openssl-0.9.8zh is also vulnerable but patches won't be made for it
511 posts • joined 31 May 2011
The solution it is to not make it cheaper: fine the companies that are hacked.
Re: It's not the brand, but the software...
it may not look like this, but I have on high authority that software is written by humans and it's common for humans to err
where are the robotic overlords where you need them!?
Re: Obviously the haven't even heard of defensive programming
> distinguishes quality software from poor hacks.
"poor hacks"? that's a new term for Internet of Things?
@veti just like we're still talking just how stupid of an idea is to fight Russia in winter (unless you're the Mongols), we will be talking how moronic the decision of UK was to leave the EU.
so get used to it
Re: "The majority of the population is concentrated in urban areas."
the point is that those suburban areas have higher population density than Europe, and they still have slower and vastly more expensive Internet
Re: Go Linux Mint
at this point in time, I have fewer problems with a BLEEDING EDGE, ROLLING RELEASE distro like Arch than I see people have with Win 10
now you'd have to go to LFS to have worse experience with Linux than in Windows, it would be funny if it weren't so pathethic
Re: Why wait until December?
Nuke it? It needs a relativistic kill vehicle! High orbital bombardment!
Re: I'm waiting
ain't that a good thing? after that you can say "oh, win 10? I'm afraid that is double my usual rate"
Re: Another negative for IoT
@fidodogbreath the problem is that the notification system works only in local environment, with a roaming owner it is ineffective
For moment there, I completely forgot about the atrocious security of the US carriers
(not that others are not bad in their own right, but some are more... "special" than others)
Re: A Vote is an endorsement
with a First Past The Post voting system, if you don't vote on the candidate, it is as good as voting for the opposing party candidate
the whole voting system should be changed to something like single transferable vote
Re: so the usual
I would have agree with you, if the "ones that killed innovation" weren't saying that misogyny, racism and xenophobia are bad for this (or in fact any) country.
it's like saying, "this professor is wrong about climate change, I saw him jaywalking a month ago!"
Re: Until Blackberry goes under
@DougS you mean just like the 3 year cadence of the Nexus devices?
'cause it's exactly what google is doing, they drop support for "Nexii" like a hot potato right after the 3 year mark
it's a shitfest, all of it
not to mention that a CA which would sign certificate for the Blue Coat system would very quickly be removed from Mozilla's and Microsoft's trust stores
Re: non-US citizens on non-US servers
@AC and that's the crux of the matter
I have no problem with US enforcement agencies asking EU enforcement agencies for information in EU. But it must go through EU court, with EU laws and EU judges.
Re: Gunman murdered by the police?
@bombastic bob: right, because "heroes" are incapable of doing evil things
see also: The Hague Invasion Act
Re: Simply amazing....
you're forgetting that USA is "exceptional" and that they will maybe sign, but never ratify this new law
you know, like domestic laws apply only to some people, just not those in establishment or enforcement...
@fidodogbreath: give credit where credit is due! After all, he's the guy that killed Hitler...
wait aren't you so against ID cards because they remind you of those food stamps from those "glorious" times?
yes, the times when you were young were much better, but it's because you were young, you had the vigour to learn new stuff, strength to overcome obstacles, not because they were better times
now forgive us youngsters while we're working on beating yet another all time world-wide low for people living under the poverty line and illiteracy rates
honestly, I see Turkey meeting the requirements earlier...
you think UK will get access to common market without a deal like Norway? ha! not if French have anything to say about it (psst: they do)
Re: I doubt it
@ckm5: UK is not the whole Europe...
Re: Just another good example...
of course it's a take-over attempt
there's no objective reason to run BSD over Linux. Features, speed, programmers, either Linux has it all, or can simply run BSD stuff
but BSD doesn't have this pesky GPL business so when they decide it's enough of this OSS lip service, MS can just close it up
(See also: core Android applications that are no longer developed in AOSP)
Re: They already have
> Heck, Microsoft might pick up the ball and write in support for Bing and sell their own
> Android that is freer than the one Google offers. Wouldn't that be a crazy turnaround?
with current Microsoft and current Google, that's not exactly inconceivable...
Re: I'm flabbergasted
@Unicornpiss: in letting it go.
Once you start using it, you basically will use it forever. So you need a Windows Server to host it.
I was referring only to the addictiveness of it, nothing more.
Re: I'm flabbergasted
Active Directory is worse than crack cocaine...
Re: Right of abode
Sorry, but I see this whole aversion to national ID cards in US and UK to be completely irrational.
Government already knows well where you live (birth certificates, taxes). Universal proofs of identity don't change that one bit. On the other hand they are useful to prove your identity to other people - employers, banks, your UK citizenship when you're abroad
Actually oppressive communist governments don't use ID cards to oppress the population!
Re: The Internet is an internet
those are press junkies, they use Macs and those have case insensitive FSs too
Internet? Generalized?! What the hell are they drinking?
Friday is as generic as it gets, yet we still write it with a capital F.
More arbitrary "rules" from AP.
For one, Putin wants to rule something more grandeur than nuclear wasteland...
Re: This is why Japan prefers to fire refurbished WWII dreadnoughts into orbit
questioning people with time seniority in the company is frowned upon in Japan
we can just hope that this will be a Challenger moment for Jaxa and that they will get their Feynman on it...
@Pseu Donyme: they will do that right after they switch to metric and stop using their brain-dead electric sockets
and if I have a PBX in my business, no one can call my desk phone without me telling them the internal number
damn, more ways in which telephone and Internet systems are alike
You know what else is an old law? The constitution and its amendments.
I only see "It's the end of the world, cats and dogs living together", etc.. No explanation WHY equating IPs to telephone numbers is bad. No explanation WHY making ISPs just dumb pipes that pass packets around is bad.
So to me this looks more like a list of people being paid by the cable industry.
Re: That's eminently reasonable
> Someone will have to pay for managing and hosting this data. Who will pay that bill?
you mean who pays for arxiv.org? Cornell University Library. In all honesty, hosting one such site is probably cheaper than subscribing to 2 or 3 journals in only one of the fields covered by arxiv (yes, subscriptions have outrageous prices)
Re: How to get in on these scams
Why are you talking about the Fontus? it's not in the article!
Can somebody remind me, why exactly do we listen to Gartner?
"Exactly. Considering there are already competitive alternatives like the HTC Vive, it could be really bad for Oculus if games could be modded to run on alternate VR headset."
Yeah, that would mean direct competition and that's bad for business. If only those pesky customers didn't demand Vaseline for shafting, we would have pure profit!
That's what happens if you consider IT _only_ a cost centre: you get an even bigger bill at the end of the day
If only they knew earlier that the RC4 may be insecure... /s
but that's IoT for you, until you beat them with a heavy rod, they won't do anything
it's been so long I had it installed I forgot it exists
those were very blissful moments
EU law allows you to simply return the device after 2 years if it does not match advertised feature set or breaks down in normal use.
Some things should really have longer terms, but the basic framework is in place.
Re: I am (perhaps naively) hopeful...
I would say that your optimism isn't completely unfounded, Tom Wheeler was quite effective up till now
To fix this we really don't need much.
The first thing is that software defects should not be excluded from warranty (that includes disclosed vulnerabilities).
Then we just need a label that clearly, in standardised manner, informs the customer:
1). how long is the warranty for all defects
2). what is the manufacturer designed expected lifetime of the device (that means, at the minimum, that replacement parts, including software, will be available)
3). what (if present) is the length of time software updates of the device will be provided
allow for paid/free options on top of that, and then there's _some_ chance that the market rights itself up
and that's why you should always deploy code only after it goes through upstream review and merge
but some ARM device makers still "know better"
Re: Too Many bad Movies
passwords are more likely to be guessed the more they are used; but it is offset very easily by making it longer
the original advice of the 30-day lifetime of a password assumed a fairly simple password (essentially a single word selected uniformly at random from greatly reduced English dictionary), double the password (use two words) and the 30 days suddenly become 80 years at the same level of security
oh, and another thing often forgot: the original advice included mandatory rate limiting on incorrect logon attempts
given their ability to suck their own jingle bones, I would asses the government's ability to be flexible as "extraordinary"
Re: Oh, good, more bullshit from the Reg
It's because the fact of branding a vulnerability doesn't mean anything.
There are severe vulnerabilities which are not branded and irrelevant vulnerabilities which are (Grinch attack as an example).
By focusing on branding you simply focus on the wrong thing. You should focus on the security and vulnerability parts.
Because of the birthday paradox, if the identifiers are assigned at random (and they better be or the whole system is insecure) that after assigning about square root number of all available means you have a 50% chance every time you assign a new one to pick already selected one.
In other words, they prepare for a more modest number of about 1.69266 * 10^13 (16 trillion short scale, 16 billion long scale) tracked items.