So help me - what's the point of buying a Nokia if it isn't a Nokia?
549 posts • joined 16 Jun 2009
So help me - what's the point of buying a Nokia if it isn't a Nokia?
What a monumental waste of time, talent and dosh. Whatever the decision - does anybody seriously think it will make a figs worth of difference to people transcribing their CDs to some other medium?
We have gone past the point when musicians (or rather the conglomerates who have acquired the copyrights) can press for a levy on 'blank media'. What USB drives, phones, SSDs and spinning iron?
So why make a few lawyers even richer? I bet they rip too.
< Dusts down his Fortran IV subroutine libraries and unstructured GOTOs >
"Whilst I see your point I am also very aware that there are places in the world that don't have unlimited power and network bandwidth.
https is not the real problem to them. There are few sites where the western assumption of broadband access has not bloated pages with superfluous advertising, under compressed images, rolling videos and a cacophony of plugins, ccs files that grew, grew and grew and never pared back to what was only needed.
Is there an browser extension that will flag the total download size of a page with its supporting infrastructure?
https is a minor but a more useful load on the network - especially when operating across less than secure networks one may find in these places.
This is good. I do use StartSSL which is really just for the Nerdy. They both offer AFAIK the same level of protection between the browser and the server which means, in practice, that all those Wordpress logins and stuff are encrypted. So people like me can no longer sniff them on shared networks.
So GCHQ/NSA and top-notch gangs may be able to break/steal certificates and MITA targets. But no casual stuff. The weakness of Class 1 certificates is they do not prove that the domain link is 'authentic'. Never Knowingly Undertold JohnLevis.com will give a green padlock and still run off with your money.
How we develop and make people aware of the sliding scale of security they expect from their blog to their bank is the trick. Creating expectations to match the class of the certificate from a simple encrypted connection to a properly authenticated and verified source. Judging from the amount of green stuff in the URL bar of Chrome is not enough.
Affordable - as in affordable housing?
I misread it as meaning budget laptops and was expecting stuff in the £150-£250 range. There's good stuff there that will do general purpose computing adequately. Gaming or HD graphics is quite different - and, I assume still a niche market for the major manufacturers.
I remember when entry level laptops were 2 grand a throw (that was real money not todays devalued edition). Nevertheless I haven't paid this sort of money for years and I still have many machines over five years old still performing adequately. Just make sure they aren't trying to run Vista ;-)
"SNI support starts around where TLS 1.0 was supported (FF2, IE7 et al). It's ancient technology and every browser you care about supports it."
Thank you for correcting my dyslectic moment. Taxpayers are users not browsers. The majority in some demographics are still using non-SNI compliant browsers (notably XP/IE8). It may be because they are old, it may be that they are poor or just deaf but they are amongst the people most in need of government services. "Get a new browser" is not useful and many wouldn't even know what you are talking about.
Which means, to be on the safe side, if you attempting to offer a universal service you should not rely on SNI. That means an IP for every HTTPS host and one less for everybody else. Downvoting me for pointing out this awkward fact won't make it disappear.
The point is that what one wishes to keep private differs from person to person. So while some stuff should obviously be secure as you mention and some other doesn't - it saves having a department (with all its protocols, mission aims, HR policies and coffee machines) to decide on the stuff in the middle and coming up with enough inconsistencies to keep the El Reg journos in beer for the next decade.
Oh and some stuff which doesn't have, say, user interaction now may in the future and going from http to https is not always simple. So build it secure in the first place or when there is a major revision.
Does this assist the final exhausion of the US of A's IPv4 stock or (via SNA) disenfranchise the millions of XP/IE8 taxpayers who are unable or unwilling to upgrade or shall we be finally mandated into IPv6?
Might be good for all concerned if the Feds gave Let's Encrypt the certificate contract!
The surprise was not the breach but the size of the breach. And I am going to blame the victim if this resulted from a single breach. Breaches will always happen no matter how careful you are. The issue is to minimise the consequences of a breach. This, and the Sony experience, suggest that their data wasn't properly compartmentalised. The hackers once in just ran riot.
I know this is difficult if you are trying to run a universal emergency patient database - but an HR database? This needs to be soundly sandbagged. Makes it much harder for the hacker with multiple opportunities for early detection as the hacker attempts to search across boundaries.
Yep the Co-op bank got into a mess by not sticking to its roots as a non-high street bank but becoming overly ambitious as a high street bank with the ill conceived acquisition of Britannia and of the attempted acquisition of TSB and a massive failure in due diligence by another set of parasites.
The Co-op were not the cause of the banking meltdown. They had been delivering excellent service to us for over 50 years. So their/our reward is it is now in the hands of the very vultures that caused the crisis and our caring government appears to want to complete the process with a complete takeover by those too big to fail. Whose survival to extort more and clobber the competition was financed by us.
The irony, the irony. With current interest rates my mattress is becoming increasingly attractive ...
"Hate to break it to you, but No. Not even a significant chunk of the population is looking into encrypting their communications."
True, but there are a lot of us who are going to do it for them. All our websites & forums are going https (yes I know GCHQ can crack that but they but won't have the resources for routine mass surveillance). The majors have done it already.
Which leaves mainly email - our mailservers are encrypted and out of the uk. So, I guess are the major mass providers (GMail, Outlook etc) at the other end. Again can be read if 'of interest' to the government. But more difficult to screen routinely.
Which is what we want - for the rozzers to concentrate on real suspects, not go fishing around non-suspects.
"The documentation says you need a physical Windows 10 machine in order to get access to a card reader"
Seriously? I suppose they have entirely missed the Win32DiskImager in their halfassed attempt to push Win10.
Or this [drum roll]:
(My first job as a computer operator - correcting the mis-feeds)
in 1970 I climbed a mountain in South Wales. I got the greatest reward ever. As I stood on the peak two Vulcans in white livery flew up the valley and passed below me - presumably on low level training exercises. If you think the Vulcan looks good from underneath - you ain't seen it from above. So if there is a God, it will be a sad day for him/her too despite its intended payload.
Oh, and the memory of Concorde flying over my back garden on Heathrow approach each evening was always a pleasant pause in whatever one was doing to look up and showing that loud aircraft noise can sometimes be welcome. Aviation is just so boring these days.
Theresa May will next week introduce a bill into parliament to make turning to the right mandatory. Fuel duty will be abolished and a new bell tax will fill the funding gap. Lefties will have their rights removed and then be squashed. There, that's what you voted for ....
"Cyclists utter obsession with getting ahead of traffic at junctions does them no favours. It pisses off every other motorist and puts them in dangerous situations."
The whole point of commuting by bike is to get there faster. A bonus is it costs less, keeps you fit, causes less obstruction overall to motor vehicles and kills fewer people.
If I have to stay in line with cars (10x my width) then I might as well use my car. But if we all did this then the congestion would be much worse and you would be stuck fuming in your car for even longer. Who would you take out your frustration on then?
You have my sympathy - driving cars in cities today is bound to make you feel angry.
"Last year, not half a mile from my front door, an elderly pedestrian was knocked down and killed by a cyclist on the pavement."
That's one too many. Where was it?
To put it into context as a pedestrian - which we all are - there was one pedestrian death involving a cycle on the pavement or verge, whereas altogether, 34 pedestrians were killed on average each year by vehicles on pavements/verges.
Which fits my experience around here where I'm much more likely to encounter a car on the pavement than a bike. And we have a lot more cyclists than any other city bar Oxford or Cambridge. Whereas campaigns to protect pedestrians on pavements always focus on cyclists and ignore the much greater danger. Facts don't seem to matter.
"I'm more concerned about PM10s in London than about construction traffic. It's less visible and more deadly."
And apparently more dangerous if you are inside a vehicle creating even more than cycling alongside it. All to do with the re-circulation of air in a confined space.
"Not for one second am I belittling anyone's tragic death, but 20 in a year is tiny in comparison to deaths from other traffic accidents, obesity, smoking, alcoholism, cancer, well pretty much everything else you can think of."
Well that's a lot more than terrorism in the UK and look at the amount of money and police we are prepared to throw at preventing that.
But the greater issue is that it is this fear of cycling that is the greatest impediment to people who want to cycle to actually do it. Telling them that the risk is infinitely smaller than the life extending benefits doesn't really get through. Hence the obesity, the extra road blocking traffic and its easier to smoke in a car than on a bike.
The size of the problem is a benefit. Its a tiny fraction of drivers who can be targeted or re-incetivised to make much of the problem go away. It should be easier, cheaper, faster and much less disruptive than trying to change our road infrastructure, redesign vehicles or create an app.
Its a low cost per life saver - and shouldn't upset the 96% of drivers (and 80% of cyclists who are also drivers). So let's cool the anti-cyclist sentiment. One gets enough of it on the road no matter how well one tries to do the right thing.
"If cycling, don't try to get to the very front of a queue, hang 1 vehicle back, then you can see what is going on, and the driver, just may be able to see you."
Are you the guy who gave me my first downvote?
Instead of coming out with this - why not try and understand the real problem? Yes cyclists can be as stupid as anybody else but the killing is done mostly with one type of lorry operator. It isn't even the most challenging vehicles on the roads. Cyclists rarely have issues with the biggest supermarket artics. They are driven well and can even cope with the odd idiotic cyclist.
The not so stupid cyclist in London is very, very aware of the construction lorry issue. Its the one vehicle you give the maximum clearance possible. But the opposite is not true. Last week I had a skip lorry whizz past close with a heavy chain swinging in the breeze. It was pure luck it didn't take my head off.
The issue on cyclist deaths in London is a very specific one. Many (most) are caused by a tiny segment of the lorry trade. Specifically those in the construction business. This is believed to be largely caused by the business model. Many driver owned lorries being paid by the load.
Incentivised to cut corners - literally. But also in maintenance, insurance and licensing. Complemented by H&S saying its not their job to sort and the police choosing not to enforce the law, Some decent lorry operators have greatly reduced incidents through training. But this take time and money. Giving the pirates, the guys who kill, a greater advantage.
They are not going to buy this kit. Extra cuffs for the police may be a better investment.
CyanogenMod liberated my HP Touchpad. I had hoped they would be the end user's friend against the bloat, control and obsolescence that Samsung and others build into their phones and tablets.
My impression is that all this dosh hasn't got the latest Android on a wider range of devices. The new paymasters must presume its going to cost them less get Android tailored to their devices than employ their own teams. Is CM now just an outsourced contractor?
Is it only going to get worse? Lollipop for the Touchpad now comes from individual amateur enthusiasts. Bit like the old poor CyanogenMod.
"This affects the whole WordPress set-up and not just the Likely Lad cook?"
And not just Wordpress. It's likely this was backdoored via a third party theme or plugin. A number of vendors replicate them across the popular CMSs. its just that WP being the biggest is the most attractive target.
Frankly even good SysAdmins get caught. An issue is that we can't really share our defensive measures without giving them away to the enemy. So we roll our own and who can guarantee to do that perfectly?
What's unforgivable is not to have a recovery plan when (not if) it happens. The 5 week DEFRA downtime is really bad service. And I bet they paid a lot more to the contractors then did Mr Oliver who, from the report, got it sorted quickly.
Yep, another smart move by our brilliant lads to deceive the enemy by highlighting this decoy site to attract incoming when the balloon goes up.
The lack of any connectivity with civilisation or even Yorkshire gives it away. Shame on you Reg for publishing a picture of the real comms hub. Beer will be spilt!
"By migrating away from WordPress?"
Oh, how I wish.
Yes I've tried Drupal and Joomla but they just don't have the quantity and ease of off the peg plugins and templates. And with Joomla I've been bitten twice with security vulnerabilities which is one more than Wordpress which I use much, much more.
Still WP is a stinking pile of steaming sh^t. The rot starts not with the coders but with PHP. A true abortion we seemingly cannot escape.
- a retired cgi-bin Perl luvver <:-(
"But how can they patch when it's an unknown Vuln, by the looks of the article?"
You should be able to re-edit your login.php file and hopefully secure it. This may not stop re-infection but it means you can limp along with close vigilance until the backdoor is identified. Re-edit login.php from the command line not through wordpress - then change your login and password pdq.
Disable all other accounts and warn your users their passwords may be compromised.
"Eh? You've not needed a dedicated IP for SSL since SNI was invented about 10 years ago"
Except SNI will not work with IE8 and below on XP or less. Sadly they still form around 25% of our web traffic so we can't afford to lose/upset them. So most of our sites stay on http. What we need is an IE<9 killer. Or just an IE killer ;-)
Sounds wonderful - but only if (as a minimum) Firefox, Safari, IE & Spartan follow suit in recognising and enforcing the same meta command. Otherwise it may create more problems than it solves (especially for operators of forums where posters reference their own images).
The issue for us is we want to provide more secure websites than we have IPs.
No problem with SNI except for mostly the WinXP/IE fraternity. Use SNI and we screw them. Much as I would wish to - our clients don't fancy losing 16% of their users. And it is very variable depending on the demographic of the website. We have a few still getting 35%+ WinXP/IE.
Way to go yet I fear frustrating the upcoming salvation that is Let's Encrypt.
So i have some crime busting information or just want to look up who to contact?
As a geek I'll examine the certificate come to the same conclusion as El Reg and accept the warning and continue as normal. No problem. Meanwhile my well trained partner and 99% of humanity would see the danger warning and obey - retreating and not use the website for its purpose. That's the issue the Met has stuffed one of its lines of information - a less serious issue then losing the switchboard. It should be a lot simpler to fix. They could get a Class 1 certificate up in minutes to clear the site warnings while the culprit gets the extended validation jobby sorted before falling down the stairs - oops!
"To get access to the internet the later !Plus Pack was required (or 3rd party networking)."
That is incorrect. It depended which version of Windows 95 was installed. The standard OEM version I purchased on release from a distributor for our self-built kit contained Mosaic and stack. Crude full Internet/WWW right out of box without MSN or Plus Pack.
And here is what 'state of the art' microsoft.com looked like at the time (seen through IE):
Do you know - I don't care a tinker's arse about how much Bill Gates, Steve Jobs, James Dyson or even Alan Sugar pocketed. They changed the world. Alan Sugar probably did more for the modern English novelist with his Amstrad Wordprocessor than anybody else.
They probably cost us less than two useless aircraft carriers.
They did what they did for more than money. But this lot? What is there contribution to society? What have they changed? How many people's lives have they enriched? More to the point how much have they enriched their employees they needed to deliver the goods?
Equality is a dream, but this level of inequality is a nightmare. Nobody is offering a practical plan to reverse. Even discussion about it gets kicked off the agenda. By highly paid media men no less ...
"Don't you know: there are no Muslim gay, nor Japanese gays, nor Chinese gays. I know this because my Muslim, JP, CN friends assure me it is the case."
May I suggest you widen your circle of friends or read something like 'A Case of Exploding Mangoes' by Mohammed Hanif. Wonderfully subversive story of homosexuality and much else in Pakistan.
Yes, the west (well east of Indiana) are ahead but not that far ahead. The Thatcher Government's Section 28 was only repealed in 2003. Many of its strong supporters are still very active in the current (well until May 7) government.
Anybody my age should understand the cultural issues on LGBT in those societies. But have hope that the rapid transformation we have seen in the last half century can be repeated elsewhere, And not be too superior about it.
BT are right not to re-imburse. If 5060 had been blocked then it would have had to be unblocked anyway and so the same hack would have happened.
But BT are at fault for not blocking 5060 on 'All'. Anyone who isn't knowingly using SIP/VOIP who gets hacked through this port should take 'em to the cleaners. As to the distinction between security on a home and business account - I have a home business and I expect the same level of security in either mode. If I'm running a bank or an obvious target for attack I may elect to put in extra firewalls and other stuff but an ordinary business and an ordinary home user should have the same level of protection. Not just for their own sake but to minimise the chance it gets taken as a bot to plague the rest of us.
And on the grief BT Broadband has given me and my clients over the years - anyone using them should, perhaps, be aware they are not to be trusted for anything other than watching some footie. So, yes, blame all round!
"Anyone spotted any dino-tech on the moon?"
Might it resemble a WW2 bomber?
As an HP Touchpad user Cyanogen is the OS that brings back the dead. But that's only an unofficial port. That's the crux of Cyanogen's dilemma?
Born of a desire to not landfill good kit the manufacturer disowned or bloated out of existence - that is no revenue opportunity for an organisation going professional with paid developers. $80 million says they are going to target OEM agreements in competition with Google and the aftermarket can go get lost - again!
It would be good if this stimulated more Google Play offerings. But I'm not counting on it.
Yep, Frankie wasn't so mad after all. Worth his weight in (none) votes.
"Last I saw, robots don't move around at 70mph"
The one driving my tube train is rated to do 75mph. The one flying my plane cruises at 500mph and can land safely in fog. As we know its tube drivers and pilots who fail castrophically and kill. But, somehow, we feel uneasy if there isn't a person up front who can open the doors or give us the weather forecast for our destination.
Can we find something that will do this?
I'm prevented from using SSL on websites as these browsers don't support SNI and we don't have enough IPs. That is threat to everybody else's security. You can't degrade what you haven't implemented because of these retards.
Nope - the photo was just a way of charming Apple to invite El Reg to the next real launch ... journos need the lunch. Pity as I guess the only alcoholic beverage on offer would be cider.
But is this about DNS hijacking rather than Registrar hijacking (though of course some people do use the Registrar's own DNS). And is it just normal credential compromise that is concentrating on logins from a small number of registrars so they can play about with the DNS there?
The point of these articles is surely to alert us as to new threats. Can you please remember that some of us have had our sharpness blunted by many years of SysAdmining and need things spelt out a little simpler. Anyone?
Well my GP surgery is on XP and can access my medical records. Presumably this implies there is a route to (or worse still from) the universe.
I was having an anti-virus jab. I suggested she shoved it up the USB slot as it might do a better job.
Indeed it rang a few bells for me. My first program was in Deuce machine code. Deuce was a valve computer built by English Electric and I won a prize to work on one for a few days at Nelson Labs in '64. It was the opposite of today's computer rooms - all the windows were wide open to get rid of the huge heat output from the valves.
Raw programming in machine code - and because the main memory capacity was so small you could keep in your head all the memory locations you were using. Saved having to document and meant you could get stuff running very quickly. Of course updating it later was kinda difficult.
I went on to proper programming at University and after in high level languages on a variety of of ICL mainframes. It was only when I bought a TRS-80 with my own money that I got back to real raw programming in Z80 code and Assembler. It was a joy and found I could put stuff together much faster and more reliably than the ponderous mainframes. GEORGE3 had a half life of only 15 minutes at one time.
So I lashed up a termiprinter to the Trash-80 which would take standard 132 pp computer print out paper. I actually had a major business planning application running on it. I kept it secret and presented the results on printouts that the board assumed was from the 1902A mainframe they had allocated to me. Fun while it lasted.
What happened when they found out I may tell another time.
That's very public spirited of you. Are you absolutely sure you don't benefit in anyway from those who do pay the tellytax? Never listen to BBC radio, watch BBC productions, appreciate the breadth of classical music available in this country, keeping bloated politicians to account (and Cliff Richard), and provide a valuable companion to many poor pensioners, disabled and so much more for £145 per household?
It doesn't all get blown on ridiculous salaries, pay-offs and Eastenders. But if it makes you happy to brag about not paying it then keep right on. Its almost a free country.
The ferry operators start before you even get there ... how much is a single? We only do returns! I only want to go one way. Well if you don't pay us our double ransom you can just stay in Pompey.
That's a triple ransom ...
If NSA/GCHQ can't crack 'em then they should be closed down as incompetent. If they can and use them without warrant then they should be shut down.
As for Gemalto - they wouldn't have a clue. NSA/GCHQ do have a reasonably 65+ years track record of doing the impossible without the target noticing.
Yes. But I didn't have to scramble. It fixed itself (or rather the repository did). I had to decommission the XP boxes because they no longer fix themselves. That's why i prefer OS insecurity to MS insecurity. Is that so bad?
Well £50k would be very welcome to the majority in this country. And that for a full time job.
This was clearly a part time job with a glorious set of perks that can be milked quite legally for kith & kin (our MP 'employs' his wife and nephew). No - I don't want him to stand for treason. Only the lawyers win and we are milked more for financing his stay at Bessie's Pleasure.
No, we just want his unearned salary back please. This would be true justice for a man who voted for capping benefits from those less fortunate than himself.
When an ex-partner is indecent or grossly offensive in a public medium - the police do need a handle to protect the more vulnerable.
Paul Chambers is a red herring 'cos all that demonstrates is a serial failure of common sense by the complainant, police, cps and magistrate - all of whom should have tossed it out. And its really hard to draft a law to bring 'em to their senses. It is one case to balance against the monstrous stuff that mostly women have to put up with from angry men. Its one case that brought in guidelines to hopefully stop a repeat of the law's misuse whilst protecting its intended use.
1. Ok so I'm running 5.0 so no current threat. But when they crack that. ..
2. They have to get the app recommended to me by a trusted source. But when...
3. They have to get it both into Play Store (not difficult?) and keep it there (more difficult). But when...
4. Get over my obsessive hangup about permissions. But when...
5. They can rip me off for all of £2 being my Tesco Mobile cap.
Yes its bad but not bad enough to lose sleep over. YMMV.