the norm.
DRM has no place in the free world, as it demands a locked-down computer and that is something that anyone with an interest in technology should oppose.
- 'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
- Crawling from the Wreckage THE DEATH OF ECONOMICS: Aircraft design vs flat-lining financial models
- Pics Facebook's Oculus unveils 360-degree VR head tracking Crescent Bay prototype
- Bargain basement iPhone shoppers BEWARE! eBay exposes users to phishing vuln
- Apple's iPhone 6 first-day sales are MEANINGLESS, mutters analyst