"Is there any evidence to back up this libellous accusation?"
Libel requires a published false statement. "grsecurity is garbage" is a true statement though.
SELinux is the right answer.
320 posts • joined 28 Jan 2010
"Is there any evidence to back up this libellous accusation?"
Libel requires a published false statement. "grsecurity is garbage" is a true statement though.
SELinux is the right answer.
"...security moves into the network because the fncking security industry has done squat ..."
Cisco is a self-declared part of that security industry. And network security isn't new.
"All that hi tech hardware and it didn't work,yet if trailer had had $50 of bars welded to it,everybody would have been fine."
Right, $50 of bars will stop a 4000lb car going 74mph.
And going from 74mph to 0mph can't be described as "would have been fine". Airbags would have deployed, but there are going to be broken bones at minimum. It would destroy the trailer, and possibly the truck too.
"CAN bus is electrically very robust. Apparently you can short any one single conductor to ground, and the bus will continue to work perfectly well. The same cannot be said of Ethernet..."
I guess the bus in CAN bus is some sort of magically bus then? The CAN bus is not much different electrical from Ethernet thin-net, including the use of terminating transceivers on each end. And they both work about as well when the terminating transceivers are removed, or shorted to ground, which is not well at all.
However, today, you'd use an Ethernet switch, and switches can handle shorts on each conductors. This is really the big advantage of Ethernet over CAN bus. CAN bus is just a simple low bandwidth half-duplex bus.
"deferred revenue for the quarter – the cash it has in the pipeline"
Not exactly. They actually have the cash, but recognizing the cash as revenue means they have to deliver the service first. Typically deferred revenue is the result of yearly pre-payments. So if someone pays you $120/year for a service, you have $120 in cash at the beginning of the year. But you can only report $12/mo in revenue, and only as the service is actually provided.
Too much deferred revenue can be a problem, because it is a liability towards the customer. If the customer can wiggle out of the contract, or something happens that prevents the service from being delivered, the money can no longer be recognized as revenue, and has to be given back to the customer.
Deferred revenue may also indicate desperate pricing measures. LIke pay for one year, and get one year free. This is basically borrowing money from your customers. But you won't recognize any revenue in the second year, and you probably spent all of the cash you received to provide the services in the first year.
"It was the gaffer tape holding the bog together on a recent TUI flight that made me question the build quality of these crates."
Blame TUI? The cabin fittings aren't usually even provided by the airplane manufacturer. And even if they are, they are extensively customized to the requirements, and budget, of the customer. I suspect TUI used their entire budget up on the seats, and had to go as cheap as possible on the ancillaries, like toilets.
"But since the majority of Internet content is on IPv4, none of this reduces your dependencies on IPv4 addresses,."
Source? The top 10 sites definitely are, and that is most of the traffic.
"I think the reason SS7 hasn't been replaced is because once most of the critical mass is on some type of VOIP / VoLTE / Vo5G, it can start to be phased out. I don't follow enough to know if there's some sort "SSng" under development or that already exists to handle packet switched IP telephony ...""
Umm... so much misunderstanding. SS7 is used for call setup, routing, LNP and E911 application stuff. It is also used a query protocol as well. SS7 is an out-of-band protocol. So, it isn't carried on the same lines as those that carry voice. SS7 can handle call setup for any arbitrary "trunk". It doesn't are how calls are transported across the network. Also, SS7 is often carried as IP. SS7 over IP is called SIGTRAN. Its just SS7 packets stuck in IP packets.
There is a lot more security in SS7 than this article indicates. SS7 is used between competing companies. SS7 gateways are known as signalling transfer points (STPs), and they typically do a lot of screening of requests. Application requests are screened in various ways as well. Basically SS7 firewalls. I worked at a carrier and was involved in using SS7 to set requests to both application providers and other carriers.
"Dumb question, I know, but is this the same Google that is still unable to update Android?"
It is not their Android though. It is Sony's, LG's, or whoever names is on the front. Android is just an OS, that is everyone can use. While Google has been tightening up access, basically anyone can throw it onto a device, and sell that device. Why is Google now responsible for pushing updates to that device? Complain to your vendor about not making updates available for the device they sold you.
"More than the tech press, it looks it's Google that is using its hammer against competitors. Taking advantage it has far less customer-side code that can be analyzed - only Google has access to the code it runs on its servers."
Wrong. Google doesn't have access to the source for Edge. Some parts have been open-sourced, but not all of it. Google is finding these issues simply through fuzzing. Google has way more customer facing code than Microsoft. About 2 billion lines in total, and it is fair to say it is all customer facing, as all services are provided over the Internet.
Microsoft supposedly views Edge as strategic, but they can't fix a simple out of bounds bug in 90 days? What is their status page @ https://developer.microsoft.com/en-us/microsoft-edge/platform/status/ all about? Are security fixes not getting enough upvotes? BTW, the Edge status page code IS open sourced.
"Why do people insist on paying money to these jumped up little accountant practices full of junior low-paid prats that dream of one day being a partner?"
PwC has 223,000 employees, so small they are not. PwC is who you call when the need advice that is beyond question, but their bill will be beyond belief as well. In fact, typically when a gov't agency brings in a high powered consultant to investigate some fiasco, the consultants bill will be higher than the cost of the damages. But its the only way to be sure.
"> Classifying batteries based on hazards, and not chemistry type.
Well knock me over with a feather. A sensible way to write regulations so they don't become obsolete 3 months after taking effect."
Battery chemistry types do not change often. Materials science doesn't move that fast. Lithium-ion has been around for about 20 years. Lead-acid batteries have been around for over a 100 years. And the chemistry definitely affects the risks. Open cell lead acid batteries slowly release flammable hydrogen gas, but lithium ion batteries do not. Lithium-ion batteries can have thermal run away issues, especially if there are manufacturing defects. Who knows what the risks of new battery technologies are, unless they are specifically examined?
Two socket xeon systems never counted as high end systems though.
"My guess is: the flight control software is written by the 'B' team, because their best engineers are too busy trying to make us click ads."
Pretty much. Facebook hired Ascenta, a UK company, to build the this thing.
"...it means network administrators at telcos, internet service providers and businesses have one more source of streaming video for which to figure out peering arrangements..."
Not likely. Amazon already hosts a great deal of the Internet content via AWS, so their peering relationships are top notch. And providers are already oriented to support vast amouts of traffic off these peering locations. Amazon looks to have in excess of 1Tbps of peering. And that is just public peering capacity.
"USA does not have the European large public peering exchange points. A cosy telco oligopoly of private peerings exists instead."
The USA actually has many many more public exchange points than Europe. It is large area, so it needs a lot of exchange points.
"Some members of it have been actively sabotaging any attempts to have public peering points in the USA for years while trying to spread their stinky fud on this side of the ocean too."
The US has a lot of peering exchanges already. At least one per city. I'd like to some references to the "sabotage".
"Since you can connect "anything" to USB, you can also connect things you don't expect, like ethernet cards, mass storage devices or input devices. "
Actually, the attack as presented, doesn't need USB. The issue is that when connecting to a wired network (and most wireless networks), credentials are presented to the far end (and data is sent), before knowing what the far end is. You could create an ethernet based solution that does that the same type of collection. USB is more convenient, since development board exist, and USB provides power.
And inline ethernet device with pass through capability would be more damaging, as it could actually present a working network connection, while still collecting important data.
The US economy is still pretty soft. Dumping billions into an abstract asset like spectrum isn't that appealing. Plus, why bid the spectrum up against each other? There are only a few players with that many billions available to begin with. They probably set a ceiling on their bidding. I don't know if the FCC carved out smaller regional licenses that companies without billions could bid on. That typically generates interesting competition in smaller areas. Almost anyone can setup an LTE site these days.
These same operators are hoping that 60Ghz and 70/80Ghz, which are coming with 5G, will solve all their problems and be a lot cheaper. It is all near line of sight though, so the operators are going to need a shed load more sites. FCC has recently expanded the 60Ghz allocation for free use.
So just over 20 cabinets assuming 10kVA per cabinet? Or 40 cabinets at 5kVA per cabinet? 220kVA can't be right, given the floor space.
"It is a remarkable failure given the malware writers went as far as to pollute search engine results for the listed phone number by purchasing multiple domains and creating seemingly legitimate sites for PC help and malware removal, the pair note."
It is probably a lot easier to do all of the things you listed, than launch a new global call centre, train staff, and setup applications and payment gateways to take payments.
"The CEO gets jail time for fraud on these and their customers kept using them. Unfreakinglybelievable."
Iraq is basically a war zone. The police and army are filled green recruits who are so poor and desperate that would a highly dangerous job. For instance, in 2005, 4250 police officers were killed. Police work is a step up from starvation. Also, English is not an official language in Iraq. Given the situation, it is surprising that police units actually became aware that someone was jailed in the UK about selling fake detectors. It is very likely that the leaders have known for some time that the devices were fake, but let the police continue to use them.
In a suspected suicide bomber situation, the bomber might think they were discovered when the police start waving a bomb "detector" in their direction, and prematurely detonate the bomb. In that situation, the police officer is going to die whether the detector is fake or not.
So not so unbelievable.
"Backblaze managed to lose track of my encryption key. I had it in hand! They didn't recognize it. I therefore lost all my data. They didn't care and blamed me for their problem. So long. Good riddance."
I don't think you know what encryption is. If you lose the key, the data is not supposed to be recoverable. The Blackblaze client encrypts data before upload, so data is stored encrypted. Blackblaze did not "lose track of my encryption key", as they never had it. Nor should they. If everyone has the key, it can't be called encryption.
"1) Design and build new cruise missiles.
2) Design and build new nuclear warheads for the cruise missiles."
No comment on the sanity of nuclear cruise missiles, but...
The Royal Navy bought Tomahawk missiles in 1995, and all Navy subs are Tomahawk capable. And the Tomahawk could carry a nuclear warhead, though the US retired all nuclear Tomahawks in 2013 or earlier.
"One problem with your post - the video is most certainly available in Canada. Even the article you point to says that Google admitted to making a mistake.
Not that it detracts from the fact that here in Canada, cable companies really have WAY too much power, and too little product."
Or did Tech Dirt just make the entire thing up? None of the comments confirm that anyone but the author saw this issue. And the response from Google was from the same author.
UK magazine Hello! faked an entire interview with George Clooney, they made up quotes. And uses quotes from other sources with attribution.
Journalists are incentivized to fake stories.
There is a regulatory issue here as well. For example, Netflix does not want to locate servers in Canada, because they worry that would place them under the jurisdiction of the CRTC. But if an ISP requests a free OpenConnect appliance, Netflix transfers the ownership of the hardware to the respective ISP. The CRTC is more effective than most national regulators at enforcing the status quo of one telephone company and one cable company.
"Just very recently it was credibly reported that ..."
So you didn't read that on The Register then?
"While I agree with your sentiment, this is another convenient Canadian big-business myth. 90% of Canadians live within 50 miles of the US border, mostly in big conurbations. Edmonton is another 2-3%."
Metro Edmonton has a population density of 123 per square kilometer. For comparison, Vietnam is 276 per square kilometer. And that is a metro area of the 5th largest city in Canada versus the density of an entire country.
"Every single FTTH install (at least in multi-unit and older residential installs) that I have seen has only a single ONT and then goes to the Telus router/modem..."
You don't need to set the router to pass through. The Altactel ONT has multiple ethernet ports. You can just plug in direct. Or just remove the router. The router is just running a basic NAT configuration.
"Further, I have never heard of a multi-unit dwelling OR commercial building refusing access to a service provider that could guarantee bonding and/or licensing."
Have you ever asked? I've been told many time, "We have Shaw and Telus already, and we don't need another provider". And insurance and bonding are a given. $10M in liability insurance is the most trivial part about building a new fibre network.
"Funny, Telus seem to be putting these ridiculous Actiontech pieces of shit ..."
Actiontec doesn't make ONTs. These are just ethernet routers sitting in front of an Alcatel ONT. The Alcatel ONT has multiple ethernet ports, so you can attach things in parallel to the Actiontec, or just unplug it entire. The ONT is just configured as a L2 bridge. I've seen a lot of the Telus FTTH installs, and the I know the contractors who install and repair them. You don't need to even talk to Telus to do this.
"Telus, Shaw, Bell and Rogers had 20 years of virtually zero regulation and Canada went from a world leader in internet connectivity in the mid 90s to a pathetic joke."
The mid-1990s was the dialup era. I don't know anything in the 1990 Internet that could be considered leading edge at anything. How exactly was Canada at world leader at that time? I was building dialup sites throughout BC at the time, and it was garbage everywhere.
"Access to conduit, poles and the rest is NOT HARD TO GET in Canada."
Do you have any actual experience in what you are talking about? Because I do, and it is very hard. Every city has a different municipal access agreement (MAA), but some don't have one at all. There are no uniform standard for installation methods like micro trenching. And conduit? There is no conduit space left in the downtown areas of the major cities in Canada. Difficult downtown areas can reach $1000/meter in construction costs.
There needs to be uniform construction standards to allow new providers to build networks. Cities could also be encouraging development of new providers. A few are. In your province, you have Olds, for instance.
"This latter is important because the incumbent providers only offer truly appalling combo modem/WiFi units. These units have critical security flaws, are regularly updated/wiped by the provider, and increasingly no longer offer a "pass through" mode for you to hand an external IP to your own firewall/router."
Untrue? Telus FTTH installs all have a separate ONT and router device. The ONT has several ports to connect directly to, and is just a pure layer 2 device. The router can be disconnect or replaced with no consequence. I have a copy of the installation standards, so I know they are all the same.
"Pressure to drive change in the CRTC – and thus regulation of Canada's internet providers – is almost non-existent."
Increasing regulation is actively discouraging competition. The CRTC should get out of regulating the Internet altogether and stick to killing TV and radio. I've worked for years at a ISP as a Telus and Bell reseller and all of the regulatory victories you cite, had no impact at all. It is time to build new networks, so what is really needs to be regulated is access to poles, manholes, and conduit. There should be blanket way to license any conduit anywhere in the country. There should be uniform construction standards across the country, rather than city by city.
Plus, it is would be great if properties containing more than one unit were required to admit any service provider who had a service order from a resident. The biggest issue is getting access to buildings. And $100 per meter build costs, if you do.
But my all means, regulate the big four ISP even more. I'm sure the additional regulation will drop prices.
"But you can expect a company to make sure their employees are properly trained... give anyone who breaks the rules a bloody good bollocking rather than turning a blind eye"
And what if they do break the rules? I just watched an installation contractor climb around on neighboring roof, when I know they are prohibited from going on any roofs at all. But they also had a customer on the ground badgering them to get their line fixed. Anything that requires access to a roof, requires them to call for a bucket truck.
I'm surprised the installer (how is an installer an engineer in BT land?) didn't sue the property owner for having a defective roof. Supporting the weight of a single person for maintenance purposes is a design requirement for a roof. That is an obvious liability.
"Is it true, what some people say, that religious belief kills brain cells?"
Maybe not be so gullible? The quote was attributed to Mapp by Paxton, while both are under investigation for securities violations and both face large fines and other penalties?
Paxton is claiming he put no money into the company, and he received shares as a gift. The SEC claims the shares were an undisclosed payment to solicit other investors. Paxton is trying to claim that he had no idea what was going on at the company, and he just received a gift for supposedly godly reasons. The reality is, is he probably demanded the shares in exchange for sharing the exclusive investment opportunity with his circle of suckers.
"Look up TR-069".
TR-69 is a xDSL only. Cable modems don't do TR-069. But I think the original poster meant that he/she couldn't reflash his/her own modem as per the "normal" (for him/her) process.
The normal process is that ISPs should be updating their crap.
"My modem(motorolla) is not the model listed but am sure ia affected."
Unlikely. Arris and Motorola are bitter competitors in the cable modem market, so it is unlikely they share any code. And over the years, Arris has some weird ideas about security: Google "arris password of the day".
The issue with password of the day, is that some providers have not changed the seed. And even they have, the seed and the password of the day are too short.
"DNSSEC uses larger-than-normal DNS responses as a way of adding extra security"
The author may not understand logic (affirming the consequent). DNSSEC responses are signed, and a signed response is larger than an unsigned response. The signature is what adds the security, not the fact that the responses are bigger.
"...are European companies comfortable with housing their really important data on Amazon or Google servers? Are they truly compatible with EU data protection laws?"
Apparently they are comfortable with lots of hypocrisy. The UK intends to require ISPs keep records on every accessed internet site for 12 months. Oh, its protected by a court order and so it is fully compliant with EU law. Try doing that in the US.
And what about the German "outrage" two years when NSA was revealed to have spied on Merkel? German investigators haven't been able to prove that actually happened. But they have dug up evidence that the German BND spied on pretty much every country they could:
Why is there a widely held belief that US data protection is worse than EU, when evidence indicates it is the same or better? Euro-jealously perhaps?
"I'm wondering if Amazon has this..."
For at least the past 5 years, probably more. Another way to verify dynamic pricing, is to use the private browsing mode, and compare private browsing mode to your regular mode. In the past, Amazon would offer the best price to new customers, and somewhat worse pricing once you were a regular customer. Their dynamic pricing has probably gotten much more sophisticated since then.
"Just take lots of snapshots and pray"
So just like running actual on-site Exchange then?
"And without taking down whoever it is that uses AWS?"
If your app can't recover after a reboot, it shouldn't be running on AWS. Netflix famously designed Chaos Monkey, which picks a random instance and reboots its.
"Whatsapp should have cooperated as fully as possible intead of putting up a wall"
Why? When US courts tried to force MS to turn over data stored on servers in Ireland, the US was widely criticized for trying to extend US law to the EU. This is no different. Brazil is trying to enforce Brazilian law on companies in the US. It goes both ways.
And "cooperate as fully as possible" is definitely not the right approach, especially to an unenforceable order from another jurisdiction.
"It bothers me that so much of the Internet's basic infrastructure is hosted in a single country that hasn't really shown that its should be trusted with such things. "
Except neither of those things is true. Each root server is not a single server, but just a single IP. Those single IPs represent many, many servers. The article is simply wrong when it says that all but two are in the US. There are root servers on every continent.
"Safe harbour was always bollocks. It's a clash of cultures...."We will reap the profit for our shareholders vs. We pretend to care for our citizens". Same game and all bollocks; but I prefer the European version."
Unfortunately, the irony seems to be lost on Europeans. The NSA had willing partners throughout the EU that gave them data from Europe, so even data stored in Europe is still subject to NSA snooping. And the UK is about to make data collection, like the NSA was or is doing, mandatory for ISPs to perform and store for a year! Apparently, that is ok for Europe, because it is law and therefore legal. But for some reason, it is not ok for the NSA to do it by themselves in cooperation with intelligence agencies throughout the EU? But lets say, Facebook compiles with so-called European "data projection" laws, and moves all Europe data to Europe, won't the UK and German intelligence agencies still share their feeds with the NSA? So what exactly is cancelling the Safe Harbor agreement supposed to solve?
It does do one thing: it gives European Internet businesses a chance to compete against better US ones. The NSA won't care, as they get feeds from all over the EU anyways, so keeping Europe data in Europe is probably better than keeping it in the US, as ISPs in the US aren't required to keep connection records.
Except that the Cisco ASR1000 series are hardly "uber routers". I think the largest ASR 1000 can do 200Gbps, but the most common 1000s are 1 to 5Gbps. They are often used as CPE routers by telcos for enterprise services. Or as Internet edge routers by larger businesses.
And the reality is, that privilege escalation is not a big deal, on such routers, because the staff that have any sort of CLI access and those who have full privileges are usually the same. Companies with untrusted help desk staff may be an issue, but such staff are rarely given any sort of login.
"However, Nokia haven't, to my recollection, announced the OS they're going to be using on their new brand of mobiles......."
You don't need to wait. It'll be Android.
"And they use AWS, not in-house supers..."
Widely repeated, but wrong. Most Netflix content is served from Netflix's own hardware. It isn't clear what they use AWS for, but it isn't serving video.
"Don't know, I'll let you know, however I won't be using Google's data gathering services."
I'm sure the mandatory data gathering service that the gov't is forcing ISPs to assemble, will be more effective anyways. Google just wants to click on ads. The UK gov't wants to know if you are planing to blow something up.
"...I wish Netflix would piss off from Australia. Since they arrived it has caused nightmare congestion in the local backhaul."
Maybe call your crap ISP and complain? Backhaul is the cheapest thing to provision. Because turning a 1Gbps link into a 10Gbps link, or a 10Gbps link into 4 x 10Gbps links is not that expensive. And it has gotten a lot cheaper in the last 12 months.
"...I never knew if my wireless connection will still work after the next update, or not. At least on Linux."
Maybe you shouldn't be using a crap distro that puts out untested updates? Because I've never had a problem with Broadcom wired or wireless. For Ethernet NICs, your only choice these days is Intel or Broadcom.
Oh no, the Register let Trevor write about the Internet again.
"internet service providers are not going to build for peak traffic". And obviously this statement is false. I've worked at many ISPs, and they are designed for busy hour traffic. I'm not aware of a single ISP that doesn't. Residential ISPs using cable (DOCSIS) often do let their busy hour traffic go to 100%, but DOCSIS is not an appropriate technology for any business use, especially those using their connection for mission critical backups.
"Ultimately Cloud is marketing speak for renting someone else's datacentre. There are real computers with real storage. So who is supplying them?"
They buy from OEMs, typically in China. All built-to-order and built-to-spec. Google uses servers that most of Dell's market wouldn't even recognize as a server. Google uses top-of-rack and distribution switches that are also built-to-order, and are completely proprietary to their data center.
Basically, all distributors are walking dead. If the only part of the box you make, is the box itself, eventually customers get big enough to buy the parts from the same people you do, and get rid of the middle men.
Biting the hand that feeds IT © 1998–2017