278 posts • joined 20 Sep 2011
Until this latest update, you could swipe over promoted tweets and get rid of them. That feature has mysteriously vanished in the new version.
Customers win from a race-to-the-bottom in the short term, but long term? I'm not so sure. To many other industries have suffered from consolidation and significant supplier failure rates in the race to the bottom, leading (in the end) to only a few big suppliers and less competition.
The entire motive behind this isn't innovation, it's a push to race to the bottom on *perceived* costs to the end user, by moving the costs elsewhere and hiding them (by making other companies pay). I fail to see how creating an unequal market place fosters innovation. If Youtube or Flickr had to pay for access to ISP subscribers from day one they never would have got off the ground.
The US telco market used to have something called reciprocal compensation. It was brought in after the Ma Bell breakup because the telco terminating an inter-LATA call received no compensation from the billing agency (the long distance carrier) for using their network. The originating carrier was compensated by the user in the form of their subscription. (why the terminating carrier didn't count the revenue from their subscriber I have no idea. Clearly the money they were charging for their line rental was too low. It's the same B.S. the ISPs are pulling now).
This lasted until the CLECs came along and figured out they could put dial up modem pools behind their switches and suddenly they were receiving millions of dollars a year from the ILEC for terminating dial-up calls to ISPs. Some CLECs initially built their business model on receiving those revenues.
The minute the tide turned against them the ILECs started screaming that it was unfair.
Of course it was - they rule they fought for was suddenly being used against them. To be honest, it probably was unfair. However the ILECs built themselves a nice little empire with access to millions of subscribers that they thought they controlled and that they could milk for all they were worth, including basically demanding other carriers pay them to make calls to their subscribers.
I'm waiting for someone to do the same to these greedy ISPs (most of whom are legacy telco's - go figure) who demanding money for access to their customers.
I thought one of the points of Java was that such string overflows shouldn't be possible?
Re: Australia anyone?
I think SATCOM ACARS was disabled, but the transceiver assembly remained powered. As best I understand it, Inmarsat sends the ping request and the assembly on the aircraft, independent of any other systems, answers. Unless they thought to pull the breaker for that subsystem it would always answer. It was probably not well known by anyone outside of Inmarsat before this incident.
Re: How do Autopilot systems work?
There was an European flight (Helios Airways Flight 522) where the maintenance people on the ground left the pressurisation system on manual, and the co-pilot didn't notice during pre-flight checks so everyone on board asphyxiated.
The autopilot continued to climb until it reached the pre-programmed altitude, and then continued until it reached the destination beacon and circled waiting for new instructions
That was a Boeing 737. It's possible the 777 autopilot behaves differently, however I would suspect not
The way the autopilot works, in general, is that it only stops controlling the aircraft:
- if manually disconnected / turned off
- if it detects flight envelope information it considers unreliable and therefore it is unable to continue. In that case it tends to trip the master caution alarm so that people know what's happened, and that is a fairly major alarm. In the AF447 case, it couldn't reconcile the flight speed/altitude information from the sensors so it turned itself off.
Any other behaviour would lead to the possibility of the plane entering uncontrolled flight (where no-one is positively controlling the aircraft), which is to be avoided.
Channel 5 report
Anyone else watch the Channel 5 program on MH370?
I found it rather lacking in credibility for two points
- The plane in the AF447 crash was a "Boeing Airbus"?
- apparently you can take control of a plane by plugging into the USB port on the IFE. Which is impossible as there is an air gap between the IFE and the cockpit systems. Boeing tried to share a transmitter between the IFE and the cockpit systems on the 787 and got thoroughly spanked by the regulators and they had to separate the systems.
Re: Australia anyone?
There are too many things against the emergency and pilots lost consciousness theory. The fact that the emergency happened between the handoff between Malaysian and Vietnamese ATC could be co-incidence. The plane then allegedly flew just under 30,000 feet along the northern border of Malaysia, which puts it in another zone which straddles ATC control zones - above 30k feet the rules are different (to pack more planes into the corridors), and by flying the border whomever was in control made sure that which ever controller saw the blip, they would likely assume the other side was handling it.
If the data above are proven true, then the emergency theory doesn't hold up - it looks way too much like whomever was in control didn't want to be found
Also, you missed one point - if there *was* a decompression event, the crew immediately get down to 10k feet or lower so they (and everyone else) can breathe. That didn't happen. If they couldn't descend, then they also couldn't reprogram the autopilot to take them back. An event that knocks out ACARS, the transponder, the voice radio, *and* all flight controls is unheard of and extremely unlikely. Even if the radios aren't redundant (which they are to a degree - there are at least two voice radio systems on a modern jet), the flight control systems *are* redundant
IMHO, the hijack theory is the one that makes sense given the currently available data. The questions that remain:
- who hijacked the plane - the flight crew or someone else?
- their motives
- why apparently leave a RADAR track going north from the Malacca Straits, and then apparently turn south towards Australia?
Re: Looking for what isn't there?
Uninterruptable telemetry is nearly impossible for a reason not mentioned so far - the system needs power. All the power drawn for the planes systems comes through the main power buses, and unless you do something insane (like hard wiring it into the planes power buses with no breakers), then there will be a way of stopping the transmission as all they need to do is pull the breaker.
Even if there is a small battery in the device to provide some power after power loss, e.g. both engines flaming out so the main buses go dead, this plane flew for *hours* afterwards, so the last "burst" saying "HELP! I'm over here!" would be thousands of miles out.
Re: It's Secure*
Sorry, poor phrasing
The servers pointed to by their MX record offer STARTTLS
Re: It's Secure*
Also, if people send you an e-mail from non-gmail servers the MX record offers STARTTLS, and the certificate appears to be genuine, however:
- I suspect most mail servers don't try STARTTLS when delivering mail (at least in my experience)
- even those that do STARTTLS, most of those won't validate the certificate so MITM attacks are still very real
Also, unless you use PGP or S/MIME to encrypt the contents of the e-mail, it's still stored in plain text, so any intermediate SMTP operator can read your e-mail or it can be intercepted.
So being able to browse your mail over SSL is all well and good, but it's still not secure.
You're right, sorry, there are computer assists on the 777, but from memory there is a big button on the control column that overrides those computers. The Boeing mentality is that "computers can be mistaken, people should always be able to override them". So unless the hackers rewrote the proprietary control systems to disable that feature, there is no way to control the plane from the ground like that.
I don't buy the fire theory either. If the autopilot was reprogrammed to go back to the beacon of an airport, it would have just kept circling over the beacon waiting for more instructions, not head off on some random course.
Also, if there *was* a or some other event that caused the pilots to don their oxygen masks the first thing you do is descend rapidly to a point where you can breathe unassisted because the pilots know those masks don't last long and hypoxia will guarantee the death of everyone on board.
ACARS, the transponder and voice radio are all different systems. I find it difficult to explain why they were all knocked out
I also laugh at the front page of a British bird cage lining manufacturer which stated that the planes systems were hacked remotely. Uh. Sorry, but a 777s flight controls are not computer assisted (unlike Airbus) which means that explanation is about as likely as truth from a politician.
Re: what happens
Probably depends on what mode the autopilot was in. There are multiple modes, and altitude hold may not have been engaged.
Various newspapers have been given full copies of his archives already. Which is why the British Government went to The Guardian and oversaw destruction of one or more hard drives that allegedly contained a copy of the documents.
Quad core may not be 4xthe same core
The assumption a lot of commentators appear to be making is that the quad-core CPU has all the cores of the same type and capabilities. Some recent ARM technology is to bundle a simpler, lower-power core which is used for basic tasks when the bigger cores aren't needed for heavy number crunching. Not sure it would make sense to have two lower-power cores.
I'm sure that putting a nice notice on peoples accounts reminding them to obey local/state/federal laws will make EVERYONE stop doing anything illegal and fall right in line (!)
This isn't a freedom of speech issue, although I'm sure the NRA would make it one.
Flip side is if BT can recoup more of their costs then high speed broadband can be rolled out to more places. If OFCOM is setting the price for LLU too low then BT have no incentive to invest as the competition will come in and not pay enough to justify the FTTC or FTTP investment.
No, I'm not saying BT should be able to charge whatever they want. However, there is a case to be made that if the prices paid to BT are too low then they have no reason to make the investment in the first place.
My exchange is FTTC enabled but my cabinet doesn't have the connection density to justify the upgrade, so I'm stuck. Something has to change, and that could include the ROI that BT get on the investment.
Of course, the fact they deployed a new cabinet as copper in the first place is just dumb
Re: The wonders of tenders
Actually, I don't understand the "20 suppliers" part. They want to split the mail service up over 20 different providers? With different mail systems? Calendar interoperability and directory services would become a nightmare. Or are they splitting the platform into different bits? Mail, directory, etc, going to different vendors? If so, who gets to host it all?
Re: I may sound stupid but..
some companies buy others just for the userbase. in this case I think they want to drive more users to the facebook messaging service so they can gather more data on their users to sell to advertisers.
I don't believe the "WhatsApp will remain autonomous and operate independently," bit at all. It will be integrated into the main Facebook platform. Operating independently doesn't make any sense. The only way Facebook can justify the cost is by merging the platforms.
Since Apple has software they sell on both the Mac app store and the iOS app store, are those revenues reported twice in that graph, once in the app store an once in the appropriate category?
Re: The annoying thing is...
I've always wondered...
I, as a non-US entity, can buy shares in Apple
Could Apple use their non-American cash piles to buy their own NASDAQ traded shares from their non-USA operating entities and then cancel them that way, or do they have to be bought in the USA?
Re: Peak apple?
@ Simon Buttress
They're being hammered because of several things:
- the analysts expected better results than what was reported. this probably says more about the value of analysts than anything else. there are plenty of El Reg articles commenting on the fact that analysts are largely useless as they try to take rumours and then earn a living from telling you what to expect. honestly, if analysts knew what they were doing they'd earn a much better living off their own investment portfolio than they do as analysts.
- the future guidance was low. remember that you're commenting on what has happened. that is largely irrelevant. investors own stock because of what the future holds - in other words, they expect the stock to increase in value and that dividends, etc, keep their wallets fat. if they think that a company won't be able to deliver on growth they find acceptable they'll dump it like a hot potato. the fact that they continue to expect record growth each Q when the smartphone market is obviously approaching saturation or is already saturated is clearly unrealistic, but that doesn't stop them from punishing companies who fail to live up to the analysts expectations.
Re: Oh the irony
The difference is that under the GPL, they can do that to RedHat because the code is open source. Just like CentOS can ship RHEL without any fees whatsoever - they just can't call it RHEL.
Solaris isn't permissively licensed and therefore the situations are not as similar as your comment suggests.
Re: So they are charging a fortune...
There may be work behind it, and there may be justifiable ongoing running costs. However, in situations like this the product manager typically goes "what will this be worth to the end customer" and bases the price on that. Hence the spin in the e-mail about protecting your brands reputation - or in other words, is your brands reputation worth $1,350.00 a year?
I would tend to suspect that the price given to end customers "to recapture the costs of maintaining this extra level of security" are significantly higher than the actual cost of delivering the service.
First openntpproject URL is wrong
There used to be an article feedback link, but I can't find it anymore, so posting here
The first link is wrong
The HTML source shows:
Re: Argument seems illogical
MAE-West (remember that?) suffered a massive outage in the 90s from a power outage where they got the generator running but it didn't provide aircon and it fried most of the equipment in the room from the heat. Rebuilding the equipment in the facility drained most big router vendors spare parts stores for all of the USA.
(the story I heard was there was a gas leak so the fire dept. killed the power to the street, MAE-West ops people dragged the genset outside the exclusion zone, fired it up, got the NAP running again, but in the summer heat in San Jose, CA, the temps in the room quickly exceeded the operational specs for the routers and switches)
You also never EVER want your aircon on UPS, even if you could size the UPS that big. The motor load from the aircon does nasty things to the inverters in the UPS. You need the UPS sized to carry the compute load for the genset spin up time plus the clean shutdown time of the compute load if the genset fails to fire up. The 1.6 megawatt genset at my last job could spin up from complete stop to carrying load in under 5 seconds from the time it was signalled to start (or so the suppliers claimed - I don't think we set the transfer switch that aggressively)
Re: I married an eye surgeon
One of the risks that is definitely NOT advertised by LASER eye surgery places is that if you later develop cataracts then the treatments are more difficult or not possible due to the LASER eye surgery. My dad was told this when he went in for cataract surgery a few years ago.
Stick with glasses or contact lenses.
Re: Yahoo layout boohoo
surely Thunderbird is only your friend if you pay Y! more to get POP or IMAP access? As far as I was aware those protocols weren't available by default and needed a yearly subscription.
Geo-ip won't help much
According to http://bgp.he.net/AS51040#_peers the IP range is hosted on it's own BGP ASN (AS51040) which is multi-homed to 3 different providers. Their IRR record seems to indicate that they could announce their prefixes to as many as 6 upstreams.
That makes it easy to move between providers as they come under pressure to cease the connection or face the Wrath of Khan, I mean, The Music and Film Industry.
I'm somewhat amused by the IRR record that states it is for "Piratpartiet North Korea"
The fall-back system to flight strips (the "cards") will probably also fall back to manually looking up and dialling the controller you have to hand the flight over to when it runs off the end of your RADAR screen. i.e. instead of a 20% reduction in capacity it's probably closer to 50% because of the added workload.
The manual dial system is what worked for decades before all these fancy computers came in and cocked everything up.
People who don't take basic security steps, like anti-malware and anti-virus, also trend to choose dumb passwords!
Providers need to put basic checks into their systems to prevent such passwords in the first place. Just because 12345 is the combination for your luggage doesn't mean you should use it for your bank accounts!
Has the ASA ever made an enforcement ruling while an ad was still in widespread use? If not, it's entirely a waste of space, especially if it cannot force repeat offenders (such as ISPs) to stop being naughty.
You forgot one thing...
all good things must come to an end
You forgot to justify XP as a "good thing". Familiar, yes. I'm not sure it is "good" any more.
Since it's EOL was announced support for new hardware isn't guaranteed (and I suspect a lot of new wifi dongles/cards don't support XP very well, if at all), and the less said about it's IPv6 support the better.
Re: It does make you wonder what sort of hardware our banking network is running on.
I've not seen any indication of hardware failure in these incidents. It's all process or software related.
When I opened a bank account with RBS in my local branch in 2003 I found their office computers were running OS/2 (the banking app that the guy was using to open the account crashed and I saw the desktop). I suspect that's because the backend was an IBM mainframe and they were using one of the proprietary IBM communication protocols. The desktops (and ATMs, which also ran OS/2 for the same reason) have all been upgraded. You can see the result of the ATM upgrades on flickr and other photo sharing sites - Windows error boxes all over the place.
The backends? To be honest I'd probably trust a 20+ year old IBM mainframe that's under a proper support contract than I would a lot of the newer gear and newer OSs.
Re: about time FCC got off the dime
even better, I know of places that keep the ESS systems in place so they can say there is no room in the CO and that they can't allow other carriers to locate equipment there for unbundling services.
There's also a story I heard about a non-RBOC carrier who had a switch delivered many years ago (>10), but since the order was placed they'd started moving to a packet switched architecture and wanted to cancel the order. The manufacturer refused until the carrier said they'd take it out into the middle of a field and blow it up as a statement that circuit switched telephony was dead. The manufacturer suddenly changed their minds and took the switch back. Not entirely sure I believe that story myself, but I've heard it several times.
Cisco lost the plot long ago
From various people who work inside large enterprises, Cisco appears to have lost the plot quite a while ago. From personal experience, the 65xx chassis was massively underprovisioned in terms of backplane speed for the port density it provided (and this was back in 2002 when I worked at a large ISP. They haven't revised the backplane since AFAIK).
Cisco's answer? Push behaviour modules. Want your firewall in a blade? How about your IDS and IPS? Oh, and your e-mail hygiene product too!
They tried to cover up the lack of backplane bandwidth by pushing stuff that really should not be in a chassis slot in the first place. With the benefit for Cisco that they get to sell more switch chassis also!
The "cloud" companies moved off Cisco a while back, especially Google. If you take a minute to think about the way Google FS works, you'd realise why.
Re: Archaic architecture
That only applies at small scale
There is no PC on the market today that can cope with a real workload, e.g. 3xOC192 and multiple 10GBE links. The PCI Express slots just aren't designed for that.
Do you trust the SSL cert? The NSA, GCHQ, etc may be able to get a signing cert from somewhere and issue their own "fake" SSL certs on any box they like and have them accepted by the browsers as valid
Encryption without authentication is pointless
Encrypting the traffic by default is pointless unless you can authenticate that the system you think you are talking to is actually the system you want to talk to and not some intermediate spook system.
Mandatory encryption would therefore fail to solve the NSA "problem" because of the lack of trust in the authentication systems, i.e. the certificate authorities. They've been proven to be the weak points in the system before. And if people *don't* use authenticated certificates, then the mandatory encryption is pointless.
"I suggest you try SSL between client and server, with TLS between servers."
While that IN THEORY prevents snooping the message as it is transiting between servers:
- most MTA's do not enforce certificate chain validation of the certificate provided by the remote MTA, so spoofed, unsigned SSL certificates will generally be accepted
- that doesn't address the e-mail being stored outside your network border, which will invariably be in clear text (very few servers encrypt on disk, Lotus Notes being the only one I can think of and even then it's not on by default)
Clearly Tom Bakers time on screen was due to his equally long scarf.
Why on earth do they need the full content of the e-mail to pull down someones Linkedin profile? Surely all they need is the header From line, and maybe the To and CC lines if they're pulling down the profile for everyone on the e-mail?
If the complete e-mails pass through the Linkedin servers, then to me, the entire system is designed backwards. The client should pull down the mail to the phone and then make a request to Linkedin to see if any of the header From/To/CC addresses are recognised. End of story.
Re: What am I missing?
Yes, but HTTPS requires a valid certificate, for which you have to pay for.
Not entirely true. I've had a SSL cert, recognised by all clients I've tried so far as signed by a trusted CA, on my personal mail server for years without paying a penny for it.
So where are the "voluntary solutions" from the content industries to make their content more available? I recently tried to give them money for some content in HD just to find out it's not available in Europe. I could buy the stuff from Amazon in the USA and have it shipped over, but that's a risk since the MPAA love region locking crap for dubious reasons.
If they keep shooting themselves in the foot, they shouldn't be surprised when people go to "unofficial sources".
And maybe they should stop assuming that spending hundreds of millions of dollars on a single film will rake in the moolah. Make the films cheaper, and charge less for cinema tickets, DVD and Blu-Rays and see what that does for legal consumption.
And so it begins
Since Facebook has to make money for it's shareholders, a gradual erosion of privacy will happen to force more content to be readable by everyone so more pages can be served up and more ad revenue generated.
However, in a series of meetings in Bali last week, China took a more conciliatory tone, indicating that it was prepared to shorten the list of products it wants excluded
What are they asking for in return for their "concessions"? I doubt very much whether they are going to reduce the list of exclusions without getting something else in return....
Unicode needs to be taken out back and shot
Not just shot once, but repeatedly.
One of the principals of Unicode is to separate the character from the representation of the character. In other words, ASCII 65 (decimal) is "A". How your system chooses to display "A" is up to the system. The character is transmitted as decimal 65 no matter what the display representation is.
Unicode promptly goes on to rubbish this ideal.
Pre-Unicode Asian fonts had "full-width" representations of ASCII characters so displays that mixed ASCII and Japanese characters kept their formatting as the characters had the same width, while the usual ASCII characters were narrower and hence broke formatting.
Unfortunately this lives on in Unicode, shattering the idea that the display of the character is independent of the code point of the character because there are now two different Unicode code points that both print out a Latin-1 "A" (and also the rest of the alphabet and numbers and punctuation). In reality, the full width "A" should not be U+FF21, it should be decimal 65 with the renderer deciding if it should be full width or not.
This has caused me more than one problem in the past with things that sometimes correctly handle the full-width and ASCII mix and sometimes don't.
I read in a different article on this subject that Samsungs outside legal council did NOT share the confidential documents directly with Samsung. What happened was that the legal council hired some 3rd party to write a report on the confidential data, and did NOT mark the report as having the same level of confidentiality as the documents it was based on, despite directly quoting the source documents. It was this report that was shared with Samsung, allegedly.
It would be good if someone could clearly state what happened, as there are several different versions of this story floating about and while it doesn't change the fact that data was shared with Samsung that should not have been shared, it might be human error (in not marking the report as confidential) rather than deliberately violating attorney privileges.
However, there is no argument - Samsung should have known that they should not have had that data, and the fact they went on and allegedly used it in contract negotiations is highly indicative of the morals and character of Samsung executives.
<quote>I love how their power/internet bills were all paid up until the 1st of October, and no suddenly since they apparently have no money to pay them, they've been shut off with no notice.</quote>
It's more secure to leave a minimalist "We're not here" website up than the full website which could get severely pwned before the muppets on Capital Hill get their act together.
There's also a ton of infrastructure behind a lot of the sites, that will probably be turned off (or at least secured from being available online) for similar reasons.
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Leaked pics show EMBIGGENED iPhone 6 screen
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Episode 4 BOFH: Oh DO tell us what you think. *CLICK*