1200 posts • joined 10 Mar 2010
What do YOU think?
I think Microsoft should have the courage to push this as the intended path. If they're going to take up the whole screen with what is otherwise a glorified and dumbed-down Start menu, they might as well make it useful.
@CadentOrange - Re: Windows XP
Fair enough - no problem then.
Are Windows XP clients vulnerable or did Microsoft fix it in the final set of patches? If not, maybe they should consider one final final patch.
@Neoc - Nuke the memory
That was my first thought, but then I read the detailed code analysis linked to in the article. The 64K sent back is copied from the attacker's payload. As the attacker's payload is only one byte, the rest comes from whatever is in process memory after the received payload.
Shocking that when they finally catch one of the bastards behind this odious scam, they don't bang him away for 5 years+.
Re: Argument is pointless
Agreed - you need to have the in-house expertise and (I like your point here) follow standards with the intention of securing your information, not just avoiding liability.
My point is mainly about the feeling that it is no longer possible to trust in others for your own security, so you have to look to your own capabilities.
Inevitably smaller companies will have to outsource in some way, but at least they should be able to address the point about keeping sensitive data in-house. And they should be aware that anyone who offers a service based on "trust me" should perhaps be avoided.
Argument is pointless
I can't be moved to waste effort analysing IBM's statement and Schneier's response. It seems to me that the existence of secret orders and mechanisms to access data, and the use of gagging orders to prevent disclosure, mean that even if IBM were telling the complete truth its customers still couldn't trust that their data hadn't been extracted.
Better to accept this reality and assume that any data which is held outside of your direct control is subject to access by government agencies (and criminals, for that matter), and design your data handling accordingly.
And that means : if your data is sensitive, keep it in house and only transmit it using encrypted channels with keys that you and the recipient alone know.
You can still comply with legal requirements for access, but at least you'll know about it.
Re: Just to ward off the obvious comments.
I thought the most obvious comment was Tiny T-Rex - Marc Bolan?
Backdoor / Security weakness
It's probably all a matter of perspective, but if it provides privileged access to the user's data and it is not possible for the user to disable it, then I'd say it certainly is a security weakness.
If in addition it is undocumented and not necessary for the correct operation of the device, then I have no doubt that 'Backdoor' is the correct term. It doesn't really matter what its purpose is.
Re: Upwardly mobile?
Do they also think that painters and sculptors are just "working their way up" to managing and owning an art studio?
Excellent way of putting it.
Re: ... 'email me the pint instead'
Me too, please.
"The Madrid study tested someone looking at the equivalent of a 100watt light bulb, at a distance of 12 inches for 12 hours a day
Not that I lean much towards the PETA extreme, but I do find it repulsive that people are still doing nasty things to animals just to provide marginally useful data.
Dark matter killed the dinosaurs
Which is why you often find them in tar pits.
Yep, I'm pretty sure that any wife would want to know where $80K has suddenly appeared from.
And the IRS, of course.
"Users who may feel uncomfortable about such material ...."
Odd concern, there : I would have thought anyone who was quite comfortable about spying on innocent members of the public in such an intimate way would not worry too much about seeing a bit of nudity.
',Twas a dumb idea
It made no sense to try to mix an internal messaging system with external mail functionality, so good riddance to it.
One drawback, though : it seems likely that the spam people may have been getting within Facebook will now be diverted to their proper e-mail accounts. Facebook should really just kill it dead, rather than continuing to facillitate spam.
Re: Broadmoor Has To Answer
It is good that the disadvantaged members of society are given the chance to contribute. However, sadly those so far used lack both the detailed knowledge and subtle appreciation of how society should function.
Funny, you could be talking about MPs there.
Just a soak test
@Field Marshal ... - Re: Smart move
I fear you're correct. The idiocy is that they can't see the future benefit from (2) - like in the old days when shareware or older versions of software were made freely available, with the benefit that some of the freeloaders would actually pay for a future upgraded product.
Re: Smart move
Indeed. It strikes me that a flourishing legal second hand market is a good way to (1) Reduce theft of first-hand goods and (2) Encourage product use amongst people who would otherwise not be able to afford it.
So - this move encourages theft and reduces take up of the goods. Very clever indeed.
That's the way to do it!
Need a Punch icon.
"I'm glad the case helped reaffirm the right to lampoon our government"
Possibly the most important right in a free society.
@diodesign - Re: "This topic is closed for new posts"
Damn - another conspiracy theory bites the dust.
@Phil W - Re: "This topic is closed for new posts"
I agree about the legal consequences angle, but I fail to see any scope for that in this particular article.
I would have expected plenty of comments on similar lines to the one that did get through, pointing out the high likelihood that the initiative would fail, but what sort of comment could possibly have had legal consequences?
I reckon the worst that could have happened would have been comments designed to ridicule a couple of politicians. Since when would that have had legal consequences?
Re: One fundamental flaw...
Very good point, Mr Hancock :)
The only 2nd factor I'd be happy with would be a USB device, provided it was possible to buy one without registering my identity.
I would also hope that the device is not easily clonable, otherwise I wouldn't use it on any machine that I don't control.
Go for it?
Billions of people can write in one or more of hundreds of languages, but only a small fraction can write worthwhile novels, poetry, lyrics etc. We recognise that and those that are particularly skilled can generally make a decent living out it.
If everyone was taught to code, then maybe people would finally appreciate that the ability to write decent code is a skill well worth paying properly for.
@Ben Bonsall - Re: We can't really march on anything
Yes Google is getting better, and simple sentences should survive intact. The whole of AC's para does get modified, though.
I put my post through the process and found it distorted much of the meaning. The first sentence, though, was nicely depersonalised :
But emotions are revealing of your personality, therefore contrary to the aims of anonymity.
But emotions reveal who you are, so contrary to the purposes of anonymity.
Re: We can't really march on anything
We want the right to show emotions
But emotions are revealing of your personality, therefore contrary to the aims of anonymity.
I think El Reg should go further and protect you from your revealing use of word constructs by automatically feeding your text through a translation cycle such as
[English -> Russian -> Welsh -> English]
Re: Very reassuring
Hmmm. Perhaps they are being paid too much. Your latter option implies a certain level of corruption which I don't think is prevalent (not being too naive, I hope).
But your suggestion does remind me that the point of policemen being seen out and about is to assure people that criminals are being discouraged. That being so, Starbucks could take the view that policemen sat working in their establishments is an implication that Starbucks would otherwise be a hotbed of criminality.
"Even if they are in Starbucks keying in details, then at least they are out there, visible and accessible and reassuring to the public."
I suppose if a copper feels he can sit in Starbucks absorbed with his iPad then there can't be any crime about. Is that what he means?
Re: "a gadget that doesn’t play music isn’t worth very much" - Cobblers!
True, there are uses other than internet stuff. In essence a smart phone has most of the functionality that a PC provides, and different people use different features. But for sure, listening to music isn't by any means the primary purpose of them.
"a gadget that doesn’t play music isn’t worth very much" - Cobblers!
What makes the things useful and worth paying for is the internet connectivity and all that that enables. Without internet then the smart phone is indeed not worth the extra money. Playing music is a very minor feature from my point of view (and from my observation, that of everyone else I know).
"An external RF signal will be required for this process to be initiated."
A friendly RF signal, of course.
"El Reg would assume the password has been changed by now"
Certainly. But has the sloppy, complacent attitude that led to exposure of the password been changed as well?
Re: Small problem really
So the NHS site wasn't hacked or externally compromised
In the sense that the NHS site wasn't modified in any way, I guess you're right.
However, their coding error left a gaping hole which the miscreants took advantage of resulting in the same effect as if they had compromised the site.
So I'm not inclined to let NHS off lightly, or at all.
Re: Slight flaw in the plan
Perhaps they'll have a self-destruct mechanism for just such an event. Did anyone say they wouldn't be armed?
How about informing us properly, Yahoo?
The link provided in the article is to a tumblr blog entry. I can find nothing on the Yahoo site (at least not as obvious as it needs to be), so how does Yahoo expect us to know about the problem if we don't subscribe to the likes of The Register?
Is it meant to be under the omg! menu?
Whatever one thinks of the need for such surveillance, it is extremely worrying that the man ultimately responsible for it is justifying it based on an assessment of what the man in the pub thinks. Not a very intelligent approach, that.
I daresay if we elected our politicians based on what people in the pub think, he and his party would be in the wilderness for decades.
As far as the British public being fearful of terrorists and OK with spying are concerned, I believe he is thoroughly wrong on both counts. He should get out of the pubs and talk to people when they're sober.
I understand your sentiments, but software installed without permission to force someone's computer to engage in activities which are illegal (regardless of the target) in most jurisdictions most certainly is malware.
Another thought : what better site to practice on in order to perfect your bot than one which is odious and unlikely to bring the authorities down on you. I'd be concerned about who their next target is.
The responses from the Department of Parliamentary Services seem to suggest a very trusting attitude and an approach that says a threat doesn't exist if no-one has told them about it.
I didn't get the sense that they are pro-actively policing their networks, apart from slapping the usual appliances on them.
One wonders if Iain Standen would pass a Turing Test.
I'd really like to see the return of the Rise Of The Machines subheading to pull all these stories together.
Indeed, and I'm wondering why there is such concern about the client copying or passing on the plain text of the e-mail.
Surely the main point of secure mail is to get the communication from sender to receiver without exposing it in transit? As long as that's achieved I wouldn't worry about what the recipient then does.
"...Facebook will need to evolve/mutate in order to begin another curve ..."
But a word of advice : features like the new and thoroughly not wanted 'Trending' section are not beneficial mutations.
I think you're right about the case for continuing use of the mic, hence the original wording could be considered to be too prescriptive.
Your suggested solution seems a good one, so I'm puzzled that the W3C chose to pull the whole issue, rather than suggest something on those lines.
the language that mandates that behavior was removed from the spec in a later errata
I'm usually all for being suspicious of Google, but I'd much rather focus a bit more on the W3C : the original mandated feature was addressing a clear privacy issue and yet it was just removed. Is the W3C's reasoning documented anywhere?
Badly worded e-mail?
No - the wording seems very clear. It describes their original intentions, as opposed to their intentions now that they've seen the reaction.
The only error was in thinking they'd be able to get away with it without any fuss.
"We don't enforce against all uses of CANDY ..."
Very wise. The Candyman might not be pleased.
Re: Plants and electronics
The plant survived, but it did leave a scar.
Plants and electronics
Brings back old memories of desperately trying to find something to act as an indoor television aerial, and finding that poking the cable core into the fleshy stem of a Money Plant (Crassula ovata) worked quite well.
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
- Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
- Feast your PUNY eyes on highest resolution phone display EVER
- AMD demos 'Berlin' Opteron, world's first heterogeneous system architecture server chip