Re: Air Force General Hawk Carlisle
I wondered the same! OK, not quite as sinister as General Jack D Ripper, but a triumph of naming nevertheless.
Paris, as she could have my precious bodily fluids...
2758 posts • joined 15 Mar 2007
I wondered the same! OK, not quite as sinister as General Jack D Ripper, but a triumph of naming nevertheless.
Paris, as she could have my precious bodily fluids...
I don't want to blame the victim for being robbed, as that is a crime no matter where it takes place. But I do wonder why would you turn up in person to pay by bitcoin?
As far as I can see its main reason for existence is for electronic payment, and more so for use outside of the US-controlled credit card and Paypal corporations where it is hard to trace and hard to stop (e.g. wikileaks accounts being blocked by US gov pressure). Of course the "hard to trace" aspect appeals to criminals just like wads of cash, so maybe they pushed him for a bitcoin transaction knowing that.
I wish her all the best for a speedy recovery.
I still find it hard to believe that in my own lifetime that kiss was such a big deal, but then looking around the world today at some of the morons out there it is less of a surprise.
OK, you don't like sanctions.
Now how do you propose the West can impact on "the criminal government staff" without starting a war?
Sure, eventually something important will be hacked and people will die and, maybe then, will organisations will finally wake up and stop putting critical stuff on the internet at all.
Hell if you had to audit your whole system and get risk-based insurance for such design-decisions we would hardly see any such risk, as then systems would be properly secured and so take physical access as well as cyber skills to damage.
Just now there is a sporting chance of a few script kiddies taking a pop at critical stuff because a many years old and unpatched (or unpatchable) system is now exposed to "save money" and "improve productivity" in an important infrastructure or plant somewhere.
NTP is better than Windows SNTP by many order of magnitude
A typical Windows installation (thinking desktop here) has, by default, a time set once per week - so can be out by minutes at times. Even if you set the frequency to once per hour (registry setting) you are lucky to get better than 1 second.
NTP on a WAN typically give you accuracies of 10ms or better (so around 100 times improvement)
NTP on a LAN with decent time servers (e.g. machine with very good hardware clock or local GPS) gives you accuracies of the order of 0.1ms or better, so around 10k times better.
Often the question programmers should be asking is why am I using time, and is that actually the best way of determining order and sequence?
No, the UNIX time_t follows UTC and so is not able to perform correct time duration calculations over the leap-second period as there are discontinuities at those points.
A more general problem with programmers is they use "clock time" as a substitute for "order of events".
This works well if all events are being recorded with consistent time stamps, say for conditional compilation on a local machine where you can check if the .o file in one location is older then your .c file in another, or when you pressed the "build" button in the GUI, etc.
Things break due to time faults: such as the same conditional process on a network file system where the time stamp of some files is due to the servers' clock, and others locally are from the client's clock which is different, or the file system's time resolution (e.g. 2 seconds on FAT32 as a worst case) is now greater than the interval between steps, etc.
Then we get in to all sorts of debates abut keeping leap seconds to work around dumb programming. But really what the programmers & software architects should be asking is down to the ACID database situation - how do you guarantee correct order of events in a process if the local clocks are not fully in sync?
Time-obsessives have two things:
1) Atomic time, which is precise and monotonic (the spherical cow).
2) Human/civil/UTC time that follows the Earth's rotation (upon which our concept of time and units were based). And there are differing degrees of the (look up UT1 & UT2 if you want to know more). This is your real cow, and equivalent choice of Frisian, Aberdeen Angus, etc...
NTP handles leap seconds in the "correct way" as far as it is defined, in that it makes UTC follow its defined values. The problem in the more general sense is you have two concepts of time, you have:
(1) The UTC/Civil definition of days being 24 hours, of 60 minutes of 60 seconds always, along with a formulae for dates that make up the Gregorian calendar (lets keep quiet for now about other calendars).
(2) You also want for various reasons staying in approximate synchronisation with the solar time - i.e. that at, say, 0 longitude the 12:00 local is, on a yearly average, the time the sun is overhead.
Now the second is define these days with extreme precision, but the Earth's rotation is variable and, worst of all, not quite predictable due to stuff moving around inside as well as tidal friction, etc.
The correct way to do all of this, of course, already is known and implemented in some systems that really matter, and that is to have you clock keeping "atomic" time that has no discontinuities, and then to apply a leap-second correction to get "civil" time. See:
That is exactly how the GPS satellites do it, and their own GPS time was in sync with UTC in 1980 and is now 16 seconds different.
What is a problem for more software when it comes down to second "accuracy" is the most computer libraries are based on (1) and:
a) They don't quite know how to deal with the 59-second or 61-second minutes that happen when you get a second removed/added.
b) Also to perform the conversion to/from atomic time you need the offset values and as they have to be updated as the Earth's motion is observed, so it is hard to do correctly on anything stand-alone. You then would need internet access and the security problem that brings, and the grief caused when in a few years some web developer stupidly change URLs of important data for no obvious reason when tarting up sites.
Finally, there is a project (which I have not checked/tried yet) to give you a local NTP "fluid time Wednesday" effect here:
NTP handles this correctly.
Most OS can handle it correctly as well, but from time to time (groan!) someone changes the time-handling code and then fails to test it on leap seconds and you get problems, like the Linux glitch a year or so ago.
You can get GPS simulators and create your own NTP servers that push out this sort of thing for testing, so its quite possible to do, but people don't. And the results are predictable. Of course, you also get programmers doing dumb thing to implement delays, etc, rather than using the proper OS calls, leading to more bugs.
I personally think they should step the second backwards and forwards every Wed for a couple of months - then we would get OS and application software tested and fixed. One can hope they would fix it...
"If you yourself are not clever enough to use github in a secure manner"
So Sir, were you clever enough to notice the bad random number generator in Debian's OpenSSL? Did you in fact report it and help fix things?
If not then STFU and get on with something more useful. The call is not for GitHub to hand-hold users at any point, but to notice said compromised keys and warn users about them. Those keys, most likely, were generated years ago and then kept even when the user's OS was updated to something that has that bug fixed and they probably forgot which version of number generator was used to generate them originally.
"DHCP exchange) from being poisoned by a man in the middle?"
DHCP exchance is on my LAN and so under my own control. Not perfectly immune to attacks as they could p0wn the router, etc, but far far harder to do than out on the WAN.
"What does DHCP have to do with HTTP/HTTPS?"
Don't certificates sign for a given IP address? What if that changes?
"Also, you do a dis-service to systems admins/engineers by repeatedly writing that only developers can manage redirects and handling the nuances of making SSL work"
OK so who patches old expensive colour A3 laser printers to add SSL support? Have you seen much sign of software patching/upgrades even for new/recent printers?
"they'll still prevent man-in-the-middle alteration"
If world & dog just ignores dodgy or revoked certs (like Google do in Chrome) when so many stink and/or change for no good reason, then what is to stop an ISP doing a proxy with some self-signed cert for everywhere?
Yes, like the shitty business of defaulting to US Legal paper size on every update on *NIX platforms. That bug has also been open for more than a decade. Maybe a small amount of time fixing stuff would bring more happiness to users than pointless dicking around with GUIs and pushing policies out that break things?
Vaccines have considerably less of a down-side that not being able to access old sites and local printers, router config pages, etc.
Forgot to mention network printers - how many of them support https? And how well is that going to work with DHCP?
Indeed, they tried to with pointless GUI changes and "lets copy Chrome" approach to hide and obscure menus and other featured of interest.
Why stop there? Why not also break access to your local router, home NAS, and lots of old but interesting sites which the owners of have died, moved on, or otherwise given up maintenance on?
Really, some developers seem to spend their day in a jerk-circle reassuring each other that they are right and the rest of the world (i.e. the users of their product) are fools for not agreeing.
"but like real democracy, it only works if every person has one vote"
That aspect appeals to the idea of fairness - that the robber barons, etc, don't get to dictate over the views of the proletariat by virtue of money or connections.
But the problem with democracy in practice is the same as MS has, the voters are often ill-informed or idiots, and the choices they have have been pre-selected by a few with vested interests.
However, it should also be stressed that GUI stupidity is not a MS exclusive, as we see various flavours of Linux desktops, browsers like Chrome and Firefox, and the anointed "master" of GUI design Apple all pushing unwanted and/or ugly and/or irritating changes our on long suffering users.
Really what a lot of people don't want is just that - change for no good reason (as they see it). Would I be so pissed off with the Office ribbon if there was a small config option to put the menus back as they were? No. Same for changes Gnome has made, etc.
You seem to have ignored the part that it will be the service operators who hold the data, not the police. so they have to make a request, with justification I hope, as they currently do for phone billing records.
Also it might not be a case of you being a criminal, you might also be the victim and said short-term metadata might be of help.
I doubt very much that data retention has helped stop terrorist attacks, etc, in spite of all that Gov around the world claim as the justification.
However, I can see some use for normal policing of being able to access recent data (maybe several weeks as the Germans appear to be proposing). For example if someone goes missing in suspicious circumstance to find the last place their mobile was seen at, etc, or if someone is accused of committing a crime in a given location/time window.
The real issue most folk have about data retention is (a) the time-scale and what long term hoarding that means for digging dirt on those who fall out of favour, and (b) access by world+dog in government on the slightest pretence, and (c) feature-creep when it becomes useful for something else that is profitable, etc.
So personally I don't have a problem of short-term retention of several weeks and all access being by a properly justified court order.
"Nautilus, the default file browser which has about 30 per cent of the features it once had"
And that kind of sums up the whole GNOME 3 experience. In fact it seems to sum up the majority of GUI changes these days, pointless tinkering with eye-candy and the removal of features that some up-their-own-arse developer decided you didn't really need.
Sure its not the Wirrn?
Thanks for an interesting article - certainly I had no idea of the definitions used, and how by-product elements are, by definition, ones without reserves.
I think it's an Igor you are looking for...
(don't worry one will appear behind you as if by magic)
Really, are people STILL falling for that one?
Another minor aspect of the Umbongo "soft drink" was it would not ferment.
In spite of claiming to be fruity juice there must have been some non-volatile preservative in there as even boiling it up, then cooling it and adding yeast, etc, failed to produce any viable fermentation.
I'm sure you will understand how important this information is to your whole day...
Out of curiosity (and really not trolling here) can you point to an example of the agreement so other commentards can judge?
Exactly - that is what proper reviews and feedback is for, to let potential buyers know if its any good!
That and a half-decent try before you buy option to let you see if it really does what they claim.
I'm not sure even XP was worth it. I bought w2k and it was pretty good, but then the only noticeable feature it added compared to NT 4 was support for USB stuff, and I turned off the Fischer-Price menus and went with 'classic' which made it more or less the same.
Most folk who need Windows and have an interest are using Win7, which is basically Vista fixed, and only a few with 8.x even though there are underlying OS improvements. But as you say, its boring and nothing an OS does is exciting, more what it doesn't let other do to you that matters...
So most Windows sales will be down to replacing failed/obsolete hardware, and these days its either broken in a year or so due to a fault or works for 5+ years as a decent enough machine (gaming, etc, excepted).
"If one doesn't want it then its a 30 second operation to turn it off. What is the problem ?"
"If one wants it then its a 30 second operation to turn it on. What is the problem ?"
There, fixed it for you.
Or do you really think we should all be treated like morons and/or sheep by the ISPs & gov in order to keep a few frothing idiots in Westminster or on Mumsnet happy?
Sad to see any business go under, but we have not used that distro since around 2009. I quite liked the 2007 era desktop and it worked quite well and also I bought a bootable USB with it pre-installed which was quite a novelty then.
But they messed up and we moved to Ubuntu. Who also messed up post 10-12-ish, but they seem to be the best-ish around for general use and sadly most others are also going down the "make it dumber and uses systemd" path.
You are partially right, in that its hard to get anyone to understand stuff like cryptography in the first place, let alone to apply effort in to making it better by review and bug-fixing.
But you are also wrong in two very important ways:
Firstly having something open makes it a bigger risk to back-door, and certainly makes it very hard for anyone to be offering it and not to have the come-back if they were the one putting in back-doors or spyware. With COTS stuff you have to take it on trust, which is low these days, or to try and intercept all communications with wireshark or similar and to decode/decrypt them to find out what is happening. Are people willing to do that any more common that those willing to review open source code?
Secondly the idea that open source is not needed any more is utterly wrong, as today perhaps more than ever, we are seeing a "walled garden" approach to machines where some company decides what you can do with your own hardware, and what others are allowed to offer you. Similarly having data open only works if (a) the format is published AND correct, and (b) you have access to alternative software to make use of it. Without FOSS options there would be no pressure on the likes of MS, etc, to even pretend to offer open standards and protocols.
Remember how it took an EU anti-trust suite to get the SMB/CIFS protocol opened? Or how Oracle tried to sue Google on the basis that APIs should be copyright and thus no one can make interoperable code without a license?
We see more and more reasons to use a Tor-like system for everyday browsing, and it has nothing to do with legality or otherwise, and all about basic privacy. No need for the multi-hop effort of Tor, just a system (even browser plug-in) that randomly redirects your request to others in the same country as the target web site (so it can be presumed the content is legal there) for the short term path. That and keeping each tab private and deleting automatically on closing so cookies, etc, are not shared between sessions or sites you open separately. And also makes everyone's browser look like one of a very small set to render fingerprinting pretty useless.
A shame that web browsers are not really interested, instead keep pissing away effort on ever more useless GUIs and advertising revenue options.
MS are quite right here. There should be a proper and judicially supervised system for accessing any data, and some process by which it is reported beyond the investigation.
Sure, MS and similar should freeze any records from deletion immediately on any reasonable police request, but to actually get the data there ought to be a proper system of oversight and one that will protect journalists, whistle-blowers, etc, form abuse by those in power.
Same for unsecured 3D printers. Its all about the willy...
Better solution is for the OS to give the user the choice of permissions to allow, with default as more or less none. Then make the app developers justify each and every one of them before they get ticked.
Sure it will piss off a lot of 'free' apps where the business case is about whoring you from advertiser to scam artist, but maybe the long-term result would be a lot better.
"catching binary stars in this short-lived phase"
That is short-lived by stellar life times, still long as measured by our humble time upon this Earth.
Opened a nice bottle of wine, sat back in my chair, and laughed.
Seriously, I have enough problems of my own without worrying about other's...
The gov paper is surprisingly sane and well thought out. Basically it says trying to ban stuff like Tor is a stupid plan as its difficult to do and would make the jobs of police, etc, harder in practice.
It remains to be seen if technically stupid and knee-jerking politicians listen to those who know something about the subject though...
Is it not closer to tree cum then?
Are systems still not filtering this stupid (but obviously effective) trick some 20 years after the dumbness was first noticed?
Strewth, as our antipodean cousins might say.
Come now, what a silly suggestion!
If MS were to offer a correct list of file sizes and SAH256 checksums for all genuine files where would you get that joy of AV software borking your machine by misidentifying MS's own software?
I think all but the most hardened freetard will accept the piracy reduces sales, but many would argue that things like stupid geo-restrictions and flaky device-specific DRM have a much more negative effect on sales of legitimate content.
But if you think El Reg's commentards are bad, just take a wander over to TorrentFreak. The articles there are very well written and often news-breaking, but the comments are often depressingly dumb and knuckle-dragging.
I think this is what you mean:
And indeed there was an element of Dr Strangelove being a documentary not a black comedy.
If it works as well as the demo they did a year or so ago it will make such videos tolerable!
No longer having to sit though 30 minutes of tedious juddery video when you can swoop though in 5 minutes of vaguely interesting and stable footage.
"Never mind the quality... feel the width."
Are the pr0n studios interested then?
If you are not doing massive images, etc, you might want to create an XP or Win7 VM and use that for your photo editing. I have a few VMs with old CAD and editor software just for that sort of job - saves my having to dual boot now.
Also for most VMs (certainly VMware player) you can save the VM state mid-operation so you can then shut down or reboot your main PC and then later resume the VM from *exactly* where you were...
You might be pleasantly surprised by dosemu for Linux as a way of running 16-bit code. Its not perfect (but then XP's NTVDM wasn't either) but you also have some options to customise it or even fix problems if dedicated and smart enough.
Also if you are brave/foolish/need it you can give dosemu direct hardware access to certain I/O ranges or interrupts, this can be useful for some cases when you have special hardware.
We do, and it allows our 22 year old software & custom hardware worth £££ to work just fine. You get the simple DOS "so what you want" ease of doing I/O but with the relative security and remote maintenance of a modern OS. And good time-keeping if you configure dosemu to use the host (NTP adjusted) time.
Sure we could have re-written our software to use different OS (and had to do that multiple times going to various Windows HAL changes, maybe then to Linux to escape the product activation and similar silly buggers screwing things over at inconvenient times) but why? It works well, has hundreds of equivalent year of debugging already, and after spending 6-12 man months of time & cost it would have done EXACTLY THE SAME job. How do you sell that to your business manager?