1321 posts • joined 15 Mar 2007
Re: That's why we need free systems
Having open source BIOS & OS is the least-worst option from a security point of view, more so if you are not from the USA. To recap the recent revelations and discussions:
MS (thus Windows) is partner in PRISM and as a USA-based company hence under the jurisdiction of the PATRIOT act, thus almost certainly compromised (remember the _NSAKEY business around 2000?). No open code reviews or ability to compile and check updates etc, to suggest otherwise.
Apple (thus MacOS and iOS) also in PRISM and under PATRIOT act, thus and almost certainly compromised. As for MS, nothing to suggest otherwise.
Open source (e.g Linux) has lots of contributors (including MS, NSA, etc) so possibly compromised, but under not under PATRIOT act for code, etc, as not under any one USA company. Code open to review but no doubt not everything checked, or apt-get updates verified, etc.
Can you absolutely trust any of them? No.
If you are not in the USA which is the least-worst then? Open source.
Re: using RDP
I would have though most machines are now behind NAT and won't have port-forwarding for this. Unless, of course, there are a lot of routers with UPnP enabled that allow the malware to turn it on...
Secure boot, any help?
"easily infect machines running Windows 8 and x64 operating systems, and features technology to embed itself in computers so that it's activated almost as soon as the machines are powered on."
That is worrying, as anything that good/stealthy is best killed by booting the machine off a live CD to scan and nuke it. Of course, with secure boot enabled that could be a problem, though we were led to believe it would stop this sort of root-kit ability to pre-empt AV tools.
Anyone had experience of using the Bitlocker or Kaspersky rescue CDs with a Win8 machine? Did you need to disable secure boot, and was that easy enough to do?
1080 is piss-poor at £1000+, but would be adequate at £350 for a basic laptop, after all you can get a 20" 1080 monitor for under £100.
I think 1200 is the minimum for "serious" use of a computer, and that means not as a media consumption device but actual editing/coding/etc. As pointed out 1440 is better still, as is 1600, but the cost becomes a bit high (having said that, the Dell U3014 monitor is 30" and 2560 x 1600 lines and can be had for around £900).
I don't particularly want "retina" resolution as I can't work at a viewing distance of 20cm or so to benefit from that, but I maintain that the current 768 lines is utter rubbish and that 1080 is piss-poor if you are paying £1000+ to avoid the 768 rubbish.
Re: What year is that?
0.98 is close to 1, as is 1.02
Can you only deal with integers? Or maybe just whole numbers, if negative values are too tricky?
Note to laptop manufacturers...
How come a small $269 fondle slab has better screen resolution than most laptops costing up to, and over, £1000?
Really, it is hard to get a laptop beyond 768 lines now, and most over £1000 are still piss-poor at 1080 lines (Macbook retina and Chromebook pixel excepted). And you wonder why customers are unimpressed?
The two wires commonly used for telephones were not separate send/receive, as that would be way too sensitive to ground noise, but a twisted pair used bi-directionally:
Re: "The people of Scotland, thankfully, do have a choice"
Really? Do you think our muppets are going to be in the slightest bit better than the Westminster muppets?
Clearly you are a dim-wit who has not considered Scotland's history of repressive religion, or the way that Scotland's parliament went beyond the already stupid goals of the extreme pr0n legislation when drawing up their own. You know, the one where they asked for public submissions on sex-laws then filtered out and discarded the emails that mentioned sexual things due to a filter (or intelligence) cock-up?
Re: Big data needs big memory
Yes, I remember ~2000 era when 4GB memory limit of 32-bit CPUs was seen as both impractically expensive in RAM and utterly unnecessary for most users. Now you struggles to run a fscking web browser in under 4GB!
Re: AC 08:09
Thanks for the link.
However, that is how MS should have done it by default: that *you* alone decide to whom you share the keys to access *your* data, not the Google-style "let us scan all your files" approach. Mind you, after the PRISM revelations about just how helpful MS are to the NSA, etc, I doubt I would trust their implementation.
"synced up to the cloud as well"
With your own choice of encryption?
Oh, sorry, so anyone at MS and their three-lettered friends can see your personal data with negligible effort? Great....
I doubt the MD5 vs. SAH-1 etc argument is important, as I suspect large-ish rainbow tables already exist for most common hash functions. At least it was salted, which is more than some DB leaks have shown, though how much entropy the salt has is not stated in the article and that probably is the major factor in the effort to recover a significant number of original passwords.
Re: No, no, no, no and no - this is NOT a technical problem
Yes it is partly a technical problem - because that is what allows other gov to see your data without your knowledge or permission. Cryptography means they need to obtain the key(s) by one means or another, which could be stealthy (e.g. trojan a machine on your system and sniff it that way) or by the more obvious means of a court order.
However, if it is under your control, then at least you know the request has been made by your courts. And it is under a law that, theoretically at least, you have a democratic input on it. You don't get that with a foreign gov, by definition.
As to the possibility of a gagging order, if that mattered a lot (e.g. wistleblower site) you could split the keys to two holders in different legal regimes so they need to gag under to sets of laws. Possible, but it ups the effort and so is only likely for really, really, important stuff. And lets face it, most people/comentards have a far higher opinion of their importance that spooks are likely to have.
Of course, if it is software-as-a-service or similar the data is unencrypted while in use, so not technically practical to protect in most cases. But you could have some shared/useful things like email and dropbox-like document sharing that is decently protected by encrypting the data before it is sent/hosted and relying on client-side processing that works through the encryption layer.
You are perfectly correct - same with Google and Yahoo, etc.
In fact, it is a key "design" feature of any hosted application - they can (and do) bugger around with it and you have little or no choice but to bend over and take it.
Re: And when
If its making enough money it will be available, but once your <choice of tender parts> are in the vice, they can screw you for ever more money because you can't migrate away with any ease.
More likely the issue will be them dicking around with the user interface and what features are available, all without any consideration to what you want.
Sorry, but having all of my sensitive documents accessible on someone else's' machine, under different legal jurisdiction, and subject to secret data requests by another gov - NO THANKS!
If it is on my machine(s) then at least I have a decent idea if access is requested.
Re: Let's run the numbers...
If using a NAS then you need to consider what happens when a HDD fails, and often the raid rebuild will cause others to croak (or at least reveal sector errors). So you should:
1) Use double parity if at all possible (i.e. RAID-6 or similar like RAID-Z2).
2) Perform regular scrubs (i.e. weekly check where RAID system reads all disks and repairs any sector errors).
3) Use ZFS please, as it has much better error checking and correction, and it will tell you which files are trashed (which a lot of file system's don't).
4) Use a server with ECC memory (OK, getting expensive I know...)
I'm not kidding, see the following list of papers:
Re: Use the cloud dude!
Cloud is for sharing (esp with NSA, etc) not for critical backups. Put them off site somehow, but on your own terms (no vendor lock-in, and encrypted, and with a *tested* recovery plan).
Can't say my experience of low-end tape has been good, but equally not so great with optical disks either. Whatever your media is, you need also to plan and budget for recovering it all and re-writing it on to a new medium every 5-10 years to avoid obsolescence (and media degradation).
Personally for several TB of storage I would go with a ZFS-based NAS (ideally from someone who will bug-fix it, so not Oracle). First sync it on-site, then move it off site and do any diff backups/additions that way.
Excellent journalism here, but might I suggest "minge-monger" as the correct adjective for Penthouse's quality service?
Re: Magnetic field
Yes, I kind of want magnetic monopoles to be discovered just so Maxwell's equations have the full symmetry that would result from it:
Good point there, and one that makes me think hard about buying a new laptop:
1) There are mostly nasty plasticy things, except the very expensive ones.
2) Most, and all of the very expensive ones are following Apple's bad example of no repair/service options as the things are glues together, use non-standard parts, etc.
3) The screens are CRAP. I mean, WTF is this business where you have to pay £1000+ to get even 1080 lines resolution? I can get that from a sub-£100 monitor which is bigger than any of those laptops!
A few years back you could get decent vertical resolution from most manufacturers, now it is uniformly crap at 768 lines except for a few at the very top, and most of them (MacBook Retina and Chromebook pixel aside) are still pretty piss-poor at 1080 lines even when you are looking at a near £2k 17" machine.
So no - I won't be buying any of that crap. However, putting Ubuntu on a Chromebook pixel is very tempting if I could only justify the cost...
Won't get fooled again!
"And the partition on NTFS,
is now a partition on ext4,
And the beards have all grown longer overnight"
When, and more importantly, why did the icon move from the left to top-right of the comments?
Now is the time?
before we move from "customer" to "hostage."
This is just the latter stage of boiling a frog, it started with XP's "product activation" and the same thing moved to all of their products.
The move towards "higher margins" via cloud-based subscription lock-in, the means of screwing more out of its customers is no real surprise, as they can see the desktop market and OEM fees under serious pressure now, added to the lack of any real incentive for upgrades. Machines are fast enough for most user's needs, and other than fixing dumb security holes, what is there *new* in most OS to justify the pain and cost of migration?
This sort of move is not going to help MS in the long run, but I can't really say I care much.
<= Tux! Not perfect, but my choice because at least I have the freedom to use it as I please, and to modify and improve it should I have the ability or time to do so.
It seems the fundamental flaw that you are talking about is using software that stores your data in a propitiatory format. Are there not tools that stick with open formats where you can recover data without problems using another vendor's software?
Re: Apple seems to have had a history on this.
No problem, just plug in the Ethernet cable!
Re: .Net was the answe. Too late now...
The problem for Office is it was already developed and in use, along with the VB interpreter, long before .net came along. It has been rumoured that the stuff they did not port for Office, specifically the legacy VB stuff, was due to a lot of it being unintelligible code written in x86 assembly and thus going to be a major PITA to port and debug for other non-x86 platforms.
For Visual Srudio the problem would not be the GUI but things like the JIT debugger that has to hook in to the OS at a really low level to trace through code, etc. That is the sort of thing you really have to write for the native CPU in C and/or assembler, thus it becomes a major project for each target CPU to implement.
For most other software, had they supported win32 API and old-style GUI then compiling it for ARM should have been a fairly painless experience. But they did not, so unless vendors used .Net and are willing to re-do the GUI in TIFKAM they can't be ported.
Given the small market share of WinRT compared to x86 laptops, etc, where you can get a traditional desktop (even if the damn thing keeps jumping to metro for no obvious reason) you can see why the MS store is a touch bare still. Oh yes, and MS wanting a cut for the pleasure of allowing your customer to install it on WinRT (MS store-only) compared to x86 Win8 (any way you please).
Re: So much negativity and none sense
"a full version of Office" - but can't run any legacy VB code, so not full after all, and initially no Outlook which is often a business must-have (fixed yet?).
"a full version of IE" - you say that likes its some advantage, why? Can't you get other web browsers for WinRT that are not hobbled by TIFKAM that MS has not applied to IE? Oh, sorry, forgot about that down side as well...
"the iPad need a lot more Apps to go around it's shortcomings" - really, most iPad user I know (not got one myself) found most things they wanted were free and they had plenty of choice. Hardly a downside, except maybe for Office, but alas - not even a full version on WinRT.
You seem to have misunderstood what I said.
You also seem to have confused 'serious business' as I defined it (those business-critical stuff cobbled together over the years with Office macros and VB scripting - yuch! - and unusual x86-only CAD software, etc) where you need full x86 compatibility and really a decent keyboard as well, with managers who just want a shiny presentation device.
If you want shiny, ease of use and lots of programs, the iPad has a big advantage over WinRT. Even price until recently (perhaps, depends on how MS discount)!
The problem is that such an instruction set emulation would make the machine both slow and power hungry when running x86 stuff, and that removes the advantage that ARM currently has over x86 devices (might be OS issue then just CPU of course).
If you must have a Windows tablet, just get the x86 one and forget WinRT.
"WinRT not bad for it's purpose"
But that is not for 'serious business', as in those with years of Office VB lock-in that has requires code not been ported to the gimped version of Office that ships with the WinRT slabs, which is a reason why they have to stick with Office in the first place.
For other users, yes if it was significantly cheaper than the equivalent iPad/Android set-up it may be quite attractive. But it is not, and unless they are in to loss-leading hardware in a BIG way, unlikely to become so.
"Of course Windows 2000 and Windows ME didn't affect XP market share.... they both predate XP."
However, w2k was rather good and lasted me until 2008, and olny reald advantage I saw from XP was better USB support (which was missing completely from NT4).
On the other hand, ME was an abomination by any accounts, so XP would be a huge improvement on it!
But really, and already said, most folk don't have much spare cash and older PCs work just fine. De-crap an older XP machine, or better still stick Linux on it (as then you can usually do without the burden of AV bloatware), and it will do 99% of what the average user wants for little cost.
"Almost, but not quite?"
Who guards the guards?
How do we know the block list is KP and not used to add other unrelated but politically undesirable sites (as the leaked Australian "great firewall" attempt showed)?
This is exactly why ISPs should not be allowed to have close arrangements with other services, the whole "net neutrality" principle, as they won't act in favour of their customers but for their partner's profit margins.
As this is an European site, if they are breaking copyright law in Sweden, why not prosecute them there?
The blocking of web sites is a very dubious act, almost acceptable in the case of kiddie porn, but really not when it is being used to enforce artificial copyright boundaries that free trade should permit. What is bad about it is there is little chance (or inclination) for a foreign site to fight in a UK court even if it is in the interests of the UK public, so such court orders tend to get rubber-stamped and not subject to any proper test.
Re: UN966 Hong Kong to Moscow
More likely FSB operatives waiting with a bottle of decadent western champaign and a request for an autographed copy of his files...
An article about an NSA project. The advert runs "Office 2013: A Breakthrough In Productivity".
Productivity for whom?
You forgot to mention this is also the site of the UK's best bacon sarnie, as voted by El Reg readers.
I guess probing bacon sarnies is what you do when not following the UK's leading on-line lesbian magazine?
Re: Yeah, right
I hear them, and I am paddling as fast as I can to escape!
How times change
1765, colonial America: "no taxation without representation"
2013, rest of world: "no snooping without representation"
Re: What Security?
That is a valid point, and not just about Android.
It is high time that all devices with embedded software had a legal requirement to provide timely fixes for all notified security exploits for at least 5 years after purchase, along with proper financial penalties for the companies selling such devices that fail to do so.
Think of all of those phones, printers, routers and numerous other semi-smart devices that have a network connection and no one looking after them.
I agree that changing the doctors sex and/or colour makes no sense. But would be happy to see Freema Agyeman again (ideally with less clothes).
<= mine is the dirty mac.
Re: My vote goes to
Yes, I am sure we could all find some way to slip Nigella in...
Re: Bill Clinton
That would suck!
Will this info on "unified communications" cover how best to talk to your NSA handler?
Maybe the looked at the success (or otherwise) of the French before acting?
Really, there is a need for providers to grasp the inevitable which is no geographic limitations and DRM-free formats that users want. The 'stick' of DRM and legal threats has not worked and is unlikely ever to work, where are the tasty carrots?
Re: The Swivel Eyed Loons carry the day
Claire Perry who is both dumb and anti-pr0n has a failed marriage?
Sadly it iis cruel to laugh at another human's misfortune.
Oh wait, its a politician? HAHAHAHHAHAHAHHAHAHAHHAHAHAHHAHAHAHHAHAH...
Difficult to tell if you are just trolling or not.
Who makes up these lists and/or equipment? Last time I looked it was USA or Chinese suppliers. Do you really think they give a rat's cock about what the public should be seeing by the UK's laws?
Really, but on who's definition of illegal? And why can't we see this block list?
- Very fabric of space-time RIPPED apart in latest Hubble pic
- 10 years of Facebook Inside Facebook's engineering labs: Hardware heaven, HP hell – PICTURES
- Dell charges £16 TO INSTALL FIREFOX on PCs – Mozilla is miffed
- Google! and! Facebook! IDs! face! Yahoo! login! BAN!
- CIA snoops snooped on Senate to spy spy torture report – report