Re: This is news???
If wales did not have a HUGE blubber layer, they would die
Swansea can be a bit chilly, but it's not *that* bad...
5532 posts • joined 7 Dec 2007
If wales did not have a HUGE blubber layer, they would die
Swansea can be a bit chilly, but it's not *that* bad...
They are a means of employers - motivating their staff by feeling that they are creative, providing a tiny bit of CV fodder, and mostly just doing business.
That rather depends on the employer; I worked for a company that paid quite a lot of money on filing, and a lot more on grant.
And that's why I have rather more than patents to my name than you do :-)
Hmm, nominally FPGAs need coding in a hardware description language, like verilog of vhdl, in order for the thing to work
That's not been the case for quite a few years now; FPGAs are programmed in a number of different ways - including C.
cant be changed so it cant be one of them
It *can* be changed - the AAIB have at least one with no such restrictions.
This is, naturally, not a trivial modification to make; the manufacturer can do it, but I've no idea if anyone else can.
They're not smoke. They're dry ice
They're usually smoke - a fogging fluid is passed over a heater element to create smoke.
Dry ice is a rather different effect (it tends to give you a very dense fog at floor level) and is more expensive.
Companies then need to implement SPF/DKIM for ALL their domains which many companies don't do.
It's worse than that. Some companies publish stupid records.
I'm currently seeing spoofing attacks from domains that have multiple /24s explicitly permitted - that's never going to make sense.
But worse than that - there was a phase some months back where I was seeing many records ending in "+all" - thus explicitly authorising absolutely everyone. I contacted several domain owners to tell them about htis - not one replied, and not one changed their records. I actually modified my SPF milter to treat "+all" as "-all".
Firstly there's no mechanism to verify the client that makes the request is allowed to do so
Maybe not in Unix, but Linux permits this by way of SELinux.
Secondly although the disk might be allocated to a server ID and group with 660 permissions there's nothing to stop a rogue program elevated to root from trashing the whole disk area.
Again, SELinux sorts that out.
The other is to not have that omnipotent root.
You know what I'm going to say, don't you?
Russell Coker used to publish the root password to his server on his website. And allowed root logins over ssh. Yes, you could log in to his machine as root. No, you couldn't do anything special with that root access...
Another would be to verify message source
SPF and friends have been around for a long time - the problem is that far too many people simply don't care. Publishing a record goes a long way towards preventing spoofing, but far too many domain administrators will gladly write enormous essays about how it takes too long rather than add a single TXT record to their DNS (which would take them just a few minutes). People are actively hostile towards protecting their own assets...
 SPF cannot be perfectly effective until everyone uses it - but that doesn't mean that the partial effect we have already doesn't make a huge difference to the problem.
The seat belts were automatic. That is, they were motorised and automatically came forward for the driver and passenger to buckle themselves up. Never seen that in any other vehicle.
I first saw that on a hire car I had in the US. I think it was a Camry - something like that.
That was ~20 years ago...
No jury in the land is going to convict you for calling Piers Morgan a shiny-faced arse.
I rather enjoyed Stephen Fry's definition of the word "countryside" as "killing Piers Morgan"...
Is there a latin phrase for all this that the lawyers can slip in ?
I would like to say that this would be a case of fucti sumus, but I suspect the lawyers will actually declare it fucti estis.
HTH, HAND< etc.
Is it a hate crime when I'm attacking my alter ego?
As the article mentions, it is the sending of the message that is the offence; no-one needs read that message or be offended at it.
I'm just thankful that our Lawmakers have solved all the other more important stuff and have finally got round to such obviously-needed work on how people talk to each other...
A hash allows for collisions,
A decent hash has very few problems with collision - but besides that, that's part of the reason for using a salt. Getting a collision on a slated hash is very tricky indeed.
plus what if it's a situation where it MUST be stored (for example, to allow for a recovery because a reset can't be used--ties to other security systems, for example)?
No such situation exists. If the password is lost, you reset it. Recovering it is asking for trouble.
Any database that DOESN'T enforce a maximum length will become the victim of a DoS attack as someone exploits the lack of a length check to fill up that system.
No it won't. The database must never see the password - just a hash of it, which is a constant length.
Any database storing the actual password is ripe for credential-stealing.
at least put on the signup page what the bloody max length is
Any account with a maximum password length is necessarily insecure. You should think very carefully about using it at all...
Who is going to hack into my account here and post comments in my name?
So post your password. You'll soon find out why it's a good idea to secure it...
You can download GPG right now for some crypto-magic based on RSA. Try to make productive use of it or even integrate it into an e-mail client, then. Good luck.
If you have people who want to use it, it's really not that tricky; the difficult bit is getting people to care.
Setting up GPG or similar requires a key exchange just like getting a new house requires getting the keys. But whilst most PHBs understand why having keys to your house is a good idea, I've yet to find a single one who understands why one might want to do the same with email.
We need to start with a new OS, first and foremost, that compartimentalizes the user interface adequately (like in QubesOS), then build simple, usable tools on top.
Building simple tools that do one thing well is something of which I wholeheartedly approve - that is the Unix Way. But compartmentalising the UI? Most people seem to be against that - integration seems to be the order of the day. The ability to cut&paste between different devices makes my skin crawl, but that is what seems to be popular right now.
But starting a new OS? Probably not.
With computers, the problem isn't that some idiot put the wrong liquid in the engine by mistake. The problem is that some bastard put malicious liquid in the engine on purpose.
What opften happens is that some bastard asks the operator if he can put malicious liquid in the engine, and the operator says "yes". To fix that, you either need to train the operator not to trust malicious bastards on the Internet, or you need to prevent his ability to change the oil in his engine. Your argument is for the latter, but this just doesn't sell. People want multi-purpose computers, and that entails responsibility for their correct operation.
I realized that she had connected her mouse, put it on the floor, and was attempting to use it like it was a sewing machine or something.
Years ago, that was entirely understandable for secretarial staff; they'd usually come from using typewriters (using both hands) and a dictation machine which was operated by foot pedal.
Many seem incapable of reading the sign over the handle that says: "PUSH
A pub I frequent has a sign on the toilet door that states "PUSH HARD on way out".
On the inside is a doorhandle on the hinge side of the door...
I still have to conjure up memory aids and parse them to consciously derive the proper side each and every time I need to use them
My mate's girlfriend is much the same. When he's giving her directions, he doesn't use "left" and "right", but rather "watch" and "bangles".
And that's fine. But I don't wear bangles, so when I'm approaching a crossroads and he tells me to turn bangles, it can get a little confusing...
So remap a key or several
Do I really need the "Joke Alert" icon for every single quip?
Mines the one with the link to the vi handbook stitched into it
I think I'm going to have to learn emacs.
The Esc key on this laptop has failed...
It is the Murphy's Law corollary: "Anything which can go wrong - will go wrong - at the worst possible moment"
I think that corollary is actually "Anything which can go wrong - will work perfectly when you're trying to demonstrate the fault to a service engineer"...
I think the bleeding edge tends to be the biggest risk; think headlights that steer around corners.
That's hardly "bleeding edge"; the Citroën DS had steering headlights in 1967...
TLDR; things are getting more productive
I'm really not sure that's true...
ironic that the F16 is a "better cheaper F15"
IIRC, the F-16 was predominantly a *lighter* F-15.
But the F-15 - vintage, lardy porker that it is - still out-flies an F-35...
err... the same way it got out of the hangar/carrier garage?
Well, you're not going to see a F-35A on a carrier.
So how do you think it gets from the hangar to the apron?
Wouldn't you need to have started the engine to get a choice in that?
OK, here's a question for my downvoter.
How are you planning to manoeuvre the aircraft on the apron without using the engine?
If the website has cocked up, and left a load of customer details accessible without authentication, we cannot reasonably expect that downloading them is authorised. Just as, if I left my front door unlocked, I have not given a burglar authorisation to go in and take all my stuff.
There is one distinct difference between the two sides of your analogy: the latter involves actually going in and taking stuff, whereas the former involves asking an agent of the owner for that stuff, and being given it.
The analogy I use is of a rather dim butler. If he answers the door, an I ask him "may I have all your valuables, please?" and he gives them to me, have I actually committed an offence? I'm not fraudulently claiming to be entitled to any of those valuables. I'm not pointing a gun at him to enforce compliance. I'm just asking him to do something in the same way that everyone else asks him to do things.
So it is with gathering data from a poorly-secured website; if all I do is to ask the site's agent (the HTTP server) for a resource that is permitted, but the owner would probably rather wasn't, how is that an offence of my commission?
 I can't be arsed to trawl the Theft Act for an absolute resolution of that question; I suspect a desperate prosecution might go for a "conspiracy to steal" charge, but I can't see that sticking if it were clear there were no significant previous dealings between me and the butler.
Well, if the rest of the world decides not to play that game the US has a clear choice: it can forgo the ability to have such crimes prosecuted or it can decide that maybe it's not everyone else that's out of step.
You forgot Option 3: throw its weight around and force others to accept its view.
Which do you think is the most likely?
Pretty sure that if there is a crime in gathering evidence it is inadmissible
That's US law. It's rather different on this side of the Atlantic :-(
US law is actually pretty clear on this. If you're standing on Highway 35 in Kansas, and you shoot someone who's standing 100 yards down the road in Oklahoma, it's the state and people of Kansas that you'll be answering to
And yet - if you're sitting in your room in the UK and you get a computer in the US to send you some data it shouldn't, the reverse applies...
the biggest threats these days seem to come from terrorist groups who are not necessarily affiliated with a single nation
They really don't.
The actual damage caused by terrorist groups is actually very small when you add it up - even the atrocities at the World Trade Centre in 2001 aren't significant when you compare them to the other ways we have of killing ourselves that don't get a mention on the news.
The reasons we see more column inches about terrorism than other more effective ways of getting killed are left as an exercise to the reader.
Don't flaunt your ignorance about naval matters! That should be "Shippy McShipface" [sic].
For a submarine?
I think not...
It's all about incentives. Put the right ones in place, and people will write good code because it is personally beneficial for them to do so.
Put the right incentives in for the PMs, and the testing gets done properly - again, because it is personally beneficial for them to do so.
Put the wrong incentives in place, and you get chaos.
Put no incentives in place and you get the current situation - "ship and be damned". While there is a penalty for late shipment, but no penalty for shipping crap, guess what goes out the door?
Steve would be disappointed in me (or possibly in Apple, who knows these days).
Steve would be frothing at the mouth with the way Apple is doing things these days...
I'd just like to point out that the colloquial general meaning of "having / doing something on autopilot" is "not having to pay attention to it"
ITYF it generally means "not paying attention to it", whether or not such attention is actually required.
That seems somewhat apposite in this situation...
True, but pilots are given years of training, including in how to use the autopilot
I had 45 hours of training before I was granted a licence. Many car drivers have more than that before their first solo...
The point about a pilot's licence is that there is a combination of examination and continuous assessment - with the instructors taking personal responsibility for much of the student's conduct, even if the student is alone in the aircraft.
 That included the two hours of my test...
Stationary engines under continous load can be stupendously efficient
Not really. All heat engines have an absolute maximum theoretical efficiency of
1 - TC/TH.
For the temperatures involved in any practical engine, the efficiencies still stink, even if they beat yer average car engine...
They failed to mention that was because it was very windy over the whole UK
For wind to work, it needs not to be "very windy", but rather "suitably windy".
If the wind gets too strong, the blades get feathered and the turbines shut down...
Sadly, some do "make fun" and worse of the person who has a funny walk. Never an "okay" situation.
That depends on whether or not it's funny.
There's a TV programme over here called The Last Leg. Two of the three presenters have artificial legs. Many of their guests are in some way disabled - particularly during the Paralympics. And they take the piss *mercilessly* out of everyone - able-bodied or disabled. It's an equal-opportunities piss-take.
I thoroughly recommend it...
Protocol Politics: The Globalization of Internet Governance, Laura DeNardis, p157-8
That's a paper from 2009, and as such, does not constitute substantiation for the statement "the spirit of the Internet is that any connected device should be reachable by any other device if it wishes to". The Internet predates that paper by some decades, and whatever claims it might make about what people thought in the 1980s are not going to bind the designers in the 1960s.
If you're not going to believe me, then what was the point of asking me if I've done it?
You were making an extraordinary claim. Such claims require extraordinary proof - I'm prepared to believe it only if you can come up with some evidence to support what you claimed. You didn't - you just posted how you could perform NAT at your perimeter, which is a world of difference from showing an ISP inserting bogons onto your WAN link to be forwarded onto your LAN. That last requires assistance from your ISP, and rarely works anyway. Thus - as a number of us have claimed - using a NAT router gives you a first line of defence because an attacker simply has no route to the machines inside your perimeter by default. You've had a chance to disprove that - and have done nothing of the sort.
With "ip addr add". I have a routed internal network, so essentially my main router is the WAN-side interface of the second router
No you haven't. The packets do not leave the kernel in that situation, Put a real analyser on the wire and you will see that you are not putting packets WAN-side.
Didn't I say that right from the start? "Your ISP could access your network"
And, like I've said, that is only ever possible in the event that you have a malicious ISP and you've got a rare and shitty type of router that bridges WAN to LAN rather than routes. We can discount that last - I only ever found one design that did it, and it is clearly a broken design. So that leaves us with the simple situation of "no, your ISP cannot access your network", which is the opposite of your claim.
That was the whole point: NAT doesn't block inbound connections
Yes it does. Try it - set up a NAT router with no firewall an no configured forwarding. Now try to connect from an external source to one of your internal machines - it doesn't work unless you deliberately set up something like STUN to defeat the NAT. You keep claiming that this is the firewall rather than the NAT, but if you actually set this up on a NAT router without a firewall, you'll see that the connection drop must be from the NAT because there is no firewall to do that job. This is an extremely common scenario - I'm using it right now. Your refusal to accept this simple truth leads to any number of misunderstandings, but that is what they are - if you were to port-scan my external IPv4 address right now you will get no access to my internal network except on ports I have deliberately forwarded, despite there being no firewall on the connection. Denying this is a fool's game - this is my network, and yes, I have checked it. Telling me that the firewall is what stops anyone getting to my machines is wrong because there is no firewall there. Do I need to repeat this a few more times? Your claim is wrong. It is demonstrable wrong, and it does not survive simple inspection. Reality must take precedence over public relations, for Nature cannot be fooled.
Of course they do exist, but they're not what ISPs are using to deploy v6
No, but they are what ISPs have been using to deploy v4. And there is exactly the source of this argument - for v4, NAT gives you a default DENY situation, but a v6 deployment gives you a default ACCEPT, with an additional firewall required to give you the same effect. So yes - we all <b.knwo</b> you need a firewall for v6-without-NAT, and that is the bone of contention. Were IPv6 proponents to stop demanding that v6 be deployed with globally-routable addresses everywhere and no NAT, the same situation would occur. But apparently, we need to accept the dogma, rather than use our own kit as we see fit.
Also you said this: "our experiments with forging LAN addresses on the WAN port only got through to the LAN side on a few really shitty routers". I guess your Vigor 2600v is one of those really shitty routers.
No, it isn't. Forge a bogon on the WAN side and it doesn't make it through the router. That is why NAT is useful as a first-line defence to prevent external agents from looking at my network.
In exactly the same way you pick your v4 WAN addresses. Which, yes, means that they're assigned to you and not very memorable
Precisely. o claiing that IPv6 addresses are memorable i entirely bogus.
but that's the same as in v4 so if you're happy with it there then you should be happy with it here.
It's not the same a v4. v4 is a 32-bit address space, and that's really not too difficult to remember. v6 i a 128-bit adress space, of which at least 64 bit must be remembered if we're allocating MAUs. If you're tryin to make v6 as memorable a v4, you would need to change the MAU to a /32, and that will give you all the exhaustion problems of v4 with te complexity of v6.
the point was that the manufacturers added the ALGs to try to fix up protocols that have trouble working through NAT
That might be why ALGs were written, but the practical effect was to take a protocol that worked flawlessly through NAT an turn it into something that didn't.
ISPs are deploying routers where the inbound firewall /is/ set up by default. A fair comparison would use the routers that people are actually using.
That's what I am doing. If you think IPv6 router are in common operation, you ave a nasty shock coming. Your configuration i very far from usual. I would go so far as to say "niche". IPv6 just isn't widely deployed, however much anyopne might like it to be.
Now I'm siure you want to have the last word on this, so you go ahead and do it. I've wasted far too much time on this already, and your assertions are simply not supported by reality. I don't intend to engage further with you on this thread.
1 cubic meter = 1000 litres
4kg = 1000 x 4cc
Liquid helium has a rather different density to liquid water...
Two different companies I've worked at have had to resort to making up a special package
Years ago, when I was diving OC, I bought myself a twinset. I bought it at the dive show, where I got an excellent price, for delivery a week or so later.
It turned up a while later - with one cylinder sitting a good 3 inches higher than the other, and the manifold bar bent into an 'S' shape. It had clearly been dropped hard on one corner. The seller was very apologetic, and arranged for that set to be collected and a replacement sent. I imagine the courier got something of a bollocking.
So the replacement turned up. If anything, it was even more damaged. Another phone call, another collection.
The third one turned up. They'd built a custom wooden crate. The twinset was in perfect condition, and I didn't have to buy firewood for quite some time...