1264 posts • joined Thursday 15th March 2007 16:58 GMT
FTL => backwards in time
Relativity, as far as measured/observed sub-light speeds, fits the theoretical equation that implies time-reversal (or at least breaking causality) when v > c (look up "tachyonic antitelephone").
But of course it is not known if the theory holds outside of our experience, and thus if faster than light *is* capable of time-reversal.
@Sean Baggaley 1
You are quite right about making copies for sale or other distribution, and I think (hope?) most of El Reg's readers accept that when you pay for a CD or similar, you get a disk and a license for what is on the disk and it is only fair that creators get some reward for said license.
You omitted the point that you *HAVE* to make a copy of that data en route to the D/A converter to actually use it...
But pedantic arguments aside, my point is that with a CD you can re-sell it and transfer the license on the same terms (i.e. for own use, not public performance, etc). Why can't I do that in principle for the license for digital content?
I know (before you point it out) that it is hard with non-DRM media to ensure honesty in the transfer of the licensed content, but why can't I do it with DRM-infested stuff where they can see the *transfer* of license?
@Into the past?
They arrived at the detector before it should have been possible to know they had been sent
Even if faster-than-light travel is never possible, tachyon communications would be nice...
"Can we just get real.How serious was this? Everyone makes mistakes, anyone who works in software or IT should be very conscious of that."
You are right to a point, in this case no serious damage was caused to the population, etc. However, we are in 2011 and the vulnerability of computer systems, in particular anything using Windows, has been amply demonstrated for all of the last decade.
What this incident shows is a system that might have been fine off-line, without a half billion PCs potentially able to probe it, but clearly was not good enough. With a bit more effort & synchronisation perhaps a determined perpetrator could have wreaked havoc on most of the pups in a region, leading to the possibility of death or injury from disease or dehydration caused by a failure of such a fundamental human need: fresh water.
My point comes down to poking those in charge with a big pointy legal stick (not unnecessary prosecution of genuine mistakes) so that changes are made, and stupidly vulnerable systems (think Siemens and their SCADA's hard-coded passwords) are kept well detached from the internet in the future.
"This is deliberate critminal damage to the pumop and it is very difficult to see any benefit to the perpetrator so why the F**** did they do it."
Two possible answers spring to mind:
1) There is no reason. Just done for idle amusement.
2) Practice for a cyber-attack or a blackmail attempt.
How do they get this?
"a reduction of 10 per cent by 2013 would create 13,000 high-tech jobs"
I can see the argument about the UK gov getting more tax, it may not be that helpful to the UK balance of trade if most of the money goes overseas to MS & Adobe (who are probably the majority case for software piracy by total value).
But where do these high-tech jobs come from? Maybe a few sales drones in PC World, etc, but just how does paying for MS software generate a UK high-tech job?
Perhaps using Linux and paying someone in the UK to integrate and develop thing would be a better route altogether.
I had assumed that most US utilities were private companies doing the gov work. Even so, you find those who made the decisions and work up to the top, as you can still gaol government or court employees:
Why was it on the net? Ah, probably to save money.
Were the risks considered? Probably not, or ignored to save money.
Who ultimately took the decision (or applied budgetary pressure) that traded-off safety for running cost, and was that an acceptable risk or one that represents criminal negligence? If is was a windows-based box with hard-coded passwords, then negligence is the only answer.
"Permission isn’t property. A license isn’t property."
So why do companies claim intellectual *property* is so important?
Really, if I pay for something, and later decide I don't want/need it anymore, why can't I re-sell it? It works fine for physical goods such as books and CD/DVDs, so why not for digital purchases?
I know the practical issues of copy vs original, but in *principle* why can't I resell something I paid for *irrespective* of what those who originally sold it might want?
"raised serious concerns about the ability of the US government to secure critical infrastructure"
It is not there job to do so, it is the water company.
But maybe if the US gov made the CEO & MD of such corporations liable for gaol time for allowing such a serious breach of good practice, i.e. putting critical infrastructure on the 'net WITHOUT the software suppliers (MS et al) backing that up with a matching warranty of fitness for purpose, might just help to get such things fixed though.
Not twice, for sure...
@I believe you should *reconsider* your position
"A computer is a machine, a machine is absolute, why in the world would you want to feed it with imperfect time subject to random external variations causing more and more issues as processing power grows ?"
(1) Machines exist to serve *us*, we should not have to change to suit them.
(2) It is already a solved problem, just most programmers have chosen not to fix it, or are ignorant of the issue.
I'm not saying all of current systems are ideal, for example ntp & tz data should be updated so your normally patched OS have all of those troublesome adjustments delivered automatically (and maybe optional dynamic TZ selection for moving installations such as a ship etc), but really it is not such an impossible task to do.
"and GPS systems in particular suffer when leap seconds strike"
No they do not! GPS maintains it own 'atomic time' and has a UTC-GPS offset that is steeped as required. It was designed by people who knew what they are doing. Same goes for most astronomical systems that rely of TAI, etc, etc.
This is, or should be, a non-issue as there are plenty of solutions out there. What we have is really a debate about trying to fix broken software by changing how things have been done for years, rather than getting those behind such systems to fix them.
If you NEED to worry about leap seconds, get you own system fixed!
“This is a problem for US engineers, not politicians, to solve and we will get it done.”
Did they not lobby for change-of-use for that band, knowing full well the issues of GPS power levels relative to any neighbouring systems?
In other words, ignoring engineering and hoping politics will force others to change to suit them making money.
Good & bad
Good point is the appearance of tape-raid, but surely they are not the first to do this? After all it is a simple adaptation of disk raid but with (presumably) some optimisation or HDD cache to get round the tedious linear access of tape.
Bad point is WTF do they quote 3:1 compressed sizes for? Who actually sees that in practice?
I suspect that if you are similar to FB most of your data volume will be compressed images (maybe compressed PDF docs in business environment) so you won't see anything like 3:1 compression. Maybe if you have a lot of sparse VM you might, but really that is a con.
"Don't all sensible operating systems automatically render Postscript to whatever wacky format the printer supports behind the scenes?"
Have you thought about that statement?
Just how do you do that if the manufacturer is not willing to supply documentation for the whacky format? It is all very well to assume all printers have a Windows driver, but for what versions of windows? And what about a Mac driver? Or Linux?
That is why I asked about compatibility, and why the other comment about postscript is so relevant - it works and is OS-independent.
I think you will find the Chinese students are far smarter and more adaptable to technology that that sad example of the worst of USA education.
Guess which country is growing and going to win the technological future?
Tux, you don't need to be fiendishly clever to be his/her friend any more.
@A better way of catching criminals...
Can't we have exploding collars for them that log everything to do & see during their term in office and for a year afterwards?
If they do wrong we get to push the button...
Could be a popular TV show, you listening Mr Berlusconi?
@Sean Baggaley 1
"unless you're aware of some magical non-standard, yet somehow ubiquitous wireless media and file transfer protocol,"
Er, its called "USB storage device" and it allows you with nothing more than a USB cable to copy to/from the device on any OS without a pile-o-shite like ITunes/Zune.
"SD Card support is idiotic on a smartphone when they already have built-in 3G / 4G and bloody WiFi"
Er, no its not. I can change my phone's 2GB storage to 32GB+ for a FRACTION of the cost some suppliers would charge. Also I can swap cards to remove personal data at repair time (how do you wipe/factory reset a dead phone's internal storage?) and/or to swap in any apps that need a lot of data easily, like a detailed map of Europe, etc.
@A system devised by idiots
Probably some smart folk in the 80s when this was the only viable way to do it within a (still bloated) power budget.
That is not a vote of support for DAB, just an indication of how long drawn out it is and they lack of foresight (and political fallout) or mandating another change to allow DAB+ or better to be used and thus dumping exisiting DAB radios. By the last 5 years there should have been a requirement to support DAB & DAB+ automatically so they could migrate multiplexes as radios were replaced, but that would have been too sensible and/or upset manufacturers trying to save a few pennies.
But simpler still just stick with FM as there is no *compelling* reason for DAB (cost, power efficiency, sound quality in most cases all being worse).
@lobs in molotov and runs...
Yes, but now with code signing on MS' behest.
Macs allow you to boot other systems. Apple don't care about this as it makes their pricey computers a better value proposition for those who need fast Windows (e.g. gaming) or Linux support without using a VM.
Interesting point, as once installed you can't detect the Trojan as the OS can prevent any user-space software from accessing those files (or re-direct to untainted copies), and you can't boot a 3rd party or 'open' tool to perform an untainted scan.
Germany has already got laws to allow such state-sponsored 'malware' in the name of law & order, Turkey has apparently done the same.
The Stuxnet malware, variants and a few other Trojans shows others are able to compromise the chain of trust in driver signing by one means or another, either as criminal gang stealing from the companies, or from MS via a state-sponsored link. Tinfoil hats discus..
Unless the PC administrator has genuine control over the UEFI booting to allow 3rd party tools to work, this is a massive step backwards in freedom and security.
"the sound quality from my little DAB box in the kitchen is phenomenal"
YMMV! My experience is limited to one or two dual DAB/FM radios of decent quality and FM was better in both cases.
OK, I know this will depend on your reception area, etc, but there is no compelling argument for DAB in my mind, and I would hardly call tuning a difficult task!. I like things to run for a long time on battery power, and see no need to replace a few older radios yet - just more landfill to be disposed of.
So is dabs/BT direct broken
I have been waiting 10 weeks for a refund on a failed PSU from them.
For similar problems with the local PC store 3000rpm you get it swapped there and then (if in stock), so why can't big organisations actually manage things in any reasonable time?
dabs/BT also used Yodel to collect the PSU, that along took 4 weeks until they actually came, but I don't know quite who was to blame :(
Indeed, it is doubtful that it would ever be more useful than addition to conventional warfare (e.g. take down defence or support systems as part of an attack, etc) but probably will kill someone at some point.
Just now it looks attractive as a terrorist tactic (state or group) partly due to the fact people are so easily scared you don't have to achieve much to cause panic, but also due to the easy of covering up just who was behind it.
But hopefully we will see the bosses of key infrastructure being lead to gaol for criminal negligence for having the likes of an unpatched Windows box running buggy software linked to the Internet which made it all possible.
Not because malicious damage was possible, it always was and will be, but because they did what only a moron would in terms of known security practice and made it easy to do remotely.
Can it EVER be any good?
I wonder - you have the risk of a compromised PC, quite possibly via a VM-like rootkit so it is virtually undetectable by AV or anything running in the OS, and try adding another OS-level bit of software that somehow is going to stop the keyboard/mouse/monitor being recorded and sent to a 3rd party?
Just how is that supposed to work?
As pointed out elsewhere, what is needed is a "2nd path" of information that is much harder to guess, such as the RSA key (assuming the morons learn and don't keep the keys to everyone's kingdom in the one place) or a mobile phone (unfortunately assuming said PC-monkey won't just install a Trojan on it as well).
Can we have a 'snake oil' icon please?
It might help if I could spell "Stuxnet" but I imagine you know what I meant.
"P.S. What does the "windows user" icon represent?"
I think it is a down-and-out with a can of cheap lager, but maybe I know nothing and am simply talking through the wrong orifice.
Paris - choice of orifice...
OK, this sounds like a dumb question, but here goes to all of El Reg's readers who actively manage these Windows-based SCADA systems:
Why have these systems:
(A) not been patched to remove the compromised certificates and known vulnerabilities that suntex used?
(B) used on networks where odd traffic to unknown IP address is not throwing up warning bells left right and centre?
Sadly this is what it comes down to, cost & convenience versus security. And guess what is the usual winner? Maybe if you're boss' pension put on the line if it gets hacked it might look different...
I suspect it is not beyond belief that dedicated encryption hardware could be deployed so you have a secure VPN that only terminates in another dedicated local machine without general internet connectivity at either end?
Maybe less secure than an air gap, but better than having a general computer (and probably a Windows PC) with internet access.
Once upon a time (8.10 to be precise) I tried Ubuntu and liked it, it was Linux that was easy to set up and use, and most things worked fairly intuitively. Friends & family used to XP would have no problems I thought, and indeed they did not.
And what happened?
They spent a lot of time dicking around with the GUI for no real benefit, while failing to fix packages that were important, such a Nagios (still broken for 10.04 LTS on daylight saving change, a YEAR after it was reported and was already fixed by the developers), Rhythmbox (stopped syncing to MusicBrainz even though the changes were known about and discussed since 2 YEARS ago), automounter broken with NIS due to unpredictable start-up sequence with Plymouth, etc.
Is the world so full of short attention-span people that an ever-changing desktop (and thus demanding help/training to all non-geek users) is more important than making the damned thing work?
Why do Unity? Indeed, why did they waste time on GNOME 3? No one is shipping a tablet with Ubuntu on it, and realistically no one will (Andriod is the choice for all who are not Apple or MS fans).
In my view it has simply pissed off a lot of users and serves to illustrate at least one reason why it never will be the year of the Linux desktop. Work put in to stuff that is simply visual fluff, and not in to making things 'just work'.
Trying to get the mushroom cloud back in that shiny ball of plutonium?
@I'm begiining to wonder
The lesson is not a new one - keep your secrets off any internet-connected machines. Have two networks, one private for all important stuff, one public-facing for customer related activities.
Old school physical entry or compromised staff are still ways of getting raided, but you no longer rely on the integrity of a billion lines of code written partly by low-cost code monkeys and peddled by vendors who are market focused (e.g. add features to sell new versions, rather than fixing problems).
OK, this won't happen due to cost and convenience issues, but its not exactly rocket science to avoid internet attack vectors.
@AC 22:25 GMT
You don't get it do you? It is not the existence of a pr0n filter should *I* choose it, it is the mentality that 'gov knows best' and once such a system is in place, there will be function creep.
"Do you let kids into Pubs, Strip Clubs, Bookies, etc. etc?"
No I would not, and that is acting responsibly.
Delegating parental supervision & education about the world in general, and the Internet in particular, to a gov-mandated filter is NOT acting responsibly.
"It's the sort of thing that ages ago we used to call friends and family"
Somehow, that statement alone is sadder than the whole intrusive nature of the insurance business they are getting in to.
The internet is for adults, not children. Why can't they look after their own kids and leave the rest of the world alone? Its called parenting, look it up.
And what is next on this religious/political moralists agenda? No work on Sundays? Nothing the gov deems to be harmful to public morals? Inconvenient for their business buddies?
I had hoped we had seen the last of the Nanny State for a while, but sadly political 'leaders' (media whores, more like) just can't resist the temptation to meddle in people's private lives.
I agree with you!
Except about Tesla, he essentially invented polyphase power distribution using AC, and the impact of that in terms of providing us with the power grid and cheap electricity (due to low losses) in hard to under estimate.
And now the end is here
And so I face the final shutdown
My friend I'll say it clear
I fondled my slab, of which I'm certain
I've lived a life that's full
I travelled each and every information highway
And more, much more than this
I did it my way
"Recent versions of Firefox, prior to the 7.0 release, were memory hogs that had a tendency to crash all on their own"
You mean they have actually and *finally* fixed the memory leak/bloat that has seen our browsers gobble 8GB+ of memory?
"All those software patents creating havoc in the western world"
Sorry, I think you mean "havoc in the USA" as most of them are not valid in Europe due to the differences in what is and is not patentable. India is also quite competent to decide for itself if software can or cannot be patented, and hopefully will show greater sense than the USA in this area.
Sadly, maybe not for long before we in Europe have that time-wasting burden forced upon us.
We will have to wait until the analysis comes out to find the truth behind this fisaco. However, my suspicion is one of the developer's home PC was rooted, either due to carelessness or from some package in use (or development) that was flawed. Once rooted, the hacker had a 'free pass' in to the kernel development machines, etc, due to that developer's trust level.
Why has this not happened to MS & Apple in such a spectacular manner?
Probably because they don't allow anyone outside of their corporate network to access any of the development machines. When you think about it, keeping a globally accessible system safe is SIGNIFICANTLY harder to do.
"Spotify made its users' private listening data public, at the same time as making Facebook membership mandatory for new signups"
I have an old Spotify 'free' account I have not used in a while, but if they are going to make FB part of it, then its time for a single-use email address and a fake FB ID.
Exactly, there is NO EXCUSE at all for a browser plug-in or document reader to run as anything other than a user-privileged program, so causing an OS crash should be all but impossible.
Oh silly me, this is Adobe & IE...
@There's more to worry about....
I still use w2k for some things because it works well enough and I don't want to pay for changes that bring no direct improvement to me.
Of course, it runs in a VM now so I don't need to worry about hardware drivers, nor do I use it for email/web browsing/etc so security is much of a headache than when it was new & supported...
Tux, my friend.
@AC 19:15 GMT
"unless your willing to slay *every other* IE6 app we can't upgrade every desktop to any other browser."
Can't you provide a standard environment with *two* browsers?
IE6 for the crapppy written stuff.
Something else for everything else?
Maybe even a software firewall so IE6 can only connect to local IP addresses to improve security if anything can reach outside. Though given its lubed-up nature in Windows that may be difficult...
That might be part of the reason, as if you can verify the boot loader, it can then verify the rest of the system* and so stop hacks that check for invalid activation keys, etc.
I don't care about MS screwing it users for non-licensed software, if you want Windows then pay for it. What I do care about is such a system being abused to prevent alternative OS from running.
Unfortunately if you can bypass the boot check, then you can also bypass all other DRM/license protection steps (given the time to hack the OS components). If MS are only doing this to stop root kits, fine, but I can't see it being very useful (in this context) and open at the same time.
* time-dependent of course, how long to check the signatures of a multi-GB OS installation?
Key holder matters
The issue is not the 'secure' boot by verifying the OS, that on its own is good for everyone (Linux, MS, Apple, etc) as it allows protection against pre-boot root kits.
The issue is who decides what can boot.
If the UEFI loader just stops and tells me this has changed, and do I want to accept the new signature, that is fine for me and nothing is lost but I have gained control over unexpected changes to my boot loader. Maybe have a UEFI password so only admin can change it (like current BIOS offer for boot sequence, etc).
Of course, it then makes the whole "security" push rather pointless because, as we all know, asking the (l)user if they want something or not is a recipe for disaster when it comes to security.
Even so, if you can root the OS while running, then you could flash the UEFI firmware to disable this before loading the pre-boot root kit. Also how long until the keys are compromised as for DVD/BlueRay/HDCP? It helps of course, but short of a physical switch to disable motherboard updates, it is only a bit harder for the bad guys.
So maybe a mandatory configurable option in the UEFI menu to enable/ask on change/disable would OK. But on MS' past behaviour I have serious worries about the openness of it all.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- NSFW Oz couple get jiggy in pharmacy in 'banned' condom ad
- Exploits no more! Firefox 26 blocks all Java plugins by default
- Shivering boffins nail Earth's coldest spot