1264 posts • joined Thursday 15th March 2007 16:58 GMT
"I poll the drive's SMART temperature sensor just twice per second"
2Hz? Why so often?
The thermal time constant of a HDD with all of that metal must be of the order of high tens to hundred+ seconds, so I expect you could poll every 10-20 seconds and have sufficient margins for control system stability.
I expect that would lead to <1% loss in speed, and you get the disk's health as well.
@no such thing as free healthcare
"when in fact they are paying more on average, through being taxed and paying a government bureaucracy to manage things, than if they paid upfront for the service"
How much do Americans pay on average for health care (I include "company cover" which is of course also a stealth tax)?
How dose this compare to the UK (e.g. NI minus the pensions part)?
I know of a late family friend from the USA who came to the UK for 3 weeks of holidays and *private* dental treatment as it much cheaper than just getting it done in the states.
Unfortunately he did not provides financial details, though is actions speak for themselves, but clearly you can to back your statement up?
@Hard disks get hot
Yes, they get hot and need cooling, but at my desktop here I can look at their temperature using my RAID card as it simply asks for the SMART status.
Any 'pro' machine that is not monitoring the smart status is basically a failure, as it provides warning of disk problems (but not always) before you begin to lose data, so why not use it for the temperature?
And before anyone asks about the loss of control when the OS crashing (on a Mac, never! they scream) you just have the fan controller with a watchdog timer - no OS updates for X seconds and fans go to maximum speed. Simplez!
Fail, for Apple pissing on its professional customers.
Why no sign of an ARM based one that is not limited to 1-2 hours battery life?
Or don't they have Chrome, etc, working well enough (if at all) on non-x86 hardware?
Meet the new MS, same as the old...
Choose the one that sucks least
Really, all operating systems suck, and the task is choosing one that provides the least hairy-mouth experience for you users and IT staff. At the risk of stirring up the fanbois (and gurls) here is my take on it:
1) Windows XP has maturity, and best range of software and tools. Also the best range of maleware by far. On its way out, and the final death of IE6 will be a relief to all, including Microsoft..
2) Windows 7 shares most of XP, but less legacy software and hardware works with it. Needs more (i.e. modern) hardware to enjoy using it, and to get the best deal with the malware or the joke that is AV software.
3) Apple Mac solves a lot of the security issues, but less software support. And costs a lot more for hardware. Jobsian control freakery an issue long term, but most folk like it as a few key things like Office and Photoshop are available natively for it..
4) Linux has the security of Mac (if not better) and freedom (speech and beer), but not much in the way of mainstream tools work "just like that". Helps if you have a fez, and maybe a beard. Would help a lot if they could stop dicking around with the desktop and fixed known bugs - looking at you Canonical.
Training of your users is needed no matter what you do, and if you think going from XP to 7 is no problem for Joe Average (and not typical El Reg reader) you are a fool.
If you are dealing with reasonably staff, then mixing Linux or Mac for the host and running VM(s) of XP, etc, for legacy stuff works and makes security better, if a bit more involved to manage.
But don't trust my opinion, I don't have a fez.
There goes any semblance of helpful tech then :(
"Nokia *management* couldn't find their arse with either hand"
Yes, I believe you are quite right there.
I feel very sorry for Finland and all of the engineers tossed out by this dumb move, and just wish they could have culled the right people earlier.
My first 2 phones were Nokia and great, sadly my 3rd was an HTC Wildfire as the competition was too expensive/controlled (iPhone) or just a bit crappier.
@Good news! Extra efficiency!
You don't get it:
Apple are "efficient" in that they have a clear vision and design good products around that - their R&D is money well spent ultimately as it sells well and returns the investment several times over.
Nokia on the other had could not find their technical arses with both hands, such was the range of competing and ill thought out products they developed and which management seemed unable to guide.
Nokia needed to change, to streamline and set user-focused goals. Instead they have been lobotomised and handed their future to MS, who as we all know have a very bad reputation in this area.
 subject to control freakery.
 ask former Sendo employees.
Did thery mention MS?
Did they cover how dumb Outlook Express' design was?
How easy it became to spawn a tsunami of crap by using a really, really stupid feature that some wonk at MS though was cool?
When I read "Meltemi " I though of the Wicked Witch of the West melting.
Noki + MS = corporate equivalent it seems. Sad day.
Reliability and NOx products
My concerns are the issue of reliability given the generally dirty-ish inside of a combustion chamber where one might expect a fair proportion of the energy is lost in the window's surface after some time.
Of course, then the cost of the laser assembly.
And the opportunity for idiots to play with them outside of the engine.
Finally, I thought one problem with leaner burning engines was high NOx products? Can anyone knowledgeable comment on that aspect?
"first pays a $272,340 deposit, which they claim represents half the cost of supplying the documents"
Are they paying monks to transcribe the documents using gold-leaf decorated calligraphy or something?
@Total non story
"Nothing of any value is done on the windows boxes"
Except maybe store the home addresses, social security numbers, photos, and other personal data of those who do have access to important stuff?
Not that a Chinese (for the sake of argument) agency would then consider a more traditional spy approach of, say, compromising and attempting to blackmail or convert said workers to agents, would they?
@Two things I don't understand
Point 1 is down to the 'embed everything' attitude of MS where something like a spreadsheet is ABLE to run externals things, probably a flash object (as that is a common source of holes in getting through). And often there are dozens of ways in Windows to elevate privileges once you can run arbitrary code to do more mischief.
Point 2 is one of life's WTF? questions that is never adequately answered.
As I said, most hacked software in history. Whether a lot of that is down to its popularity is a side question, no doubt some of it it is, but it means that even for a similar situation (say hypothetically Linux and Windows had the same number of exploitable bugs) you have far more black-hat skills to deploy against MS' crock.
And yet it is chosen for a sensitive lab? FAIL
Google learned this the hard way and did something about it - changing to Macs. Not perfect (fanbois won't understand that statement) but it reduces the attack opportunities a lot.
It would help, but it is NOT the whole answer. Yes you will reduce the number of attempts at penetrating the system, but it is only one aspect.
You need 'security in depth' as each layer always has *some* way of being penetrated.
As seen here, and several other places recently (Google et al, French & Canadian gov, etc) Windows/IE/Office/Flash has been a juicy orifice for entry.
Valuable site uses most hacked software in history, site gets hacked.
In related news: Pope though to be Catholic.
The main "Advanced Persistent Threat" seems to be the prevalence Windows, IE, Adobe flash & acrobat these days. Will no one rid us of this scrounge?
Any sign of them using non-Windows based attacks yet?
So far it seems to be IE and that basket case of security, Adobe (pdf & flash), in the approach.
@security holes you are looking for
Funny thing is, the security model of MS' OS has been migrating its goalposts for some time. A lot of stuff developed for and working fine on w2k fails on XP, and stuff for XP fails for Vista/7
This is more complex that you suggest as MS has changed (or been forced to change) the rules a number of times.
At the start of w2k/XP they should have screwed it down tight and just said "tough" to any application that did not work, user logged in as admin or otherwise. They did not, simply as too much money was to be made keeping compatibility and not having users keep the old 95/98 OS or defecting to something better.
What UNIX-origin programs do on windows comes to how easy it is to adapt, as the models are very different as are the user's expectations and it is often not the main goal of the developers. FF is a bit of an exception sadly.
However, the main difference though is UNIX-like program know they *wont* get admin permissions by default, so have been written more sensibly for native use. Back to the article, I think the main thrust of it is "MS poo-poos bug report as unusable, researcher uses it". Sadly seen that before, and not just MS.
I think they provided the piss-poor system in the first place. The attackers had it easy with hard-coded passwords that *could not* be changed.
Add the usual sprinkling of MS holes and it was not mind-blowingly hard, even though it is quite a first in targeted attacks that actually did something obvious.
@World IPv6 Test day
Just tried http://test-ipv6.com/ on my home linux PC on Virgin cable broadband:
"10/10 for your IPv4 stability and readiness, when publishers offer both IPv4 and IPv6
0/10 for your IPv6 stability and readiness, when publishers are forced to go IPv6 only"
Uni not only players
Also remember that it is not just universities that have big IPv4 allocations, some US companies and gov also have more than far more than is needed.
Are those addresses well used? It is true that some new projects could use them and justify a student block per uni, but most PCs are just for office admin and lab work, and would be best behind NAT anyway.
@Take IPv4 addresses away
In general, you are right about universities having way more IPv4 addresses than they need. My own department has a 255 block for a couple of dozen machines. Only a couple of them need a world-facing static IPv4 address. I expect most universities could get by with only 254 IPv4 addresses in total.
As for the virus/zombie issues, that is down to Windows as #1 reason, followed very closely by the number of 'personal' computers on the networks without competent administration. The computing equivalent of "A lawyer who represents himself has a fool for a client".
"Why use LastPass?X
LastPass is a password manager that makes web browsing easier and more secure.
Oh the irony! A 'security product' you can't find out about unless you have the web's most insecure multi-platform orifice installed!
The real question is responsibility. But that applies also to those with infected computers. It is high time that those responsible for the running of computers were held accountable, maybe by forcing the suppliers of certain well known operating systems to also have some responsibility.
Yes, getting a virus to remove itself, or to run a clean-up program, might bork the system, but it was ALREADY BORKED! Just the user was not aware that their system was open to the bad guys for any sort of exploit they may dream up.
In a critical system like the NHS or defence, then WTF are they doing not taking sufficient care or corrective action?
Solution - send a message telling the owner to fix it (by getting a local computer professional to deal with it, not this "download blah-bla-bla" business) and then a week later run the virus removal. If it works, the PC is clean. If it is broken, tough, as the owner already had sufficient warning and was complacent in their own downfall.
"a company like Microsoft would be destroyed if it gave away data through a lapse in security"
Not like infected windows boxes have been doing for years and years then?
Oh sorry, this is "the cloud" so normal rules of trust don't apply...
True, but....we don't know to whom AC #1 has to deal with:
Situation #1 is he/she is plodding along with a lame security set up and fending off irate users taken by surprise when their Windows box is hosed yet again.
Situation #2 is they are doing all that is humanly possible, but are faced with a combination of witless pointy-haired bosses and complete lusers who manage to pull defeat from the jaws of victory every time by running as admin and acting like an utter moron (or allowing their .kids free reign as admin as well)
Who knows? Should we ask tux?
Just to correct...
From looking in more detail, it appeared they used RSA's own ftp server, hence the lack of spotting the traffic as unusual.
So it appears there is some need to cover this area of data leakage: maybe a two step process for allowing data on ftp server, and some other person to authorise it through the firewall/intrusion detection system?
@"Advanced Persistent Threats"
Sorry mate, you got it the wrong way round: Now all of RSA's customers have "Advanced Persistent Threats" from the folk who can break the 2-factor thing and are smart enough to get the other(s) factors like passwords via a nice trojan or two.
But really, the scenario is one of a piss-poor system for a security company. How come the windows boxes of those targeted by the outside world were even allowed through to the servers?
Why was ftp not spotted by some intrusion monitoring system?
And as already mentioned, why was something SO IMPORTANT even connected to "The Internet", and if really essential that it was, why not via several dedicated screwed-down-real-tight firewalls?
Of course, let us not forget Adobe's piss-poor security and MS' "lets embed everything" for making this so much easier to begin. Stealth bomber? More like lubed orifice.
"The printer and other peripherals they have aren't "crap", they're just what they happen to have and they don't wish to be patronised about their choice but assisted in getting it working."
What exactly do you call a product that is not fully documented and where the manufacturer will not assist you, or any others who are sufficiently skilled, to make it work?
So while the person who bought it may not have understood the issues and deserves some sympathy, the problem is exactly the same - they bought a lemon. It is a device that will only work in certain circumstances, i.e. for those who pay MS.
If you won't complain to the manufacturer and demand your money back when there is no support outside of MS lock-in, how are things ever going to improve?
@I don't agree
"We accept Nuclear power on the promise that they are built not to expose significant radiation to a large population and that promise has been broken"
What exactly do you mean by "significant" here? I assume you mean a measurable increase in disease/death for the individuals exposed, in which case I suspect Lewis is right, this is a non-even for all but a few workers, and even they are probably OK (going by the study of the Brits involved in the Windscale fire in the 1950s).
Oh, and you might want to check out the exposure to carcinogens we get from coal and other hydrocarbons, both trace radioactivity and soot, etc. Seen any of of China's industrial cities recently (when not cleaned up for the Beijing games)?
Yes, nuclear is risky, potentially very much so, but it has to be weighed up against all of our other power sources risks and drawbacks. This is something Joe Public is poor at and not helped by scientifically illiterate politicians & news outlets hell bent on publicity.
"set his Hotmail country to Egypt by default and that HTTPS had been prohibited. He then set his country to Israel and HTTPS by default was allowed."
That sounds very much like an internal MS policy to me. Why else would your MS-specific default country change https working or not, with the same IP address?
@heyrick & @Alastair 7
"my Brother scanner/printer working looks a monumental hassle"
Ah, maybe you have a crap printer unit that is only supported on Windows by the manufacturer and they don't publish full specifications to allow others to do so? Did you complain to Brother about this? Otherwise what do you expect, just smile and pay MS for your bad choice.
You could have checked this site out first:
Next time buy a printer that is at least fully Win/Mac supported in *all* its features, as they usually more cooperate. Better still, get a postscript printer as they generally "just work" for all OS.
"on OpenOffice's suitability for writing documents you are going to submit to university professors"
What exactly is wrong? If they can't read an open standard like .ods properly, just use the Export as PDF... option and you get it properly laid out and print-ready.
And yes, I do use Word and like some of its features much more than OO, but I hate the ribbon and my own favourite (from a usability point of view) was Office 97, even though it is buggy. Oh, and some of those bugs were still not fixed two versions later with Office XP. Nice to know what you pay MS for...
@Still no USB, SD card slot
I agree, the main thing I would put such a device to, beyond idle web surfing while travelling, is to act as a mobile photo store/backup and editing tool for my DSLR. So for me the biggest let-down is no way of putting in a decent amount (64GB+) of (ideally removable) storage, such as an (micro?) SD card.
The idea of a bluetooth keyboard/mouse is nice though.
But looking at the competition so far, though they offer storage option they are just so far behind in shiny usability (and battery life usually), and are not *that* much cheaper, they are simply not worth buying either.
So looks like a win for Apple for a lot of consumers, though sadly not in my list of must-buy objects yet.
"The thing about Google's dominance is that it's ephemeral."
You could have said the same about MS' dominance of the desktop OS, but the reality is that:
(1) cost of entry is so high (how much to replicate even 1/10 of Google's world-wide hardware?) that unless you have the like's of MS cash/market, you can't begine to try.
(2) companies that get to the top usually do so by playing hard-ball, often beyond what is legal, let alone moral. Even when caught (like MS in the past) they have so much political and financial leverage that governments often do too little, too late.
Just read about MS' dirty tricks to 'break' DR-DOS and to prevent OEMs shipping blank or competitive OS machines to see how that worked in the past.
Now looking at what has been said here: that Google lied about their white/black lists and have appeared to deliberately sought to block/demote competitors (with the lists) and to buy up sites to become 'vertical', not to mention the on going case about a competitor's geolocation in Android, it seems that Google is becoming the new MS. Using similar practices as they become more money and lawyer-driven.
What they should have done with MS was to break it in to an OS-only company with fixed public OEM terms that do not penalise competition, and a separate company for Office, development tools, etc.
Fat chance :(
@The great unwashed
'Where's all the stuff I usually see?'
"No, it's not all 'fucking useless', it's different"
There is a point where you have to give up. If someone is not willing to TRY and figure stuff out for themselves, let them eat the same dog food every day for life.
The individual you dealt with would be much the same with an Apple Mac, except perhaps having spent a lot of money they might just have had the incentive to work out that the internet is NOT the 'blue E' and you have more than one way of laying out icons, menus, etc.
Yes it is a right pain that software patents mean 'standard' stuff like MP3 and DVDs can't be made to work out of the box without feeding American lawyers, but again you need to remember that all computers need skilled care at some point, more so on installing and configuring things in the first place. Otherwise you end up with machines run by monkeys as 'admin' going cruddy and infected all over the place. Oh wait...
Correct decision +1
I agree in not making flash (or other crap) the default option. not because it is propriety, but because of is long and inglorious history of piss-poor security and crashing browsers (less of an issue now).
Yes, I have it installed for web sites that need it, but people should choose to have it if they need it, and understand the consequences. Really, if you can't manage to to the package manager and select it, then you have no right to be installing / setting up a PC!
Make it all easy was MS' motto and that lead to a large proportion of the security issues we have today, as rolling back some of those 'features' breaks too much of Joe Average's favourite software. Learn from history, don't copy it!
Apple, fish & barrels
Apple must be laughing all the way to the bank with the iPad.
It has been around now for ages (in technological time-scales) and yet the completion seem to be unable to find their tablet arses to fondle with both hands and a map.
Where did these companies put the engineers and designers that have vision, flare, and competence to deliver? Or have the gone down the Nokia road of death with endless committees arguing what should be done, leading them to a CEO begging Microsoft for a lead forward? Which might come in 1-2 years if they get W8 on ARM...
Don't you mean "when they are packaged / remastered / rewhored"?
"Tape is the archive backstop for lost or duff data on disk, with a 30-year lifespan"
Ah yes, and in 25 years time will you be able to by a compatible tape drive? What about having drivers for your ancient tapes for whatever new OS/computer you are using?
Not that the arguments for HDD are perfect either, but I can't recall any tape technology being readily available/supported for more than about 5 years. Please correct me if this is wrong?
Ah, now CDs of course...
A good article to cover the subject with less FUD than most.
But my own preference, and it certainly won't suit all, is to make a VM of the working XP system and run that on a Linux host. No more hardware & activation issues for XP and you can segregate the software-useful but malware-vulnerable OS from the web/email facing part.
Should you need IE6 for some God forsaken reason, set it up so the VM only has internal connectivity and won't route to the big bad world outside. Then use a proper browser on Linux, taking your pick of Firefox, Chromium, Opera (and obscure others).
Also need Win7 for some application? Got packages that won't cooperate if installed together? Simply use a 2nd or 3rd VM solves that issue.
"have just been compromised in a matter of minutes...With this sort of scenario in mind I want to make the case for pervasive encryption."
Except in your scenario the utter lack of proper security means the password for encryption is going to be the same as all others, so the hacker just uses that to decrypt the files. And progress is?
So you do need proper security, but the key problem in your scenario is the lack of training/care by everyone. Unless the *system* was set up with this in mind, encrypting your local files is not enough.
"do you expect washing machine makers to show you how to operate or install your washing machine for free?"
No, but most white goods shops offer to deliver and install it for you, usually at a price, because most folk don't have plumbing skills & tools.
An ISP is not the box maker, they are selling you a "service" and they should be in a position to do it properly. At a reasonable price if needed.
A simple (but conceited?) test would be when you sign up to the ISP they ask you a couple of simple questions, like how to configure a router. If you know the answers they just post it, if not they strongly suggest you pay the £20 or whatever to have it done professionally.
In the rest of the established technological world people are used to paying for things that are beyond them, such as installing a washing machine or servicing their car. Sadly the world of computers promises to "just work" but fails miserably to achieve this with any degree of reliability or security.
So I still think my original comment is right, but I also 100% back you in getting folk to pay a professional if they have not got a clue. Which most don't :(
@Why so long?
"it matters not the past... its the moment"
Indeed it is, but if you see something acknowledged now as being unfixed for over 2 years, you do wonder how much else has been ignored.
Say MS, how is the two month old MHTML bug fix coming?
@Belkin seems to be doing it right
Jolly good! But not used them yet. My local shop sells the TP-LINK ones, nice boxes, but open by default. Also several recent routers I have tried allow administration over the WiFi link - a very bad idea in my view:
(1) It allows more mischief from local ne'er-do-wells (with weak/no security), and by malicious software on the user's PC, such as changing DNS to poisoned ones, etc. Thankfully the TP-LINK models I have used have UPnP turned off by default.
(2) If you bork it (even temporarily) you have to get an Ethernet cable hooked up anyway.
So why not allow administration only by cable by default?
Privacy, yes, but what of "potentially legal liability risks"?
As far as I know, you are not liable for others using your internet connection without your knowledge or permission, and if you are then is not the case the ISP should actually do something about it if they supplied the router in the first place?
Also most of the 'software wizards' I have seen are crap things that often only work on a few versions of Windows. Setting up with a web browser to 192.168.1.1 should be simple, but some are crap and most ISP's lack useful technical help pages if you go down that route or find the wizard is broken. Thinking of you Tiscali...
At the end of the day, most computer users are technically illiterate and should NOT have anything to do with setting it up. But ISPs are cheapskates who won't send someone round to put it in and do it properly.
Me thinks bullshit
"...reliable enough to be used in courts of law"
"When finely tuned, the technique identified the author about 80 percent of the time"
That is really going to impress a court of law, or has the situation changed where the MD5 sum was considered not reliable enough for electronic evidence in spite of being much, much better than this:
Unless of course you are accused of a crime that attracts witch-hunt like emotions?
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Microsoft: Don't listen to 4chan ... especially the bit about bricking Xbox Ones
- Shivering boffins nail Earth's coldest spot
- Exploits no more! Firefox 26 blocks all Java plugins by default