Posts by djack
92 posts • joined Tuesday 16th June 2009 12:27 GMT
Re: Rolling upgrade
Indeed. I am hoping that they will be able to produce a keyboard as an 'other half'.
Finally, something that looks like it could be an available successor to the N900 :)
They have my 100 Euro
Re: So glad these are still live!
Thanks for those, I never knew that http://www.reynholm.co.uk/ existed. I'm sorting my Reynholm security pass now :)
BTW you missed out on http://www.ladyproblems.org.uk/
Re: I really don't like the idea of gesture TV
"5 pairs of eyes are detected, this film is only licensed for 4 pairs of eyes at once. Please upgrade your license at www.bastards.com"
You are behind the curve on that one - Microsoft patented that concept last year as something that Kinect can do..
http://www.geekwire.com/2012/microsoft-diskinect-freeloading-tv-viewers/
Re: ...while TLS 1.2 isn't implemented by any!
TLS (and most other crypto) in IE and IIS (and many others) is handled by SCHANNEL which I believe to be a component provided by the operating system, so it is more correct to comment on the capabilities of various versions of Windows as opposed to the applications that make use of whatever is offered. Basically, WIndows XP does not support TLS 1.2 but Windows 7 may well do.
Of course, most multi-platform pieces of software will be using some other crypto library.
Re: God I'm getting sick of Fry
Brian Cox actually has a proper Ph.D in particle physics, has a large number of peer reviewed papers to his name and spends a lot of time playing with data from the LHC. Frankly he is one of the most knowledgeable guys on TV, especially when it comes to talking about the universe and it's origins.
Re: Still Snake oil
I was talking about the biometric data, not any sort of hash. Once you have that and access to the data communication channel the scanner uses, the system is irreparably broken. For an ATM that may be tricky but for many other applications of this technology, it is a trivial task.
Re: Huh.
"Which you have to do from the CLI. Epic fail, right there."
Or you can just click the 'upgrade' button in Update Manager.
Epic failure to check facts, right there.
Still Snake oil
This thing is subject to the same fundamental flaws of all biometric systems. The scanner produces a static data representation of your palm. It is this data that is actually used for authentication. I the server checks if this pattern is the same as (or close enough to) the pattern stored for you during enrolment. Basically it is a long password.
What happens when (not if) password data is compromised? Easy! Simply force the user to change the password - good luck doing that with biometrics.
Re: I don't mind being compared by age...
"Did you see him that time they had to build a Caterham?
WIlfully ignorant. To the point that it was embarassing to watch."
What, you mean where he's putting on an entertainment show, playing the incompetent clown?
Put him in a different context where he is giving his opinion not just comedic* entertainment and he has a totally different set of apparent values.
If you took almost everything on TG at face value, you would believe that all three of them could barely stand each-other and take great delight in endangering/humiliating the others. Watch the episode when Hammond comes back after his near-fatal crash - that mask significantly slips there.
* Remember, comedy, like many other art-forms, is a subjective thing.
Re: Sony have dropped the ball
Yeah, I it would be good for Sony to put a general(er) the purpose OS on the PS4. That way they have some functionality to remove after a year or two.
Re: I don't mind being compared by age...
I don't think you're being fair there. He has his viewpoints and they may be polarised to yours, that doesn't necessarily make them invalid or willingly ignorant any more than yours are.
Quite often his belligerence, when not exaggerating for entertainment purposes, is due to him actually believing what he is saying is right. Importantly, he is willing to change his opinions if they are shown to be wrong. The whole bank account details thing is a case in point. He believed that 'the experts' were over exaggerating the problem and needlessly scaring people and throwing seemingly pointless obstacles in the way of daily life. Believing himself to be right, he didn't just grandstand but put his money where his mouth was.
He was shown to be dead wrong. Did he dissemble? Did he go on the defensive or on the offensive? Nope. Unlike many, he quickly acknowledged the reality of the situation and changed his opinion.
Re: SingStar on PS3 XMB anyone?
Exactly. With this and the Linux fiasco, I have lost faith with Sony.
I don't ask much from companies I do business with ... just the acknowledgement that what when I purchase something it becomes mine (and is not something that they should tinker with to my detriment) and a modicum of respect for my opinions and me as a paying customer.
Sony decided that they did not want to provide that so I have decided that I do not want to provide them with any more money.
Eagerly awaiting the Piston.
Re: Duh, perhaps there are too many bugs in Java 6 and it's time for an update?
@Daniel B.
"However, this can be fixed by simply doing
java -version:1.4 -jar MyClientApp.jar"
Nott quite. It causes the Java launcher to locate and use a1.4 JRE. This only works if one is installed and (obviously) will not work if the new installer has removed all old versions.
Re: A security scanner that requires Java ! WTF?
Metsploit is written in Ruby.
There is an optional desktop GUI, Armitage, which is written in Java. Like any other desktop application, it does not run in the applet sandbox - which is where the security concerns lie.
Just becasue you can't see a viable attack vector ...
... doesn't mean that there isn't one, or that no-one else will figure one out.
The assumption that you are cleverer and more prepared than those out to get you is the best way to set yourself up for a fall.
Re: Shipping
I say entropy. When I ordered the Nexus 10, it said to expect dispatch in 2-3 weeks.... two days later it was witing for me at a TNT delivery depot.
Get the commercial ones for free anyways..
Many (most?) online banking and CC services offer free AV and related software for free.
Barclays gives out licenses to Kasperky's suite and MBNA dole out McAfee (I think). I wouldn't be surprised if the other banks have similar schemes.
Re: A couple more old adages...
I think that a better example of Microsoft's malicious intent would be their old OEM contracts. Many companies were locked into 'agreements' where they were charged a fee for Windows on every machine produced... regardless of whether Windows was installed or not. Other companies were given significant price breaks if they refused to supply any systems without Windows pre-installed.
If the above isn't deliberate abuse of position, I don't know what is. This current issue just smells like a continuation ofthat ppolicy.
grr.
I got to the store, put one in the basket and went through most of the purchasing process then the checkout bit ground to a halt.
Went back to the store to try again and they're all gone :(
Downvoted you out of spite :P
Do you think people are only paying to watch sports?
I am. Specifically for the Formula 1, I finally capitulated a coupler of months ago and felt dirty ever since. The second they lose exclusivity of that is the second they lose me as a customer (or the 12 month contract expires, whichever comes sooner).
Whilst there is some other stuff on there worth watching that isn't the same old repeats, it is few and far between. 'Elementary' is the only thing that springs to mind and I'd be more than happy to do with that what I did with their other exclusive shows - wait for the DVD boxed set.
MS Hardware
I've always thought that MS have made some pretty decent hardware. For many years, they and Logitech were the only names I would look at for mice and keyboards. Whilst I've never owned (nor intend to own) an XBox, that Kinect (sp?) thing looks like some neato tech too.
Based on that, I would expect surface to be a damn fine tablet.
It's just a pity that you can't say the same about their software that I wouldn't touch with a barge-pole.
Re: Hmm - sold at cost for £75 in the US or with a 46% margin in the UK
You are missing out on things like tax and such.
Americans have different sales taxes levied by different states so it is impossible to quote a single price for the whole of the US unless you go excluding tax.We have the luxury of having a national single rate so it can be included in the sticker price. I know that doesn't account for all of the difference, but it does take the edge off it. They would also have to deal with different financial pressures in different markets, shipping and have to price it based on an estimate of what they reckon the exchange rate is going to do over the next year or so.
I persnally do not think it's that bad a differential.
Security is the key
For BYOD to work, the company has to ensure that company data is kept securely and cannot be misused or lost or exposed to malware on the device.
The only way to come anywhere near the required level of confidentiality and security of company data is through lock-down software on the device that will enforce :-
* Encryption of data.
* Reasonable level of authentication to get access to the device after device lock or power on.
* Automatic device lock after a (short) period of inactivity.
* A whitelist of approved software (no downloading and running of arbitrary 'apps' from the store)
* Monitoring of usage of the device.ngs aren't secure enough for company c
* Ability of company IT to wipe the device in case of compromise.
* Device will be wiped when employee leaves the company.
Without these restrictions, there is a significant risk of exposure of company data. When these restrictions are spelled out, no employee in their right mind would submit to them and no-one would want BYOD.... win-win!!
That seems to be so.
I have a S3 from Three and have not received an update for a couple of weeks. The IMEI test did not work for me.
Posted in Freeview kit to require retune tomorrow
Re: Again and again and again @Ragarath
Well, it's now the 20th here. No retune notices either. Also, Dave is still on 19.
Looks like they've not done the EPG change here this week, probably next week. I wonder if they could have made the process any more confusing or inconsistent.
Posted in UK.gov squatting on £1bn IPv4 motherlode
Re: Already answered
"More than half a billion?"
Yep. Easily, even if it were technically possible.
Let's accept their estimate of 80% usage. That means that whatever range you replace it with is effectively a class A range. This network connects a lot of networks that require access to the Internet, so whatever range you use must be in RFC1918. SO, the easiest option is to use 10.x.x.x.
OK, that's the easy bit out of the way, to enable communications across this network, it is your task to organise and re-number the internal networks of every government department, every local council, school, police authority, fire service etc. etc. so that they do not use any 10.x.x.x address internally (to ensure that they can reach any and all services on the network) and then go round and do the same for all the private companies that have a need for direct communications with any aspect of government.
If you can do that for less than half a billion and within a time-scale so that the whole exercise isn't pointless I'll buy you that pint to the left!
Posted in UK.gov squatting on £1bn IPv4 motherlode
It is in use
That range houses all the networks used to connect together government departments and other organisations. Things such as the GCSX and GSI exist there... and no they couldn't have used RFC1918 addresses as many separate organisations and networks attach to it.
Security Added Now?
The ministers said the project, now in the final stages of development, was adopting security systems used by banks, and the team behind it was in talks with internet companies including Amazon for advice on how to keep availability high.
Wrong wrong wrong wrong wrong!
Security and availability should be in the design and planning of the system from day one. Anything where you take a system and then add security features is just an ownage waiting to happen.
Re: Is it just me...
"what's actually been done, rather than what has been claimed?"
Yep, I fail to see any evidence of PIN exposure or SQL injection in that video.
He has an account with PIN 31337. It's already his account. OK, the system bizarrely applies arithmetic on the input - 31337 * 1 *1 *1 = 31337 (woo, a match!), 31337 *1 *1 *1 *0 = 0 ( no match - wowsers).
OK, the system should be dealing with the PIN as a string. The error is in dealing with it as a number. That arithmetic is performed does not imply SQL injection - it could just as easily be an 'intelligent' string to integer conversion.
Posted in Freeview kit to require retune tomorrow
Re: Again and again and again @Ragarath
Is there some technical reason why it could not have been done?
I can only hope so but I can't think what it could be - unless lack of common sense is a technical reason?
Posted in Freeview kit to require retune tomorrow
Again and again and again
Being in the north-east, I had to retune last week for the start of the analogue shut-down, this week for the EPG reshuffle and next week for the completion of the analogue shut-down! We should make it a weekly Wednesday we-tune! (sorry)
There's hundreds of adverts and notices around saying to retune on the 12th and 26th, it wouldn't have been hard to add the 19th to the posters would it?
Fun fun fun!
Re: Welcome to the club
What ISP are you with?
Storage
I'm sure I spotted somewhere recently that they have upped the storage availability to a gig or so.
Maybe I was imagining it.
Yet another PSN+ subscriber wondering what all these problems supposedly are.
I know that there was a problem when they first put games on there that were previously released as a timed demo, but that got sorted many moons ago (for me at least).
Re: Meh and oooo maybe...............
Just found this...
http://blog.lovefilm.com/uncategorized/kindle-fire-hd-is-coming.html
So, Lovefilm streaming will be on the HD and will likely be coming to other Android devices later.
Re: Sigh
How do you know that that is the same 'well known' bug? That is such an uninformative and sanitised error message that I would expect it is used when any sort of error occurs that could originate from any of a bazillion different bugs.
Re: Meh and oooo maybe...............
There is already an Android Lovefilm app.
However it is limited to just managing your rental list, browsing the library and watching trailers.
I would love for this release to mean they are producing a new version of the app and I can look forward to watching streamed films on my phone some time soon but I'm not holding out too much hope.
Re: Arghh! My eyes! @diodesign
ahem ..
... performance of x86 architecture can take on more workloads," he told The Channel ...
The font used does look thinner and spindlier than the rest of elReg. Not as comfortable to read. I suppose it could be mistaken for italics.
Posted in Ten movies inspired by video games
Re: I kinda liked...
Agreed with Res Evil. It was quite a nice little zombie/survival flick with a bit of conspiracy theory thrown in for good measure. It is odd to see a film panned for not just playing on blood and gore effects.
Though it probably does say something about the skills and scripts of the main characters as they were all up-staged by the six year old girl playing Red Queen who, for me, outranks HAL as how a homicidal AI should operate.
The best ..
The best bacon sarnie is one with .. another bacon sarnie next to it
Marmite??... you're lucky I can only down-vote once! :P
There's only one acceptable use for malt and yeast (see left)
Re: @djack
Yep, Barnacles is still going. Whilst I used to love them whist a student they are now a last resort for me. I don't know whether their quality has gone downhill or my tastes have gone up.
My local takes the 'art' to somewhere near an extreme by doing stuff like looking after the fat by only opening for four hours at a time.
Aha! Found the site : http://www.small-fry-redcar.co.uk/index.html
Re: SQL Injection
Nope. Stored procedures can be vulnerable to injection attacks themselves. The solution is the use of parametrised queries (even within stored procedures). That way the server has no doubts over what is data and what is code.
Re: Apoplectic
Simply using a SQL injection infers very little skill on behalf of the attacker, true.
However actually discovering the hole and performing the analysis in order to make it exploitable can be a task ranging from the nearly trivial to down-right infernal. Once you have done that, using SQLmap to slurp up all of the data is straight-forward.
Re: Parmos are the best thing about Teesside
Umm.. Whitby isn't in Teesside. The fact that the Esk runs right through it might give you a clue ;)
I've been up & down the country and haven't seen fish'n'chips anywhere near as good as you can get as good as you get around here (apart from in Whitby).
I'm spoilt as my local chippy does old fashioned crinkle cut chips done in proper beef fat. Lush.
Re: Have had the e-mail this morning
Salted hashed do not defend directly against dictionary attacks. I think you were meaning rainbow table based attacks.
Salting does not add any defence against a brute-force/dictionary attack against a single account. It does mean, however, that if five accounts had used the same password, they need to be attacked individually. Without salting, those five accounts would have the same hash and it would be clear that they had the same password.
Paid for Angry Birds also on Android
Well, space at least.
ISTR I paid about 64p for that too, so it's not their first foray into paid apps in the Googlesque world. Presumably enough of us put our money up front to nix the ads that they reckon the market conditions are right.
Posted in Android games console scheme nets $2.5m
Software Library
I personally can't see this working as well as people would like to think.
They would probably like people to assume that there is a huge pre-existing array of games to be used - "Look at all the games in the Android store!"
All games for this need to be developed specifically for this and will be very different from the existing Android software. This will not have a touch-screen, how many current Android games can do without one?
Re: I completed the form yesterday
Looks like it is probably some form of race condition flaw then. So it would trigger a problem of two or more people tried to submit details at pretty much the same time. It's pretty much pot luck if you notice it. It also means that the more people using the service, the greater chance of there being a problem.
This sort of flaw is often missed during (inadequate) testing.
What's [sic] with the sick sic?
Has the reg's attempts to highlight the grammatical errors of others backfired terribly or has mine?
Surely when talking about privacy, my privacy is my own and therefore "one's privacy" is a possessive and therefore correct. Similarly, it is fine to talk about my privacy when visiting your home.
I always thought that the use of '[sic]' was to highlight the errors of others in quoted material, or is it more efficient to now only use it where the person being quoted has used apostrophes correctly?
Ahh, it feels good to have produced my quota of pedantry so early in the day :)
