765 posts • joined 30 Jan 2010
Know thy data
If you have a large enough dataset, you can make it say anything if you look hard enough. Just look at all the hidden messages in the bible.
This problem with thinking a larger data set will give you a better answer is not a new problem. (It was very recently discussed in the latest episode of the BBC More Or Less podcast) Their famous example was the 1936 Presidential election where a magazine undertook a poll to forecast the election result - and got it wrong. Yet a much smaller Gallup poll got the answer right.
(For those of us who have a passing interest in the use & abuse of numbers & statistics, the More Or Less podcast is an excellent weekly listen.)
Re: Social skills and techies
[They are] hugely intelligent and knowledgeable people who understood their subject brilliantly and didn't understand their fellow human beings at all.
Sounds like a case of Asperger's/Austism: Something which appears to be more frequent in the IT world.
Eric Raymond's (in)famous quote
"Much of what looks like rudeness in hacker circles is not intended to give offence. Rather, it's the product of the direct, cut-through-the-bullshit communications style that is natural to people who are more concerned about solving problems than making others feel warm and fuzzy."
Cutting through management waffle is fine. Being derogatory I don't think is necessary.
Re: @ ShelLuser
With NDS, you only needed console access if you needed to run DSREPAIR to fix NDS corruption. Fixing your main authentication database is not something you'd give to a PFY. All other day to day tasks (including managing replicas and partitions) was handled via Windows client tools which used NDS access rights to control who could do what.
Not only did the SMTP module have ZERO security, it allowed the free relaying of any messages sent to it, from ANYWHERE on the internet to anywhere.
From memory, the SMTP gateway would accept messages from anywhere to anywhere, but would only pass on what it was supposed to pass on. This behavior was a pain, as many security people claimed the gateway was an open SMTP relay, when it only appeared to be an SMTP relay. It was quite late in the day that they fixed this behavior.
Re: Was it hell....
early Active Directory, and Domains before it were a joke
A colleague went on an NT(4?) course. He was told to put as few details as possible into objects (and definitely no pictures!) as the domain/AD syncing was terrible: When an object changed, Windows had to sync the entire object, and not just the changed attributes. I also seem to recall that Windows synced by polling for changes, whereas NetWare was event driven and would only talk when needed to.
I assume that's changed by now...
Re: Was it hell....
Novell's other problem was being heavily command line based it looked old fashioned against Windows servers GUI's, which helped sell Windows where you had some clueless CIO making the decisions
I remember someone saying that MS pitched early versions of Windows Server as being so much like normal desktop Windows, you didn't need a techie to run it, your secretary could do it in their spare time.
Being a techie, I loved the NetWare command line. I remember many times bring up a server (server -ns -na) and manually loading drivers and binding protocols to rescue a broken NetWare box.
Novell always felt that its NetWare Loadable Module application server deserved more attention than developers were willing to give it.
The problem with writing NLMs was the development cycle: Write, compile, copy to server, run, crash, reboot server, repeat. This was due to NetWare not having a protected memory model like *nix or Windoze NT.
Once VMware came along, you could cut that cycle short with snapshots, but by that time, the writing was on the wall for NetWare.
Another problem with writing NLMs was documentation. Hardly anyone wrote about writing NLMs.
They tried to improve things by porting Java to run on NetWare, but the documentation for the NetWare libraries wasn't much better, as far as I can remember.
[T]he first commercial NLM was Cheyenne Software's ARCserve [...] I've no way of knowing if there's a single line of code that's made the journey.
I hope not. Cheyenne ArcServe was a very unreliable piece of backup software on NetWare.
Re: Hogwart's Express
And for those who wish, you can actually have your photo taken at a little "Platform 9 3/4" thing at King's Cross. Admittedly it's not in the movie location...
Before the big refurbishment at King's Cross, they actually had the trolley down near the end of Platform 9 on a wall between platforms 8 & 9. It was a bit grubby and not too well thought out. The new place is much better and easier for people to get to.
Re: Almost every developed country seems to do much better
For my next long journeys, flying or going by car will take precedence largely due to the lack of one major modern convenience on trains: data.
Because you'll be using your smartphone whilst driving..? Or are you going to employ a chauffeur?
Doesn't the Hogwart's Express leave King's Cross, rather than St. Pancras?
Last night's ending was....*sigh*
The writers appeared to have built up to a crescendo: The Tardis was off-limits and the air was being removed from the train. Then the writers realised that they only had 30 seconds of the episode left, so they cut to the end with the Doctor saying: "Yeah, I saved everyone".
A textbook example of an anti-climax.
I'm warming to Capaldi as the Doctor. I think he could be a great doctor. But Clara and the stories (which just seem to revolve around Clara in some random way) just let the whole thing down. They need an assistant who isn't some cutesy pretty thing who just adds eye candy and adds no value to the stories about the Doctor (yes, Doctor Who is supposed to be about the Doctor!).
Imagine the fireworks if they had a strong character like Donna with the Capaldi Doctor. Donna acted as the Doctor's moral compass and wasn't afraid to stand up to him. The moral decisions about the moon in the last episode or lying to the woman about to die in this episode? A Donna-like character would have had a field day arguing with the Doctor over them.
The mechanic could also be a great 2nd assistant: Helping the Doctor to maintain the Tardis and help track Gus down too. (Hey, the mechanic could even *BE* Gus!)
Re: But the CEO made money.
There's a WSJ story where they say that the sale was pre-planned back in March. In fact, the CEO has been regularly selling stock at the start of the month. Seeing as his company's stock had doubled in 12 months, it seems a sensible investment strategy to sell some off.
Everyone is missing the bigger story here
That Apple have broken their vow of silence and have spoken to El Reg!
It's not dead
it's just sleeping.
I think El Reg's headline & sub-head for the article are, at best, misleading. Apple are not going to introduce a new ban emulators, which is implied by the sub-head. Emulators, et al, have been banned since day one. All Apple are doing, is closing a loophole people used to side step the original ban.
Re: I can't think of Alan Turing without thinking of the radio series Hut 33!
The engineers who came to install it and switched it on, told me not to switch it off until after the war.
Indeed. Values lasted much longer without being power cycled.
(But I don't thing Amorous Cowherder was being serious, so up votes for both of you)
Re: Separation of handset and OS
I wonder how long it will be before we see a separation between handset and operating system?...Why the heck can't I buy a mobile phone and then buy an OS to go on it?
It'll be a niche thing. For 99.9% of mobile phone buyers, they just want to take their shiny toy out of the box and use it straight away. Just like most people want to take their computer/laptop out of the box and use it straight away, without having to insert floppy discs/CDs/Whatever to install the O/S. And as the O/S is practically free (Especially in the case of Windows Phone) you'd save very little money.
Apple, Microsoft, Google, etc, know the money isn't in the phone. It's the stuff you buy to go with your phone i.e. App Store. (or the information they can slurp off remotely about you to send you targeted adverts)
am I being dumb?
No, you're not. You're just not in the mainstream of people who buy mobiles.
Fair point. I've just re-read the article, and it clearly says the aim was to improve rural broadband. I thought t was just about improving mobile signal. Have an upvote.
Operators - Pah.
The operators supplied Ofcom with details of where they did not have coverage.
Translation: They went to their public website and consulted their public coverage maps (Which are created by marketing droids) rather than speak to their RF engineers (who actually know a thing or two about signal propagation)
B. 2g is ridiculous and 3g is the *minimum*. Data is equally important as voice these days
I disagree: 3G is not essential. Do you really need to use Twatter or Plebbook out in the countryside? For those of us who regularly experience not-spots, better 2G for voice & text would be fantastic. Sure, email would be nice, but some of us were running email over GSM before 3G came on the scene.
Since the Dr. Who reboot with Christopher Eccleston, I've been a Who fan, trying to watch the latest episodes as they air. But the latest Doctor...
I can't decide if it's crap scripts, or Capaldi's portrayal of the Doctor., but I feel this is the worst of the rebooted Doctors. Tonight's episode was yet another weird, unsatisfying story.
Disclaimer: This is my opinion. You may have a different opinion - and that's perfectly fine with me. The world would be dull if we all agreed all the time.
I know I'm only a lowly geek, but I'm confused...
- If a company is loosing money and shrinking, it fires staff.
- If a company wants to expand, it fires staff.
So when does a company actually hire staff?
The Brightside Group is confident that the integrity of its network and system remains secure and compliant
Er, if your systems are secure and compliant, how did you get hacked? And what have you done to prevent the same thing happening again?
Let's hope the version has a user interface suitable for use on a server...
Oh please let's hope that they've replaced that awful Flash UI with something decent based on HTML & AJAX.
Developers are human
There are some comments here about the trivial amounts of the rewards for finding/fixing security flaws. I took the whole tone of the article differently: Treat your developers as humans. Give them credit where credit is due. Don't punish them for mistakes (Although ribbing them over a beer is OK)
All in all, basic stuff that any manager, at any level, in any line of work, should be doing.
Unfortunately, few managers appear to know how to manage.
If you're continuously updating & releasing code, you don't have to do anything special to quickly release another revision of code to fix a security bug.
I took it to mean that instead of assuming an attacker will take control of one (and only one box) assume they have control of multiple boxes.
But the company also made some major mistakes. It [..] wasted time and money writing for IBM's ill-fated OS/2 operating system, spent more developing the Notes email system..
I don't think you can punish Lotus for developing for OS/2. At the time, it made business sense. e.g. didn't some of the banks run OS/2 internally?
And I don't believe Notes (More than an email system, as others have mentioned) was a flop. Sure, it didn't stand a chance once MS parked their tank on the lawn, but it was widely used at the time,
Card clash detection
How are TFL detecting card clash?
Re: And I thought that I would never see a bit of bash scripting on a mainstream site
But really, if this "allows remote code execution" is only applicable if you have open web services that spawn bash to serve remote requests, most desktop systems are unaffected
Oh boy no! This is what the fuss is about. Bash is used in *lots* of places in a *nix system and is exploitable in numerous ways because of it. There's a proof of concept here for attacking clients via DHCP.
Re: Lot of ignorance from the IBM crowd here
trying to trash talk and spread negative rumours of the SPARC M7 cpu. For instance, say that the M7 memory protection new functionality is nothing more than an ordinary MMU. Well, if you read the released information, instead of speculate, you would see why it is not an ordinary MMU:
The second link has no mention of memory protection that I can see. It just talks about the hardware decompression.
The first link has this to say:
On the Java front, the Sparc M7 has new memory protection features and virtual address masking that will make Java garbage collection easier and more deterministic, according to Fowler. [snip]
The S4 core, for instance, has special instructions to ensure application data integrity, which is done in real-time and which safeguards against invalid or stale memory references and buffer overruns for both Solaris running C and C++ applications and the Oracle database.
Which says bugger all more than the El Reg article.
I'm not trying to bash (pardon the topical pun) Oracle or you, MadMike. I'm genuinely interested in what Oracle (claim to) have done to improve security.
the licence fee is only 150 BEELION dollars
Or one new yacht for poor, hard up Larry...
Larry appears to have made a song 'n' dance about memory protection being baked into the silicon.
But hasn't memory protection been around for years in CPUs with MMUs? What's different between the features a standard MMU has and Larry's new toy?
Isn't the output totally predictable, if you know the hash function and the input data
You'd hope so, otherwise the output would be random, and comparing two hashes to see if their input was the same is pointless.
Re: Do they not have the capacity or capability...
I believe the cloud providers give you resilience by having servers spread across regions & data centres - which are supposed to be isolated from one another in every way possible.
I'd have thought Dihydrogen Monoxide would sound even scarier.
When are they going to fix the killing of battery life they introduced with iOS 8.0?
...as to who to side with on this one. I want to hate them both.
Re: Very interesting
Or at least a way for us to tell if our SSDs have supercapacitors onboard.
Re: Will the German government be sensible?
@Ross & @Steve Todd
The EULA CANNOT remove rights and legal obligations under criminal law
In the UK, a contract cannot override any law. But I believe in America this isn't the case. A quick google shows this page www.law.cornell.edu/wex/contract
"[The contract] may override many of the rules otherwise established by state law."
Re: why use a proprietary one when the are free open standards available
Er, but isn't FLAC free and open source? Or have I missed something?
Repeat after me:
"Never trust input"
It's a sad state of affairs when a company quickly fixing a security hole (and thanking the person who discovered it) makes the headlines.
Re: Not a fan of Ellison.
I would take it a step further, and say any kind of leader (not just CEO) needs to have passion and vision for what they're doing.
- Crawling from the Wreckage Want a more fuel efficient car? Then redesign it – here's how
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Human spaceships dodge ALIEN BODY skimming Mars
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
- Downrange Are you a gun owner? Let us in OR ELSE, say Blighty's top cops