No problem, just use hydrogen...
3392 posts • joined 15 Mar 2007
Re: take me to your leader
For an internet-facing PC port (e.g. firewall) that makes sense, but behind NAT you really don't want a log of all 192.168.0.0/16 packets!
Have an up-vote! I was going to the same really, that now Instagram and Twitter might be of some use or interest.
In addition, they need not leave the phone switched on either.
Will they also ban VoIP as well? Given the often usurious cost for roaming the use of WhataApp or similar on any available wifi is appealing for many reasons.
Yes, probably there will be XP VM still going strong.
But maybe not later versions of Windows that need periodic product activation checks, eh?
Re: Perhaps not entirely surprising...
There are now on-line guidelines to hardening various popular* OS for gov work here:
Most of the advice is also sane for business users, etc, as well so worth taking 5 min to read it. And yes, they do have guidance for Ubuntu as well =>
[*] That includes Win10, which is not so popular in these parts due to the forced upgrade policy and telemetry. But of course the guide assumes you have the most expensive enterprise edition where you still get the right to disable most of that.
Re: @Charles 9
Sure the plods will simply target points "outside the envelope" but that takes significant effort to do so. For example hacking a phone, or installing listening devices in cars, etc.
All are possible and known spy/surveillance technologies and I don't worry too much about that because it is expensive and time-consuming to do, that alone means it has to be targeted at important stuff. A far cry from the abuse of easily intercepted stuff we see done by spy agencies, councils, border control, etc, etc.
Re: Doughnut Eaters
Agreed, there should always be real evidence, not just a phone's contents (which could be planted if the phone is hacked or insecure by default). In Scotland there has always been (I'm simplifying a bit, and this might change though..) a requirement for corroborating evidence, i.e. a second aspect that is necessary for a trial to proceed, let alone to secure a conviction.
The problem with asking a policeman what they want is they will ask for whatever makes their job easier. That is basic human nature. And given most of them are honestly trying to solve crimes, they usually dismiss suggestions it can and will be misused because they (i.e. the one you are asking) is not planning on doing that.
Sadly though not all police are honest and trustworthy and once politicians are involved you are dealing with a proverbial moral slime-pit of self interest and dodgy dealings, and of course there are criminals out there as well.
That is why I am in favour of decent end-to-end encryption by default, everywhere, because you just can't trust people, of any profession or any reputation, to not fuck up deliberately or unintentionally and use whatever powers they have wrongly. They can already get the metadata of who talked to who, etc, and that should be enough for a proper investigation of the suspects in the old way of getting out there and gathering physical evidence.
Re: maybe there never was life on Mars ...
"spend that money on something more useful, here on Earth."
What, you mean like Facebook valued at $245 billion instead of the NASA budget of $18 billion?
Re: @Novell time
And long before that we had ephemeris time (1952), and then TDT (1976), and then GPS from 1980 using continuous time with a leap-second offset rather like a time-zone.
As I keep saying IT IS A KNOWN FEATURE and if your code can't handle it gracefully you are incompetent due to either:
1) Not using tested system libraries to handle time, delays, etc.
2) Writing or modifying said libraries without knowing what you are doing.
And most of all NOT TESTING YOUR DAMN CODE! Really, just set up a fake NTP time server and have it generate leap seconds regularly backwards and forwards and see if your code works.
Re: Leap Seconds
"Will people be ready for that one?"
Well the one that followed the aircraft-bothering incident went with practically no issues at all. Simply because folk had woken up and tested things for the inevitable occurrence of another leap-second.
In fact the Linux bug mentioned had been created by somebody modifying already-working time related code and not testing the damn thing for this situation. As others have already said, leap seconds and means to deal with them have been with us for decades already so its not new stuff. But every new generation of code monkeys seems to be able to break things...
Cisco's great web site:
"An error occurred during a connection to blogs.cisco.com. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP"
Re: "Which you should, by the way"
"if you actually watch it"
Given the iPlayer is their own web site, why not just tie access to the TV licence?
You know, allow a couple of IP addresses or player ID strings, etc, per day from a given license and job done. Most UK broadband users will still be behind IPv4 NAT anyway so multiple devices in a home will appear as a single IP address.
Re: Windows 7 and prior to that, XP and 2000 and even NT4 have been quite good
Sadly yes, I also remember NT4/2000 fondly.
But the rot started with XP and "product activation" for me, the first sign that MS believed they controlled your PC and you now needed permission to repair/change hardware.
Re: New Feature List
Re: Thank you Mr.Farage
"in a democracy the will of the majority is sacrosanct"
Yes, and also in a lynch mob
Really there is a need for new regulations to make sure that certain critical systems are simply not modifiable in any way via on board communications.
At one time the "emergency brake" had to be a physically separate mechanical system to deal with the possibility of hydraulic failure (in the days of single circuit brakes). That seems to have been relaxed but really now it seems there is a single point of failure in the on-board computer and that should not be allowed.
Same goes for power steering, so far my cars have only had independent hydraulic systems for that and the range of things that can go wrong, and go wrong suddenly are pretty low. I really don't want to change that.
Re: 1) No need to defrag
At least NTFS never needed to run fsck every n days because it isn't sure if the file system is OK... when ext got journaling?
ext3 has had journalling for 15 years now, long enough to be "distant past".
As for NTFS, how come every time I have checked the output of chkdsk on XP and 7* machines' system disk it say it is fixing "minor inconstancies" even when there has been no (apparent) system crashes?
[*] thankfully I have not had much need of sorting out Windows 8.x or 10 as yet.
6) All software updated centrally.
Not sure I understand this one; there is Windows Updates in Windows you know?
That is true for Windows and Office, and if you use the (rather bare for now) Windows app store. But sadly you get loads of shitty updaters running for Adobe and most other software that you want to make use of Windows legacy of genuinely useful win32-based stuff.
With Linux you normally use the single updater with multiple repositories so even 3rd party software is managed centrally by the machine (i.e. the app store model, but without the 30% fee).
Re: @Just Enough
From a human perspective - no, its not.
But typically *NIX systems had MAX_PATH / PATH_MAX set to 1024 or even more and no doubt there are cases where that has been used to go over 256 leading to porting issues if you want to run *NIX tools on Windows (as MS are trying to encourage now).
And just when you thought that was a simple fixed value - no! It is not because Linux, for example, allows you to mount various different file systems and even files systems mounted from deeper within another, and as each of those file systems (ext4, NTFS, FAT32 and many more) could all have differing limitations on path and file name lengths, the total is not a simple constant.
So if you start a project, try to keep to 256 if you can but don't had-code it.
Odd, it looks as if it could be used for stereo images, but why so close together? Had they been at opposite corners that would work reasonably well. And if simply combining it, it seems unlikely to be better than other camera phones in the past (e.g. some of the Nokia/Lumina ones) judging by the images shown.
Still, a good article overall.
Yes and no. True you loses data and so on, but given the total pixel count of most sensors is way above what is needed for an acceptable image, simply discarding 5% of the edge is fine as long as that is what you see when taking it (i.e. subject framing is correct).
Re: What does putting my Windows installation in a VM do for me?
2bi) Yes, most browsers support some sort of sandbox protection mechanism. But I quite like apparmor as its a separate protection mechanism (so two steps to p0wning your PC), and it allows you to define *where* the process is allowed to read and/or to write.
That is a nice feature, so you can't have a compromised browser encrypting your files outside of, say, ~/Downloads, nor reading sensitive stuff (say ~/.ssh contents) and sending to some Bad Guy even though it has the same nominal privileges as your own account. Also it can't overwrite your .bashrc file or similar (in your name) and it has two levels to breach to overwrite system files in order to permanently p0wn the machine for a single account or for everyone.
Sure I know its not perfect, but defence is all about layers. Just like Ogres have...
Re: What does putting my Windows installation in a VM do for me?
1) Probably - not had to look at that so far. But VMs also cover OS version/patch-level screw-ups in dependency...
2biii) If you mean opening a web page, no that is fine as email & web on Linux (assuming you sort out a client, of course). If you mean opening a word doc directly from email, maybe that limitation is a blessing in disguise?
3) True, but accepting the generally crap state of AV tools so far, I would rather like the *smart* malware to fall at this final hurdle.
5) For keeping up with new, yes. But what of supporting clients that stick to Office 2003 (or 97)? In that case you may well keep going for new OS but still want to keep an old OS and software on hand.
Re: What does putting my Windows installation in a VM do for me?
1) Allows multiple VMs to avoid the "this version of X won't coexist with that version of Y" sort of shit.
2) You can have email / web on Linux with (for the foreseeable future) less total risk than on Windows especially if you use apparmor on the browser, etc.. Though of course having a Linux VM on Windows could also do that.
3) Deters advanced malware from running if it detects your copy of Word, etc, is running in a VM that could be used for analysis.
4) The VM can be moved across hardware platforms during upgrades without the shitty business of re-registering it with MS.
5) In a decade's time the VM's internals (probably) look the same even though you are 3 generations of hardware down the line so you don't get a "sorry Dave, I can't let you run this OS on unknown hardware" sort of problem.
But for games then dual-boot otherwise performance will suck big time for intensive graphics.
Re: Thunderbird with Lightening
"I was...my Outlook email into a file Thunderbird could read"
That is a damn sight better than Google managed with tools to import stuff to Gmail
Re: FORTRAN at 42%
Similar here, I manage to write C programs in python as needed.
Re: Shell scripts
ALGO69? Is that what powers pr0n sites?
Re: What would Aubrey and Maturin say?
Why should the ship/boat not be a "she"? Probably as many women like anal sex as men, which is frequently the definition of sodomy. Allegedly.
Re: I am struggling to understand...
I also think you will find that El Reg's commentards will enjoy any opportunity to slip in a double entendre or three, or make bad-taste joke where sex of any orientation (and preferably of all orientations) it connected with big machinery.
Re: And I take objection to *this* article.
Maybe the lesbian version would be a "Cocking Dykelords" instead?
Or maybe the original cyberpunk just needs to take his dried frog pills?
Re: Linux system upgrade may not be much better
I have found that distro upgrades are flaky if you have any unusual partitioning or RAID set ups.
As another penguin-botherer mentioned, always put /home on another partition as then you can simply re-install the OS partition without significant risk to your own data. Often better, when creating partitions in the first place, is to create one for / of say 20GB and another of about the same that you keep for a future upgrade, and then one for swap, (maybe one of 10GB for /tmp as well) filling the remainder for /home.
Patching speed is probably the issue
While it is great that Google are improving the security architecture in general, if 90% of smartphones using Android still fail to patch things is a growing clusterfuck as ever.
Really, why can't the core OS and libraries be auto-patched for security as most Linux distos do?
Re: RS485 / RS232
Serial is still common in very low power devices as the overhead to implement a UART and the matching software stack is trivial in comparison. Seriously, work out the power used to be listening and able to respond quickly in both cases and you are in for a big surprise.
Also simplicity makes for reliability/security as you are only point to point and not having to fend of the barbarian hoards when someone forgets to properly firewall your system.
Not all VPN systems are good at making sure your DNS queries are also tunnelled, so it may well be getting local look-ups that Google is using to decide on your location.
Proper privacy / anonymity on t'Internet is surprisingly hard to achieve, as the occasional arrest of folk who piss off those in power (or those funding them e.g. the RIAA, etc) find out.
Re: They Are Only Effective If The Operating Frequency Is Standard
Realistically this is for "stupid", both in terms of idle morons doing stuff near airports, and similarly stupid jehadies wanting to re-purpose commercial stuff for terrorism.
Of course, there might be a 2nd step of action if the RF deterrent is not working...
Realistically there is more to worry about with simple stupidity around airports and similar situations.
Re: Rethink time
Exactly. So much of the problem is simply crap software.
This is made more crap by the mind-set that software is expected to be shit, so bugs are accepted, vendors not held to account, and people simply click on "OK" without reading that pop-up asking of shaftmewithatoastingfork.exe should be allowed to run.
Second aspect of a lot of this is the lack of 2FA for important stuff, or the "two factors" both relying on a single device like a phone that may already be compromised.
At last! Now I can have my robot monkey butler!
Re: 371kg of cold liquid xenon
At least you did not go for anything kryptic...
Re: 371kg of cold liquid xenon
I should react to that, but seem to find my shell full just now.
Re: No One Wants The Flight Found
Really? Other than a handful of nut-jobs, everyone in the area of science and technology wants to know what happened so there is a better chance of it not happening again.
This is not some shitty OS that crashes and people just shrug their shoulders, reboot, and try to redo the last hour or twos lost work. Here it really matters!
Even if it turns out to be a human fault, or even a deliberate action, we can learn and make it less likely in the future. As already pointed out, the lack of a squawk that said something useful about location and status is something that is trivial to remedy, but some other failure scenario may be present but no one has seen it yet (other than the poor souls on board MH370) so knowing that would allow something to be done.
Re: MH370 and MH17 were organised by the same people
Too much schnapps, too little dried frog pills.
Now if only AMD would open up the management processors, etc, so a proper audited open-source BIOS could be offered for matching motherboards we might be able to use less tin foil for our millinery needs.
Interesting. Wonder if those networks deliberately interfere with VPNs, or maybe VPN traffic is just less tolerant of shitty networks?
Re: Data estimates
"autonomous car .. about 40GB a minute of data"
Very likely in its own sensors, but almost bugger-all of that will be hauled back to the cloud as the radio bandwidth is simply not available for the huge number of cars in most cities (along will all of those trying to use youtube on mobiles, etc).
Sure they might sell CPUs for on-board processing but most likely it will be ARM for lower power and cost if the car companies have anything to say about it.
My first thought was this is so they can slurp your data to whore you to advertisers (and paying gov departments) just like Google do. And Win10 does.
Having thought about it a bit more, that is also my 2nd thought.
Edited to add: What are the real alternatives to Skype these days? Something that is cross-platform and not dependent on a big data-slurping company? Might be useful to know.
"a bill to regulate services like WhatsApp, including a requirement that services maintain a local office and enable lawful intercepts"
That might work for something like WhatsApp, assuming they are willing to do an about-turn and break any pretence of privacy and encryption to stay and set up offices there. Which I kind of doubt given they are not exactly making money off use but from slurped metadata and a mass exodus of users to another would make that much, much less useful. Also it might become a political hot potato if the masses of current users are unhappy about all of this.
However it is kind of pointless move because it sends the message that businesses can't use secure encryption, only what is approved for state snooping on. Also I am sure we will simply see the rise of P2P apps that are all but impossible to block at a network level (e.g. use same ports as web browsing or other apps, no single IP range to central servers to block, etc).
Re: No central provider.
"way around E2E encryption should be compromising the physical endpoints"
This is very likely to be possible with any phone, including those featuring in the current criminal cases, given how crappy the software is. But it much simpler and cheaper to shoot the messenger, isn’t it?
Re: I love how
The judge is indeed asking that messages (for the "criminals") be recorded before encryption and handed to authorities. Well, not asking... ordering.
Is this on-going (i.e. a request to change it) or for an case on trial where they want stuff that it is too late to change?
And no, she is not trying to bypass parliament, as the law that allows her to demand such things already exists.
I think the point is this does not already exist for WhatsApp, and the system was designed that way to avoid criminals, spooks and nosy ISPs from listening in. In effect she is demanding that a change is made to back-door the system for surveillance purposes. The question is whether or not there is an existing law that applies to over-the-top suppliers like WhatsApp that mandates such access. Do they clearly fall under telecoms regulation, for example, where this is often that case, or not?
If not she is trying to make properly functioning encryption in software illegal by the back door of punishing a supplier for not having the ability to sneak in to its customers data, and not by parliament making that an explicit aspect of law.