Re: Another one for the hall of shame
In the world of security, anything less than an A is never a pass. Incidentally, SSL Labs hand out an A+ for the top grade, which is what everyone should be targeting.
182 posts • joined 11 Dec 2009
In the world of security, anything less than an A is never a pass. Incidentally, SSL Labs hand out an A+ for the top grade, which is what everyone should be targeting.
I'm assuming they'll use H.265 for broadcast and streaming, H.264 would be an odd choice. Still, H.265 can't work miracles, if broadcast quality HD using H.264 is 9Mbps (30+ for Blu-ray) then they can't cram 4x the information into an H.265 stream of 13Mbps without seriously degrading the quality. Even Netflix opted for 15Mbps, which is still way too low. For broadcast quality parity you are looking at at least 18Mbps but reasonably we should demand better from 4K broadcasts and not let broadcasters squeeze the image to the point where 4K broadcast/streaming looks like Blu-ray HD.
Try double that ...
"how the basic (low-precision) Galileo free and open service compares to the current free and open GPS tier?"
The uncorrected free tier guarantees accuracy within 1 metre, compared to GPS which provides uncorrected accuracy within 15 metres. These are the worst case scenarios with a good lock, obviously GPS performs better than that in the real world, a consumer grade receiver will usually average around 4m at best, but similarly you can expect the average performance of Galileo to be far better too - if it compares to GPS, then you could an average best of 30cm from the free service.
The Galileo commercial tier guarantees accuracy to within 1cm. This is marginally better than survey grade GPS augmented with RTK which is within 30cm but normally averages within 'a few centimetres'.
These figures are changing all the time, GPS accuracy is being improved all the time, especially the with the use of correction services, and until Galileo is fully operational the claims made for the system are unproven. However the accuracy of Galileo's free service was enough to scare the US into formally protesting the project and threatening the EU, but probably not for the reasons you think - the US government makes a lot of money from their commercial GPS and Galileo represents a threat to that business.
The EU want a global system that can be used by EU businesses, citizens where ever they are operating in the world. Galileo offers total coverage, loran doesn't even come close. They also want a system which is more accurate than GPS, not less. eLoran offers accuracy to about 8 metres, Galileo to within an inch.
It's not a unit per se, you pay for capacity not usage. So 1Mbps per second of capacity for a whole month is $1.
If you want to work back from to get the per MB the value would be 1 ($) divided by the total number of bytes that _could_ be delivered which is 1 (Mbps) divided 8 (bits to get number of bytes you can transfer in one second) multiplied by 2,592,000 (assuming a 30 day month).
1 / ( (1 / 8) * 2,592,000) = 1 / 324,000 = $0.000003086 or $3.086x10-6 per Megabyte
which could be expressed as $3.24 per TB
The EU had (now abolished) Three Pillars, and it has the concept of the Four Freedoms, but I don't think I've ever heard of the Four Pillars, although four would have made more sense, three always seemed to imply the EU was like an unstable bar stool.
As studies have shown, drivers in London are exposed to considerably more fumes and pollution than cyclists primarily because pollutants that enter the vehicle build up in the enclosed space. Other factors include air intakes on vehicles being at the level of the exhaust pipe of the vehicle in front of them and cyclists being exposed to moving air and being higher off the ground.
The ISS is a sealed box, air has been recycled up there for years now. Traces of everything that leaves the human body remain on every surface in the station despite regular cleaning. In some places the actual fabric of the station is being damaged by the high bacteria levels. It's a floating septic tank, and worse, bacteria and fungal behave differently in space which may lead to more potent mutations. If you wash salad vegetables before consumption on Earth, and you should, then you'd be really stupid not to be doing it on board the ISS.
No it hasn't, Google are seeking to make QUIC the sucessor to HTTP2 and are pushing for standardisation. Additionally they are converting all Android and chrome apps using google services over to use QUIC instead of HTTP (1 or 2).
I'm fairly certain I said "men in the middle ... injecting ads" and nothing at all about TLS eliminating all adverts.
I was referring only to ISPs and the like inserting their own adverts into pages, sometimes replacing site operators adverts (Redmoon, CMA, etc).
"It's equivalent to a clothing retailer sewing GPS trackers into your clothes that anyone could use, without telling you, and expecting the average Joe to know that they need to ask for it to be disabled."
Umm, they are already sewing RFID transponders into clothes, not quite as bad as GPS but it allows people and stores to know what underwear you have on when you pass within range of their readers i.e. when entering and exiting the building.
If all web traffic was encrypted using TLS then ISPs and other men-in-the-middle wouldn't be able to inject headers or adverts.
Where have you been for the last ten years? They haven't suddenly become creepy overnight, their entire business model involves spying on you - there is barely a website in the world now that doesn't use Google hosted content which only exists so that they can track you everywhere you go.
Their official purpose is to allow the government to turn off your power remotely, per household, for short periods in order to prevent demand exceeding supply. The rest of the stated reasons for their existence are just the 'sugar' which is meant to help the medicine go down.
Welcome to the future of unpredictable renewable energy supplies. Free stock tip - invest in candle manufacturing firms.
TLS 1.2 support has been available for a few years now.
Responsible certificate authorities offer free upgrades to SHA-2 signed certificates.
While it's true that a top TLS grading says nothing about the overall security of the server - whether that's http server vulnerabilities, web application or just poorly implemented authentication, it's still a valid indication of the strength of the TLS configuration. Sites should be targeting an A grade irrespective of whether they are otherwise locked down tight. Let's not forget that this is a rapidly changing landscape, SSL 3 (1996), RC4 (1987), CBC ciphers (1976) were all considered secure a year ago - admins should endeavour to stay current with their TLS configurations so that they won't get caught out as ancient protocols, key exchange methods and ciphers are broken.
TLS is not just about security of login credentials but security and privacy of data, which is at least as important as protecting against intrusion/exploitation of the server. One without the other is like securely locking the doors on a house made of glass, no-one can get in but they can see everything that you do.
You're breaking the standard if you still offer RC4 in your client, or use RC4 on your server.
All sites should achieve at least an A grade with https://www.ssllabs.com, an A+ grade is the goal. If you get less than an A you're doing something wrong.
Err, what you're describing is not a smart meter, it's a thermostat, entirely different piece of kit.
I know rolling blackouts are EU and government policy, that much is undisputed and has even been reported here on the Register, although the wider public seems to be completely oblivious.
However I'm avoiding accusing our government of lying to us about the true purpose of smart meters, even though all evidence points to that conclusion since I don't wish to invite charges of liable from government lawyers.
I see no-one has mentioned what many believe to be the real reason. Rolling blackouts.
Some years ago now the government came to accept that there was going to be an energy shortfall, the amount we consume would outstrip out ability to generate it. This is especially true because of the move to 'green' energy and away from better and more reliable power generation (coal, nuclear etc).
Faced with the prospect of blackouts affecting large parts of the country, politicians had to come up with a plan to save their own hides, they couldn't fix the power generation issue as they couldn't be seen to admit that renewables just aren't up to the job, and building new nuclear power stations would cost a lot of money and take at least a decade. So they decided that if you couldn't prevent the blackouts, maybe you could hide them - what if instead of entire neighbourhoods going dark, it was just one or two households in each street? Or even one or two households in thousands of neighbourhoods? This wouldn't seem so bad would it? People might not even notice the pattern!
So 'smart meters' were born. A way for individual households to have their power supply cut remotely for a few hours even few weeks or months. Customers would blame the power company for 'screwing up', power companies might even blame 'hackers' but who would think to blame the government?
The difference is that ICO require that the government bring in such legislation through the front door and not through the back door.
The former giving it the requisite amount of publicity and public scrutiny that the latter is deliberately attempting to avoid.
Do I dare to suggest that with Sweden's population density of only 23 people per sq km has more to do with the low accident rate? The population density in the England is 413, or 18 times greater. Our roads are much more crowded, as a result inattention while driving is much more likely to result in fatal accidents.
It's worse than that. Statistically(*), you're less likely to get killed or injured *driving* home drunk, rather than *walking* home drunk. Drunk walking is apparently a big problem."
Even assuming that is true, statistics are a tricky thing - drunk drivers often manage to avoid death and inury, sadly the same can't be said for the people they hit. A drunk driver's survival would largely be the result of being encased in a large chunk of protective metal and their body being much more relaxed because of the alcohol in their system. The statistic unhelpfully ignores all accidents where the driver was uninjured, but where other people, including passengers, pediestrians and other road users were killed or injured - never mind the cases were only damage was caused.
There is a world of difference between a company paying for a better connection to an ISP i.e. direct peering, and an ISP demanding payments from a company with the threat of deliberately crippling, or even blocking their service.
The latter has been the issue of recent years, especially in the US and why regulation is required. The former is the way the internet has always worked.
Indeed, £450 per year per seat seems very high, what exactly are they getting for that price?
Sorry, I'm too busy being one of those devs whose code they massacre to do their job for them as well.
Becoming a packager involves responsibility? Now you're the one making me laugh, all those users who run into bugs with packages come straight to us, we're the ones who have waste time triaging their bug reports and send them back to the packagers who just aren't interested. When users encounter bugs in an application it's the original application developers who get the bad reputation even though those bugs were introduced at the packaging stage.
It's reached the point where we now refuse support for Debian, and may soon refuse them permission to use our trademarks (Just as Mozilla did for Firefox).
Debian packagers have a terrible reputation among software developers for introducing their own changes to applications, often breaking them in the process. In some cases introducing spectacular security holes (OpenSSL). These packagers can make changes at will to the actual code you'll use despite never having to prove their programming abilities to anyone, bypassing the stringent hiring processes, code review and testing of software projects.
So this work 'proves' that the source they built with was the source code they include in their source packages, but it doesn't prove the code in their own source packages matches up with the original source code released by the application developers. How many people are going to diff the packaged code against the original code to be sure that no adverse, or malicious, changes have been introduced?
I'd be far more impressed if they were introducing something which proved that their packages were built from completely untampered code and not their own dodgy reference copy.
Linux firmware update is there, halfway down the page (uses DOS based boot disc ISO):
I think you'd have to go to a jeweller instead if you wish to buy one.
They don't even appreciate HD, why else would they put up with all these services both streaming and broadcast which provide crappy over-compressed video at 'HD' resolution which looks no better than you'd expect from a DVD or worse. The only reason broadcast HD sometimes looks so good is because they dramatically reduced the resolution of SD channels at the same time in order to make room.
Amazon's 4K streaming bitrate is a pitiful 15Mbps FFS! Yet people are paying for it ...
Yes, they'll buy the TVs because it's "new" and it will look great in the showroom, but the picture quality of what they watch at home won't be any better and they won't care.
"Office's extensive functionality can't possibly cover all scenarios."
Not even something like pulling contact details from Outlook into a document without a VB macro, as per the OP?
Really? You did read the original poster, didn't you, or were you too busy looking for anything remotely critical of the one thing you know how to do?*
Office doesn't have to cover all scenarios, 99% of tasks which are currently attempted using VB Macros are just as basic as those listed by the OP. The rest should be left to those who know what they are doing, with the proper tools and not a language programmed through a WYSIWYG editor. (Yes, you can hand code VB, that's not the point).
* Yes, we've noticed how often you only reply to leap to the defence of VB, .Net and Microsoft in general. Your one man battle against the 'evil' conspiracy by those nasty open source types. Wait ... who first mentioned open source in this thread?
I could build an entire office out of Lego, that doesn't mean it's the right tool for the job.
The fact is that the sorts of basic actions you describe above should not require scripting of any kind. Additionally macros should be restricted to pulling in information from a well designed, restricted APIs, not the apparently unfettered access they currently have to systems. It was criminally bad design by Microsoft, apparently unable or unwilling to create applications which simply worked together the way they ought to, they decided to give their customers the components and told them that "building it yourself" was a virtue and not an abject failure on their part.
VB is a loaded handgun painted in primary colours with the trigger labelled "Pull me!" . It's aimed at precisely those people who aren't capable of using anything more sophisticated and who therefore should never, ever have be allowed such power in the first place.
"1/ They had an idiot CEO that preferred personal convenience over security, giving his passwords out over email. (show me an IT system that can prevent this...)"
Sure, that would be any system which uses two factor authentication (with one-time tokens). i.e. One where simply having the passwords and keys isn't enough to give you access to any of the systems.
While they can do so in most countries, what sets the US apart is that even if the case is frivolous the defendant still ends up out of pocket.
In most civilised countries, the judge would order the plaintiff to pay the defendants legal bills (and other costs) and may even fine them for wasting the courts time. Given that system you don't bring a case to court unless you have a good chance of winning.
Let me clarify that last post, the US administration did not present evidence, nor to my recollection did they even mention, the existence of nuclear weapons in Iraq in the months before the second invasion by allied forces.
Iraq did have a nuclear weapons program at the time of the first gulf war, although they never had a working device. Their nuclear facilities, including their civilian power plants were destroyed by the allies and Israel during that period which ended their nuclear program.
The possibility of nuclear weapons was not the reason for the first war either, that was the Iraqi invasion of Kuwait. If the Americans had any interest in finding nuclear weapons they wouldn't have withdrawn from Iraq after just one hundred hours. They drove the Iraqis from Kuwait, pursued the withdrawing Iraqi army briefly across the border and then packed off home again. They didn't spend any time searching for WMDs.
Pascal you're confusing Iraq and Iran. No-one ever said Iraq had nuclear weapons.
Even the 'intel' suggesting that Iran has nuclear weapons is shaky, it's never been substantiated. Iran does have power generating reactors, and they have enriched uranium for use in those reactors but beyond that no-one has ever produced solid evidence that they are gathering weapons grade plutonium for a bomb. They are also a long way off creating ICBMs, long range rockets yes, ICBMs no.
... also because Sharks will naturally swim very close to land (litoral waters), at or near the surface of the water in addition to deeper waters further from the coast - all required for that essential surveillance role. Seeing a Tuna swimming just off a beach or within a harbour would immediately look out of place. Their characteristic fin projects above the water for extended periods, perfect for a camera to grab clear unobstructed shots.
A shark is large enough to carry all the equipment and batteries, but not so large that it can't slip through, or around anti-submarine and anti-torpedo nets.
They could have chosen a dolphin, but that is itself problematic as navies around the world have been training Dolphins to carry out surveillance and plant mines for decades. A lone dolphin swimming around your military vessels and ports would warrant close scrutiny.
"Well, https doesn't encrypt URLs, for one thing. So a snooper can see (the URL of) all pages you visit using https, even if they can't see the content."
As Raumkraut said, that's incorrect. The path and query string are only sent to the server after the secure connection has been established. Perhaps you should reconsider that down-vote?
"the world+dog needs to fix the massive hole that is SSL certificate issuing."
The solution you're looking for exists and is in use already, it's called certificate pinning. It's not a perfect solution, but the situation isn't nearly as bad you as make out.
Furthermore you seem to be arguing that we shouldn't bother locking the front door unless we also put bars on the windows and install an alarm system. There will always be those with the resources to bypass any security, but that doesn't mean we should just give up and let everyone have access to our data.
FFS - No. No experts are required, no cost at all. Go look at the Let's Encrypt (https://letsencrypt.org/) project. Those small sites are almost universally on shared hosting packages which will offer one-click setup via CPanel (or equivalent), most will probably set it up by default.
Please stop the uninformed hysteria. I feel like I've walked into the twilight zone with all the opposition being expressed to the idea of bringing the very security and privacy to internet connections which should have been there from the start.
Think of the children, screw the rest of us.
If you think those school children aren't smarter than you, and haven't already found ways around your filters then you're wrong.
Considering the EFF is launching an entirely free, automated CA in 2015 there will be no potential for existings CAs to cash in.
You no longer need a unique IP to get an SSL certificate. That's what SNI is for.
Yes I have been to Switzerland, more than once. No I've not been to Lugano, although I was in Locarno this summer.
The Wikipedia page on Lugano seems to support my case - https://en.wikipedia.org/wiki/Lugano#mediaviewer/File:BancadelGottardo(Botta).JPG
While I grant that down on the lakes there's a definite Italian influence to some of the older buildings, I stick by my description of the newer stuff as "concrete boxes".
Just travel a couple of miles down the Lakes into Italy and the contrast in the towns couldn't be greater.
The Swiss mountain villages are an entirely different matter, those are incredibly pretty. Once you get to the towns of any significant population though ...
Switzerland is indeed in the running for the most boring country in the world. Even their towns and cities are spectacularly dull, grey seas of bland concrete boxes.
Only if the file sizes and decompression speed are better than PNG, I can't find any comparisons on their website.
Sorry but I'm going to keep using PNGs for my GUIs, after all to actually display them they all need decompressing to bitmaps at which point they consume identical amounts of memory. Anyone who uses JPEG for a GUI is just sacrificing fidelity for the sake of saving a small amount of disk space.
It will be interesting to see how well the lossless option of BPG works in comparison to PNG. I note that's not one of the comparisons they do on the website.
Can we have some screenshots of what it's supposed to look like? I very much doubt it's exactly what I'm seeing, because that looks like something from over a decade ago, low res, sparse and hard on the eyes, but who knows?
What's immediately apparent is that there is no anti-aliasing on any of the text (was fine before). This is in Opera 26 (Chromium) on linux.
Ion engines aren't THAT slow. The Dawn probe has been zipping around the solar system on it's ION engines since it's launch in 2007. After a year of studying Vesta in 2011, it set course for Ceres and is due to arrive in 2015. By comparison to that journey, a small orbit change for a satellite is nothing.