533 posts • joined Friday 15th June 2007 18:33 GMT
I've always considered PayPal to be unsafe for transactions because it's lacking consumer protections. Partnering with a good solid system like Facebook solves all of that.
Re: More critical reading is needed
Try reporting hacking incidents and it's clear that the Chinese government is all for it. To start with, the network contacts for Chinanet and many of the Chinese schools have been fake for about a decade.
South Korea and Taiwan are probably involved too. Maybe not directly or intentionally, but they have incredible numbers of bots that are constantly hacking away at every IP address on the Internet. As with China, the network contacts for HiNet (Chunghwa Telecom) and KORNET (KT Corporation) are not functional.
So they've never heard of local buffering? They're probably sending 2Mbps - not a big deal to dump into flash.
"But to use the malware removal tool you have to install Java and this is perhaps not the best idea especially since the language has become a prime target for hacking attacks of late, as Sean Sullivan of security software firm F-Secure notes."
Install Java but don't enable the browser applet plugin. Java by itself is no danger.
Re: Explicit Kill Switch
All cars should have a mechanical handbrake that kills the ABS power when lifted. It's not such a large kill switch to unsafely disable the car but it's enough to stop when the electronics are malfunctioning. (I've been in Cavalier with crap electronics. If the ABS says you can't use the brakes then you really can't use the brakes. The pedal pops up with more force than even the pedal can withstand.)
I looked at the PDF briefly (as fast as it could scroll) but didn't see how this relates to humans. Perhaps The Reg could bring out the Playmobil set for those of us with a short attention span?
Re: Glass platter
I opened up some of those IBM "Death Star" drives and I recall the platters being incredibly strong and more flexible than aluminum.
Yet another bad research paper
I don't think I've ever seen TCP run at 1/30 efficiency except when selective ACK is off and hardware is failing. Making my ADSL2 or WiMAX connection 30x faster would break the known laws of physics for crappy telcos. I could turn down the ADSL S/N ratio until I'm burning away my all FEC bits and I'd only get 1.2x throughput. Maybe they mean that their protocol has 1/30 the latency of TCP on a network that's heavily congested with TCP traffic? If they've come up with a super-polite traffic-avoiding network protocol then they can expect people to tune it to be greedy like TCP.
Not in the clouds but the sand
Hopefully this fourth wave finally drags Yahoo out to sea and buries it. They're a vast digital ghost town of run down services with no inhabitants. Their web portal is a complete wreck of ad content that hijacks the page layout. It won't load reliably without an ad blocker yet links don't work with one. How is this same portal is going to safely collect data to build an "interest graph?" I see maybe two Yahoo e-mail addresses a year that aren't a 419 scam, phishing scam, or spam from yet another person with a stolen Yahoo account. The ROI of firing the anti-abuse staff should be clear now.
My smart meter is useless for finding ways to save energy. What works much better is going around the house with a handheld infrared thermometer. One big warm spot traced to an Onkyo slave amp that was consuming 150W in standby mode. Some wall warts were running hot enough to justify replacements. I also know where the insulation has fallen off from under the floor.
Hash before encryption is it. Nobody will know what is in your original and personally created data but the hash matches will allow for reverse lookup of known files. Very small files could be brute-force decoded. It's not great privacy.
Big hashes do create false positives sometimes so there can be data loss. Sure, it's a chance of 1 in an nearly infinitely big number, but the amount of data in the world is nearly infinite too. Math says that a smaller number of bits can't represent all the patterns of a larger number of bits.
Google rose to power by leveraging free software (and stolen content) like no other company had done before. Companies claiming it was unfair were left in the dust. I'm curious what Google will do when China does the same back to them.
Re: Why are they backing up to a Flash Drive in the first place?
A USB drive can be used to bridge the air-gap protecting a critical system. It works well because it's a manual process that can't run itself while everybody is away. Of course, you need to keep an eye on the details or all of that security is pointless.
Bendy Korean phones? We need new slang. I call my Samsung Galaxy SII a 'brick' because it's a solid rectangular mass that often performs no function except being that mass. I can send it to Samsung for warranty repair but then it comes back completely 'bricked' and needs the ROMs re-flashed by Sprint. The next generation is going to think we're nuts when phones are flexible.
Click to activate
You should set ALL browser plugins to only activate when clicked. Plugins are used for complex tasks that HTML 5 can't handle, and complex tasks always have bugs.
Re: Time to prepare for more cases of electromagnetic hypersensitivity?
Luckily, 60GHz won't penetrate your your head. Crawly skin is still theoretically possible if the WiFi transmission pulses happen to sync with your nerves. (Sensitive people should try setting a 1000ms beacon interval.)
A mix tape of hair metal ballads for you
This tech was a big deal towards the end of the 1980 decade when analog cordless phones talked to your landline base station at tens of MHz and Radio Shack still had electronics. First cordless phones had a sliding frequency switch on the handset and base. Next they had a frequency hopping button on the handset. Finally they hopped frequencies themselves. No multiplexors, no QAM, no side bands, and no codecs; just simple 1980s analog processing. Good luck with the trolling.
If it was...
Dialup: USB 3.0v.2
DSL: USB 3.02+
WiFi: USB 3.0g
Cell: USB 3.0 LTE
Apple: Corona Cord
Windows: Enterprise USB
Audi: 2013 USB S3
Bargain bin: USB 3.0 v2.2 ultra speed 1000GHz
Government: USB 3.0 Section 521, Article 134.5.c
Re: What do you do with it afterward?
Disposal? It's another form of inert solid carbon atoms. You can buy low grade sheets of it called "pyrolytic graphite" at electronics stores. It feels a bit like paper but can be infinitely sliced horizontally like mica. Hold one side of the sheet to a candle and it will burn your fingers. Place it over a very strong magnet and it may levitate. Those small sheets are used for spreading heat in high power microelectronics.
And next to Polaroid
I'll set up a kiosk where you can drop in a Polaroid and get a digital image, converting those misguided gifts back into something useful. For a few more pennies I'll send it to Shutterfly where they'll have backups of backups of backups keeping the bits safe and ready to convert into a new retro gift.
Only spam works at China Unicom
There hasn't been even a slight glitch in postscan, spam, and intrusion attempts coming from China Unicom to my firewall. The official contact "firstname.lastname@example.org" still doesn't work. Its a surprise that outgoing packet rejection still needs to be done on China's side.
Re: Hurry up Google - switch off H.264 on YouTube.
I have yet to see tests showing that VP8 is more efficient than H.264. Would you rather pay your regional telco monopoly more money for more bandwidth?
Efficient codecs that play at 60 fps are REALLY hard. That kind of research is not within the realm of your average open source developer.
Don't hold your breath
Many of us with the "Epic 4G" version of the Galaxy SII still have unresolved issues with the phone after over a year. GPS radio dies, cell radio dies, Bluetooth dies, WiFi/3G/4G goes to sleep while in use, the notification light doesn't work, it destroys batteries, and the soft keys don't always work. The camera works well but forget about using it as a phone or data device. Samsung repair says it "passes all tests", even when they have returned it to me dead, and Sprint has never been more helpful than removing bad software patches installed by Samsung.
Re: I wonder if there is a way to process atmospheric CO2 into graphite?
Bonding the carbon and oxygen atoms together produced the energy that's running the world. At least as much energy is needed to pull them back apart. There are solar powered devices that are not only capable of pulling the atoms apart, but can self-repair and self replicate. They're called plants.
It's the caption's fault
"A really, really, really big hole (click to enlarge)"
For when the world isn't perfect
I use NAS for backups so I like to see some protection against the usual problems.
What happens when a power failure interrupts writes? What happens when the NAS is in redundant mode and a disk fails? Does it send an e-mail, blink an LED that will never be seen, or pretend like nothing is wrong? What happens when a failed drive is replaced? Can bundled drives be replaced under warranty without long downtime? There are plenty of NAS out there that claim RAID 5 protection but are unusable for days when something goes wrong. I recall and old D-Link and a more recent LaCie 5big that needed to be wiped clean and shipped for warranty drive replacement. Even if they had simply sent me a new drive, they would have needed days to rebuild too. I don't like being without backups for days/weeks so I end up buying a different brand of NAS and giving away the old one when it comes back. What a waste of money.
Shrinking the font size on stone tablets
This two dimensional surface nanotechnology is cool but the third dimension in hard drives remains enormous. Memory circuits that could be laid down in thin layers would have more storage even if the two dimensional density of each layer is very low. More research there, please.
Not clicking that
"Kindsight therefore has a vested interest in talking up the malware threat..."
That's not what's tainting the results. Most people would never install Kindsight's software. Those that would have likely installed many worse things.
You can sum up what the iTunes universe should do in just two lines.
iTunes - Gather a big list of media and play it.
iTunes Store - Figure out what you like and sell you more.
Neither does a good job at those simple core requirements. Shoveling more iCloud at it isn't the fix.
The other first
When are you Brits going to stop calling the second floor a "first floor"? "First above the ground" makes it, from any rational point of view, the second floor. I can see the French doing it to preserve quirky ancient cultures and all that, but this is a bleeding edge, high tech, serious online publication here. Even computer nerds know that an element at index zero is the first element, not the first after the zeroth.
Build, sell, dump
Today we have expectations that a very complex product might not be 100% when it's first sold but it will be 100%, or even better, with a software upgrade that comes out soon after the purchase. What I've been seeing more and more of is that companies sell their tech long before it's ready and then immediately abandon it. Customers feel cheated and boycott the brand for years. That's the experience I got with a very expensive Panasonic TV (MPEG4 never implemented, Netflix failing, YouTube failing) and a very expensive Panasonic HD video camera (false resolution claims, missing software, and AVCHD metadata is incorrect). My mother had that experience with an upscale Panasonic microwave oven (blew internal fuses due to a power inverter design flaw).
The best news for Panasonic is that their competitors are doing this too. The bad news is that people may spend their money on non-tech instead.
They're amazing for a cellphone but I call BS on the resolution. Zoom in to the high res images and search for anything that has an optical resolution better than 3x3 pixels. It's not there. The prototype sample photos from Nokia actually had 3x3 bricks where there were unmasked defective pixels.
The technical white paper indicated that there are 41 M sensors for superior noise reduction and digital zoom, but said the rest of the hardware must process a downsampled or cropped image. My bet is that the marketing department demanded the 41Mpix back even if it meant upsampling after downsampling.
10 in 1
Running many JVMs is awful for efficiency, just as is running many OS VMs. The JVM was designed to run friendly apps concurrently with very little coding effort. Potentially hostile apps may be run concurrently with a bit more effort but Oracle will need to address that trickle of vulnerabilities that are posted each week.
I remember when...
you had to use a chisel on a rock.
It seems to me that the longest surviving storage medium to date is DNA. The best way to keep data alive is to keep reproducing it with error correction.
Shut up and pay
Apple managed to take a lot of power from the telcos with the first iPhone but most customers still don't control the very phone they pay so much for. The mix of Google, Samsung, and Sprint screwing with the software has made my Galaxy S2 unreliable at best. Now I'm one of the many getting stuck in roaming mode without service. Me repeatedly sending it in for warranty repairs is more of a protest than a way to make any actual progress.
Nobody wants Java to be a mega-system. The JVM is quite impressive, language is functional, and most of the standard edition libraries work very well. Oracle should stop throwing everything into the bloated "Enterprise Edition" classification and focus on simple modular solutions to specific and well defined problems. They might even make some money on it. A marketing model of creating specifications so complex that only Oracle can provide implementations isn't going to work. As soon as I see a new feature listed for "Java EE" I stop reading.
One feature of Enterprise Edition Java web servers is multiple contexts. This is where multiple applications can run on a single server and JVM process but in complete isolation. The advantage of this is greatly increased memory efficiency and simplified management. The disadvantage is increased complexity and the need for a Java Security Manager. From what I've read in the exploit sample code, servers running multiple contexts are vulnerable. Specifically, the big Enterprise Edition servers that big companies pay Oracle support for. A JSP file should be able to execute code outside of its context the same way an applet would. Distributed/Cloud computing servers that execute sandboxed tasks from JAR file may be at risk as well.
Re: Different Java editions
It's about escaping the security layer by having trusted JVM classes run your code in their environment. Normal Java applications have no security layer or any need for it. The security layer is critical for auto-loading applets and multi-application web servers, though. Not only are web surfers at risk, but also the big corps funding Oracle's paychecks with those bloated multi-function Java Enterprise Edition server deployments. This hole means that almost any employee can hijack a corporate Java web server and the web server's role with a little malicious JSP code. (Smarter businesses running single function servers with no security layer have nothing to fear here.)
It makes rain so it must be a...
Apple, Microsoft, and Amazon are data centers. They are not a cloud. The cloud is when your computer has full access to the systems of your choice. The cloud would be you, your family, and a few friends having online storage in their homes that you share with each other. There's nothing technically new or difficult about software to aggregate multiple systems into one robust virtual device. The problem is that ISPs have money making monopolies/duopolies that must be protected with tight customer usage controls. You don't get a static IP address, you aren't allowed to run servers, and anything that doesn't make the ISP money gets throttled. As long as ISPs don't allow it, nobody is going to create the software for it either.
$332m doesn't pay costs of operating online games?! Either they haven't realized that they can simulate the game in computers without using actual farmland, or somebody is pocketing a lot of money.
Re: Java VM = malware portal
Applications have no security except for those placed on the current user. That goes for Java, Scala, Applescript, C, C++, Objective-C, PHP, Ruby, Bash, and everything else. Be happy that the viruses aren't being hand-coded in lean and mean x86-64 yet.
As for Java's speed - it depends on the quality of the code. Anti-aliased image rendering runs in Java just as well as C if given the same level of optimizations.
Playing in the shadows
Apple assumes their users are dumb so they have come up with various ways to hide and disguise important files from casual access. Bundles make directories sometimes appear to be files. A shocking amount of critical data is placed into hidden directories starting with a period. 10.7+ even goes ludicrously far by hiding your personal "Library" folder from normal view. These areas are normal user directories so any application written in any language has permission to alter them. Essentially, Apple has gifted malware with big play areas without the assumedly dumb users being able to easily spot them.
Sync today, gone tomorrow
The #1 problem that I've had with access points is that they aren't reliable. A quick check of online reviews shows that I'm not the only one having this problem.
I had purchased and returned more access points than I can remember before I found one that could run for a week. Most of them started malfunctioning immediately or lacked features that were right on the box. Some good testing points are: Does the router survive many hits to bloated web pages, can devices remain continuously connected without WPA glitches, are broadcast packets reliable, and are the features on the box actually implemented. Now try that again after being on for a week.
It's also weird that this review complains about a brand of AP missing features when the reviewer has explicitly chosen a model missing those features.
In the wild
The code is a testing tool unrelated to the exploit being out in the wild. The advisory shows the exact nature of the problem and gives the single private key used for root login. Copy & paste it into any SSH client and you're good to go.
This is a pretty amazing vulnerability, that the installation guide would not disclose a default root login that needs to be changed.
Let's play DMCA
I don't know if the DMCA was involved but there were takedowns:
The DMCA is a game, not a tool. Infringers will take down the offending content but create an environment where it instantly and legally re-appears. YouTube mastered this abuse as much as the RIAA and MPAA mastered their own abuses.
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Microsoft: Don't listen to 4chan ... especially the bit about bricking Xbox Ones
- Shivering boffins nail Earth's coldest spot
- Exploits no more! Firefox 26 blocks all Java plugins by default