1375 posts • joined 15 Mar 2007
Kind of obvious
Really, spying by internet means is such a gift to the whole espionage business really: much less risk, easier deniability by "out sourcing" the work western-style, and generally a whole lot easier due to the lack of security in a lot of organisations.
That, it seems, is due to fundamentally crap software (think Adobe flash/reader, and office 'run anything' features here) and mismanaged configuration. I think 'mismanaged' is a good term, as it is partly down to BOFH failure, but for more often due to the PHB demanding things are done to make his life easier.
Still, it is Xmas time and we can have a good laugh at the fantastically inflated loss figures attributed to 'IP theft', helps oil the snakes...
How long do you reckon before the system is hacked/broken?
Given that stuff always ends up on TPB anyway, why waste so much time, money and consumer aggravation futilely trying to prevent it?
"would you keep coming back to the same place?"
If the filming was cheap...
There are few sat phones in use, or needed, in most populated areas. Compared to peppering the urban areas and roads with GPS-interfering ground stations it is a negligible issue.
Not as simple as "Additional filtering would add a few bucks to the cost of a receiver". You forget to consider the size impact for portable devices and the increase in system noise due to the filter's loss (which gets bigger as you make it narrower and 'smaller' for a given material choice) wich impacts antenna requirements and/or the ability to work in poor reception conditions (indoors, under forest canopy, etc).
Further more you also neglect the power consumption implications of higher overload margin LNAs, mixers, and low phase noise local oscillators (as even a very good pre-LNA filter won't stop everything). Again, that works against battery powered stuff, which you might notice is a common GPS requirement.
"may explain various Landrovers with sat phones unexpectly ending up in a river" - I am willing to bet that is usually a faulty meat-based processing issue...
Glasgow has one, something guaranteed to rile Edinburgh folks...
Dundee has a Stormfront 'premium reseller' (whatever that means) which seem to have much the same ethos in terms of civilised staff (and I don't even own any Apple stuff).
@This is business guys...
Ideally yes, but if it is then it is really badly thought through.
I like/liked Ubuntu a lot, and I have no problem whatsoever about Canonical making money out of it. I just wish they listened and thought through things a bit better. Here is my main gripe list:
1) Changing user interfaces FOR NO GOOD!
Moving someone from XP is hard, as most non-geeks don't want change and just want to keep doing things without the diet of worms that Windows offers them.
Gnome 2 was good enough for that. Maybe Ubuntu's hand was forced with Gnome 3, but really I feel saddened by the loss of 'normal' GUI design and am now looking to XFCE as an escape.
2) Not fixing bugs.
I know of a few that I have participated in the reporting / diagnostics and they are being ignored, even for 10.04 LTS that is *supposed* to be supported. In a few cases the community has already fixed/moved on but nothing has been done to make it 'just happen' with Ubuntu updates.
3) Changing package choices (related to #2).
Why can't they choose something and stick with it? For example, dropping Rhythmbox for Banshee as sound player, or F-Spot for photos. Sure they were not perfect, but why should users of a non-geek type be forced to learn new stuff and system admin foreclosed to train/support changed for the sake of it?
Shades of point #1
While I am happy with things being added like like Ubuntu One for cloud storage/backup, or for paid apps in the repositories, it should not be at the expense of dumbing down package management to the point of uselessness (WTF dropping version & dependency info?).
There is a big market for an alternative to XP that is 'free' as in speech, and maybe paid for extras, but that is not going to be tablets. Cheap & old PC can use Linux/Gnome2 style software and users liked it.
Don't piss them off...
God save me from tablets!
WTF is this obsession with tablets? I can see MS wanting to catch Apple (money there) but who is going to SELL a tablet with Linux on it that is not Android? And who is going to change one to non-Android Linux (OK if you are one of the sad few to get a Windows one, maybe...)
My beef with Canonical is the rush for change at the expense of fixing things. And I think Gnome 3 & Unity are a bad move and a waste of developer time. Time they could have spent fixing things :(.
I would be much happier with Gnome 2 being kept as an option as its much closer to the last 25 years of GUI use, so friend & family don't need re-training every 6 months when they bugger about.
Why can't the leave them alone? They have every right to be out there as anything else, humans included.
These people seem to fixate on the occasional wolf/fox/dog incident and conveniently ignore the death and injury due to cars (and other human activity) which FAR outnumber them.
And if anyone says "but if it saves one child" then I hope they get their car & driving licence taken away for life, as that will do more good.
There is a big difference between providing information about products and services, and the psychological manipulation of human desires to create/amplify needs.
1) A basic brochure about some device, say an MP3 player, and showing its battery life, storage capacity, etc, maybe with a picture of said device.
2) A TV advert showing trendy/sexy/attractive people maybe dancing, or looking all happy due to having spunked lots of money on said device.
The second case is about manipulation of desires: to fit in, to be seen as attractive, in order to sell a brand-name product. For those susceptible (the majority, even if unconsciously) the 2nd approach leads to a feeling of being left out, of being disappointed, if they don't have said device, which I believe was the Rabbi's point.
You really did not know that?
But deeper than that, how do you think politicians 20th century onwards, and Hitler as a dramatic example, manipulate the public to support them? Psychology my dear anonymous coward, as started by Freud.
(Do I get any points for Godwining this soon?)
You should treat the opinions on the basis of the *opinion* expressed, not on the other view points they may have.
I am not religious, but I have to agree that advertising (and the psychology used behind it) is possibly the worst invention of modern times.
FTL => backwards in time
Relativity, as far as measured/observed sub-light speeds, fits the theoretical equation that implies time-reversal (or at least breaking causality) when v > c (look up "tachyonic antitelephone").
But of course it is not known if the theory holds outside of our experience, and thus if faster than light *is* capable of time-reversal.
@Into the past?
They arrived at the detector before it should have been possible to know they had been sent
Even if faster-than-light travel is never possible, tachyon communications would be nice...
@Sean Baggaley 1
You are quite right about making copies for sale or other distribution, and I think (hope?) most of El Reg's readers accept that when you pay for a CD or similar, you get a disk and a license for what is on the disk and it is only fair that creators get some reward for said license.
You omitted the point that you *HAVE* to make a copy of that data en route to the D/A converter to actually use it...
But pedantic arguments aside, my point is that with a CD you can re-sell it and transfer the license on the same terms (i.e. for own use, not public performance, etc). Why can't I do that in principle for the license for digital content?
I know (before you point it out) that it is hard with non-DRM media to ensure honesty in the transfer of the licensed content, but why can't I do it with DRM-infested stuff where they can see the *transfer* of license?
"Permission isn’t property. A license isn’t property."
So why do companies claim intellectual *property* is so important?
Really, if I pay for something, and later decide I don't want/need it anymore, why can't I re-sell it? It works fine for physical goods such as books and CD/DVDs, so why not for digital purchases?
I know the practical issues of copy vs original, but in *principle* why can't I resell something I paid for *irrespective* of what those who originally sold it might want?
Seems we both struggle with 'pumps'
"Can we just get real.How serious was this? Everyone makes mistakes, anyone who works in software or IT should be very conscious of that."
You are right to a point, in this case no serious damage was caused to the population, etc. However, we are in 2011 and the vulnerability of computer systems, in particular anything using Windows, has been amply demonstrated for all of the last decade.
What this incident shows is a system that might have been fine off-line, without a half billion PCs potentially able to probe it, but clearly was not good enough. With a bit more effort & synchronisation perhaps a determined perpetrator could have wreaked havoc on most of the pups in a region, leading to the possibility of death or injury from disease or dehydration caused by a failure of such a fundamental human need: fresh water.
My point comes down to poking those in charge with a big pointy legal stick (not unnecessary prosecution of genuine mistakes) so that changes are made, and stupidly vulnerable systems (think Siemens and their SCADA's hard-coded passwords) are kept well detached from the internet in the future.
"This is deliberate critminal damage to the pumop and it is very difficult to see any benefit to the perpetrator so why the F**** did they do it."
Two possible answers spring to mind:
1) There is no reason. Just done for idle amusement.
2) Practice for a cyber-attack or a blackmail attempt.
I had assumed that most US utilities were private companies doing the gov work. Even so, you find those who made the decisions and work up to the top, as you can still gaol government or court employees:
Why was it on the net? Ah, probably to save money.
Were the risks considered? Probably not, or ignored to save money.
Who ultimately took the decision (or applied budgetary pressure) that traded-off safety for running cost, and was that an acceptable risk or one that represents criminal negligence? If is was a windows-based box with hard-coded passwords, then negligence is the only answer.
"raised serious concerns about the ability of the US government to secure critical infrastructure"
It is not there job to do so, it is the water company.
But maybe if the US gov made the CEO & MD of such corporations liable for gaol time for allowing such a serious breach of good practice, i.e. putting critical infrastructure on the 'net WITHOUT the software suppliers (MS et al) backing that up with a matching warranty of fitness for purpose, might just help to get such things fixed though.
How do they get this?
"a reduction of 10 per cent by 2013 would create 13,000 high-tech jobs"
I can see the argument about the UK gov getting more tax, it may not be that helpful to the UK balance of trade if most of the money goes overseas to MS & Adobe (who are probably the majority case for software piracy by total value).
But where do these high-tech jobs come from? Maybe a few sales drones in PC World, etc, but just how does paying for MS software generate a UK high-tech job?
Perhaps using Linux and paying someone in the UK to integrate and develop thing would be a better route altogether.
Not twice, for sure...
@I believe you should *reconsider* your position
"A computer is a machine, a machine is absolute, why in the world would you want to feed it with imperfect time subject to random external variations causing more and more issues as processing power grows ?"
(1) Machines exist to serve *us*, we should not have to change to suit them.
(2) It is already a solved problem, just most programmers have chosen not to fix it, or are ignorant of the issue.
I'm not saying all of current systems are ideal, for example ntp & tz data should be updated so your normally patched OS have all of those troublesome adjustments delivered automatically (and maybe optional dynamic TZ selection for moving installations such as a ship etc), but really it is not such an impossible task to do.
"and GPS systems in particular suffer when leap seconds strike"
No they do not! GPS maintains it own 'atomic time' and has a UTC-GPS offset that is steeped as required. It was designed by people who knew what they are doing. Same goes for most astronomical systems that rely of TAI, etc, etc.
This is, or should be, a non-issue as there are plenty of solutions out there. What we have is really a debate about trying to fix broken software by changing how things have been done for years, rather than getting those behind such systems to fix them.
If you NEED to worry about leap seconds, get you own system fixed!
“This is a problem for US engineers, not politicians, to solve and we will get it done.”
Did they not lobby for change-of-use for that band, knowing full well the issues of GPS power levels relative to any neighbouring systems?
In other words, ignoring engineering and hoping politics will force others to change to suit them making money.
Good & bad
Good point is the appearance of tape-raid, but surely they are not the first to do this? After all it is a simple adaptation of disk raid but with (presumably) some optimisation or HDD cache to get round the tedious linear access of tape.
Bad point is WTF do they quote 3:1 compressed sizes for? Who actually sees that in practice?
I suspect that if you are similar to FB most of your data volume will be compressed images (maybe compressed PDF docs in business environment) so you won't see anything like 3:1 compression. Maybe if you have a lot of sparse VM you might, but really that is a con.
"Don't all sensible operating systems automatically render Postscript to whatever wacky format the printer supports behind the scenes?"
Have you thought about that statement?
Just how do you do that if the manufacturer is not willing to supply documentation for the whacky format? It is all very well to assume all printers have a Windows driver, but for what versions of windows? And what about a Mac driver? Or Linux?
That is why I asked about compatibility, and why the other comment about postscript is so relevant - it works and is OS-independent.
Come on, this is a tech web site and a lot of us want to know if they will work with Mac & Linux properly, and not just Windows.
What exactly did you test them with?
I think you will find the Chinese students are far smarter and more adaptable to technology that that sad example of the worst of USA education.
Guess which country is growing and going to win the technological future?
Tux, you don't need to be fiendishly clever to be his/her friend any more.
@A better way of catching criminals...
Can't we have exploding collars for them that log everything to do & see during their term in office and for a year afterwards?
If they do wrong we get to push the button...
Could be a popular TV show, you listening Mr Berlusconi?
@Sean Baggaley 1
"unless you're aware of some magical non-standard, yet somehow ubiquitous wireless media and file transfer protocol,"
Er, its called "USB storage device" and it allows you with nothing more than a USB cable to copy to/from the device on any OS without a pile-o-shite like ITunes/Zune.
"SD Card support is idiotic on a smartphone when they already have built-in 3G / 4G and bloody WiFi"
Er, no its not. I can change my phone's 2GB storage to 32GB+ for a FRACTION of the cost some suppliers would charge. Also I can swap cards to remove personal data at repair time (how do you wipe/factory reset a dead phone's internal storage?) and/or to swap in any apps that need a lot of data easily, like a detailed map of Europe, etc.
@A system devised by idiots
Probably some smart folk in the 80s when this was the only viable way to do it within a (still bloated) power budget.
That is not a vote of support for DAB, just an indication of how long drawn out it is and they lack of foresight (and political fallout) or mandating another change to allow DAB+ or better to be used and thus dumping exisiting DAB radios. By the last 5 years there should have been a requirement to support DAB & DAB+ automatically so they could migrate multiplexes as radios were replaced, but that would have been too sensible and/or upset manufacturers trying to save a few pennies.
But simpler still just stick with FM as there is no *compelling* reason for DAB (cost, power efficiency, sound quality in most cases all being worse).
"the sound quality from my little DAB box in the kitchen is phenomenal"
YMMV! My experience is limited to one or two dual DAB/FM radios of decent quality and FM was better in both cases.
OK, I know this will depend on your reception area, etc, but there is no compelling argument for DAB in my mind, and I would hardly call tuning a difficult task!. I like things to run for a long time on battery power, and see no need to replace a few older radios yet - just more landfill to be disposed of.
@lobs in molotov and runs...
Yes, but now with code signing on MS' behest.
Macs allow you to boot other systems. Apple don't care about this as it makes their pricey computers a better value proposition for those who need fast Windows (e.g. gaming) or Linux support without using a VM.
Interesting point, as once installed you can't detect the Trojan as the OS can prevent any user-space software from accessing those files (or re-direct to untainted copies), and you can't boot a 3rd party or 'open' tool to perform an untainted scan.
Germany has already got laws to allow such state-sponsored 'malware' in the name of law & order, Turkey has apparently done the same.
The Stuxnet malware, variants and a few other Trojans shows others are able to compromise the chain of trust in driver signing by one means or another, either as criminal gang stealing from the companies, or from MS via a state-sponsored link. Tinfoil hats discus..
Unless the PC administrator has genuine control over the UEFI booting to allow 3rd party tools to work, this is a massive step backwards in freedom and security.
So is dabs/BT direct broken
I have been waiting 10 weeks for a refund on a failed PSU from them.
For similar problems with the local PC store 3000rpm you get it swapped there and then (if in stock), so why can't big organisations actually manage things in any reasonable time?
dabs/BT also used Yodel to collect the PSU, that along took 4 weeks until they actually came, but I don't know quite who was to blame :(
Indeed, it is doubtful that it would ever be more useful than addition to conventional warfare (e.g. take down defence or support systems as part of an attack, etc) but probably will kill someone at some point.
Just now it looks attractive as a terrorist tactic (state or group) partly due to the fact people are so easily scared you don't have to achieve much to cause panic, but also due to the easy of covering up just who was behind it.
But hopefully we will see the bosses of key infrastructure being lead to gaol for criminal negligence for having the likes of an unpatched Windows box running buggy software linked to the Internet which made it all possible.
Not because malicious damage was possible, it always was and will be, but because they did what only a moron would in terms of known security practice and made it easy to do remotely.
Can it EVER be any good?
I wonder - you have the risk of a compromised PC, quite possibly via a VM-like rootkit so it is virtually undetectable by AV or anything running in the OS, and try adding another OS-level bit of software that somehow is going to stop the keyboard/mouse/monitor being recorded and sent to a 3rd party?
Just how is that supposed to work?
As pointed out elsewhere, what is needed is a "2nd path" of information that is much harder to guess, such as the RSA key (assuming the morons learn and don't keep the keys to everyone's kingdom in the one place) or a mobile phone (unfortunately assuming said PC-monkey won't just install a Trojan on it as well).
Can we have a 'snake oil' icon please?
It might help if I could spell "Stuxnet" but I imagine you know what I meant.
OK, this sounds like a dumb question, but here goes to all of El Reg's readers who actively manage these Windows-based SCADA systems:
Why have these systems:
(A) not been patched to remove the compromised certificates and known vulnerabilities that suntex used?
(B) used on networks where odd traffic to unknown IP address is not throwing up warning bells left right and centre?
"P.S. What does the "windows user" icon represent?"
I think it is a down-and-out with a can of cheap lager, but maybe I know nothing and am simply talking through the wrong orifice.
Paris - choice of orifice...
Sadly this is what it comes down to, cost & convenience versus security. And guess what is the usual winner? Maybe if you're boss' pension put on the line if it gets hacked it might look different...
I suspect it is not beyond belief that dedicated encryption hardware could be deployed so you have a secure VPN that only terminates in another dedicated local machine without general internet connectivity at either end?
Maybe less secure than an air gap, but better than having a general computer (and probably a Windows PC) with internet access.
Once upon a time (8.10 to be precise) I tried Ubuntu and liked it, it was Linux that was easy to set up and use, and most things worked fairly intuitively. Friends & family used to XP would have no problems I thought, and indeed they did not.
And what happened?
They spent a lot of time dicking around with the GUI for no real benefit, while failing to fix packages that were important, such a Nagios (still broken for 10.04 LTS on daylight saving change, a YEAR after it was reported and was already fixed by the developers), Rhythmbox (stopped syncing to MusicBrainz even though the changes were known about and discussed since 2 YEARS ago), automounter broken with NIS due to unpredictable start-up sequence with Plymouth, etc.
Is the world so full of short attention-span people that an ever-changing desktop (and thus demanding help/training to all non-geek users) is more important than making the damned thing work?
Why do Unity? Indeed, why did they waste time on GNOME 3? No one is shipping a tablet with Ubuntu on it, and realistically no one will (Andriod is the choice for all who are not Apple or MS fans).
In my view it has simply pissed off a lot of users and serves to illustrate at least one reason why it never will be the year of the Linux desktop. Work put in to stuff that is simply visual fluff, and not in to making things 'just work'.
Trying to get the mushroom cloud back in that shiny ball of plutonium?
@I'm begiining to wonder
The lesson is not a new one - keep your secrets off any internet-connected machines. Have two networks, one private for all important stuff, one public-facing for customer related activities.
Old school physical entry or compromised staff are still ways of getting raided, but you no longer rely on the integrity of a billion lines of code written partly by low-cost code monkeys and peddled by vendors who are market focused (e.g. add features to sell new versions, rather than fixing problems).
OK, this won't happen due to cost and convenience issues, but its not exactly rocket science to avoid internet attack vectors.
@AC 22:25 GMT
You don't get it do you? It is not the existence of a pr0n filter should *I* choose it, it is the mentality that 'gov knows best' and once such a system is in place, there will be function creep.
"Do you let kids into Pubs, Strip Clubs, Bookies, etc. etc?"
No I would not, and that is acting responsibly.
Delegating parental supervision & education about the world in general, and the Internet in particular, to a gov-mandated filter is NOT acting responsibly.
The internet is for adults, not children. Why can't they look after their own kids and leave the rest of the world alone? Its called parenting, look it up.
And what is next on this religious/political moralists agenda? No work on Sundays? Nothing the gov deems to be harmful to public morals? Inconvenient for their business buddies?
I had hoped we had seen the last of the Nanny State for a while, but sadly political 'leaders' (media whores, more like) just can't resist the temptation to meddle in people's private lives.
Poor John Bishop, in for a bashing I suspect.
"It's the sort of thing that ages ago we used to call friends and family"
Somehow, that statement alone is sadder than the whole intrusive nature of the insurance business they are getting in to.
I agree with you!
Except about Tesla, he essentially invented polyphase power distribution using AC, and the impact of that in terms of providing us with the power grid and cheap electricity (due to low losses) in hard to under estimate.
And now the end is here
And so I face the final shutdown
My friend I'll say it clear
I fondled my slab, of which I'm certain
I've lived a life that's full
I travelled each and every information highway
And more, much more than this
I did it my way
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- Spanish village called 'Kill the Jews' mulls rebranding exercise
- Reddit users discover iOS malware threat
- Pics R.I.P. LADEE: Probe smashes into lunar surface at 3,600mph
- Ex–Apple CEO John Sculley: Ousting Steve Jobs 'was a mistake'