76 posts • joined 20 Jun 2011
Re: Nuclear Power
You read my mind. Add to those non-weaponisable nuclear forms things like molten salt and waste annihilating molten salt reactors, and we might get somewhere. But no-one until recently has wanted to invest anything in the development of purely domestic systems of nuclear power generation.
While scaling up is needed, I believe we also need to encourage and support any kind of sustainable business of any size, in any sector (not just I.T.). Even the very small businesses provide work for at least one person each (and often more). And, it's often the case that a few of those small businesses naturally grow to become bigger players and employ more people. From small seeds do big plants grow, something this govern-mint seems to have forgotten.
Couldn't a patch for operating systems have a default check message box come up for the user when a USB device is plugged in, asking them to confirm the type of device (and perhaps its manufacturer and model as well)? Such a check might not prevent every attack, but at least it would give the user a chance to stop any of the more obvious ones (like a memory stick pretending to be a keyboard or network interface, for instance).
Re: Don't buy a crap watch
Wave-ceptors are programmed to check for the time transmission every 24 hours, mine at around 0100 GMT. If it misses the signal for any reason, it won't retry. It can however be manually updated at any time, so with that caveat, it works fine (for me at least).
Re: Don't buy a crap watch
I have a similar watch, though it's by Casio. It uses solar power, has worldwide wireless time update, and, at least for me, doesn't rip hairs out of my arm when I take it off. Mine's quite old but still in the current line-up: WVM120J-1, http://www.casio.com/products/Watches/wave_ceptor/
Not an advert, just a satisfied customer.
Re: Perhaps sooner for IT.
It doesn't always cost more to outsource overseas. A small local team on local daily rates can produce a better result faster and cheaper, when the outsource option is going to a larger supplier with a set-in-stone process in place that they don't want to change, and so charge a bomb and a half for development that doesn't fit their development model. A case of the tail wagging the dog.
Re: FFS There is NO miracle cure
One of the things I've picked up from watching a number of programmes on Auntie Beeb hosted by Michael Mosley (a doctor who has subjected himself to a few dietary regimes to see what happens) is that the answer to obesity is not in miracle solutions like pills, superfoods, or any other crap. It's in having a healthy balanced diet and getting a reasonable amount of exercise. So I agree that walking to the shop, using the stairs, and in fact making the choice not to be lazy whenever possible is pretty much the answer.
The trouble is, it seems to be part of human nature to take the lazy option.
Re: >> Now, who was this musical entertainer?
Note the ;) in my comment...
Re UAT: Been there. Done that. Users just don't realise it's their jobs that will (in theory) be made 'easier' with their new system, so it's up to them to check it does what they asked for it to do.
Now, who was this musical entertainer? ;)
Re: Run the web site through the excellent SSLLabs scanner and see what's wrong.
After a bit of 'back of envelope' research, I have found that it turns out the ciphers for SSLv3 and TLSv1 are basically the same but with different names. However, on my servers the TLSv1 setting directly links to the SSLv3 cipher list, so disabling SSLv3 in the cipher entry causes the ciphers for both SSLv3 and TLSv1 to be disabled. I believe this is an OpenSSL issue that may or may not be OS specific, or related to the version of OpenSSL on my server.
Re: Run the web site through the excellent SSLLabs scanner and see what's wrong.
If you mean the Qualys one, that's the one I benchmark by. If I disable the SSLv3 ciphers on my web server, but allow TLSv1 and TLSv1.2, nothing for TLSv1 gets through (all those clients show 'Protocol or cipher suite mismatch'), but a few that use TLSv1.2 are OK.
Disabling SSLv3 on SSLProtocol in httpd.conf on Apache works, but disabling SSLv3 on SSLCipherSuite in httpd.conf is breaking my web server (and the same in my email server with tls_cipher_suite in imapd.conf)... :(
So how do we get rid of the old SSLv3 ciphers, and ensure that the TLS 1.2 ciphers are used instead?
(Browser: FF 32; Email: TB 31)
All proprietary software carries with it a risk - that there could be any kind of code inside that users can't see that could be doing any kind of thing with your computer or data. This applies to every company, be it the big boys like Apple, Microsoft, Google, or the little guys working on their own in bedrooms.
The retail and business releases of W10 should not, in any fair world, have any snooping code in them. But do we trust MS if they say it won't/doesn't have it?
Ultimately our usage of any software comes down to trust, both in the developer and other users, because we can't check every single line of code in every single program we use ourselves.
[ed: shurely shome mishtake, Dabbs?]
Ah, so that's where Shean Connery got to after the failed Scottish independence bid, he's now the Editor at The Register...
'Barack Obama oiling his owl'
Streaming (or caching via streaming) - pah. Do I really want yet another cloud service which gathers data on everything I do and everywhere I go? Add to that that I have no control over the quality of the digital music stream.
Give me a CD of the music that I want to listen to (that may not be available on a streaming service, or even for download) and I can choose to rip it to a file format of my choice (MP3 at highest quality with a decent VBR), put the resulting files on my microSD card and pop that in my phone and listen without breaks, adverts, or any other annoying shit. I retain control of what I want to listen to, not some spotty herbert who thinks they have the right to tell me what I should and should not like.
Oh, and if for some reason I want to, I can listen to the uncompressed* CD directly in better quality on my home system, and I have a decent source should I ever need to re-rip for any reason to a different file format.
Me? Grumpy? Never! ;-)
*uncompressed in the sense that it's probably the best quality most people can get. 44.1/16 is (most times) by definition a form of compression compared to an original recording, which, if I get really technical, is a compression of an actual real analogue sound itself.
To add to the government getting us deeper into the shit, they are also subsidizing low pay and self-employment through in-work benefits, which causes an increase in government expenditure while reducing the tax income*. This seems to have also had the 'unintended' consequence of making at least some employers think that they don't have to pay a living wage out of their profits and can just pay minimum and the government will always make up the difference.
As an aside, has anyone actually stopped to think why suddenly so many people decided to become self-employed? I have an idea, maybe it's because the private Work Programme providers (and by extension the public Job Centres) kept banging on at the unemployed to become self-employed as a way to trick the figures so they could get their WP pay-off from the government, because they sure weren't getting it from getting anyone into actual jobs (and unfortunately for me, I know this from being on the receiving end of such advice). So that increases the debt even more.
*technically, if all those people who are in low pay were on full unemployment benefits, then the government expenditure would be higher, true. But the effect in the long term is that low pay carries on for far longer and therefore over time the benefit expenditure is higher and the tax income lower.
I feel I must resist the urge to post any double entendres about my shaft*, despite being ages old, still being rubbery where it needs it while being silky and smooth where it doesn't.
Crap, I failed to resist that one, didn't I?
*my Wacom stylus' shaft, that is. What did you think I meant?
Re: ".. I can't be the only one who's seen the prices of the new iPhones..........."
"Yes you can compare a £500 iPhone to a Moto G - it's not that the Moto G is a bad phone (it's not) but it's like comparing (and pardon the car analogy) a Vauxhall Astra to a Mercedes."
I prefer to think of it more like comparing a decent spec Skoda to a Mercedes - The Moto G (I have a first generation one) is a well built, good quality phone that does what it set out to do and can be enhanced with apps from Google Play for pennies to do pretty much anything the iPhone can. Admittedly it's lacking a few of the bleedin' edge bells and whistles like NFC and a micro SDXC slot (even the latest Moto G is only SDHC - why?) but I've even got round the SDXC issue with a USB-OTG device, so it's doing the job nicely thank you. It just doesn't have an Apple badge.
Mozilla Firefox Updates Getting Too Frequent
I don't find Oracle's decision surprising. I'm considering sticking with the ESR releases in future as well. Too often Mozilla have introduced changes that have borked 'my' add-ons every time and it's getting very frustrating. I suppose it just goes to show that relying on another product as a framework for third party functionality is risky (relatively speaking). This issue affects a lot of other software as well, like WordPress; anything written for Java or .Net; in fact, even stuff written for Microsoft Office programs.
3D printing definitely has more development to undergo before it's particularly useful to the masses. But even then it will never replace mass production outright as the economies of scale just can't be matched.
So it will pretty much always be used for niche items such as: replacement parts for things now out of mass production (like car engine parts); small runs of bits for satellites (I believe NASA already do this); one-off body parts like prosthetics and other medical uses (bio printing of organs for replacement is already being done); hobbies (like the food printing mentioned, or any other art or craft); or prototyping, as already mentioned.
The biggest thing yet to be sorted out is the 'finishing' of parts. There needs to be some kind of addition to the process that cleans up the final printed part so that it feels like it's been mass-produced. Currently that finishing still has to be done by hand.
OK, I'll take the bait...
'Ten Summoner's' Tales is 'correct' in as much that it's an album by a single 'Summoner' (actually a pun on Sumner, Sting's real surname, just in case no-one knew) for which there are multiple 'tales'. Of course, it doesn't help that the album has twelve 'tales' on it...
Now waiting for down votes and explanations why I'm wrong...
I did a quick scan of the pdf file and found no mention of Microsoft Security Essentials. Bearing in mind that it's likely to be used by quite a few Windows users, and I didn't get the feeling the article was aimed at only non-Windows AV, that seems to be a serious omission. Coupled with the pdf not having a decent structure, not listing all AV software tested, and not giving a properly laid out set of results for each AV product, and I'm afraid this whole examination starts to look woefully inadequate. Which is a shame, as it appears to be attempting to highlight valid shortcomings in AV products.
Apparently Synology units are compatible with WD60EFRX (at least, the DS412+ is) according to their compatibility checker.
I didn't buy an Android phone until I felt sure I could root it and install a 'firewall' around the core (in my case I use xprivacy). Despite having to do that, and keep an eye on xprivacy settings too, I'm very glad I did as some of the app permission requests beggar belief.
However, I agree with comments above that such pullovering ;-) about shouldn't be necessary. There really should be a proper permissions capability built into Android right 'at the core' giving a user total control over what data and facilities can be seen/used by any application, without having to do such things as 'booting and rooting'.
Re: Anyone using any web based password manager is just an idiot.
You mean like my FB password on FB servers?...or LinkedIn - or El Reg, all my banks and financial institutes, Amazon, Ebay...
I think most people understood my comment to be about stored lists of passwords on things like cloud servers, and not about the individual password that has to be sent to a specific server to access the service(s) on it...
Re: Anyone using any web based password manager is just an idiot.
Store your db on Dropbox or Google Drive and use KyPass for iOS.
Please tell me you were joking.
First rule of passwords: never give them to anyone else. That includes putting them on someone else's server, even if the passwords are encrypted.
Re the article itself. I note this is for the web-based versions. I'm hoping the desktop local versions of the various managers are in a better state.
*I still haven't gotten round to testing out 1Password yet, but I will eventually.
Is it just me...
...or is this whole Google Glass thing starting to get about as close as we can to what William Gibson wrote about in 'Neuromancer'?
As per my reply above, I'm going to look into 1Password as an alternative. Thank you for the suggestion.
Re: Cloud = No
I think that 1Password looks like it might be a suitable option and I'll get round to evaluating it in the coming days. Thanks to you (and others) for this suggestion.
Re: Cloud = No
I am looking for something else, but I need an alternative that fulfills at least the following:
1. Is straightforward to use both as a browser filler and an independent password store;
2. Has all of Desktop (Windows), USB Stick (Windows) and Smartphone (Android) variants;
3. Doesn't require cloud for sync between PC/USB and Android;
4. Is verifiably secure;
5. Can be trusted.
It doesn't have to be free, but shouldn't be ridiculously expensive either.
Edit: I tried Keepass, and passed on it. While the local database seemed to be OK (though the import from Roboform was poor), I couldn't find a Firefox add-in that worked satisfactorily at filling in the login forms.
Cloud = No
It's just as well then that I didn't install the Android app after I recently purchased a Moto G. I realised they were asking us to put our encrypted passwords on their cloud server, in full breach of Rule 1 of passwords: never give them to anyone else (even if they're encrypted). It seems I was right to doubt the app as it potentially could be leaking the master password to them, meaning, even if they didn't have a back door built into the encryption (which I hope they don't) they certainly seem to have one 'by accident'.
I like Roboform as an application on my PC / USB stick where I control the data, but I do NOT like their Roboform Everywhere shit.
From the link in the article:
"The new RenderMan is being released in the timeframe of SIGGRAPH 2014 and will be compatible with the following 64-bit operating systems, Mac OS 10.8 and 10.7, Windows 8, 7, and Vista, and Linux. Autodesk Maya compatibility is with versions 2013, 2013.5, 2014, and 2015. Pixar’s annual maintenance program benefits customers with access to ongoing support and free upgrades."
Shouldn't that last line read 'The irresponsible operators have been notified, the researchers say.'?
So is this yet another case of nobody wanting to bother with checking out the security of their systems, and just throwing something into existence because they can? I wonder just how many more of these really piss poor implementations (of either hardware or software) we're going to read about in the next few years...
Welcome to the 'there's-no-such-thing-as-a-perfect-world' life despite what the cloud purveyors would have us believe. I am of the opinion that no critical system/software should be trusted to an 'all-eggs-in-one-basket' solution, but that's the way the 'clunts' would have us 'users' work. So I'm with Mr. Barnes and his reply above.
The problem I have with the paper (which I haven't read by the way, so I accept liability if what I'm about to say is wrong) is that the article and their comment suggests that they haven't come up with any ideas for mitigation of the 'improvements' for spamming they have proposed, which if they were decent folk, they would have at least tried to do.
Bridging IPv4 to IPv6
Well, if the setup of the IPv6 protocol hadn't been so against 'allowing' a way to bridge actively between the IPv4 internet and the IPv6 internet, then this issue might simply not have existed, as it would have been possible to have the two running in parallel (and able to talk to each other) for a gradual migration.
Re: Who names these things?
Well, the processors are, at least, full of silicon, so there is a comparison there to be made :)
Or, disable the USB storage - apparently it can be done - http://support.microsoft.com/kb/823732
Do you use them for accessing the internet, or for transferring files via USB or floopy disk to or from them? They don't sound like that kind of usage, so you will probably be ok running them until the hardware fails.
...are techies really the best people at doing the very people-centric job of networking and communication with lots of other people? IMHO, I think not.
What this article makes me think is that we don't have enough technical jobs in this country any more due to all the outsourcing, so now we've got to find something for the technically-oriented to do which isn't actually technical...
I'm going to put my head above the parapet for a shooting, and argue that this is not a good thing to happen. While iOS and Android are arguably good systems, it helps to have a third player in the tablet and lightweight device space. If MS is to stand a chance of making much headway then they need organisations like Mozilla to be there with their apps. While Metro for the regular desktop and laptop PCs is pointless, it's a good system for touch-screen and gesture devices and it would be a shame to see it fail because of restrictive capabilites put in by MS. Any well-known apps for it could only help its chances. Mozilla pulling out doesn't help it at all.
(need an icon for 'taking a bullet for my country', or being a devil's advocate)
PCs are now workstations?
The days of the PC as a consumer device are gone. It will live on as a workstation though, both in business and in the home, especially if we count serious PC gaming as a form of work-level usage, rather than just something purely casual. For all the casual stuff, the phones, tablets and consoles can do and are happily doing the job.
Other than a single drop out I've had no issues. Restarted modem and router and all has been fine since.
I don't think Plusnet are any better or worse than any other provider - most times their customers have no problems, occasionally they're struggling. How is that different to BT, TalkTalk, Virgin, etc.?
Admittedly the router I had supplied to me is pretty basic and probably not up to making many connections (i.e., more than a couple or three wireless connections at once), but it works for most usage scenarios. In the case of needing lots of wireless connections, it's up to the user to look into their usage patterns and find something after-market that works for them. How is that different than any other provider?
Only way to be sure...
...of security/privacy is not to let your data out of your own hands. Even encryption isn't necessarily a guarantee that your data won't be visible to someone, somewhere as a result of spying and malicious back doors. I can't even be sure that a personal cloud server on my own internet connection isn't susceptible to hacking.
Of course, it's all a matter of degrees. There will be some data that isn't sensitive and it doesn't really matter who sees it, but there will be other times when the data is in need of care about where it goes. I might be willing to put a music file or two on a cloud share, but not a CV (too much risk of identity theft). I might be willing to put game saves in the cloud, but not my medical records.
A Truly Secure System?
The only way I can think I'd be happy with my medical information being in an online DB would be for it to be in its own 'black box' - effectively its own little database program that only I and my doctor can have direct access to. Anyone else can only ask a simple question that can only have one of three answers: true; false; and null (or in more common parlance: yes; no; unknown).
In that way, if any medical search for a particular condition is needed, then all the 'black boxes' can be asked a question. For example: does the patient smoke? They get answers from the boxes of either yes, no, or unknown. Those that answer yes can be told to alert 'their' doctor accordingly and the matter can be followed up face-to-face with the actual patient. I suppose this in essence is like the black box being a medical avatar for the patient.
Of course, I don't expect any company or government department would even have a clue what I'm talking about (least of all the NHS in the UK :( ).
This is old news. Back in 2006-07, I was involved on a project for an NGO that was doing 'small, innovative and a bit risky' that was welcomed by the users, until the powers that be decided to outsource everything to Indian-offshored big I.T. suppliers. Apparently the users hated the result of that offshoring because all the responsive work we were doing at our small scale was effectively killed off by the bureaucracy of the outsourcers. Oh, and while I'm at it, we were also doing three month release cycles back then too. Funny that Google and Mozilla decided to 'follow our lead' ;)
Personally I think that to get Windows to have the level of hardware control desired would require Windows to have direct access to that hardware. So my answer would be for either a dual boot arrangement, or to have two separate machines. If finances allow for that much memory and Xeon processors, then money for more than one machine can't be out of the question.
Mr Dimbleby Take Note...
...at least the scorpion has eight legs.
Site Selective Image (and Video) Blocking
- Product round-up Coming clean: Ten cordless vacuum cleaners
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Vulture at the Wheel Ford's B-Max: Fiesta-based runaround that goes THUNK
- Worstall @ the Weekend BIG FAT Lies: Porky Pies about obesity