597 posts • joined 6 Jul 2009
The linked article says that "a GUI-based OS is out of the question".
What are they providing as "the IoT version of Windows"? Is it a headless version? A winphone version? Win8?
Re: IPv6 like OSI is far more complex than necessary
I take the opposite point of view -- SIP is fucked, and it's inability to work with NAT is just one part of that. Out of all the fully -functional voice protocols that we had around, why did we wind up with SIP?
Actually, I know that answer to that: because it was easier for amateurs to make a broken open-source implementation of SIP, rather than implementing the existing ISO standard protocol, or any of the other protocols that actually worked.
.. we handled the very real issues posed by [Y2K] so well...
Or perhaps you handled them so badly.
Dedicating too much real resource to fix a problem is a fail, just as much as loosing resources because of unfixed problems is a fail.
I was doing consulting with a [very] large multinational company that was unable to pay their very large [national] bills for a month, because they had dedicated all of their IT effort to ensuring that there would be no Y2K problem, and then had only 6 months to prepare for a real, legislated, [national] accounting and tax change.
Proper IT management would be good. Y2K was not a good example of good management.
Ouch - bitten by the headline writter
1 point to you, Sir/Madam
Headline writer is lying liar ?
Ok, manages to equate "That's recorded in their records" to"billing data collection" instead of "operational data" , thus catching many more readers, as paid to do.
Is it lying to attribute that idea to Turnbul? Or just sloppyness?
"Claims to be an open standard"
That is an unjustified slur.
Standards are expensive to buy. I wouldn't pay E1000 for the set of standards either, I'd just download some of the Open Source KNX software, but that doesn't mean that I think E1000 is unusual for an Open Standard: it just means that I already know that any ISO/IEC set of standards is 95% self-referential administrative overhead, and 5% incomprehensible.
Re: WTF ????
Missed the link. My Error. Sorry. Would have written that differently if I had found the link. Would not have said "WTF" if I had found the link and read the link. Would have been calmer. My reaction was totally only based on reading the article.
Instead, would have pointed out that the new feature was the button helping you to update a supported third-party Active-X control.
Slowly, the article, total nonsense before, starts to come into focus. FF already has, and has had for a long time "a feature that prompts you to update supported third-party addins".
Prior to this release, IE could only throw lousy old Java into the abyss. Now, like competing products, it can notify you about upgrades.
But old versions of IE will still only be able to alert users when web pages try to launch ActiveX controls that are considered out-of-date and potentially insecure.
Enhanced third party support from MS is a newsworthy step. It will be interesting to see what the business analysts make of this announcement
>There will be some exceptions to IE's ActiveX blocking feature, though.... the feature is only coming to recent versions of Microsoft's operating system and browser >
ActiveX blocking is a feature of every version of IE that supports ActiveX
IE blocks blocked Active X controls. Has done so for what, decades? The list of blocked Active X controls is updated regularly. Repeatedly. All the time.
To restate: IE is "automatically blocking old, insecure add-ons", and has been since I was in short pants.
So WTF is actually going on ???
I could guess that the list of blocked ActiveX controls is now going to include old versions of Java, but that would be only guessing, since, like the rest of the echo chamber that is the internet, this article includes no checkable resources: the author has clearly repeated some other unsourced report, all of which are saying the same thing, none of which are giving references.
Re: What I don't get
> Can your database system then execute the binary data being referred to without having an external file somewhere on the filesystem? <
In the obvious sense, this is a description of what a "relational" database is, by definition. But I'm sure that by 'binary' you mean something like 'encrypted' or 'encoded'. And yes, since a releational database system can execute code stored in the database, it can execute code to un-encrypte and un-encode programs stored in the database, and then execute that code.
Some old simple non-relational database systems lacked that ability to do that. Turn-of-the-century database systems presented a malware-surface because of that ability. New, modern database systems are sand-boxed to prevent that from affecting your wider system.
It would be nonsensicle to suggest that a system-configuration database could be 'sandboxed' from the system it is meant to configure, so the solution must lie either in reducing the capability of your computer system (for example by using a limited flat-file database system) or in hardening the system to prevent re-configuration in undesired and hidden ways.
Re: Executables in the registry.
> A microsoft trick so you can not read the code.
MS is a big company, so all kinds of s-t comes out of there. But they have a private API for writing hidden and protected information to the registry, so if this 'trick' was used deliberately to hide information in the registry, it was done by some idiot acting independantly.
On the other hand, two cents says that some blogger found a limitation of regedit, and some comentard described it as a feature.
Re: This is silly.
>If regedit can't access these keys then that's probably just a limitation of regedit's GUI.
Yes, regedit only correctly displays keys that a user can edit correctly. And instead of crashing, or crashing and destroying the registry, or allowing you to write garbage to keys that aren't in the expected format, it does not show those keys -- though you can still read and write through the standard API.
There are actually 'hidden' keys as well. (And 'encrypted' keys.) Windows copy protection/registration data is stored in a section of the registry that users don't normally have access to. Example 'hidden' keys are HKEY_LOCAL_MACHINE\SECURITY and HKEY_LOCAL_MACHINE\SAM.
The security implications of having keys and values, or INI files, that an ordinary user can't find and examine are well known. The suggestion that any modern Linux distribution has transparent and meaningful configuration files that an ordinary user can examine and alter would be laughable if it wasn't so patently arrogant and dishonest.
Re: "a tool Microsoft uses to hide its source code from being copied"
I'm not sure I'm following you:
>UNIX has done that for 40 years.
Unix has had record locking for 40 years? The database primitives were only on the internal versions of Unix, not on the publicly released versions. Which is why open source used text files instead of databases.
>Use LDAP for one
Your LDAP store has a seperate file for every attribute?
>with the user settings able to move with the user between machines ... relatively trivial
NIS is an effective solution for trivial problems. And 20 years ago, it wasn't even that.
Re: "a tool Microsoft uses to hide its source code from being copied" @Def
>In DOT.NET they brought back an improved version of the INI file
Perhaps they might have brought it back, if it had ever gone away. MS continued to use INI files for applications where it made sense: the important thing that changed was that the Windows API that accessed INI files was captured and pointed at the registry.
For DSM 4.0, please install DSM 4.0-2259 or later
But not -2454, because 2454 has the same date and time as 2254, 2255, and 2255, and not 2257, because that is Earlier than 2255, not Later. No, you want 2262 or 2263, because those are Later than 2259, as well as being Greater than 2259, though Lesser than 2454.
Although ACTUALLY, for most hardware, the last version of DSM 4.0 was DSM4.0-2228
> http://ukdl.synology.com/download/DSM/4.0/ <
Re: Shock horror
When you don't like the message, attack the messenger.
Re: Captain Future's enemy had one of those.
>The last time I thought about it, it seemed evident to me that the force towards the "front" would exactly equal the force towards the "back".<
Then you will be surprised to hear about the technology called the "sail", by which ships are enabled to move "upwind", into the wind.
However, I understand that the suggestion here is that there is a mysterious quantum force. My analysis of quantum forces is that they are mysterious, and that my humble intuitions about the nature of Newtonian mechanics are of no help in predicting quantum effects.
Can you still buy memory cards/USB sticks on EBAY?
1) All flash devices have firmware.
2) Reprogramming the firmware of flash devices is a standard operation, and little old ladies in the market stalls of Shenzhen will do it for you. The most basic purpose is to implement algorithms dealing with bad flash cells. For years, the most common malware purpose was to lie about the size and provenance of the flash device.
3) 10 Years ago it was common for usb devices to include keyboard emulators to install software. There were a couple of efforts directed towards standardising the process, which eventually died as the industry moved away from the idea because of security concerns
This clever demonstration links the two well known ideas: flash controller.reprogramming, and usb device malware.
Re: @dkjd Medical doctor (GP) not a scientist?
I'm sure that most PhD's aren't trained Doctors. 'Doctor' is a very old fashioned courtesy title when used to address PhDs.
>workarounds are possible
> but those outlined in the post require rather a lot of working around.
At least one of the work-arounds is trivial: disable workstation "password" resets.
And I did that anyway when I was doing server upgrades. Disabling and re-enabling is a simple policy setting.
Routine machine password reset is more a kind of enviromental sanitation setting than a present threat mitigation. The machine password is not, of course, a "password", it is totally user-invisible, disabling changes makes your network more robust, and the risk/danger is very very very low on my list of possible risks/dangers to my network.
Re: Headline wrong?
Of course the headlines wrong. That's the whole point isn't it?
>It may have cost some others something though, as is mentioned in the story.
Or, it "may" have cost them nothing,
or they "may" have made an extra profit from the attention the stock is getting.
If the prosecution had any actual evidence, they wouldn't be resorting to weasel words like that.
non comparable statistics
One of the studies I read 20 years ago found that mobile phone use was comparable to drunk-driving: but ignored the fact that drunk drivers are drunk for the entire journey, mobile phone users are effectively 'drunk' only while making a call.
Another study derived usage figures by observations in [a location that higher than normal mobile phone users] at a time of day that had [higher than than normal mobile phone usage].
I think that both those studies gave false figures for the total expected benefit of banning phone use while driving, But they also implied a false figure for how much pain the enforcement would cause.
If the number of accidents caused by mobile phone users is small only because sensible people don't use their phone much while driving, then this relatively harmless law is doing good while not causing much inconvenience to many people.
Re: "Freedom" of Information...
Freedom From Information laws.
My first contact with FFI laws was many years ago, when I was trying to sort out an error in my file with a goverment department, back in the days of physical files. It eventually emerged that the reason I got different repeat requests for information every time I went in, was that they had TWO physical files. Which would have been obvious if they had show me the information they had. But the actual statement was "We can't show you, because of the Freedom of Information laws"
Re: Without trust ...
>Florida ... when their electronic voting machines proved
I guess you're refering to Florida, when their manual-mechanical voting machines proved to be less than fair and correct.
Or perhaps you meant to refer to some little-known electronic voting machine in Florida, and the reference to "Al Gore" just crept in there because you got your dates, politics, and technology mixed up.
'secret sauce', 'trade secrets'
Not by any ordinary meaning of the terms. Not even 'secrets' by any ordinary meaning of the term: market trading is done in public, in a public market, with the public.
Writing as a person who created trade secrets, and the secret sauce, in the finance industry, I wondered if the miscreants had stolen trade secrets, or secret sauce, and if so, if they could possibly have made any money out of doing so, and if the victim could possibly have lost money from the theft.
Reading the article, I see that the answers are No, and No: if any trade secrets were stolen, it didn't cost the firm anything, and didn't gain the thieves anything.
The theft, the loss, the gain, came from front-running and the artificial delays. So a descriptive headline would have been something like:
Hackers steal millions from major us hedge firm
Hackers intercept trades from ..
Hackers delay trades from ...
Hackers re-route trades from ...
Hackers inside-trade inside ...
Re: Pound sign
Also called the Number Sign in ASCII, where it was put by the Americans, which is part of the reason why it is the alternate value for the English Pound position.
"‘‘The symbol # means the same as No., and it can be very useful"
("The I.S.O. character code,’’ The Computer Journal, vol. 7, no. 3, October, 1964)
In AUS, the subtitles on my TV show # (number) or £ (pound) to indicate music, depending on where the program was subtitled, indicating an odd translation difficulty somewhere.
@ symbol was used for pricing. As: 5 apples @ 5p
The typewriter, of course, was widely used for commercial correspondence, and, before the photocopier, even for copying out price sheets.
I've done this
-- for a couple of clients, who ran investment banks for their dealer network.
Operationally, not very difficult. My clients did not require banking licences or building society licence or anything: whatever the requirement is for a banking licence, they were able to do this without it. Perhaps banking licences are tied to lending money? Or accepting money from the public? Or depositing with the Reserve Bank?
My clients were just borrowing money from their dealer network, as a service to the dealers, as a kind of loyalty scheme. The money was just invested in the parent company.
The reporting requirements were not very rigorous, for a few hundred clients and a few million dollars.
Within the reach of a small coding team for those numbers, but the product I had would have scaled badly.
Extended Support Release
Now that they are copying the rapid version number increment, the other thing they should copy back from FF is the Extended Support Release -- so that I don't get stuck on websites that require this months version.
Re: NSW budget calls for lower GST threshold on imports
I've seen $700 estimate for the all-up cost of collection on $500 (assuming the threshold was lowered to $500). Very little of this is the "cost to the customs department" -- but it's the cost you would expect to pay.
Nobody is suggesting this as a tax-raising measure. The whole point is to make importation unattractive.
They calculated in y2K that from a tax view, $1000 was the sweet spot, and it's only moved up since then.
Virtual credit cards
>Virtual credit cards were payment systems designed to combat online fraud by utilising temporary card numbers.
1) Do virtual credit cards still exist? If not, how old is this article?
2) If virtual credit cards do exist, who offers the service?
In the old system, tanners and dry-cleaners collected from the public toilets and pissours. I can't see that working in the modern system, where it's first mixed with shit.
Even the least obvious markets are sometimes using mobile phone technology. According to this article: http://www.theregister.co.uk/2013/05/13/smart_meters/
"Existing smart meters are using the cellular networks, generally 2G"
Positions out in the middle of a field are even more likely to use mobile phone technology, since other technologies require more power and/or less security and/or a local network to connect to.
>households running multiple video streams at once
Two months ago I got 1 upvote and 5 downvotes for saying "It was always going to be the replacement for FTA analog TV.". 2 years ago I got censored from the Whirlpool forums for saying something similar.
Is it still unsafe to say that the NBN was the "circuses" part of "bread and circuses", or will the classical allusion be lost on ALP voters?
>Personally I prefer a reasonably honest approach,
So I take it that you will be boycotting Diffray and The Register for misleading you into thinking that MS was not patching security flaws on Win 7?
I really dispair sometimes: By your own admission, you are a Unix/Linux user. Clearly you don't understand the MS eco-system, and care less. You haven't bothered to read the comments correcting the misinterpretation you have adopted. But you feel qualified to comment about "M$" anyway...
Re: This article makes no sense
.>So wait, now there are some extra functions you can call in Win8 and not Win7?
It's more subtle than that. You can call these functions on Win8 or Win7 when the next MS C upgrade appears. Or you can write your own version and call it on Linux or OsX. The report is that software using these functions has already appeared on Win8, but not yet on Win7. Standard MS procedure will be that these versions of these functions will appear on supported platforms when software that uses them is re-written. If the purpose of rewritting the software is for a security patch, we expect to see these library functions appear in the Win7 library, as part of a security patch. If the purpose of re-writting the software is a Win8 bug fix or feature upgrade, we don't expect to see that on Win7.
ummm. But this has nothing to do with security patches. Or patches.
And the word "Safe" is used only as a convention for this class of C library functions: it's a bit of a misnomer really: unlike other languages, the "safety" still depends on.programmer programming checks on the length of strings, it just provides a structured way of doing so.
The main point is addressed in other posts, but just note that the objections are also arguably invalid. There already exist hardware devices for taking an excrypted stream, and decrypting only the output. The equivilant is obvious: an encrypted program that can be dissassembled only on decrypting hardware.
DRM hardware is only protected by legislation, but that's still good enough for one large industry.
>far-fetched that fixing this "mistake" will somehow take another six months, too -
Classic mistake, all too common by management.
Software is not the 'easy part' of a large company.
As demonstrated by the telephone companies that have gone bust because of problems with billing, and the turnpikes that have taken massive stock market write-downs because of problems with billing, and the general business companies that have changed management because of failed BI implementations.
It is easy to underestimate how complicated a simple software change is. It is never as simple as it appears.
Give yourself permission to throw things away
"Kind and resourceful people see potential value in every cracked and crazy thing. Throwing it out may be a waste, but if you can't find and use things in the mess, they are already lost to you. On top of that is buildings and space you cannot use, clarity and beauty lost, wasted.
Its already wasted. You are only gaining by letting it go.
[Cecilia Macaulay, "Lessons from a Japanese Farmhouse makeover"]
Re: Whoa there
>operating systems that do not have built-in support ... WinXP
WinXP has EFS, the Encrypting File System, except in the Home version.
Furthermore, Bitlocker requires TPM hardware, so even if you have the Enterprise Win7, you probably won't have Bitlocker on your home machine.
In terms of functionality, TrueCrypt fell somewhere between EFS and Bitlocker. It allowed you to have a single BLOB containing many things, but that BLOB could not contain your host operating system.
Philosophically, the argument for TrueCrypt was that, as a single blob, it concealed the existance of objects as well as encrypting them.
People who want to conceal their activities may want to look for a new method. People who just want to encrypt may continue to use the native features of WinXP.
insOlation is spelled with an O, as in sOlar.
I wondered what kind of insulation failure they might have had. Thermal insulation? Electrical Insulation? But on reading the article I see that the kind of problem they had was with Spelling Insolation.
Got my email notification today, May 27, which makes it 4 days after this article, 7 days after the announcement.
The email notification was cleverly written in idiomatic marketing speak, to make it look like it came from a third-world scammer.
In breaking news, the vulture gets done for soliciting and aiding a criminal offense...
Re: Copyrights protection for real code vs patents of trivial ideas - what is more evil?
>If that had been mentioned at the time do you think we would have learned Java?
Where were you? MS pulled versions of Win2K -- an operating system just like Android is -- and MS Office, because they had written their own varient implementation of Java -- just like Google has --, and Sun cracked the mads at them.
Re: W. T. F.
Copyright and Patents are BOTH the wrong standards for code. The only reason that code has been shoe-horned into patents or copyright is that both are covered by international treaties.
If people had set out from the start to create a sensible set of logical and consistant laws for code IP protection, they would also have had to set out on a process that took more than a century the first time around: creation of an international IP regime like copyright or patents.
Re: So who gets the money?
>House of Lords used to be full of unelected fuddy duddies that (with a few exceptions) didn't do much
Was full of a bunch of unelected fuddy duddies that, by the miracle of social mobility, was gradually coming to represent average typical people.
Blairs triumph was to replace them with political appointees.
Scott Adams on ISDN
Technically it was a good idea....
"I studied the market for ISDN and calculated all it's costs. I found that it was a great technology with no immediate competition and it probably had a large market potential. The only thing that could limit it's sucess was complete incometence on the part of all phone companies, colossal stupidity by every ISDN hardware vendor, and complete idiocy on the part of the regulatory oversight commities.
It was obvious ISDN was doomed."
From when he was an PacBell ISDN employee.
Only URLs I have problems with are those monsters generated by google when you click on a link.
And then when your google connection drops out, you have to delete a mountain of gibberish to find the URL it is supposed to be indirectly pointing to, to find where you actually want to go.
--should be recorded as a drug-related crime. Odd that the article mentions he was drunk and dope-affected, but you're just left to infer that he was in nicotine withdrawal.
Absolutely typical crime though. Knocks over a servo for whatever change is in the drawer AND CIGARETTES. In fact, how often do you hear of an attempted armed robbery on a service station where they did NOT also steal cigarettes? Not enough money to buy the cigarettes.
It used to be a war-crime to torture POW's by withdrawing cigarettes. Heard a guy bragging about having that removed from the war-crime list: I got the impression he thought it was ok to torture smokers by removing cigarettes.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Microsoft refuses to confirm 'Windows 9' unzip lip slip
- Netflix swallows yet another bitter pill, inks peering deal with TWC
- Barnes & Noble: Swallow a Samsung Nook tablet, please ... pretty please