Re: 120 years away?
Re: Nah. The world only needs 3 IP addresses: one for Google, one for Facebook, and one to NAT the rest of the planet behind.
543 posts • joined 1 Oct 2009
Re: Nah. The world only needs 3 IP addresses: one for Google, one for Facebook, and one to NAT the rest of the planet behind.
Re: I suspect that Vimeo have forgone security in order to make it easier to get more signups. More accounts = more ad revenue after all.
More signups == more users == more VC money. Ad revenue and other "traditional" revenue streams tend not to feature in these plans...
Reference: just about any public Internet service
...that the proposed Uranium over Ethernet standard was going to cause problems in the future....
So they'll need to remove the "so easy a child can use it" statement?
OK - I'm confused.
So do Americans (at least the variety in the US of A) vote for a president or which conspiracy will elect a president or some other option I've missed?
No one cares about what the application does as long as it's user growth rates are good.
Who needs revenue! It'll magically appear somewhere in the future. About the time they introduce advertising or micro-payments and the app suddenly becomes less popular....
You can call your bunch of ARM processors a supercomputer, but whether they can be used for much will be down to how well you can distribute tasks across them which will come down to I/O and memory bandwidth. I mean, what point is having 10,000 or more CPU's available to you if the first 100 or so have finished the tasks you have distributed to them before the last 5000 or so processors have received any work?
You can break the bunch of processors down into nodes, but you can do that with other processors too.
I suspect, the advantage of Fujitsu's ARM's won't so much be in the ARM core as the offload processors that accompany it which is why they can't use off-the-shelf products. Potentially what Fujitsu need is the next die shrink to get the performance they need from each SoC to make this project worthwhile...
Not sure the issue will be with the process side of things. Supposedly, Apple already has 10nm products from TSMC. We might even see them announced later today...
Note that TSMC may or may not be actual 10nm - their 16nm was 20nm with FinFET gains to approximate 16nm (http://www.tsmc.com/english/dedicatedFoundry/technology/16nm.htm). In which case it may be a 14nm SoC base process with FinFET giving equivalent performance to 10nm in comparison to the 14nm SoC base process.
Which leaves the issue being Fujitsu's chip design... And most likely the performance they can extract from it at present.
..there may need to be a change in tense from "works with" to "worked with" in:
By its own reckoning the business works with "8 of the top 10 UK insurers, 4 of the top 10 global insurers and over 40 per cent of UK Brokers.”
Softbank may take the view that ARM is just IP and the people are just a cost centre, but they will discover their mistake in a few years.
ARM's current advantage is that they provide a cost effective and flexible design with very active development and some history.
If these change (particularly cost), there are competitors (MIPS as the most likely option, but Intel could conceivably compete if they can learn to live with wafer thing margins and POWER could work). It might take 4-5 years and the UK is unlikely to benefit in the way they do from ARM, but no IT company is guaranteed to succeed in the future.
As this exploit is restricted to Cisco ASA's (possibly PIXes, but as they are end of life I'll conveniently ignore them...), SNMP is enabled by default but no communities/hosts are defined to allow monitoring without further configuration.
As far as best practice, I would assume:
- monitor via a secure path (VPN or secure WAN to the inside interface)
- use standard company-/location-specific SNMP strings that do no include public/private/secret
- use separate communities for RO/RW access and only use RO-communities for monitoring to make capturing RW communities harder
- ensure both SNMP settings/ACL's restrict SNMP access to trusted hosts/networks
None of these practices makes monitoring a firewall difficult for a known authorised party (i.e. if you are doing it internally or via a third party). The biggest challenge for remote monitoring of a firewall on a Internet connection with a dynamic IP and technologies like Easy VPN address that requirement with minimal effort for competent operators.
Based on these recommendations, any ASA's discovered via the Internet with publicly accessible SNMP access are very poorly configured...
I think MS's answer actually translates to "we won't release updated install media to support newer hardware on "legacy" Windows OS's".
As usual, there will be a little bit of noise followed by someone releasing a tool to create bootable media to get around this.
MS will replace the PR person with a new one with less bullet holes in their feet and a bigger gun...
The US broadband monopoly is caused by counties/states handing monopolies to the telcos - no one then has any interest in intervening to fix the problems.
While Googles fibre projects were interesting, the costs were significant - the estimate of US$1b/city and low take up rates outside of richer neighbourhoods suggested it was never going to make rapid in-roads into the US telecoms market, but I thought they may give it more time.
For the 90% funding cut, i guess that puts expansion on hold until current subscriber numbers increase to meet current costs.
While the US military sold the HAV for $300k, they kept the wall that the $100 million was pissed up against...
For Google and AWS, these outages are always interesting - it results in downtime/reduced availability, but in my experience in IT, downtime or unavailability of components aren't uncommon when trying to run 24x7.
The interesting thing is how you keep the larger system in a functioning state, capture enough information to identify the root cause AND get it back to a functional state within a few hours. Sure, it turned out to be human error (software updates combined with large scale moves) but they had considered capacity during this work, and the thing that affected service was the retries rather than expected load.
Yes, you would need to have a proxy configured to trigger the CONNECT's rather than sending the requests directly to a web server.
If the attacker is on the same subnet as you and you are using Windows, they might be able to automatically configure proxy settings via WPAD using NetBIOS name resolution, but there are steps that can be taken to mitigate that (disable proxy auto detection, disable NetBIOS over TCP/IP).
Are there any last mile providers other than Openreach providing less than 10Mbps downstream? My experience with Virgin or other alternative last mile providers is that they provide at least 10Mbps and usually more.
If the UK is serious about improving residential/SMB Internet access, more investment is needed rather than pretend obligations from ISPs when the majority of them use a common last mile provider - the investment via BT Openreach doesn't appear to have produced great results compared to other countries efforts over similar time frames.
If it did save a few hundred million, then it looks like a wise choice.
They could operate these for 20+ years before the cost of a better system would make the upgrade would be worthwhile.
I'm not suggesting this was fully understood or considered by those making the purchasing decisions...
And everything was going so well for the spokes droid, until the sticky notes they used to identify their ass and their elbow fell off and they started talking out their elbow....
Or maybe FB's ad pimping isn't as successful as it hoped?
P&G are "scaling back Facebook advertising" as the targeting provided by Facebook didn't provide the expected increase in effectiveness (link to provide full details of claim, you don't have to click it...)
Somewhere in a nameless government office:
Idiot 1: What happened Dazza?
Idiot 2: Not sure Trev
Idiot 1: Can we just say it was some scary security bogeyman? No one would question that would they?
Idiot 2: Good plan Dazza, lets google security issues
Idiot 1: * googles * DDoS sounds scary Trev
Idiot 2: Sure does Dazza, let's go with that
Re:What made Britain into Great Britain was subduing the Welsh and Scots. Possibly temporarily.
Maybe we just need an attempt at independence, so that we can legitimately conquer one of them to set an example as well as ending centuries of poor relations?
I thought they were almost 100% effective where the IED's contained golf balls for shrapnel?
Once the baddies stopped using golf balls as shrapnel in IED's due to the cost increases in the second hand golf ball market as well as unresolved questions about where newer ball designs really did improve distance and accuracy, the detectors were useless.
From my reading of the BOFH - sort of.
People tend to be quite good at absorbing the first bump, but become a little spongy after that...
Wasn't pulling the ladder required to retrieve the ladder sans-Printer Rep?
If you threw away your ladder everytime you disposed of a product rep, you would end up needing a ladder rep...
It should be "shoe in" if detecting rust in a Fiat that you're considering purchasing
I really like the jacket you have in your picture - where can I get one?
What? AWS and Azure have been doing cloud VMs for up to 10 years - they may not fit every business model but considering the revenue they make they fit a lot of businesses.
Softlayers problem is that they're offering less mature services than their competitors with features that are 2-3 years behind. Still, it's IBM, so you can be pay a lot for the privilege of using a second tier provider while still providing a sloth-like business model.
Re: And not a single tear will be shed.
I sometimes cry when I laugh REALLY hard...
I'm not sure there will be a rush of companies looking for Reg commentards to make jokes about their expensive rebranding exercise.
You didn't realise what Nintendo had been training people for?
Gartner have been reaching into the magic butt and pulling out the contents again. Think they are a little optimistic within 5 years although they will probably be correct within 10 years.
Projections for the global PC market by 2020 put it at around 290 million with a breakdown of around 170m laptops and 120m desktops. I'd expect close to 100% of laptops to have SSD's by 2020 (currently ~33% and prices for laptop SSD's/HDD's are nearing parity so no real reason for not moving to HDD's other than high end capacity).
On the desktop side, will they reach around 20% selling with SSD's? Assuming the desktop market has drifted even further to value systems (i.e. around 47% value, 47% mainstream and 6% performance in 2012), they would need around 100% of performance desktops and 25% of mainstream PC's to include and a likely bump in price. Sounds a little optimistic.
TL;DR: Gartner produces report showing next PC boom for hardware manufacturers ~10 years after PC hardware booms ended
To everyone saying You just have to live with sleep and hibernation problems, go and try an Apple MacBook.
It just works - rushing somewhere? Close the lid and go. Boss asks you to show her something? Open the lid and show her. Don't have a power brick? Close the lid and resume later once you have power.
In around 3 years of using MacBooks I can only recall one time the MacBook hasn't resumed successfully.
THAT is what end users expect from a laptop because they can already get it from Apple - if Surfaces go on doing this, MS will lose Surface customers to Apple.
Or... It's a last gasp at free publicity before MySpace finally disappears...
From the AWS website, AWS appears to have two Sydney data centres and a Cloudfront/AWS direct connect location at Equinix in Sydney.
Are the two AWS data centres actually third party facilities?
c) The CIA promotes person X to position Y. The CIA tells person X that there is a single copy of file Z. Person X witnesses file Z being deleted. Person X is then asked to testify that the only file has been deleted. No lies and everyone is happy....
The main purpose is extracting money from end users.
There might be an accidental side effect of providing some security primarily by making your computer so slow that you stop using it.
The chances of Symantec being used by intelligence agencies to gather information when the software turns your machine into an unusable piece of crap which severely limits intelligence gathering.
I thought the issue with the house of Lords was the continued growth (i.e. 400 available seats in the house vs 807 members), the ease at abusing the expenses and introducing a term length with the possibility of re-election following that term rather than wanting to make the whole House elected.
If only they would die off faster....
And without management features, ports won't be shutdown and 802.1x won't be used to authenticate connections and it will complicate finding a WLAN AP or remotely accessible computer planted somewhere out of the way...
"The marketers lost any moral argument..."
You really found marketers with morals?
Are you sure the blackout was part of the celebration? Based on past experience, I would have thought the 15 minutes of working Internet was the celebration...
The great thing about temporary offices is that you just get the cheapest, dirtiest Internet that can be delivered quickly. And then wonder why you have no Internet for ~30% of the working week along with the rest of TWC's Mahatten customer base. OK - maybe 30% is an exaggeration and it's only 27%-28%...
I realise it is at a slight tangent to the original article, but it relates to the question of who ends up providing the content and reaping the rewards.
In particular - the "battle" between YouTube and Facebook.
I didn't know this existed until I saw a video about the issue on Reddit, but I don't know the real impact.
Trump 2016: Making Republicans unelectable again
Trump trails Clinton by around 6% in polls and trails significantly in the electoral college system by around 250 vs 170 based on expected voting patterns with projections showing 300+ for Clinton.
Typical ARM pricing is around US$5-$15/SoC per 1000
Typical Atom pricing was around $25-30/SoC per 1000 (possibly even lower with rebates/subsidies to get their chips into products)
Typical x86 pricing is US50-$2000/CPU per 1000
These are rumoured prices manufacturers were paying versus RRP. Price isn't everything, but you have to have sufficient yields and sales to cover your R&D/manufacturing/sales/C-level bonuses/dividends.
ARM has the advantage of being cheaper and easier to make, but Atoms weren't where the money was for Intel. There might have been a window where Atom could have been brilliant and ARM failed to increase performance that gave Intel the opportunity to compete in mobile devices, but it didn't happen.
As ARM move forward, they will need to increase their complexity to incorporate a longer pipeline and cache which will drive an increase in SoC size and therefore cost per unit. ARM manufacturers can put pressure on Intel and Intel's margins will continue to fall, but Atom being dropped isn't the death of Intel and they still have a 2+ year lead in process technology.
At the risk of insulting them, Intel may not have the best technical CPUs on the planet, but they have been the best CPU manufacturer (sometimes at the cost of performance/technical excellence to allow higher yields) for decades.
Assuming you are running patches for existing vulnerabilities already, you should already be patched for one of the two high severity issues (CVE-2016-2108).
For the second high severity issue (CVE-2016-2107), you need to be running AES (you should be...) using crypto offload. On the plus side, it is likely to only effect newer installs that can be patched reasonably easily, on the bad side it was introduced by a previous patch (although it was in 2013 prior to the Heartbleed.... In addition, the vulnerability allows the decryption of data rather than a remote compromise - bad for you so patch it, but that abandoned website isn't going to become an easy target for script kiddies..
For the low severity vulnerabilities, existing mitigation steps around getting rid of older protocols should have you covered.
Patch as quickly as possible but this isn't too scary on the OpenSSL 1 to 12 scale...
As others have said, Heartbleed set the expectation that there would be a lot of changes to address SSL/TLS security in the coming years as some of the code found indicated very poor practices.
Completely getting rid of SSLv2 and historical export defaults, slowly killing off SSLv3 while combing through TLS to make sure it was fit for purpose takes time, as does cleaning out issues within the trusted Certificate Authority model, getting people to upgrade their certificates to current standards to address encryption/hash protocols that were approaching the end of their working lives.
However, if it is another DROWN-type vulnerability where disabling SSLv2/v3 is a workaround, I'll sleep easier...
Assuming Trump goes on to win the presidency, at least the US will be able to look back and say "at least it won't be as bad as if Carly was involved"
Or is she planning on outsourcing the US electorate to ensure Cruz wins the nomination?
I think it is too early to judge the illegal behavior element as it will take time to sort out:
- entities that are using the service for legal and morally justifiable reasons
- entities that are using the service for legal but morally unjustifiable reasons
- entities that are using the service for illegal reasons now (i.e. Austrlain citizens (around 900) would appear to fall into this category due to their tax laws - potentially US citizens as well, but not aware of any so far as they are more likely to have used legal US tax havens)
- entities that are using the service for illegal reasons in the future... i.e. the actions of some politicians or their friends and families that are "allowed" now, but a future regime may have a different view.
"Putting jobs...at risk"
Isn't that the motto of IBM's offshoring business?
"He's from Barcelona^H^H^HTijuana..."