25 posts • joined 16 May 2007
Schneier retracts PGP switch advice (was Re: Bruce Schneier *doesn't* reveal what he'll use)
I had been using PGPDisk for years and it was on my hard drive, so switching was quick and easy. I have no inside information that Symantec hasn't given the government a back door.
Reflecting on it, my switch was hasty. I agree with those who write that TrueCrypt 7.1 is no less secure now than it was a month ago. And I recommend that people don't switch until we figure out what's going on.
re: "closed up before a more detailed review could be done of the code"
How would closing the website prevent a review of the code, when everybody's already downloaded it?
(Title to be read in a Lady Bracknell voice.)
Well, at least Apple have actually invented something here, rather than just patenting some pre-existing or obvious idea, but seriously, someone must have had their Complicator's Gloves on when they came up with this one. If you can sense that a button-press is unintentional electronically, then you can just discard/ignore it electronically. Adding a solenoid to make the button resist being pressed just seems stupid to me. One more thing to go expensively wrong.
Hang on, maybe that's Apple's real motivation here.
That's a bit like presenting a cutaway diagram of a car and calling it "Human anatomy" because of the driver, isn't it?
Perhaps you underestimate the degree of their derangement.
Everything is broken, according to the various references linked in the story; Gmail, FB, banking sites, everything. They just don't care what breaks as long as they can control everything that still works.
If Applebaum is your enemy ...
... you must work for or support a repressive government. Or perhaps the RIAA.
You don't swipe a phone,
you tap it.
Hell, it wouldn't even fit in the card reader.
I built my own dev system.
Developing and testing code on the same machine was never a good way to work back in the old days before memory-protected processes. Too much saving and reloading around the inevitable crashes. (At least rebooting was quick!)
I built a crude homebrew dev system by plugging two C-64s into the same 1541 disk drive, and running some software on the target C-64 that monitored the IEEE serial lines and pretended to be a second drive. I wrote code on the other C-64, and when I told my assembler to assemble directly to file on disk drive #9 rather than #8, it would be loaded straight to target memory by the stub on the second machine and executed. Combined with an Action Replay on the target for debugging and stepping, development was really pretty smooth.
Bananadine myth vaguely based on half-understood reality.
There is actually quite a lot of 5HT (serotonin) in banana peel, but it can't cross the blood-brain barrier, so smoking them, or any other kind of ingestion isn't going to work. You'd basically have to extract it into liquid form and then inject it straight through your skull directly into your brain to get some kind of a hit off it.
Anyone up for "National Everybody Photograph A Copper Day 9/9/9"?
How about we institute "National Everybody Photograph A Copper Day", on which as many of us as possible go out - armed with plenty of printed copies of the relevant guidance, of course - and photograph as many coppers in the course of their daily duties as we can?
Because like the guy above (Nigel11) mentioned, "The authorities need watching every bit as much as the terrorists". Damn right they do, and what's more they need *reminding*: they need reminding that we do *not* live under martial law, they need reminding that they can *not* just issue orders to civilians and that we do *not* have to do what they say just because they are coppers.
So, how about it, commentards. Anyone else think it would be a laugh? We could make it September 9th for the 9/9/09 = 999 connection. Set up a website on a freebie webhost somewhere, get a few of the amateur photographer magazines to pitch in with it - could be quite a bit of fun as well as making a serious point about how far outside the limits of their *actual* powers the police very regularly go.
Post replies here if you're interested and maybe we can get the ball rolling if enough people say they like the sound of it. ElReg, you'd give us some write-ups if we were going to arrange it, wouldn't you?
>"hypnosis and mild electro-shock therapy"
AKA brainwashing and torture.
>"So, by way of impotent protest, we shall decline to explain what Sonic Emotion do, or sell."
</standingovation> You win an internets!
I'd like to see a lot more of this sort of response to the frequently inane, offensive and/or fraudulently dishonest marketroid spew we are so often besieged with!
Oh come on now...
>"HP has come under fire for nullifying BIOS password protection steps on laptops by publishing reset data on its website."
And you have to be TOLD that we want to see the link? Sheesh, you don't seem to know us readers very well by now...
@How it works... I reported this vuln 6 years ago.
They're called "URL flips".
Albert Hofmann's dead..
... No, no, no, he's outside, looking in.
Cheerio mate, and lots of thanks. We won't forget the debt of gratitude we owe you.
The trinity of RIA security RE-explained
The trinity of RIA security can best be summed up as:
Zip, Nada, Zilch.
We've known this ever since Active-X was first deployed. Here's Microsoft's "First immutable law of computer security":
"Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore."
Here's DaveK's corollorary to the first immutable law of computer security:
> If you let remote websites execute code on your computer, it's not your computer any more.
When combined with DaveK's axiom of rich internet application security:
> Microsoft invented Active-X /so/ that remote websites can execute code on your computer.
It leads us to DaveK's syllogisms of computer security:
>1. If you let Microsoft execute code on your computer, it's not your computer any more.
>2. Microsoft are the "bad guys".
Amiga vs ST
Heh, so there are still some people out there who won't admit the ST was a pile of poo compared to the Amiga? I remember the old "ST has a MIDI interface" argument from way back when, it goes something like:
"Sure... your Amiga has a higher resolution display, more colours, four channels of sampled sound, a display coprocessor, sprites, a blitter, DMA engines....... but my ST has a serial port! Yes, I know the Amiga has a serial port too, but my ST's serial port comes on a midi DIN connector instead of a db9".
So yes, you lucky ST owners, you did indeed save yourselves the three or four quid that a DB9 <-> DIN level adapter would have cost you. Well worth sacrificing 90% of the multimedia functionality of the machine for, eh?
Um, no, actually.
You chose wrong, you got burned - it's twenty years later now, it's time you faced up to it.
- DaveK a.k.a "Ubik".
"It's immoral, but the money makes it right"
No it doesn't, asshole. It just gives you a motive to engage in pathetic and despicable self-delusion. You are not exculpated.
And THE SAME RULE GOES FOR YOU, BALLMER, GATES AND JOBS!
Thanks for that, but I missed you posting - what time does it say *now*?
Hey, thanks for the link, I guess it was fairly obvious after all.
What's really brilliantly beautifully poetically ironic about it is that when I surf to that address, all I see is a web page announcing:
Epochalypse Countdown: 00 years 0 months 0 weeks 0 days 00:00:00:000
[yeh, I know it's only because of noscript really...]
Hey, I just invented a catchy new term to describe the y2038 bug when it rolls around!
<dons sandwich board> Beware, unbelievers! The Epochalypse is coming!
.... I thought Apple had cornered the market, but no! Look at all the gimps memorising and then mindlessly parroting the strapline from Marmite's recent advertising campaign.
"Hey! Look at me! I'll demonstrate my quirkiness and individuality by... oh.... I dunno, how about by identifying myself with a mass-manufactured consumer item and repeating something they told me to say in their ads".
Sad, sad people. You are all SOooo pWn3d!
It's called a "figure of speech"
God knows what you would have thought if the article had said "David Niesel was on hand ..."!
" even when the people affected have proved they are innocent of any crime. "
Remember the old days, when it was up to the police to prove you guilty of a crime, not up to you to prove yourself innocent? I miss them.
- JLaw, Kate Upton exposed in celeb nude pics hack
- Google flushes out users of old browsers by serving up CLUNKY, AGED version of search
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- GCHQ protesters stick it to British spooks ... by drinking urine
- Twitter declines to deny JLaw tweet scrubdown after alleged iCloud NAKED PHOTOS hack