Re: Maybe I'm being naive (again!)
Gives a whole new meaning to plug and play
193 posts • joined 17 May 2012
Gives a whole new meaning to plug and play
Really? Has anyone stopped to think quite HOW this rule will be enacted? It's one thing to say that because people don't publish their conversations or web browsing that, a) they must be nefarious, and thus b) We have to know who, what, why and where, and the c) [the hard part] actually doing this.
First, to find out who this TOR user is and where they are located is not trivial. It requires either back tracking packets coming in to the network, or having a serious attempt to poison TOR. Neither are trivial to do. Use a TOR enabled browser and your packets payload get encrypted from the moment they are generated, making this much, much harder.
Second, if TOR is routing around the world, any attempt by the FBI it act outside of its jurisdiction is liable to have them breaking other countries laws.
But OK, they have done six impossible things before breakfast, and found out who you are and where yiou are. Now they want to gain access to your machine. So, they need a hole or backdoor. And this is going to come from where? Can you see Apple building this in to OSX and IOS? Micro$soft may be, but even they have some scruples. Linux? Never.
And then, they are in to your host. They have to now break your own encryption key on your disk.
Eventually, they find out that all they have is some teenager looking at p0rn but not wanting his parents to know (because the only reason they didn't do so is because the web wasn't invented then).
Next someone will tell me that any encryption from outside the US is purely theoretical.
I think I have found my own golden goose:
1: Think of a new Taylor Swift-based domain name.
2: Register it
3: wait for her lawyers to want to take control
4: sell it
5: P R O F I T
6: go to 1
But did you read the paper? I am guessing that about half the people on this thread didn't, and of those who opened the paper, 99.999% said 'stuff this - it's all number theory'.
And it is, very advanced number theory.
But I agree with you, There is definite prior art on this.
" if only they had a lot more RAM"
How many times did I say that????
I was using a 6502 on a KIM-1 in 1977.
Do keep up, El Reg.
IBM Shareholders up in arms about drop in sales profits.
Salesmen put it down to no one being able to print any IBM sales material, manuals, etc because they all contain IBM copyright images and/or text.
Shareholders shoot IBM printer division en-mass.
I know it's rather new and you might not have heard about it, but there is wonderful website call "Google". Expert commentards often refer to the act of looking up something in Google as "To Google".
Doing this simple task, that is, googling NEO4J, before you post will give people the impression you are intelligent by not asking damn fool questions.
All of this can be rolled in to one pithy little sentence: You can lead a horse to water, but not a knobhead to google.
I upgraded by desktop, and bleeding edge XUbuntu to 16.04 last week and it was fine. No problems at all. It just worked. Very happy.
So I upgraded the LTS server from 14.04 to 16.04.
There are various sites that say you need to update to 15.10 before you go to 16.04. That would seem to defeat the whole idea of LTS, so I ignored them.
Why did I want to upgrade? I wanted the support for LXD. Then I can partition the server workflow in to separate units that do Mail, HTTP, proxy, file server, media server, etc. More isolation, so that a fault in one does not impact on any others.
That could have gone better. First it nuked MySql, and said I had two versions running simultaneously. Loads of errors, including a reference to the fact that it could link to to DropBox. MySql? DropBox? No., I didn't get that one either. Official advice is to uninstall MySql, and all its components. That means uninstalling all the Postfix/courier/authDeamon stuff that also links to MySql.
Did that, and MySql came back sweet as you like.
Then reinstalled all the other gubbins, and mail went down. Hard down. Nothing. Nada Spent the next 6 hours trying to get mail back. First postfix came up pretty fine and could receive emails. But no mail client could connect. Sometime in, I realised that Thunderbird could not connect, but all the Mac's and iPhones could.
Then I got Thunderhead connected, can receive email, but can't send.
Then it all started working. I still have no idea what I did, or why it was broken in the first place, or how I fixed it. But it's working.
All apart from SquirrelMail. That has some very wierd TLS messages.
Message: Works well on Desktops. Take care on servers. But I can now stay on 16.04 for the next 4 years at least, and by then that server should be on the cloud anyway.
As for Systemd. it's fine. No issues. It works well. I don't see any degredation.
No, seriously. There is a ship based system for tracking vessels called AIS. See www.marinetraffic.com (and others). This uses VHF radio transmission. It has long been known that around Skaw and the Skagerrak there is a dead spot. It is why there are so many shore based transponders in the region.
Some year ago, ESA funded an investigation in the effect, using a radar research plane, flying grid patterns in the area. It was found that there is a radar lobe in just this area, which is believed to be caused by the Russians version of the COBRA DANE radar outside Moscow.
Turning that up could have caused some problems in the area at that time.
Just because Cassini is not affected does not mean the planet does not exist.
If the planet is in conjunction to Saturn it would have minimal affect on Cassini.
I watched a guy who had just come back from a VAX/VMS system admin course trying to set up mirrored disk - what DEC called RAID-1.
Before I could stop him, he had mirrored the system disk with a blank disk, but had the blank disk as the master. We watched as the system slowly evaporated and crashed.
Ahh an evening with TU45's loading VMS again.
Nice to know el reg will not have a visit to the chair because of this,
Didnt think it had a mouse either.
Come on, lets leave the rodent stuff alone
Who feels like installing this and test the new Flash friendly file system? On Ubuntu 15.10 ?
Seriously? You walked with an internal company security audit?
Thank you. That brightened up an otherwise dull day
I'll get my coat
Perhaps because no-one in Government IT can write a contract worth it's salt.
.... to publish te wifi name and password.
Of the time of the Hurricane in '87. I was at hope wondering how to get the tree off my roof. Got a phone call from the office to tell me that one of the data centres was down (yeah, that's the one that had no electrical backup).
I told the lowly IT bod that I could not make it, and that he should go round the systems and turn all the power switches to off. And to only turn them on, one by one, when the power came back on. Of course, he was overruled because "when the power comes back we need all the systems back on line quickly".
Well, the power did come back on. Fortunately no-one was in the computer suite at the time. This was the time of Vax's, with those old disk systems that look like top loading washing machines. They all power up at the same time. About 40 of them. And there was a huge power surge that the power switch board really didn't like. So much so that it leapt three feet off the wall and fused the whole building.
It took us three weeks to get that lot wired up again!
I resigned shortly after this.
Video now says it's been removed.
That is all.
We want a play mobile recreation.
Ah, I see you have the old head-in-the-sand approach to security.
Everyone says that "this is a bad thing", but because you don;t understand how the M-I-T-M attack works and why a compromised root CA cert is not a good thing, then it can't be a problem.
Tell me, out of interest, are you related to the e Ravenous Bugblatter Beast of Traal (such a mind-bogglingly stupid animal, it assumes that if you can't see it, it can't see you — daft as a brush, but very very ravenous)?
Before you do, take the 1990's style blink tags off your web page. It's horrible.
You sir, owe me a new keyboard. Mine is covered in coffee.
You would expect that GCHQ would really want to build underground, thus avoiding any prying eyes, long lenses, or ARIEL photography.
All big spy organisations should have an underground lair
..... and a man with a monocle
..... and a white cat. Got to have a white cat.
Some time ago, got to be at about 20 years, I was involved in putting in an Energy Management System for the late lamented BNFL. Due to some incompetence of the prime contractor for Sizewell B that was being constructed at the time, we almost scrammed the reactor.
Said top-notch boffin saw that we had established connectivity to the mock-up test rig at Sisewell. We were behind schedule (way be hand schedule) and left the test rig our end running through a whole suite of automated tests overnight. This being the Nuclear industry, they could afford the very best VAX kit in a clustered environment, with a wonderful custom made teak and mahogany desks, but not a lock for the computer room.
Well, the Americal white coated to boffin thought that, as we had a connected pc, he could rip it apart and clone all the other PC's from the hard disk. Which he duly did. And then powered all 8 of them on. All with the same network address.
The protocol was designed to check and double check that the reactor unit was going to do what you told it. So there was multiple challenge/responses, designed to ensure that there were no mistakes.
Boffin issued his first command. "Show Status". Reactor mockup says "I think you asked me to show status". PC 1 says "YES". PCs 2-8 all respond "What? no.". Reactor "Are you sure, you asked me to show status". PC 1 says "Yes, get on with it". PCs 2-8 all respond, "Sorry Squire, not us. You are under attack". Reactor: "Ok, I am under attack SCRAMM"
And that was when I got paged as to why I my companies software had tried to shut down East Anglia.
You refer to " three & four letter agencies (TLAs & FLAs) ". You should note that FLA is a TLA. Talking about a four letter agency as TLA is confusing.
The accepted term is that they are an Extended Three Letter Agency, ie an ETLA.
Fixed that for you.
"The Met Office makes use of a state-of-the-art climate model to provide near term climate
We Guessed (but used a very expensive computer to do it).
All models are just that, an informed guess. They are NOT accurate predictions.
"As it was mentioned by Anonymous generaly is a very bad idea to use mail server on a broadband connection"
Rubbish. I have a mail server, very similar to what is being proposed in the article, running at home. It is also an FTP Server, Cloud Server, Media Server, Shared folder server, etc. It runs on Broadband, is behind a firewall, and has a dynamic IP.
It simply works. Has done for years. It got fried by a power spike and took less than a day to recover from the encrypted backups on Amazon S3.
It doesn't get any problems with Google, Amazon, Hotmail etc. It gets tested once a week to ensure it is not an open relay.
And it hosts multiple mail domains easily.
Why do this? Because its my data, in my hands. If any three letter agency wants access, they have to come to me to get it, so I will know.
Just because you couldn't set it up yourself is not a reason to tell others not to try.
OK, I modelled so you could get in to el Reg again. So where's my fee?
After searching on a judicious typo, I came across Wind River, who sell a version of their Linux Kernel with an embedded GRSecurity module.
Where did that name pop up from? Or was it the standard "evil company" that is used as a general go to?
It's a cray super computer, as any fule nose
from 1996 - Now that was visionary:
"The Net interprets censorship as damage and routes around it".
Not sure if there is one, but I propose the micro-fortnight
If it is late, over budget and not fit for purpose, presumably the contract will allow the client to demand all money paid to be primary contractor (ATOS) to be repaid.
Wait - I forget that this is a government IT system and they don't do that sort of thing. They just ask the tax payer for more money.
A company I know has to keep ALL email, regardless of whether it is relevant, useful, incriminating or porn. This is done so that they can go in to court and say, truthfully, that all legal discovery is complete and comprehensive. This is a requirement for their business. It takes a lot of work (compliance, legal, operations, IT) to actually get an email deleted (like the one where bonus numbers were stored in a public store not a private one) and the culprit WILL get a disciplinary for needing this.
Yes, it would be a lot of data, but storage is cheap.
Nice to know the government that enforced this lives by the same rules.
Anonymous, because whilst I don;t work for the company, I don;t want my contact there fired.
My thoughts exactly. We only have their word that they do not store the key anywhere. So, when I encrypt an object and store it in Ireland, whats to say that my key is not unofficially backed up in, say, US?
As I have to manage the key, I may as well do the encryption phase before I send the object to Amazon.
To all you nay sayers, I have upgraded my system to LUbuntu 15.04 this weekend. I can't stand the Unity interface, but Ubuntu + XFCE is nice and clean.
No problems during the upgrade at all. It boots of SSD much faster than it did before. No major shakes. No wobbles.
Dual screen - working
LVM - working
Boot from SSD - working
UEFI boot - working
USB Speakers - working
Firefox - working very fast
Chrome - working
NASA SPICE - working
JDK - working
inet.d RPC - working
The ONLY issue I have is that my second screen, on VGA, does not go to sleep nicely. And I can live with that (because, be definition, I am not in the room to see it flicker).
As for SYSTMD, well, it is coming. I think it is better to get experience at the start rather the moan that its not like SysV.
NASA JPL has a suite of programs that go under the name of SPICE. Once you have all the space craft orbits (and manoeuvres) defined as a data files, it is relatively easy to to compute proximity at any point in advance. What would be needed is to refine these data files (known as kernels) on a regular basis,
Yes, a good, detailed, explanation. Worth the read.
Just finished one project where I did manage to get the hardware we needed without any fuss. Part of the justification was when I told the sponsor that the best hardware in the world would still be cheaper than the cost over run when he changed his mind because he hadn't understood the spec for the application (even though it had been explained, endlessly, as to what it did and did not do).
Project that is just about to go live we have outsourced to AWS. Best idea with hardware is to make it SEP.
Total Integration Test of System Uninterruptable Power
Kudos. Have a pint on me.
Where can I send my order?
He already has 8 year in chokey. The extra 4 are on top of that. The dont run in parallel.
Plus he faces deportation as soon as he comes out.