Re: All of us are in the wrong business
While the US military sold the HAV for $300k, they kept the wall that the $100 million was pissed up against...
530 posts • joined 1 Oct 2009
While the US military sold the HAV for $300k, they kept the wall that the $100 million was pissed up against...
For Google and AWS, these outages are always interesting - it results in downtime/reduced availability, but in my experience in IT, downtime or unavailability of components aren't uncommon when trying to run 24x7.
The interesting thing is how you keep the larger system in a functioning state, capture enough information to identify the root cause AND get it back to a functional state within a few hours. Sure, it turned out to be human error (software updates combined with large scale moves) but they had considered capacity during this work, and the thing that affected service was the retries rather than expected load.
Yes, you would need to have a proxy configured to trigger the CONNECT's rather than sending the requests directly to a web server.
If the attacker is on the same subnet as you and you are using Windows, they might be able to automatically configure proxy settings via WPAD using NetBIOS name resolution, but there are steps that can be taken to mitigate that (disable proxy auto detection, disable NetBIOS over TCP/IP).
Are there any last mile providers other than Openreach providing less than 10Mbps downstream? My experience with Virgin or other alternative last mile providers is that they provide at least 10Mbps and usually more.
If the UK is serious about improving residential/SMB Internet access, more investment is needed rather than pretend obligations from ISPs when the majority of them use a common last mile provider - the investment via BT Openreach doesn't appear to have produced great results compared to other countries efforts over similar time frames.
If it did save a few hundred million, then it looks like a wise choice.
They could operate these for 20+ years before the cost of a better system would make the upgrade would be worthwhile.
I'm not suggesting this was fully understood or considered by those making the purchasing decisions...
And everything was going so well for the spokes droid, until the sticky notes they used to identify their ass and their elbow fell off and they started talking out their elbow....
Or maybe FB's ad pimping isn't as successful as it hoped?
P&G are "scaling back Facebook advertising" as the targeting provided by Facebook didn't provide the expected increase in effectiveness (link to provide full details of claim, you don't have to click it...)
Somewhere in a nameless government office:
Idiot 1: What happened Dazza?
Idiot 2: Not sure Trev
Idiot 1: Can we just say it was some scary security bogeyman? No one would question that would they?
Idiot 2: Good plan Dazza, lets google security issues
Idiot 1: * googles * DDoS sounds scary Trev
Idiot 2: Sure does Dazza, let's go with that
Re:What made Britain into Great Britain was subduing the Welsh and Scots. Possibly temporarily.
Maybe we just need an attempt at independence, so that we can legitimately conquer one of them to set an example as well as ending centuries of poor relations?
I thought they were almost 100% effective where the IED's contained golf balls for shrapnel?
Once the baddies stopped using golf balls as shrapnel in IED's due to the cost increases in the second hand golf ball market as well as unresolved questions about where newer ball designs really did improve distance and accuracy, the detectors were useless.
From my reading of the BOFH - sort of.
People tend to be quite good at absorbing the first bump, but become a little spongy after that...
Wasn't pulling the ladder required to retrieve the ladder sans-Printer Rep?
If you threw away your ladder everytime you disposed of a product rep, you would end up needing a ladder rep...
It should be "shoe in" if detecting rust in a Fiat that you're considering purchasing
I really like the jacket you have in your picture - where can I get one?
What? AWS and Azure have been doing cloud VMs for up to 10 years - they may not fit every business model but considering the revenue they make they fit a lot of businesses.
Softlayers problem is that they're offering less mature services than their competitors with features that are 2-3 years behind. Still, it's IBM, so you can be pay a lot for the privilege of using a second tier provider while still providing a sloth-like business model.
Re: And not a single tear will be shed.
I sometimes cry when I laugh REALLY hard...
I'm not sure there will be a rush of companies looking for Reg commentards to make jokes about their expensive rebranding exercise.
You didn't realise what Nintendo had been training people for?
Gartner have been reaching into the magic butt and pulling out the contents again. Think they are a little optimistic within 5 years although they will probably be correct within 10 years.
Projections for the global PC market by 2020 put it at around 290 million with a breakdown of around 170m laptops and 120m desktops. I'd expect close to 100% of laptops to have SSD's by 2020 (currently ~33% and prices for laptop SSD's/HDD's are nearing parity so no real reason for not moving to HDD's other than high end capacity).
On the desktop side, will they reach around 20% selling with SSD's? Assuming the desktop market has drifted even further to value systems (i.e. around 47% value, 47% mainstream and 6% performance in 2012), they would need around 100% of performance desktops and 25% of mainstream PC's to include and a likely bump in price. Sounds a little optimistic.
TL;DR: Gartner produces report showing next PC boom for hardware manufacturers ~10 years after PC hardware booms ended
To everyone saying You just have to live with sleep and hibernation problems, go and try an Apple MacBook.
It just works - rushing somewhere? Close the lid and go. Boss asks you to show her something? Open the lid and show her. Don't have a power brick? Close the lid and resume later once you have power.
In around 3 years of using MacBooks I can only recall one time the MacBook hasn't resumed successfully.
THAT is what end users expect from a laptop because they can already get it from Apple - if Surfaces go on doing this, MS will lose Surface customers to Apple.
Or... It's a last gasp at free publicity before MySpace finally disappears...
From the AWS website, AWS appears to have two Sydney data centres and a Cloudfront/AWS direct connect location at Equinix in Sydney.
Are the two AWS data centres actually third party facilities?
c) The CIA promotes person X to position Y. The CIA tells person X that there is a single copy of file Z. Person X witnesses file Z being deleted. Person X is then asked to testify that the only file has been deleted. No lies and everyone is happy....
The main purpose is extracting money from end users.
There might be an accidental side effect of providing some security primarily by making your computer so slow that you stop using it.
The chances of Symantec being used by intelligence agencies to gather information when the software turns your machine into an unusable piece of crap which severely limits intelligence gathering.
I thought the issue with the house of Lords was the continued growth (i.e. 400 available seats in the house vs 807 members), the ease at abusing the expenses and introducing a term length with the possibility of re-election following that term rather than wanting to make the whole House elected.
If only they would die off faster....
And without management features, ports won't be shutdown and 802.1x won't be used to authenticate connections and it will complicate finding a WLAN AP or remotely accessible computer planted somewhere out of the way...
"The marketers lost any moral argument..."
You really found marketers with morals?
Are you sure the blackout was part of the celebration? Based on past experience, I would have thought the 15 minutes of working Internet was the celebration...
The great thing about temporary offices is that you just get the cheapest, dirtiest Internet that can be delivered quickly. And then wonder why you have no Internet for ~30% of the working week along with the rest of TWC's Mahatten customer base. OK - maybe 30% is an exaggeration and it's only 27%-28%...
I realise it is at a slight tangent to the original article, but it relates to the question of who ends up providing the content and reaping the rewards.
In particular - the "battle" between YouTube and Facebook.
I didn't know this existed until I saw a video about the issue on Reddit, but I don't know the real impact.
Trump 2016: Making Republicans unelectable again
Trump trails Clinton by around 6% in polls and trails significantly in the electoral college system by around 250 vs 170 based on expected voting patterns with projections showing 300+ for Clinton.
Typical ARM pricing is around US$5-$15/SoC per 1000
Typical Atom pricing was around $25-30/SoC per 1000 (possibly even lower with rebates/subsidies to get their chips into products)
Typical x86 pricing is US50-$2000/CPU per 1000
These are rumoured prices manufacturers were paying versus RRP. Price isn't everything, but you have to have sufficient yields and sales to cover your R&D/manufacturing/sales/C-level bonuses/dividends.
ARM has the advantage of being cheaper and easier to make, but Atoms weren't where the money was for Intel. There might have been a window where Atom could have been brilliant and ARM failed to increase performance that gave Intel the opportunity to compete in mobile devices, but it didn't happen.
As ARM move forward, they will need to increase their complexity to incorporate a longer pipeline and cache which will drive an increase in SoC size and therefore cost per unit. ARM manufacturers can put pressure on Intel and Intel's margins will continue to fall, but Atom being dropped isn't the death of Intel and they still have a 2+ year lead in process technology.
At the risk of insulting them, Intel may not have the best technical CPUs on the planet, but they have been the best CPU manufacturer (sometimes at the cost of performance/technical excellence to allow higher yields) for decades.
Assuming you are running patches for existing vulnerabilities already, you should already be patched for one of the two high severity issues (CVE-2016-2108).
For the second high severity issue (CVE-2016-2107), you need to be running AES (you should be...) using crypto offload. On the plus side, it is likely to only effect newer installs that can be patched reasonably easily, on the bad side it was introduced by a previous patch (although it was in 2013 prior to the Heartbleed.... In addition, the vulnerability allows the decryption of data rather than a remote compromise - bad for you so patch it, but that abandoned website isn't going to become an easy target for script kiddies..
For the low severity vulnerabilities, existing mitigation steps around getting rid of older protocols should have you covered.
Patch as quickly as possible but this isn't too scary on the OpenSSL 1 to 12 scale...
As others have said, Heartbleed set the expectation that there would be a lot of changes to address SSL/TLS security in the coming years as some of the code found indicated very poor practices.
Completely getting rid of SSLv2 and historical export defaults, slowly killing off SSLv3 while combing through TLS to make sure it was fit for purpose takes time, as does cleaning out issues within the trusted Certificate Authority model, getting people to upgrade their certificates to current standards to address encryption/hash protocols that were approaching the end of their working lives.
However, if it is another DROWN-type vulnerability where disabling SSLv2/v3 is a workaround, I'll sleep easier...
Assuming Trump goes on to win the presidency, at least the US will be able to look back and say "at least it won't be as bad as if Carly was involved"
Or is she planning on outsourcing the US electorate to ensure Cruz wins the nomination?
I think it is too early to judge the illegal behavior element as it will take time to sort out:
- entities that are using the service for legal and morally justifiable reasons
- entities that are using the service for legal but morally unjustifiable reasons
- entities that are using the service for illegal reasons now (i.e. Austrlain citizens (around 900) would appear to fall into this category due to their tax laws - potentially US citizens as well, but not aware of any so far as they are more likely to have used legal US tax havens)
- entities that are using the service for illegal reasons in the future... i.e. the actions of some politicians or their friends and families that are "allowed" now, but a future regime may have a different view.
"Putting jobs...at risk"
Isn't that the motto of IBM's offshoring business?
"He's from Barcelona^H^H^HTijuana..."
If only they asked more security questions than could easily kit under a standard size keyboard...
United, are your security people listening?
From what I can tell, it compromises Windows when a user installs an application that they downloaded from the Internet. I assume that traditional methods of containing this type of threat will continue to be as effective as they have been in the past I.e. Restricting admin rights, up-to-date AV software, user education
As for the Python element? I can't recall a scripting language (compiled or otherwise) ever being used to install software...
Re: So your saying they should have a dedicated web developer, a sys admin, a network engineer and a security expert (minimum)?
Depends - as long as they can kick a ball they can be part of the team...
From the conclusion:
"as time progresses and feedback is collected, the detection rate shows an increasing trend, improving by 3.41× with respect to a state-of-the-art unsupervised anomaly detector, and reducing
false positives by more than 5×."
I believe this is after 28 days of operation.
As for usefulness - it sounds like a useful improvement, assuming the sample data is representative of "typical" traffic hitting a variety of common web servers, for a V1 product but its not going to fundamentally alter the security landscape.
...the Mail Group might fail because of this?
Let me guess, this is one of those Daily Mail articles where they tell you the good news about X on Monday and but by Friday, X has morphed into a global catastrophe?
Maybe not democracy but definitely British bureaucracy...
I suspect they will go with the "democratic" option of what the 65m+ people who didn't vote would have wanted to choose.
In defence of Wordpress, it is relatively easy to isolate and provides a way for non-technical people to spout their words of wisdom - if it was sitting in an environment where a compromise allowed access to key business data, then Wordpress is probably the least of the security mistakes in this story.
A CMS on the other hand, would allow you to get both the documents and the structure and given the timeframes of about 1 year to collect the information requiring less than 1Mbps to retrieve all of the data.
But surely given the nature of the information you are handling, sensible security precautions around authentication, application firewalling and IDS/IPS/monitoring systems would be in-place to avoid the destruction of the business...
Ha! Yeah right...
That's a little harsh.
I would propose executing legal teams ( all sides...) in patent disputes once a set period had expired without resolution of the issue.
I would say it was to speed up the process, but I know the lawyers won't be able to turn down the additional profits from one set of legal teams being eliminated and the process restarting...
Many of Cisco's GUI's suffer from being terrible or running on underpowered hardware for some of the tasks the GUI is trying to do (looks at standalone AP's and switches in particular...).
While IBM makes money, the revenue decline has been happening for quite some time (~10 years) and IBM have used every trick in the book to slow the decline and post "healthy" numbers.
At some point, losing money on outsourcing deals won't be able to be hidden behind tax efficiencies and redundancies and the mountain of cash that they have been using for share buy backs will dwindle.
It's not in HP territory yet, but it only takes one Autonomy....
Are you sure?
Without wanting to sound too much like a UK prime minister (most of them anyway...), I can't think of any of my problems that an indiscriminate airstrike wouldn't improve to some degree.
All this talk about faulty fire suppression equipment, but no body seems to be mentioning how there was NO fire damage to any of the equipment.
Where is the suppressed fire icon when you need it?
Well, IBM didn't buy Autonomy for almost double what it was worth....