At one place I worked, Outlook was referred to as "Lookout" by some in IT.
It's known as "Outhouse", around here.
945 posts • joined 20 Mar 2011
At one place I worked, Outlook was referred to as "Lookout" by some in IT.
It's known as "Outhouse", around here.
... SMS where the thief can move the sim card to another phone to receive the 2FA code.
Unless, of course, the SIM card is PIN-locked ... which is probably a good idea in any case.
... between enabling verification of SHA-1 hashes and supporting generation of new ones.
The argument, I guess, is that SHA-1 is so insecure, now, that even old SHA-1 hashes, computed back when SHA-1 was considered safe, can not be relied upon; that allowing people to check the validity of a SHA-1 hash might tempt them to assume that the hash still means something.
That's a good argument for encouraging people to treat anything signed using SHA-1 with a pinch of salt, but it's not an argument for preventing them from checking the hash at all. SHA-1 collisions can now be engineered, but they still can't be engineered easily -- a hash has to be protecting something of appreciable value before it becomes worth anyone's effort to look for a collision.
However, blockchain applications such as those used by Etherium -- in which the entire value of the chain depends on its validity back to the first transaction being verifiable -- are among the applications most at risk. If you can fake a signature early in the chain that used a weak hash then you can cast doubt on the entire history of the chain and everything it is supposed to secure. I can see why people are concerned.
Proly because the Judge Dredd ones weren't massive hits....
The more recent one -- with Karl Urban and Olivia Thirlby -- deserved to be ... apart from being scarily reminiscent of a shopping trip the local Arndale centre on an Saturday afternoon ...
Someone explain why there isn't a blockbuster movie?
Maybe because the government is still trying to pretend that Milton Keynes isn't a mutant ghetto?
Hmm ... The Johnny Alpha icon doesn't look quite right to me ...
Don't say LibreOffice. It looks like a 1998 shareware application.
You say that like it's a bad thing!
Microsoft used to publish some guidelines on application GUI development that encouraged the use of common GUI designs and metaphors in an attempt to achieve consistency across all applications on their platform in the interests of ease of use. Because of this the better shareware applications back in 1998 had very similar look and feel to Microsoft's own applications.
Along with that came helpful features like, for example, the F1 key bringing up context-sensitive help from any part of any application. I miss that.
I really don't hold with this strange notion that an application's GUI should look "modern". What's important is that it should work well and enable the user to be productive. The appearance is secondary. An awful lot of time is wasted in our industry changing UIs for cosmetic reasons that bring absolutely no benefit other than making this year's version of the software immediately distinguishable from last year's. If only that effort could be spent on making the applications more useful, less buggy, and more secure!
I have the same phone, none of the same problems with battery.
I'd be rather weary to extrapolate a sample size of 1 of a particular model to the whole manufacturer's portfolio.
I did find some discussion online between other users who were experiencing the same problem with the Z1 Compact, so the sample size was at least a little more than 1. There was some disagreement as to whether simply replacing the battery would fix the problem, but it worked for me.
However, my intention was not so much to grumble about this problem with this particular phone, as to point out that it is a real pain in the proverbials not to be able to change the battery when it needs to be done.
I do understand that waterproofing an IP68 phone isn't trivial, but other manufacturers have managed it so it's not exactly rocket science. (See the Samsung Xcover for example (link to gsmarena).)
I have a Sony Xperia Z1 Compact. Nice phone.
It runs Android 5 (Lollipop). I'd had it a little over a year (the phone had been out for nearly two years by then) when Android 6 (Marshmallow) was released, but the Z1 series didn't get the upgrade. The latest kernel is dated November 2015.
OK, I understand that a manufacturer can't support old hardware for ever, but a less-than-two-years-old phone is not "old" hardware. I had expected I'd get to at least Android 6 and hoped to get to 7 before updates stopped. Bad Sony.
When the phone was a little over two years old it developed the nasty habit of suddenly claiming that the battery had reached 0% charge, when a moment or two before it had been at around 50%. The battery is sealed in, so hard to replace -- it also turned out to be quite hard to source.
I managed to get a battery which was said to be new (with "zero charge cycles") but may not have been. I had to heat the back of the phone to soften the glue and prise it open to put the new battery in. This, of course, wrecked the waterproofing, which had been one of my reasons for buying the Sony in the first place (I walk a lot, and sometimes it rains). Nonetheless I carried on using the phone with its old OS until the replacement battery started to display the same sudden discharge behaviour*.
I'd love to buy another Xperia phone, but I won't do so until they make the battery officially user-replaceable, and give some commitment to supporting Android updates for at least (say) three years from the release of the phone. Oh, I'd like it to be dual-SIM, too ... is that too much to ask?
* I suspect that the battery isn't really dropping from 50% to 0% in a couple of seconds, but that the battery monitoring circuit in the phone is uselessly optimistic until the voltage drops a little under load (because the user has, say, turned the screen on) and then it panics and turns the phone off. Maybe later Xperias have fixed this?
If that's the case then it is somewhat analogous to a locksmith demonstrating the ability to come round to your house and pick the front door lock.
A better analogy might be a locksmith demonstrating that he can open all the internal doors in your house when what's important is that he can't open the front door from the outside.
Of course, if you let him in he has the run of the place.
If you just work on the assumption that all media are vulnerable, then encrypt with known-good encryption (not RC5 or TKIP, and yes you MUST keep up to date with what's safe!), it really doesn't matter what happens or who can send you packets.
Up to a point, Lord Copper.
The new study seems to be attacking the key set-up using some sort of man-in-the-middle approach reusing nonces, so it looks very much as though it does depend precisely on the problem of knowing (or not knowing) who is sending you packets.
We shall have to wait and see ...
Microsoft claimed the exploitation of this bug was "unlikely" in the wild.
Mostly because S/MIME is an essentially dead protocol, that only a handful of people have ever bothered with....
S/MIME isn't dead. It's the standard protocol to use when encrypting internet mail within a PKI. The other common mail encryption protocol is PGP, but that isn't used within a PKI. If S/MIME is not much used it's because most people don't actually bother to encrypt their mail.
I would think that Microsoft regard exploitation of this bug as "unlikely" because they don't think anyone sends mail in plain text, nowadays.
I do not understand why it is not possible to remove bezels completely ?
I can see some attraction in the idea of a screen with no bezel ...
... but when it is a touch screen on a mobile device, I find myself wondering how the hell one picks the damn thing up without causing input.
Surely the bezel is there to give you somewhere safe to hold it?
I can't think of an intransitive use of the verb "display".
Methinks I have heard it said that some species of wildlife are known to display (intransitive) in order to attract a mate.
Google are wanting people to say 'Search on Google' rather than to google or googling because if to google becomes a verb in common use they can loose the ability to trademark the name as it become generic.
Right, ... let's all Alphabet it then!
(I don't know what that means, but if it costs them a trademark the joke's on them.)
"I dedicate this book to my parents, Ayn Rand and God."
So Ayn Rand and God are your parents, and you dedicate the book to them.
Methinks I'd have used a colon, rather than a comma, in that particular case.
Actually this one is fine. It's a contraction of "Data is" ...
Fine unless, of course, you believe that "data" is a plural.
Really it is Microsoft's fault for the ridiculous assertion that what works on a tiny touch screen for a smart phone should be extended in both form and principle to the design of a workspace that is intended for expansive, professional use rather than limited, social consumer use.
Microsoft have never managed to understand that desktop devices and mobile devices are used in different ways, at different times, and for different things. There is nothing to suggest that a single UI can be appropriate for both kinds of device, and everything to suggest that different UIs are required.
If you cast your mind's eye back to about the year 2000, and look at the UI of Windows for Pocket PC (for PDA devices -- smartphones without phones in them) you will see that it looks very like a cut-down version of Windows 2000. Those "Windows" PDAs failed because they tried to look as though they were running desktop Windows (rather than Windows CE) which (a) was unsuitable for the device format, and (b) led to the expectation that they could run desktop windows applications.
It wasn't until Windows Mobile and its Metro UI that Microsoft started to make any traction in the PDA/smartphone sector because they finally had a UI that was appropriate for handheld devices.
One might have hoped, at the time, that Microsoft had finally learnt the lesson that desktop and mobile are not the same ... but no, they saw the success of the new mobile UI and failed to understand it. They failed to understand why it was successful and that its success depended on the fit between hardware and software -- and promptly tried to move the new UI to the desktop.
... the absurd contrast theft which plagues "modern" websites.
The designers of those web pages seem to have learnt at the school of theatre programme designers, who have been delighting us for ages by printing the synopsis, cast list, etc., in (say) pale blue on top of a sepia half-tone photograph. Just what you need for good legibility in the low lighting in the auditorium!
A user friendly EPG would establish the user's channel preference by frequency of use and order by that, or at least put the most frequently used few first and the rest in alpha order.
Oh, wonderful! An EPG whose ordering changes over time because one's watching habits change according to what's being shown on each channel.
That's not going to be confusing or annoying, not at all!
A tap with the letter 'C' on it, in a country with a mix of English and French speakers. Do you feel lucky? Chaud or cold?
So ... you want them labelled 'H' (for hot) and 'F' (for froid)? It would be unambiguous, but nevertheless confusing.
Shame it'll be let down by the operating system they'll almost certainly include with it.
... or you can always install Slackware 3.4 to keep that authentic 25-year-old feel, or maybe Debian 2.0 (Hamm).
A credit card number is 19 bytes. You could steal every credit card number in the world on the 32GB USB stick that you picked up free at a trade show.
You might have to remove some of the malware first ...
And isn't it funny that everyone wrote out half-crowns as 2s 6d (2 and 6) rather than as, well, half a crown.
Is it? Did they?
I used to write 2/6, just as I'd have written 4/9 for four shillings and ninepence ... it's quicker than "half a crown" and more consistent ... and "1/2 crown" might have been confused with one and tuppence.
I never wrote "one florin" when I meant 2/-, either.
No, I thought not.
Then I'm afraid you thought wrong.
According to my rather long-in-the-tooth Concise Oxford English Dictionary "Shutter" is a transitive verb meaning "to close with a shutter" and a reflexive verb meaning "to shut oneself in (or off) with shutters". The word is established and not particularly new.
This is English, though; you can form a verb from almost any noun (even "verb" itself) and - as long as the meaning is clear in the context in which you use it - it makes a perfectly acceptable word.
That said: unless Misco's warehouse has shutters that will be in some way symbolic in the closing of the warehouse, the use of the term seems an unnecessary stretch of artistic licence.
And who is to replace them?
There's still a lot of good stuff being written. In addition to those that have been mentioned by other commentards I might add Jack McDevitt who can be relied upon for a well-told yarn incorporating plausible protagonists, Walter John Williams who writes well in a surprisingly broad range of SF sub-genres, Neal Stephenson, Justina Robson whose early work reminds me of John Brunner (in a good way), Liz Williams ...
Whether any of these will be deemed by future readers to be "Greats" I can't say, but there's a lot of potential out there.
Continuing the choc' and lollies theme and needing one starting with 'P'; may I suggest 'Penguin', the well-known chocolate bar.
Good idea! ...
... but I would almost bet money that they go for "Popcorn". You read it here first!
how complicated can the software be?
In this case, not complicated enough to check to see whether it's about to overwrite itself with software for an incompatible device, apparently.
Just like punching an extra hole in a 1.44 disk to change it from DD to HD
... or cutting a notch in the sleeve of a 5.25" disk so that you could use both sides in a single-sided drive (a 'flippy disk').
That's why I'd never use Google's DNS. I'd choose to use one from Microsoft, Amazon, maybe even Facebook, before I'd use Google because they have less personal information about me and it is easier to avoid them being able to correlate my DNS lookups with other personal information they collect on me.
If you really believe that, good luck to you!
I don't believe that any of those companies would hesitate for an instant before gathering, correlating, and monetizing every bit of information about you that they can get their hands on -- indeed, they'd be mad not to, considering that the others do it and it's apparently not illegal.
At least Google gives me free stuff that is occasionally useful, and for that I forgive them -- just a little -- for ravaging my privacy. The others can go swing.
In my experience, most people can make PERL look like chicken scratchings.
I find it more remarkable that some people can make PERL not look like chicken scratchings ... and, indeed, can write useful, constructive, and efficient programs in that unlovely language.
Why they don't apply their undeniable talents to something, instead, else remains a mystery, though.
Apple got this one right, I think... ARM is touch and runs iOS; x86 is mouse & keyboard and runs MacOS.
Mostly agree ... but ... it has nothing to do with the CPU. You could build an iPhone or an iPad with an x86 CPU and you'd still want touch and still want it to run IOS; you could build a MacBook or an iMac with an ARM CPU and you'd still want a keyboard and a mouse, and to run MacOS.
... there's no point in trying to make one OS that does it all ...
If you did, you'd have to make a single OS with two very different presentation layers for the two different usage cases: mobile/touch and desktop/keyboard. There might be some point in that -- it would depend how much code you could make common to the two environments without screwing either of them up, and how much development/maintenance cost it saved you to do so.
Windows 8 (and to a lesser degree Windows 10) shows how easy it is to get wrong.
... Idris Alba for James Bond
(I hope that was deliberate, "alba" meaning "white")
Idris Elba is a fine actor, and I think he'd make a splendid "00" agent, but he's not Bond. James Bond is a specific (albeit fictional) person who happens to be male and white, and there's no reason to cast him as anything else.
Doctor Who is different. The Doctor has always (Joanna Lumley and Lenny Henry notwithstanding) been played as a character who is male and white, but is an alien whose appearance occasionally changes, sometimes quite dramatically. There's no reason for the Doctor not to be played by someone who is non-male or non-white. There is nothing in the canon that says that this can't happen (and some things that suggest it can) -- only audience expectation.
Like he suddenly decided the TARDIS was like any other spaceship you can see flying past, rather than dematerialising and materialising ?
That was a very poor idea indeed, I agree. Robs the TARDIS of some of its magic and mystery, seeing flit past in exactly the same way that bricks don't.
And, it should be added that, absolutely NO program should pop itself to the front and take focus away from whatever the user is currently doing!
True ... but, conversely, when the user explicitly clicks on something in one application that causes another application (or, "Activity", in Android parlance) to open, that second application is part of the user's current workflow, and it is extremely annoying if that second application does not take the focus.
It's not always straightforward.
Or you could go back to the 1790's where their county Postmaster predecessors were employed to open the mail to look for seditious scribes.
Ah, yes ... we have sixty of those ... from Caesarea.
Time perhaps for a mandatory 5 year warranty including battery replacement at advertised rate/costs given with the initial sales price?
I'd support that -- especially if it included mandatory software upgrade support for five years.
I'd also support a lower rate -- possibly 0% -- of VAT for spare parts and repairs (including service charges) than for new goods, to try to break the "it's bust, I'll replace it" attitude that seems to be becoming the norm.
I read Galaxy Note FE and thought: 254?
... states that this malware is the work of storage vendors!
Run around encrypting stuff, offer to decrypt it for cash, then ensure that nobody can contact you to ask for the decryption key. Brilliant way to discredit malware writers!
No more will the lazy and stingey say "I'll worry about ransomware when it strikes -- I can always pay the ransom!" because it is now clear that this is not a productive strategy and the only the only way to preserve one's data is to have a sound backup regime. Sales of drives and tapes go through the roof!
Of course, once it is accepted that nobody is ever going to pay the ransom, the malware writers will move on from ransomware to some other means of profiting from their misbegotten endeavours.
As I understand it, the shorter keys are susceptible to brute force crunching these days, with enough processor oomph. But can the process be shortened if you have an encrypted file but also have a copy of the original un-encrypted file?
I'm sure I've fundamentally misunderstood how AES works, but I'm curious.
It can certainly help to have plaintext as well as ciperhtext ... but modern ciphers are designed to minimize the amount of help that that gives. So, in essence: No, not much.
And is it possible/likely that they use the same 2048 bit key for every case?
Possible: yes. Likely: No. They seem to have done their job reasonably well in other respects, so I doubt they would make such a basic error with the key.
And another idiot question (I just code, I don't do deep-level BIOS surgery) if the MBR has been overwritten, obviously the machine won't boot, but can the HDD be mounted as a secondary drive on something else and have the MBR re-written?
Yes, of course. As I understand it, though, it is not just the MBR (a single disk sector) but the MFT (Master File Table - something like 0.1% of the size of the disk) that is encrypted, and data files are encrypted as well. The MFT can be regenerated by analysis of the contents of the files on the disk -- it's not easy and it's not foolproof, but partial recovery may be possible in this way if the files all have well-understood formats and the disk is not too fragmented -- but that won't help with encrypted data files.
... just xhoosibg the juciest targets is quicker and easier.
You are Donald Trump, and I claim the fiver!
But, for the life of me, I still can't figures out exactly how I've been harmed.
You haven't, not directly anyway. The harm that has been suffered has been suffered by the price comparison and shopping sites that might have appeared higher up in the lists on Google's search results had Google not put their own selection at the top.
Those price comparison and shopping sites would claim that as punters went to the Google-preferred sites at the top of the list it was those sites whose adverts got all the clicks, and that the sites that were not preferred therefore suffered a loss of advertising revenue. Without that revenue, they would say, they were unable to compete effectively with Google's preferred sites and offer you, the punter, an effective choice of price comparison and shopping sites.
Google might counter that by saying that the preferred sites, because they get more clicks and so more advertising revenue, are better able to invest in the development of truly superlative .... price comparison and shopping sites.
You, on the other hand, might think that they're all parasites, anyway and should go and get a real job rather than preying on online shoppers with their annoying adverts.
Why do they fit these stupid anti-tamper screws?
So people won't try to fix stuff, and will have to replace it.
SWMBO bought a "juicer" (an electric version of what my mum used to call a "lemon squeezer") for about £60, to make her morning orange juice (out of actual oranges, fancy that! Anyone would think she'd never heard of cartons).
After just enough time for the warranty to expire, the clever mechanism whereby the motor starts automatically when the half-orange is pressed down onto the clear plastic thing that it apparently called a "ream cap" ceased to work. I had to drill through three plastic screw covers to get to the three screws that held the top on the motorized base to expose the internal workings. The repair involved replacing a simple microswitch with a spare I got from Maplin for a couple of quid (which would probably have been 5p if I'd gone somewhere else and bought a hundred). A satisfying saving of about £58, though.
Strangely, the microswitch is supposed to be good for 5 million operations ... that's an awful lot of orange juice!
... a sauce containing Irn-Bru is perfectly feasible and does exist.
Hmm ... It calls itself "Iron Brew" sauce, so presumably isn't sanctioned by Barrs, who produce the Irn-Bru drink, and possibly has nothing to do with the drink at all. It's a bit hard to tell as the website of the makers of the sauce (www.necessaucery.com) seems to be a dead link and it seems the company may be defunct.
I did have a (strange, bright orange, but actually fairly palatable) Irn-Bru flavoured cheesecake in Fort William, recently, though.
On a line of more than around 72 characters your eyes have difficulty tracking back to the start of the next line. Add in the 6 columns at the start used by Fortran for label and continuation fields and two for luck and you get 80.
Don't forget that columns 73-80 were sometimes used for card sequence numbers, so you actually only have 66 columns of actual code after the label and continuation at the start.
Card sequence numbers? If you'd ever dropped a deck of a couple of thousand cards and watched them tumble chaotically floorwards you wouldn't ask!
I believe you have created a strawman here. I don't recall anyone saying that no one should be allowed to buy glued-together, expensive, disposable devices. I'd go as far to say that anyone with any sense wouldn't want one, but never that it shouldn't even be allowed.
Methinks the point is that one should be allowed to buy a device that is not glued-together and disposable -- that is, that there should be manufacturers who actually produce devices that are easy to dismantle and service, using standard parts that can be exchanged and upgraded without difficulty.
At present, manufacturers seem to prefer to offer only overpriced and unmaintainable landfill, despite the fact that -- as you say -- nobody with any common sense would want to buy it; the only reason that anyone does is that there are no alternatives. I can only regard this as a conspiracy by the manufacturers to prevent people from prudently buying maintainable devices that will have long and fruitful lives.
We need some legislation along the lines of the RoHS and WEEE Directives requiring manufacturers to make disassembly easy and to use standard parts (or at least to offer easily-obtainable spares at reasonable prices for (say) ten years after a device is first offered for sale).
How soon before Samsung buys it, and uses the patents to go after Apple?
The confusion comes from BT Openreach using the phone lines for the last network to premises connection.
The difference between FTTC (Fibre To The Cabinet) and FTTP (Fibre To The Premises) needs little or no explanation. Methinks the main failing here is that the retailers don't use those terms because they might confuse people ... and instead use other, more confusing, terms.
In its now usual cack-handed fashion Microsoft is possibly attempting to do the right thing here. We know AV software digs deep into Windows, patching hardened APIs and pulling all sorts of nefarious tricks to get itself embedded. To me, that is now an unacceptable risk. If Microsoft is spending time adding parameter validation and hardening the Windows kernel only to have that undermined by an AV tool patching and hacking it all away, then that AV tool needs to be blocked. If an AV tool can patch its way in to intercept whole families of calls, so can a virus.
If third-party AV products are capable of burrowing deeply enough into Windows to carry out their function, without Windows detecting and preventing this, then third-party malware can do the same.
Which leaves us with a quandry -- we'd like Windows to be hardened to the point at which the malware cannot run, but we'd also like to able to run third-party AV tools. The two are not compatible goals.
The answer may be for Microsoft to produce an official AV Tool API that the third-party AV vendors can use, with some validity checking (code-signing, etc) so that only approved AV Tool vendors can use the API ... but that would need to be done very carefully, as errors in the API validation could lead to a very bad exploit.
(Oh, but I make it sound so simple! In reality each vendor would want a different API with a different set of functions, and Microsoft would end up providing an API that had not quite all the functionality that any of them wanted ... probably with an unforeseen exploit arising from a combination of features requested by different vendors. It is software, after all.)
Lockheed Martin said they couldn't get enough Ada programmers and could not deliver the software on time so they asked the DoD if they could use C/C++ ...
I don't know the background here, but from what you say this sounds like the age-old recruitment problem -- they asked for Ada programmers, when they should have asked for programmers (possibly with aerospace experience) and taught them Ada. Good programmers should be able to pick up a new language without too much trouble.
(Yes, I have used Ada, it's not the easiest language to learn, but it's not beyond the wit of mankind.)
Then again, it could just be that they asked for Ada programmers, and the available Ada programmers decided they weren't paying enough. If that's the case then I doubt the use of C++ was the cause of the problem so much as the use of mediocre staff.
Raspberries are already sour ("sauer" being the German for "acid[ic]")
Indeed, that's why they're red. Raspberry juice is an indicator, and turns blue when made less acidic (you can sometimes see this happen as the juice is diluted with water when washing crockery that has contained raspberries).
Biting the hand that feeds IT © 1998–2017