72 posts • joined 29 Aug 2007
Re: For security - consider BlackBerry
Blackberry rolls over for law enforcement on a regular basis. And there are few rollovers for law enforcement that aren't also accessible by hackers.
http://en.rsf.org/blackberry-gives-way-to-pressure-11-10-2011,41159.html gives a summary of several instances of government pressure and varying degrees of caving.
the most important note in this essay (IMHO, of course)
Was that for amplifiers, performance is measured, and for speakers, almost anything *but* performance is measured.
If you go look at stereophile equipment reviews, especially those for speakers, what's striking is how many measurements they make on things that don't matter. Impedance changes as a function of input frequency, for example. They always measure it, and it's a proxy for nothing predictable. Instead, they could do much more thorough measurements of sound pressure time and amplitude response to simple and more complex inputs, seeing as it's the sound pressure that we actually hear.
But what they really, really never do: compare, in the same measurement, recordings played through otherwise identical systems with only the speakers being different - this despite the fact that they often refer to a pair of speakers as "my reference speakers for years were..."
head to head performance metrics across vendors, as we're used to seeing for all other electronics? Nope!
Instead, volumes of meaningless stuff that sounds like wine snobs talking. Except that the number of people who are physiologically able to reliably (ie, measurably and repeatedly) distinguish some of the facets of wine being snobbed over is probably higher than those who can accomplish the same thing with audio.
The up side for the rest of us: the cast-off gear from two or three decades ago can sound as good as the very expensive stuff sold today. (All the moreso when the ebay seller misreads the label on what he's punting.)
Usually, I hope a technical site will mention the OS that a new piece of gear will be running.
Which in this instance is Android, for anyone who hasn't skipped to the link.
the lack of SaX2 in the 12.x line is going to be fun
For years, SuSE has relead heavily on SaX2 to manipulate the xorg.conf file and actually get xwindows visible.
With 12.1 landing and the Sandy Bridge chips (and associated new graphics capacity) coming online just as SaX2 is dropped hard... big fun.
I still have a viable SaX2 on an 11.3, and may have it on an 11.4 that was done as an upgrade, but on new installs, I don't have it any longer and it is truly annoying at times not to have it. (as, for instance, I was setting up a new laptop a few weeks ago - so, completely fresh install on new hardware.)
maybe, just maybe
they've noticed that the 7" tablet from BN - a store with, like Apple, actual physical storefronts - is currently the best-seling Android tablet. This despite or because it's being pitched as an e-reader.
I think Apple has realized that there is a good-sized chunk of the market that wants a smaller display.
I'm curious about whether they want to go to 7" or down to 5" -- I had a chance to play with the Samsung 5" android mini tablet / big media player this weekend, and it is a very nice size point.
Genuinely pocketable. About the size of the Tungsten T3, extended.
@BB: My favorite piece of news about the (probably pre-LulzSec) hack of Sony was that it was launched from an Amazon Cloud Services box.
Lots of bandwidth, Amazon quite obviously has no effing idea what anyone's doing in there, their own router teams included, and who wants to be Sony had lots of permit ecs2.* rules in their firewalls - and that's assuming they bothered with firewalls on those connections at all.
They might not have; they might have believed the bandwidth salesmen who told them MPLS=VPN.
re: the single most important question
the better-looking one is the one who did the math.
I think the author of this rather curiously spurty essay didn't realize who was whom on the team when composing it in hopes of obtaining a face to face interview.
in my jurisdiction
The fact that I have encryption flipped on is, in the eyes of the law, enough to define my router as a protected computer system.
Accidentally stumbling upon it looking for your own AP is one thing. Recording it, geotagging the address, and phoning home to store it with Google? That's quite different.
(You _do_ understand that a MAC address is broadcast whether or not SSID broadcasting is suppressed, I hope.)
So very glad that my hardware is of service to you and google
Great. You like Google's location service.
Google doesn't own my access point, nor collect any fees from me in exchange for using it to sell ads.
And yet, if you're on my block, my access point's MAC address is being monetized by Google to make your phone give you better location signal and push ads to your phone.
I'd like to see everyone who's got a MAC in their database send them a bill for providing location services.
vipre was developed by Sunbelt
before Sunbelt was bought by GFI. I never did understand what, exactly, GFI thought the value of Sunbelt was.
During the brief period when I trialed their antispam/antivirus box, I learned that they were using another outfit's good and very expensive definitions on it - and to cut costs, didn't actually license it properly but paid per update. This meant that it wasn't auto-updating but only updating when something really nasty was on the loose.
after their staff pulled the truth like taffy on a mailing list discussing the issue, I sent it back.
And I will never again do business with a company in Florida. Seriously. I've had nothing but bad experiences with folks who decide to run businesses from there.
shouldn't be very hard to verify
If the guy's right it shouldn't be hard to verify the claim. A plaintext password left in a DLL is very likely to be available in caches. Also, the Comodo partner could simply own up.
For me - and on the desktop, I'm a gearhead, running multiple VMs and wanting plenty of ram and computing power, and a few T of storage in the living room - the Nook is an excellent tablet.
The tablet is mostly about consumption - about a nice thing to read the news with the evening, or a book or two.
The blazing fast CPU isn't a big deal to me (though if I watched movies on a tab, the Nook might start to seem slow) on a tablet. I want control of the OS and I want easy file management.
The nook's trivially rootable, my model most often boots the BN firmware rooted so I can use an RSS reader but was running a mod this weekend to look at bluetooth support (keyboard, good; microphone, not so good yet in my hands.)
It's the first device I've come across to rival the 12 year old niche Palm Pilots have filled for me, with the addition of b-folders for locally accessible address database.
I hope Amazon makes a 500 dollar device - I'd hate to see them make a 300 dollar device and have the nook dev community get more interested in Kindles.
Don't miss graffiti, use it
Probably the third thing I hunted up once I got the color nook was graffiti.
It's early days yet, but the nook may finally be a useable replacement for my TX.
B-folders to migrate over the contact database. Graffiti for input. NewsRob for avantgo-like offline newsreading ability (based on a synchout to Google Reader.)
Also, I'm buying apps. NewsRob and Graffiti were no brainers. I want to encourage this community.
This keyboard certainly looks worth checking out , though.
Does it actually run over the network, not via bonjour?
If xbmc discards bonjour in favor of actual networking, it would be very interesting. If it's still using bonjour, less so, as it took me several days to sort-of, kind-of get the ipad working at the house - I run a wifi network on a different lan segment from the nas and handing the bonjour traffic off was, at least for me, not working at all.
we can only hope
that this will be implemented. Along with a serious cell signal jammer on every plane.
That would almost make up for the Shoes Off Theater on every fucking flight (at least here in the US.)
the main info here
Is that the APS has breached its own rules by ignoring a petition from sufficient APS members to start a group, and instead launching its own survey about interest in a different group.
I agree with him, that is problematic and grounds for walking.
However, his letter on things beyond the APS politics is quite weak. He approvingly cites convicted fraud Monckton's silly book and - surprising to see from a scientist - chose to read the selected email disclosed by hackers, and not the responses to the leaks from those whose email had been stolen.
work fine for me
granted, that's in a synology box, so it's software raid in linux, but the OS is installed on the first partition, which is an mdraid.
I've run the green power part both in raid5, raid6 and raid10 configurations.
I have not tried putting an OS on them and booting a gui from them. Entirely possilbe that'd blow.
The announcement did get me to buy a device
But not an AppleTV.
I do not have a large library of files transcoded into h.264 - I have a large library of files in a range of formats accumulated over the years. I've never much liked itunes, even though I have an ipod.
I do like lots of storage, and have a 4 bay nas in the house. I wanted to be able to use it as well as netflix.
I picked up the WD live tv plus box last night, and so far I'm impressed.
It seamlessly picks up the DLNA served media. It doesn't obligate me to have a PC switched on (and doesn't interrupt watching movies if I need to reboot the system, or do work on a different box.) It costs 20 bucks more than the new Apple box but seems to support the widest collection of file formats from a media server that anyone supports today.
And it has netflix, which I may or may not keep.
you *are* joking, one hopes
A small script can easily be tucked away on a legit website. Local government
websites are good target environments for trying to inject malware. An ad with
a malicious payload embedded was successfully put into the NYTimes queue
not long ago.
The attack runs a trusted script on your PC, so you needn't click on anything
to be popped.
As for the unlisted Trendnet.... Untested too, but I have a suspicion that AC
here would be happy to buy it as a hardened router. You can include the
spreadsheet as evidence.
not to worry
It's only 100 million US.
the NSA can't brew tea for that little money.
This just about covers a quarter of the Raytheon project managers' bill to spend an afternoon reading up on Snort and recommending the NSA make something just like that, only for SCADA commands too, and not just in TCP/IP, and with a neat dashboard.
I haven't run across a linux app that can read and create visio diagrams.
Am I missing something? If I'm not, an update to this piece specifically addressing Visio would be of interest, since Open Office doesn't read visios (or at least the variant I use doesn't.)
Similar questions apply to Project.
Not a hater, not a fanboi
I have not used a Mac in production for some years now. I recently bought, then gave away, an ipad after getting tired of the lack of internal filer. I do have MacOS installed on a couple of the systems I use regularly, so that I can answer questions about it when they come up.
At the office and at home I use more and more linux - SuSE at work, and Ubuntu on the CULV laptop I replaced the ipad with.
So, having heard the hoo-ha about Apple's site demo'ing HTML 5, I tried visiting.
In Firefox, I'm told to go get Safari. Not available for my platform.
In (webkit driven) Konqueror, I am not told to get Safari. The page just fails to work - the initial page loads, but all of the links just reload the page.
Brilliant start for a demo of an open source technology.
Thanks very much for posting this. I was much less interested in wireless mic specs than I was in the implications for astronomy, and I was disappointed by the subhead once I'd read the article.
so, the native apps
Are basically prohibited from implementing the top two uses for any computing device.
How my mum got her ipad
This is exactly how my mom wound up with an ipad.
And she loves it. It lets her listen to music and read email and websites. She's never been able to sort out a computer with a GUI before, in part due to not wanting to.
I haven't yet shown her the youtube video explaining that the ipad is the magical and revolutionary computing device for housecats. Seems unsporting.
I have a large library of technical PDFs which I'd hoped to consult using the pad. But needing to use any of the kludges on offer was a complete fail - it simply wasn't worth the hassle to get the files on, and then to quickly update which were and which were not on it an ongoing way.
A second issue is that my home network has a Netscreen running it, and Netscreens don't put the wireless network and the wired network in the same subnet. Nor do they make passing broadcast traffic between routed subnets trivial.
Consequently, many bonjour based apps worked terribly in terms of reaching my filer. I was able, ultimately, to watch video from the filer - but I have a television for that, and if I want to watch something while out of sight of the TV, I want that something to be displayed on a screen that can be easily stood up, then repositioned.
Now I have a CULV laptop for my dicking around the house toy. It runs win7 if I need it to, but spends most of its time running ubuntu. It has a useable local file system and is able to reach things in the house by IP address rather than by broadcast.
It is not magical and revolutionary, but it is very much more functional for me.
how much longer will the npr app live? the abc app?
Boy, if they don't like apps that look like desktops, how much longer will the NPR or ABC apps live?
What, forever, because they're driven by major players?
They're. Not. Motherfucking. Called. Boards.
Newsgroups. That's the ticket.
The thing which distinguished newsgroups for me - and continues to do so, in principle - was that they were truly a many-to-many medium. Any individual post had one author, but when posting you knew many others would read and many others could comment and in an unmoderated group, there was no one with veto power.
Also very importantly, no one owned all of usenet or all of a newsgroup, in the way that entities own websites - and are thus in principle liable for their content.
Sadly, as other tools became available many of the best writers retreated to less noisy forums, and I think few understood how much less interesting and surprising an owned and/or owned and moderated platforms were going to have to be.
"It's like someone fell out of a time vortex from 1990."
You've seen photos of the man, right? This is entirely in keeping with the "greed is good now won't someone put two in my center of mass" attitude that the man simply radiates, a hot stream of Bush era piss off simply fountaining out upon you.
Until now, only corporate types went near anything Ellison touched. He's the anti-Jobs, moreso than Gates, really. But now, with the Sun buy, I think his exposure to the world will start to go up, up, up.
what on earth
is the point of that stupid dog website, the .net one?
Looking at it is like flashing back to geocities circa 1999 or so, back when pets with their own websites had just heated up the doublewide community in the rural South.
still liking the Palm OS best
I've been using various Palms for around 10 years now, for contact management and for extensive use as an e-reader.
I relied on Handspring devices for five years, then tried (and did not like) the Sony variant and am now happy on a T3.
I started using Avantgo as a newsreader, and moved into RSS once AG was killed.
The great thing that the Kindle has done for me is create many more ebooks than initially were available (aside from hardcore dork things, which have always been available as PDFs and hence were things I could load up.)
The kindle and the Apple and the JooJoo are larger than I want to tote and give me much less control over what lands on the reader and how I use it.
Granted, you're now limited to buying used devices off Ebay if this is what you want to keep Ludding along with, but I hope by the time I finally have to give up on these, someone will have come up with something close to as good.
those crying are not webmasters
The title claims webmasters are up in arms about this.
The webmasters I know are fine with this. They design pages, do some front-ends for databases, and generally work on getting things out there for people to read on websites. Honest work.
Metz' piece does not quote any upset webmasters, either, despite the title - though the lede gets it right. SEO types are unhappy. Especially the lazy ones who wanted to be able to keep selling the same old crap to every new customer for the same outrageous fees.
Boo hoo hoo.
it's not a fucking tenant
Who is driving your spellchecker now? Spellcheck would have offered both tenet and tenant as alternate spellings for whatever was fat-fingered in, so someone obviously doesn't know much about, hm, words.
The author should be off the hook; if the author used the word tenet, one hopes...
okay. scratch that.
Where did using tenant come from there? And can that person's left pinky fingernail be torn out as a way to raise staff morale and inspire them to stop making everyone look like droolers?
And can the resulting Staff Morale and Inspiration Lifting Exercise (SMILE) be posted to Youtube?
if it's light, it's a win
If this comes in at around a kilo, charger included, it's not competing against budget boatanchor notebooks, it's competing against higher end machines, the Thinkpad ultralights and high-end lightweight Macs. These are machines people buy with weight as a factor more important than cost.
If the screen opens properly it may be something I'll buy - I gave a netbook to my sister last year for Christmas, after figuring out how bad the keyboard was for the actual work I do, which involves typing but does not need a lot oomph. The screen was a problem, also, since it didn't fully open.
Sis liked it, I enjoyed playing with it, but even as a personal machine, it didn't work out.
This? This might do well for me.
first, kill all the lawyers...
Dunno. Seems to me that putting pockets behind Metasploit not be a good idea. Particularly not a security company's pockets.
Unlike Snort, Metasploit is an intrusive tool.
Seems to me that the first time some script kiddie starts poking around some company that uses logging with Metasploit and a few weeks later a Nexpose sales call comes in, an argument could be made that Rapid7 is deliberately beefing up Metasploit to drive sales of its security consultancy.
call me stupid but
wouldn't it help to have the comparable NetApp performance score somewhere in this article?
I do appreciate the detail the article gives explaining the paternity of the joint venture.
Running for UK parliament on the labour platform? Sounds as if he ought, if he isn't yet.
sunbelt has misled about a/v in the past
A year or so ago their anti-spam hardware devices started developing troubles detecting viruses.
Questions were asked and answered on the Sunbelt mailing list; Alex Eckelberry stated "It (one of the viruses not caught by the product) is recognized by Bitdefender, but due to the nature of this trojan, I would trust defense in depth more than I would trust any AV engine."
What he meant to say was "your expensive antispam and antivirus product is currently unable to download a/v updates. Our admins have already been on yoiur system but are not permitted to tell you we have ID'ed the fault."
Also, the company issued a press release advising everyone using either its appliance or its software antispam tools to block all ZIP files at the gateway.
the vanilla 409
Can take either 3.5 or 2.5 disks and has very similar noise levels, but a bit lower - probably because they can fit larger, slower fans into the case.
The power consumption on the 409 is similar at idle (16w for the 409 versus 12w for the slim)
If only the Reg editors would ask their hardware reviewers to study up on benchmarking methodoloy or else focus on the usability and cite more thorough benchmarks than they can provide. benchmarking a nas properly ... it's a complicated process and the benches here provide precious little info, as is invariably the case in hardware reviews.
My tests of the 409 gui leave me very disappointed. It is much prettier than the Promise GUI, yes.
However, all that enabling NFS support does is start the NFS daemon - there is no option to work with /etc/exports given (that I could see) in the GUI in either simple or full mode. The only editor available at the commandline by default is vi. Asking a newbie try to work in vi and then try to get a working exports file going is just atrocious. At least the Promise NFS gui actually did ask "oh, um, who should have access to the NFS mounts?" and then set up an export, even.
Raid level migration is similarly murky. Expanding a raid from 1 disk to three in raid 5, you are not shown which disk will be used as the data source, you have to trust the device that it is in fact going to erase only the newly added disks. Very pretty but very uninformative as to which disk is where. Or how many total you will be left with.
If only the original promise 4300 weren't such a noisy beast! The 4600 is somewhat tempting, but does not give you what Synology does, real root access to the box and a package manager.
If I were recommending one of these to someone who wasn't a pro, though, I might recommend the gen 2 2disk Promise system in preference over a Syn 209, because while ugly the UI is actually more functional. I will wait and see to find out how loud the next generation of Promise systems are. The claim is that the 4600 is fairly quiet and fairly fast.
I'm so confused
I had thought that the Register's official editorial policy was that there was no need to pay attention to CO2 levels?
Yet, this article seems to imply that polluting the Atlantic with soluble iron would be a good thing because it would promote CO2 capture?
Could you please get James Inhofe, your chief scientific advisor, to let you know which way to report this story? Good news, or totally unnecessary?
While you're at it, you probably need to sign up for his geoscience and earth history course. You likely already have the textbook inherited from Gran, but I've seen far too many Reg hacks act as if Evolution is something more than the devil's work.
i have a pearl
and I find it to be a read-only device. Problem is, I do 60 wpm on a real keyboard, and don't read manuals. It's possible that it's a useful keyboard for those who are not used to going fast and/or who read manuals. I'm find with it as it is, though; the boss pays for it and he's not expecting me to reply from it, he's expecting me to know when gear sends me email.
@Tom: dunno who gave you the spec
it's a combo of ip blacklisting, ip whitelisting, probably some amount of feeding unknown URLs back home for categorization, and also skin blocking. Early press reports had a user looking at piglet photos, and see that they were blocked; looking at nude photos featuring black girls, and see that those were unblocked.
I'm thinking that last bit is probably what relies on face detection.
ever driven a volvo in snow?
Now, I'll admit, the last Volvo I owned was an 87, so perhaps Gramps Volvo finally died and new people are running the design show now.
I drove a Volvo in heavy winter snow for several years, and my Christ it was a godawful ride in snow. The design theory seemed to be "we'll make it weigh twice what it ought, and have an insanely strong passenger compartment, because we KNOW it's going to land tits-up sooner or later."
It more or less worked. I once spun out at low speed (20 mph or so) in heavy snow and ice. The vehicle who slammed into me had $5k worth of damage. I needed to reseat a hose on the engine block and drove home.
This new push-me-pull-you engine plant sounds like a ton of fun, yes indeed.
tech may win wars, but I laughed when i understood this one
Show of hands - anyone here spent any time trying to get one of the nice automatic telescope mounts calibrated?
Much of what they're doing is much of what this beast is trying for.
I don't expect great things out of this, especially in real world conditions.
On the wireless fusing... sadly, it sounds as if anyone who can generate enough signal to arm the cartridges will probably have already microwaved the d00d carrying the high-end shooter. Truly that did sound like an amusing attack mode against these weapons.
virt not part of the x86 instruction set
And hence, Microsoft has decided to release a major software package which is incompatible with the x86 instruction set.
Hardly Intel's fault. They defined the x86 instruction set and documented it fully a dog's years ago.
is there an april fool decoder ring around?
Because i'm really, really hoping this is an April 1 spoof.
That would explain why the PDF draft is hosted on Register servers and not elsewhere.
Against that, it looks a lot like a draft bill, and if there was a punchline in the PDF, I didnt' see it.
Unfortunately, we're now to a point where this kind of craziness might be a put-on, but it might be straight up.
go ATT PHB morons!
These are the same people who brought us "in 2012, one house will consume the entire bandwidth of today's internet" or similar twaddle.
Curiously enough, these remarks always come out when they're in front of governments, hat in hand for dough for something.
The bandwidth claim came as they were asking for (another) subsidy to build phone lines and networks, thereby being able to pocket 100% of the profit, rathe than a niggardly 80%.
What were they asking for dough for here? Security measures already no doubt in place as a side benefit of the NSA data mirroring project - if you're going to do total traffic inspection, as they are in their joint venture with NSA, surely you can add the security layer to that. What are they, asking to be subsidized twice for that?
I believe the Reg covered the earlier remarks, but for those who missed the article: ""In three years' time, 20 typical households will generate more traffic than the entire Internet today." - Jim Cicconi, reported in http://news.cnet.com/2100-1034_3-6237715.html
Supermicro: cheap, thinly certified, sloppy QA
Let us know when a vendor that's capable of doing QA and willing to pay the fees to have their gear certified releases something like this. Until then, this is a giant step down in the being-able-to-sleep-nights sweepstakes.
but are those computers networked?
Seriously. The systems with access to SCADA may not themselves have access to the internet. But to state that power plants live in some kind of internet-free zone is silly.
Blaster compromised US power distribution in 2003, not because it was a SCADA attack but because it took out systems at power plants as collateral damage. I suspect there would have been issues even if the SCADA controllers themselves remained entirely untouched by the attack, simply because IT staff at compromised sites were running like hell to fix the Windows boxes.
And blaster was really more of a prank than anything else; it used a publically posted PoC as its payload, looked for new hosts to infect, and crashed systems. Yes, it was a large pain to deal with, but it wasn't installing other code or formatting harddrives on restart or silently phoning home. It was incredibly noisy and easy to see. But it was also very fast!
Power generation infrastructure has been neglected for decades in the US and lots of Europe.
Does anyone here think that the facilities are staffed to afford the eyeballs to do monitoring of logs on SCADA systems?
There was a great Defcon talk on SCADA attacks last year and the presenter admitted "it's noisy as hell. But no one reads the logs, so it doesn't matter." He was considering working with fyodor (nmap) to add the SCADA attack to the nmap toolkit and to make it much quieter.
Once you're inside a network, if you know what you're doing, whether an internal host talks to the internet or not is not a problem. As long as they talk to switch ports, you can talk to them. If you can get the guy who answers phones to read your email and click on a link, or visit your website, the odds that you can get access to a windows box that talks to internal switches just went through the ceiling.
The real concern is not worms or script kiddies. It's people with folks on salary with training and practice doing attack/defense in teams. State actors and large organizations could undoubtedly do this; the real problem is in coming up with a defense against it in a heavily privatized and decentralized system.
We mostly dislike the geographic firewalls in China, Australia, Burma, etc.
We may ultimately find that what we need are business sector firewalls mandated by governments that can require all actors in a given sector to be running behind a common and commonly secured set of connections. Not just hardware platforms, but actually insist these folks drop their current addresses and buy leased lines to dedicated data centers with budget for ingress and egress monitoring and response.
My guess is we won't get to a state like that until someone seriously, ahem, degrades performance on SCADA infrastructure. The politics of doing it may be completely untenable even then.
their secret successes are teh bomb, though
Good for the CIA, still recruiting reprobates and fools after all these decades.
Absolutely, this ass should be repatriated to Egypt for trial there, then after sentencing, to Algeria for trial there. He is a convert to Islam, according to ABC, so trying him under anything but Sharia makes no sense.
We in the US are told again and again that their secret victories are most excellent, and we just need not to notice all the torturing, disappearing, drug-dealing, raping and assassinating they're up to.
fired for cause, per Info Week
Pretty minimal sounding cause, but teh IW writeup says he was canned for writing a script that changed server settings without approval from his "supervisor."
If *that's* why you're canning a high level 'nix guy, you do not leave him unattended after the termination hearing.
Jaysus, no wonder these people are tanking.
- Put down that Oracle database patch: It could cost $23,000 per CPU
- DAYS from end of life as we know it: Boffins tell of solar storm near-miss
- The END of the FONDLESLAB KINGS? Apple and Samsung have reason to FEAR
- Pics It's Google HQ - the British one: Reg man snaps covert shots INSIDE London offices
- Bose decides today IS F*** With Dre Day: Beats sued in patent spat