412 posts • joined 28 Aug 2007
Re: sounds familiar
Do you know when the bug was identified? You don't think OpenSSL.org released an updated version at the same time as they announced the vulnerability because it only took them 20 minutes to figure out and release an upgrade, do you?
In other words, we DID have to wait for the owners of openSSL to fix the bug before we found out about it, and could protect ourselves from the impact.
Re: sounds familiar
What makes you think that this bug was found by someone trawling through the code? Codenomicon (heartbleed.com) claims to have independently discovered this bug while working on their own security testing tools, rather than by poring over the source code. I haven't seen any explanation of how Neel Mehta of Google Security discovered it, but I'd be pretty surprised if it was by reviewing the code.
It's far more likely that the presence of this sort of bug will be identified by the behavior of the compiled code than by careful examination of the uncompiled source code. And the outcome of responsible disclosure, where the parties responsible for the code (and major vendors) are notified and allowed to fix (and hopefully do some recursion testing) before the world and her dog are notified will not be much different whether the problem is in a closed source or an open source product.
Re: Scrambling to fix OpenSSL bug ..
Unless OpenSSL plans to magically install the update for me and test, update and replace any potentially compromised devices and or certificates, (and write the reports for managements explaining the how and the why of the problem, and what was done about it), the mere existence of a fix doesn't mean that system administrators aren't scrambling to react to this issue.
Re: Already patched...
Which version of OpenSSL does Microsoft use?
Re: How to update your router
Some consumer routers use 10.x.y.z addresses too.
Having said all that, for most non-technical users, looking at the label on their router for a name and model number and then searching for "name model default IP address" is probably going to be the simplest approach.
They might even end up at http://www.routeripaddress.com/routers/ which seems to have already gathered much of this information, and the default username and passwords for a lot of consumer hardware.
Re: Form and Function
Nowadays, most computers have sound cards (very much an expensive optional extra when Windows 95 came out). Having multiple sound-tracks running at the same time is a lot more distracting than having multiple video windows, so most media players default to only running a single instance - it's not a bug, it's a feature!
If you want to display multiple videos at once in Windows, open up VLC, go to Tools, Preferences and uncheck "Allow only one instance" and "Use only one instance when started from file manager". (Why two options? So that you can have multiple widows open when you deliberately right-click and select Open With, but no accidental multiple videos running when you double-click on a video).
It's not about "personal data" - it's about a marketing campaign using the Presidents image. We all know that Obama pushed hard to be allowed keep his Blackberry when first elected to the office, but it would have been inappropriate if Blackberry had run an ad campaign based on that.
Samsung's Selfie campaign may be a lot more informal than a megabucks Madison Ave advertising blitz, but it's still using the President's image to sell phones, and that's a bit out of line.
Re: Blackberry Grrrrrrrrrrrrrrrr
Yeah, because the black on black plastic moulding is so much easier to see/interpret than the teeth sticking out of the bottom side of a MicroUSB plug.
Back in the day
Way, way back, in the early 90's, when RealAudio first showed up, it was an excellent solution to the problem of big .au (uLaw) or .WAV files - it actually became possible to stream audio in real time over a slow dialup link, and for the first couple of years the player wasn't the bloated PITA that it eventually became.
RealAudio would never have become an object of hate if it hadn't been good enough to be adopted as the defacto standard in the first place. If they had managed to curb their greed, and hadn't adopted the sort of tactics that so many users absolutely hated, they might have made something of themselves, though Glaser would probably argue that they wouldn't have survived this long.
Re: Beer analogy
How is it any harder for the TV auditors to measure an Aereo user than it is another other viewer of free OTA broadcasts?
If anything, it's actually easier to audit Aereo users viewing habits than it is to audit OTA viewers generally.
Re: Now its possible to see why Dell went private
Dell has a manufacturing pipeline that is more tightly connected to consumer demand than anyone else. So when it throws out something new to the market, it sometimes encounters a tepid response, because the people who normally buy Dell weren't looking for that device, and the people who were looking for that device don't usually look to Dell for their toys, and Dell moves on to other things - you can't "Stack 'em High and Sell 'em Cheap" if they aren't selling.
It'll be interesting to see whether Dell stays the course with the BayTrail Windows tablets - they've even started to advertise them on TV, and the 32GB version of the Dell venue Pro 8 is currenly at #24 on Amazon's Sales Rank for Tablets, and #74 for Eletronics over all,
(It's behind 14 different versions of Kindle, 2 iPads, the Nexus 7, the Samsung Galaxy Tab 3, the Surface RT, 3 android tablets that retail for < $80, and a Foscam (?? On the tablet list? WTF, Amazon?)
14 different Kindles! Talk about market fragmentation!
Re: Don't think so.
@nematoad - The same old bollox about MS killing netbooks. It was the netbook manufacturers who pleaded with MS to give them "loss leader XP" because they couldn't make any money selling netbooks with Linux on them.
If there was a market for linux based netbooks, chinese factories would have been churning them out, just as they are currently churning out no-name android tablets. They didn't churn out linux-based netbooks because the market just didn't exist.
@Grogan "First of all, it is the WRT54GL"
The original version of the WRT54G was the basis for DD-WRT and OpenWRT. The model was pretty popular for it's day, so Linksys made new versions, with different (cheaper) hardware, but kept the same box and name. This caused enough of a backlash from people who were spending a little extra to buy a Linksys router so that they could use DD-WRT, only to find the the new versions were incompatible, that Linksys introduced the WRT54GL (at a small price premium) to address the concerns of those customers who were buying the hardware so that they could run their own software on it.
Over the years, Linksys used 5 or 6 different versions of Broadcom chipsets, and for version 7.0 of the WRT54G, they switched to an Artheros chipset. All without changing the name of the thing they were selling.
Re: So fix it!
VBScript is available by default in Windows too (though there's no GOTO in VBScript, so your 2 liner becomes a 3 liner, with a Do or While loop around the wscript.echo "Hello World!" statement)
What you can't easily do with VBScript at the command line that you could do with BASIC 25 years ago is move the cursor around the screen (though you can run your script in a web page if you want to write your own version of Snake).
235K desktops in the quarter, about a million a year. Just how many people do you think are building their own systems these days? If it's more than 3% or 4% I'd be surprised, and that doesn't take account of the laptops, where DIY hardly exists.
How come there hasn't been any mention of the Lenovo Miix 2 tablet on the Register? 8" BayTrail tablet with full fat Win8 for $299? Dell and Toshiba have just released similar devices.
How does a "free" decoder help "two-way real-time audio and video communications"
"This situation has been a stumbling block for WebRTC, the Worldwide Web Consortium's new standard for two-way real-time audio and video communications, because obviously getting two browsers to talk to each other requires them both to speak the same language."
Unless Cisco's offering includes an encoder as well, it's not going to do much for two-way communication!
20 Years? That's nothing, Klein says that he's already had someone killed over an iPhone!
"I have had someone killed in my district over an iPhone." (it's in the very last paragraph of the article!)
That 8%-9% rise in the stock is just a knee-jerk reaction by people looking to make a speculative bet on sudden breaking news. The stock closed at $32.39 the day before the announcement, and it's currently at $33.40. Does the 7%-8% drop since the announcement mean that the market thinks that this was a bad move after all, or that it doesn't really make that much difference.
Looking to sudden upticks in the share price for insight is like looking to the comments section of ElReg. Confirmation bias will take over and you'll see whatever you want to see, and ignore anything that indicates that you're actually an idiot.
Re: "one has to wonder"
Confusing Grannies doesn't seem to be a problem for Microsoft, if you believe some of the comments about Windows 8.
Microsoft often seems to make commercial decisions that leave observers scratching their heads, so Skype's strong brand recognition isn't a guarantee of anything!
Re: Windows Phone users?
Wow, that's already a 66% increase on the 3 of them that someone mentioned in the first page of comments.
66% a day should get them a pretty big share of the market in no time!
Re: Why do they need a Youtube app?
There are certain features of the Browser interface that are easy to access with a mouse, but not so easy to access with a finger - the Captions and Settings options, for example, or sharing the URL.
I find that the HTML5 support for YouTube in Firefox for Android can't keep the audio in sync with the video for more than about 45 seconds (not to mention the big Pause button that won't go away until you pause and then restart the video). There are times when I'd prefer the option to open those videos in the YouTube App.
Re: But would anyone
Someone has to be first!
The problem that occurred in this case is one that you might easily have missed if you relied on testing patches yourself on a test server, but luckily, if you are taking that approach, you're probably not planning to get all your testing finished within the first 24 hours of patches being released, so you'll still benefit from the reports trickling in of other people encountering problems.
Where did people get the idea that only Lenovo offer Win7?
Dell and HP both offer Win7 Pro on even the most basic models in their Small/Medium Business stores.
(You've really got to wonder about the mentality of people that will grasp as such flimsy straws to "prove" that their own dislike of Windows 8 is rational, but that's grist for a different mill).
Lenovo are currently at the top of the list for our next refresh cycle. We stretched our last lot out a lot longer than originally planned, so overlapping compatibility with our existing Dells doesn't buy us anything, and for basic Office duties, it's really just a beauty contest, as they all use the same components, and Lenovo seems to meet our needs on fit & finish, support and price. (The fact that the Dell website won't tell me whether I can attach a second monitor if I need to definitely puts them on the back foot - their documentation has gone to hell since we last bought office PCs).
I'd really like to buy these basic machines with a 100GB SSD (I'd even go for a 60GB drive - all the data is on the LAN anyway) rather than a 500GB HDD, but HP, Dell and Lenovo all want more than $200 for that "upgrade", turning a $500 machine into a $700 machine!
Re: Shock and horror
I don't have a GMail account. But I receive e-mail from people who do. Even if I refrain from replying to their e-mails, Google can learn things such as my name, my birthday, may family members names, my favourite team, where I went to school, maybe even my address and phone number by reading and analyzing the e-mails that are being sent to me from gmail users.
Maybe this doesn't matter, maybe Google doesn't scan outbound e-mails to non-gmail addresses (hey, pigs could fly!), but as things stand, it looks like I have no recourse in this situation.
I'm not nearly paranoid enough to think that Google actually gives a fiddlers about me personally, but there's absolutely no question that my awareness of this all-seeing-eye has a chilling effect on my use of the web. There are questions that I'll no longer ask, articles that I'll no longer read, because frankly I just don't want them on my "record".
Why the fixation with October?
Who buys a computer for Christmas any more?
I would have thought that being ready for the Back to School market in August/September would be far more relevant in this day and age than a mid October launch.
Re: Google maps cost money
A TomTom or Garmin GOS can pack maps for the whole of Western Europe or North America onto a 2GB SD card, with room to spare. So I doubt that Google Maps map data is quite as big as you suggest. Of course, if you enable the Satellite View layer, and pull traffic updates all the time too, you'll use more data, but Google Maps can be fairly meagre in it's data usage, for what it delivers.
That said, the Ads will probably take up more bandwidth than the maps, now.
Re: Slight weakness in the argument here
Is it more efficient have "wasteful" government build a public road network, or to have a toll barrier and toll collector at the end of every street? Is it more efficient for you to employ private tutors to teach your kids in your home, or to have "wasteful" government build schools and tech them there? Is it more efficient for you to build your own water treatment system or to have a wasteful government provide a centralized system, with the capital costs spread over the populace.
Many of these services started as small private businesses (education, electricity, fire brigades. telephones), but most of them became government run because it was recognized that the country as a whole would be better off if everyone had reasonable access to these services, and private companies simply couldn't deliver at the scale that was needed.
Many of these services are returning to the private sector, but that's not always an improvement.
Re: No simple answers
Are you seriously suggesting that someone who buys a field, or a house, or a painting, or shares in a company and does nothing with it but leave it sitting there for 10 years until market conditions change, and then sells it for multiples of what he paid for it should not pay anything on that Capital Gain, while someone who makes the same amount of money over that same 10 year period by going to work and actually doing something productive should pay income tax?
$80,000 doesn't seem like much out of $32 Million
That's not much of a corporate sponsor, if the existence of a corporate sponsor is supposed to imply some sort of stability and reliability.
What's the basis for your "belief" that Google was paying a licence? None of Google's statements on the whole matter makes any reference to license fees for ActiveSync support, and I find it hard to believe that they wouldn't mention it if that was a factor.
If it was just about a license fee, and it was clear that MS was going to lose that revenue anyway, it would make sense for MS to waive that license fee for Google.
Occam's razor suggests that there was no fee, it just suited Google to get rid of the ActiveSync service. Whether the impact on Windows Phone was a factor in that decision is anybody's guess!
Re: Of course no Linux user owns a smartphone...
You don't even need an OTG cable - the set up utility connects to an ad-hoc network with the ChromeCast and configures it that way.
The $229 price is before tax. The Curry's price includes VAT. £150 plus VAT is £180. It's still a markup, but not nearly as bad you suggested.
I bet they get you to print their RyanAir boarding passes on that PC, though, don't they?
TCP/IP vx IPX
One of my memories from the early 90's was that it was easier to get LANManager to use TCP/IP natively. You could get NetWare to use TCP/IP instead of IPX, but it was a bit more difficult, and some of the NetWare tools didn't work without IPX. LANManager was "protocol agnostic" - you could use IPX or TCP/IP or DECnet, or just plain NetBIOS, so as TCP/IP became more significant, LANManager had a slight edge.
Re: And Dropbox too
If I was setting up a Cloud Storage service, I wouldn't offer a user encryption option. Not because I want to look at the files, but because when (not if, WHEN) users lose their encryption keys, they'll blame the Storage service for locking them out of their files.
The customer base isn't demanding this option, so there's no real upside to providing this feature, yet the downside to providing it is potentially huge, from a commercial point of view, especially for a free service.
It's Irish/Gaelic for Knowledge.
Did the Register have comments back when Eolas took a big wodge of cash from Microsoft? I have a funny feeling that the tone of the comments might have been a bit more "pro-Troll" back then!
Re: Adapting to their users
The "right to change your software in any way you want" is of fuck all use to 99.999% of the population. The average Joe is no more able to modify Firefox, Thunderbird or LibreOffice than he is anything from Microsoft.
You don't like the way they've changed feature X in this months version of Firefox? Tough! You can keep using an old version that still has the feature you like, as long as you don't mind not getting any security patches.
That's the reality, and the only part of "free" that is actually useful to the man on the street is free as in beer.
Microsoft "aren't considering enterprise at all".
Wow, imagine, a company whose life blood is selling licenses to enterprises has been exposed by a throwaway article on The Register that demonstrates conclusively that Microsoft has totally forgotten about the needs of their Enterprise Customers!
Alternatively, The Register got it wrong.
The whole point is that there is already sufficient "spare" base load at off peak times to pump the water uphill - they don't need any more off-peak power capacity.
Some of the photos of these rocket parts on the sea-bed shows very little marine growth on them. Was the fuel they burned so toxic that even after 40 years they aren't covered with the sort or marine life you'd expect to see?
Or were they actually buried under the sand/mud, and the pictures were taken after they had been partially uncovered?
"a £265 piece of kit"
How exactly does a smart meter cost £265? The BoM can't be much more that £30 or £40, can it? Any design costs are amortised over 10's of millions of units, so should be fairly negligible pr unit.
I know it has to be built to last for 20+ years in outdoor locations, but given the volumes being produced, what is the real cost per unit?
Re: Still looks like a bug in flash
If the warning can be made transparent, you can design your page so that the warning shows up lined up over a checkbox that the user is going to click anyway - instead of clicking "I agree to the terms and conditions", the user is actually clicking on the (transparent) Adobe permission box/button.
Re: $100Bn cash pile
"What I don't understand (tax issues aside) is why the shareholders don't demand a goodly-sized cut of the $100bn cash reserve as a dividend?"
Because the shareholders didn't buy the shares for the dividend, they bought the shares in expectation of a rising stock price. They're not investors, they're speculators, and that $100 billion cash pile actually does more to boost the stock price when it's off-shore and untaxed, than it would if it was turned into a $70billion on-shore cash pile, and was available to pay dividends.
Re: This guy is a knight in shining armour
That would be her enemies have big guns.
Critical vulnerabilities under <B>active exploitation</B>
There might be some justification for this course when the vulnerabilities are known to be actively exploited - in other words the exploit was uncovered as a result of an investigation into unexpected activity.
But if an exploit is discovered and there is no evidence that it is being actively exploited, then the balance between arming the blackhats, with the likelihood that it will lead to immediate exploitation, and waiting for a scheduled update cycle, with the likelihood that most users will get the patch before the exploitation can be widely deployed, is different.
To announce a windows exploit 8 days before "Patch Tuesday", for example, rather than waiting until a patch was deployed, would be the action of a real Jobsworth. The same would now go for Flash, which has finally adopted a monthly patch cycle, or Firefox, which has an auto-update mechanism and fast patch deployment. What if 5 days after being notified of the bug, and just before deploying a patch, Mozilla discovers that the patch itself introduces a new vulnerability? Should Google just go ahead and publicize a vulnerability that isn't being exploited?
In the case of a vulnerability in a application that doesn't have a well-defined patch cycle or auto-update mechanizm, it almost doesn't matter when they announce it - lots of end-users will never know that the vulnerability exists, so the people who will get the most benefit from the publication will be the blackhats.
If Google is going to be aggressive about this, they should publish a tool that end-users can install that will alert them when Google has published an exploit for an application that is installed on the users desktop. (It's not as if most of the vulnerable end-users aren't already running half a dozen Google services already).
Re: This goes to show...
You do know that you don't use the camera to take screen shots, don't you?
Re: then add engine management control
You'll get to save 200 quid on your insurance, but you'll pay 300 quid to replace a lost key!
Re: Too many "exclusives"
You don't pay a premium to get AMC - it's usually included in your bundle of Cable Channels, unlike HBO and Showtime, which cost an additional $15/month each.
Mad Men, Breaking Bad and Walking Dead are all AMC shows, and were available without an additional premium to most Cable and Satellite customers in the US.
AMC, USA Network (the aforementioned Burn Notice), FX (Justified) produce some very enjoyable programming - and they aren't nearly as quick to cancel a show with a "challenging" story!
An e-book store needs 7" devices!
There aren't enough Nokia Lumias around to support a Windows Bookstore, and there isn't any existing Windows or WinRT hardware that makes for a good portable reader.
- Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
- Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
- Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
- Feast your PUNY eyes on highest resolution phone display EVER
- AMD demos 'Berlin' Opteron, world's first heterogeneous system architecture server chip