27 posts • joined 11 Aug 2011
Re: To be honest
I once ran a mail server on a connection which explicitly prohibited this. I noticed in the log once that the ISP was actively doing relay checks, but never heard a word from them. So they knew I violated their TOS but didn't care because it wasn't causing any trouble.
Still, it's annoying because a TOS like that can be used against you at any time. When running a business you really don't want that hanging in the air. In the case of google it cynical to find clauses like that in their TOS because they are always claiming ISPs should be net-neutral and not interfere with the content of the data. If they really believe in this they shouldn't care if the traffic on their network is bittorrent upload or files served from a webserver. But google only seems to believe in net-neutrality when it's in their favor...
Re: No problem
I wouldn't bother. The fire didn't affect the passenger cabin and didn't spread quickly. The driver was (according to Tesla at least) even warned about the situation. To me it seems the car handle the fire rather fine actually.
Re: Come on
"I call BS."
Nope. A dutch TV program which tracks origins of consumer products to show how they are created dug into this earlier this year. And yeah, the stuff exists, is being collected from killed beavers and being sold as a natural flavor. Getting a food producer to admit they use it turned out to be a different story, but the stuff exists and is being sold.
The two episodes covering this are online here:
The program is in Dutch, but contains some stuff (the start of the second episode) which takes place in Canada which are in English (with dutch subs). It shows a Canadian trader with a shed full of dried anal glands...
Re: The bigger picture
Equal opportunities, fine. Moving heaven and earth to get more women into IT whether they want it or not is a totally different thing. I've seen quite a few women in IT I'd happily work with (there is one I'm still trying to hire), and quite a few who should be doing something else. But the same is true for men in IT. The only opinion I'll have on women in IT will be based on the quality of there work. And frankly, anything else (even if you wrap it in big words like 'gender equality') is sexism. Isn't getting hired 'because you're a woman' the biggest possible insult for any woman looking for a job in IT?
It's time we get over this and stop bickering about this men-women thing. When that happens it stops being about us and them (which ironically might actually do more than anything else when it comes to women in IT).
Re: Not a Dropbox replacement... yet!
If you want sync, try http://owncloud.org/ That should count as a dropbox replacement.
[Mushroom cloud, because an ordinary cloud is just too cool]
Re: The difference between mobile use and drinking and simulators and reality
The simulator point is valid I guess, being in a real car with a real risk of getting killed if you screw up does (I'd hope) make a difference. I know that I tent to fall silent on phone conversations while driving when 'interesting' stuff happens on the road, because I get distracted from the phone call. In a simulator however, the call might well be more important, at least subconsciously. It is really hard to take a simulation just a serious as real live.
Re: Punishing whistle-blowers??
He wasn't punished for whistle-blowing, he got a slapped for excessively accessing confidential data. He was explicitly acquitted for the first time he accessed data which the judge deemed acceptably because he needed prove he could actually access the data. But once that was clear there wasn't a reason to access more files, especially not in the presence of others. A €750,- fine for reading and showing other confidential patient data doesn't seem especially harsh to me. Had he done no more then he needed to and had he reported it properly he would have gotten away with it. But he choose to make a show out of it instead of dealing with it responsibly.
And the patients fine was a suspended sentence, something the article fails to mention.
The patient got a suspended fine, so he isn't going to pay the fine unless he is stupid enough to make the same mistakes again.
The ruling (i've read it) is actually very balanced. This is, in short, what happened. The patient overheard a (weak 4 digit) password accidentally. He didn't take this up with the owner of the password, nor the organisation, nor the software builder. Instead he tried if it worked at home. The judge ruled this normally illegal but acceptable(!) in this case up to the point where it was required to prove he got access to the system. The judge fully acknowledged the bigger interest of the security of a system storing patient data there.
The patient then called Krol, and together they again tried if it worked. He was fined (again, a suspended fine) because he didn't try to contact any of the relevant parties but instead choose to show the password to somebody else. The judge explicitly acknowledged this would have acceptable if the issue wouldn't be fixed after reporting it in a relevant place.
Krol went a bit further (and got a higher fine as a result). After being told about the issue he tested it together with the patient. He downloaded a few files to prove he could actually access the system, which again was deemed acceptable by the judge. He then printed some of those files, anonymized them and called the Diagnostics for You, got a receptionist on the line who asked him to report this in writing so they could look into it. But he didn't, he also didn't push on or try calling somebody else but instead he called the local television station. They came over and filmed him logging in to the system and download patient data again, effectively showing sensible information to journalists instead of getting the issue fixed. This is what got him the fined, illegally accessing and sharing sensitive files even though there was no reason to do so.
This ruling actually provides a nice legal framework for responsible disclosure, it boils down to, it's OK to access systems when there is a bigger interest at stake, but report i at the right places, and keep the breach of privacy to a minimum. And if you go a bit out of your way there, you'll get a slap on the wrist.
Krol go fined, not for hacking but because he didn't do responsible disclosure properly. I've got no issues with that, most of it is common sense really.
Re: Yes the IPv4 space is running on vapour.
"And I know of quite a few businesses who have their own public IPs which are being used for internal PC use."
As in, using IP addresses the way the internet was intended?
Let them have one finger...
...and they will take your whole hand.
Re: But what about the cat?
May I suggest using a Cheshire Cat, they are well know for their ability to emerge and disappear in all sorts of weird places.
Re: Its ok Lars
I already saw prior art for that in 1955 ;)
Re: FRAND & Cross Licensing
This is exactly the battle which is going on at the moment. The old guys, which made mobile phone's possible in the first place don't like the fact that the new kid eats into there market share using what they created. The new kid with all the cool stuff thinks the old guys should be using his shiny ideas to create better phones as well. All I can say is something about a pot and a kettle.
Re: A new low
Who says 'redneck'? The real gem of the story is in this line:
"The employee was from Iran, WSBTV said, which is why he was able to recognise the language as Farsi."
If you're from Iran you are only allowed to sell iPhone, not buy them...
Operational databases are the ones where you loose money if a single record is missing or incorrect, analytical databases are the ones where the amount of errors only has to be low enough to be statistically insignificant. Storing your invoices in mongodb is a very, very dumb idea. Using a full blown Oracle installation when you want to know how popular a topic is on twitter is equally stupid.
Tool, job etc...
Isn't music simply 'out-of-fashion'?
I always feel get the impression everybody writing about the music industry overlooks the fact that there simply is less money to be made in music these days.
Music used to be a big thing to spend money on in the 80's and 90's, now there is a wider range of stuff music has to compete against. Kids these will simply spend less money on music because they are spending it on gadget, games and cell-phone bills. You can't discuss the music industry revenues without looking at the world around it. Music is entertainment (and perhaps fashion), and it that business a lot of new stuff has appeared. Music needs to compete with iPhones and World of Warcraft these days. A competition which didn't existed before and therefore is bound to make a dent in the revenue from music.
Re: Thanks for this.
"Quite why counterfeiters believe this is a cool thing to be associated with escapes me."
It wasn't the counterfeiters who invented the term...
They could, the issue is getting the guy with the camera in the right place at the right time. Those companies work all over the place. And a phone call asking where you can go to do an inspection spoils it a bit.
Re: tower climbing really only provides opportunity for death through screwing around.
@142: That's not a cell tower, nor a 3G antenna. It sure looks like a scary job, but it's in a totally different league.
Not fundamentally flawed.
Adding the cellular network as a second channel does raise the bar, but cellular networks should also be considered possibly compromised. The list of effective attacks against GSM is getting longer. On top of that you have to trust the users smartphone and there is lots of logging/monitoring going on in the mobile networks which might be compromised as well.
I'm not sure how stuff works in the UK, but my Dutch bank uses a challenge/response system where users need to type numbers (along with their PIN) into there the card reader. For large transactions the challenge includes the grand total of the transactions being send and for even larger transactions it also includes the account number the money is being send to. This effectively beats MITM attacks (provided users are paying attention) because an intercepted response is only useful for the transaction the user actually requested and modifications to the challenge will be noticed.
In the end a system which is immune to MITM attacks will always be better than using multiple channels.
It does give a whole new meaning to 'cross-site-scripting' though
It works very similar to WinFS, as the text states: "This is the same approach we have used with new file systems in the past."
So it will probably be hyped as a major reason to upgrade for two windows versions in a row and then be canceled.
There whill be an appeal.
Xs4all has already announced the will appeal this decision. For those of you able to read dutch:
https://blog.xs4all.nl/2012/01/11/persbericht-rechter-beveelt-website-te-blokkeren-xs4all-in-hoger-beroep/ and http://tweakers.net/nieuws/79292/xs4all-gaat-in-hoger-beroep-tegen-pirate-bay-blokkade.html
Of course it does.Of course it sounds like Victorian England, China is currently in their own industrial revolution. It will pass, just like it did in Europe, but it will probably take some time (just like it did in Europe).
Thorium looks like the way to go.
Investing in thorium based nuclear power is probably the smart thing to do. It means getting rid of quite a few disadvantages of uranium while keeping the benefits. Also, thorium is more widely available, while uranium will run out at some point as well.
Having said that, in the longer term electricity needs to come from renewable sources. I'm all in favor of loosing all nuclear power when there are better alternatives. The problem is the lack of alternatives which still work on a large scale.
It does make sense. In stead of relying on just the certificate send to you by the server and your local CA list it adds an extra check on top of that. You get everything you had before, plus the additional verification that the certificate is indeed the one Google bought and not one which was illegally obtained somehow.
It is a bit of hack, and it won't scale to be usable for the internet at large, but it works. This bogus certificate was detected because of that feature and might have gone unnoticed a bit longer otherwise.
Changes of employment
Suggesting the looters and vandals should work to repay the damage is rather ironic. For a lot of them this is probably their only change to get a job...
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Bugger the jetpack, where's my 21st-century Psion?
- Google offers up its own Googlers in cloud channel chumship trawl
- Windows 8.1 Update 1 spewed online a MONTH early – by Microsoft
- Interview Global Warming IS REAL, argues sceptic mathematician - it just isn't THERMAGEDDON