52 posts • joined 5 Jan 2010
What Facebook really gains....
...is access to phone numbers, because WhatsApp uses your phone number to identify you. So next up on Facebook's ignorance towards healthy privacy policies: "You didn't enter your phone number in your Facebook profile. We fixed that for you. You can opt out of this service, including public visibility which is initially activated, as soon as we completed that feature. You're welcome."
"Not that FTTP infrastructure is significantly more expensive than FTTC, just that they couldn't also then continue to rake in the £15+ per month per install in line rental for the land-line phone that many people no longer want / need"
They do that regardless. I'm one of the very few lucky people who have FTTP. They wouldn't sell it to me without phone line (via fibre; the old copper line is no longer connected).
I'm not complaining, though. If anything, they should be forced to significantly reduce prices for traditional copper broadband, because FTTP is in a different league altogether, throughput and latency-wise.
"Anyone else think it irresponsible to publish the code the flaw [...] ?"
That's the eternal question whether full disclosure is good or bad.
The point of it is to force the product owners to get their act together ASAP, after they were given a heads-up usually months before, including a proof or working exploit code - without success. That's, unfortunately, often the only way to get flaws into the spot light and fixed.
Without full disclosure, it's a question of time until a black hat discovers the same thing (if they haven't already). But they won't tell the developers about it. They instead sell it on the black market where it can be purchased and used by other people with malicious intentions, for a sometimes very long period of time.
Full disclosure may cause an uproar and short negative impact, but ultimately it's better for the user that the issues are addressed quickly and the security holes closed.
Again, full disclosure rarely happens without giving the makers of a product plenty of time to fix it first. It's a matter of "sorry, we told you, but you keep ignoring or playing down the problem".
"it most certainly had the money to get decent legal advice"
I'm sure Google did. The question to their lawyers was: How far can we go and what's the maximum fine at stake? They, too, then decided it was pocket money and well worth the risk.
Privacy laws (and the fines for breaching them) appear to be little more than a joke. This has to stop.
"NHS Scotland has 3,603 PCs with 3,537 on Windows XP and the same number on IE6."
"NHS Scotland beginning its shift relatively late, in July 2013."
So that's 66 PCs updated in 6 months, or 11 per month on average. (IF the 66 PCs were running XP and not another OS.) They want to be over and done with it in the third quarter? Right, not at that pace. Or they meant Q3 sometime in the 22nd century.
They might want to check out CyberStreet (see other El Reg article). Seems they can learn a few bits and pieces there.
Same in the property we previously lived in. BT line quality was dreadful there, so I checked with Virgin. Their online checker said: good to go. Called them just to find out that it was apparently not possible to have it, however. Some wishy-washy reason was given. Interestingly the neighbours upstairs and at least one neighbour to either the left or right had it (according to wireless SSIDs being broadcast). But we couldn't have it. Still we received flyers saying that it was available to us too. So I called them again a few weeks later, same outcome.
I have to conclude that they could possibly connect us, but it would have caused extra work for them. Given their cheap rates, any manual labour (including in-depth investigation why neighbours upstairs can and we can't have it) is apparently too much to ask.
Sooner or later, people move houses, and they will remember the lousy service before deciding who to get broadband from. In the new place we can have it, but... no thanks.
Am I the only one thinking that it should be a criminal offence if ALL of the following is true:
- your company gets a hint by security researchers
- you don't give a fuck about it for months
- asked about it (when disclosed) you play it down
- you got caught out anyway with exactly that flaw, only days later, leaking personal data of millions
Plus some extra years behind bars if you live in denial and still treat it like no big deal.
I wonder if iBucket or iBin are registered trademarks already, because it clearly looks like one.
Re: Out that whole lot..
And..... Chopper Command! I loved that game.
If you showed that "wooden" console to kids these days, they'd think you built it yourself and are taking the piss...
I agree. Now they can officially call themselves sponsor, and in the next two years they will fork it, call it something different and license it to their [fill appropriate adjective here] corporate clients with too much cash available. Sounds much like Oracle "Unbreakable" Linux (RedHat Enterprise Linux clone).
Luckily RHEL is still alive and kicking, unlike MySQL which finds forks and replacements today, like for example MariaDB (with its main driver, the original developer of MySQL).
On other news, Oracle works on killing Solaris (so far a few enthusiasts with some commercial backing are holding up well - Indiana, SmartOS, Omni etc), and continues butchering Java.
OpenStack should have set a signal saying: No thanks Oracle, we don't actually want you to be our sponsor. But that takes guts and money from other sources. Too bad. It would have been great PR too.
fixed this for you...
"[...] and give people yet another reason to take our TERRIBLE service"
From my experience their service is dreadful at best, but YMMV
Re: They also want to add ask spyware
the Open Source variant is already there, and is called OpenJDK. Works just fine with most things. 
 In terms of Java "most things" means for me: server-side stuff. The "build once, run anywhere" slogan hasn't applied to client-side Java for about 5 years, if not more, because of the increasing dependency on operating system support (see article).
Next generation? Pffff
I've actually had the "pleasure" to work with their search product called IDOL. To be able to even get a glimpse into how that pile of steaming turd works, you need to attend a couple of multi-day courses. Once you've done that, you still need their consultants to help you get started.
It's the "next generation" in terms of getting a step closer to printing money. That was shamelessly displayed at some of their events, where they invited customers into top London hotels for fancy lunches. I did attend one of them, too.
Also worth experiencing: their former Cambridge head office with a massive massive fish tank in the middle of the lobby, or the Green Park London office.
No, Automony's software was not next generation in my opinion. But their approach to pulling in serious money from big institutions and governments, that was certainly next-next generation. So well done on that count, gotta give them that.
Maybe HP fell for their massive show-off, too, who knows...
"...and reducing the risk of unauthorised disclosure"
THAT is what he is really concerned about. It invalidates all the other points, which sound reasonable enough - at the face of it. And he's essentially admitting that none of this would have been required if they didn't screw up and got caught in the first place.
Anti Terrorism legislation again?
It's got fuck all to do with terrorism. Yet another example where that legislation is being abused because it's so convenient for the authorities to have all that extra power under those laws. But it is f***ing wrong!
Can we have the politicians and authorities authorising this abuse of power questioned under Anti Terrorism Acts as well please?
Re: Hmmm.... a Nanny State.
"When someone attacks your daughter and puts videos of it online, will you still be saying it's a nanny state who helps take them down?"
Of course not. I would them to hunt down and bring to justice the perpetrators. Pathetic net filters? No thanks. The content has to disappear, the offenders need to rot in hell.
What the US (and all their authorities, agencies, politicians and big companies) say and do really couldn't be more disjointed. And they don't even seem to be embarrassed when telling others about freedom, abiding by international law and other bullshit. That the FCC wants better protection so that others don't get to see the data they see, does hardly come as a surprise.
What else was in that mug before you wrote the article?
Not that I disapprove of it; I just need to know as it's Friday.
Great Job, Sweden!
I just hope other countries have the balls to follow suit.
The loss of public sector contracts hurts and is a blow for Google's image. That's the only language that global companies understand. While the EU knows already that it doesn't like Google's use of personal data, it is just too bloody slow in making a decision.
Sweden has done the right thing by setting an example. Well done!
The chairman [...] said Snowden “attempted to go places that he was not authorised to go” on the NSA’s network"
Funny. The NSA, too, attempted to go places that they were not authorised to go.
Truly shocking and frightening revelations these days... While many people (conspiracy theorists they were called; who's laughing now) suspected this, it's still hard to grasp that this really takes place, and has been for years.
And on the other hand you've got governments telling big players something about the difference of moral and legal when it comes to paying taxes. Hypocrisy all the way, and the entire electorate is being treated like a bunch of fools. Democracy turned upside down.
That argument will lead you nowhere, Nextweek. You are discussing about "nothing to hide, nothing to fear" with an Anonymous Coward! He's got to be joking.
Re: Not all cloud tech is bad
Quite frankly, in my opinion it's rather poor sport to use this subject as an opportunity to place advertisement for your company in a discussion forum, YevP.
Would be interesting to hear why those big players signed up when they did. Money? Political influence? As secretive as PRISM apparently was up until now, legal threats should have been fruitless due to the publicity they could have caused.
So what's the incentive for those companies to give up privacy of their users so willingly?
Will be interesting days ahead, as more details come to light. Sadly, I don't believe that this is only an American problem. I should re-read George Orwell's 1984 again. It seems to be the secret Bible of western politicians.
They indeed look desperate giving away licenses. On the other hand, who would seriously want (and buy) Office for an 8 inch device? There are free office document READERS for Android et al out there. That's about all you need in terms of office on a tiny fondleslab, unless you've got a very high pain threshold.
35 years, blimey. I remember too well playing Space Invaders, Pac Man, Chopper Command and other titles on my uncle's Atari Console as a young boy. He later gave it to me, and now my younger brother has it. Should really dig it out and fight some of those classic aliens again.
Re: To be fair to MS... @Eadon
Totally agree with you Don. If, in a corporate environment, there's an issue to solve, nobody wants to hear "let me check out forums and IRC". That's the downside of free as in beer. Expecting competent and individual support like you MAY find if you pay large license fees, isn't realistic. (By "you" I'm referring to people in general; I'm sure you're aware of it.)
So on the one hand you have a mega corp running the show on business desktops for almost two decades. They charge money for it, and can therefore afford to offer support (and are expected to).
On the other hand you've got free Linux (or *BSD or [now] Sun Solaris descendants like OpenIndiana, IllumOS, OMNI etc). The majority of developers who contribute will see no compensation for it. A few are lucky to be able to contribute as part of their day-jobs, because their employers have a strong interest in those things.
But you cannot reasonably expect support in the same way as you can from commercial options like Windows or *cough* Oracle Solaris etc.
For a business simple maths: If the costs (setup/maintenance/support/training) are lower or at least easier to foresee than the risk you may be taking with an unsupported, free product, you'll go for the safer option.
Of course there are commercial options available too: for example Red Hat. They offer great support, but that doesn't come cheap either. (Add to that the training for your staff who have never used Linux, and it's often not worth switching.)
Without any commercial backing which makes professional support for business customers possible, Linux will *never* conquer the desktop. But it's not a competition. At the end of the day, everybody should use what works for them, whatever the reasoning behind it. (I'm typing this on Fedora 18 on my laptop, and despite paying the tax for the pre-installed Win 7 Pro, I've removed Windows altogether).
I don't want to see a one-size-fits-it-all without any competition out there. The more options are available to the customer, the better it is for them, be it operating systems or window managers (Gnome, KDE and numerous others), or anything else for that matter.
Re: RE: VPN protocols PPTP and L2TP have largely been unaffected as they are too tricky to block
"If anything OpenVPN with SSL based VPN would be the biggest pain in the buttock to block as it's (to my knowledge at least) almost indistinguishable from regular HTTPS traffic. Especially so if utilized on port 443."
Indeed. Such a setup got me through any corporate firewall so far, which is necessary, because when I'm onsite with a customer, I can't have their own firewall stop me from doing my work for them.
The larger the company, the less likely they are to -quickly- poke holes into their firewalls for you, even though you are a sysadmin contractor. At the very least you end up filling out forms or running from A to B to find a person who can allow you to carry out the work which they pay you for..
So, OpenVPN on TCP/443 works perfectly well, even if there's a transparent proxy in the way.
I suppose the quoted Redditor in the article is doing just that, and offers it in a way that an average internet user can benefit from it. Everybody wins.
If the XPS was a bit cheaper, I'd be tempted to get one and try myself. But Ubuntu and its logos have got to go.
Would be interesting to know just how much effort Dell has put into the hardware drivers and whether they'd work with Fedora as well. Or maybe even FreeBSD...
i agree with fireman sam. WhatsApp has no predictable income stream from recurring fees, nor any other way of generating profit with the product as it is now.
Sooner or later they will take an offer, if the figure is high enough, and they'd be stupid not to.
That said, if Google or Facebook buy it, I'm out of there, because the next subsequent update will create the link between already known data (from Google's/FB's point of view) about you, and your phone number (which they may not yet know). That is also the reason why WhatsApp could be worth a hell lot of money for those companies.
"I call BS on the "it's too sleek for USB 3.0" thing. The entry level Samsung Chromebook has a 3.0 port."
Of course it's BS. Google has no interest whatsoever to facilitate decent local storage. It's against the very concept of this "laptop".
Everybody sees how M$ f***ed up yet again and thinks "the cloud is not an option". It's not *the* cloud. It's M$ who fucked up yet again in short succession, in their so-called cloud, which seems to be full of schoolboy errors and single points of failure.
The biggest SPOF sits at the helm of that company, still, for a reason which is beyond many people.
Re: Maybe 13 is the problem
"If you forbid something you make it more enticing. My attempts to quit eating pizza can attest to that :("
Pizza is banned? Damn now I want one too!
I agree that the adult generations keep trying to shift responsibility from themselves to governments, schools and whatever. Blocking/banning is the easiest way, but most certainly also the least effective.
Re: Any more detail?
"At the moment it's a bit like being told somebody's found a security hole in my PC. Well, that sounds bad, but it doesn't help me much, does it?"
No it doesn't help. They want you to PAY for that information. A small detail in the article, which I think should have been pointed out with more emphasis
At the moment we only know that there might be a vulnerability, without details. And we don't know yet whether anybody has bought it from them (or whether it's in the wild already).
Reminds me of those websites telling you that your computer is infected, just to pocket some money for their useless so-called anti-virus software, somehow.
Re: Adobe air updated for a reason
"Did anyone at adobe qa" -- QA at Adobe? That would be a first.
Re: Can they also ask France what they are going to do about their Champagne Dominance?
With this year's series of Lord Sugar's Apprentice, England got two strong new brands to change that: Grandeur and "English Wine Sparkling" :-)
(Beer, because even those brands aren't strong enough to compete with the most popular drink.)
It's all about publicity...
If Assange had gone to Sweden to clear his name (as suggested here) straight away, the whole case could have been closed rather quickly (with conviction or not, doesn't matter here).
But is that what Assange really wants?
Now it's been some 500 days of repeated nuisance in public media, both him personally as well as Wikileaks finding frequent mention. It certainly does help his cause, because it did spread the word about himself and Wikileaks.
I wouldn't be too surprised if he went to Sweden some day [*] and the whole case collapsed because the allegations don't hold water. (Part of me thinks it's a set up, anyway, and the girls withdraw the allegations in the near future, or the case is full of holes and Assange won't actually be charged for anything)
[*] some day, because I don't believe Assange admits defeat. Maybe he'll be on the run for a while, drawing other countries into this... You know, just to keep the media coverage rolling.
Problem exists between keyboard and chair...
I think we all know what the average user does when (especially security) warning messages appear: "Whatever!" - and click ok, yes, or whatever option provided in order to get to the content/functionality they wanted.
The more warnings they are confronted with, the lesser time they take to read them. Clicking ok becomes a habit.
And that's where the huge door for malicious stuff opens...
So many begrudging remarks... as if Sir Jonathan's knighthood changed anything for you. He'll be knighted, you probably won't (and me certainly neither). So what?
Congratulations, Sir Jonathan!
"is partly down to BOFH failure" -- You know, BofH's are certainly not infallible.
From my personal experience, most BofH's care a lot about security, but it's the execs and office workers who will _always_ prefer convenience over security.
That starts with easily memorable and often shared passwords; includes document sharing via free 3rd party services, which have never been okayed by company security policies, or passing USB sticks around (and losing them somewhere, unencrypted of course); and doesn't end with a lack of understanding that security costs money, but will turn out very cheap compared to actually losing data and fighting lawsuits for infringements or leakage of personal data and internal company documents, not to mention the devastating effect when it becomes public.
Also, many companies run tons of websites, and once they are out there, they won't be maintained or updated any more, because it doesn't make profit. Better to have staff working on new projects to make money rather than generating costs... that's the typical exec way of thinking.
Now, the bigger the organisation (read: company and government/authorities alike), the slower the process from spotting a necessary update or security issue to actually resolving it.
On a completely different note: If I was a hacker with malicious intentions, I'd hack a server in China, Brazil or Russia first, and originate further activities from there, because as soon as IPs from those countries appear in anyone's logs, most people almost automatically think "great, nothing we can do to track them down and kick their butts by legal means anyway"
Beer, because it's almost Christmas, and I better drink fast, because BofH's don't have a Santa Clause. They are haunted by Murphy, who always strikes on bank holidays.
"by guessing or brute forcing passwords"
They can't have been particularly strong passwords then... Some sort of preset password which worked in all 150 shops maybe? Embarrassing.
I wonder why his sister published this in the first place. Probably the same anti-social genes which Steve was known to possess. (ok, maybe not genes, because Steve was adopted, but you get the point)
You can love or hate Steve Jobs (and there doesn't seem to be much gray between these two extremes in his case) but for heaven's sake the man is dead. Leave him alone. Let him rest in peace, at least for a while.
Ok, so Apple never promised to be open source, and to everyone's surprise they indeed aren't open source. (Or just to Stallman's surprise)
Google on the other hand was announcing Android as open source initially, and we all know how they lock in vendors and go a pretty much non-open route with Android these days.
Stallman isn't stupid. Yet he seems to support Android (more or less subtly). If he keeps repeating himself in different words every other week, it makes me wonder if he might be on Google's payroll...
El Reg, please check the documents you link to
I'm quite frankly a little bit disappointed, ElReg, because if you had actually read the court filing, which you provided a link to, you would have noticed that on page 27 of the filing, which is ONE page before the picture you published here, the proportions are correct. (And in the rest of the entire document too)
So yes, your guess is right, it was apparently pictured like that to make a point regarding the UI.
Hell you don't even need to understand German. Just look at the pictures.
By the way, the filing was to a German court, not a Dutch court -- another case of bending the truth, as you put it yourself.
Worst research ever, and on top of that so obvious.
Which ecosystem are we talking about anyway? Android is in a mess. Dozens of manufacturers, none of them knowing today what they will be allowed or able to come up with next year.
The Android Marketplace not really gaining traction either. A lot more vulnerabilities and exploits than for any other mobile platform lately...
Android couldn't be more confusing to the end user than it is at the moment.
All fanboi-ism aside: iPhone/iOS/AppStore. THAT is an ecosystem. A handful of devices, one single OS, a massively successful appstore.
No it's not open. A lot of customers choose it anyway, and the majority stays with the brand later on. This working ecosystem generates lots of profit, and that's what the shareholders want to see. That's what keeps a company running and growing.
Now, if Google was to be trusted and Android was indeed intended to be open (which evidently it isn't), wouldn't that be a contradiction to an ecosystem? (per definition closed and generating profit)
Take off your halo, Google! You want to make money as much as any other big company out there. Except, you haven't quite figured out how to monetize your admittedly great ideas while wearing the false nice-guy costume.
Nice, in theory
The idea of a tool that can control and transform VMs (or their hypervisors respectively) between different hypervisors isn't exactly new, I would say. I'm sure many people have thought about it, and if you have migrated VMs from one to another, you know what a pain that can be.
Why has nobody come up with something like that before? Because it won't work. And probably it won't sell either.
If you look at big companies, they will try to avoid running a mix of different hypervisors. They've got support contracts in place with one of them, and even if they might be limited in their features, they'd rather stick with that then, because they know help from an expert is only a phone call away. None of those contracts covers interoperability with other hypervisors, and why should they?
Now, those guys here are working with RedHat first, unsurprisingly, because KVM hasn't got a great deal of market influence yet. For RedHat it's a way to make access to their KVM easier. They haven't got anything to lose by supporting a tool like that.
VMware? I see them laughing, rolling over the office floors, but I don't see why they would bother supporting a tool, which will potentially, or dare I say likely, drag customers away.
Amazon EC2, as shown in the diagram, haven't got a choice as to whether their platform is supported or not. They've made their API public. Anyone can use it. That is probably the easiest bit to support, and still it's massive work. Considering the different instance types, and even architectures they offer, it will still be far from easy.
Which brings me the to technical aspect. Storage formats for VMs differ, some of them require different drivers within the VM to unleash full performance, some support a vast range of guest-OS, others don't. Networking... some let you use the tools which your host OS provides, others build their own wrappers around. Yet again others can run on any Linux or even BSD as a host.
I guess you get my point. $10m will be used up in two years, not all of their vendors will be supported by then, and the tool will have a vast range of limitations and probably stay well behind current development.
I suspect we won't see any success stories from that company here on El Reg. But maybe I stand corrected in the end...
Insecure or not?
"Yes cloud computing is a load of hype and anyone who trust these big companies with your data are insane"
That's an argument which you hear everywhere, but is it true? Amazon for example has achieved PCI-DSS certification for their US-based data centres in November last year. That doesn't make it secure per se, but is the minimum requirement for many companies, especially those who accept online payments and store customer data.
95% of the web hosting offers you find, and a huge amount of in-house solutions, do not fulfil those requirements, because it's time consuming and expensive.
Many of those who are concerned about the data security in the cloud actually I run servers in their own office, ready to be stolen physically, or be destroyed by fires or floods (you would assume that it's common sense not to put servers into the basement of building in proximity to rivers, but you're wrong there).
In the majority of companies data protection exists on paper only, sometimes not even there.
And then there are of course lost and stolen laptops, unencrypted, and other human errors.
Hell, many companies don't even follow strict backup strategies at all!
Now that doesn't make the cloud look very bad in comparison, does it?
Amazon is really only one example, but synchronisation between multiple data centres or even continents is not difficult to achieve there. And there are many other offers out there to achieve the same.
However, it all comes down to the definition of "cloud". That term is about the broadest and most commonly misused/misinterpreted term in IT in a long time.
As always, the customer/user/sysadmin need to watch out and be careful in assessing trustworthiness of different solutions.
"share your personal data with the Chinese or Russians", is really just an opinionated statement, lacking substance or knowledge of what's out there and how it can be used relatively safely.
I'm considerably sick of the cloud and virtualisation hype, and how bad it is, and how dangerous for everyone and everything...
A sysadmin, who up to this point hasn't evaluated what virtualisation can offer and how he can use those things to improve his skills and portfolio, is not fit for the job. Instead of panicking about the threats, denying that virtualisation is inevitable in many (not all!) sectors, and clinging to what they know and have, we should all embrace the opportunities.
A sysadmin chooses to work in a highly volatile field, where job specifications and requirements move faster than in the majority of other sectors. We, the sysadmins, seek for challenges and new opportunities. We LOVE technology.
If a sysadmin looked away over the last couple of years thinking it's all not relevant for them, and virtualisation sucks anyway, then yes, they will probably have fallen behind current development and will face trouble catching up. They should be afraid, and rightly so. But it's not "the cloud's" fault.
And guess what: Even if you automate lots of things, virtualisation and the growing range of cloud services are very complex subjects, and it will never work without people who understand it and close the gap between services offered and companies who want to use it efficiently and securely.
Moreover, big companies can't and won't switch from physical to virtual infrastructure over night. It will take years of hard work, during which the sysadmin's job couldn't possibly be any safer.
so how is this worth an article?
I'm pretty sure anybody can watch plenty of pr0n on any iTool of their choice by using the onboard Safari browser.
The question is: "'Do we need this to be an article? Do we want it? Is it relevant to us?' The answer is: 'No, no and no'."
"There are many Linux users out there to convert to Solaris." -- I doubt that. Many Linux users want it for free and/or be able to do whatever they want with the code. You will not be able to convince any of them to even look at a binary-only commercial product at all.
More interesting is: What do the OpenSolaris fans and developers do now? Will they end up in the *BSD corner? Then Oracle's move was at least worth something!!
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Windows 8.1 Update 1 spewed online a MONTH early – by Microsoft
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON