Re: He should take a photo...
Forget the royalties, charge the cat with assault.
337 posts • joined 7 Mar 2012
Forget the royalties, charge the cat with assault.
Did anyone here not write a virus or gremlin of some sort as a teenager?
(my first was a TSR keylogger, and one we had the teachers password...)
All this eye-rolling outrage has me a bit puzzled too. I get storing keys directly inline in the code is bad from a maintenance point of view, fine. But they've got to be stored somewhere. If they're in a config file, or they're created by a process that itself has a config file, at some point they have to be stored in a repository (because the odds of fat-fingers requiring a restore from repository are much, much higher than the odds of being hacked). So who can explain to me why two repositories is more resistant to hacking than one?
The only way I can see around this is something like a PKCS#11 keystore - a hardware token plugged into the server, which stores the private keys required to access the AWS or whatever. Which is a lovely idea but a lot more work, and overkill for most applications I would think - including dating websites.
Not sure why the US is at the top, didn't they turn up late? Again?
Man, that is deep.
Great alarm on reading that article - sophisticated Crontabs? PHP? The Raspberry Pi team may have set out to create a generation of programmers, but they've accidentally created a generation of Sys-Admins instead. The ideocracy has begun, run for the hills!
[asbestos suit engaged]
Work "democratic" in there and you can have another.
For shame, people, for shame.
The hacking contest was sponsored by Samsung - this is definitely progress.
How long did your laptop battery last ten years ago? How long does it last now? How heavy was your first mobile phone? Your cynicism is unfounded, and frankly it's also a bit boring. (edit @Roq: snap)
Not sure why you got downvoted - last items I bought (and it's been a long, long time) were all from Amazon Luxembourg SRL. It's well established they pay cock-all tax.
This is still relevant, after at least 25 years.
(Edit: in case it's not obvious, the box to tick here is "Laws specifically prevent it", namely the Computer Misuse act or your local equivalent. Specifically, modifying the infected computer to kill the botnet would be unauthorised access)
Don't call him if you have a problem. And don't call HR. No, you need to call the man in black.
Me too - we promptly told him to get the fuck back inside!
I've been playing with tiny footprint machines for a few years and have a pile of Zotacs, Shuttles, Beaglebones and the like in a cupboard - if it's efficient power you're after, by far the best one I've seen are the Fit-PC range. Latest Fit-PC4 I just bought has quad-core 64-bit AMD at 2Ghz, comes with 4xUSB2, 4xUSB3, 2xGb-LAN, 2xHDMI, 1x2.5 SATA, 2xPCIe (one occupied with WiFi/Bluetooth card), it's completely fanless, smaller than the unit reviewed here and all for £250ish.
It's a very nice piece of kit and in testing last night draws about 700mA @ 12V with Linux sitting at a shell prompt - brochure has it run between 5 and 11W, so this is about right. It has AMD inside, and I'm left wondering how that company has gone so badly wrong.
Precisely why no one has written a check (cheque) in Europe for years (unless they've employed builders, they're retired, or they're issuing a refund on behalf of a large organisation that insists YOU pay THEM electronically)
With the noise and the airflow, surely this is a lose-lose vs two 120mm; I say this sitting next to my water-cooled, 120mm fan equipped, virtually silent workhorse.
Well I, for one, will welcome our new Slashtard overlords.
Things windmills are bad at:
* Reducing CO2 emissions from fuel burnt for heating
* Ball games
* They are unable to read sheet music
* Holding doors open for ladies
* Leaving dishes to soak and then forgetting to wash them up.
I could go on, but the point is they're just a waste of time.
And 3 days later, you're both proved correct!
You really drank the kool aid didn't you? Either that or it's a double bluff. My head hurts, I need a lie down.
Yes, and then they'll build a bug fuck-off horse.
I'd kill for a colour e-Ink photo frame, myself. I realise colour reproduction isn't as good as an LCD, but being able to leave it on at night without lighting up the room and only take it off the wall every 6 months to charge it would more than make up.
jesus, they've given Matt Bryant a column!
• famine was a recurrent feature of India's history until fairly recently
• it stopped when they started massive use of nitrogen-based fertilisers in the 50's
• nitrates in the water is now an increasingly severe problem (everywhere, actually, but nowhere more so than India)
• India's population has grown from 300M to 1200M people during this time.
I think our Prof's prediction on India is an extremely safe bet in the mid-term. New technology might contribute, but something has to give at some point.
A friend has an interesting take on this - to paraphrase:
Fast And Furious 7 (yes, they made 7 of them) has taken $332m in China, more than it's taken in the US (where this festering stinker is inexplicably popular too). Previously China's biggest grosser, in both senses, was Transformers: Age Of Extinction.
The export market now is typically worth more than the US domestic, and a film with explosions and no meaningful characters, plot or dialog translates universally. So Hollywood is going big on VFX, short on stories.
Contrast with HBO (amongst others) turning out quality, complex and sometimes fairly challenging stories with decent casts, excellent writers and top budget production. The film and TV market have switched the roles they were 20 years ago, and it's looking to stay that way for some time.
If this were in the UK the site operator would be obliged, once notified, to remove the offending material and attempt to enforce that it doesn't come back - been there. It was annoying at the time, but I'm not sure it's an unreasonable obligation all up.
Of course though in the US, rules are different - all hail the free market. But to my eyes the common carrier defence used by phone companies isn't really a neat fit when applied to a website which is already a) filtering on terms, this showing it can be done, and b) has been notified that some postings are in breach. No doubt the owners benefited from the advertising on the material that their lazy and/or incompetent asses allowed through.
Is he still at the BBC?
Yep - one undervalued (ok - undersupported, undermaintained and ultimately undermined) aspect was the distribution. Being able to run an application just by visiting a URL - that was progress, particularly for large firms where it promised to replace sneakerrnet. I have a vague recollection of how impressed I was by an earlier technology that did just that, naturally it died a death.
It's a shame the promise of no-more-version-management didn't play out - ironically, for the apps it's probably still true but the onus of upgrading has shifted focus to the JVM.
By the looks of it, all they have to do is connect (remotely) to the service on port 2005 and send data that will smash the stack to do whatever - fork a shell listening on port X is the obvious one. Don't see any reason why anything has to be plugged into a USB socket to exploit this.
And this is a kernel module why, exactly?
Black and white lives matter!
A desktop on a Debian system is like a window in a submarine.
I trust said oven will beep at you incessantly when it's done it's job, as befits any household device of such importance. "Look at me, I've washed your dishes. Empty me. EMPTY ME. COME HERE AND EMPTY ME THIS MINUTE!!!!"
> I am not blaming the deceased, nor the cops. I'm blaming society.
I'm blaming the cop. Society didn't look at the guy running way, realised he posed no threat, decided to ignore his training and shoot him in the back anyway.
Am I the only one slightly uncomfortable about this?
Governments answer to the people and so (most) leaks there are justifiable I think, and much of the other stuff on Wikileaks (the UBS Caymans stuff a while back) was from whistleblowers who believed there was something illegal going on.
But much as I dislike many of Sony's practices, this isn't from a whistleblower or evidence they've done something illegal - it's just a generic shitload of stolen data with no purpose behind it. The "all transparency is good" argument clearly doesn't fly otherwise they'd have no problem publishing stolen health records. So what's the justification for this one?
Ironically Windows boxes weren't vulnerable to the ping of death, but they could send one. I ran the site on it.
I understood that there were still a bunch of issues with the pebble bed design that came to light in the german AVR reactor, and that it's not quite the panacea that it's been made out to be...
Only source I can find is this slashdot comment.
Edit: found a few more authorititive links:
XOR is also wonderful for compression - just XOR a file with itself before compression, the results are rather impressive.
Jesus Chris, it's 25 fucking years. Yes, he was in the wrong, yes he's a repeat offender and in no way does this warrant him spending a quarter of your life inside - even discounting the personal tragedy (he was 27, not too old to turn his life around), the benefit to society from locking him up is vastly, vastly outweighed by the cost of his incarceration.
The word you want is "proportionality" and it's kind of important in my opinion (ingrained in European Law, it became a key aspect of the UK Human Rights Act, which is why I don't get the Daily Mail hatred for the legislation). It's the same concept that means you don't just shoot trespassers, vagrants and... oh, wait, I forget my audience. You're probably American aren't you? Sorry, carry on as you were.
I'm sorry, but in my naive world - where a company pays it's workers in the country they're employed and pays it's corporation tax in the country where the value is obtained - then I can't see how company pulling minerals out of the ground is going to underinvest because of corporation tax.
If there is a pile of unobtanium in the Congo and Company X wants it then they will pay to extract it, and if that cost includes corporation tax then they will pay that too. If it becomes available elsewhere and cheaper to extract, they will shift production. I think we'd agree on that at least, and if corporation tax was undodgeable then this would be a good system.
However in our world where profits can be shifted about, now suddenly your argument holds water - Company X can move production to Country B because in Country B they can fuck over the government more effectively and not pay any tax. The race to the bottom is won, and the worker is shafted. Your defence of this only works because your argument is circular.
I know and like RC4 and while I was aware of the weak-keying issue, that can be mitigated when choosing the initialization vector (or if using the algorithm as a proper stream cipher, rather than a block cipher as it was in WEP).
The "L shaped pattern" described in the PDF is a new one on me, even though it was apparently described in the same paper 13 years ago. Not sure it's a home run however, it still relies on a (larger) class of weak key, and (if I've read that paper right) the best case is those are only 1 in 2^16 of sessions. So an individual RC4 encryption is likely still fine, it's only when there are millions of them that one becomes statistically likely to fail. The odds of that one having a password, credit card or whatever are still low.
So I'm not going to panic just yet.
"You only need to provide the code to the part of your system that uses the GPL code."
I appreciate the need for semantic accuracy on this topic, but my use of "entire codebase" here was intended to mean "the entire codebase (of everything that is linked to the GPL code)". I'm aware of the subtleties, but they're better covered elsewhere in depth. My back-of-envelope description is accurate enough, and certainly more accurate than Streaky's take on it, which is what I was getting at.
As somebody who regularly licenses stuff under BSD and GPLv2 from my perspective it's fairly nonsense.
Hey Streaky, you might want to re-read the GPL, or you could well be the next one in court.
To sum up, if you include GPL source code in your work then your entire codebase becomes subject to the GPL, which means you have to make the source code available. So if they did copy something, no source from vmWare = GPL violation.
There can't be an IT company on the planet that isn't aware of this by now, we're always being asked to warrant we're GPL-clean to our customers.
Just as well, or you'd need to have a quiet word with Lewis.