32 posts • joined 3 Aug 2012
It seems the current best guess for the source of the images is not a single hack or security breach, but a ring of people who have been privately trading hacked images for many many years, probably using a variety of methods (brute force iCloud would have probably been involved, but I imagine most of them would have been via social engineering methods considering these people have a lot of public information to enable this kind of thing). There have been rumours around for ages regarding a 'buy in with new photos only' private ring.
This is backed up by a few accidental leaks of partial photos in various forums in the past, the fact that some of the leaked photos have been confirmed as deleted ages ago, and the wildly varying quality, naming and sources of the various images.
The person/people responsible for the actual leak has probably not been involved in the actual hacking of most of the images released, although I imagine he'll be mercilessly tracked down either by 4channers doing it 'for lulz', or the FBI.
We made the mistake of picking up YUI2 back in the day as the main user interface for various projects; it was Yahoo and backed by a genuine company and looked pretty good compared to the open source competition at the time. Terrible mistake, YUI2 was a horrible library, migration to YUI3 was a pain (and wasn't much better). Regretted it ever since. The very last major project in YUI2 is currently being migrated to jQueryUI (after hobbling along patching the ancient code), and hopefully that will be it for a few more years.
When I lived in Sydney, these things were mainly a threat when staggering drunkenly home, not looking where you were going, and all of a sudden you walk into a giant web and have a pissed-off spider the size of a large grape in your hair. Fond memories. Thankfully their bite is painful rather than deadly.
Re: Easy out.
Except stocks are tied to something tangible, with physical presence that means even penny stocks usually have some kind of actual 'worth'. Bitcoin value is based on nothing - even the cryptographic proofs are utterly pointless and a massive waste of electricity. They should be treated like what they are, an academic white paper that was somehow picked up by scam artists, junkies, money launderers and libertarians and turned into the worlds most annoying currency.
Now if only the various browser companies could stop having slappy-fights over HTML5 web video & audio formats and DRM and we can give silverlight etc the boot as well, and live happily ever after.
There's currently investment approaching billions of $ to get africa fibred up - although it's mostly on the coasts right now - while inland areas still rely heavily on mobile, microwave and satellite internet (which of course can be NAT'ed). I can certainly forsee IP requirements shooting up shortly though.
Re: If it's really 2015 we're stuffed no matter what happens...
I have a friend who has worked for 2 or 3 different shale companies as a planner, and all these steps;
> a) get permissions for exploratory wells in geologically suitable areas,
> b) drill exploratory wells,
> c) get sample data and analyse it,
> d) if viable economically, attempt to get permissions and agreements for production wells,
Are already in place for a huge number of sites. All they need is for someone at a large drilling company to push ahead and start piling the real money in and start drilling. This is something they are not willing to do in the current environment when the media and large parts of the government are against the concept, and they could have their licenses to frack revoked for political reasons.
Re: not older kit?
Having just reviewed all my servers, almost all of the RHEL ones are running 0.9ish versions and one running 1.0.0 . In fact the only box running a vulnerable versions was an internal PowerPC development box for some reason (and it's firewalled off from the general public)
As far as I can tell, licensing music (and movies) to streaming outfits and actually making the content easy to stream is going to make far more of an impact than making Google stop indexing the content. I know people who have access to invite-only piracy sites who don't bother torrenting content any more because it's simpler to just type it into spotify or watch something on netflix. Problem is, they need to make it easier. For instance if I want to watch 'Game of Thrones' on my tablet I can't do it, because the Sky Go won't install on rooted devices (presumably for anti-piracy reasons), and HBO don't license it to anyone else. Because of anti-piracy measures the only way I could watch it on the train to work would be to pirate it, despite having paid for the content via a Sky subscription.
I've worked on a similar project in Zambia (iSchool & ZEduPad); cheap tablets pre-loaded with flash-based lessons built around the curriculum and requirements of rural communities - localised into various local languages as well. Complaining about 'Not changing the world'; educating children about subjects like malaria, nutrition, farming as well as mathematics absolutely does make a massive difference on a local level. The sorts of children these projects are aimed towards simply don't care about transferrable IT skills, they care about leaving school with the best, broadest education they can have that can allow them to make better decisions in the real world, not necessarily 'Move the the big city and get a job'.
Tablets offer a lot more than just 'cheap', since they don't have moving parts, are easily secured, easily shipped (because PC's don't like being in the back of a pickup on a desert road for 2 days to get to the school) and are relatively dust/moisture proof they are far more useful in rural and remote communities than the equivalent cheap desktop - I've seen humid conditions in a classroom kill a cheap laptop in under 6 months - the fan pulled in so much mould and moisture the thing looked like a petri dish inside. Ditto with desert dust - PC's don't cope to well with sand, dust & 40c temperatures all day long. On the other hand my tablet tends to work just fine under those circumstances (although I think my model is held together with superglue now, and the battery only holds a minimal charge, but it's had three years of daily use). They can be charged off a car, generator or via solar power. They are fairly 'instinctual' for children of all ages.
I used to go to a pub quiz every thursday just round the corner from here when I lived in Sydney, and this is in no way the weirdest thing you'll see in Newtown
Re: Suck It Berkshire Hathaway
Yes, it's uninsurable - because there is no way to differentiate between 'I got my bitcoins stolen by someone guessing my password' and 'I transferred my bitcoins to a new wallet and lied to you'. You could insure the exchanges against failure or theft, but then the risk is such that you'd have to charge a pretty monster fee to cover it, since virtually every exchange out there is fly-by-night, coded by a self-taught nerd, running from a PO box office, and sometimes virtually indistinguishable from a ponzi scheme.
Having seen some (alleged - http://pastebin.com/W8B3CGiN) source code from MTGox, I'm starting to lean more towards a hack of their pretty dodgy code as the source of the leak (structurally it's not bad, but lacks any manner of sensible error logging, or indeed much logging at all, and it's somewhat inconsistent, oh, and coding bank/exchange-lite software using PHP(!)), rather than any issue in the bitcoin source code. There have been accusations that Mark Karpeles vanity may have been to blame. At least they are using transactional SQL, lack of which was blamed for another exchange hack this week.
Re: News just in
When was the last time you heard of a bank giving away half their money because they didn't do proper accounting and only hired blind tellers who would give away £20s instead of £10 by accident, then lose the keys to the vault, effectively sealing away the rest? Then closes down the bank for withdrawals for months, while still accepting deposits, all the while saying 'just technical problems'.
Insider trading, bad investments, insane payouts to bosses, mis-selling yes, but I'm willing to bet we've never seen ineptitude (or criminality) on this level.
It's been a long time coming
I've been watching this one for a while, and other interesting tidbits to come out over the last few days;
* A guy claiming to have interviewed for a website UI position with them says that MtGOX up until recently had no development environment at all - all changes were made to the live site
* A large sum of coins directly owned by MtGox have not moved since some time in 2011, yet are have been claimed to be 'hacked', 'lost' or 'inaccessible', opening up the possibility that this isn't a complete theft (although some level of theft is also probable), but involves losing the keys to the virtual safe in a stunning display of further ineptitude.
I wonder if they can go back to trading Magic the Gathering: Online cards after this...
Re: And yet we're still to believe...
My understanding the the 'hack' relied on the fact that MtGOX had a number of automated scripts for resending failed transactions, and for transferring money from their cold storage wallet to their internet attached wallet, and absolutely no internal audit procedures to check balances. It's like someone asking their bank for £100, then phoning someone at the branch, saying 'I didn't get my money' using a different funny accent each time, and the bank gives them another £100 because there are no checks in place and it SOUNDS like a different person - repeat over several years until the vaults are bare.
Absolutely smacks of bad internal procedures, no consulting with beancounters, and s**tty coding practice. One would hope that at least one or two of the other exchanges would have more competence that Magic the Gathering Online Exchange.
Not that it makes bitcoin any less of a electricity wasting global ponzi scheme.
In an ideal world...
I can see an iCar working if they are willing to throw some of their stacks of surplus cash at it and take some risks. The Tesla is a niche product, but so were mp3 players back in the day - if someone can bring it to the mainstream and throw in some innovation, it will be a hell of a lot better than the current market of poorly thought out ugly 'hybrids' and massively expensive, sometimes on fire electric cars.
'Backed by maths' - not really, backed by a large network of nerds running custom hardware and graphics cards consuming (and wasting) vast amounts of electricity, validated by a 13Gb blockchain you have to download before dealing with bitcoins, exchanged by unregulated, mostly unqualified and definitely insecure online exchanges, easily stolen or lost, massively volatile, unscaleable and with a price propped up primarily between people with large amounts of sunk costs, and speculators.
(most of those points are arguable to a certain extent, but noone can argue against volatility and the massive amount of exchanges that have closed or had their bitcoins 'stolen')
Ditto on raising the issue with the vendor. I once (many years ago) used a very popular bit of accounting software that was written for the US market for my business in europe - it supported multiple currencies, but there were a couple of reports where '$' was hard coded. There isn't any software on the planet that doesn't have bugs, so don't act so surprised - it sounds like they are (erroneously) rounding some numbers too early in the calculation.
I lived in Aus for ages, and I although I used to squish redbacks when I saw them round the house, I had no fear of them - there are plenty of toxic spiders out there, and I had a few aussie friends get bit and it was no major issue. Things like Golden Orbweavers were more scary to me since they wove webs at face height in the middle of the night even in heavily built up areas and could give you a painful wasplike bite. Nothing like walking home in the middle of the night and suddenly finding you have an irritated, grape-sized toxic insect crawling on your face.
Huntsmen are fantastic despite their size. We left the one who lived in our roof space alone because their favourite prey was cockroaches, and cockroaches are assholes.
I think I came face to face with about 10 or so different animals in the wild there who could have done me some very serious harm (wasps nests, giant ants, very dangerous snakes). Little non-aggressive spiders really are the least of issues for people in Aus.
As far as I've been able to tell, the various Skype teams did their own thing with little in common other than the protocols and a general corporate look. I've used Skype across almost all platforms almost since the start and the UI is actually more consistant than it used to be, but still confusing, odd and subject to changing without warning.
Re: "You WILL use CHROME!!"
In all honesty anything that forces people away from non-standards-compliant, buggy browsers is a plus for those of us who develop web applications. Older versions of IE (7&8 especially, thankfully we dropped support for 6) cause a massive testing and fine-tuning overhead that we could really do without. Chrome sending all our browsing habits to Google is a small crime compared to the horrors that are the mass of workarounds, hacks, extra code and hair-tearing that is required for IE compatibility.
Re: Electricity is free is you steal it
Actually, CPU mining (even with a large botnet) is inefficient. Even GPU mining is no longer vaguely profitable due to ASICs (application specific integrated circuits) dedicated to bitcoin mining that only do one thing - mine bitcoins at speeds approaching hundreds of giga-hashes per second while using comparatively less electricity.
Unfortunately ASICs are being delivered by companies with less than stellar engineering abilities - companies like Butterfly Labs delivering products months late and massively under-spec; with bitcoin the bigger the network is, the less profit you realise - so much so that even ASICs will probably never break even once you take into consideration the massive initial investment and high electricity costs.
The punchline to the whole bitcoin joke is that is now virtually impossible to cash bitcoins out - the major exchanges are under investigation by various banks and regulatory authorities, MTGOX and others are estimating it will take years for them to give you your cash and the current 'best advice' for turning bitcoins into actual spendable money is to meet up with someone IRL and give them your bitcoins in return for paper money. The main market for actually spending bitcoin on physical product was the now defunct Silk Road, and the only other places accepting the cyber-currency online are experimental, dubious, or prone to disappearing overnight.
It varies considerably - the main cost is the satellite/microwave connection because the infrastructure (power and security mainly) varies massively from area to area, and different levels of work are required for each school. I'm mainly involved in content delivery rather than the actual installation, but I do know that it's done on massively tight margins and even a donation basis with costs being offset in the poorer schools by turning the school building into an internet cafe after-hours, and costs to the school can be a low as $1/pupil/month.
I actually work with a company that provides connectivity (internet and mobile) to rural parts of various third world African countries, and connectivity absolutely does help improve the lives of people there, especially through education. I've worked on projects that provide market prices to farmers (via website, WAP, SMS etc.) to allow them to maximise their profit, educational websites for AIDS & malaria, educational cartoons aimed towards illiterate farmers children teaching basic irrigation, crop rotation, animal care.
For the price of a handful of low-spec PC's (and low cost tablets that the company have just launched), a satellite connection and a few days on a bumpy road with an engineer or two you can transform the ability of a school to educate their pupils for years to come. Some of these schools were running on a handful of ancient textbooks - now they have access to courses specifically designed for rural african markets, in addition to the educational resources of the entire internet.
It's also likely that a fair number of companies still on XP have limited IT budgets to maintain their hardware & software. I mostly see XP in charities and organisations that buy in IT support and consultancy three or four times a year when something goes wrong, and whose IT security policy involves locking the front door when they leave for the day. I migrated a small NGO with around 12 computers from a mix of XP and Vista machines (and one Ubuntu box that noone could explain the existence of) to Windows 7 a couple of years ago, and they didn't even have a password on their WiFi (which explained the number of tourists sitting outside their very centrally placed office with their laptops).
I'm one of their 'active' users because my phone backs up photos to G+ and I sometimes hit the G+ button on websites by accident - The only people I know who use the service as it is intended are a few people who dislike facebook for some reason or other, and a few google employees and their partners who I know. Having said that, I think it's actually nicer to use than Facebook - but about 80% of the people I know socially are on Facebook and not g+, and the other 20% are on both.
When I worked at an IT training company many many years ago, we used to have a monthly Quake tournament - the boss would raid petty cash and send someone to the offy down the road to pick up as much discount alcohol as they could lay their hands on, 2 or 3 hours of male -vs- female, secretaries -vs- managers, and various gimmick matches made more lively by piles of free hobo-booze, strategic pulling of network cables, flinging of projectiles and copious swearing.
If you're upgrading your password encryption (for instance from unsalted to salted) you can only realistically do it when the user logs in, since this is the only time your system has the unencrypted password to work with. It may well be that the 1% haven't logged in recently enough to be upgraded, and hackers have potentially got some nice and easy unsalted md5 hashes to work with.
I probably would have 10 years if the stupid things didn't keep dying on me from overheating/motherboard failure/powersupply failure. Usually about 1 month out of warranty too.
Re: No privacy to protect
Very true, I moved to the Borders 4 weeks ago, and am literally three miles from the nearest neighbour through some pretty rough terrain. Since I've been here I've had about 10 visitors asking who I was, was I local, what do you do, did I want to know the history of the area, do you want to see my dog, do you want to come shoot some pheasants. In 35 years of living in big cities I rarely got more than a 'Hey' from people who lived the next flat over.
The first thing the local farmer told me was 'I just shot a man'. At least I think that's what he said. I don't think normal rules apply here.
I think it's cute how the press keep trying to assign organisational concepts like 'Rules', 'Leadership' and 'Planning' to the ADD hivemind that is Anonymous.
- +Comment 'Private Facebook' Ello: There's a REASON we're still in beta. SPAMGASM!
- NASA rover Curiosity drills HOLE in MARS 'GOLF COURSE'
- WHY did Sunday Mirror stoop to slurping selfies for smut sting?
- Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
- Shellshock: 'Larger scale attack' on its way, warn securo-bods