Re: Raises more questions
Let's just hope that senator ICanMakeYouWearRedUnderpantsOnYourHead starts getting a hint about the potential mission creep behind metadata retention laws he previously supported.
1314 posts • joined 7 May 2012
Let's just hope that senator ICanMakeYouWearRedUnderpantsOnYourHead starts getting a hint about the potential mission creep behind metadata retention laws he previously supported.
It works in a computer game dice roll scenario but not a security scenario. Your possible seed values is minutely small because I have a high probability of guessing your clock time to "within seconds". The default system timer on windows has a resolution approximating 10ms (actually closer to 16ms but 10 makes my math easier). That leaves only 100 possible seed values per second. That is easily brute forced.
Explain how one decides the random order of those bits?
> A new solar water heating installation costs about £3,000 to £5,000.
That number is either way out of date or exaggerated due to your local geographical, regulatory and supply considerations. Here in Australia you can get 300L systems from AU$3500 installed before rebates, so that drops to around 2.5K retail. Payback vs 27c/kWh is much quicker than in your scenario.
Your process is admirable, but not in the realm of technical capability of Aunt Kath. Remember the comment thread you are replying to basically says that about 3% of disks will fail without any malicious ransomware, so it is hard to have sympathy for those without backups. That's why I think of who the victims are. The average El Reg commentard is too super DevOps skilled to fall for the phishing schemes that deploy this ransomware. But our Aunt Kath will go right ahead. So the people most at risk of infection would have no clue what rsync or hard links mean and the concept of incremental backups isn't even on their radar.
... Ransomware can also permeate into backup media. Some of these things sit there for weeks or months silently encrypting and decrypting on the fly. This may be enough on some cases for all backups to be equally rooted.
> Renewable energy is pretty much dead in the water as any competent electrical engineer can calculate for you. It doesn't work now and it never will
A brave prediction sir.
Hydro has been with us for a long time. You can make many complaints about its environmental impact and the good sites are already taken, but there is no escaping that it works. It is usually a lot cheaper than coal or nuclear and can be classified as baseload. Also as mentioned in the article, it has by orders of magnitude the fastest cold boot times of any current baseload.
I can completely understand that solar has a somewhat limited benefit in the UK but in other parts of the world we even get sun from time to time.
The price of solar has dropped by orders of magnitude over the past decade. That trend is only going one way. The question longer term isn't whether some baseline can be replaced but rather how much is needed to maintain reliability. With pumped storage as illustrated here, that number can go much further north. Remember that solar doesn't require ongoing fuel costs so there will be a running cost advantage. Once those graphs cross over, it will be nigh impossible to get funding for new projects.
Another important point is that not all demand is inelastic. We just haven't had the levers to discourage behaviour in real time until recently. Whilst lighting, cooking, air con or heating and of course warm beverages are a given, much industrial uses like smelters can be paid to partially shutdown for peak periods.
Time of use "smart meters" are a longer term demand management opportunity. Each EV has a battery pack between about 10 and 60 kWh which again in a longer term can handle fluctuations.
Whilst it isn't all going to change tomorrow, the writing is on the wall.
> I notice that the article doesn't say how long it can maintain that sort of output
Being in Wales, I suspect that there is a not insubstantial free top up of the top reservoir every other day.
But his solution would just suck.
- ah yes, that's where I left my coat.
Did the crime rate increase or did the reported crime rate increase.
Because I am quite confident that knowing the whole thing is on camera, when an overreach inevitably occurs, the appropriate investigation occurs*. I wonder out loud whether in the old days the junior gets taken aside for a quiet word about not being allowed to tase someone just cause they made some snide comment under their breath now gets officially recognised as a crime.
*not counting the well publicised exceptions that led to various riots.
It depends on the manufacturer and network. My Nexus 5 (2014) running 6.01 got its May security patches this morning. Buying a device with vanilla android was my priority.
If your hypothesis is right* then someone at a vulture desk will owe MS an apology for the title of this article. It would in that case be Asus causes some of its motherboards to crash** after faulty UEFI implementation.
* I have nothing to add on that point.
** Brick is the wrong verb here.
I too, would send one of Winkypop's kidneys for fttp.
> What needs to happen is browsers need to start a connection to a server with only TLS 1.5 (assume a time traveler with from 2020), then when that fails, drop back to 1.4 and so on until it can talk
Sorry Tim. That can't work. Or more specifically, it can't prevent a downgrade attack.
Alice sends Bob a TLS 1.5 handshake.
Trudy intercepts that handshake and responds to Alice with a wtf response. Alice can't yet verify that this isn't actually from Bob.
Alice then tries with 1.4. Trudy responds the same way.
And so on....
Eventually Alice tries the only-just-better-than-ROT13 version thinking Bob can't do anything better. Trudy lets it through and can then observe or fiddle with the stream.
So independent researchers discover and report to the government a vulnerability allowing it to be patched rather than exploited. Instead of a thank you, they get the book thrown at them.
Do pray tell, what exactly do you think that the next researcher will do if they discover a vulnerability? Certainly they wouldn't setup some hidden tor service where for some infinitesimal small portion of bitcoin you can load credit on the card, making a wad of cash whilst the authorities pay big bucks to try to reverse engineer the hack.
Security research can be a murky area. By not selling their exploits on the underground marketplaces, they are already giving up a lot of money. Sometimes they will overstep the mark even if their intentions are good. I make no judgement about whether they overstepped here, but the government needs to catch half a clue here, figure out what they are trying to achieve and determine whether their decision to prosecute advances that goal.
Upon sober reflection, they should realise they have scored a spectacular goal, just for the wrong team
> However, there’s no direct information in the spec sheets to say drives are warrantied for data written. In fact, terms such as “designed for” are used more often, so where do we stand with the warranty?
In Australia, it's actually pretty simple.
Companies can include or exclude whatever they want; it doesn't reduce makes no your rights under consumer law. Unless that writes/year is clearly stipulated in the box, visible before you make the purchase, they can't enforce it (won't stop them trying of course). They don't even provide an easy way to measure how much has been written, so it would be difficult to say the least for them to enforce even if they suspected you were "naughty".
It's doubling of powers though. Just going from 8 to 9 would increase it by 36 fold. Not sure what I'm missing here but there should be about 2.8 trillion combinations of 8 character lower alpha + digit
= (26 + 10) ^ 8
Just going to 9 characters gives you 101 quadrillion possibilities, which grabbing my not really Bill Gates hat ought to be enough for anyone.
I don't follow what they are running out of because these are already big numbers. . My suspicion is that they are concatenating more info into those identifiers (first x characters means y, etc) but that's just a guess.
When you have kids, you learn to stop asking how object 1 with no worldly reason to be anywhere near object 2 finds itself inside the said object 2.
The instances of said interactions between unrelated entities tend to happen during the times when the said kids are being "a bit too quiet".
You can install fiddler on your PC then proxy your phone via that PC and fiddler will intercept the traffic for you.
Then you can see if they are encrypting the traffic itself. It is quite an eye opening* thing to observe and works for all apps. You can even mitm** yourself if they aren't pinning the certificates and inspect what they are encrypting. That can also reveal privacy breaches.
* not in a good way
** android will warn you that others can observe if you install the fake root certificate to permit this.
Correct, but this article doesn't even follow the threat model like a bank does.
1. The ATM and cash is insured, so any loss is not paid directly by the bank.
2. Insurance is a cost of business that is passed onto their customers as part of the fees.
3. Unless specific banks are more vulnerable than others, the insurance premiums will rise uniformly across all banks to cover it, that number gets crunched through Excel (or worse) and everyone's account fees or ATM fees or whatever raise by a few dollars over the year.
Sure. It was self evidently a bit too subtle a joke for a few folk here who probably thought that I was advocating against ad blockers.
The point was that they could make the process of presenting the question to probe (all that they are required to do) just as annoying as the ads themselves. Point 2 was that such an experience wouldn't be noticeably worse than what one is subjected to without an ad block installed. Ergo, the only folk who would actually suffer would be those used to an ad free experience.
Maybe they can ask the user's permission on a panel that obscures the contents. It could ask as an automatically playing video that can't be skipped, tripling the page load time. This has two advantages.
1. It would suitably annoy those running ad blockers whilst complying with the law.
2. Those not running ad blockers would be able to tell the difference from their usual experience of websites.
At least HDD usually get the click of death a few days before they totally go. SSDs just throw you a surprise party when they feel their duty cycle is up.
> Mini Coopers are a mite small
But the new ones are bigger than a some of the 1980s Corolla models. Sad when you think about it.
Because Dublin is a city.
/I'll grab my coat.
Just imagine though how much DevOps you're missing though.
> If Russia ever normalises its position in the world
I agree with the gist of your post, but the US and "The West" are not one and the same. Also, normalise? With Trump? I can't help thinking about pots and kettles..
You could nearly mount that argument if the failure was caused by a tsunami hitting their data centre. The script was run by them for them with no customer benefit. They did it in a prod environment without any fallback plan and without giving notice to their customers. Inadequate precautions were taken. Blame is the right response here.
nicethe worst form of government, except for all the others while it lasted.
> You convert this to heat, and transfer it to motion
All of the useful work performed by an ICE occurs because of the expansion of the exhaust gases after combustion.
The fact that an engine feels hot while running  proves that the energy in the fuel is being converted into heat. If all the energy was converted into motion, it would feel no warmer than a metal street lamp post. Furthermore, it would be silent because the sound waves from the combustion is wasted energy.
But the vast majority of the energy in your fuel tank leaves out the exhaust pipe at a few hundred degrees. If you want efficiency, it's going to have an electric motor, not an ICE.
A bowed head isn't going to fix it. A fine isn't going to fix it either as fines are just considered a cost of business and will be passed onto consumers in one way or another. But what will change behaviour is penalising their future scores. Cheat by 10% and be penalised by 20%. Cheat with a million cars, have the 20% penalty against 2 million. 4 models caught, penalise 8. Done it for 2 years, penalise for 4.
At the end of the day, they are stealing customers off their competition, so this approach would give that competition a leg up and create a strong disincentive to cheat.
There are some very clear principles at play here; some reading
> This is just one review, and not a very good one I might add.
Rubbish. Unlike many mobile phone reviews, this one actually bothered to:
* test signal strength (even if only anecdotally)
* confirm call quality was acceptable both on handset and speaker phone.
The next ransomware will simply suspend the ransomwhere process or use simple social engineering tricks to get the user to uninstall ransomwhere.
> crime victims and surviving family members have rights, too – namely, the right to have cases solved with the strongest evidence available.
Surely the strongest available evidence for orders of magnitude more crimes is kept from victims by the right to remain silent. Admissible evidence laws for many more. Should those be repealed while you are at it?
I'm not sure that backups on their own would save the day here. It's one thing to have the said offline tapes. It's quite another thing to be able to restore many hundreds of TB in anything approaching "reasonable time".
> I kept going back for a time, but eventually they lacked anything that I found interesting
That is freaking ridiculous. Entirely true, but freaking ridiculous.
The opportunities for aspiring geeks today are massive. From Arduino to drones, mesh WiFi devices, NFC activated automation and other IoT Pfaff, even computer controlled Christmas lights would have been a natural fit for their former self.
There was never a need for them to sell TVs. Their stores could only physically fit 2 or 3 options for each size. Go in looking for say a 40" and you would get a choice between a who knows what home brand with crap refresh rate and colour reproduction for cheap or some 4K 3D smart panel with a curve for about 8x the price. With only so much room in most their stores it was always going to struggle against good guys, JB or Harvey on selection.
Dick Smith of 25+ years ago was a very different store to that which finally closed down.
There was a time before they became a JB HiFi hardly normal wannabe when their catalogue looked more like jaycar's. Their sales staff would ask about your project and be able to suggest the part combination to solve your problem. The latter day "tech-sperts" could tell you which lightening or micro USB cable plugs into your phone. It really was a shell of its former self.
Burr and Feinstein are all over this. In fact they describe a scenario where your data is simultaneously secure and available to TLAs via backdoors on the encryption...
The way that I am reading this, it would also outlaw the only recommended way of storing password information; a 1 way password hash. These by definition (AND GOAL) cannot be reversed* to the original content even if you know the hash and the specific algorithm(s) applied.
* and before someone points out rainbow tables, these are simply cached brute force attacks.
Would you really trust your IP to Brandistan?
That 'D' in ACID compliant for a start. Right now you can't flag a transaction as committed until the writes have hit the spinning rust or SSD, or at least until sufficient data has been written to a log somewhere to allow the data to be reconstructed in the event of a power failure. This makes that latency several orders of magnitude faster, which in turn reduces the duration of locks and the throughput boost that would provide.
I'm looking forward to it.
Not only that but anywhere that allegedly provides a USB socket for "free charging" (cafe / airport lounge / hotel conference room / etc) could just start firing commands down the line whenever it sees a new device and pwn a not insignificant percentage of phones.
As a side note, it is interesting how perspective of threats have changed over the last decade or two. In the late 90s, the ability to make a call or send a text when the device was locked would have been the story, and access to the internal storage would have rated meh.
Another side note, it would be interesting to know whether the same tricks could be used to sideload some malicious apk. If so, this could get really nasty.
Complain all you want about El Reg reporting on the issue but I read the BBC story and couldn't find any reference to DevOps. How can we take Aunty as a serious news source?
> It also means the whole world will be using the same, open source rendering engine, good for users, good for developers.
No. It creates a monoculture. I am not saying that there is anything horrendously wrong with chromium. There are certainly worse baselines that could have been chosen. I am saying that we already have a product with the specs they are proposing, that that product has around 50% market share depending on who's asking, that there is nothing so horrendous about it that will see a significant portion of that 50% jump ship so why bother. If the best defence is that monocultures rule, then mount an argument that there should only be one c compiler / one desktop environment / distro / in fact, one uber OS / and while we are at it, browser.
So FF now looks like chrome and will soon be based on chromium. If that is what I wanted, I would have just installed chrome.
These things always start with "why don't we just nuke that little asteroid" and end up with "OK smart arse! How would you defend against a marauding horde of aliens"
> why can't there just be a 2nd standard for double height drives?
If you are looking at changing the shape, double the width rather than the height and you would quadruple the capacity*
*roughly. The spindle still takes some space.