455 posts • joined 29 Jun 2009
Does it have to be every 365 days?
Couldn't they send these things out every 360 days or even just send them out monthly alongside the usually banking statements (like my bank does, but I'm a yank with a credit union, so not sure of that would comply with Brit law).
Try HSBC, trusted by drug rings, black markets, rogue states and terrorists for well over a decade. They may be evil, but they don't fuck over their customers (At least not as much as other banks) and seem to be immune from the NSA, CIA, MI*, GCHQ, FSB, et al.
Apple; totally not a personality cult.
From the photos I've seen there are more images of Steve Jobs per square meter in California than there are of Kim Il-Sung in PyongYang.
Re: "and setup a small pfsense box"
Or just use OpenBSD and the built-in pf rather than its derivative.
Re: Location of the Microsoft/Crypto folder depends on the Windows version
Doesn't matter where it is, those files are encrypted anyway. You should be accessing them through the Certificates Manger in the MMC.
The point of the Keystore isn't to obfuscate access to certificates, but rather to put them all in one place and make it much easier to work with using a common API for all your crypto needs rather than having it done on an application-by-application basis.
Yes, the system has to get access to the key from somewhere, in modern computers this would be the TPM in conjunction with SecureBoot. The SYSTEM account's keys are stored in the TPM and without those keys the keystore is unreadable. Of course now the TMP is the weakest link, but if your attackers have the technology to break one of those, I think you have bigger problems.
Besides, if someone malicious has physical access to your machine, it doesn't matter what OS you are using, you have already lost. A system's security isn't just about the OS, you also have to protect
No, every account has its own encryption key used to encrypt the keystore (keys used by the OS are stored in the SYSTEM account's keystore and encrypted with the machine's key).
The source of this key depends on the account type: on locally created accounts the key is made from a one-way hash of the user's password and some other unique data. In directory services, such as Active Directory, the key is stored and generated by the directory software.
The only place the key is stored in plain text is in a protected section of memory (Assuming your MMU isn't a pile of crap) and is processed by non-interruptible software ISR.
Re: " toughest substance in the known universe"
Indeed, a few months ago I helped my parents with their garden and unearthed a Lego from when they were kids (about 45 years). It was even in near-pristine condition, especially compared to the nearly-disintegrated plastic bucket that we also found that was from a mere 15 years ago. Seriously, what the hell are the made of? I think they will still be around even after the heat-death of the universe.
Why do companies love the Bay Area anyway?
What is so special about the Bay Area that tech companies flock there like moths around a flame?
These companies could save truck-loads of cash by moving somewhere else where they don't have to pay their employees quite so much. I understand that a lot of their employees are graduates of the nearby universities, but they could easily relocate them to Portland, pay them $30k less each year and pay for moving expenses, all with both parties having more money in their pockets at the end of the year.
The rent is ridiculous in the Bay Area, I paid the same amount for a tiny studio (~500 Sqft) in SF as I did for a 3-bedroom place (~2000 sqft) in Downtown Seattle.
Why do the licenses for routers even need to exist?
How much does it take to produce the software on it? I don't think it could possibly bankrupt any of the manufacturers to just give it away, especially when they charge anywhere between $5000 for a basic router all the way up $2 million for the high-end stuff. Hell they might end up saving money by cutting down on the versions they have to maintain, shutting down the authentication servers and laying-off all the account managers responsible for the software support accounts.
HP's networking division seems to be doing well enough despite giving away the software.
This would only hurt their revenues
Both these companies make their money from advertising, and the value of their advertising is directly proportional to the value of the eyeballs (Value in this case is how likely the viewer is to buy the advertised product). But that value plummets drastically when you add millions of poor people that can't afford clean water, let alone whatever shlock is being shown to them. Hell, did they even think about the fact that very, very few people even have electricity, let alone some type of device that would let them use the internet?
I agree with Gates here in that giving them things to help them live would be a much better investment than them being able to post "Lost my brother to dysentery, second time this year" to TwitFace+.
Re: "They have supplies to keep them in orbit for many, many days,"
They'll carry about a week's worth of provisions with them in case of emergency, specifically if something goes wrong at any point in the trip.
As for waste, it is either recycled back into fresh water or stowed in sealed bags and placed in the same compartments the food was carried up in. What better ballast material than something that has the same weight and consistency of what was there before; a balanced spacecraft is a happy spacecraft.
Unable to get married
So why couldn't they just move to any of the other states that recognized gay marriage during the time that California didn't?
Good software, stupid name
From my experience as a consultant I think there would be a lot more installs of Hadoop if the name didn't sound so goofy. I can't count the number of times I've gone in front of management and had them laugh off the software because of its name.
Useless from the beginning I see.
I have yet to see how Twitter is any better than an RSS feed.
"Can be done with a tweet"
Except when twitter sees a legal threat they fold faster than a ninja making origami cranes.
You forgot the entropy of all the bureaucrats taking their cuts.
Yes, they should be fired
...preferably out of a canon.
Am I the only one with attractive friends?
Or is it that everyone here wants to turn the forums into a death-camp for old jokes...
Re: If you fall for that
Yes, because we all know how an infected machine only affects that one person.
Blinded by LEDs
Given how many manufacturers like to cram super-bright blue LEDs into their products, I don't doubt you could go blind from them. I wonder when device manufacturers will realize that blue LEDs produce a far more intense light than the same amount of energy in a red or green LED. There have been many times that I've walked into a datacenter and have been temporarily blinded by locator LEDs right at eye-level.
I have two problems with modern ads:
2) All that code is hosted on a server that neither myself nor the organization running the website can control and the advertisers don't have much of an incentive to police so long as the money keeps rolling in.
I wouldn't mind advertisements that were just basic JPGs or GIFs hosted on the website itself. I also wouldn't mind if the website shipped its access logs off to the advertiser to analyze, they already end up with all that information and a lot more with the current ad systems.
Re: Much as I dislike Facebook, I wish...
I had tinkered with the idea of a social-network backed email system some time ago. It would be easy to determine if something is spam in real time with the data they have. If a message is sent to multiple people (or very similar messages are being sent) you'd just check to see if there is some sort of link between the recipients such as going to the same schools, having friends in common, etc. Otherwise you'd block the message as spam.
"put announce for mtgox acq here"
'acq' could also mean acquittal...
Steganography to hide the whole thing
I'm surprised if they were going for something like this, they wouldn't have also tried to embed more of the virus into images.
The main payload could be nothing but a tiny little script that embeds a decoding routine and exec function into some system library. You could even use a browser update bug and embed this into Chome's or Firefox's SSL libraries (Done properly, you could even sign it with a fake code-signing cert and embed it into the underlying OS so the modified binary looks legit)
The rest of the virus would be embedded in a series of images labeled as 'Desktop Wallpaper' saved as full-color bitmaps at 1920x1080 or something of the like.
Something like this could go unnoticed for a long time
Wouldn't this be making more money for the broadcasters?
They weren't directly making money off the signal anyway, but indirectly from increased sales of products advertised via those signals. At least with this model, they could request viewership statistics from Aereo and rather than try to sell air-time based on 'Company X bought time from us and their profits went up by X amount, where they could now say 'We have at least X number of viewers on these time slots'
It bothers me to see companies like this getting shut down as it could be a boon for all parties involved. At the very least I could see a deal going with Public TV channels as it would a charitable donation and these channels would have a much wider audience.
Or even the human body, other living creatures, smoke detectors, bricks, bananas, ceramics, and many other things that release ionizing radiation, which even though is on the level of nano- or pico-sieverts, is still more than a cell phone has ever produced.
Re: I've always hated the term 'DMZ' in relation to networks
'If your answer to that is "but I can control that from a central place" you have just indicated a new APT target, and therein lies the rub.'
You seem to have missed the point. In most networks, anyone inside the company could be launching point for attack, my point is to reduce the number of possible targets. I would rather have the IT department's systems and working harder to protect them than having to worry about the thousand other machines in the company that can access the management interfaces of the critical servers.
Also your comparison to a company that only has a single key is flawed in that I can replace my machines whenever I want and it wouldn't affect a damn thing, where a key needs to be replaced everywhere.
I've always hated the term 'DMZ' in relation to networks
It causes Security engineers to think in terms of having just three networks: Internal, external and a section in-between when modern technology requires thinking in much finer grained terms. With modern OS's supporting virtual interfaces* you should have dozens, even hundreds of separate networks.
What should have happened when they brought the partner on board was to have set up a specific VLAN and subnet for them that connected to virtual NICs on the servers they needed with listeners configured for access to the data and commands they needed to get it or modify it. If something requires a different set of security rules, it should have its own network.
The last network I designed used hundreds of individual network, each web server cluster had 2 private networks and connection to at least 2 other purpose-built networks: 1 external connection to the back-end of the load-balancer shared only among public web servers, a second shared network used only for management of the internet-facing machines (only interface that allowed ssh/sftp access), a third interface only connected between the web servers to sync application data and user state, and finally the last one was set up only for the servers to connect back into the database servers where the listener was configured to only allow connections to the specific DB the web servers needed and further restricted it by limiting what commands could be passed through.
Of course each network also had an IP or two available for packet-capture systems for debugging and performance monitoring (much easier to debug applications when you can just pull the stats from the interface rather than having to filter everything)
*either through the virtualization platform on a virtual server or through the OS (UNIX-like systems and the VLAN interface, Windows and the HW manufacturer's drivers) on physical boxes.
RE: SD cards / Read only
You do know that the little 'read-only' switch on the side of the card is merely a suggestion to the host, right?
In the operating system, the only thing that happens when you try to write to a card that is 'read-only' is that the OS will bitch at you, if you use the OS's built-in that is. However, you can just send the raw write command and data directly to the card without any problem.
However there is a read-only fuse built into the card you might have used, but then that would mean you are using old, vulnerable software since you can never reset it back to read-write.
What you should have done was to set your partitions to read-only except for /home, /tmp and /var/log. To update, you would mount the device you are booting from on another machine,edit fstab to be RW and then reboot to the device and update, reboot back into other OS and reset fstab to mark everything read-only. Of course this assumes you are using an OS that is intelligent enough to partition its data properly and not just cram everything in to one giant partition.
Re: Try ibiblio.org ..
Simpler than that:
The US doesn't allow you to export crypto software, but Canada does.
Its referred to in the introductory message pre-loaded into every new user's mailbox and if you read the prompt at the end of installation, it will tell you to run 'mail' once you login. The message in your mailbox is a simple letter from Theo and the Developers about some system basics, ending with the suggestion to read 'man afterboot' to learn more (this mail will also appear for all users created on the machine).
The afterboot page is a basic primer on using OpenBSD and other UNIX-like Operating systems and will point the user to other man pages and tools that would be useful to know (in fact I print this page up for all my users for them to hang up in their cubes) Nearly all of them went from having no UNIX experience to being able to solve 99% of their own issues (Including fixing networking issues, diagnosing hardware problems to being able to install and configure their own Desktop environments and even tweak X)
They say RTFM a lot because you have a bunch of idiots that install OpenBSD then ask why apt-get doesn't work (Happened this week) or people that ask questions that would have been solved by just running man afterboot or man <command>. The OPenBSD developers are extremely anal about the accuracy of the man pages and docs and people just ignoring them is really annoying.
Re: Think about this...
Like Linus is much better at talking to the public...
Re: OpenBSD is included in ... third-party packages ...
Code patches developed by OpenBSD is included in those packages, it should also be noted that OpenSSH is also affected by all this since they are part of the same project/foundation.
Yet another appliance...
I don't need any more crap in the network racks when I already have the BGP routers, forward firewalls, load balancers, anti-malware engine, IDS/IPS system, web cache appliance, vpn gateways, rear-facing firewalls, packets shapers...
Typical Web 2.0 idiot programmer thinking: "I have no time to check my code for security bugs, I'm too busy inventing the next InstaSnapLinkedFaceGram+. Lets just make something to cover this up and make it the responsibility of the Dev/Ops team!"
Neither, the algorithm they built was able to detect 68% of the known-spam accounts and incorrectly identified 5% of the known-good accounts as spam.
The algorithm wasn't running for 4 months either, the data they were using was on accounts that have been active for 4 months without being flagged but were determined to be spam accounts.
Re: Probably the most expensive 60g anyone will ever buy..
Or HP toner
At one point that stuff ended up costing more than pure, uncut cocaine.
Re: Politics v engineering
That's a side panel, not a solar panel. Also, every space-faring nation/organization puts their flag on the side.
Patched in the future even if the exploit isn't used
Yeah, like that happens...
Re: More not being evil coming up
I think its more like that guy in his late 30's buying a $500 hat to show that he "is still hip with the kids" and not some kind of corporate sell-out.
Re: Stupid American Patents.
A bit of irony considering that the creator came from Apple...
Re: No one said
No one said it because they were afraid of breaking such an ancient relic.
The real news
is that Zynga is still operating...
Re: Data retention...
"pics are from under 18s sending nudeys"
Something tells me that that is likely the reason they didn't take the $4 Billion dollars; someone was afraid their endless stream of porn would be found and they'd get thrown in prison.
Predictable but has a wide margin of error. That figures given for the life of a nuclear plant is the length of time they can guarantee a certain level of power output.
The rover also has a couple solar panels to power its control circuitry and some of its basic equipment, so it could theoretically keep going indefinitely reporting back the weather, levels of radiation and pictures or whatever else they have the power budget for.
Re: > if they can't guarantee that ephemeral really is ephemeral
First law of data on the internet:
If you want something on the internet, it'll disappear the second you look away;
however if you never wanted to get out onto the internet, it'll be there well past the heat-death of the universe.
Re: useful stuff
They've already proven to be blindingly trustful of people on the internet, just claim to be a new internet payment company that deletes their banking details 6 seconds after the transaction and you can start extracting obscene amounts of cash from them.
I know that most of the users are teenagers living at home, but the same kind of parent that gives their kids a smartphone is also the same kind of idiot that gives them a credit card.
Re: Is Julian Assange
Probably not for much longer. If his party keeps doing stupid stuff like this, I'd imagine that the Ecuadorians would throw him out to void looking like they agree with the bat-shit insanity of the guy's party.
Re: @Repeat (pete 2) The law is not the answer
If the government gets overthrown, I don't think privacy is what I'd be worrying about, besides the intelligences services already have all that information anyway and its not like that will change any time soon. My system doesn't rely on perfect trust, just that you'd only need to trust one person rather than the plethora we do now, and the system I propose would give the people we already trust with our data less of it.
And yes, there are problems with encryption, but I:d rather have it stay encrypted for most of the data's life than not all; I don;t want to wake up one day to find that some jobsworth has left an unencrypted drive full of my information on the bus.
- Updated Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
- Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
- Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Android engineer: We DIDN'T copy Apple OR follow Samsung's orders