336 posts • joined Wednesday 10th June 2009 17:08 GMT
Remember to pack the factor 1E6
> the possibility that [Europa] could one day be inhabited by humans
Yeah, in a situation where charged particles are zipping around fast enough to ionise water... No. It's not going to be a holiday destination with a radiation environment like that.
I truly would love to know what's under that ice crust, but I guess a manned mission is out of the question.
Re: Linux Eats Security?
> Sometimes those "members" are anonymous
No, I don't think so. They might conceivably be pseudonymous to the general public (I haven't checked), but I'm pretty sure that Linus doesn't give commit rights to truly anonymous entities.
> Where is the guarantee that backdoor code has not been snuck into all versions of Linux??
The code is reviewed by multiple different eyeballs, including Linus' or his decidedly-not-anonymous lieutenants', before it makes it into the released codebase. The trust that you may place in them is as good a guarantee as you're going to get, unless you read the code yourself. This is the advantage of the bazaar over the cathedral.
OT: the small number affected/effected
Affect is almost always a verb, Effect is almost always a noun. So something affected is being influenced: "This model of router is affected by the problem", whereas something effected is being brought into being; it's a result: "The fix was effected by applying the firmware update".
Hope that helps.
Re the definition of a species
Fuzzy boundaries; true. When I learned zoology, this gentleman told us that a species is whatever a good taxonomist says it is :-)
If one accepts the shared heritage of H. sapiens and H. neanderthalensis (and I do), then they must have a common ancestor. This seems such an obvious observation that it's hardly worth making, except when you consider that amongst the immediate children of that common ancestor, a real living pair of siblings, there was one who went on to be the ancestor of us, and his/her brother/sister went on to be the ancestor of neanderthals. The same argument goes for humans and gorillas, or goldfish and goldfinches. Weird, innit?
(I am indebted to Prof. Richard Dawkins for this insight).
Interbreeding and species
> they were a seperate species, interbreeding did happen though
This is oxymoronic. To a good first approximation, the definition of a species divide is that (fertile) interbreeding does not occur across the boundary. This is usually due either to biological features of the organisms, or geographical distribution. If H. neanderthalensis and H. sapiens shared a habitat and interbred to produce fertile offspring, then by definition they weren't separate species.
Re: In Oliver Postgate's own words.
Thank you. I hope the BBC execs have read that!
It helps if you can read it so that you can mentally hear Oliver Postgate's incomparable vocal delivery. They may be able to create new Clangers programmes, but I seriously doubt that they can find someone with the perfect voice to narrate them.
Postgate, David Davis, Alistair Cooke, ... is it my imagination, or are there fewer great voices these days?
Named after his dad
Nope, that's been going on for centuries in England. Having researched my own family fairly thoroughly, I can attest that it's a great source of confusion. I have one branch where four successive generations of men carried the same name. The use of a roman numeral suffix is a peculiarly American thing, though, I believe.
Re: How long does it take?
Looking at the D-Link download page, there are firmware images already available for models DIR-m, where m > 300.
The backdoor was apparently in the v 1.01 firmware of my D-615, which I have just upgraded to v4.14 from an image made in April 2013. I suspect that the backdoor made it into production in v1.01 by mistake, and that subsequent updates were made from a 'clean' source.
In a novel touch, there is now (optionally) a CAPTCHA-style verification for a login to the GUI interface, in addition to the password.
That would be open source, then
> The verification process needs to be open to peer review and there needs to be a simple mechanism for users to check that what they install is what got verified
You just summarised the raison d'etre for open source software (or firmware). If you have a verified copy of peer-reviewed source code [md5sum?], and if you compile it with a compiler you trust, and if you install the object code, then you have "verified backdoor free software" on your device.
The peer review is clearly the bit that can't be glossed over, though, as we saw in the story about the 'uid = 0' clause in a repository version of Linux's wait4 code.
Re: Yet uses Google to his Advantage...
Really? So I could go and check my website logs, determine the GoogleBot's user agent string, and then set up a browser to hop over The Sun's paywall? I'd do it for fun, only I'm damn sure I wouldn't find anything on the other side that makes it worth the effort.
Alas, thou art Anonymous, and I may not forward thee an invitation to join the Society for the Re-introduction of the Diphthong (which now that the tyranny of ASCII recedeth, mayhap have a glimmer of success). Wikipædia, thy turn will come!
Paper aircraft not released in atmosphere?
Whose idea was it to put a bit of folded paper to flap about between the camera and the main point of the mission, then? I see it was still attached on return to terra firma, too.
However, I shouldn't gripe, I'll start to sound like a helium-conserver :)
Cripes, guys. You're punting points of view that are exactly the legal topic which the FOI request was directed at. Has a lawyer advised Mr Salmond that the Ejit is right, or has he advised differently?
It appears that Mr Salmond forgot to ask, but the fact remains that WE DON'T KNOW. Clearly you two know what you'd like the answer to be, but that's not the same thing.
Re: Uninformed AC, again
> You've TOTALLY missed the point
No, I TOTALLY missed the point that you made, but that the Uninformed AC didn't make. It was alleging that there was a choice between regedit and a "prehistoric text editor", which is a false dichotomy.
You're quite correct, working through a human-readable *nix configuration file is nowhere comparable to regedit. Many of us prefer the former, for arguable reasons, but "prehistoric editors" don't, or shouldn't, come into those arguments.
Uninformed AC, again
Don't use a freaking prehistoric editor, then. Nobody is telling you you have to use edlin on a real Teletype, for chrissakes. Kate (the KDE Advanced Text Editor) supports every editor function I could conceivably want, and syntax highlighting for 226 languages and file formats. When your naive user starts it up, it will behave very much like Notepad for him, but the power is certainly there. For £0.00 outlay, incidentally.
I was intrigued by your comment, and wish to subscribe ^W ^W ^W Hold it! I went to the link you almost provided, and Secunia says
<quote>PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another</quote>. Then they go on to give reasons why you shouldn't do what you just did, including:
<quote>It should also be noted that some operating systems (e.g. certain Linux distributions) bundle together a large number of software packages, and are therefore affected by vulnerabilities, which do not affect other operating systems (e.g. Microsoft Windows) that don't bundle together a similar amount of software packages.</quote>.
Outside a GUI
Well, that's hardly a fair comparison, is it? Try doing *anything* outside a GUI with vanilla recent Windows versions. There isn't an outside for you to visit. There's an emulator pretending to be a 1980's DOS session, and that's it. Every Linux distribution I've ever used supports a terminal emulator in the GUI, and the massive advantage is that you can give people exact and precise instructions to fix a problem, without having all this "click on the little yellow square to the right of the left pane on the right side" nonsense.
If you really want to fiddle with the insides of a Windows 7 install (I have no experience of 8, so won't assume anything) you have to get down and dirty with registry hacks, with downloading special uninstallers for bits that don't work, with worrying about which updates have been applied; it's a nightmare. When "it just works", that's fine. When a KDE/GNU/Linux distribution "just works", it's fine, but in my experience fixing the latter when something is wrong is MUCH easier. There are meaningful log files, masses of documentation, and a high standard of user support. This is not the case with Windows, where there is masses of advice, certainly, but only from people who have made something work and have no idea why. A relative's Win7 machine has resolutely failed to install a service pack for more than a year, now. Some voodoo about a corrupted language pack, or something, is the best I can infer. Nothing works, everyone advises "why don't you reinstall?" Whereas I've got a Linux distribution here that installed onto an empty machine in twenty minutes flat, and would certainly just go on functioning in any small business setting where people need a PC to work and don't fiddle with computers. It hasn't been switched off for almost two years, and only gets rebooted when there is a kernel upgrade. Then it cycles in about 100 seconds.
I'm bored with this "Linux sucks on the desktop" reflux. Evidence clearly shows it just doesn't. I suspect it's regurgitated often by people who haven't tried it, and are frightened of doing so.
Re: Move along, nothing to see here!
OK, own up, who sent HI'); DROP TABLE waypoints;-- ?
The death of civilization as we know it is clearly foretold...
Whom, dear boy. Who is scared of whom?.
re Technically a planet?
Sorry, mate, you got drowned in memes again. FWIW, planet is from the Greek for 'wanderer', and this one is surely wandering!
Re: google at -28...
D'oh, there goes the career as a photographic intelligence analyst. Switch to Map view, and you'll see that it's marked as railway line. Or railroad, depending on your preference.
Sheesh, Juno is going to make a screeching handbrake turn somewhere above northern Chile!
I'm trying to visualize this in glorious 3-D, complete with Juno's (presumably hyperbolic) trajectory, Earth's orbital motion and rotation, and I'm totally failing! (That bit isn't the joke that the icon refers to, BTW)
... just because you can pick 'em, doesn't mean that it's legal to possess 'em.
"Under Clause 21 of the Drugs Act 2005, it is now an offence to import, export, produce, supply, possess or possess with intent to supply magic mushrooms, including in the form of grow kits."
Step away from the downvote arrow, now. I'm just telling it like it is.
Re: But we already have a secure, decentralised NSA-annoying program.
<quote>RetroShare is a cross-platform private p2p sharing program. It lets you share securely your friends, using a web-of-trust to authenticate peers and OpenSSL to encrypt all communication</quote>
If I remember correctly, there is concern that SSL is not secure from attacks by the three- (and four-) letter agencies. The BitSync application uses AES256. I'm not a crypto expert, though, just sayin' that the two aren't exactly equivalent.
Re: We've already migrated to Windows 7, however ...
No local data storage. Check. Correct.
However, this leads to the question: why are we running a full-fat Windows client machine, when (perhaps) we could get by with something slimmer running Remote Desktop Protocol? I expect that as Christoph says, some organisations will think of shifting to Linux (KDE wouldn't be a huge transition for XP users), and others may think of re-engineering to use thin clients.
Re: Here's A Crazy Idea @MrXavia
> there are plenty of valid reasons...
Nope, I disagree. For *critical infrastructure*, if it needs monitoring, then put an authorised and trained human adjacent to it in order to monitor it. Or an untrained man and a dog. The man watches the monitors, and the dog bites the man if he tries to touch anything ...
Good points, thank you. I concentrated on CPUs, because the article is headlined "... vPro CPUs"
Not the worst that could happen...?
> if you leave a PC or such a machine lying around while logged into the Play store, some wag can sneak over and now kick you out of your gadget ^W^W^W^W^W^W spend a metric shedload of money on apps that you didn't want. FTFY.
The first fifty-odd 'top paid' Android apps on the UK edition of the Play Store have a median price of £2.09. Some are up around the twenty quid mark. (c) Dept. of Pointless Statistics.
If the 3G circuitry is going to operate to fulfil the Evil Purposes outlined, it must be self-sufficient, i.e. not rely on any features of whatever motherboard it's plugged into. I don't know how long it is since Jim Stone looked inside a PC, but typically the CPU is covered with a freaking great heatsink, and enclosed in RF shielding that would make it next to impossible to get reliable signals in or out, let alone wake up my hard disk and wire details back to the NSA.
Generated a lot of indignation hereabouts, though. I checked the calendar to see if April had arrived without warning.
Pseudorandom != unbiased
Surely, in the case you present, the *sequence*, e.g. HTHHTHTTTH.... is random, but the *probability* of the next toss being H or T is slightly biased. The point about a pseudorandom generator algorithm is that it's entirely and absolutely predictable. If you set up two, side by side with the same starting parameters, they'll produce exactly the same sequence which however looks (more or less) random.
That's not the case with the Euro coins. Even in a high-precision coin-tossing machine in a vacuum (patent pending) the sequence is going to vary based on unpredictable (read: random) variables.
Re: Gchq has 3 disclosed locations?
Reminds me of one of my favourite road signs. [maps.google.co.uk]
Visitors are permitted entry. I don't know about exit
Re: The assumption here
There's an issue with data protection, as TFA alludes to. If an independent Scotland is outside both the EEA and the EU, then the Data Protection Act puts it, literally, beyond the pale for personal information belonging to rUK citizens , and such info currently held north of the border would have to be repatriated, pronto. If I was a Data Protection Compliance wonk, I'd think that it wasn't too soon to be making contingency plans. Saying "it'll never happen" won't be acceptable. Look at all the bloody effort we put into proving Y2K compliance.
 That's a simplification, but not wrong
Re: The way I see it...
> Great Britain would go ...
I see what you're getting at, but Great Britain is a geographical entity, rather than a political one. Great Britain is just the largest of the British Isles. Ireland (island of) is the second largest, and then there's a great many more: Wight, Man, Anglesey, Skye etc. You get the picture. So Great Britain will be around for geological ages.
Which makes me think, what about Rockall, then? It's been declared UK territory, but is it Scottish, or not?
KitKat chocolate: talking tech
This is a tech site, innit? The issue for manufacturers of chocolate-coated biscuits is that the characteristics of a chocolate that works for a bar are different to those that work for enrobing or moulding. If you've ever scoffed your kids' moulded easter eggs (... what?) you'll know that the texture isn't a bit the same as that of a decent-quality bar. During a visit to the RM site in York during the mid-seventies we were given a piece of the KitKat mix to try, and trust me, it really needs the biscuit in the middle to make it palatable. The mouthfeel of chocolate accounts for a lot of its appeal, and that depends on many different factors, especially the fats and oils that are used to supplement or replace the cocoa butter. The chocolatier needs artistry as well as technique.
The Jester twitter links...
... are currently 404 (or the twequivalent): "Sorry, that page doesn’t exist!"
Matching the notes
Ah, the notes to be played were illustrated in one of the books in the library. No substitute for sitting down and reading through them! (Can you tell I used to work in a library?). The rocket ship was the first way we got off Myst Island: the dismay at not being able to get back is still fresh in my mind!
Guessing and deducing
Ah, you know you're getting old when the Antique Codeshow starts featuring your favourites.
I got Myst to go with my top-of-the-line Gateway 2000 486dx  complete with CD-ROM drive, in 1994. I didn't stumble around guessing, though. I and my daughter (aged 12 at the time) tackled the MYSTery collaboratively in shortish sessions over many weeks, and in my bookshelf is the school exercise book in which we kept a journal and notes as to what we had found. We always approached the puzzles as a sort of cryptography crack - the premise was that the solutions were all there to protect the MYST books from casual exposure. Looking at the journal, I can see the little pencil-drawn icons she devised to notate the sounds from the Selenitic Age. Later, we approached Riven in the same way, and playing two-up like that was some of the best fun I ever had with a computer. I was sorry to see Cyan fold in the end; if there's anything new which echoes that sort of game-play with that sort of immersive depth, I'm unaware of it.
 OT PS I am typing this on the AnyKey keyboard that came with that computer: the only surviving component!
> Yay! I'm not the only one :-D
E492: Not an editor command: -D
Leaving n-factor authentication aside for a moment...
... let's look at how unsafe Dropbox is following these revelations. As pointed out by El Reg, to get the stored secret that enables decryption, the attacker has to have physical access to the machine which is registered with Dropbox. At that point, instead of injecting code and whatever, wouldn't it be easier to do
$ cp -a ~/Dropbox /media/SwagDevice && umount /media/SwagDevice
and run away before the victim returns to the keyboard?
IMO, the real reason you wouldn't rely on Dropbox for important security is that the cloud storage end is not proven to be hard enough. I put the same things into Dropbox that I send via gmail or blueyonder, i.e. nothing that I would be too distressed to see published.
Re: The Flight of the Cybearg
I don't know about blowing raspberries, but in that first picture B.B. appears to be pissing himself. This is either because he is anticipating the flight, or he can see some web-cam-fitting bastard approaching with a scalpel...
Re: Just trash it all
> They found the bug and destroyed it
"The People's History Museum holds the Communist Party picture collection and CPGB artefacts and ephemera including a bug planted by MI5 at the CPGB's headquarters." [emphasis added]
Re: FOI (in So what's changed?)
I hope that you don't mean you think that FOI responses *shouldn't* be published? After all, the public body has just responded to a *freedom* of information request; how would restricting that freedom by giving the requester some sort of monopoly on the knowledge serve the public good? I can see how the requester might *want* that monopoly, but he/she shouldn't be granted it, IMO.
[Hmm. El Reg's typeface is a bit misleading. If you're copying with the keyboard (why?) that rectangle following 'departments' is a pair of square brackets.]
> Apple has hired a healthy living guru
So much more useful than an unhealthy dead one.
Re: Bryant Salts What if...
@ Matt Bryant
That all reads as pretty frothy from here.
> The police can stop you under any pretence they like ...
And you don't see any problem with that? Very illuminating.
The Official Secrets Act 1989, with which I am quite familiar, is online at http://www.legislation.gov.uk/ukpga/1989/6/contents. The only offence which Mr Miranda might have been suspected of would be under S.9:
Where a person has in his possession or under his control any document or other article which it would be an offence under section 6 above for him to disclose without lawful authority, he is guilty of an offence if he fails to comply with an official direction for its return or disposal.
The "official direction for its return or disposal" would seem to have to come first.
As for your folk-wisdom "ignorance is no defence", there are several defences based on not knowing what is in a document written into the plain language of the Act.
Anyway, none of this is remotely terrorism related, and you won't convince me otherwise.
Re: Salts What if...
Matt Bryant frothed:
>if you are suspected of carrying stolen documents in breach of the Official Secrets Act then you will be stopped, interviewed and your possessions searched
They would have to be documents carrying UK protective markings. Official Secrets are official to the UK. There can have been no genuine thought that this was the case, because was David Miranda cautioned that he was suspected of Official Secrets violations? No. He was detained under *terrorism* legislation, interrogated about his contacts, and deprived of his property.
What duty would that be?
> I think it would a dereliction of duty if you were not to investigate what David Miranda was bringing across the border
First of all, and most obviously, David Miranda was not looking to bring anything across our borders. He was in transit from Berlin to Rio de Janiero.
Next, just whose duty would have been in dereliction if his belongings were not investigated? As far as I know, there is no such duty. Which laws (UK laws, now) were in danger of being broken, even if Mr Miranda was carrying a copy of every bit of information that Edward Snowden purloined from a United States intelligence agency?
Re: I wonder if...
I suspect he was not read any rights. I'm sufficiently angry that I haven't looked any of this up, but AIUI one has to be cautioned before being placed under arrest. Section 7 of the Terrorism Act under which Mr Miranda was detained didn't need him to be arrested (and he wasn't), and it makes it an offence not to cooperate with the interrogation, so one has no right to remain silent.
Heathrow likes to think that it is the hub destination of choice for international, maybe particularly transatlantic, journeys into and out of the UK and Western Europe. If I was managing competing airports, I'd be asking for permission to put Miranda's image on my advertising. Certainly there will be many who would like to avoid Heathrow if they could. Good news: we may not need that extra runway, Boris.
Rain - n., wet stuff that falls out of the sky. Hence vt. to rain (usu. down) upon something
Reign - vt., to rule over e.g. a kingdom or empire. Hence "a reign of terror", etc.
Rein - n., a piece of horse-harness, attached to the bit. Hence "rein in", i.e. to limit movement or freedom of action.
I've lost count of how many times I have seen these three confused.
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Special Report How Britain could have invented the iPhone: And how the Quangocracy cocked it up
- Analysis Microsoft's licence riddles give Linux and pals a free ride to virtual domination
- Massive! Yahoo! Mail! outage! going! on! FOURTH! straight! day!
- Bring it on, stream biz Aereo tells TV barons – see you in Supreme Court