541 posts • joined 6 Jul 2009
>NetBank does not (and did not) use OpenSS
But I think that CommBiz (which is different to Netbank) goes to https://www.my.commbiz.commbank.com.au/.
And Qualys was reporting that the Commonwealth bank had a susceptibility -- now fixed.
Re: Commonwealth bank down today!
Still stonewalling on what the problem was. Which makes it likely that whatever it was, it was an act of stupidity that caused the outage.
Commonwealth bank down today!
Massive failure of their EFTPOS system today. Maybe unrelated. An outside chance that they stuffed up changing their key certificates (as some other people have already stuffed up)-- I'm watching with interest.
Assuming you believe him
>NetBank does not (and did not) use OpenSSL
No indication that he has anything more than a vague idea what is going on, as indicated by his repeated use of the word 'patched', in conjunction with his claim 'never used'.
Since he doesn't seem to know what he is talking about, that could possibly include "we never used the vulnerable versions of OpenSSL"
I'm not a member of LinkedIn. Does it show what his first degree was?
Re: The problem is testing, not coding
>Commercial vendors can afford high quality software testing tools. Open source developers usually don't have these resources,
Coverity "testing solutions are built on award-winning static analysis technology" was doing free testing for security-related O/S projects. I would have thought OpenSSL qualifies.
Re: WTF generic security software FAIL
C' mmon Vic...
I asked a question. I got a reply "Windows security is better". You replied to the reply with: "Same to you, with knobs on it"
So, I've followed the thread down, do you have anything to contribute?
Re: WTF generic security software FAIL
Downvote, because you made that assertion without even attempting to demonstrate that you had any kind of knowledge about the question I asked. I don't like to downvote you, but I'd like to encourage you to do better. If you know anything about Linux security, what can you tell us?
WTF generic security software FAIL
>silently siphon passwords, crypto-keys, and other sensitive information from vulnerable systems.
>We rebooted the server at 3:08PST, which may have contributed to the key being available in memory, but we can’t be certain."
I'm not familiar with the OS or the applications, but isn't there a secure memory API like (on the Windows side) "SecureString" or "SecurePassword", "CryptProtectMemory", or "SecureZeroMemory"?
So that you don't leave passwords, crypto-keys and other sensitive information in memory for generic memory-recovery attacks to harvest?
A single ESXi host is really only any good...you need vCenter
I agree. But I seem to be surrounded by people that think having a free VMware hypervisor, or two free VMware hypervisors, is somehow a good thing.
Are we missing something?
>Everyone with even an ounce of technical knowledge or telco/ISP experience knows that full fibre replacement was the only way to build a network for the next 50 years
I have both, and I know that FTTN was sold to the Aus electorate as Business, Health, and Education. Which was BS from the very start. It was always going to be the replacement for FTA analog TV. And the pricing was BS as well.
A system that couldn't honestly be justified on Price or Content, and you're angry, dammed angry? You should be angry about being made a fool of in the first place.
Heartblead exposes a generic problem
Recovery of data from memory has been demonstrated many times by increasingly sophisticated malware. So the real question isn't "why wasn't this exploit detected by static analysis from Coverity?", but why on earth is Open Source/Linux/BSD software leaving vulnerable information in memory in the first place?
A link would be nice.
There, was that so difficult?
A link to a MS press release would be nice too, but evidentally MS likes to keep their press releases confidental to their trusted outlets.
Re: Too early for a Godwin?
IBM sold to the Nazis DURING WWII. They weren't 'on the American side', they were on both sides of that war. They didn't just let the German division work for the Germans: they oversited the German division, and sold required supplies to it.
How did they get away with it? Well, apart from the corruption of the American politcal process, after the war the American government hired German scientists and engineers and traitors like IBM, to help fight the emerging cold war.
compare apples to apples
The article compares the speed of their cloud service to a WAN.
Yes, WAN performance sucks compared to LAN performance.
And yes, if someone puts a backhoe through your internet connection, your WAN is down.
Re: Inspired by cp/m
>There may be many BASICs but there are only vague similarities between most of them.
>The "most portable programming language" for CP/M (and later MS-DOS) was COBOL,
>Tim Paterson worked
Time Paterson wes making machines running MS BASIC. And by the time BSD started (with Pascal), BASIC was already well entrenched in business.
You shouldn't make such simple mistakes. It will confuse readers who weren't actually there at the time.
Re: Only half?
> A quick look doesn't show IBMIO.sys OR EQUIVILANT
-- yous3 the hole sentance.
>IBMBIO.COM is only found in PC-DOS for the 1.x and 2.x versions. Other OEMs would have their own specific IO system.
Other OEM's would have used their own specific IO system to make DOS compatible machines, running 2.11, which was the DOS compatible version. OEM's making clones would have included IO.SYS and MSDOS.SYS
>MS-DOS 2.x did, but just one, of up to 10MB
MS-DOS 2 supported installable block drivers. IBM insisted on it: it was one of the major differences between DOS 2.1 and DOS 1.1 A single line of text in your config.sys loaded the block driver. Not only that, the interface was fully documented in the manual that came with every copy of DOS 2.1. Not only that, the line editor and compiler came with every copy of DOS 2.1
The reason you didn't have disk bigger than 10MB is because you couldn't afford one. Every manufacturer who made hard disks also had a hard disk for the IBM PC. My Dad had a 40MB HD at home, and my work had a couple of 40MB HD as well.
You had to boot of the first 10MB partition, or, in older systems, off a floppy disk. The time of hidden, hacked and partly incompatible device drivers that left you unbootable if they were damaged came later.
Please do your homework on what Windows 1 was ... it was a GUI for DOS and not a file manager. I got a copy because it came as the run-time environment for a desk-top publishing program. Where did you get your copy?
Inspired by cp/m
>why did the QDOS/86-DOS/MS-DOS call to print a string terminate with a '$' character
The $ is pronounced "string", and was a familiar idiom from what was, at the time, the most portable programming language available. Tim had previously worked in this area: the only software available for the hardware he built was a stand-alone (customized) version of that programming language.
A quick look doesn't show IBMIO.sys or any equivilant. Looks like this is the command processor and the eternal commands, not the whole Operating System?
Re: What was 2.0 really known for?
It was known for being followed by 2.1 and 2.11
20 years later, and they are still afraid / too cheap / too foolish to release the code for any version that was actually popular.
I admit I can see that if they released the code for DOS 3.0 or Windows 3.11, people might actually use it for something useful, but do they actually think that would compete where they are selling Win7 and Win8? Would lead to loss of revenue in any possible world?
Thank you for the historical code samples. But the dog-in-the-manger mine-all-mine attitude makes you look cheap and nasty.
Re: Read the book before you write an ariticle about it.
>instead now he looks like an idiot
Well, to be fair, he always looks like an idiot. And he's used this as an excuse to drag in his favorite 'black beast' again: "a financial transactions tax to make it unprofitable".
Tim: Spread is not inherently bad, it is bad because it is an indication of some second-order badness. When the second-order effects are good, spread is an indication of goodness.
Re: XP will only be insecure if connected
>Windows 98 laptop ... They don't connect to the web so its not really an issue.
It's not an issue even if you do connect to the web. Modern virus, worm, rootkit etc can't run on Win 98, and the internet is mostly unusable in IE5. Even USB is not a problem: we never did get USB to work properly on our Win98 machines, and if you did, now-standard software rules rule out usb problems anyway.
Re: Metric is easy to do calculations in.
If it's so easy to do calculations, why is the length of a car specified in mm for manufacturing? Because ordinary workers can't do conversions from mm to cm to m to km.
Stupid metric/imperial measurement failures that you read about are the result of errors in conversion between metric and imperial measures, which points to the only actual real advantage of a single common measurement system: it makes trade and manufacturing easier, cheaper, and less error prone. For this reason, both France and the UK had to give up thousands of traditional measure, to create imperial measurement systems.
Then the French and the English had to further agree to consolidate to only ONE common measurement system. As you no doubt know, the English agreed to use the French mesurement system and the French agreed to use the English navigation system.
Removal of conversions BETWEEN multiple national, local, and trade measurments has been a benefit. Don't confuse that with thinking that "decimal point" conversions WITHIN the metric system are easy. On an absolute scale, conversions within the metric system are approximately just as difficult and error prone as converson between systems.
If I remember correctly, DirectX was already close to the bare metal on XP. That's why it was called 'direct'. This would be the Win8 hack to make the API competitive on Win8, where DirectX would otherwise be an extra layer on top of MF.
It makes sense to me
Yes, mounting large capacitors is always difficult. Mounting a large capacitor using the mechanical battery mounts is a great idea, if that's what you want the capacitance for.
But I don't think they are trying to sell the idea to Apple. This is for people who need to trade off the cost of an expesive design against the cost of an expensive battery.
>lessening its focus on addressing black spots.
I think it's also fair to point out that fibre-fanaticism also lessened focus on addressing black spots.
The entire black-spot rectification program was put on indefinite hold to await the implementation of FTTP. Which then, because of the lack of proper basis for the political promises, has never come near to reaching the politically-promised timetable of black-spot rectification.
>Those faster communications, for example, could enable
>virtual classrooms which mean we could telepresence
>highly qualified teachers into multiple classrooms.
Exactly the same argument was made for Telephones, Cinema, Radio, and TV.
Obviously, clients and suppliers ASKED for the telepresence of highly qualified teachers in multiple classrooms with each new technology, and in a few specialised cases it was actually usefull. But overall, it's an idea that has been tried and rejected many times.
Fibre is set to combine the benefits of both Telephone and Television, but that means entertainment, and (mostly) entertainment.
On the other hand, I wouldn't be surprised if it puts some pressure on existing entertainment channels --- oh wait, that's what I told you 10 years ago, and .... told you so.
Password displayed in plain text?
It's not clear how that was scored... It used to be thought that it was important to hide the pasword. 5 or 10 years ago, it was suggested (and I agreed) that the user should be able to see the password entered, unless "hide" was deliberately selected.
On the other hand, it's clear that some banks demand a short alpha-numeric password just so that they can email your password back to you, using a 7-bit compatible mail message, to make sure you know it (which they wouldn't have to do if they displayed the text at entry). I
"Cybercrooks are running distributed denial of service attacks as a smokescreen to distract bank security staff while they plunder online banking systems"
"mystery DDoSers tried to take down Bitcoin exchange with 100Gbps crapflood"
"Concerns that high-volume DDoS attacks of the type that interrupted the operations of US banks last year might easily be deployed against Britain banks to similar effect have fortunately proved groundless"
Re: Rumors that Mt Gox was doing a bit of fractional reserve banking on the side...
>Or just the safe being emptier than it should be in the first place:
>loaning out the money one should keep in the vault so that dosh
>can be made for oneself
That's called "fractional reserver banking". That's what the words mean.
"escalation of copyright infringement to a criminal offence"
Last time I was interested, which was ~20 years ago, copyright infringement was already a criminal offense in AUS. (Not the case 40 years ago). The quid-pro-quo in that legislation was that it also became a criminal offense to falsely accuse someone of copyright infringment.
As one who was once falsely accused of copyright infringment, I must admit it would gladden my heart to see the police get stuck into a copyright troll.
Re: THIS again?
A lot of other people have worked on it since then. And they are selling a lot of boxes now.
"What Hard Drive Should I Buy?"
Dan Olds, Gabriel Consulting, didn't like the headline, so he's told us how clever he really is: he can actually read the posting as well as reading the headline.
Well, I read the posting too, and all the clever points Dan Olds makes are pretty obvious to anyone with reasonable reading comprehension skills. Which makes Dan Olds look not very clever at all.
Not anonymous, because I figure he put his name to it, so I can't do any less.
When were the 2011 riots? Between 6 and 11 August 2011. Following the hot spell with a max of 30 on August 3rd.
Link to August 2013 document actually links to an August 2012 document. The "new curriculum document" links to a February 2013 document.
Either an old article has been mistakenly taken off the spike, or the old references have been mistakenly copied from an old source.
based on both open source and off-the-shelf commercial components
So, exactly the same as the original then? A slight upgrade of the original?
No meaningful imformation provided. Not even a reference to the press release.
Re: >sit too far from their screens to benefit from HD
Sometimes I would like to be able to read the credits on the screen. Particularly the music credits. I don't know if the problem is the frame rate, or the resolution, but I look forward to the day when I can read text on screen, as we used to when watching film movies on analog TV.
Re: The inside story
In English, Mein Kampf is a boring book. Actually, it's a typical example of a kind of German literature, and demonstrates why we read very little German literature: in translation it is very boring.
Just as the Russian Greats are recognisably Russian, even in translation, German literature is recognisably German in translation, even bad German literature. It's booooooring. boring. Booooring.
Re: Even Worse. (Nah-)
... that would be a comment from a painfully self-conscious pseudo-intellectuals who DOESN'T want to be caught reading a copy.
"amounts of diamonds"
huge amount of diamond
huge numbers of diamonds
huge quantity of diamonds
"and so been far less of a burden on society"
Come round the hospital any Friday night and try to say that without blushing.
>Total nuclear power in the USA is 8.4% of electricity generation,
-- in some years, up to 10%
>every one would have had to be running on fuel from this source
For the last 20 years, mine production of uranium has been approximately half the amount used. Half of the total uranium used has been from pre-1990 stockpiles. In other words, old weapons uranium.
Re: Talking about leaky house drop cables ...
That's the way it should be! I used to listen to the TV on the radio, until the d'd FM radio stations came in and swamped all the TV audio signal.
Do you mean Family-name? Or are you giving us the personal-name, which is the sur-name in most Chinese names?
Given that list-of-names is one of the most popular database / list / document / program tasks, this kind of question comes up all the time in programming, and I expected a little more clarity here on The Register -- Biting the hand that feeds IT.
Although I understand that the article was tagged Policy / Law.
Do you by any chance travel to work by horse-drawn barge?
Edit & Continue? C# continues to try to catch up with interpreted BASIC.
"...a proper app launcher... All the keyboard shortcuts – which everyone..."
x-windows was never a superior interface. Not a bad first shot. Good enough for people who learned that interface first. But not 'better'.
>"textbooks on this... written as far back as the late '60s"
exactly. Textbooks written in the 60s.
At the same time that the world is moving to iOS and Android, MS is overrun with people who studied C++ and *nix at school, and they've imposed their command line & x-windows design criteria on what was previously a successful main-stream business.
Re: This might be a lifeline, but nothing more
>Thus removing any motivation for these developers to try and write native QNX apps
dunno. Blackbetty has native support for QT: Android doesn't. It convinces us.
Re: "If it uses QNX rather than Linux"
>Linux originally ran on 80386 machines, which were considerably less powerful than
>even the most modest ARM phone.
QNX originally ran on 8088 machines, which were considerably less powerful than even the most modest 80386 machines.
the 1996 movie
I'm sorry, but it was better than anything that came after it.
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs