Don't report such things! It gives May and Tories ideas!
574 posts • joined 31 May 2011
Re: Ah. Missed that. Ta, ElReg.
"Only I see the light! Follow me for eternal salvation!"
I thought the end of bronze age was scheduled few thousand years ago...
Re: @John Smith,,, What an interesting set of comments.
> This is a very telling and very significant statement because the myth of superiority of FOSS has been promoted with no counter example. Now you have one.
except by the very nature of close source software we don't have the full picture, in turn leading to
So sorry, but because that kinds of bugs are found regularly (people are actually looking for the bugs), fixed quickly (not after months and months, if not years of inactivity from the vendor), FLOSS is more secure.
> So on that basis what is an appropriate OS for something like HMS QE or a nuclear power station?
one that you can upgrade from earlier than 8 years after its mainline support ends, worst case, before its extended support ends
if they couldn't predict that the OS won't be supported ("predict" as in read the effing manual) by that time, what other kind of things they are "absolutely confident" about?
Re: It isn't a difficult topic
US? really? that's what you call "enlightened"?
Re: Offline encryption ?
@Aladdin Sane: the whole point of it is that "rubberhose cryptography" is the only solution for law enforcement. Because it doesn't scale for law enforcement and it doesn't scale for the crime syndicate.
Re: “We absolutely weren’t hacked,”
He's so sure because he have no clue what he's talking about.
Re: Looking forward to the wiki dump
@John Brown (no body) because USA is not yet a fully totalitarian regime where the "Supreme Leader" has ultimate say with everything
Re: Politician has no technical understanding...
Politicians are experts only at being elected, they, with few exceptions, don't have even a modicum of knowledge from other areas.
I guess, "it cannot die what wasn't alive in the first place".
Re: Rule 3, 4, 5
> Security updated must be available for at least ten years
That's both too long and too short. On one hand, you can have chips in stuff that won't last 5 years in best case conditions of use (toothbrush with internal battery) and then you have stuff that has like 7 years of warranty.
Probably specifying that the updates must be provided for the time the device is under warranty and that the period that the updates will be provided must be specified on a label (like the energy labels or nutritional labels) would make it possible for consumers to actually make informed choices.
> Shishiga relies on the use of weak, default credentials in its attempts to plant itself on insecure systems through a bruteforcing attack
It's truly pathetic that this is still a problem.
Re: 14th amendment
so, basically, they are refusing fundamental human rights on a technicality. Land of The Free™ my ass
This whole administration is irony and hypocrisy personified.
Re: Just to show some appreciation for SVN
> 1) Monotonically increasing revision numbers
instead of constant handle that remains unchanged no matter which branches it is merged into? I'll take the latter. (Like one customer never wanted one feature, but one feature only that the other customer got, or one fix in this old release, and one fix only...)
and while I do appreciate the usefulness of revision-for-version-number, revision-as-quick-and-easy-identifier doesn't work too well for 4 or 5 digit revision count...
> 2) I don't have to check out EVERYTHING that ever was, just the current state (this saves time, I've seen some big repos and small files can add up!)
git clone --depth 1
> 3) Nothing is special, trunk/tags/branches are just directories like any other <---x2
no branch is special in git either, "master" is just a convention, "HEAD" is an implementation detail
> 4) svn:merge-info makes sense, merging follows like a simple "calculus of diffs"
funny you said that, because when I had to use svn, I usually used git to merge branches, unlike with svn, it was automatic in majority of cases...
not to mention working with patchsets, something basically impossible using svn only...
> 5) properties in general (like svn:ignore) but I imagine git has these (but I have seen a lot of .gitignore and stuff)
.gitignore and svn:ignore has exactly the same usage, I don't know what you mean as it not being there....
> 6) svn praise/blame (and some third one) - this is git bisect?
git blame does exactly the same thing svn blame does, svn-bisect is an external script...
> 7) svn:externals
> 8) svn revert
git reset --hard
> 2) There's an annoying merge-trunk-into-branch-after-reintegrating-that-branch-into-trunk (that is "record only" step to stop conflicts in the future when you try to merge the trunk in later
while in the git world, you can merge multiple branches that touch the same files at the same time so that you don't have merge conflicts caused by previous merge (git merge-octopus)
Re: SVN will never beat GIT
> 4. one should be able to mark certain branches that never should have mutliple heads. (fixes and other stability branches)
or how about treating the developers as the adults they are and explaining to them that "it's not how we do things in here"? And in general, documenting your workflows?
Force employees to take DNA tests for bosses? We've got a new law to make that happen, beam House Republicans
Re: Unicornpiss @GATTACA
@Matt Bryant: so that's how a sociopath thinks
your kid has a genetic defect? sorry, can't have an abortion
he's unemployable because he has a genetic defect and will be a constant drain on parent's resources? sucks to be you
seriously, look up empathy
Re: @Someone Else
@s2bu: everybody lies. There is no person on earth that didn't lie even once. Even infants feign crying
to get attention or food.
The difference is in the amount and the motives for the lies.
Republicans lie much more and they lie just to get more corporate kickbacks *ekhm* I mean, "campaign contributions". I mean, just look at the whole Global Warming thing, the new EPA chief doesn't even accept that CO2 forces heating. And the whole party line is not far from it.
Paris Hilton as she has more appreciation for basic facts than the whole (R) party combined.
@Trigonoceps occipitalis. I suggest you look up the following terms: "empathy", "humane" and "golden rule".
Just because somebody is sick doesn't mean that he cannot have overall positive impact on the society. Also, we're talking about helping fellow humans!
> On the other hand, never underestimate the power of stupid.
well, DHS did spend good few million to learn that they don't...
"if it saves one life ..."
oh, so they will finally do something about the drunk driving that kills over 50 people a day, every day, across the EU?
Re: "accusing a democratically elected politician of being 'the death of democracy'."
@Charles 9: exactly, or even simpler, paralyse the constitutional court (or put your lackeys in it) and everything the Great Leader does is suddenly either unknown to be unconstitutional or becomes constitutional by the fact that it was performed by the Great Leader
'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time
Re: History repeating...
XAdES-A, PAdES-A and CAdES-A exist and are designed with exactly that issue in mind.
The solution is to timestamp the whole document (including old timestamps) using new cryptography before the old crypto is deemed obsolete.
Re: Stop using PDFs ?
> A cert is nothing but a ASCII text document of a very specific format.
there must have been some serious changes to the ASN.1 DER encoding, because last time I checked it was very much so a binary format, storing the RSA parameters as big-endian integers, etc.
> Also, let's not use the term "calculate" when we refer to this stunt Google pulled off. Anything that uses 6500 years of compute time sounds a lot more like trial & error to me...
if it was brute force, it wouldn't take 6500 CPU-years to compute, it would take good few orders of magnitude more - over a million times more to be exact
Re: double check?
or you could have migrated to SHA-256 good 10 years ago, have a hash function with smaller space requirement and faster at that.
and while those two documents most likely have different md-5 hashes, creating documents that have the same md-5 and sha-1 hash is not significantly more complex.
HMAC-SHA1 is safe _only_ if it is used as a MAC - with a secret key - it's just as insecure as regular SHA-1 when it's used as a hash function.
Re: Is this the same Google that has been unable to implement an automatic update for Android?
you know that google is a large company, and thus it's impossible for all of their employees to work on the same thing? You know, "too many cooks" and all that...
Re: This is why I use multiple hashes
Using two hashes doesn't work to increase security above the security of the stronger one: https://www.iacr.org/cryptodb/archive/2004/CRYPTO/1472/1472.pdf
Just use SHA-256, it has been in all cryptographic libraries for over a decade already!
Re: Where is this TLS 1.3 specification?
That "GoogleTLS" is also supported by Mozilla Firefox and Cloudflare...
TLS has integrated mechanism for backwards compatibility since it was called SSL 2, over 20 years ago. If you're making errors reintroducing 20 year old bugs into your software, maybe, just maybe, programming is not a job for you. Oh, and I'd suggest against farming either, because this kind of errors makes it likely that arrival of winter every year is a surprise for you.
Re: A Symantec product is total shit
While the post is missing the "/s" mark, it IS sarcastic.
yes, it's an imaginary number, the $ before it indicates it
Re: Well, maybe we should not put software in everything
@Orv: there is an idea of a "data diode", where data can go just one way, but not the other. So it is possible to extract the data without being able to influence the systems that provide it.
And sure, it's possible that the "diode" will be badly designed and you will be able to overload it or crack it to influence ECU from the entertainment system, at least it won't be simple. Car makers need to start designing for security, not only safety.
Re: Uhm, right...
Is there really enough hours in a day to overdose Ghost in The Shell? Inquiring minds need to know!
Re: I think I know why Linux never worked for me.
at least with Linux, the testing is done during RC, unlike Windows 10, where it's tested by regular Joe Blogs on their production systems
Re: "investigation and prosecution of individuals responsible for these crimes"
I won't be holding my breath, but at least few C-levels are under the bus for this, not the CEO, at least not yet, but he definitely feels the warmth of the coals other execs will be grilled over
Re: Questions questions questions
And the document is fabricated because Russia and Trump says so? What other truths have we missed from those paragons of virtue?
> There is no way in hell the Russians did not take into account and did not include in their
> assessment the fact that she was paid millions directly (for speeches and attendance)
oh, so only Hillary has conflict of interest, not Trump? especially not with Russia?
start using the same standards for politicians from both sides, will you?
> and indirectly (via donations to her foundation) by people which stands to benefit of a more
> "robust" USA position on Ukraine(*).
says who? random commenter on Facebook or Breitbart?
speaking of donations, I'd suggest you took a look on OpenSecrets at who donates to Republicans
that's true, *if* you know it's a chatbot, not a person
Re: They want you onshore so they can raid your servers
@eldakka in the US the courts at least have a resemblance of impartiality, it's not their fault that the laws governing US give foreigners less laws than pets of nationals
Re: As far I can understand
@AC 10th Dec 2016: No, it was established to allow for translating the votes of the small ruling class of slave owners in the South to have the same say as the manufacturers and free people of the North.
it is well after its "best before" date and it should be abolished
Re: Massive AV fail
or if only it was possible to digitally sign executables and DLLs... but no, MS can't do it
Re: MS & Standards
looks like they follow Gmail example!
@AC "Fox is probably the least slanted news."
You keep using that word, I do not think it means what you think it means.
Re: This is payback time
@GrumpyKiwi: You do know that 1 thou is 25.4µm or 25400nm, don't you?
Reminder: water molecules are 0.27nm in size. So while the ocean definitely sneers at 1/1000th of an inch, it definitely doesn't sneer at nanometers...
Re: James Hansen will be furious
@Big John: Sorry to confuse your made up mind with facts, but over 90% of scientists that have anything to do with climate science say that humans are responsible for global warming (97% if we talk about active researchers). Over 80% of scientists in general say that humans are responsible for global warming:
The only swindle that is happening is Shell, BP and Koch brothers producing false or misleading information about AGW.
Experts to Congress: You must act on IoT security. Congress: Encourage industry to develop best practices, you say?
> to develop best practices that would "not hinder innovation."
aren't business process patents already valid in the US of A?
isn't that Facebook's job?
@Charles 9: that's exactly what I'm talking about. The queries return different IPs with every query, and they have time to live measured in minutes because they use DNS for load balancing. While in ye olde times results would have time to live measured in hours or days.
they've abused DNS system and now they suffered the consequences
If only the DNS system was distributed and used local caching for the queries...
Alas, we all know that it was introduced for load leveling purposes, so they couldn't have predicted it. /s
Re: BPF is not the only way to get a timed dump
bpf stopped to be a stream matcher good few releases ago, it's a generic system that just happens to be the same thing you use for packet capture
it is vulnerable to replay attacks, but the standard will include information about mitigation and kinds of data client can send in the 0-RTT.
So yes, it's correct that your spider senses are tingling, and unless you're a real Time To First Byte junkie, you're better off not using it. Especially as browsers will need to figure out what is 0-RTT viable or not.