Re: "Constant Phoenix"
Not to be confused with other adjective noun patterns that aren't remotely ridiculous, like Precise Penguin.
5493 posts • joined 14 Jun 2007
Not to be confused with other adjective noun patterns that aren't remotely ridiculous, like Precise Penguin.
"Windows 10 is actually multiple versions too."
Yes, but the changes to Windows Update mean that it is increasingly hard for customers to actually continue using anything but the latest dodgy beta, so that's all we need to test against. :)
Ugh! We'd probably pick the fresh install, since that will be the growing population whereas the OTA updates are the shrinking on. But if we're going to be damned either way then ... ugh!
"What to do when an update applies a change which you really, really don't want? When it's a big release update then I think you have no other choice but to accept, if you don't then you can kiss any future (security) updates goodbye as well."
Welcome to my world. I'm a developer and my *test* machines have run vanilla Windows since forever. If I get a bug report and it turns out that it only happens when someone tweaks something but vanilla Windows is OK, that's sad but forgivable and I can just get on with fixing the bug now that I've got a repro case. If I get a bug that happens in vanilla Windows and I missed it because "I never use that", that's sad and makes me look arrogant and lame. So my rule is "No tweaking to make it bearable is allowed" because there are an infinite number of tweaked configurations and only one vanilla one and I'd like a finite test matrix please.
That means I've had to put up with the out-of-the-box defaults for every version of Windows ever.
Except Win8, of course. That was simply unbearable so I installed Classic Shell, like everyone else.
With this stuff pushing from one side and XPoint pushing from the other...?
It is a pity that we have no name for a body that is in such a relationship. It was always the weakest point about the orbit-clearing business. Neptune has cleared its orbit. That Pluto survives is because it is in an orbital resonance and therefore is never in Neptune's path.
Wikipedia informs me that Laplace was the first person to analyse such systems so perhaps we could call Pluto a Laplacian moon of Neptune. Astonomers who care about orbital relationships can hang on the word "Laplacian". Planetary scientists who care about geology can hang on the word "moon".
It doesn't sound like this company has told us the extent to which their processor can be reconfigured at run-time, so it is entirely possible that they are no better placed than someone using a clever FPGA on one of the chips that Intel and AMD have (both?) promised that will include an FPGA on the die.
If they aren't doing something distinctly different from that, I'd bet on Intel's manufacturing abilities rather than a small start-up's cleverness. Of course, this may be *why* they aren't saying anything yet; they want a head start!
Ah, well that's because they aren't being taught the right thing. The school teaches them "percentages" and then stops. It has to go on to teach "how to lie with percentages".
In the UK, teenagers are almost taught the right things in English. There's a bit in the GCSE course about "persuasive writing" (see how they bottled it?) which is almost "how to lie with words". This is a good start and needs to be encouraged.
They are also almost taught the right thing about IT. All that stuff about "online safety" clearly *implies* that there are people out there who will steal all your personal data, lie about their age, trick you into sex, etc... but I fear that once again this isn't quite explicit enough.
Until you teach "how to be the bad guy *yourself*", you can't really expect people to be able to defend themselves properly against other people doing the same things. It's learning by doing rather than learning by listening to some boring adult droning on about it.
Yes, yes, we can all (bar one *) see that tape is simple and effective against the camera, but our esteemed author *also* noted that the microphone needs to be silenced and I haven't heard much from you lot on that front. I can hear (a little) through brick walls FFS, so a thin layer of tape appears unlikely to be as effective for sound as it is for light. A significant problem, it would seem to me, is that (some) sound can enter the microphone from behind (through the back of the laptop case) as well as through the obvious grille at the front.
So what's the best way of shrouding the average built-in laptop microphone? Or is the only sure method to crak open the case, cut the wires, and plug in an external mic when you need one?
(* So I'll be ignoring the first down-vote...)
"3) Activation must not be possible remotely (even for law enforcement or "safety" purposes) - it must require a local user interaction."
I think all four of your suggestions are reasonable and should be taken up. However, I'm pretty sure I've read that mobile phones do not meet this third requirement. Therefore, this may be one that we have to compromise on in the short term.
"The 2001:db8 means this is a unicast address with global scope."
Actually, if I can jump in before anyone else nit-picks, it's a unicast address with no scope whatsoever because this particular prefix is reserved for documentation (RFC3849). :(
But it's definitely not a multicast address, so I was right in spirit, er...
But what the fuck does that mean?"
You seriously expect an IP address to mean something? Odd. But let's have a go anyway...
The 2001:db8 means this is a unicast address with global scope. The equivalent in IPv4-speak is "not in the 224.x.x.x/4 block, and not in 10.x.x.x/8, 172.20.x.x/12, 192.168.x.x/16 or 169.254.x.x/16 either".
The 42:1 is your network. Short, isn't it? Lucky you. Mine is a few characters longer, but to be honest I can't remember it because there is this thing called DNS so I don't have to. For a SOHO user, the 42.1 is the moral equivalent of the external IP address of your NAT. It is the bit that someone might use to track "you" rather than a particular network adapter that you own.
The ::2 is your address within that network. It's also short and I assume that someone has deliberately engineered that address because they occasionally need to type it directly rather than relying on DNS. For a SOHO user, the ::2 is the moral equivalent of the internal IP address of your NAT.
I occasionally hear objections to IPv6 on the grounds that you can't remember the addresses, but the only bit that needs remembering on a machine-by-machine basis is this ::2 bit and the only machines you need to remember are your routers and DNS servers. If you can manage this feat in IPv4 then IPv6 is not going to trouble you. Also, if this had been a multicast prefix, the ::2 suffix would have meant "all routers in this scope", because IPv6 addresses, if anything, are more expressive than the IPv4 ones they replace, so the number of machine addresses you need to remember might actually be fewer in IPv6 than in IPv4.
"The issue with a firewall is it requires network skills to be properly configured. NAT implies a simple "all inbound connections denied" default rule, and can't be turned off fully. I'm quite sure what most lusers would do with their firewall when encountering a connection issue - i.e. some game doesn't work - would be an "allow everything" rule. There are already many stupid "how to" around that shows how to solve such issues crippling security completely."
You appear to be arguing with yourself here. If NAT provides a simple "all inbound connections denied" rule that can't be turned off fully, then you'll be delighted to know that this is equally easily arranged in an IPv6 firewall as well. In fact, if it isn't the default then you need to publish the name of the router vendor so that we can all condemn them for reckless cluelessness and tell all our friends and relatives that they should not touch said vendor with a 20-foot pole.
If, on the other hand, you enjoy the fact that you can punch a hole in your IPv4 NAT whenever a game asks you to then you'l be delighted to know that this is also possible and no more reckless on IPv6 than it would be on IPv4.
"Nonsense, it's been in there for decades they've just been going out of their way to turn it off."
By "going out of their way" I assume you are referring to the common practice of rolling their own build of Linux rather than simply ensuring that suitable drivers are pushed upstream each time they use a new piece of hardware. If they did that, they could all be running one of the maintained and fully-featured distros listed here: https://en.wikipedia.org/wiki/List_of_router_and_firewall_distributions.
But no. Apparently it is "better" to roll your own, so that the crap support can be used to "tempt" users into buying another router each time they want a software change. Imagine if Patch Tuesday didn't exist and everyone was supposed to fix zero-day holes in Windows by buying a new machine.
Actually, no. Don't give them ideas.
"Also I think people are over reacting, IPv4/v6 Internet access only really becomes an issue when websites turn off IPv4 access ..."
For existing web-sites, that may be true. Do you have some reason for believing that we've hit "peak website" and that new sites are going to be a rarity from now on? To me, it seems more likely that at some point in the fairly near future the "next great thing" will just happen to be IPv6 only because that's all the founders could get hold of when they were a start-up.
"...and/or ISPs also stop supporting IPv4..."
New ISPs will face the same problem. (At least, I hope they do. God help us if we have actually hit "peak ISP" and are stuck with the current lot.)
"Although manufacturers including Volvo, Google, and Mercedes say they will accept full liability if their autonomous vehicles cause a collision, this is not currently a legal requirement."
Really? I'd have thought that it was just another case of a manufacturer being liable for defects in the design or manufacture of a product, in cases where loss or damage occurs during the normal and intended operation of said product.
Put another way, if you sell me a car with the claim that it drives itself and the occupants don't need a driving licence, you are the driver. You may need new laws to allow such a product to be deployed on public roads, but such laws have been passed in several places.
It's an x86 machine, so I don't see why not, but it will put 200 notes onto the price tag.
"The hardware requirements and processes for Chromebooks are quite different from running Windows or Linux"
"but they also got rid of the cursor keys and home/end"
Odd. *My* Chromebook has the arrow keys but doesn't have Insert or Delete. There are really quite a few programs where the latter omission means I have to pick up the mouse and navigate through a menu or two, just to perform an action that for the past few decades has been a simple keypress.
Is there some sort of standard for ChromeOS keyboards or is it just "you can provide whatever subset of a full keyboard that you like, as long as it is a subset"?
My experience is that ChromeOS (and Crouton, if you put that on top) *is* still crippled. Yes, it is a Linux kernel underneath, but it is the kernel that the OEM chose to put there, with whatever options they chose when building it and whatever modules they chose to ship it with. A couple of years down the line, you'd still be running kernel version "old.past-it" and relying on Samsung or Google for security updates. (I don't know which, but if it is like phones then it will be Samsung and you are shit out of luck.)
At least this model isn't ARM-based and so it will probably conform to all those nice de-facto platform standards imposed by Microsoft for everything around the CPU. That means you have a reasonable chance of putting a recent Linux build on and keeping it "recent" for the lifetime of the hardware, which (contrary to the hardware vendor's fondest wishes) is *not* "six months and then you toss it away and buy the latest model".
If it is truly AI, its behaviour is autonomous and the ethics of the creators is pretty irrelevant. When someone commits murder, do we lock up the parents? (Well, actually, I suppose we *do* get a load of Daily Fail readers tut-tutting and saying "I blame the parents..." but in a civilised society these people carry little weight in court.)
So here's my replacement for the Turing Test. Let the robot kill someone and consider your response. If you feel that the most appropriate response is to punish the robot, it counts as AI. If you feel that locking up the person who built it and let it loose is a better idea, it doesn't count as AI.
OK, I've heard the names because I've been on this site for long enough, but I honestly wouldn't recognise anyone on the list except for the two named in the title.
I also find it odd that the googly name on the list is their Gob-for-hire rather than either of the two founders. It takes real ego to arrive at a company after all the hard work has been done and pretend or imply that you are the most important guy there.
"Obvious question is why would you let your printer call out to the net, but I'm guessing it's because people don't realize it can?"
Sadly, I think there are just as many people who would let their printer call out to the net "because it can" as would do so "because they don't realize that it can".
Surely its uselessness is the point?
Related and perhaps more useful projects would be: can you replicate the same functionality on the same hardware more efficiently by exploiting software techniques that we've learned (or perfected) since then, or can you build a better hardware platform using the same technology and the same budget. Such efforts might allow you to assess the achievements of the previous generations and pay an appropriate level of respect.
Building *exactly* what they built is merely an act of homage, perhaps the sort of thing you'd do *after* you'd tried the other things and decided that "Yep, they knew their shit. I'm impressed.".
" [to address the Houses of Parliament] is a privilege that should be conferred more selectively. "
Members of parliament presumably have the option of not turning up. (They make such a noise about being "sovereign" so I would certainly hope so.)
"That number taking to the streets is an even more impressive display of opposition. Tony Blair and Parliament didn't take any notice of them either."
Not immediately, no. I suspect that he regretted that once all the chickens had come home to roost. Sure, he never said "I was wrong and should have listened to all the scruffy oiks on the streets." but he has lived the rest of his life under the shadow of that decision, he was politely rottweilered in the ensuing inquiry and his historical legacy is almost certainly "mixed".
"Why can't we have a prime minister, just as we have now, without the Royal barnacles clinging to the hull weighing us down?"
I suppose we could, but without the Royal barnacles our head of state would either be that prime minister or a barnacle chosen from the same pond or a barnacle chosen by popular vote on a Saturday evening TV show.
I realise I'm about to completely reverse the current ratio of upvotes to downvotes on my ElReg handle but...
If you only say in private what you are willing to say in public, then you don't need to worry about this. It's only people with more than one standard who have to worry.
(Posted Nonymously, as indeed I always do unless I feel I have to protect the identity of third parties who might be identifiable in my posts.)
Edit: And no, I'm not a human rights activist posting from some god-forsaken part of the world where anonymity might be life-preserving. Neither, so far as the article suggests, were these two.)
"What about US IT companies? They are in deep shit now. "
Not at all. The order contains the phrase "to the extent of applicable law" and in this case the applicable law means the order cannot be carried out to any extent whatsoever. It is just posturing to impress those who lack the applicable legal knowledge. Politicians of all shades do it all the time and are rarely picked up on it either because their opponents don't know any better or because their opponents don't want to cast the first stone.
"I expect these two will now form part of those figures."
On the assumption that they'd have died without swift medical intervention, presumably they will provide an upper bound on the true figure. Ironically, they will be the kind of "back-of-the-envelope" figure of which these researchers were so tragically unaware.
"this product" ??
The article is talking about code signing. Last I heard, Ubuntu Desktop is not a code signing product. Also, last I heard, Linux distributions in general solve the code signing problem by having each distribution bake its own keys into the distro. This isn't a technique that scales well to several million ISVs, though obviously it works just fine if you can persuade everyone to share their source code so that it can be served up by the One True Repo of each particular distro.
It was the "Therefore, " that puzzled me. The kind of company that unknowingly allows its keys to be compromised is the kind of company that will just stick this dongle in their signing server and give all their devs login rights.
Actually, no, I don't realize that and after over a year of Trump's tweets being front page news I think you are the first person to advance this particular defence within my earshot. (But as you can tell from my spelling, I'm a long way from the action.)
Compared with twenty years ago, issues around lousy IT security are far more mainstream and probably far more important. Over the long term, I'd expect El Reg to be covering more political stories. At the same time, US politics seems to be going through a terribly divisive period, so what stories do occur are likely to annoy one side or the other. Possibly something for the editors to keep an eye on.
"nothing different... Private email, insecure phone"
Actually, since "private" and "insecure" have no particular relationship to one another, I'd say there was quite a big difference. The common factor is that the NSA are unhappy in both cases. Since one of their core functions is knowing about that kind of shit and another is being on the same side as the US government, I'd have thought that such advice was worth taking. But hey, I'm just some doofus who posts to the internet. I'm not as smart as the leaders of the world.
"I didn't notice as the articles are still using http."
You can read the articles on https as well now.
And on that subject ... might I ask the wider audience whether (in general) there is any reason to keep the http version of a site (any site) going alongside an https version?
Soon, the only way to have secure email in the US will be to run your own server.
"The consumer who defines the success of a platform or not doesn't give a shit about free. They want music, videos and games."
They'll get those because the browser and media player are the two bits of FOSS that get the most lurve from developers.
What they will also get is no annoying vendor-enhanced user experience, which I seem to recall provokes a "how do I switch this crap off and make it like my old phone" response from pretty much every end-user when they buy a new phone.
They'll also get security patches for more than six months on the device that they now use for online banking and offline payments. Children may not care about that, and I'll grant that they make the most noise on the interwebs, but anyone old enough to actually earn their own money might be interested in not losing it.
@bazza: spot on...
" I think before we can talk about a free mobile OS we need a popular free and nearly universal hardware standard for mobiles."
This is the sticking point. Yes we have things like Ubuntu One and even Cyanogen Mod but it's not that easy to get it running on your phone and not everything will quite work once you do. Worse, in six months the handset guys will have a new offering and it will be another six months after *that* before this new shiny is supported by your favoured free OS.
Apparently this suits the hardware vendors just fine, so I don't expect the situation to improve just because the FSF wants it too. RMS simply has no leverage with the people causing the problem. Even Canonical, who actually have the cash to bribe a handset maker into offering their OS, haven't made much impression and (at time of writing) have no phone offering.
Look at the list of supported handsets for Cyanogen Mod. It's massive, all with varying degrees of "working" and (by implication) varying degrees of "supported by a competent developer if you, dear user, run into trouble.
Look at the list of ARM-based PCs that you can hack Linux onto. There aren't so many, but they are all still differemt so you find that only some distros are supported and they are usually running an older kernel.
Now look at the x86-based PC, where Linux really works. There's one hardware standard. The very latest software is available for download. Installation is trivial (even in a UEFI world) and you have thousands of support options.
"I've forgotten almost all the French and Latin ..."
I don't think French and Latin really count as two different languages. They are sufficiently different from English to make you curious about lingustics, but there are languages out there that will make you seriously wonder whether even whole sentences are the minimal unit of translation, or indeed whether it is actually possible to translate them into English without garbling at least some of the meaning.
Notions like "noun", "verb" or even "word" start to look flaky if you review *all* the languages of the world.
"Microsoft should use and "dogfood" test all these features - and take the pain of working out any bugs before expecting the rest of us to do it...."
Ummm ... isn't that exactly the process that the article describes?
This isn't a product launch that has gone wrong. MS have tried an internal roll-out. They have found a number of problems. They are leaning on vendors (other parts of themselves included) to provide solutions. Once those solutions are ready, they will be available for everyone else.
(It shouldn't even take very long. Linux probably already supports the protocols, so the router vendor will probably just add the relevant packages to their stock image and re-run their test suite.)
Up next: someone actually registers their Trojan as the handler for the "moz" protocol and puts a phishing site at "a". Several million kiddies who think they are cool with computers then fall in.
"Well, fine .. so do you have a better suggestion ?"
Well, yes, actually. It's called "nothing".
If I have something to hide then publishing it in the clear amongst general internet traffic is almost certainly safer than using a system that inevitably attracts the attention of the spooks and is run by people about whom all you know is that they are untrustworthy.
"Pretty soon SOMEONE will propose the redo the Internet from the beginning: this time with full attestation at all points; no more anonymity."
I could live with that. The bad governments can already tell (if they want to) if you are connecting to an end-point that lies outside their control, so today's VPN fans are already subject to the sort of traffic analysis that such a proposal would allow. On the other hand, a reliable (or even semi-reliable) method of determining where content had come from would make your average spam filter about a billion times more accurate.
Anonymity on the internet is like guns in real life. If you have it, you are either already known to the government and doing it within local law, or you are outside the law and they'll come down on you like a ton of shit if they ever find out.
The solution is to fix your government so that they aren't a bunch of control freaks. Merely using technological band-aids to make it hard for them will just make them angry control freaks.
"And firewalls fall far short of offering protection, he said, for obvious reasons: they're oriented to block traffic from the outside, and if you haven't turned off UPnP, Things expect to open whatever ports they wish."
A few errors there. ... Even the cheapest routers have firewalls that *can* block outgoing connections if you want to. They also let you turn off UPnP and Things *expect* to be able to open ports whether or not you have allowed it. (They are merely disappointed if you don't.)
We don't actually *need* the changes (however sensible) mentioned in the article. We already have the tools we need. A bit of end-user education would go a long way here. Even once we have the changes mentioned in the article, it will still be possible for end-users to get it wrong.
I think you will find that Joe Public has never heard of GNSS, and whilst he probably thinks the US are the only providers, he doesn't actually care as long as his smartphone can tell him where the nearest pub is.
But, but ... XP has already gone away, unless you are the NHS or a similar organisation which has paid loads of cash to MS, in which case I'm sure this vulnerability will be patched.
Yes, that'll definitely happen. To suggest otherwise would imply that MS were simply laughing all the way to the bank and the NHS management were a bunch of fools pissing someone else's money down the drain.
"Most of the email addresses will be for example.com as well..."
That depends on how they validate it. I tried using firstname.lastname@example.org as my Microsoft account during a Win10 installation, only to be told that it wasn't a valid email address. I had to find some other way of not giving them any contact details. (Eventually, I think I discovered that if I failed three times then it took pity on me and let me use a local account.)
"So how likely is it that some/all the other trivial passwords are from (less cunning) bots?"
Less cunning? If someone learns that 389fj2kf674hk is being used by a bot, it is probably easy to destroy all accounts that happen to use that password. If they learn that 12345 is being used by a bot, they cannot delete anything because (in their heart of hearts) they just know that 5% of their customers are using it, too.
"This is El Reg, no place for common sense and alternative viewpoints"
Or rather ... This is El Reg. For *any* given "innovation", some of the people commenting here probably tried it years ago, agreed with everyone else that it was crap, watched it sink without trace, and are now dismayed to discover that a bunch of twenty-somethings think it is a new idea worth trying.
It's all the more distressing when the new idea is "more eye candy". The cycle-of-reincarnation period for that can't be much more than half a decade. How young do you have to be not to be able to remember the last time someone promised either "lots more sound and animation will make computers more friendly and easy to use" or (at the other end of the cycle) "we need to make everything either flat or, better, invisible so that it doesn't get in the way".