1061 posts • joined 12 Jun 2009
You store your lizard-based blueprints for your galactic-domination army on a convenient planet, but when you come back in 65 million years you find:
Why is there a mammoth carcass in the storeroom?
Don't worry, it's just the archive storage, I'll need your help tomorrow when we make a copy and take it off-site.
Bring a warm coat, and a map of the tundra.
@FartingHippo - I'd agree with your counter-arguments, but I was talking about a laptop in the real world. Password strength isn't mandatory, it's at the discretion of the owner, who has just been told by the salesperson how fantastic the fingerprint scanning is. Vein scanners might be better, how many have you seen on laptops?
You're thankful that bolt-cutters would be the only realistic alternative for a crook? What do you keep on your laptop! I think passwords offer more flexibility against this level of attack. You can choose your level of resistance, based on the value of the protected data, and your assessment of the attacker... you can give up the password at any stage from "calling you rude names" to "here come the bolt-cutters" or beyond. As an additional advantage, you get to avoid the punishment by giving in. With a fingerprint scanner, the crook's fastest, easiest option is the bolt-cutters, so you loose the finger AND the data.
Sorry, that's getting away from the real world again. For most laptop buyers, a fingerprint scanner is a convenience for people who forget their password a lot, is likely to be used with a weak password backup, and a crook will either be stealing it for the hardware value, or will take the disc out to access the data direct because there's no full disc encryption.
So, a laptop with a fingerprint scanner is less secure than one with just a password. The attacher can choose which method to attack, there is no protection from a poor password AND there is the opportunity to try a gummy finger cast or other false fingerprint method.
Making biometrics mandatory for all forms of password submission would be so bad. Don't get me wrong, biometrics is a useful form of authentication when used correctly. I've got an ID card with my thumbprint stored, and I can leave the country through an automatic gate by presenting it and my thumb. Very convenient. However, the gate is at a manned checkpoint. Someone with a fake thumb, or who tries to take the gate apart will be caught. Most places we use passwords do not have that sort of protection, so you cannot trust that the biometric reader is reporting correctly. For website authentication, the website owner doesn't even own the reader, so there is no control. BYOD is making the same true for office computing.
Salting and stronger hashes only protect users who choose strong passwords, starting an arms race is only marginally effective when so many users choose "password1" or "secret"
We need to move to PKI, then there is no problem with using the same certificate for multiple websites (or whatever) because the private key is never disclosed.
Re: if you want to lose weight
I think it was H G Wells, and he wore a lead belt and other weighty accessories to appear normal.
Re: Space is big.
So he has returned to his original profession, though apparently not his partnership with Hotblack.
I think my kids will begin lobbying for emigration to Sweden.
Never heard of a Faraday Bag?
The one with the mesh-lined pockets, please.
"Hang on, I thought we were first?" Re: How old is the star?
@toof4st - that sounds like the abandoned first draft of 2001 - A Space Odyssey . An ancient, mysterious technological artefact is found on the moon, it does nothing when discovered because it was created by an entirely extinct species, and nothing happens for the remainder of the film (in the book, an insane AI deletes all the research papers based on the artefact, because of a numeric overflow in the dates).
Re: How old is the star?
"would have left an indelible mark somewhere" - really? The chances of an individual becoming fossilised are generally pretty small, and the same would be true of most of our technology. That iron oxide stain next to your newly discovered velociraptor fossil? Maybe it was driving a car. Maybe a large building could survive, but the Lighthouse of Alexandria didn't, and the Pyramids are looking a bit tatty after only a few thousand years. You could easily miss them if you're not looking in the right place.
Isn't Cthulhu a Monsanto product?
Re: Free as in "complimentary for paying customers"
I'd get you a pint, but I don't know who to give it to, your details are false...
Re: Oddly enough...
How private is a Twitter direct message? I don't think I'd want to rely on it for any communication I seriously needed to stay private. Unless it is end-to-end encrypted, it's like sending a postcard - probably no-one will bother to look.
Sorry, I should have added a "Joke Alert" to my second paragraph.
Who says the van is arriving from China? I'm sure Bradley Manning can explain how transferring documents, even in a private message, can get you into trouble in many places.
OK, that's a big jump, from a private tweet to loads of secret documents, but I think there is a continuous range. Whenever people do things online, they must consider the wider consequences, whether that is not getting a job interview because of student party photos, or getting arrested for treason, or finding disturbing "targeted advertising" appearing. When you post a private message in twitter, you are trusting that they actually follow their own privacy rules; they don't screw up; the company that buys them in 10 years doesn't decide to misuse the data; and so on...
Society depends on trust. The internet is changing trust in non-obvious ways. People need to be aware of that.
Re: Oddly enough...
Why would anyone worry about being monitored while micro-blogging? It's a public forum where you EXPECT people to listen to you! Next you'll be saying intelligence agencies shouldn't buy newspapers.
Though it'd be nice if they would actually be open about doing it... great for one-upping your friends, "I'm being followed by MOSSAD", "So what, I'm being followed by FSB and CIA".
There's a big difference between monitoring a public forum and the, sometimes related, arrival of an unmarked van in the middle of the night to take you on an unexpected holiday at a re-education camp (though China might be getting rid of re-education camps this year).
OK, the power cable might be a bit limiting, but plenty of scope for in-the-heat-of the-moment manslaughter, or meticulously pre-planned homicide.
Also an open invitation to Darwin awards for anyone close enough ("it really warms you up if you stand here").
Now, who do you buy network monitoring gear from? qui custodit custodes
But, overall I think they'll have a hard time finding a supplier that isn't owned by and doesn't employ citizens from all countries they might have a bit of a disagreement with during the lifetime of the kit.
If they are going to be properly paranoid, they should keep quiet about their suspicions, buy the kit, reverse engineer it, find the backdoors and use them for feeding disinformation.
Re: A question to hackers or security people
"Full control" means administrator-level access, so, yes, they could launch an RDP session if they wanted to. I recall the old Back Orifice party trick... you could remotely eject the CD tray, great for awareness raising, not much use for a criminal.
Typically, an attacker would try to be unobtrusive, and would install something to further their ultimate purpose. If the attack can be automated, then it will be used in drive-by attacks to install botnet software for later sale as DoS or spamming zombies; if the attack is more involved, then maybe used in targeted attacks on high-value victims for installing keyloggers; or capturing webcam images for extortion; the possibilities are endless.
Is anyone else thinking this might be an inside job? Fraudsters pay off employee, who either has another job lined up, or plans to let a colleague take the fall. The alternative is that fraudsters are routinely checking the certificates on every SSL website in the hope that one day a CA will make this serious blunder and they will be able to find a way to steal the key from the cert holder. Sure, they can automate the search, but why wait for a blunder when you can pay for one?
Secondly, are the fraudsters now kicking themselves for issuing a fake "*.google.com" cert? They could have kept themselves busy and well-funded on dozens of low-profile domain certs, maybe some obscure badly-run banks, but they got greedy and went for the big one.
Re: "...damped by gravity..." ???
I don't know...
but it occurs to me that a string in gravity will always have a slight distortion downwards, so the forces on different parts of the string will be different. The ends will be under higher tension than the middle, because they are supporting the weight of the middle, changing how the string propagates the wave.
Take a skipping rope - held slack, it is difficult to get a (low frequency) wave from one end to the other. Pull it taught, and it can be plucked. Now, imagine a slack skipping rope extended until the tension at the ends from the weight is the same as the original taught skipping rope (yes, this is a very long rope). You can pluck one end, and the wave will propagate until it approaches the middle, where the tension is insufficient. The guitar string is a much less pronounced example of this effect.
To put it another way, the difference in tension is an impedance difference to the wave, and causes attenuation in the string affected by gravity.
Uh - does that sound right? Can I have this icon with a question-mark, meaning technical, and quite possibly bovine excrement?
I've gone all nostalgic
It all comes back to me, the darkened sitting room, the awkward erection of the screen, fiddling with the projector, the focus all wrong... corrected. The satisfying clicks as the changer inserts each new slide on the click of the remote control (well.. the control on a 6 foot grey cable), the frustration of the big carousel jamming.
The joys of youth. Yes, the specs are rose-tinted.
Full disclosure: I sell anti-virus software and do a little research on viruses and related security areas.
I was surprised at the small sample set Imperva used - just 82 samples, collected from honey pots, google and hacker forums. Can this really reflect on effectiveness against the millions of malware samples known to exist?
In comparison, AV-Test uses two test sets in its Protection tests:
* All malicious files they discovered in the last 6 - 8 weeks: around 100,000 – 150,000 files.
* Extremely widespread malicious files they discovered in the last 6 – 8 weeks: around 2,000 – 2,500 files.
Looking at the full study, there is another surprise - Imperva do not do their own testing, they threw the samples at VirusTotal. VirusTotal is a useful website, but they are quite explicit that it is unsuitable for product testing. Imperva takes the short form of VirusTotal's advice, "not designed as a tool to perform antivirus comparative analyses", and counter it in their 'Limitations' section saying that they are not doing a comparison. They ignore the longer advice, that details why VirusTotal is unsuitable for both comparative and effectiveness testing.
Anti-virus testing is notoriously difficult, and competent researchers put a lot of work into making sure they use methodologies that will produce relevant, reliable results. Did Imperva?
Re: Obligatory XKCD cartoon...
I hope you realise that there's a badly-written "u", it should read, "Someone is wrung on the internet". It's a protest against unnecessary networking of laundries.
I'm waiting for the black LED
Black is cool, black is the future. "Every time I press this black button on a black background, a black light lights up black to tell me I've done it!" (Thanks, Douglas)
Possibly recovered - if you happen to know someone who enjoyed doing those really large jigsaw puzzles, with names like "The World's Largest Jigsaw Puzzle" where all the pieces look the same. A moderately large, moderately fragmented disc with the File Table missing would be an excellent Christmas present for them.
Personally, I'd recommend imaging the disc and restoring from backup...
Only 25 years?
I'll swear I once saw a module in CPAN called Universe, the new method took arguments c, G, h, ε0, e and a boolean value for evolution. There was a warning that memory requirements often grew quickly.
Re: Seems overcomplicated
So Wile E Coyote has a very low spring constant?
It has a "resemblance to the river Nile"? Sure, but if they turn the photo 90° clockwise, it's the spitting image of the Amazon.
But the gravity version is more portable than the spring version. You don't have to carry the weight around, you fill up the bag with soil, gravel, shrapnel or whatever else is around when you use it. The two are both useful in different circumstances.
The choice is...
running round like a blue-arsed fly, fielding calls from your users and trying to get answers from your outsourcer about what happened and when it will be fixed
running round like a blue-arsed fly, fielding calls from your users and trying to identify what died and fix it.
Re: All we need are some inbred cannibals living at down that road and we've got a B-movie!
What a coincidence, so am I. If you come to these coordinates, I'm sure you can make a contribution. The cast tells me they are looking forward to having you for dinner.
You didn't start on the 4040, like me? To be fair, mine was a plastic DIP package, but the IO chip was ceramic.
I never tried running a *nix on it, and, IIRC, Linux never supported the 286 or earlier.
I only switched off my last 386SX in 2010, though that was running DOS.
Re: The Google DeLorean hits 88mph to visit Jamestown, NZ
It's a sad day... nothing but a marker on a featureless shore when I looked.
Does Google monitor the Reg. forum for urgent map updates?
Re: I'm sorry
No, I don't think the deceased need, or would use, 999 texts...
Or did you mean deaf?
Do I detect a hint of hyperbole and sarcasm?
0.8 million years... that's a relief. Someone else can worry about the USA taking "friendly fire" to a whole new level.
New Reg unit?
So what is the life expectancy of a snowflake in a blast furnace?
And, as a civvie, I'd like clarification of why is 40 knots at low altitude on a battlefield so dangerous? Is it that fleshy pilots hit the hills, or because enemy squaddies complain that their target practice is too easy?
A true genius.
post a picture of said car/bike/moped on FB. Or your brother does...
hum from the fluorescent tubes?
So either the researcher hasn't noticed the electronic high-frequency ballasts (standard in T5 fluorescents) that have been available at retail for a decade or he's a bat. They're more efficient, and don't produce sound a human can hear.
The choice of fluorescent colour-temperatures available has increased as well. Complaints about 'light X' bothering people's eyes is very subjective. I suspect that some of it is due to poor installation design. A bright light at the edge of my field of view bothers me. I was in a theatre recently which had LED lights high above the stage, angled slightly towards the audience - very annoying.
Any research team announcing a radical new way of doing something will always compare it to the worst features of the old way, even when incremental improvements have eliminated them.
Yes, I'll take the shades.
Bloody OS designers...
calling everything "Personal" this and "My" that! Giving the users some strange idea that they have control, that it's theirs!! Making every support conversation even more confusing, or terribly long-winded and confusing!!! I'm the BOFH and all these are mine, mine, MINE, I TELL YOU, MINE!!!!
Sign... I feel a little better now.
Re: Wrong picture
Anakin, you beat me to it, the Qilin or Kirin only slightly resembles the western unicorn. But you could have mentioned the most likely place for this crowd to find one - on a bottle of beer:
Yes, illiad, very like a deer or antelope, if flames crawling over the body are normal for those species.
Can I borrow it?
For those, you know, baaaaad mornings.
Re: Ah, dirty dishes...
The essential first step of every recipe in student digs is to locate precisely the utensils you require in the pile of dirty stuff, and wash ONLY THEM. At the end of the meal, the kitchen has been returned to the base state, and, most importantly, you haven't done an unfair amount os washing up.
I don't have an overwhelming urge to accumulate junk...
It accumulates quite effortlessly.
Anyone need a drawer-full of mice, trackballs and other pointing devices? Almost all nearly working?
What I don't understand is where all the power strips go. I've bought enough to circle the globe, but can never find one when I need it.
Interspecies hybrids are generally sterile (that's pretty much the definition of a species), so either the hybrids are incredibly long-lived, or hybridisation events are continuing (to put it politely)!
The pre-emptive multitasking encouraged me to choose OS/2 Warp over Win95. The ability to open a DOS box and make a new connection to your Novell server was also very handy when an admin task [i.e. user needs a password reset] cropped up while you had lots of stuff open.
Eventually moved to NT4 when the ability to read incoming Office documents and handle Chinese forced the move.
Re: and no more secure then than today
Fabric ribbons didn't take a clear imprint, and were reused. It was the film ribbons that were use-once and a problem. I never saw a pre-electronic film ribbon, so I doubt your (a). (b) still stands.
But, they were more secure than today: no internet connection! If you wanted to eavesdrop, you had to BE there... in the office pilfering the ribbon, or in the bins, separating the carbon paper from someone's lunch wrapper.
In other news...
Chengdu cloud computing company goes bankrupt due to, "unexpectedly high staff bonuses and understaffing". The CFO said, "First it was stiff, then long. I would have noticed sooner, but I've been under a lot of pressure, handling personnel. Uh... that's stiff payments, long leave and personnel issues!".
Is that an employee handbook in your pocket or...
Proto-humans used special crossbows to fire stone-tipped spears into dead springboks... why?
Great technological development, but doesn't seem like a useful result.
Re: Prior art
The name was given by the human colonists, who knew something of their literary history.
- 'Windows 9' LEAK: Microsoft's playing catchup with Linux
- Infosec geniuses hack a Canon PRINTER and install DOOM
- Boffins say they've got Lithium batteries the wrong way around
- Game Theory Half a BILLION in the making: Bungie's Destiny reviewed
- Review A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND