Why doesn't Google turn off HTTP?
err, maybe because they would need twice as much CPU power to support their users, who pay (approximately) nothing for this service? If you want secure email, don't use 'free' mail providers - simple, as.
Posts by Chris Miller
3550 publicly visible posts • joined 6 Apr 2007
Page:
Google silences Gmail security blogorumors
NASA orbiter reveals buried Martian glaciers
Government still losing at least a computer a week
Friday 21st November 2008 12:05 GMT
Hardly surprising
If the number is accurate, it sounds surprisingly (and creditably) low to me.
It would be interesting to know how many laptops are in the hands of gov departments (and their contractors) - I'm sure it must be thousands. Anyone who is responsible for more than a hundred laptops knows that 'shrinkage' is inevitable - whether though stupidity, negligence or targeted theft. If you need to use portable devices, occasional losses are the cost of doing business, you can (and should) minimise the risk, but you can't eliminate it completely.
The best solution is to ensure that no data is held locally (<cough>Citrix</cough>) or, failing that, strong encryption (preferably not involving a password stuck underneath the device). The 'unloseable' portable device has never existed and will never exist.
US Army bans USB devices to contain worm
Employees sue for unpaid Windows Vista overtime
Thursday 20th November 2008 15:19 GMT 
15 minutes?
If it's really taking 15 minutes to start Vista (and not just some lawyer's mad overestimate), my money would be on the use of roaming profiles being loaded from a central server over a low-speed WAN link. Nothing to do with Vista, which should add no more than a few seconds to a boot sequence compared with XP (based on sensibly-configured. identical hardware).
As usual, just clueless BOFHs blaming the OS - either install a local domain controller or get a modern WAN link.
As pointed out above, hibernation would reduce start up time to a few seconds, but (guessing again) I expect the PCs in question are shared between multiple users (hence roaming profiles).
Scientists ponder mysterious source of cosmic rays
Linux weaktops poised for death by smartphone
Tuesday 18th November 2008 01:58 GMT
Meanwhile, back in the real world
90% (99% ?) of corporate travellers (a not insignificant segment of the laptop marketplace) need: Office*, a web browser and 1 or 2 key applications (Siebel/SAP/take your pick). The obvious way to provide this is via a Citrix* client running on a thin laptop. No setup, no local storage, so when (NB not if) it is left on a train, nothing is lost except the cost of a replacement.
This is not a solution for developers or graphics designers, but it will work for the vast majority of businesses. It won't play GTA or movies on a trans-atlantic flight, so you can either work or get some shuteye!
* Other products are available, but (in the real world) no-one uses them.
Gov to Manchester: No new trams without road pricing
Monday 17th November 2008 13:41 GMT 
Gordon needs you!
(Or, at least, your money.) This is purely about revenue-raising.
If we were really serious about reducing congestion, we'd be investing in better public transport (more tramways like Manchester's might be a good place to start). There's no point (except to raise money - see above) in charging people for car journeys when there's no realistic alternative. When I'm stuck in a jam on the motorway, it isn't because I want to be there, it's because I've considered the use of public transport and decided that the car is the least worst option.
Unhappy people watch more telly
Mobe number middleman turns old sims into gold
Nokia Siemens Networks in 'synergy-related headcount restructuring'
Wednesday 12th November 2008 19:59 GMT
Masters of Bullshit Articulation
Synergy (noun - from the Greek syn-ergo, συνεργός, 'working together') the working together of two things to produce an effect greater than the sum of their individual effects.
How can sacking employees be said to be 'synergy-related', unless the ones that are gone are somehow going to continue working for nothing? What's wrong with an honest approach of: "Sorry, but times are tough, and some of you are going to have to leave or the business will not survive"?
Farmers demand 'special' climate deal for flatulent cattle
Mankind to detect alien life 'by 2025'
IBM chief talks change, and a little politics
Wi-Fi phobes hijack disability legislation
BBC has newsgasm over Obama's dog
Apple opens Macbook front in iPhone jailbreak war
Boffins: global warming kills lemmings, not suicide
Astronaut space dump pong-bomb frag shower today
Tuesday 4th November 2008 09:15 GMT 
@Evil Graham - It's worse than that, Jim
NASA's calculator is only accurate for objects falling vertically, so if you lifted a Prius up to (say) 100,000 feet in a balloon and then dropped it, it would indeed reach a terminal velocity (the speed at which air resistance balances weight) of 1,300mph. But our pong-bomb will reach the upper atmosphere with an (almost) horizontal component of orbital speed - say 17,500mph.
My powers are too weak to calculate whether air resistance will have time (free fall to earth in a vacuum from 100,000 feet is about 80 seconds - reentry times are typically around a couple of minutes) to scrub off all this horizontal speed, but I observe that meteors (which admittedly reach the atmosphere with 2-3x greater speed) don't land vertically.
Illegal pharmaceutical ads infiltrate gov, edu sites (again)
Tuesday 4th November 2008 09:11 GMT 
@Kerberos
"It's the idiots that actually buy from these scammers that are largely to blame."
Indeed. The trouble is that it only takes a response rate of 0.01% or so to make the spam (highly) profitable. If you know of a human society where the moron rate is << 0.01% (or < 1% for that matter), I'd love to relocate there.
Top aero boffin: Green planes will be noisy planes
Sunday 2nd November 2008 06:33 GMT 
Noise or CO2
No, Boris, noise pollution is NOT pollution just like any other. Noise pollution is purely local, whereas CO2 emission affects the entire planet (if you believe in that sort of thing). Let me put this as simply as I can: if you find aircraft noise disturbing, DON'T BUY A HOUSE NEAR AN AIRPORT. Especially don't buy a house near an airport and then campaign to have the airport closed. And don't tell me that the number of flights has increased since the 80s - true, but the noise emitted by aircraft has reduced.
Lewis, please keep up the good fight, though you'll never convince those that do not want to listen (or to understand).
London consumers trounce corporates in wireless security
Tuesday 28th October 2008 10:43 GMT
We need a 'banging head against wall' icon
First, WEP vs WPA - this may well be because there are more 'older' systems in London than in Paris. While it's true that WEP is broken, from a personal point of view, why would anyone (who simply wants free Internet access) bother with cracking WEP, when there's almost certainly a completely unprotected network 200m down the road?
The corporate networks have no excuse. I've been involved in providing advice to a city-based outfit whose US head office wanted to set up open WiFi network 9with an air gap to the corporate network and its own ADSL). The argument was that visitors from the States could logon to the head office network using a secure VPN. They were already doing this at head office, with no problems.
I pointed out that their head office was on a 30-acre campus in wooded New England with very little in the way of passing traffic - the new network was in the heart of the City. It only needs one bad guy (or an aggrieved ex-employee) to download some paedo material or send an email to OBL and they would have the cops breaking down their door demanding to see their logs - and unlikely to be very picky when it came to distinguishing between the 'separate' open WiFi network.
One final thought - maybe these unprotected networks are coming from unauthorised WAPs (or even misconfigured laptops). That's still no excuse - the internal security bods should be conducting regular scans to find any such holes.
MoD's London brass resist job cuts
Watchdog snarls at Commando Krav Maga
Interpol proposes world face-recognition database
Monday 20th October 2008 15:39 GMT
And even if it did work
Let's pretend they could get this to work with a false positive rate of only 1% (pure science fiction, even assuming someone has a recent high quality snap of O-bin-L). Then Heathrow, with 68 million passengers a year, will result in 2,000 innocent folk being pulled over for intimate body cavity investigation/redeployment to Gitmo every DAY.
Brilliant! Where do they get these security clowns from?
Holy f**k, Microsoft covers up ‘undesired’ words
Hoon: Not building überdatabase would be terrorist licence to kill
Italy, Poland threaten veto on EU green package
Thursday 16th October 2008 16:38 GMT
But surely ...
... the economic downturn (mustn't use the r-word) and huge increases in energy prices (even if they've dropped back down a bit in recent weeks) will combine to reduce our CO2 emissions without any need for government junkets to Singapore/Kyoto/Bali? Or is it perhaps the case that the proposed cuts in UK emissions are roughly equivalent to China delaying the opening of their next coal-fired power station by a couple of months??
I only ask because I want to know ...
Messenger delivers more Mercury postcards
Wednesday 8th October 2008 13:34 GMT
No melting
Surface temperatures vary between 90-700 K - hot enough to melt some soft metals, but nowhere near enough to melt rock. Mercury was thought to be tidally locked to the Sun (as the moon is to the Earth), but we now know that it is actually in a ratio of 3:2, so a solar day on Mercury lasts for two local years (2 x 88 days).
http://en.wikipedia.org/wiki/Mercury_(planet)
No mile-high pr0n for Delta passengers
Tuesday 7th October 2008 12:38 GMT
Not impossible
It's actually quite easy to block ALL encrypted traffic, it's just a question of how much this may reduce your revenue (I'm assuming this is a chargeable service, except maybe in premium class seats). Put simply, it's their network, so their rules apply. If you don't like the rules, go fly with someone else!
Porn sites are frequently contaminated with malware - the thought of some bad stuff getting loose on an airliner is rather worrying. I hope that there's a big fat air gap between the IFE and flight control systems, but my experience doesn't fill me with confidence.
Ecommerce standard tightens up wireless security
World's electrical grids open to attack
IBM raises standards bar, bitchslaps Microsoft
LHC downed until after Xmas - Boo
Data centers embrace The Great Outdoors
Tuesday 23rd September 2008 12:43 GMT
True story
A few years back, I was called out to a data centre in the former-DDR. Servers were tripping out 'over temperature', but the air-con seemed to be working perfectly. On arrival I found all the windows open to the chilly outside air - unsurprisingly the thermostats were inhibiting the air-con.
I asked one of the local operators, who was seated beneath a large 'Nicht Rauchen' sign, why the windows were open. "So that when we smoke, it doesn't set the fire alarms off", he replied.
UK.gov IDs identity vendors
Monday 22nd September 2008 14:53 GMT
When will they ever learn?
Rule of thumb - no IT project should ever cost more than 7 figures or take longer than 18 months, otherwise it'll never happen (or, even worse, will be obsolete by the time it's implemented). If you're faced with a larger project, break it up into smaller ones to meet the above criteria.
If you insist on a multi-billion pound project and you advertise for outsourcers capable of taking it on, don't be surprised if you end up with the usual suspects.
Did the width move for you, darling?
Microsoft will show world+dog how to write secure code
Wednesday 17th September 2008 08:39 GMT
Now we've all had a good laugh
Microsoft are, by any measure, one of the largest software development operations in the world. Their development effort, for its size, produces significantly fewer new vulnerabilities than most of their competitors (whether open or closed source).
If all developers could achieve the level of secure development currently demonstrated by Microsoft, we'd have a lot fewer web sites with gaping XSS and SQL injection vulnerabilities. It's not as though sanitization of input strings is a particularly new or difficult technique, but it's obvious that it's still not widely practised.
Secure development is not that difficult:
IF you write all your own code yourself;
AND you know what you're doing;
AND you have access to some fairly sophisticated testing tools;
AND you know how to use them.
But once you're looking at a team of 100 developers, the security of the systems produced is likely to be only as strong as that of the weakest (from a security standpoint) member of your team. Production of secure code is only possible with a strong, secure development process and very good QA. If Microsoft can assist in making this combination more common, good for them.
Revealed: How the Beano de-menaced Dennis
Monday 15th September 2008 15:35 GMT
@Marvin the Martian
You may be confusing the (US) Herald-Tribune cartoon with the (UK) Beano version. Astonishingly, both started independently within 3 days of each other in 1951, and both have given rise to TV spin-offs.
I've never found the H-T version very funny, but I attributed this to my lack of a US sense of 'humor' - for all I know it has them rolling in the aisles in Peoria ...
Royal Society: Schools should show creationism 'respect'
Friday 12th September 2008 11:36 GMT
Where does this end?
I demand equal rights for Pastafarianism! Should we be teaching Scientology or Jedi* studies in RE? If we mention the history of the moon landings, must we also say that of course there are a large number of web sites that claim they were all faked?
* As reported in the last census, there are more folks claiming followers of The Force than Creationists in the UK.
Press proves immune to FBI's anthrax corrective
'UK's Chernobyl' spam spreads Trojan
Thursday 11th September 2008 17:59 GMT
Why Canada?
I got one of these this morning (swiftly deleted). I wondered why Canada would be contaminated by an exploding 'UK' power plant outside London (leaving aside the obvious fact that any such explosion would be making rather large headlines).
My guess is that the original spam referred to London, Ontario - although AFAIK the nearest nuke plant (Pickering) is about 80 miles from there.
Don't the spam-merchants do any research?
Apple agrees to pay itself $14m
Thursday 11th September 2008 10:31 GMT
Let me see if I understand
I can buy liability insurance against making fraudulent financial transactions? So, if I put in my tax return that I earned only £1,000 last year and the authorities find out, the fine will be paid by the insurer?? What if I get caught holding up a bank, will they send someone else to do the time for me???
Where do I sign????
Report: IRS networks riddled with vulns, rogue servers
Friday 5th September 2008 09:32 GMT
Calm down, calm down!
If you read the title of the report - it's not so clear from the Reg article :( - the investigation was into *internal* (intranet) web servers, they're not connected to the Internet. This includes many desktops with port 80 active in error. So, weak security (lack of configuration control) - certainly; bad practice (policies and procedures not being followed) - definitely; open season for hackers - err, probably not.
Move along folks, nothing to see here ..
Ice in fuel caused Heathrow 777 crash
Friday 5th September 2008 09:28 GMT
RTFR
"Following the accident, 66 fuel samples were taken from the aircraft and the engines. A number of these samples were tested and critical properties such as the freezing point, density, flash point, viscosity, contamination, fuel additives and presence of water were tested against DEF STAN 91‑91 and ASTM D1655 requirements. The fuel samples complied fully with the fuel specifications for Jet A‑1. Additional tests were carried out to detect any unusual components that would not normally be found in aviation turbine fuels. No evidence of contamination was found."
If you choose to ignore all the evidence and persist in concocting implausible conspiracies, surely there are some wiki pages you could be editing?
Biting the hand that feeds IT
