137 posts • joined 19 Aug 2010
Re: Wow, I'm way out of touch...
How the hell is Sliverlight even in the list, let alone #1?! I can't think of a single website that even uses Sliverlight*.
(*Netflix was the only one that sprang to mind, but apparently they ditched it earlier this year)
Were you reading another article?
> Not only that, but professor Kara also reckons once a robot's learned its way around a screen, it only needs a couple of minutes to disassemble it.
Furthermore where are you getting "spend years and millions" from? It's not mentioned in the article or the press release how long they have been working on this, nor how much it cost. More to the point, who cares? It's their money and time to do do with as they wish.
And yes, it's progress. Do you honestly expect the first iteration of an autonomous machine-learning disassembly robot is going to be perfect?
A little explanation of what DoxBin is/was would be nice, and also some comment on why this guy claims he won't be going to prison would interesting.
Re: Is this news?
Not only is this old news; as far as I can tell, this security researcher is just running 'hashclash' to look for the collisions. A program that has existed since 2009. Not sure why this story is making so many headlines.
You forgot one
* Verizon are inserting unique identifier token headers (UIDH) into mobile traffic, regardless of whether you opted out or not.
Something smells fishy
> Links to the doctored story were sent to the MySpace account of a suspect
So they knew the details of his Myspace account. Why didn't they just subpoena Myspace for the user's IP address, like they normally do? Why go to all this effort?
Wouldn't this 'FixIt' program be signed too? (And if not, it would be trivial to do so).
Regardless, this MITM attack isn't exclusive to TOR, it's just as feasible to do with with regular internet.
Furthermore, I wasn't aware that you can mark exit nodes as "BadExit". That's a pretty cool feature; one that doesn't appear in the regular internet.
The story implies that TOR is dangerous - but as far as I can tell, it's actually safer than regular internet.
Remember to pay for your ticket with cash
I'm in Australia so that probably affects what I see.
It seems that 2/3 of page loads on El Reg now show me adverts for Thaimatches dot com, featuring a particularly be-cleavaged young lass.
It's not my place to dictate how you bring in the dollars, but I can't help feeling they are inappropriate for the register, in terms of content as well as aesthetics.
Just my two cents.
What a bizarre reaction!
Look at it another way: Who *should* decide how a website looks? The person who owns and pays for it, or Steve Graham?
> and uses AES-256 encryption to protect stored files
Doesn't really make any difference if a) the attacker can walk in through the front door with the correct credentials, or b) three letter agencies can just stroll in through the back door with the decryption key
Not that I want to discourage any steps towards security. But it feels more like they are waving around buzzwords in the hope of giving some false sense of security.
Re: Not compatible
Sad but true.
It always sets alarm bells ringing when there are arbitrary limits on password length. It implies that passwords aren't being hashed behind the scenes.
> Not our overlay
> This is a Bloomberg video
Sorry, yes, I was actually referring to the youtube videos that appear in other articles.
> I think the video tag was fixed a while ago.
In the article I mentioned? Curiously it still appears broken to me in Chromium 37.0 (in both Ubuntu 14.04 and Windows 7)
Something very strange going on in this article:
Looks like an </object> tag is missing.
And while I'm here, can I ask what the justification for the Register overlay on youtube videos is? It's mildly irritating that I can't close adverts and popups in the videos, and the link to the video's page on youtube is not working.
Re: Embeded Flash YouTube
I missed your response, but I didn't miss a whole bunch of videos suddenly being visible in recent articles. Thanks!
Incidentally, I'm still being asked to install Adobe Flash Player on every page, but I believe that is due to the current set of adverts.
Embeded Flash YouTube
Not really a bug, but I don't have Flash installed which means none of the embeded youtube videos work because you're using the flash player.
I wouldn't mention it, except for the fact that I know you could use an HTML5 player.
For example, in the recent article on the PiPhone , I just see a big grey "plugin missing" box, but if I navigate to the source article  (where they are using the HTML5 player), it plays perfectly well.
Also, If I remember correctly, you're using some weird overlay which obscures the 'youtube' logo bottom right, thus making it impossible to click through to the video's page on youtube.
"...from 91 angles."
91 angles between 0 and 1deg? 91 angles between 0 and 180deg?
What has node.js got to do with the demise of YUI? They serve entirely different purposes.
Re: Financial Damage
So what happens when details of their activities escape and the world at large then loses faith in the products and services their country provides, and stops buying.
Do they then have to spy on themselves?
Re: Wrong inference?
Yes, good point. My mistake.
Anyway, it sounds like the behaviour needs to be better defined.
Although section 6.3 of RFC 2109 (written in 1997) is talking about the client-side, I think it's not unfair to infer that a server should be able to support requests with at least 300 x 4kb cookies.
In his test, Bogdan Calin uses 100 x 3k cookies.
6.3 Implementation Limits
Practical user agent implementations have limits on the number and size of cookies that they can store. In general, user agents' cookie support should have no fixed limits. They should strive to store as many frequently-used cookies as possible. Furthermore, general-use user agents should provide each of the following minimum capabilities individually, although not necessarily simultaneously:
- at least 300 cookies
- at least 4096 bytes per cookie (as measured by the size of the characters that comprise the cookie non-terminal in the syntax description of the Set-Cookie header)
- at least 20 cookies per unique host or domain name
6.3.1 Denial of Service Attacks
User agents may choose to set an upper bound on the number of cookies to be stored from a given host or domain name or on the size of the cookie information. Otherwise a malicious server could attempt to flood a user agent with many cookies, or large cookies, on successive responses, which would force out cookies the user agent had received from other servers. However, the minima specified above should still be supported.
Why is the reason a craft is in the air important to the FAA? I.e. Why do they care if the nature is commercial or not? Genuinely interested.
> The only way the government could stop this traffic would be to block all encrypted traffic
Shhh! Don't go putting ideas in their heads!
360,000 lines of code to count votes?
Perhaps I'm being naive, but this seems grossly over the top. No doubt it had a commensurate price tag too.
I estimate that...
...sending 20kg by Falcon-9 to low Earth orbit (where the ISS resides) comes to about $80,000.
I also estimate that the cost of an espresso from that machine would be comparable to London prices.
> There's little evidence Rex Mundi's victims have paid up.
well, there wouldn't be. For all we know, a lot of people have paid up.
@ Lee D
I'm not quite sure what your point is here. You just seem to be indiscriminately pouring scorn on all aspects of the AI field.
Sure, it's proved to be a lot more difficult that anyone expected; it may not even be possible! But what would you have us do? Just give up?
Your bit about "every AI project I've seen tends to be a year or two old at the most - usually just long enough to write a paper, get your doctorate and then flee before someone asks you to do any more on it", is grossly disingenuous. You seem to be implying that the sum total of activity in the field of AI amounts to a handful of pre-doc students taking random pot-shots at the problem?!
Re: Marketing bollocks
> what's it doing new that Flickr doesn't?
Not fucking up and alienating vast swathes of users?
Just read the support forums to get a taste of what's wrong with Flickr.
I'll do it for free
def is_tweet_significant( text )
A few media outlets seem to be implying that 12,000 is a large number. I suspect Google get an order of magnitude greater sign ups per day.
Re: This app will self destruct in 5 seconds...
Uh... what if the script is installed on the truecrypt volume that it unmounts, or the fully encrypted disk the OS is installed on?
If he's into self-flagellation
...someone should point him towards LaTeX
How much does it cost to get a patent?
I'm going to patent "A method of applying for beyond-trivial, and/or blatantly common sense ideas, concepts and processes".
Then sue all the trolls.
Re: And if you don't have flash installed... re. ABC News 24
I haven't watched it enough to form an opinion, but I have it on good authority that it's basically the Australian equivalent of BBC news. Make of that what you will.
And if you don't have flash installed...
Here are the direct links:
Someone with more spare time than me should do a statistical analysis of voting practices in Google Play to identify vote rigging. It's painfully obvious when it happens, and it seems to happen a lot.
With all their experience of battling spam, I don't see why Google seem to be turning a blind eye to this problem.
Re: Occam's Razor
This seems far more likely. "New Error Photography" more like.
Either way, I'm curious to see the footage.
If these secret US agencies are perfectly happy to violate their own Constitution and then lie about it, what hope is there for this scrap of paper?
Cue millions of websites (hacked or otherwise) becoming host to embedded bitcoin miners.
Perhaps not, but I do wonder how many zero-day hacks lie in wait for us.
Did anyone think WhatsApp was secure?!
They have a notoriously bad track record. Prior to August 2012, messages weren't even encrypted!
Hopefully this doesn't end up bricking swathes of ATMs across the globe
Also, I don't see why a bunch of ideas have been ruled out because "they could be gamed". Entire websites have been (successfully) built around these ideas that can be "gamed".
I would also like to "+1" the suggestion of getting notifications when any post of mine has been responded to. It's a pain having to log in, open an article, click comments, click my posts, middle click a handful of my posts, ...and scroll.
All great apart from that!
> What, other than a channel Netflix doesn't hugely need, can Comcast offer beyond quality carriage?
Perhaps it's an exclusive deal. I.e. Netflix signed the contract with the understanding that YouTube and other video streaming services would not be offered similar deals and would continue to be throttled?
I guess it's no bad thing, raising the profile of permission overreach, but Android already presents all this information to the user when installing a new app. So I'm not sure what McAfee's proposal is bringing to the table.
Facebook finally got canned when a recent update decided that it now needed to access my text messages.
11 incidents per day?
Who has the time, perseverance, and steady hand required to cause 11 incidents a day?!
- Product round-up Too 4K-ing expensive? Five full HD laptops for work and play
- Review We have a winner! Fresh Linux Mint 17.1 – hands down the best
- Vid Antarctic ice THICKER than first feared – penguin-bot boffins
- You stupid BRICK! PCs running Avast AV can't handle Windows fixes
- Antique Code Show World of Warcraft then and now: From Orcs and Humans to Warlords of Draenor