68 posts • joined 5 Jan 2010
Wasn't Snapchat the respectable company which...
...not too long ago got repeated heads-ups from security researchers about their gaping security holes? Didn't they then talk it down just to get bitten by it big time just a couple of days later, revealing information that wasn't meant to be seen by those who lifted it? And then, shortly after, they were still talking the issue down?
Yeah, sure, let me give you my credit card details right now!
Pint of beer icon, because I'm looking forward to the headlines already...
"That's not regulation, that's your supplier refusing to sell you a product."
Not entirely correct, at least not for the previous poster's example.
In some countries, like Germany, you have to be resident to get a phone number assigned. Even Skype tells you that when you try to order a German phone number. The UK do not have such a regulatory requirement, and the majority of other countries don't either.
Averted disasters are beyond the beancounters' understanding
"The fact remains that had there not been a lot of time and money spent behind the scenes, the Y2k bug would have been a disaster, but it was averted by a lot of hard work."
That's how it always works if beancounters meet IT people... It's apparently a lot easier to justify big spends on disasters that have actually happened rather than preventing them.
For that reason many companies have poorly maintained sites and code and infrastructure in production use, and any attempt by eager developers, system and network admins to get some cash for long overdue (disaster prevention) maintenance is rejected ("no budget for that")... until a big disaster happens, and then management suddenly asks "what can we do to prevent this from happening in the future"? But nothing ever changes, although the answer is bloody obvious.
Very interesting read. Bravo!
Re: More like 2000
Precisely. Solaris Zones (and now SmartOS) and FreeBSD Jails are probably the most solid container options and have been for a number of years. But anyway, there has been a whole bunch of options for well over a decade, indeed.
Colbert's claim is a little bit far fetched. But I suppose when it comes to getting yourself into the spotlight in order to sell something, facts are irrelevant.
"Regrettably, competing companies on both sides of this issue refused to come to agreement on how to achieve that goal."
It was always obvious that in the US lobbies make the laws and politicians are nothing but muppets, but it's still shocking to have that confirmed so clearly.
And now the white flag is being waved, because politicians are so bloody dependent on the money from lobbyists that they can't act at all any more without their approval? WTF!
Re: Limited window of opportunity
Alternative to, say, a Lenovo X1 Carbon? Hardly. I'll stick with mine. Runs Linux splendidly (and Windows, if you have to), has built in 3G, last 8 hours on battery. Don't want an overpriced we-want-to-compete-with-everything-and-give-you-Win8-on-top-of-that device.
Participation shouldn't be optional, though. All financial institutions, insurances, health care etc should be tested without warning, repeatedly. And they should always be aware that they can be pen-tested.
Nontheless, a step in the right direction!
Re: Their web page is already snooping...
Check out the Ghostery plugin for most browsers. It filters a lot of s**t out and tells you in an un-intrusive way what it filtered, so that you can allow exceptions if you ever have to.
It's always the same argument: legacy applications not supporting a newer OS version. A part of me wants to say "fair enough". But with an EOL heads-up in 2008, and legacy applications which must have been legacy since then, what have their IT departments been doing with taxpayer's money in the meantime?
5+ years isn't too short of a notice for any number of software or hardware products to be replaced. Probably the actual IT guys have been told by management to not be drama queens since they first mentioned it, repeatedly. And now, with custom contracts (presumably not exactly cheap), more money is going to be wasted. In many companies heads would be chopped off for this; not so in the public sector, where they can spend money which isn't theirs anyway...
Yeah I know, some big corporate entities are no better, but at least they are not spending my money.
Article made me chuckle
NoSQL is probably one of the biggest hypes of the last few years and certainly makes sense for many applications. But it's not a one-size-fits-it-all for everything, contrary to how it's sometimes being advertised.
Great to see a company stepping up and saying: "we've tried it, but didn't work. SQL is not so bad after all, depending on what you ACTUALLY need"
Use what makes sense for your application, not what everybody else is raving about!
Re: Comprehension fail.
Have an upvote for each of your posts for the level of detail! Cheers mate.
The insurance fee is indeed a very valid point, which we have come to accept (or at least live with) in return for the ability to get transactions reverted.
Re: Comprehension fail.
I didn't say that 20% of all transactions were fraudulent. So if you feel like being patronising, at least read what I wrote and not what you think I may have intended to write.
I still think 20% success rate for fraudulent transactions is too high. And I did not say that banks and card providers do better, or worse. It was an isolated statement. The reference to the partying bankers was because the Mt Gox cockup is a blow for Bitcoin as a whole as seen by the public (you know, the lesser knowledgeable people; include me there, if you like). It's much the same as everybody complaining about banks in general after Barclay's (or any other bank of your choice) has screwed up yet again.
For any payment method (or currency) to be successful and stable you need a large group of people and businesses using it. The lesser people know, the more they will be put off by negative headlines.
But if we want to go there and draw a comparison between traditional banking and Bitcoin, the people on here who know more about Bitcoin may be able to answer this: Who do you turn to in order to get a refund?
I've had a few fraudulent transactions against my credit cards over the years. Either the bank spotted them straight away, or I did spot on the statement -- and I always got them refunded. Does Bitcoin have a similar safety net?
And does anybody have stats that confirm the success rate for fraudulent transactions in traditional banking?
Genuine questions, which belong together if you want to compare success of fraud! To be honest I'm relatively indifferent when it comes to Bitcoin. For me personally Bitcoin is not an option because of its fluctuations and lack of shops where you can buy stuff with it. That may well change in the futute, albeit a bit further in the future after cockups like this one. That wasn't the subject though.
It's somewhat interesting that those pointing out that almost 20% is still an outrageously high figure got downvoted. I'm not per se against Bitcoin. But I cannot believe that anybody, fanboi or not, thinks 20% is acceptable. On top of that it invalidates Bitcoin's claim of being oh so super secure.
And to add insult to injury, it also points out that the big players (or former big players in case of MT Gox) in the bitcoin business may not be 100% honest, to put it mildly.
The whole MT Gox situation is a huge blow for bitcoin, because it was their biggest public exchange.
Those are facts, which even Bitcoin owners and traders can't dismiss.
It's a pity though, because the bankers will celebrate this for some time to come.
"It's all about the cake that is baked with the ingredients, not the ingredients themselves."
That's what common sense would tell us. However, when it comes to software and hardware patents (which overlap to a certain extent), it seems to be all about abstract ingredients. The US (and other countries with similar laws) got that fundamentally wrong. Now the poor judges have to listen to that shit.
A pay cut would instantly encourage me to wish them well in finding replacement, effective on the day the pay cut kicks in or after (in my case usually) two weeks notice period, whatever comes first. It's a matter of principle: You appreciate my work less? Alright, somebody else will appreciate it more.
Only people who underestimate their own value and potential would accept to be treated like that, while the bonuses in the same company rise.
It would be a completely different story if the company was on the brink of bankruptcy AND I had been treated with respect AND this was mutually agreed. None of that was the case here. If Barclays get away with it, there must be a high percentage of IT contractors who lost their balls.
What Facebook really gains....
...is access to phone numbers, because WhatsApp uses your phone number to identify you. So next up on Facebook's ignorance towards healthy privacy policies: "You didn't enter your phone number in your Facebook profile. We fixed that for you. You can opt out of this service, including public visibility which is initially activated, as soon as we completed that feature. You're welcome."
"Not that FTTP infrastructure is significantly more expensive than FTTC, just that they couldn't also then continue to rake in the £15+ per month per install in line rental for the land-line phone that many people no longer want / need"
They do that regardless. I'm one of the very few lucky people who have FTTP. They wouldn't sell it to me without phone line (via fibre; the old copper line is no longer connected).
I'm not complaining, though. If anything, they should be forced to significantly reduce prices for traditional copper broadband, because FTTP is in a different league altogether, throughput and latency-wise.
"Anyone else think it irresponsible to publish the code the flaw [...] ?"
That's the eternal question whether full disclosure is good or bad.
The point of it is to force the product owners to get their act together ASAP, after they were given a heads-up usually months before, including a proof or working exploit code - without success. That's, unfortunately, often the only way to get flaws into the spot light and fixed.
Without full disclosure, it's a question of time until a black hat discovers the same thing (if they haven't already). But they won't tell the developers about it. They instead sell it on the black market where it can be purchased and used by other people with malicious intentions, for a sometimes very long period of time.
Full disclosure may cause an uproar and short negative impact, but ultimately it's better for the user that the issues are addressed quickly and the security holes closed.
Again, full disclosure rarely happens without giving the makers of a product plenty of time to fix it first. It's a matter of "sorry, we told you, but you keep ignoring or playing down the problem".
"it most certainly had the money to get decent legal advice"
I'm sure Google did. The question to their lawyers was: How far can we go and what's the maximum fine at stake? They, too, then decided it was pocket money and well worth the risk.
Privacy laws (and the fines for breaching them) appear to be little more than a joke. This has to stop.
"NHS Scotland has 3,603 PCs with 3,537 on Windows XP and the same number on IE6."
"NHS Scotland beginning its shift relatively late, in July 2013."
So that's 66 PCs updated in 6 months, or 11 per month on average. (IF the 66 PCs were running XP and not another OS.) They want to be over and done with it in the third quarter? Right, not at that pace. Or they meant Q3 sometime in the 22nd century.
They might want to check out CyberStreet (see other El Reg article). Seems they can learn a few bits and pieces there.
Same in the property we previously lived in. BT line quality was dreadful there, so I checked with Virgin. Their online checker said: good to go. Called them just to find out that it was apparently not possible to have it, however. Some wishy-washy reason was given. Interestingly the neighbours upstairs and at least one neighbour to either the left or right had it (according to wireless SSIDs being broadcast). But we couldn't have it. Still we received flyers saying that it was available to us too. So I called them again a few weeks later, same outcome.
I have to conclude that they could possibly connect us, but it would have caused extra work for them. Given their cheap rates, any manual labour (including in-depth investigation why neighbours upstairs can and we can't have it) is apparently too much to ask.
Sooner or later, people move houses, and they will remember the lousy service before deciding who to get broadband from. In the new place we can have it, but... no thanks.
Am I the only one thinking that it should be a criminal offence if ALL of the following is true:
- your company gets a hint by security researchers
- you don't give a fuck about it for months
- asked about it (when disclosed) you play it down
- you got caught out anyway with exactly that flaw, only days later, leaking personal data of millions
Plus some extra years behind bars if you live in denial and still treat it like no big deal.
I wonder if iBucket or iBin are registered trademarks already, because it clearly looks like one.
Re: Out that whole lot..
And..... Chopper Command! I loved that game.
If you showed that "wooden" console to kids these days, they'd think you built it yourself and are taking the piss...
I agree. Now they can officially call themselves sponsor, and in the next two years they will fork it, call it something different and license it to their [fill appropriate adjective here] corporate clients with too much cash available. Sounds much like Oracle "Unbreakable" Linux (RedHat Enterprise Linux clone).
Luckily RHEL is still alive and kicking, unlike MySQL which finds forks and replacements today, like for example MariaDB (with its main driver, the original developer of MySQL).
On other news, Oracle works on killing Solaris (so far a few enthusiasts with some commercial backing are holding up well - Indiana, SmartOS, Omni etc), and continues butchering Java.
OpenStack should have set a signal saying: No thanks Oracle, we don't actually want you to be our sponsor. But that takes guts and money from other sources. Too bad. It would have been great PR too.
fixed this for you...
"[...] and give people yet another reason to take our TERRIBLE service"
From my experience their service is dreadful at best, but YMMV
Re: They also want to add ask spyware
the Open Source variant is already there, and is called OpenJDK. Works just fine with most things. 
 In terms of Java "most things" means for me: server-side stuff. The "build once, run anywhere" slogan hasn't applied to client-side Java for about 5 years, if not more, because of the increasing dependency on operating system support (see article).
Next generation? Pffff
I've actually had the "pleasure" to work with their search product called IDOL. To be able to even get a glimpse into how that pile of steaming turd works, you need to attend a couple of multi-day courses. Once you've done that, you still need their consultants to help you get started.
It's the "next generation" in terms of getting a step closer to printing money. That was shamelessly displayed at some of their events, where they invited customers into top London hotels for fancy lunches. I did attend one of them, too.
Also worth experiencing: their former Cambridge head office with a massive massive fish tank in the middle of the lobby, or the Green Park London office.
No, Automony's software was not next generation in my opinion. But their approach to pulling in serious money from big institutions and governments, that was certainly next-next generation. So well done on that count, gotta give them that.
Maybe HP fell for their massive show-off, too, who knows...
"...and reducing the risk of unauthorised disclosure"
THAT is what he is really concerned about. It invalidates all the other points, which sound reasonable enough - at the face of it. And he's essentially admitting that none of this would have been required if they didn't screw up and got caught in the first place.
Anti Terrorism legislation again?
It's got fuck all to do with terrorism. Yet another example where that legislation is being abused because it's so convenient for the authorities to have all that extra power under those laws. But it is f***ing wrong!
Can we have the politicians and authorities authorising this abuse of power questioned under Anti Terrorism Acts as well please?
Re: Hmmm.... a Nanny State.
"When someone attacks your daughter and puts videos of it online, will you still be saying it's a nanny state who helps take them down?"
Of course not. I would them to hunt down and bring to justice the perpetrators. Pathetic net filters? No thanks. The content has to disappear, the offenders need to rot in hell.
What the US (and all their authorities, agencies, politicians and big companies) say and do really couldn't be more disjointed. And they don't even seem to be embarrassed when telling others about freedom, abiding by international law and other bullshit. That the FCC wants better protection so that others don't get to see the data they see, does hardly come as a surprise.
What else was in that mug before you wrote the article?
Not that I disapprove of it; I just need to know as it's Friday.
Great Job, Sweden!
I just hope other countries have the balls to follow suit.
The loss of public sector contracts hurts and is a blow for Google's image. That's the only language that global companies understand. While the EU knows already that it doesn't like Google's use of personal data, it is just too bloody slow in making a decision.
Sweden has done the right thing by setting an example. Well done!
The chairman [...] said Snowden “attempted to go places that he was not authorised to go” on the NSA’s network"
Funny. The NSA, too, attempted to go places that they were not authorised to go.
Truly shocking and frightening revelations these days... While many people (conspiracy theorists they were called; who's laughing now) suspected this, it's still hard to grasp that this really takes place, and has been for years.
And on the other hand you've got governments telling big players something about the difference of moral and legal when it comes to paying taxes. Hypocrisy all the way, and the entire electorate is being treated like a bunch of fools. Democracy turned upside down.
That argument will lead you nowhere, Nextweek. You are discussing about "nothing to hide, nothing to fear" with an Anonymous Coward! He's got to be joking.
Re: Not all cloud tech is bad
Quite frankly, in my opinion it's rather poor sport to use this subject as an opportunity to place advertisement for your company in a discussion forum, YevP.
Would be interesting to hear why those big players signed up when they did. Money? Political influence? As secretive as PRISM apparently was up until now, legal threats should have been fruitless due to the publicity they could have caused.
So what's the incentive for those companies to give up privacy of their users so willingly?
Will be interesting days ahead, as more details come to light. Sadly, I don't believe that this is only an American problem. I should re-read George Orwell's 1984 again. It seems to be the secret Bible of western politicians.
They indeed look desperate giving away licenses. On the other hand, who would seriously want (and buy) Office for an 8 inch device? There are free office document READERS for Android et al out there. That's about all you need in terms of office on a tiny fondleslab, unless you've got a very high pain threshold.
35 years, blimey. I remember too well playing Space Invaders, Pac Man, Chopper Command and other titles on my uncle's Atari Console as a young boy. He later gave it to me, and now my younger brother has it. Should really dig it out and fight some of those classic aliens again.
Re: To be fair to MS... @Eadon
Totally agree with you Don. If, in a corporate environment, there's an issue to solve, nobody wants to hear "let me check out forums and IRC". That's the downside of free as in beer. Expecting competent and individual support like you MAY find if you pay large license fees, isn't realistic. (By "you" I'm referring to people in general; I'm sure you're aware of it.)
So on the one hand you have a mega corp running the show on business desktops for almost two decades. They charge money for it, and can therefore afford to offer support (and are expected to).
On the other hand you've got free Linux (or *BSD or [now] Sun Solaris descendants like OpenIndiana, IllumOS, OMNI etc). The majority of developers who contribute will see no compensation for it. A few are lucky to be able to contribute as part of their day-jobs, because their employers have a strong interest in those things.
But you cannot reasonably expect support in the same way as you can from commercial options like Windows or *cough* Oracle Solaris etc.
For a business simple maths: If the costs (setup/maintenance/support/training) are lower or at least easier to foresee than the risk you may be taking with an unsupported, free product, you'll go for the safer option.
Of course there are commercial options available too: for example Red Hat. They offer great support, but that doesn't come cheap either. (Add to that the training for your staff who have never used Linux, and it's often not worth switching.)
Without any commercial backing which makes professional support for business customers possible, Linux will *never* conquer the desktop. But it's not a competition. At the end of the day, everybody should use what works for them, whatever the reasoning behind it. (I'm typing this on Fedora 18 on my laptop, and despite paying the tax for the pre-installed Win 7 Pro, I've removed Windows altogether).
I don't want to see a one-size-fits-it-all without any competition out there. The more options are available to the customer, the better it is for them, be it operating systems or window managers (Gnome, KDE and numerous others), or anything else for that matter.
Re: RE: VPN protocols PPTP and L2TP have largely been unaffected as they are too tricky to block
"If anything OpenVPN with SSL based VPN would be the biggest pain in the buttock to block as it's (to my knowledge at least) almost indistinguishable from regular HTTPS traffic. Especially so if utilized on port 443."
Indeed. Such a setup got me through any corporate firewall so far, which is necessary, because when I'm onsite with a customer, I can't have their own firewall stop me from doing my work for them.
The larger the company, the less likely they are to -quickly- poke holes into their firewalls for you, even though you are a sysadmin contractor. At the very least you end up filling out forms or running from A to B to find a person who can allow you to carry out the work which they pay you for..
So, OpenVPN on TCP/443 works perfectly well, even if there's a transparent proxy in the way.
I suppose the quoted Redditor in the article is doing just that, and offers it in a way that an average internet user can benefit from it. Everybody wins.
If the XPS was a bit cheaper, I'd be tempted to get one and try myself. But Ubuntu and its logos have got to go.
Would be interesting to know just how much effort Dell has put into the hardware drivers and whether they'd work with Fedora as well. Or maybe even FreeBSD...
i agree with fireman sam. WhatsApp has no predictable income stream from recurring fees, nor any other way of generating profit with the product as it is now.
Sooner or later they will take an offer, if the figure is high enough, and they'd be stupid not to.
That said, if Google or Facebook buy it, I'm out of there, because the next subsequent update will create the link between already known data (from Google's/FB's point of view) about you, and your phone number (which they may not yet know). That is also the reason why WhatsApp could be worth a hell lot of money for those companies.
"I call BS on the "it's too sleek for USB 3.0" thing. The entry level Samsung Chromebook has a 3.0 port."
Of course it's BS. Google has no interest whatsoever to facilitate decent local storage. It's against the very concept of this "laptop".
Everybody sees how M$ f***ed up yet again and thinks "the cloud is not an option". It's not *the* cloud. It's M$ who fucked up yet again in short succession, in their so-called cloud, which seems to be full of schoolboy errors and single points of failure.
The biggest SPOF sits at the helm of that company, still, for a reason which is beyond many people.
Re: Maybe 13 is the problem
"If you forbid something you make it more enticing. My attempts to quit eating pizza can attest to that :("
Pizza is banned? Damn now I want one too!
I agree that the adult generations keep trying to shift responsibility from themselves to governments, schools and whatever. Blocking/banning is the easiest way, but most certainly also the least effective.
Re: Any more detail?
"At the moment it's a bit like being told somebody's found a security hole in my PC. Well, that sounds bad, but it doesn't help me much, does it?"
No it doesn't help. They want you to PAY for that information. A small detail in the article, which I think should have been pointed out with more emphasis
At the moment we only know that there might be a vulnerability, without details. And we don't know yet whether anybody has bought it from them (or whether it's in the wild already).
Reminds me of those websites telling you that your computer is infected, just to pocket some money for their useless so-called anti-virus software, somehow.
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...