It has to be be where the ancient Egyptians stored the grain. I heard it from a US politician, so it must be true!
610 posts • joined 17 May 2007
Re: Not as Unreasonable as It May Seem
Eh, there's plenty of out-and-out criminal content that Cloudflare is more than happy to serve and protect as well. They're notorious for shielding carder sites (they protected rescator.cc, the site where the information from the Home Depot hack some while back was sold) and malware sites, and they're quite content to do so.
Much as they like to say they're champions of "free speech" and they're interested in protecting odious but legal content and whatever whatever, they do seem to throw their chips behind content that is in no way legal under any circumstances, and the way I see it, that speaks volumes about their character.
Re: MS & security in the same breath?
"MS still manage fewer vulnerabilities than any enterprise alternatives though"
It's 2017, are there still people who think you can simply count the total of vulnerabilities and learn anything meaningful?
There are vulnerabilities and vulnerabilities. I'll take a dozen local DoS vulnerabilities over one remote code execution any day, kthx.
"we will clean-sheet our operating model..."
Yes, indeed you will. I think I've read that Dilbert strip.
Still going strong...
...in the movie theatre near where I live, whose POS systems and ticket self-serve kiosks all run Vista.
Well, I say "going strong." That's not really quite true. They both crash often, which is how I know they're running Vista.
An end-of-life operating system that connects to a credit card reader. What could possibly go wrong?
So does that mean...
...running a client on your computer that makes DNS queries and sending page lookups to random (legitimate) Web sites in the background will confuse the trail?
Re: Don't Just Blame Users
One of my banks has the same idiotic policy. Passwords are required to be exactly seven--no more and no fewer--numbers.
And it gets worse. Your username is always the last 8 digits of your debit card number. So if someone lifts your debit card, they know your username and exactly what format your password is.
This is a large Canadian bank.
I weep for humanity.
Re: No thanks
Doesn't matter if you need it, I reckon. What matters is it wants you.
Google will add your biological and ocular distinctiveness to its own. You will adapt to be served ads. Resistance is futile.
Wonder if Bluemix will still be as spam-friendly as Softlayer.
"The data that they were threatening to take from us was priceless, we couldn't go one day without it greatly impacting the team's future success. What we did know was that if we didn't get the files back, we would lose years' worth of work, millions of dollars. However, we can't be arsed to go to Costco and spend $40 on a backup drive, or even keep our files on a USB stick."
Re: On a related note . . .
I'm thinking Abominator-class offensive unit, because it works both ways: it describes what happens when the ship splits apart into a fleet and what happens to any hostile vessels encountered whilst doing so.
Re: law enforcement?
"If there was an open police case, then why were these guys still going about their business?"
One of them was a cop.
They had a pattern: The cop would drug women and film his friend raping them. Eventually, word would get back to the police force he worked for. He'd be quietly fired, and go to work somewhere else.
At one point in 2009, he was finally charged with rape. He was arrested, booked, and released on bail...during which time he committed additional rapes.
Re: The thing is…
I get about a dozen of those spam emails a day. And on those occasions where I've Googled the spammy SEO companies, I tend to notice that their companies don't appear on the first page of Google results.
It's a bit like those psychics who claim to tell the future but can't seem to tell what tomorrow's lottery numbers will be; if an SEO company can't get their own business on the first page of Google, why on earth would any rational person think they could do it for someone else?
$15,000/month for ineffective Google-fiddling?
Clearly I'm in the wrong business. I would offer them the same service with the same result for--let's see--um, half that much! Sure. Half that much. I can do fuckall for $7.5k/month, no problem.
Maybe large biz needs to invest in some educational posters. I'm thinking something like the "Loose Lips Sink Ships" propaganda posters from WWII, perhaps a bold color with a cartoon sketch of a USB drive with shark teeth over a witty slogan that rhymes, posted in hallways and employee break rooms.
I will leave the witty slogans to someone far cleverer than I.
Who serves whom?
"That enormous loss in trust between the American people and the intelligence services that serve them was in large part responsible for the creation of the new council."
Shouldn't that read "That enormous loss in trust between the American people and the intelligence services they serve"? Not that I'm suggesting the intelligence apparatus has anything at heart save what's best for the people; perish the very thought.
Math is math
One of the fundamental problems I see here is that the FBI, and many people who argue in favor of the FBI's case, don't really get that math is math. Math does not distinguish between bad guys and good guys. Math doesn't know about due process or judicial oversight. Math is math.
Encryption is math. If there's a way to break or circumvent an encryption system, that's math. Because math is math and knows nothing of good guys and bad guys, any system that allows bypassing or otherwise circumventing encryption is an equal-opportunity tool. (Do we assume that China doesn't have mathematicians? Russia? Organized crime?)
In the past, it has been possible, at least to some extent, to partition law enforcement abilities by making--to greater or lesser extent--the tools they use available only to the "right" people. You can't do that with math. Math is just...math.
Re: Bullet proof
Yep, CloudFlare is definitely the bulletproof service provider of choice for large-scale ROKSO spammers, malware distributors, and Eastern European organized crime.
I track all the spam I get. Right now, I'm receiving an average of 37 spam messages a day that evade my spam filters, 31 (about 84%) of which Spamvertised domains protected by Cloudflare. Cloudflare does nothing at all about spam or malware domains--their "security head" has told me on Twitter point-blank they don't care, so piss off--and phish and malware sites served by Cloudflare tend to remain active on Cloudflare's network forever.
I'm not sure how folks who started out as spam fighters ended up in the pockets of spammers, but it's a sad thing.
Re: Why are they suing AT&T?
Immersion has a patent on "sending control information for a haptic system over a network," IIRC.
I stumbled across Immersion while Iwas doing a patent search for a haptic system not related to cell phones or video games.
They (or rather, he--the patents seem to originate from one person) file for zillions of patents, all nearly identical to one another, on "technologies" that seem blindingly obvious. One of them gets invalidated? Fifteen get invalidated? No problem, there's a thousand more behind them!
A patent for a haptic interface involving a video game controller containing a motor with a counterweight to create vibration. A patent for a haptic interface involving a video game controller containing two motors with counterweights to create vibration. A patent for a haptic interface involving a video game controller containing two motors with counterweights to create vibration, wherein said motors can be controlled separately. A patent for a haptic interface involving a video game controller containing two motors with counterweights to create vibration, wherein said motors can be controlled separately and are oriented differently. A patent for a haptic interface involving a video game controller containing two motors with counterweights to create vibration, wherein said motors are controlled by a single controller. You get the idea.
These guys are (this guy is?) the McDonald's of patent trolls, mass-producing zillions of low-quality patents on an assembly line basis to keep a constant flow of lawsuits in the pipeline. I keep waiting to see their logo changed to a giant stylized M with the slogan "Over 42 billion sued!"
Re: So now flying a kite...
There are situations in which flying a kite can indeed get you in hot water with the FAA; I went to school with a fellow who landed in trouble when he flew a kite about a quarter mile from the runway of a local airport.
The specific situation of being that close to an airport aside, yes, the FAA thinks it can, and occasionally does, get testy about kite-flying.
A design patent isn't the same animal as a utility patent. A design patent is only a patent on the exact look of something, and it has to be on a look with no practical utility to the underlying thing.
Which makes me believe that had Corel put the + and - widgets at the end of the slider inside squares rather than circles, or made the design of the slider bit look different, they wouldn't have this mess.
Not that the patent is anything but bonkers, but still.
It's 2015, and there are still far too many hardware manufacturers that naively trust anything that can be plugged in, read from, or sent to their devices. We live in a world where all developers from the low-level device I/O guys to the top-level app developers need to assume that someone somewhere at some point try to send malicious data to them, and code appropriately.
It's a bad bad world out there. Assume malicious intent from any data you receive.
"I am not aware of any wrong doing on my part."
That's a suspiciously specific statement. I am not aware of any wrong doing on my part, but I'm aware of massive wrongdoing on other people's parts at my behest?
My God, that's a thing of beauty
I could stare at it for hours. Chip design may be a science, but the result sure looks like art.
Dunno about masturbation, but I did get one of these and an Arduino with a Bluetooth and a motor control shield, wrote some software for my laptop, connected the Arduino to a vibrator, and made a gesture controlled sex toy. It's kind of fun, winding up a girlfriend just by gesture, though in fairness I doubt it will ever be a killer app.
Re: Looks like the Thieves Support Assocation is going to get some competition.
I will confess, my first thought was "Oh, look! Now when TSA steals my stuff, they'll have an excuse. 'It wasn't us! It must have been an evil 3D printer owner who made a copy of our key.'"
I've never been particularly worried about some Random Evildoer(tm) stealing my stuff at an airport, to be honest. I've always been far more concerned about TSA staff doing that. And now, TSA staff have greater plausible deniability.
"We've asked Microsoft to explain the thinking behind its WPBT feature."
Objection, Your Honor. Assumes facts not in evidence. Are you sure "thinking" was what the people who came up with this 'feature' were doing?
They already do this with cars. An old friend of mine who's a firefighter has plenty of stories about people who park their cars in front of fire hydrants. Firefighters will ram them out of the way with their trucks (or, in one case where she responded to a fire and there was no way to clear a BMW from in front of a hydrant) simply smash the windows and run the hoses right through the car.
Re: I'd like to see an option
Chrome's Red Screen pages have an Advanced -> Continue to this page anyway link at the bottom.
Re: Year 7 = 11 years old
11 years old was when I got my first computer, a Radio Shack TRS-80 Model I (that ought to date me!). It didn't take long before I was tearing it apart and soldering new ICs to it--back in those days, if oyu got a computer, as often as not the schematics and PCB layout came with it.
I reckon at least some 11-year-olds will have an absolute blast with this. I know I would have. Hell, I probably still could! Where can I get one?
Well, this bodes ill...
...for the upcoming Internet of Things, which ought to provide some novel and exciting attack surfaces if IoT makers care as much about security as router makers do.
Re: Based on an El Reg comment post earlier this week...
Maximum Overdrive! There's a stinker of a film and no mistake. I saw it in the theaters with some friends of mine, and we were absolutely rolling with laughter, until about midway through when we realized that (a) nobody else was laughing and (b) the actors all seemed deadly earnest. I recall looking at my friend Henry and saying "this movie isn't a parody, is it?" and he shook his head and said "no, I don't think it's supposed to be funny."
A company finally sees the light on DRM?
Hooray! That's one down...now, how many more to go?
Re: The hacker spirit...
I definitely get the appeal of the hacker spirit, but I don't think it's dead, I just think it's gone in another direction.
Adding RAM to your computer hardly qualifies you as a "hacker" any more. I mean, hell, my mother added more RAM to her computer last year and she's 74 years old and the farthest thing from a hacker it's possible to be, fer Chrissakes! The days when computers were so ultramodern and new that a person who could put in another battery or swap a hard drive was qualified to call himself a "hacker" are long gone.
I'm typing this on a Macbook Pro. Is my hacker spirit dead? Naah, it just has another outlet--I don't hack this laptop, I do my hacking on the Arduino Uno and the DF Robotics Beetle board it's connected to.
Cycbot and Zbot are both executables, not malware that hide inside doc files. It seems likely that if there's an .exe sitting in a specific subdirectory on an external drive, it's because someone put it there, not because it copied itself there from an infected computer or hitched along with a Word file.
Firm to users: You're tightening it wrong!
Well, no, we don't believe we know everything. That's kind of the point. If we believed we knew everything, we wouldn't be launching satellites to make observations and see how well those observations line up with what we think we know.
The universe is a vast and tricksy place, and our intuition evolved to make sense of only a small sliver of it. The universe is in no hurry to reveal its secrets and in any event is under no observation to conform to our expectations. Hence, science, which is always observing, making predictions, and asking questions.
Re: There is plenty of both.... we just have to get over the..
"Instead of sending it through the sewer system into the lakes and rivers, it needs to get sprayed on the fields along with the animal manure. Rain runoff can be minimized by proper tilling of the land with an eye to the direction of the furrows.
Voila, ALL the NATURAL ORGANIC fertilizer one could ever want and Dupont and Monsanto (or other chemical companies) aren't involved. No anhydrous ammonia, no phosphate mining."
Mammals do not fix nitrogen. We just don't. Not pigs, not cows, not humans.
All the nitrogen in our poo comes from nitrogen in our diet. We do not fix nitrogen. We just pass it along through our digestive tracts. Animal manure, human or otherwise, is not a SOURCE of nitrogen, it's a CARRIER of nitrogen.
We, like cows and pigs and any other mammals, have nitrogen in our waste from the nitrogen we ingest in our food that has been fixed somewhere else. That "somewhere else" is either chemical fertilizer or from rhizomes, filamentous bacteria, or to a lesser extent some other bacteria.
I've read at least one report that states the total amount of crop-available biological nitrogen fixation on earth does not meet the total amount of nitrogen we need to grow food for the entire population. That leaves chemical fertilizers.
If we apply chemical fertilizers to plants that are grown for animal consumption, then feed those plants to the animals and use the animal's poo to grow other crops, we've done what one bloke I know calls "nitrogen laundering"--but I trust you can understand why getting your nitrogen to grow animal feed from animal poo doesn't actually work, given that animals do not actually fix nitrogen.
Re: They're suing the wrong company
Yours is the first cogent description of the problem I've actually seen. I keep hearing about how "Apple wiped out non-iTunes music!!!111!1!" but I've had an iPod for quite some time and have never experienced this issue. I've never downloaded music from RealNetworks, either.
"Nothing stands out as a red flag and it’s difficult to detect because no footprints are left behind," said the company.
Shirley the draft emails themselves count as 'footprints,' no?
"The US transaction market has always seemed pretty "quaint" to much of the rest of the world."
Yeah. One of my girlfriends lives in Canada, and I feel like a barbarian when I visit her and pay for anything with my debit card. There's always this awkward moment when the cashier looks for the chip, then looks at me like "what is this primitive stone-knives-and-bearskins payment technology you've provided me with? How does this archaic thing even work, anyway?"
"Pick the least evil one?"
Given the difficulty in gauging the relative evil of, say, Apple vs. Walmart vs. Google vs. any of the other players, I'd rather say "pick the more secure one."
Given that both Apple and Google system involve exchanging a single-use token that's necessary for the retailer to hook the cash out of my bank account, whereas (as I understand it, anyway) the CurrentC scheme allows the retailer direct access to my bank account, I know which of the two I prefer...
"I'm proud of the fact that I made $250bn under my watch as CEO," says Ballmer, neglecting to add that under someone--anyone--else as CEO, Microsoft might have made rather a lot more.
Another benefit of Cloudflare is your IP address is obfuscated from spam trackers. That, plus Cloudflare's rather...relaxed attitudes toward spam and malware, make Cloudflare the content delivery platform of choice for really aggressive hardcore spammers and malware distributors.
I keep track of who's hosting/serving the spamvertised domains in all the spam I receive. Right now, Cloudflare's serving a bit over a third of the domains for all the spam landing on my spamtrap addresses.
Re: continuing the trend
That was my impression, too. It's like Hypercard, only juiced with cloudy Web 2.0 goodness. Whee!
Re: 10 years
Despite the naysayers, fusion power has made considerable progress. It hasn't progressed as fast as we would like, but sometimes new technology works that way.
For example, Lawrence Livermore and MIT have both produced fusion reactions that net more energy output than energy input. They don't do it for long, but they do do it, which shows it is possible.
I for one would like to see more research put into fusion power. If and when it can be made to work, it's a civilization-wide game-changer. A lot of political, social, economic, and resource problems turn out to be power problems, when you have copious amounts of cheap power. (For instance, much of the developing world, and more recently the developed world, struggles with water shortages; cheap and plentiful power make desalination easy.)
It pains me that we as a species spend more money on spectator sports every year than we do on something that can profoundly change human civilization for the better.
The NSA worked with "specific US commercial entities to modify US manufacturer encryption systems to make them exploitable for SIGINT". And yet, strangely, they didn't see how that might blow up in their faces.
The NSA is tasked both with protecting US network infrastructure and also penetrating and gathering intelligence from networks. Those two goals seem contradictory to me. I guess we've found out which of the two had the higher priority...
If someone ten years ago had written this into the plot of a sci-fi novel, I'd have thought it was too implausible. Live and learn.
Re: Encryption and the Bad Guys
When the police say encryption makes it impossible for them to catch the bad guys, I read that as a stark admission of failure on their part. Essentially, they're saying the can't actually figure out how to catch criminals without the crims' help. Normal investigatory processes are useless; they can't catch bad guys unless they use stuff the bad guys themselves have written about their crimes.
Re: Laboratory Street
"This lab test is brought to you by the words 'Apple' and 'Dollar', and by a very large number indeed."
You might want to do some research.
Consumers Union, the outfit behind Consumer Reports, refuses to accept money from any maker of any of the products they test. They will not even accept test samples from manufacturers--they buy everything they test retail. The magazine itself contains no advertising. They have shown themselves willing to go up against car manufacturers, pharmaceutical companies, and other wealthy, entrenched interests.
Complain about the test methodology if you like. Criticize the test apparatus if you like. But saying Apple bought them off just makes you look profoundly ignorant.