75 posts • joined 23 Feb 2011
Space Age my arse
We are not in a space age.
When we have a permanent civilian-majority base on a body that is not Earth (moon, mars, asteroids), THEN we will be in the Space Age.
"Network for controllers should be isolated completely. There is no security on communications between the controllers by design. Without isolation, the virtual network information is exposed to confidentiality, integrity, and availability attacks."
Surely the absolute, most basic security measure would be to force (or at least have it as an option!) the controllers to use SSL between themselves for their comms?
Interesting, I just read up on this, and according to a Wired story after interviewing one of the leaders of the heist, Notarbartolo, it seems:
1) Notarbartolo had business hours access to the vault as he was a customer (for 18 months prior) who had a safety-deposit box in the vault;
2) they were able to install a camera outside the vault (probably by Notarbartolo who had legitimate access) that allowed them to see the door so that they could see the code entered.
3) the original key was kept in a utility closet nearby...which they guessed by the fact that the guard who opened the vault every morning went into this closet before opening the door.
4) Notarbartolo's legitimate access allowed him to degrade the internal heat/motion sensor (apparently he sprayed hair-spray on the sensor during a visit the day before) that degraded it long enough to enable it to be deactivated once the vault door was opened.
The only reason they were caught was due to sloppiness in destroying evidence linking them to the crime - they had a bag of evidence to burn, but it burst open on private property that ran alongside a highway, and they didn't clean it up, they left it there and it was found.
Based on the description of the criminals involved, I find this sloppiness hard to believe. Notarbartolo had an apartment in the region they had used for days, they could have burnt most of the evidence in small wastebin fires inside the apartment before they went to break into the vault. Or surely as part of the plan it wasn't "let's find somewhere to burn the evidence as we flee", surely they would have already picked several suitable locations (1 or 2 on each exit route) that they could use, rather than hoping to just find one.
There was other hard to believe sloppiness - they kept receipts for the buying of equipment such as surveillance systems.
It looks to me that they wanted to get caught. Which is understandable. They had potentially made off with $10+ million EACH. They would be running and looking over their shoulders for the rest of their lives.
Notarbartolo is serving 10 years (well HAS served, he would have been released a year or 2 ago now). Which means he's served his time, he's been convicted. Now he gets to live out the rest of his life without having to look over his shoulder as he's already served his time. While I wouldn't consider it a fair trade-off, 10 years in prison with $10+ million to live on afterwards...some, especially those who have been criminals for years, might consider it a good trade-off. Especially since he'd have enough to 'buy protection' in prison. He was wearing a Rolex during his prison interviews with Wired! Not to mention Notarbartolo is connected to the Italian Mafia, supposedly his cousin was tapped to head the Sicilian Mafia, that would buy a lot of protection all by itself.
Just had a look at their web site...
...and me wants one (or several).
They look like fun.
I actually have no problems with spy agencies spying on other nations government officials, politicians, ministers, senior civil-servants etc. I mean, that's mostly whats worth spying on in the first place. Any government minister, PM, president king, departmental secretary etc who DOESN'T think they are a target, if not actively being spied/eavesdropped on, are morons.
What gets me angry tho, is when the spy agencies 'dabble' in law-enforcement, spying on the general populace, and spying on THEIR OWN CITIZENS. That is NOT the job of the spy agencies. They should be concerned with national defense and security, not criminal (i.e. non-terrorist, non-military, non-espionage activities), not 'home-grown' activities that are better left in the hands of local police forces.
Re: Stuff that. What about getting *rid* of this space crap?
"Until the bigger stuff gets through and slams into a retirement home/puppy rescue center/Pizza place."
Sounds like a win/win to me.
"Weary of the possible antitrust concerns from merging the two largest cable providers in the country, Comcast has proposed a set of deals to.."
While they probably are also weary, I'd say they're actually wary of the possible antitrust problems.
Re: Copyright aping nature.
The monkey does not have more rights. The monkey has none. Copyrights can only be assigned to "a person", and monkeys are not 'people' for the purposes of the law.
Copyright laws usually use the term "person" as owning a copyright. And under legal definitions a 'person' is either a "natural person", that is a human being, or a corporate identity. Yes, a corporation is "a person" for the purposes of the law. If a law wishes to exclude corporations from something then it usually refers to "natural persons" when excluding corporations.
>> the only reason to claim copyright would be that he owned the camera, which is not a valid one.
> It is a completely valid reason to claim copyright and one that is used continuously by companies that have employees. If the company supplies the equipment and media to employees then the company owns the copyright.
Most employment contracts have terms in them along the lines of "any work done by the employee is owned by the employer. The employee agrees to assign all copyrights in any work created while an employee to the employer".
If an employment contracts neglects such language, then the employer, even tho owning the equipment and perhaps even directing the creation of the work (take photos at the corporate luncheon), does not own the copyright.
If I work for a company, and I do some video shooting with their equipment, even as part of my job specs (say you are hired as a cameraman) _I_ own the copyright UNLESS there is a SPECIFIC, EXPLICIT contractual language that gives the corporation the copyright. The employment contract (if you are an employee) must state explicitly (like many I've seen) that the employer owns any copyrights in work you have done for them. It must be a SIGNED contract.
Say I work as a burger flipper at Bobs' Burgers, and the manager hands me a camera and says "Take some photo's of the staff for the staff newsletter", and i do. If the employment contract doesn't EXPLICITLY state that Bob's Burgers owns the copyright to any creative work I do while employed by them, then _I_ am the copyright owner, no matter who owns the equipment. It is case-law that a work-for-hire, which is what it's called when you employ someone to create something for you but you retain the copyrights, not the actual creator (e.g. working as an artist for an advertising company, or the cameraman for a TV station), must follow some explicit, specific language to be a valid work-for-hire contract that bestows the copyrights on the employer rather than the creator.
Also, it must be noted that in this case, the photographer has admitted that he did not set up the shot, or plan to leave the camera in a location and 'see what happens'. The photographer absent-mindedly left their camera unattended while doing some other task, and in the photographers own words, "the monkey stole the camera", and took the photos.
You are aware that this is a server-oriented processor are you not?
That You're not likely to care about the performance of a gzip/bzip2/zip whatever?
What you ARE likely to be doing is running 20-30 JVMs of multi-gigabyte heap sizes each handling 100's if not 1000's of user tasks simultaneously.
Or running a whacking-great Database on it (it is from ORACLE now) doing 1000's of simultaneous, independent database queries (selects, inserts, etc).
You don't need to be able to extract instruction-level (or task level) parallelism from a SINGLE process (e.g. transcoding video, compressing) or from single tasks when you are running dozens, hundreds, THOUSANDS of SEPARATE independent processes/tasks simultaneously. As tends to happen on servers, which is what this chip is aimed at.
Re: This is great news
NEVER accept default installation options.
If offered, ALWAYS select 'customize' install, or Advanced install or similar. The screens shown when you select those options is where you'll usually find (if it exists) additional software installed and the option to disable it.
ALWAYS read the text on the installation wizard pages, as they'll often be different to the heading, e.g. the Heading and title on the page in the wizard might say "Chrome Installation", but there might be a license agreement (with the typical scrollbar to read a huge chunck of license text, this u can probably ignore like everyone else does) but then there might be other text just below the license agreement along the lines of "Click Next to accept the license for Ask Toolbar and install it" with 2 buttons, Cancel and Next, in this case you want the CANCEL button, as it's not the Chrome license or installation it's asking about, but the installation of Ask Toolbar. Clicking Cancel will cancel Ask, not Chrome, and it'll take you to another screen where you might be asked the same type of question for another piece of software, or might be the final cancel/next for installing chrome.
Well, since I don't want Google to know every URL I browse to, I turn the Safe Browsing feature off.
And people wonder how/why Google and whoever know their surfing history...well if you turn Safe Browsing on, every URL you ever visit is sent to Google. Whether you are browsing Facebook, your bank, ebay, pr0n, paypal, kmart, walmart or whoever, it'll get sent to Google if you leave Safe Browsing on. Every link you click, every URL that link loads, all sent to Google.
Re: Encription ? PGP=OS... OK, still don't use it...
They also have physical access to the content of whats being sent. As has been reported previously, the intelligence and criminal law enforcement agencies (e.g. NSA,DEA) can, and do, get USPS to make copies of the external surfaces of the envelope and can obtain warrants that let them open, copy, and forward on, the mail.
In fact, if you send it registered post, they don't even need to copy the external envelope as they already have the FROM and TO information which you provide when you send a parcel registered mail.
And even if you didn't care about that component (having the FROM and TO addresses), you would still, if you wanted it SECURE, have to encrypt the contents of the parcel so that the document is unintelligible text to visual examination.
Re: Not saying PGP is perfect
Could the QR code just contain a (https) URL to download the public key from and the fingerprint of the key?
So the QR code could be used to GET the key and verify the key.
Why can't they have 2 'stages' of a canary, both updated daily?
Stage 1, no current warrant has been issued against SpiderOak, sick canary.
Stage 2, no warrant has been ENFORCED against SpiderOak, dead canary.
When a warrant is issued the canary is sick. This covers any period while fighting against a warrant. If all warrants are overturned/denied, the canary gets better. If a warrant is upheld and enforced, the canary denies.
@Yet Another Anonymous coward:
"But if a SWAT team are pointing assault rifles at your head and getting the orange jump suits ready for a long stay in gitmo - you are going to click the everything is OK button."
You obviously didn't read the article.
It takes THREE (3) different people located in 3 DIFFERENT COUNTRIES to ALL 'approve' updating the status of the canary as 'OK'. While it's likely a SWAT team could standover the US member of that team (if there is one), US SWAT teams would have difficulty deploying simultaneously in at least 2 different foreign countries, possibly 3 if none of the people who can sign the canary are located in the US, to standover all 3 signers.
Re: It's really time to stop bitching about IPv6 being different
OK, i've just stared looking at that link, and right at the top I see a red flag already:
"However, NAT and NPTv6 should be avoided, if at all possible, to permit transparent end-to-end connectivity."
Errm, while the USER may want transparent end-to-end connectivity, the network engineer/admin may not want NETWORK level end-to-end connectivity. They may WANT to introduce things like proxy servers, which right there break your transparent end-to-end connectivity. Or how about (as my organisation does) an SSL interceptor that basically does a man-in-the-middle attack on all SSL sessions (with the exception of whitelisted known trusted sites, e.g. banks) to virus scan the stream?
From my reading so far, it looks fairly complicated and would require someone with at least reasonable computer/network knowledge and skills. To set up multi-homed NAT IPv4? Simple, buy dual port router, hook one port to ISP one, hook second port to ISP two, enter ISPs authentication (e.g. if its xDSL), setup complete. Multi-homed failover (or even load balancing if the appropriate check-box is ticked) and you are done.
Re: Oh noes, please don't do that
warning: IANANE (I Am Not A Network Engineer)
But do we have to rely on the loss of TCP packets to tell us this at the end-to-end level? Couldn't a router send back to everyone who's swamping it a 'back-off' message from the router? I thought there was already provision for this, but it's rarely, if ever, used?
In the early days of of the internet when router processor capability was low, and bridging was more common than routing due to not being able to produce sufficiently intelligent silicon for routers at appropriate cost points, TCP-retransmission may have made sense as a congestion management mechanism. For the TCP layer at the receiver end to keep sending re-transmits, thus implicitly telling the sender to back-off due to the number of lost packets.
However these days where routers have, compared to their early predecessors, massive processing capability, either what was not so long ago server grade CPUs or efficient lightning fast ASICs, can't the router's tell senders to back-the-FEC-off rather than relying on the receiver losing packets and telling the sender? In this case (where routers actually tell senders to shut-the-FEC-up) FEC may make more sense.
I could see a case for adaptive choosing also. Low error-rates, TCP might make sense as retransmission packets are rare, and the FEC overhead (more data to contain the ECC) might perform worse. If there are slightly higher error-rates, and routers are smart enough to tell a sender swamping them to back off, FEC may make more sense, a little bit more data for the ECC, but less than the extra data TCP retransmissions would cause.
If there are high error rates, then maybe another change? Maybe neither TCP or FEC?
Err, because some apps that you install might NEED to check state more often than the default? near-real time systems might want to wake every 4 or 5 ms, or even as google chrome thinks it needs to, every 1ms.
Unless you've loaded a plugin into chrome that for some reason needs frequent wake-ups, then there's no reason for a browser to want to wake up more frequently than the defauly.
"Tesla should run a competition to see who can be the first person to hack the Chinese government and run apt-get install democracy."
nah, the democracy app is too immature and buggy. It seems to self-destruct all the time.
Huawei's spying was only theoretical...
...however the NSA's (US's) spying, inserting backdoors into US made kit, is documented.
Re: Regarding the terminology problems...
Even worse, when I'm researching a new phone or tablet and ask questions like "How much menory does it have?" I get answers like:"32GB of memory", "64GB of memory", "128GB of memory".
No, if I wanted to know how much STORAGE or NAND or SSD or eMMC it had, that would be the correct answer. I want to know whether it has 1GB, 1.5GB, 2GB, 3GB etc of MEMORY.
Re: Regarding the terminology problems...
Actually, 3.5" disks ARE floppy.
It's the external casing of the disk that isn't floppy.
Break the rigid external casing of the 3.5" disk, and inside is the component that actually stores the data and it is, well, a disk that is floppy.
If you break the rigid external casing of a Hard Disk Drive, inside is the component that actually stores the data, and it is, well, a disk that is RIGID, non-floppy, i.e. HARD.
Re: Computers are not white goods
"Um....You can't buy children."
Want to make a bet?
What do you thing a "sponsored adoption" is? Or a surrogate mother?
Re: Been there with my own Dad.
"No she wasn't browsing Pron sites, she is 92 for heavens sake."
What's age got to do with browsing porn? You saying a 92 year old doesn't get horny and want to have sex and/or beat off because can't find someone to have sex with?
If you think that, then here's something that'll shock you to your core. Your parents had sex at least once (assuming you aren't a IVF child)
"Such a deal would at least provide Europeans a forum for addressing their grievances in the courts when they feel personal information has been mishandled or abused by authorities."
Ahh, so Europeans will have the same standing as US citizens in addressing their grievances before US courts? i.e. go to court, US gov says all discovery/information is top secret because terrorism, therefore can't be used in the case, judge dismisses due to lack of evidence of wrongdoing.
So awesome news!
or use a plugin like Ghostery which blocks known tracker sites and has a regularly updated blacklist so I don't have to maintain a hosts file across many different systems (Android phones, Android and windows tablets, windows laptops etc).
2 days? Tell them they're dreaming.
"mandate application and operating system patching
within two days of an update release"
How are you expected to do the following in 2 days:
1) Download patch(es);
2) Deploy the patches to an RnD environment to see how the patch process runs, whether it can be automated or requires a GUI and clicking on 'next' buttons;
3) Package/otherwise automate the patch for easy deployment to 100's of servers;
4) arrange downtime for the dev environment to deploy the patch and any restarts that are required;
5) install patch, perform any necessary restarts;
6) Get signoff that the patch hasn't broken anything in dev and can proceed to the next environment;
7) arrange downtime for the integration environment to apply the patch;
8) install patch, perform any necessary restarts;
9) get integration testing team signoff that the patch hasn't broken anything;
10) arrange downtime in the system/performace testing environment to apply patches;
11) apply patches in the system/performance testing environment and perform any necessary restarts;
12) get signoff from testing team that patch doesn't break anything/cause performance issues;
13) arrange downtime for production, including notifying external agencies that depend on your systems, informing other national governments that you have MOUs with stating 10-day notification of any outages to critical systems that they interface with;
14) apply patch and perform any restarts that are necessary;
15) cross fingers and hope no backout is required of the patch thats just been rushed through with limited verification testing.
16) retrofit patch to other non-critical path environemnts - training, other dev/integration environments that are being used for future releases (can have up to 3 streams running simultaneously, current prod, next release, release after next release...)
Multiply this by 100's of servers that an O/S patch may have to be applied to, and fight for outage windows and testing resources in environments that are fully booked for testing of the next LEGISLATIVE release that has to BY LAW go in in anywhere from 24 hours to 3 months away who (as usual) is running behind schedule..
Sounds like they need to be hit with the reality stick.
You're overestimating the cost by a couple orders of magnitude...
How big is the class?
Whats the potential size of the class here?
Assuming attorneys fees are 33%, that brings the settlement dow to about $213m.
If the class was only 1k people, thats an impressive $213k each they'd get.
But isn't the potential class ALL the IT employess of those companies in Silicon valley? If that was only 10k affected workers, its a lot less but still respectable $21.3k each.
But are there only 10k workers? Whats a more reasonable number for IT employess of Google, Apple, Intel and Adobe in California (or is it just Silicon Valley?) 100k? more ? less? if we take the 100k figure, thats only $2130 each for several years of wage fixing ...
Pozible a bit dodgy?
I just pledged through poizable, however that site seems to have some privacy issues that make me a bit wary of using them:
1) When paying, a message on the payment page states "Pozible does not store your payment information.", yet my pyament details from the only previous transaction I had using Pozible showed up, Payment Name, Country, Phone number, CC number (masked), expiry date. I had the option to edit those details, but I can find nowhere to delete them from the site. So SOMEONE is storing my payment details... I'd like to delete the stored payment information and have it require me to provide those details each time I make a pledge. What do they think it is, eBay where I might make many payments a week rather than once in a blue moon?
2) I didn't initially notice, but Pozible automatically provides my telephone number to the supported project. It is an OPT OUT box on the payment page, whereas providing my email address is a setting I can turn off in my profile, but not for telephone number. I'd much rather give my email than my number to the project. I should be able to disable providing my number as a default setting.
Re: Sloppiness or malice?
If I was the coder, i'd be pointing my finger at the NSA and saying "they made me do it."
Everyone would believe that, and who could prove otherwise? Who'd BELIEVE any proof the NSA provided that they weren't responsible?
Re: @nevets23 -- Odd timing
nevets23 post was directed at Reg users who are not "in the know" of the Linux Kernel/Systemd development. I.e. outsiders.
Torvalds rant was not "public", it was directed at those "in the know", i.e. insiders, who would understand the context. Therefore for his target audience, it was appropriate. Just like nevets23's post was appropraite for his target audience.
Is stupid a good lay?
Re: You've done my brain in
"providing any kind of rationisation of why we're here and what the point of us is."
Why do you care? You exist because you do. "I think, therefore I am".
Its up to you to choose what you do with your existence. It's up to you to define the why of your own existance. To party and have fun? To better the world? To better humankind? To save the world from humankind? To kill as many people as you can? To leave a legacy to the world? To spread your genetic makeup (i.e. have kids)? To drift through life aimlessly? To hear voices from a god? Only you can define that for yourself. And only you care, noone else cares why YOU exist.
" Earth as a piece of hardened mucus flying out from some 13 billion year old sneeze, isn't a concept I find very motivating."
If you need science or philosophy to motivate you as to your existance, you don't need a scientist or a philosopher, you need a mirror and a psychologist to find out why you need that.
Re: "Apple beats off troll"
Yeah I read that and thought "Actually, sounds like the troll won"
Re: Time to get the calculator out
Burglary and Robbery are 2 different offences.
Burglary is the intent to break into a building without consent with the intent of committing a crime inside (including theft).
Robbery requires both theft and a form of violence or threat of violence used to deprive someone of their property.
Re: You can fix that bug...
Maybe the "Golden Cock" and the "ARSE" camera are designed to go together...
The 'other' Justin, Bieber that is.
15Mbps streaming over the internet?
Hmm, I pay $60/month for 150GB month quota.
hours/month = (quota (MB) / rate (MB/s))/ seconds in an hour
= (150GB*1000) / (15Mbps/8) / 3600
= 22.22 hours
So I can get 22.22 hours of 4K TV for my $60/month.
Of course, I ALREADY use up all my quota each month on SD TV shows and the odd 720p/1080p movie plus game downloads/patches.
Yeah not gonna happen.
Re: Potential Legal Problems
The GSM standard includes encryption, see the A5/1, A5/2, A5/3 ciphers. Therefore that would make all telco's that support the GSM standard criminals?
Perhaps if they co-operated with the watchdog he wouldn't have to spend so much time trying to investigate/interview staff members which is probably what's driving up his hours.
"if they could have one of the crew twiddle some of the knobs as well"
Ahh, so they want to enter the mile-high (maybe now it's the 100-mile high) club?
Re: Nice thought, logical ideology, BUT...
The inventors of a patent are listed on the patent itself.
If no named inventor is part of a lawsuit involving the patent, that's a good indicator (but only AN indicator) that the scenario you've presented is not applicable.
So they make a profit...
Quote: "If the city was charging prices equivalent to local Bay Area Rapid Transportation system then that would yield a revenue of around $18.2m per year, compared with the $1.5m or so the City is claiming it will make out of this scheme."
Why yes, they would make $18.2m in revenue, but how much would it cost the city to provide those services for 9.1m rides? $20m? More? So in effect they are making $1.5m profit rather than the loss they'd be making if they ran it themselves.
at least 2 steps are problems of their own making
1) They don't need to provide their own customized (Sense) UI. They could use the stock android UI and hence skip this step entirely. If they really have a hardon for their (unnecessary) customized UI, make it an optional component and provide it as a separate package. That way they can release a stock version sooner with a Sense UI update later and give customers the choice of stock android or waiting for the Sense UI version to be available.
2) Carrier requirements? huh? This sounds like a chipset provider problem, i.e. provide the correct drivers/firmware for that android version that corresponds to the appropriate GSM/UMTS standards etc for the included chipsets. Any 'carrier specific' customizations like specific software should be the carriers problem and just like with the Sense UI just provide stock android ASAP and provide carrier/UI customizations later.
Nuclear power is a RESULT of nuclear weapons research.
The Governement didn't go "Hey cool concept, generate electricity from a nuclear reactor". They went "let's make a big bomb. What? to get better, more effective fissile material to make 'bigger' bombs smaller we need to build a nuclar reactor to refine the material to a more effective level? That's gonna be expensive, but look, as a byproduct of making nuclear weapons material we can also generate electricity!"
Not quite true
"it will have four CPU cores running at 3.7GHz, and eight GPU cores running at 720MHz each with 512 processing units."
It will have 4 CPU cores running at 3.7GHz. Correct.
It will have 8 GPU cores running at 720MHz. Correct.
Each GPU core has 512 processing units. INcorrect.
Each GPU core has 64 processing units (SIMDs). 8x64 =512.
I can't reconcile these 2 statments.
With respect to this Nobel:
Quote: "The award of a Nobel is as close as we get to an affirmation that this is the scientific consensus."
With this statement:
Quote: "The Nobel Prize in Economics isn't quite a Nobel as it's awarded by the Swedish Central Bank"
How is an award from A, one, singular, central bank of A, one, singular, coutry, a scientific concensus?
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- Vid Google opens Inbox – email for those too stupid to use email
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- RUMPY PUMPY: Bone says humans BONED Neanderthals 50,000 years B.C.
- Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?