No it hasn't, Google are seeking to make QUIC the sucessor to HTTP2 and are pushing for standardisation. Additionally they are converting all Android and chrome apps using google services over to use QUIC instead of HTTP (1 or 2).
173 posts • joined 11 Dec 2009
Re: Another reason for using TLS every where
I'm fairly certain I said "men in the middle ... injecting ads" and nothing at all about TLS eliminating all adverts.
I was referring only to ISPs and the like inserting their own adverts into pages, sometimes replacing site operators adverts (Redmoon, CMA, etc).
Re: sewing GPS trackers into your clothes
"It's equivalent to a clothing retailer sewing GPS trackers into your clothes that anyone could use, without telling you, and expecting the average Joe to know that they need to ask for it to be disabled."
Umm, they are already sewing RFID transponders into clothes, not quite as bad as GPS but it allows people and stores to know what underwear you have on when you pass within range of their readers i.e. when entering and exiting the building.
Another reason for using TLS every where
If all web traffic was encrypted using TLS then ISPs and other men-in-the-middle wouldn't be able to inject headers or adverts.
"Google turns creepy" !?
Where have you been for the last ten years? They haven't suddenly become creepy overnight, their entire business model involves spying on you - there is barely a website in the world now that doesn't use Google hosted content which only exists so that they can track you everywhere you go.
Re: I don't get it at all.
Their official purpose is to allow the government to turn off your power remotely, per household, for short periods in order to prevent demand exceeding supply. The rest of the stated reasons for their existence are just the 'sugar' which is meant to help the medicine go down.
Welcome to the future of unpredictable renewable energy supplies. Free stock tip - invest in candle manufacturing firms.
Re: RFC 7465 - Prohibiting RC4 Cipher Suites
TLS 1.2 support has been available for a few years now.
Responsible certificate authorities offer free upgrades to SHA-2 signed certificates.
While it's true that a top TLS grading says nothing about the overall security of the server - whether that's http server vulnerabilities, web application or just poorly implemented authentication, it's still a valid indication of the strength of the TLS configuration. Sites should be targeting an A grade irrespective of whether they are otherwise locked down tight. Let's not forget that this is a rapidly changing landscape, SSL 3 (1996), RC4 (1987), CBC ciphers (1976) were all considered secure a year ago - admins should endeavour to stay current with their TLS configurations so that they won't get caught out as ancient protocols, key exchange methods and ciphers are broken.
TLS is not just about security of login credentials but security and privacy of data, which is at least as important as protecting against intrusion/exploitation of the server. One without the other is like securely locking the doors on a house made of glass, no-one can get in but they can see everything that you do.
RFC 7465 - Prohibiting RC4 Cipher Suites
You're breaking the standard if you still offer RC4 in your client, or use RC4 on your server.
All sites should achieve at least an A grade with https://www.ssllabs.com, an A+ grade is the goal. If you get less than an A you're doing something wrong.
Re: Hated smart meters?
Err, what you're describing is not a smart meter, it's a thermostat, entirely different piece of kit.
I know rolling blackouts are EU and government policy, that much is undisputed and has even been reported here on the Register, although the wider public seems to be completely oblivious.
However I'm avoiding accusing our government of lying to us about the true purpose of smart meters, even though all evidence points to that conclusion since I don't wish to invite charges of liable from government lawyers.
I see no-one has mentioned what many believe to be the real reason. Rolling blackouts.
Some years ago now the government came to accept that there was going to be an energy shortfall, the amount we consume would outstrip out ability to generate it. This is especially true because of the move to 'green' energy and away from better and more reliable power generation (coal, nuclear etc).
Faced with the prospect of blackouts affecting large parts of the country, politicians had to come up with a plan to save their own hides, they couldn't fix the power generation issue as they couldn't be seen to admit that renewables just aren't up to the job, and building new nuclear power stations would cost a lot of money and take at least a decade. So they decided that if you couldn't prevent the blackouts, maybe you could hide them - what if instead of entire neighbourhoods going dark, it was just one or two households in each street? Or even one or two households in thousands of neighbourhoods? This wouldn't seem so bad would it? People might not even notice the pattern!
So 'smart meters' were born. A way for individual households to have their power supply cut remotely for a few hours even few weeks or months. Customers would blame the power company for 'screwing up', power companies might even blame 'hackers' but who would think to blame the government?
Re: Scratching my head
The difference is that ICO require that the government bring in such legislation through the front door and not through the back door.
The former giving it the requisite amount of publicity and public scrutiny that the latter is deliberately attempting to avoid.
Re: Driving with a handset
Do I dare to suggest that with Sweden's population density of only 23 people per sq km has more to do with the low accident rate? The population density in the England is 413, or 18 times greater. Our roads are much more crowded, as a result inattention while driving is much more likely to result in fatal accidents.
Re: No mention of the fact driving with a hand-free mobe isn't really safer
It's worse than that. Statistically(*), you're less likely to get killed or injured *driving* home drunk, rather than *walking* home drunk. Drunk walking is apparently a big problem."
Even assuming that is true, statistics are a tricky thing - drunk drivers often manage to avoid death and inury, sadly the same can't be said for the people they hit. A drunk driver's survival would largely be the result of being encased in a large chunk of protective metal and their body being much more relaxed because of the alcohol in their system. The statistic unhelpfully ignores all accidents where the driver was uninjured, but where other people, including passengers, pediestrians and other road users were killed or injured - never mind the cases were only damage was caused.
Apples and Oranges
There is a world of difference between a company paying for a better connection to an ISP i.e. direct peering, and an ISP demanding payments from a company with the threat of deliberately crippling, or even blocking their service.
The latter has been the issue of recent years, especially in the US and why regulation is required. The former is the way the internet has always worked.
Indeed, £450 per year per seat seems very high, what exactly are they getting for that price?
Re: What a complete joke
Sorry, I'm too busy being one of those devs whose code they massacre to do their job for them as well.
Becoming a packager involves responsibility? Now you're the one making me laugh, all those users who run into bugs with packages come straight to us, we're the ones who have waste time triaging their bug reports and send them back to the packagers who just aren't interested. When users encounter bugs in an application it's the original application developers who get the bad reputation even though those bugs were introduced at the packaging stage.
It's reached the point where we now refuse support for Debian, and may soon refuse them permission to use our trademarks (Just as Mozilla did for Firefox).
What a complete joke
Debian packagers have a terrible reputation among software developers for introducing their own changes to applications, often breaking them in the process. In some cases introducing spectacular security holes (OpenSSL). These packagers can make changes at will to the actual code you'll use despite never having to prove their programming abilities to anyone, bypassing the stringent hiring processes, code review and testing of software projects.
So this work 'proves' that the source they built with was the source code they include in their source packages, but it doesn't prove the code in their own source packages matches up with the original source code released by the application developers. How many people are going to diff the packaged code against the original code to be sure that no adverse, or malicious, changes have been introduced?
I'd be far more impressed if they were introducing something which proved that their packages were built from completely untampered code and not their own dodgy reference copy.
Linux firmware update is there, halfway down the page (uses DOS based boot disc ISO):
Re: What's "Dumfounded"?
I think you'd have to go to a jeweller instead if you wish to buy one.
People don't want UHD/4K
They don't even appreciate HD, why else would they put up with all these services both streaming and broadcast which provide crappy over-compressed video at 'HD' resolution which looks no better than you'd expect from a DVD or worse. The only reason broadcast HD sometimes looks so good is because they dramatically reduced the resolution of SD channels at the same time in order to make room.
Amazon's 4K streaming bitrate is a pitiful 15Mbps FFS! Yet people are paying for it ...
Yes, they'll buy the TVs because it's "new" and it will look great in the showroom, but the picture quality of what they watch at home won't be any better and they won't care.
"Office's extensive functionality can't possibly cover all scenarios."
Not even something like pulling contact details from Outlook into a document without a VB macro, as per the OP?
Really? You did read the original poster, didn't you, or were you too busy looking for anything remotely critical of the one thing you know how to do?*
Office doesn't have to cover all scenarios, 99% of tasks which are currently attempted using VB Macros are just as basic as those listed by the OP. The rest should be left to those who know what they are doing, with the proper tools and not a language programmed through a WYSIWYG editor. (Yes, you can hand code VB, that's not the point).
* Yes, we've noticed how often you only reply to leap to the defence of VB, .Net and Microsoft in general. Your one man battle against the 'evil' conspiracy by those nasty open source types. Wait ... who first mentioned open source in this thread?
I could build an entire office out of Lego, that doesn't mean it's the right tool for the job.
The fact is that the sorts of basic actions you describe above should not require scripting of any kind. Additionally macros should be restricted to pulling in information from a well designed, restricted APIs, not the apparently unfettered access they currently have to systems. It was criminally bad design by Microsoft, apparently unable or unwilling to create applications which simply worked together the way they ought to, they decided to give their customers the components and told them that "building it yourself" was a virtue and not an abject failure on their part.
VB is a loaded handgun painted in primary colours with the trigger labelled "Pull me!" . It's aimed at precisely those people who aren't capable of using anything more sophisticated and who therefore should never, ever have be allowed such power in the first place.
Re: Corporate ActiveX anyone
"1/ They had an idiot CEO that preferred personal convenience over security, giving his passwords out over email. (show me an IT system that can prevent this...)"
Sure, that would be any system which uses two factor authentication (with one-time tokens). i.e. One where simply having the passwords and keys isn't enough to give you access to any of the systems.
Re: Not really "Only in America"
While they can do so in most countries, what sets the US apart is that even if the case is frivolous the defendant still ends up out of pocket.
In most civilised countries, the judge would order the plaintiff to pay the defendants legal bills (and other costs) and may even fine them for wasting the courts time. Given that system you don't bring a case to court unless you have a good chance of winning.
Re: WMD's was NOT about chemical, it was about "nucular"
Let me clarify that last post, the US administration did not present evidence, nor to my recollection did they even mention, the existence of nuclear weapons in Iraq in the months before the second invasion by allied forces.
Iraq did have a nuclear weapons program at the time of the first gulf war, although they never had a working device. Their nuclear facilities, including their civilian power plants were destroyed by the allies and Israel during that period which ended their nuclear program.
The possibility of nuclear weapons was not the reason for the first war either, that was the Iraqi invasion of Kuwait. If the Americans had any interest in finding nuclear weapons they wouldn't have withdrawn from Iraq after just one hundred hours. They drove the Iraqis from Kuwait, pursued the withdrawing Iraqi army briefly across the border and then packed off home again. They didn't spend any time searching for WMDs.
Re: WMD's was NOT about chemical, it was about "nucular"
Pascal you're confusing Iraq and Iran. No-one ever said Iraq had nuclear weapons.
Even the 'intel' suggesting that Iran has nuclear weapons is shaky, it's never been substantiated. Iran does have power generating reactors, and they have enriched uranium for use in those reactors but beyond that no-one has ever produced solid evidence that they are gathering weapons grade plutonium for a bomb. They are also a long way off creating ICBMs, long range rockets yes, ICBMs no.
... also because Sharks will naturally swim very close to land (litoral waters), at or near the surface of the water in addition to deeper waters further from the coast - all required for that essential surveillance role. Seeing a Tuna swimming just off a beach or within a harbour would immediately look out of place. Their characteristic fin projects above the water for extended periods, perfect for a camera to grab clear unobstructed shots.
A shark is large enough to carry all the equipment and batteries, but not so large that it can't slip through, or around anti-submarine and anti-torpedo nets.
They could have chosen a dolphin, but that is itself problematic as navies around the world have been training Dolphins to carry out surveillance and plant mines for decades. A lone dolphin swimming around your military vessels and ports would warrant close scrutiny.
Re: HTTPS is also about privacy
"Well, https doesn't encrypt URLs, for one thing. So a snooper can see (the URL of) all pages you visit using https, even if they can't see the content."
As Raumkraut said, that's incorrect. The path and query string are only sent to the server after the secure connection has been established. Perhaps you should reconsider that down-vote?
Re: I'd consider "broken HTTPS" far more insecure than HTTP
"the world+dog needs to fix the massive hole that is SSL certificate issuing."
The solution you're looking for exists and is in use already, it's called certificate pinning. It's not a perfect solution, but the situation isn't nearly as bad you as make out.
Furthermore you seem to be arguing that we shouldn't bother locking the front door unless we also put bars on the windows and install an alarm system. There will always be those with the resources to bypass any security, but that doesn't mean we should just give up and let everyone have access to our data.
No cost involved
FFS - No. No experts are required, no cost at all. Go look at the Let's Encrypt (https://letsencrypt.org/) project. Those small sites are almost universally on shared hosting packages which will offer one-click setup via CPanel (or equivalent), most will probably set it up by default.
Please stop the uninformed hysteria. I feel like I've walked into the twilight zone with all the opposition being expressed to the idea of bringing the very security and privacy to internet connections which should have been there from the start.
"Think of the children" == Godwin's Law
Think of the children, screw the rest of us.
If you think those school children aren't smarter than you, and haven't already found ways around your filters then you're wrong.
Re: Time to buy stock in VeriSign/Symantec
Considering the EFF is launching an entirely free, automated CA in 2015 there will be no potential for existings CAs to cash in.
You no longer need a unique IP to get an SSL certificate. That's what SNI is for.
Re: And that's the news from Switzerland...
Yes I have been to Switzerland, more than once. No I've not been to Lugano, although I was in Locarno this summer.
The Wikipedia page on Lugano seems to support my case - https://en.wikipedia.org/wiki/Lugano#mediaviewer/File:BancadelGottardo(Botta).JPG
While I grant that down on the lakes there's a definite Italian influence to some of the older buildings, I stick by my description of the newer stuff as "concrete boxes".
Just travel a couple of miles down the Lakes into Italy and the contrast in the towns couldn't be greater.
The Swiss mountain villages are an entirely different matter, those are incredibly pretty. Once you get to the towns of any significant population though ...
Re: And that's the news from Siwtzerland...
Switzerland is indeed in the running for the most boring country in the world. Even their towns and cities are spectacularly dull, grey seas of bland concrete boxes.
Only if the file sizes and decompression speed are better than PNG, I can't find any comparisons on their website.
Re: It's probably not what the web needs urgently...
Sorry but I'm going to keep using PNGs for my GUIs, after all to actually display them they all need decompressing to bitmaps at which point they consume identical amounts of memory. Anyone who uses JPEG for a GUI is just sacrificing fidelity for the sake of saving a small amount of disk space.
It will be interesting to see how well the lossless option of BPG works in comparison to PNG. I note that's not one of the comparisons they do on the website.
What's it supposed to look it?
Can we have some screenshots of what it's supposed to look like? I very much doubt it's exactly what I'm seeing, because that looks like something from over a decade ago, low res, sparse and hard on the eyes, but who knows?
What's immediately apparent is that there is no anti-aliasing on any of the text (was fine before). This is in Opera 26 (Chromium) on linux.
Re: How long before we see more ion engines?
Ion engines aren't THAT slow. The Dawn probe has been zipping around the solar system on it's ION engines since it's launch in 2007. After a year of studying Vesta in 2011, it set course for Ceres and is due to arrive in 2015. By comparison to that journey, a small orbit change for a satellite is nothing.
Re: Well, hell, what's left?
Right, AES_GCM or Camellia, with ECDHE is what everyone should be using.
Running your site through https://www.ssllabs.com/ssltest/index.html is always a good idea. Anything less than an A is a poor performance. A+ is possible without making any compromise except for excluding IE6 and some combinations of XP + IE8.
Re: Well, hell, what's left?
The advantage of DHE based ciphers is forward secrecy* which has got to be a Good Thing™?
In fact I wouldn't want to use any Payment/Banking system which didn't support cutting edge security. Unfortunately the PCI requirements are updated so slowly that they are out of date by the time they are published.
My online banking (Barclays) security is a joke. RC4, no forward secrecy, no strict transport security headers, sha1 signatures, no stapling, no TLS fallback prevention, ssl v3 still supported ...
Only 26 passwords?
I'm cynical about the sample size of that survey if the average was that low ...
Re: $50 and a month of Prime
I'd assume this is pretty standard for all companies giving devices which depend heavily on paid content to reviewers. Are they expected to spend their own money buying content to test the device. The Fire Phone (and iphone), but particularly the Fire phone, is all about purchasing apps, books, music and watching subscription videos from Amazon, how can you really review them without doing those things?
I don't use twitter, why is knowing the character limit important and who cares?
Who the hell is Sheryl Sandberg? Internet leader?? Non-entity more like.
Again, I don't use Facebook, I don't care about Facebook or it's history. I saw "The Social Network" but I guess it was a forgettable film as I don't remember much about it.
The iPhone answer was just a lucky guess. What does that have to do with the the 'Web'?
So does that make me an internet ingnoramous? I mean I'm apparently one of just 9% who used Mosaic in the early nineties, but I know less about the internet and WWW than someone whose total experience comes from the Twitter and Facebook apps on their iPhone?
Where are the real questions? These are just trivial fluff.
Re: question 4
The other way around surely?
I think it was the early 90s when I visited. I seem to recall the visitors centre being moderately interesting, but the dishes were the main attraction. I was lucky though, I grew up close to Jodrell Bank and saw those dishes regularly and they dwarf 'Arthur'. The Lovell telescope is three times larger.
Damaged high voltage cable?
It's the obvious answer, surely?
The electrician helpfully noted that those cables are normally shielded, but if they've been damaged then that shielding is compromised. London is experiencing a lot of problems with underground power cables lately, with multiple explosions as water gets into damage connections. This would then explain why they are now digging up the street and why they turned off power to the street while doing the work.
Marvin - Remember it's film version, not the book, radio or TV version
I see an early surge in votes for Marvin, but I'm sure most of those are people thinking of the alternate, non-film, versions of Marvin. IMHO while Marvin was the best bit of the film, that's really not saying much ...