Re: Ive got a side channel attack.
> Can I be famous now please?
If you were original then maybe. But you are not: https://xkcd.com/538/ hence no.
101 posts • joined 19 May 2012
> Can I be famous now please?
If you were original then maybe. But you are not: https://xkcd.com/538/ hence no.
> mythbusters [...] fast machine gun to cut something solid in half
Cut down a tree is the usual aim.
Been done in other programmes as well.
Not cost efficient or time efficient. But does show why one does not want to be in front of such weapons.
> why are these sites not using[…]
Content separated from structure (eg. CMS) could well mean no one person controls all the markup.
(And there is always content relative links, eg. //code.jquery.com/jquery-1.11.2.min.js, for content from other domains.)
> Business knowledge is lost in email. It must be properly filed on a network location, and email only serving links to the latest version.
And now your sales team wants to send a quotation to that potentially very lucrative customer.
Not everyone is connected to the local network ...
And note even IE6 (XP SP3/2003 SP2 and above) supports SNI. (Not in the original versions of those OSs, but it was added later.)
If you have clients from before those relics then it is quite possible even assuming HTTP 1.1 will be a problem, so you have to have a unique address even when unsecure.
Certificate providers are appearing with ever cheaper (some promising free) certificates.
(This is covered in the linked discussion thread.)
While they won't be EV certificates, as the underlying drafts do consider levels of security, that aspect is covered.
So your "About Me" site gets a free certificate, but as you are not selling anything you are only looking at providing end to end integrity rather than significant identify validation.
At the other end of the scale a medical site or retailer does need to spend some money on their identity. But if they are not willing, how secure is anything they do?
> It's also about a thousand times smarter and more interesting.
Talk about damning with faint praise…
There is already a standard for it: RFC 3251 "Electricity over IP", but your a couple of weeks out for that.
Or perhaps, hoist by their own petard.
> Each year flash costs between 162X and 53X more to make per TB than disk
The graph clearly says cap-ex. But the cost of manufacture is op-ex (eg. staffing), materials and a /proportion/ of cap-ex.
It will be more expensive, but nothing close to the cap-ex multiplier because the other costs will not be anything like as proportionately as big (otherwise flash would already be far more expensive than it is reative to spinning rust).
> High-end storage: […] Frankly, unless you already have a pile of Fibre Channel disk shelves then go for SATA.
I think someone meant "SAS" there, otherwise the next sentence – backward compatible with SATA – does not make sense (and who does high end storage on SATA?).
And hope the sign does not sink...
Go stick your head in a pig.
> First off, several encryption methods been written and tested so there is no longer any reason to invent a new method.
Wrong. New attack techniques are developed, faster computers can brute force longer keys and thus new, more resistant, algorithms are needed and longer key lengths are needed.
For instance DES has never been broken (albeit it was weakened my new attacks), but it can be brute-forced in hours today. Equally SHA1 has been weakened by new attack techniques.
Thus neither DES or SHA1 are suitable for their original purposes despite huge evaluation and analysis through their standardisation processes.
>f ISO 25999?
Or are you mixing (now withdrawn) BS 25999 and (its replacement) ISO 22313?
> They probably tasted like chicken.
Can't have done. Chicken (or any birds for that matter) had yet to evolve.
This time it is Opportunity.
> looks to me like they are trying to turn every hard disc into a NAS box
[without all the benefits]
Indeed. Instead of open set of code managing redundancy (with a support contract), you end up with every application doing it. Mostly poorly (inevitably).
Twitter displays the date/time of other's tweet's in your locale. Unless they are recent, then it displays something like "+20 min".
Thus Vulture South would need to translate the offset into a local time, and then perform the timezone conversion, Neither difficult, but it was a Sunday :-).
> Seriously, Alt+F to open the menu, [...]
Press ALT: see ribbons overlaid with the available short cuts. As you enter them more specific ones appear.
Once you know where the command is on the ribbon (they are easier to find as the organisation is far more consistent, but you're used to the inconsistency of the menus).
So to sort a table: Alt-JO and the Table Tools Layout tab is opened, SO and the sort dialog is open.
And this works even if the ribbon is collapsed (Control-F1 to toggle).
The ribbon is different, but it is not hard.
(Wrong rover, but applies even more so.)
You'll continue getting support.
Because it does not end in January, only "mainstream support" (ie. new features being added) ends in January, Bug fixing and security patching go on until "extended support" ends in 2020.
But then I expect you know that. Troll.
While Fasthosts may have no such legacy applications, their customers may well have legacy applications.
(And I agree, I read it initially as "that's a very specific number of servers" :-))
> Give us a small and cheap but very fast PCI card to boot and run our O/Ses from!
Have you looked at M.2 flash cards (on motherboards with the appropriate support)?
Of course they have capacities that mean you can skip a SATA flash disk and just back it up with the large spinning rust for bulk storage if required.
> Why is this different from using a telephoto lens on a camera?
Well the camera is remote, potentially significantly remote, from the operator (photographer).
And unlike, conventional, helicopter based news filming, a UAV is far less noticeable while being able to get much closer.
Then you get into the difference between private only use and commercial use (eg. requirements for release forms).
So it is somewhat different. But I suspect it'll take a court case or few to really determine the rules.
Arboreal areas contain ursine turds.
Just received a nice dead tree edition... and wondering what's happened to the time :-)
There have been some updates compared to the online versions (plus some extras), so worth it even if you do read http://what-if.xkcd.com/
> ... Why is MS still releasing patches for IE6?
Server 2003 is still in support (until April 2014 IIRC), and shipped with IE6. Hence it gets patching because Microsoft's policy is currently to support all IE versions that work on a supported OS version.
However, as of Jan 2016, that will change (as announced recently), with only the latest compatible IE supported on each OS.
Good point. After all they only need to return status 418 (even if not short and stout).
This article is about Tea; HTCPCP is about coffee.
> VinceH I think we got hit by the same inspiration particle!
Clearly some form of particle cloning going on, because it seems to be bouncing around here as well!
However, in proper abbreviation creation mode I reverse the last two words:
Arboreal Recognition System for Evasion.
The difference between "update to [get to] V31" and "update [applied] to V31": the ambiguities are strong in this one.
I would assume the malware (incorrectly) injects quite a few lines of its own code knowing it is a file that is executed for each request.
Maybe something like this: http://tmagazine.blogs.nytimes.com/2014/07/18/flowers-in-space-azuma-makoto-exobiotanica/
Gives the heroic pilot something to look at while hurtling along.
Is there anything people won't put below a weather balloon?
Well according to another place (http://en.wikipedia.org/wiki/Barn_%28unit%29):
> Other related units are […] the shed (10^(−24) b (1 yb), or 10^(−52) m^2) […]
which makes a nanoshed really rather small indeed.
> The space craft that belonged to Hotblack Desiato I believe,
Correct. While he took a year dead (for tax reasons).
You might need to consider doing the same should you book Disaster Area for the local church fête: governments are likely to be unhappy with the wholesale breach of strategic arms limitation treats.
follow https://twitter.com/NASA_LSP for launch updates (including relevant links to NASA TV) to see if NASA can get it up (next time).
> I guess that makes me a dinosaur!
I started about it 1988, so what does that make me… or rather does that make you just a newbie?
That new fangled web thingy, it might just catch on...
> Can I yell 'Get off my lawn!' now?
Wait in line youngster! If you've not had to work out UUCP bang paths for email addresses you've had it too easy. (El Reg's Approach! To Yahoo! Related! Headlines! Brings! Back! Bad! Memories!)
> XP is end of lifed
So what? IE8 is the default browser on a new install of Windows 7; thus its support ends with Win7.
Check out of the rest of YouTube channel.
Making a pulse-jet a bog-brush stand to power a BBQ is memorable.
It has been obtained, so that does not seem appropriate.
How about "hardtogetium"?
> to occasionally record Channel 5 shows
I suspect the C5 EPG data is at fault. I see most series jumping to C5+1 from time to time.
This seems to have always been the case with C5 on every FreeView PVR I've used. Other channels do not have the same problem.
Therefore I think this might, for once, not be BT but the data source: Channel 5.
With chip & pin the two factor is (1) something you have (the card) and (2) something you know (the PIN).
With online it is something like (1) something you know (password) and (2) something you have (mobile to receive the second code).
Three factor systems add something you are (a biometric).
> why expect a length parameter at all ? That is metadata that can be calculated quite trivially.
How? A socket connection is just a stream of octets, there are no record delimiters (except as provided by your own protocol).
And then you need to detect with partial data (eg. interruption on the network).
> A triangular rubber coin 6,800 miles along each side?
Fiddling small change then, and thus not accepted by glacta-banks.
> Someone better tell El Reg then.
More than a little of the pot calling the kettle black here.
They certainly do use images.
But the images are always the complete install (a "diff" image would work, but only for the same base).
However there are a lot if images to manage and maintain: different OS editions/versions, different Office editions/versions, ...
This soon becomes a rather large number each patch Tuesday.
From the first page of the article:
> So what's your solution?
>You can imagine some future technology where you can prove assurance, where you
> can prove that a piece of software or hardware does what you believe it does and
> nothing more. That's not beyond the realm of possibility.
Wrong. It is beyond the realm of possibility. I would have expected Bruce Schneier to be aware of the halting problem. Turing proved that there is no possibility to provide a procedure that will determine if a given program will halt (terminate). As any specific action can be mapped to termination (when X happens halt) you cannot prove it does or does not do something.
If notepad is sufficient for your – clearly limited by definition – text file editing needs, then stick with notepad.
For those of us who work with non-trivial text files, there are lots of options: this has a lot to live up to.
And yes, it does sound rather like that everything is programmable/customisable approach of Emacs and other editors that have survived for more than a few update cycles. This is no bad thing: just because it is an old (relatively) idea does not mean it is a bad idea (equally a new idea is not automatically a bad idea).
> Maybe GPS used a lot of power a while ago but I assume all that calculation is now handled by dedicated logic
True for some dedicated devices certainly.
But it seems smart-phones (and, based on experience of battery life when not plugged in, car sat-nav units) don't have such specialist hardware, rather using their CPUs to perform the calculations.
Just calculating the position wouldn't be too bad, but then that calculation is done repeatedly to track position and velocity changes, then transforming and laying out the map display in real time to match…
Your third paragraph is why. Mono-culture is bad, however much better that one is currently.
(This is why I am glad IE and Firefox do not use Webkit: everyone using one browser engine would just lead to a repeat of the first browser wars with Webkits' defects being the new standard.)
Using goto when goto is the best approach (such as a series of tests with shared non-trivial clean-up) is reasonable. It would be possible to fake the gotos with breaks in a do...while (false) one-shot loop but that is a significant abuse of a loop (and the one-shot nature is hidden at the bottom).
In this case a boolean tracking hasFailed and checking in each test would be reasonable, but if the existing tests are more complex the addition of checking that boolean adds to the complexity.
In the end the pattern of a series of tests with a fall-out to common clean up is seen often enough the pattern is recognised and thus the code easier to understand.
Remember Dijkstra's paper (it is worth the effort to read) is about the overuse of goto when there are better alternatives. Too many people see the title without reading the content and thus "ban goto".
All that said; in more than two decades of professional programming I've use goto twice (C++'s ability to do cleanup in a destructor of local objects really helps).