303 posts • joined Tuesday 31st May 2011 17:45 GMT
Where you can fight all day and party all night, but only in a CCP approved manner? Skål... er...
...at the very least use VPN!
That would be too much like right. In fact, I would wager that the result of this will be that instead of a relatively unknown flaw on all of these systems, there will be a well-publicized flaw on most of them as their admins fail to patch them properly or in a timely manner.
I know that this is a recurring theme in network and system security, but it would seem to me that a vendor could gain a reputation for security simply by implementing and promoting its willingness and ability to update its systems in much the same way many apps and OSes currently do: automatically. We see a lot of stories involving appliance, SCADA, and embedded systems not being updated because admins are just not getting the job done. How many systems out there get the job done painlessly and consistently?
Banks Had It First
I would think that the implementation used in modern ATMs would predate this patent by some time. The two factor authentication would be something you have (bank or credit card) combined with something you know (PIN or other passcode). These things were all patented, I believe, as they were invented although it is anybody's guess as to who holds the patents now or if they have expired.
I read that completion rates are around 7%. My first thought was that this is quite low compared to traditional higher education. I would guess that this is has to do with the lack of financial investment on the part of the students, but that is speculation on my part. However, this small percentage can translate into a number greater than would complete and pass the course in a more traditional classroom setting.
Re: Deep breath now...
Things you cannot do in the "modern" interface...Switch apps with two keystrokes...
I emphatically do not like the new GUI, but ALT-TAB still works. In fact, it was one of the few familiar things I found when using a friend's new laptop. Not so sure about the rest of the comments as I stopped using the machine as quickly as possible. She said it took her about a week and a half to get used to it. She is a non-IT type.
The deep packet inspection capabilities of its products have proved to be of interest not just to corporates, but to ISPs and government in countries with patchy records on human rights, including Bahrain, Burma (Myanmar), China, Saudi Arabia, and Venezuela.
I would not be surprised if this netted the same classification as encryption software has and becomes unavailable for export. It will still be abused, but the scope will be a bit more restricted.
Re: Ice cream for starving millions
Don't teach a man how to fish just send some organic ice-cream.
Don't teach a man how to fish, just send some organ ice-cream.
There, fixed it for you.
Re: I just realised something
Our internet connection crapped out briefly when I first tried to read the article.
More of a demigod, then.
Re: The accountants are better than the lawmakers
IF /i .%process%.==.illegal. GOTO PROSECUTE
REM It never ends, but let's put it here just for form's sake
Re: Vulnerability fixed last year.
The trouble is what sort of operation does everyone else run? Unless your network is completely disconnected from other sites and other organizations you're as vulnerable as the least secure of those entities.
I'll give you a hint: if you throw in laptops and allow people to work from home, you will be lucky to achieve 90% compliance within 1 month. As far as physically disconnecting networks from the rest of the world, even that isn't enough. I am sure everyone has heard of Stuxnet and how it made it past an air-gap. Also, mention the word "spillage" to IA types in the US and watch their reaction - it's great fun. The greatest vulnerability cannot be patched: people.
There's a maximum size limit of 200MB per photo, and users can also upload 1080p HD videos of up to 1GB in size and a playback length of up to three minutes each.
Yes, but can compressed video formats be uploaded? Three minutes isn't really that much.
Re: It's only one study...
@Turtle, at least you admit your bias and are interested to see more information. Congrats! You have just outdone a large number of researchers.
In one counterexample, a researcher found that simply giving kids access to information through the application of technology really improved their education. I have read others with mixed results (e.g. the One Laptop Per Child initiative). From what I have been able to gather, a good result is not based on tech alone, but fits into the existing environment. The success or failure depends on how good that fit is. There is no one size fits all solution.
Re: Ya think?
However the Press representative also made the point that too many arrests are currently made on extremely flimsy suspicions
That is why in the US it is no longer legal to ask on a job application if someone has been arrested. Applicants may be asked about convictions now, but not arrests, as it was shown that arrests could be used as a proxy for racial discrimination.
Re: No mention of Windows?
Well, it tries to first attack svchost.exe, so that would be Windows... oh, wait!
Two Different Issues
We pay taxes on all the products we sell in the US, and we pay every dollar that we owe.
Notice that these are not necessarily the same thing. To break them apart:
We pay taxes on all the products we sell in the US...
"We pay local and state sales tax where required by law." This does not address other tax liabilities, but it is important.
...we pay every dollar that we owe.
"If we can legally avoid paying out anything at all, then we don't, but it's legal. If we brought it into the country, we would owe it, but we don't so we're cool, right?" If the government wants some of this, it will have to change the laws. Mr Cook should be very wary (said by Walter Koenig for comedic effect), as those changes might be retroactive.
It seems that the long term strategy of many companies has been to tie up as much capital in off-shore accounts as they could, causing economic problems at home, then to wait until the government is starved and hope to negotiate a smaller tax bill in exchange for bringing it all back into the country. I say "it seems" - what do I know about corporate finance?
How many other jobs are there where you might be called on to fix the AC, run a physics experiment, and pilot a high tech craft in one day? The article does make me wonder, though if simply applying chewing gum might not do the trick. Of course, there's the problem of getting it out of the helmet...
Re: Much Better
No, no, no... whales to oil.
Re: Do these guys not understand copyright?
And it is not up to the judges to decide as to whether to revoke the right, at least not until it hits the SCoTUS. So the authors have the rights, Google is doing as it will and making money with it on the way, hoping that it will all pan out in the end. Unlike YouTube (seems like a good analogy with similar legal issues surrounding it), they are going out and grabbing content themselves, not directly paying content owners, and not providing an easy method for those owners to have their content taken down if they want.
They have already established that they understand these issues and are not acting in the same manner in the two instances. This might make for interesting play in court.
Re: Four sprung duck technique
...the internet connection will only be required to 'phone home' to check licensing...
Their previous products did this on install and when, I think, pulling updates. Did this approach up revenues to the extent that doing it a lot more is going to improve them? More likely it they drive away their less profitable users - not those that were pirating the software, but those who would skip versions. The likely outcome is going to be a shrinking user base with very little change in profits in the short term. I would guess that those "lower-value" customers will eventually be picked up by a competitor who will surpass Adobe's product line. Just give it a few years.
I can somewhat understand why some products cost different amounts in different countries, but where in the world does the greater than 50% mark up come from in the price of a piece of software that is downloaded and not shipped? Wait... let me guess: the UK gets the "virtual hardcover" edition while we in the US have to make do with the paperback version.
Re: MSFT the Value Destroyer
MS don't have the ability to deliver anymore, so they buy buy buy. And the result is, predictably, a complete mess, with each camp fighting internal political battles for turf.
Microsoft has a long history of buying up companies, both to quash competition and to expand its portfolio. Once upon a time, a viable business model was to create a startup, catch the Beast of Redmond's eye, sell the business, and retire. This works so well that other companies do it, too, even in the tech industry (e.g. Google, Facebook, Intel). In fact, I cannot imagine MS being the first to run this strategy, but they certainly made it work. Sure, there were some clunkers in the mix, but that is the price of business.
BTW, Eadon, do you do stand-up as well as written comedy? Good stuff!
Re: Time for an end to verbal skeumorphism
So a "verbal skeuomorph" would be a "lexiomorph?" We are not dealing with pottery here.
Re: Air bearing?
I think the "frictionless" portion needs some work. It is dependent on the fields of the two magnetic sets which are not uniform. You could see this in the video when the disks maintained their relative position to each other; when one turned, the other moved to stay in the same relative position. This can be used in things like regenerative braking and magnetic suspension can be used to reduce friction, but that does not seem to be what is going on in the video.
Re: Users Manual
Sounds like a controversial problem to me.
Re: It's worse than you think.
Having to deal with it in an enterprise implementation is at least as bad. What I don't understand is why folks persist in using Adobe's products for Flash and PDF. Besides the dubious assertion that it cannot be updated by a third party (how do you think most large enterprises handle their updates?), they pump out updates too fast to evaluate without managing to fix the underlying issues. I switched to a non-Adobe PDF reader a while back. There are some non-Adobe Flash implementations out there, at least according to the interwebs. I am going to have a go with them.
If this approach would become more acceptable in corporate environments, life would be good.
I was taught this sort of thing in wilderness survival training. You left off using bugs for added protein, though. And roof rabbit.
Re: Stupid question
Homeopathy does not work
Well, it does, but you have to choose your
victims patients carefully. As homeopathy's effectiveness is equivalent to that of a placebo, it should be administered only to hypochondriacs and other true believers in order to properly "treat" what ails them.
Re: the wrong way?
Well, reporting is great, but you might occasionally want to do something with your stuff. You might send a trigger to unlock the door for a legitimate guest. This sort of ad hoc request would not work well with autonomous devices. Integration has at least the potential for other benefits, to, not the least of which is ease of management. So in that sense, at least, the set-up sounds OK.
I would be more concerned with things like privacy issues and creating a single point of failure. AT&T is as capable as any other faceless corporation of selling all sorts of data about our personal lives... and this service would be very personal indeed. It has the potential for gathering and tracking an enormous amount of information (a complete and ongoing household inventory matched to individual members cross-referenced by buying habits, et cetera).
So the point of the central hub would be similar to other data gathering efforts: offer something that is convenient, swear to the people who will provide the data that you are going to sell that their privacy will be protected, then sell to the highest bidder. Extra points for getting the product to pay for the privilege of being sold.
Re: That sounds useful if I only want to read the document
Not tried Word Viewer (from MS)?
That was my first thought, too. One advantage, I suppose, is that this should provide the same functionality on non-Windows boxes. It might also be a step (or at least a feint) toward offering the ability to edit from within the browser.
The use of "groundbreaking" here is perhaps a little enthusiastic...
I would think breaking ground is exactly what should not be done with a transport rocket. Still, whether this is groundbreaking or not, having more options in the mix will eventually make space travel affordable to those of us with somewhat less than millions of dollars of disposable income. I am glad to see progress in this.
"Our report shows that businesses can greatly reduce the number of successful attacks against their organisations by identifying and blocking attack sources that are known to target multiple sites or applications."
Previously stated as, "Businesses can greatly reduce the number of successful attacks against their organisations by keeping their software patched and up-to-date." The fact that this issue continues to arise is a light in the dark for the black hats. Sure, this version of the goes a little further than the last, but the underlying weakness is the same - if the systems were not patched before, their admins will not be gathering information about attacks, much less sharing it.
Re: third-party attacks?
How many of these attacks are from organizations working for the Chinese government, and how many are from poorly secured residential machines that are being controlled by parties unknown?
From a practical perspective, it really does not matter unless pursuing the perps. If all you are concerned about is defending against the attacks and blocking these addresses stops that without causing problems, then this is the way to go.
Re: All the news that fits the agenda
Quite aside from the debate on CO2 causing or contributing to climate change, it seems to be having an adverse effect on our oceans.
Re: CISPA needs to pass
Let me help you out there, AC:
"Think of the children, then use them to do something that is completely against their best interests."
Careful Identity! You might set the spill on fire with that flame.
This changes (yest again) the concept of a what constitutes a primary offense (how low the bar is set as to what a person can be stopped for). It might seem to be a bit ridiculous to stop a person for jaywalking, but that can endanger other people (notably those driving too fast through town). Where should we draw the line? How about smoking in public? Should the perp be ticketed, hauled away in cuffs, or just given a warning?
@AC Space elevators in the land of science fiction
Some might point out that space elevators could be useful on lower-mass objects like Mars, the Moon or big asteroids. The problem there is that their GEO orbits are still proportionally far away - if GEO is close enough to use a space elevator, gravity is weak enough to use a simple maglev launch sled.
I had not heard of a space fountain before; I had always assumed the elevator portion of the space elevator would use magnetic lifting rather than mechanical. Also, setting up a space elevator on the moon might make sense in as much as it provides a lower bar to get over in developing the technology for use on(ish) Earth - plus, you get a nifty moon base as part of the package. Of course there would be other problems not covered by this model (e.g. wind sheer), and it would require getting there with all of the materials needed to build it or starting a mining operation locally...
Re: Well that couldn't have gone wrong anyway...
You think the Japanese and American military get their intel from twitter? What a twit.
Of course they do and from every other online source they can find. Not that the physical defense system is tied directly to a Tw*tter feed... at least not that I am aware of such.
Re: This could be an amazing development
Don't focus only on HIV/AIDS. This equipment is not limited to a single test and is very affordable. That is the big news in this story, not its potential to improve HIV/AIDS treatment.
...Iran spent just $US400,000 or $500,000...the USA, the story says has spent 50 years...[and]...about $10bn ...
I feel compelled to mock the cost overruns on both the Iranian and US projects. I have a proven and competitive product that will get the job done at least as well. Get 'em while they're hot!
Re: Dinosaur resurrection out of the question!
They are all chicken!
They all taste like chicken!
... Fixed that for you.
Re: Knew It Was Coming
To paraphrase T. H. White, if it is not completely bulletproof, it will be exploited. Just because I cannot think of a reason that someone might want to exploit a particular flaw does not mean that someone else will not come up with one, even if it amounts to sheer bloodymindedness. To take the given reasons apart
A) Where there is money, there is a way.
B) Because no state entity has ever gone after non-military targets or used civilian tech to go after the same?
C) Left off: non-state actors. There may be a few of these out there.
While this is not exactly a case of presenting a problem without having a solution in mind, he could have made a bit of cash if he had offered to sell the solution in the form of some handy applications that did all of that. If he were especially
greedy insightful, he could have offered it as a service through a subscription plan.
Chirgwin has it right, though: all of Ylonen's recommendations look to be common sense security practices. I would add requirements for documentation and regular auditing.
Well, yes, but that "almost" can count for a lot. For example, an experiment on the ISS might have to account for frame-dragging, but one conducted at sea level not so much.
Re: Steaming greenhouse
But the greenies ignore this, because they are instinctively aware that most water vapour in the atmosphere is due to the sun shining on the oceans, and all their nanny-state busybodying cannot change that.
Yes they can! With parasols... lots of parasols... on rafts... all over the oceans of the world...
Please provide an example of what you would consider an 'inherently secure' OS.
OK, I'll bite: one that does not allow a user to log on?
Re: Or perhaps America is the source of the DDOS
The economics of the attack are simple: the greater the value, the greater the incentive for attack.
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- 'Catastrophic failure' of 3D-printed gun in Oz Police test
- Game Theory Is the next-gen console war already One?
- BBC suspends CTO after it wastes £100m on doomed IT system
- Peak Facebook: British users lose their Liking for Zuck's ad empire