280 posts • joined 12 Apr 2007
No need - all you need is an insider
These guys deal in fear. Disclosure costs a company gazillions in lost customer confidence and bad publicity. If I were to run a job like that I'd buy myself some good quality inside files from a techie in ops, which is a cheap investment. Mostly beer and some threats to relatives - job done.
At that point you have data to make it credible you have somehow managed to hack into the core, and after that it's balancing publicity, security and so haggling.
Cheap, high return on investment, and no real need to be 'l33t' hackorz.
Most companies don't manage systems tight enough to disprove your claim, so they would either have to won up to that or pay.
And here endeth today's lesson about thinking like a criminal.
"independent" advisory work?
Sorry, since when has this become a comedy website?
Oh, it always was.
Nah, done the TomTom thing..
I still have Tomtom software on my machine for my neighbour who bought a new Tomtom but suffers from (a) having a Mac (not terribly well supported) and (b) having less bandwidth which means an update requires ages. As he already is an OAP I decided to do it for him before he passes away..
I used TT on a Palm, and on a Sony Ericsson UIQ 3 (P1i, which isn't really supported but it works), and that was subsequent versions, both with Bluetooth sat receivers. Compared to the Mio approach I must say I prefer the Mio, although that has a few options it still needs to introduce like switching to a dimmed map in the evening (you have one level of backlight and no "blue coliur" map for at night like TomTom).
But its zooming and map tracking is much more comfortable than Tomtom. You approach a roundabout, it will tilt the map to show you the right exit. Multi-level motorways? No problem, it's clear. Knee deep in the menu but need to go back to its main function, being a map? Top level button is always there.
Your mileage may vary (pardon the contextual pun) and presonal preference may differ and all that, but I prefer the Mio..
Wow, what an open door for headlines
"Draining water utility"
"Man needs water boarding"
Mine's the one with the snorkel. Flippers too, thanks.
Depends on their terms of service, I think..
Isn't there that little clause in their accpount that the bank doesn't take responsibility for errors etc etc? Might wotk for once in their favour, methinks..
Sorry, I can't quite make that connection, too much blood in my caffeine.
Or are you proposing to load the things with weed? Would be interesting, just not very effective.
geneticist Xue Zhang of the Peking Union Medical College in Beijing has "scoured his country for cases".
I guess it's a challenge when you can only do this at full moon..
Mine's the one smelling of garlic.
Well, sorry, that's actually not her fault
Let's go back to basics here. Why the heck hasn't anyone in that vast crowd of hangers-on dealt with this up front? It doesn't exactly take a rocket scientist to work out that the device will be lost at some point, so some bloody planning would have been normal due diligence in my opinion.
It's all too easy laughing at the VIP but I'm of the opinion that this is exactly the job you have staff for. Sack 50% of the flunkies and get some people who know what they're doing.
So, is this "expensegate", police version?
I sense a trend here. A well exercised process, last seen executed during ExpenseGate or whatever it's going to be called.
1 - Something strange happens, nobody *quite* knows what's up
2 - formal statements are made, typically claiming to be "right" and "the law" and "everything done correctly" and "the rules were followed to the letter" (in this case the law)
3 - any attempt for independent and unbiased investigation is fought
4 - public entity thus smells a rat, opinion enforced by event (3)
5 - deadlock is finally broken by either an internal leak or politicians who dislike the noise taking away their headlines
6 - smelling rat is found, explaining the obstinacy in point (3)
7 - lots of people say "sorry" and "have to restore trust"
8 - people go to the jail they were heading for since event (2)
So, I expect a move to stag 4 now.
I'm obviously getting old.
I remember working with police men I was proud to be working with. Have they all retired?
This gives some more ideas..
. as it is indeed a fact that that email address was used for official business (indicated by the "gov", and thus not an accident) there are all sorts of ugly questions that Palin may face.
Not using an official system, not properly securing official communication etc etc.
IANAL, but this could get quite entertaining to the point where some people might wish it go away rather than go after the hacker.
@ Other options?
"But I wish I could integrate it (or something like it) more easily into my home WLAN."
You're looking for a print server, they also exist in WiFi versions. It's a tiny box with a USB plug and a WiFi antenna (logically), and a driver on your PC will fool the Epson software into thinking it's a USB link it's talking to.
For this to work you need so-called bi-directional support, so make sure the print server you buy supports that.
I've been using this for years..
@ Can I just say...
"This government drives me up the bloody walls with their complete refusal to listen to a bloody word anyone says!"
You haven't been paying attention. On the contrary, they listen to every word. That's exactly the problem.
Mine's the one with the plane ticket and the RFID free passport, thanks.
I hope it's worth it
I'm about to hand back the company iPhone I have (end of contract) I'm in two minds if I should sponsor HTC for one of their nice machines, or give Jobs the opportunity to buy another set of rollneck sweaters.
I'm not overly impressed with the iPhone right now, the interface has no depth - you remain a beginner. And the apps - well, "cute" is the best I get to. It's not a good Blackberry surrogate because of the lack of keyboard, it's not easy to secure because of the lack of background process ability and it's not easy to code for it because of the lack of a more accessible platform that hasn't got a bunch of morons arbitrarily decide what the like and what they don't (not to mention the delay for no discernible added value).
However much I dislike MS in gneral, what HTC has done with Windows mobile is interesting, and there are at least plenty of apps out there.
Just my opinion, of course - I fully expect an incoming stoning from the Worthy ..
Umm - they don't need to wait for Apple there - why do you think y'all got webcams? Generosity? Never read any BOFH stories?
Sorry, that is not a formal No10 answer to a problem
It doesn't announce the creation of a committee anywhere, which is, as we know, the Gordon Brown version of being "decisive". So I call BS on this - you made it up.
@ Re: Just spat out my tea
My personal favourite is the TV version:
Um, isn't this a case of wrongful arrest?
Just wondering ..
My favourite quote
"Alpha is trying to win page views in a space where Twitter has proven that your average user's attention span maxes out at 140 characters"
Genius, pure genius and all of that in 136 characters..
In defense of Alex
OK guys, lighten up.
I would agree with ribbing Alex a bit for considering a database the IDEAL solution, but he does have a point - one of the huge problems is the absence of data sharing. There are a couple of ways of fixing that, and a central database is one of them.
However, I note with interest that nobody disagrees with the database per se - the main concerns and flames are about access control which in the current model appears, well, let's call it weak and consider it a mild understatement (cough).
At the moment we have no idea if this database will really help or not. The statements made in Parliament were misguided and in some places wrong, but let's consider the available skill level there - who knows if she even understood the briefing? I bet it was full of jargon to start with which defies most mere mortals, let alone MPs :-).
However much I'm against the idea of giving this government even more data to lose, maybe we should concentrate on what can be done to make databases and information management overall safer (and offer some new ideas while we're at it). There are ways to do it right, but that cannot make headway by being totally negative - we have to start somewhere. So let's start with this one.
Training the end users is at least something new. That doesn't turn them into the safe beings we'd like, but it's a start. Working on some sort of role template to restrict access is a good idea too. Creating rock solid accountability would be nice too - if you know that every access under your name will be visible on audit you'll become more careful too. Etc etc etc.
What I'm especially interested in here is the disaster planning for when a leak occurs. This is called managing risk, and I would hope to see evidence that this project has thought a bit beyond just managing the bad press if it goes wrong. Realistically, anything that size will always have some leakage (usually via personnel) so you need to plan for that. Lockdown, audit, the works. I have seen nothing so far which actually worries me more because it suggests an absence of realistic risk assessment. Given the people involved I can't quite believe that, but I prefer evidence over assumption.
Let's get creative and constructive. Being negative is easy - it's also incredibly lazy. Granted, that's not a bad attitude for IT people (grin) but it doesn't show any insight.
Or have you all given up already?
A bit shortsighted..
.. without sex there won't be any new taxpayers. But hey, we already knew they are crap at forward planning..
I'm off to do some sound proofing, thanks.
So, the magazine ..
.. withdrew AFTER the singing?
But hey, he obviously didn't win that competition hands down. Well, not before they were up first..
Mine's the one with "Repetitive St(r)ain Sufferer" on the back, thanks.
Don't worry about the dropped tissues, I've got plenty
Thank you, and good night.
Let's see some evidence first..
AFAIK memcpy() is only one of the many ways in which you can hang any half-awake coder himself in C (some manage it when awake, but let's say charitable - I'm ignoring the chorus asking "why?").
Well done for thinking about security, boohoo for going straight to the press and trying to milk it instead of bloody DOING something for a change. Trust comes from casual "oh that? Yeah, we thought that was unsafe so we improved it" instead of trumpeting high and wide "look everyone, we bought a new padlock. Look how shiny it is, and how big¨" whilst still having a wooden backdoor with a simple latch only.
Do, don't talk. Show me. We've 20 years of marketing so pardon me for being cynical.
Quality quote - thanks
"Customers were earthbound for several days"
Hahaha - I like that one..
Ah, you know why, of course..
.. it's because you're worth it..
Mine's the one smelling of roses :-)
Umm, possible easy answer for Oracle
Oracle: makes us lots and lots of $$
MySQL: keeps customers away from the above.
Q: what can we do to slow down MySQL to retain our cash cow?
It's an important question, because I know for a fact that lots of banks use MySQL. I know of one person that uses it because PostgreSQL can't keep up with what he's throwing at it (think trading data at wire speeds), and his company doesn't like thing they can't buy support for.
So, why would Oracle support MySQL in any way, shape or form? It won't make them quite as much money if people go the MySQL route because they don't need the Rolls Royce version (and associated weighty overhead). I can even see Oracle try to stifle further MySQL development unless they find a way to make money off it.
Just my opinion..
It's not that easy..
You can't fine a company out of existence, but you can fine them something that cannot be paid out of petty cash or bypassed with badly advertised voucher scams (like the US DoJ vs MS case).
Two things happen: shareholders wake up (i.e. can no longer claim ignorance), and the company now has a conviction on record.
It does not mean that Intel can progress as before - the intention of a fine is to change behavior, and if that does not happen Intel will face ANOTHER case. With the previous fine set at this level, the assumption will then be that the fine was insufficient, which can make the next conviction extremely dangerous as the commission has wide ranging powers (for instance, it can control access to markets AFAIK)..
So, yes, the fine is a percentage of gain, but no, it's not so small not to make a difference. It's the first fine after a series of warnings. MS has already discovered it cannot BS its way out, and it has already found just how uncomfortably good EU monitoring works vs what it is used to in the US - and no way to buy themselves out (as far as I recall they tried that too).
Intel is learning that first lesson now as well - if they comply, fine. If not, more will come their way, and rightly so. The EU has nothing against success, but everything against abuse of a monopoly position, and even more so since teh US appeared to be incapable of developing a spine in that context (which only emboldens the abusers).
So, instead of being harassed by ads I get harassed by messages asking if I want ads. Yeah, big improvement.
Well, here's another solution. I don't block ads unless they get in my way, are brutally irrelevant or are so untargeted that they really waste my time. In other words, I start with a blank blacklist.
If there is a site I visit often I accept they serve ads, and hey, I may even click on them. Serve me a popup or a popunder or (major sin) play music/video the moment I land on the home page and it's zap - either you're off my visit list altogether or that's what I like to block. It would be nice if the website owner got that as feedback because then he/she will know what pisses off users and what is acceptable.
The whole problem with ads is that they are similar to spam: the majority is wasting your time (and steals your bandwidth and IT resources) to try and sell you crap. Well, no - that's what created AdBlock. Do it sensible and there can be some sort of balance. I have a business too, but I won't serve ads. Maybe I should, but it's not how I envisage making money.
There is one specific reason I like OOo best..
.. the OOo team doesn't suffer from the compulsion to throw away the current user interface.
I have used the MS Office suite extensively over the last years, but even without Vista slowing it down the 2007 version has been an expensive drain on my time because EVERY little thing has been relocated because some designer thought it was best for me. My opinion of the result is not suitable for publication.
No, I don't want to shave microseconds off my day because SOME commands are now "easier" to find (and I'd dispute that anyway) - moving everything around without an option to go back to the old (read: familiar) structure has costed me more time that I will ever be able to recover by accepting this stupidity (hello KDE team - this may sound familiar?).
So, in the end I gave up. I prep most work in OOo where everything is where it always was, and then export it to that inferior standard called MS Office format. My master docs, however, remain in ODF, with the sole exception of Scribus docs..
Oh, and there is, of course the advantage of being able to work on any platform I choose.
It's not *all* plain sailing, though: the handling of colour in "schemes" is, well, crap. Conditional formatting in OOo calc thus becomes a matter of defining some general formats before applying the conditionals - no way to define them on the spot. I must file that as a bug - it certainly ain't a feature..
So, overall both thumbs up for OpenOffice - again a quality job.
The 3 app limit already works for Apple
Bluetooth, phone function and any app you care to load. Hi MS, Apple may have patented that when they developed the iPhone. That's right, they don't know about multitasking either, but rather than let people reboot hourly for stability they kill off any app.
So that, to me, is a retarded platform too, but hey, amateurs only need it to be "skin" deep anyway, no?
They wanted to call the kid IQ, but didn't know how to spell it.
Alright, alright, I'm going already..
I operate a blacklist for ads
I'm OK with ads on a website - especially on topical sites they sometimes do show me something I'm interested in, and it's good they benefit for showing it to me.
However, I have absolutely zero mercy for ads that get in my way. Ways to get on my banlist are:
- resizing my browser. I scaled that browser for a reason, so thanks for f*cking it up
- playing music the moment I land on the site. First, a home page must be as small as possible, secondly you may make me disturb a quiet office. It's the same reason I disable all the logon and startup sounds from Windows - I'm not paid to advertise for them, thanks.
- popup and especially popunder: it means I have more to close and you get in my way.
- flash based home pages and overlays. Apart from the fact that it slows me down, I have yet to see any flash animation (and navigation) add something sensible to a site. An exception are (for me) fashion sites which are all about design and specific layout. And even there it's very annoying, pretty as it is. They're not all as talented as the Tokyoplastic guys with their drum machine.
- fronting videos with ads. This is one that is caused me to stop using BBC - fronting the video with an ad without the ability to skip it. Although it's quite lovely (in a sarcastic way) to see a major airline flaunt its stewardesses just before you then get the video of a major disaster zone, it slows things down. I have patience, but not for ads (a reason why I have stopped buying especially Disney DVDs as well).
As for installing a covert bypass, WTF? What happened to talking to each other, privately as well as via forum? The guy has ruined the most precious thing you can have as a coder and human being: trust. Mea culpa's come AFTER the facts, how could a user be certain he won't do this again some other time? More to the point, how come he could add code without the segment showing up as owned by someone else (and thus flag it for attention)?
We all make mistakes, but it will be a long time before someone trusts this guy again. That was a heroically moronic thing to do.
I wish them luck
I think the world is more than ready for companies to show you can turn a decent buck without committing fraud, deceiving customers, cheat on laws and taxes and buy/bail your way out of the eventual prosecution.
MS APPEARS to have done much
"Microsoft's done much to reach out to open source. It has made Linux and open-source software work better on Windows, released its code under OSI-approved licenses, and sent ambassadors to Linux and open-source events."
I suggest you check what all of that lovey dovey smoozing actually delivered for both parties other than slow down monopoly convictions.
@ Ah nostalgia...
Ah. And when do you get out?
Next up in the cantine: goat stew..
It's just a new challenge for the Google cooks, mehehehthinks.
With feta cheese, of course..
AW - it's corrected. However..
.. kudos for mentioning the correction. Admitting a balls up takes, well, balls..
Umm, small question here..
Pardon me for asking the blinding obvious, but isn't it the responsibility of the drivers to avoid hitting people in the first place? It's a bit discriminating to just want to protect blind people, no?
This is going back to having someone with a red flag walk in front of your car (damn, you have to avoid running that one over too :-).
I would increase the fines on driving without due care and attention. Doesn't cost much, is seen to be doing at least something and doesn't start a debate on "how loud" and "what kind of noise" which will last forever without addressing the problem. But would kill off a potential market of "pimp my car sound", of course.
@ convenience fee
> That's not a "convenience fee", it's a licence to print money!
So? That's then quite "convenient" for them, no?
Bunch of cowboys, the lot of them.
@ Off topic but please...
Now stop whinging, you island dweller. Be glad El Reg is read across the planet and, more importantly, that it doesn't report purely on UK issues. There's only so much data loss, cockups and human rights abuse you can report before it becomes boring.
As for the topic, I don't think PB have exactly helped themselves with what I can only describe as arrogance. They may have to learn the hard way that courts are NOT about justice, but about law and process. Even if you know the law, as a layman you can trip over process. I can well understand a judge ruling guilty to try and correct their behaviour - especially since they already announced they would appeal. But the arrogant sh*ts still haven't worked that one out.
(to make this clear, I hope they get off but not because of legal reasons, more because the RIAA has dirtied its copybook considerably with teh US campaign - I like a bit of balance)
If they have any brain cells that actually work they would change their tone somewhat over the next few days. Just my opinion.
According to some movies I've seen they also take long lunches with wine and Camembert and bread.
For a nation that is all socialist they're doing badly on the human rights aspect of it all, but if they're willing to take millions of holiday travellers hostage during the summer I guess kidnapping a couple of people isn't really that much of a stretch.
Wait until this goes wrong, and see who then claims responsibility. I bet white flag production will immediately rise.
Is that enough prejudice? Or do I need to add something with onions and garlic and London-tube-compatible bad hygiene?
I only ever bought ONE app - because only that was worth it
I'm deliberately limiting my "exposure" to the iPhone - it's too dumb and restricted for me and impossible to properly secure. I have up till now only bought one single app that I thought to be worth the money.
It's only redeeming feature is that it runs TapForms, which is the first database since the old "FIND/SAVE" on the Psion Organiser II that is actually simple and usable. If they code that for Symbian Nokia will have a sale and I'll go back to the iPod Touch or something.
@ A video of me being asked to stop filming...
Could someone who knows the applicable laws do a summary of them so they can be examined and, if needed, quoted chapter and verse when a situation similar to what happened to Nick (A video of me being asked to stop filming...) occurs?
What the officer claimed was pure baloney, and was threatening behaviour. This is not going to stop until people start quoting them their own rule book - and follow up abuse. Acquiescence or not following it up is asking for this abuse to continue. It is quite possible that officers get slowly coaxed into forgetting the rules so it's important that they are reminded, and that consequences result from not following them.
We need to leave the police to do their job - but it's important they exercise their powers in the manner agreed in law or they become thugs with a badge. That is disrespectful to those who put in the effort to do it right.
I *want* one, but ..
.. there will be hell to pay for anyone sneezing at it.
This may be the best thing yet to buzz my cat - I just need to get a cat first.. The goldfish won't care, I think, unless I can get it to hover long enough to make the water turn with the turbulence.
Echos of Black Adder :-)
Yup, I agree with the "industrial grade stupid" - a bit like voting New Labour. I have a bit of a problem with working out how *anyone* in the possession of more than one functional brain cell could consider this funny, unless they were smoking something weird as well. I quote a good bit of advice I recall from somewhere: "stand somewhere really cold so your head shrinks, allowing the two remaining brain cells in there to touch each other and communicate".
You could say they have done the equivalent of a Ratners..
Enfin, it validates my decision to eat better food, I haven't been in any chain restaurant for about 5 years now (although I hear the McDonalds fries call me every time I pass :-).
The good news is that this stupidity reminded me of the last Black Adder ("goes forth") series where Baldwick provides "coffee" to Captain Darling. Ah, quality..
@ Which idiot
"muscles and blood vessels - they cannot be fractured"
Oh yes they can. Ever heard of the word "rupture"?
Otherwise, feel free to try, just don't pretend you weren't warned.
How the hell do some people come up with these ideas? Smoking pot? Bad beer? At least this idiocy seems to have the potential for an automatic, Darwin driven end.
Sigh - apples and pears
I'm getting a bit tired of this, because it confuses the heck out of those who lack the skills to understand the difference between a drive-by infection and one you have to work for.
Sure, every platform has vulnerabilities, but AFAIK it's only Windows who can get infected by visiting websites with malfomed URLs, or by the simple fact of receiving an email. It's also only Microsoft code where it has taken until Office 2007 to get a feature in Outlook where you could check the difference between a URL (www.mybank.com) and the underlying REAL target (zap.somedodgysite.org/fakebank/hack_this_sucker.php).
The facts remain simple: it takes a lot of effort to infect either OSX, Linus or *BSD platform but it's not impossible, it remains, however, absolutely trivial to do so on any Windows platform except for the platform which nobody uses because it's crap (Vista). But it will, of course, allow MS marketing and fanboys to crow "Linux is vulnerable too".
So, no real news here. Yawn.
@ on the other hand
On the other hand, they *may* just have heard about the current quality of the NHS and decided to not take chances. BTW; good advice about washing your hands after you have been out - it's the simplest way to protect against flu. Also worth remembering NOT to rub your eyes with unclean hands..
This may be a good time to remind you of a ticking time bomb: bird flu - that's when you will HAVE to wear a mask. It's not an "if" issue, it's more a "when".
Where I live we're pretty much ready for it. Supermarkets have introduced face masks into their shelf supplies, even complete "kits" for epidemics (containing gloves, masks and anti-sceptic wipes) and on top of that I have organised TamiFlu.
In short, not only am *I* organised, the whole distribution chain is ready to supply when the problems start - and they will. It's just a matter of time. Any idea how ready the UK is?
This is the ONLY app I'd need from Open Source
An API compliant Outlook replacement.
The very moment someone comes up with something that is API compliant so mobile phone code will play with it and access to decent calendaring resources the game is over for MS. Until that time they have pretty much free reign amongst execs.
And *please* don't mention Evolution, because it isn't.
They simply have to undo the 2007 mess..
If MS would undo the unholy mess they made of the UI with 2007 that would certainly offer a productivity gain. I have never had to look so often for the most basic functions in my life, and adding an online facility to the help means you suffer the google effect on top: 30 answers offering everything including video sessions, but NOT the information you need.
So, I think their claim of "improved" productivity may need adjusting, it will be more "returning the productivity we nuked" - in other words, nothing has changed.
The best solution is thus not to upgrade from Office 2003. A bit like sticking with XP..
Meanwhile, OpenOffice keeps getting better, and is standards compliant with EU directives. Hmmm..
@ The Met
Yes, but a USB stick is easier to insert where it belongs.
I would not trust any forensic tool unless it has been subjected to formal, published analysis, and neither should a court. For all you know it allows INSERTION of "evidence", or will compromise information integrity rendering it useless.
Call it "president Bush lost email" mode, that gives you an idea.
Fascinating detail: in almost 2 decades of operation, Microsoft has not managed to inspire trust in what it supplies ONCE. So, my apologies, but I can't trust such tools either so I look forward to the first cases brought with evidence so generated. It may be laughed out of court.