Re: Where is Cali?
I assume that the author is from California... No rational person calls it that, just people that live there (for some reason that I have to figure out)
1299 posts • joined 29 Jun 2009
I assume that the author is from California... No rational person calls it that, just people that live there (for some reason that I have to figure out)
I wonder how well a VDI system would work on Azure...
Might be a worth-while service to get into as well, offer a thin client for the price of a single Windows license and include a full Office install in with it and some cloud storage / backup system. Throw in some proper malware protection, and I will pay so much money for two or three of them just to avoid having to take the two-state long car trip to fix their machine or to recover data after they forgot to back the thing up.
Something like this would work perfectly for such users:
A lot of terrorist organizations get a very large percentage of their money off of the drug trade, with the rest being provided by the sex-slave trade. Allow for fully regulated companies to sell drugs, and now billions of dollars are staying in the country rather than funding terrorists / cartels. Require that a certain percentage of profits must go to rehab and community outreach type programs.
I've found that installing a BGP daemon in a datacenter that has unrestricted internet access, then having it advertise all routes with a cost of 1 brings down a data center fairly easy...
Accidentally did it as part of test lab while testing a carrier-grade NAT with BGP routers behind it (The BGP routers would advertise self-assigned AS numbers for private ranges (The theory being that those routers would see my router with a cost of 1 for everything and push their traffic through it where it would get translated and re-routed onto the actual internet using 'real' IP addresses). The project was to test doing carrier-grade NAT without needing DHCP and to allow using either IPv4 or IPv6 internally and still allow for IPv4 or 6 on the outside.
Not code signed by them, and especially not any of their hardware. I have never had a positive experience with any of their gear, whether it was a home wireless router, a NIC, or even an "enterprise-grade" switch; all of them either failed within a year or two, or they just worked in some weird and hair-pulling way that didn't always work correctly.
I was just about to post something like that.... That technique has been around pretty much forever, hell DECNet had a setting to do just that.
Indeed, I figure that since the NSA already has taps on all the lines going in and out of the US, they could easily slip a firewall or two in there to block malware...
I thought that one of the goals of HTML5 was so that complex apps could be coded in a platform-agnostic way. What ever happened to that?
Someone would notice that there are 4000 apps in the store...
All the child pornography, terrorism, and drug dealing websites are inside of TOR, so no exit node is needed... So really, the only thing coming out of the exit node is going to be the nice clean, harmless traffic from people accessing legal websites but don't want to be spied upon while doing so.
Yeah, she'll probably merge the US with Canada and end up with the GDP of Sudan...
I think that the point of the testing was to ensure that the certificates worked properly with a fresh-out-of-the-box browser.
Indeed, I would think that it would have been required for testing certificates to be issued for non-existent domains or at least use an invalid TLD. Something like "google.symantec" or "test103.local" so the testing lab's DNS servers would still recognize it, and the certificates would show as proper EV, but if the certificates leaked, then they'd be absolutely useless unless you added those fake domains to the victim's DNS (Which if you could, then you wouldn't need the certificates in the first place)
I figure that a new DNS record for a website could be created with the certificate's public key and a URL for the issuer. That way the owner of the domain has at least some control over what certificates are considered valid for them.
I find it easier just to comment on the post to show my empathy to the poster. Using just a simple button to try to express that seems wrong to me... Is it really empathy if you don't put any actual effort into it?
It might be a stream in the way that the pitch-drop experimenter is a torrential rain-shower...
I would think he probably used a drill and some expanding fasteners once it got big enough. Probably drilled a 7/8" hole most of the way through and threaded a 1" bolt into it.
Given that paint goes bad after 10 years, the last time he;d be able to use lead-based paint would be around 1987 (lead paint was banned in 1977), so that gives use 28 years worth of paint, or 10,227 layers. I think its safe to say that you'd be safe even if you took a bite or two out of it... Well, safe from lead poisoning, at least.
AH, Carly, she only managed to double profits by buying Compaq. And even then, profits should have theoretically tripled... How the hell do you merge two companies and manage to pull in $10 Billion less than the sum of what both companies made the previous year?
If I was on that project, I would've just spun up a couple copies of SIMH on a modern machine and then worked from there...
I've always thought that the "Won't someone think of the children" brigade has the dirtiest minds around, since what kind of person makes the leap from "pornography" to "children" so quickly?
Last year I bought a TI MSP430-based watch to play around with it, it will probably be the closest thing to a "smart watch" that I'll ever touch. I've been using it to display the public keys to my bastion boxes when you put it in the right mode. This way I can be assured that my connection hasn't been tampered with by any of the spy agencies and I can ensure it never leaves my body since it doesn't set off metal detectors and the customs folk don't even bother with it and thus compromise the keys.
" California slides into the ocean"
Actually the Pacific plate is pushing into the North American plate. If California where to move in any way, you'd end up with San Diego crushing Phoenix...
Go stick your head in a pig!
I couldn't finish it either, but that probably has more to do wit the fact that the movie is just so bloody long... 3 hours and 45 minutes, that borders on torture right there.
Seriously, never, ever assume that any data passed is going to be valid. In security sensitive code like this, the data should always be treated with some suspicion and be validated at the beginning and end of every function that handles it.
I would assume that the URL parsing function would strip the protocol from the beginning, which would leave you with [null] after URL decoding and thus an empty string. The calling function should have noticed that it received an empty string and ignore, and continued o its merry way with the next URL it detects.
"piezoelectric tiles yields free energy ..." Oh god that reminds me of that whole "solar roadways" bollocks from a little bit ago...
I love how projects like this tend to leave out the part about "This would require more tantalum than currently exists on Earth, assuming we mined every bit of it". Or the insane length of time it would take for the benefits to offset the production cost...
What would really reduce air traffic noise would be to install proper high-speed trains rather than the crap diesel-electric behemoths we currently depend on that cost more, and take longer, than flying...
I knew a developer that would get their code running much faster by exploiting the benchmark tuning on the processor. The code was difficult to read, but it sure ran pretty fast...
Ah, the metric system; where 1 ml of water at 20 degrees Celsius weighs 1 gram and takes up 1 cc of volume. It also takes exactly 1 calorie of energy to increase its temperature by 1 degree C. So much easier than the "standard" system in how its based off of some long-dead king and other archaic measurements...
I always figured that a shop like their would have more security than mine. In my company's shop, code signing certificates are kept on an air-gapped machine sitting on the QA director's desk. Once the QA department's tests have been completed and the product is ready to ship, the code gets burnt to disc, scanned and then copied to the code-signing machine. Once compiled, it is written to another disc and scanned again, this disc the gets duplicated so that we have a known-good golden copy of the code and the executable.
I had applied to them before, but was rejected because I didn't have a Bachelor's degree at the time. Then after I got my degree, I ended up rejecting for a couple reasons: They wanted me to move to Washington DC to work in the main HQ rather than the regional HQ two blocks from my apartment and on top of that, the pay was shit, especially compared to the cost of living of DC.
I had also gotten an offer from another company in the city where I was living and with 50% more pay. After all was said and done, after bills were paid, I was getting twice as much per month.
Yep, the human eye cannot perceive pixels of this density. But people will buy these claiming to see a difference, just like the folk that claim that they can tell the difference between 24 and 32-bit encoded FLAC files. (I'll take a 4 MB MP3 over a 30 MB FLAC file any day of the week, can't tell the difference anyway...)
They can't expand the network... The wired side of the network has enough bandwidth, the congestion is on the wireless side. There is only so much data that can be passed over the spectrum set aside for the 4G technologies. The only way to actually increase bandwidth using modern technology would be to turn down the power on the towers and start building a lot more of them closer together.
The cynic in me believes that they waited until a major release like this so that anyone still using a device that can't upgrade to 9 will now need to buy a new device to remain safe.
Indeed. Once on a business trip I took a Black Cab from Heathrow to downtown London, the bill from that killed my transport budget for the rest of the week. Took Uber on the way back ended up with a bill less than a quarter the cost, plus it was easier to get to my destination as I typed it rather than tell my destination to some guy who sounded like he was trying to swallow a bag of marbles...
I've always wondered why nobody bothered doing this in hardware. You'd have a couple real-time processors set aside for the OS and hardware interfacing, each one of which has its own dedicated memory (Possibly even dedicated chips) and then you'd have all the user stuff run on a huge cluster of standard processor cores. That way the OS is fully protected and immune to even cache-poisoning attacks since it runs on what is essentially dedicated hardware. The Real-time chips could access both sets of memory, but the application cores can only access the shared memory.
A theoretical would system work like the following:
-A user application would just simply send dump a set of requested actions into the shared buffer (EG, I need this file, draw this on in my window, or send this packet to network. The process would then send an interrupt to the OS and the OS looks up the various system calls the process put through by the application process and either performs the action or denies the process based on some security process running simultaneously with the kernel.
-If an application requests a security-sensitive action, the OS itself could halt the application processors and run a check on the requesting process's memory space to verify it hasn't been tampered with and is trusted. If those checks pass, then the request is granted, else the request is denied and the anti-virus engine is called into action. The ability to stop the app cores while the OS still runs would be so very valuable in killing malware or even jsut prevent something from spoofing the OS.
-With enough cores, it could be possible to have every hardware driver run on its own core to interface with its associated piece of hardware. A single real-time core per PCIe lane or other interface would be sufficient to handle a system's needs. Each 'Driver" core would also come with its own bit of memory. This way the system would even be immune to hardware failures, the core running the driver would just need to be kicked. Hell, you could even support hot-swapping the video card...
Seriously... Sensitive security processes like that should take the kernel with it if it crashes and force the device to reboot. Any time a process like that crashes, then it should be assumed that the whole OS is compromised. Besides, a buffer overflow like this could be used as a handy code-injection method, especially since it'd be running under root and all...
Even NT4 would do that (if lsass.exe crashed, the system would immediately bluescreen)
Microsoft is really a couple different companies that happen to have the same name. The R & D groups tend to be given boatloads of cash to spend on whatever they want while some of the other groups are beaten down and forced to crap out code at the direction of the marketing and management overlords.
Except the iPencil proves that Apple only recently discovered tools...
Indeed. What is the difference between an Atom C2xxxx chip, a Pentium, a Core i3, and a Xeon E3?
Maybe its some other country that was carrying out the attacks but tapered off in order to implicate Iran. Or maybe the attackers have just found a much more subtle attack method, or succeeded in getting some kind of APT into some secure networks and no longer need to perform direct attacks.
El Reg really needs an age verification system...
I've never understood why baggage claim is in a public area right next to all the transportation. I could understand it 20 years ago when the only things that people put in packed luggage were clothes and toiletries, so there was no interest in grabbing anything from a victim's bag. But now, we have to check pretty much everything due to insane security restrictions, so there is now a lot more valuable stuff that can be grabbed from them. US airports have those "point of no-return" gates, so why not add a second set just after baggage claim? It'd greatly reduce the number of stolen bags and no one could bring a bag back into the "secure" area.
Although I've always thought that they should set up automated kiosks where you scan your boarding pass and the machine spits out your luggage.
Excluding bulk discounts, that would be about right. Consider this scenario and it will make a lot of sense:
--In a metropolitan area an ISP may have 1 million customers, they provide each customer with a 20 Mbps link and charge $25/month for that link. This would produce $300 million dollars per year in income for a theoretical 240 Gb/s (valued at $480 Million of bandwidth) meaning a loss of $180m in just transit cost
That is the theoretical, however very, very few people actually use up all the bandwidth they pay for, so:
--Based on the fact that most ISPs have a 500 GB/month data cap, which works out to just under 0.2 Mb/s per connection. So now to feed that much bandwidth to would only take 2.4 Gb/s link for transit, so 2x 10 Gb/s links would be more than sufficient to handle spikes and heavy users. So this theoretical ISP would be receiving $296m in income after transit fees are subtracted.
Now consider that the ISP is also probably doing quite a bit of packet optimization and that a lot of packets don't actually leave their own network given their peering agreements with the big bandwidth consumers, and you see that $2m per year for a 10 Gb/s connection is nothing for them.
Most of the Dark Fiber left only works at the 100 Mb/s level or lower. Long distance cables are a lot more then a piece of glass, there are repeaters every 100-200 Km, and those are the bottleneck. Since it takes about the same amount of energy to power a 100 Mb link as a 10 Gb link, companies are just laying new fiber that can accommodate 1,000-10,000x the bandwidth with the same operating cost, which is why NSPs are making mountains of cash while their fees keep falling. It works out that if they replace a piece of fiber with 10x the capacity, they can easily charge half as much but make 5x the profit (Assuming 100% usage) and even subtracting the payments on the loan to lay the cable, they still come out on top with a nice profit increase.
As for those old fibers, a lot of them have failed over time, and the rest get leased to companies to run private site-to-site links (mostly telcos for their long-distance back-hauls given the guaranteed bandwidth).
I've always thought that the NSA and CyberCom need to be dissolved and re-built from the ground-up, each holding a different role:
--A defense agency that does purely defense, no offensive or criminal investigative roles, just ensuring that our infrastructure is up to snuff, blocking malware from coming into the country, doing security testing of various products, and producing security software for the people. This group would also run the central infrastructure for the US and the only group with access to the taps on the submarine cables (Specifically for installing malware firewalls, DoS/DDoS mitigation systems, and IDS / IPS type systems)
--An offensive agency that does all the intelligence gathering and attacks against foreign enemies
--A cybercrime investigative agency that would handle the investigation of computer crimes involving American citizens, and work with the varying police agencies and the justice department to ensure that computer crimes are handled properly.
Of course there would also be the requirement for any communication between the agencies to be fully reviewed and given the capability of review. Obviously crimes reported by the defense agency to the Investigation agency would be handles like a standard criminal case, so there would be the proper amount of privacy in there, it would of course be open for judicial review unlike the Intelligence Services Court.
My solution for this would be to require the registrars to verify the identity of the person registering the domain (this would also stop people from using stolen credit cards to register malware domains). For privacy, the WHOIS data could either contain the name of the person that verified the registrant or the registrant itself, if they wish to remain anonymous.
They should also standardize the protocol so that it can be easily digested by browsers and the like. With this, I also propose that an additional field be added to WHOIS: a section on who is responsible for the certificates the website uses, and the Root authority of where that certificate is supposed to come from. If verification of ID is required anytime the WHOIS data is changed, it would help prevent spoofing a website since the cert wouldn't match the info in WHOIS.
Mobile devices were allowed for the simple reason that if we allowed the users to play on their own kit, they were far less inclined to try and get around the protection we put in place.
That is amateur hour right there... DB passwords are something that gets copied/pasted and usually just sits in a config file, so why not make the thing as long as the DB will support? Maybe the DB admins for AM just really wanted to believe that 5-8 is really long and more than sufficient...