Re: Firehose of data ...
I'm sure HPE are on top of it.
1614 posts • joined 7 May 2012
I'm sure HPE are on top of it.
Pretty sure that's a bookshelf in IKEA.
> Wouldn't want to be around when a petrol tank went up either
I agree. The fire would be very hot. (Or were you like most people expecting some form of explosion?)
What does in large amounts mean? And over what timeframe?
Tbh, having large amounts of coffee, it's going to be the cholesterol (from milk) and the sugars that get you rather than the caffeine.
With having to type in that handle at sign in, I'm surprised that you ever have enough time to bother with a comment.
> These requirements limit the ability of an insider or adversary to make malicious modifications to source code and also provide a forensic trail from a service back to its source.
So they trust the compiler then?
> McDonald's main website that could be fodder for phishing attacks
But those URLs are coming from the wrong McAddress.
/Sorry. I'll grab my McCoat now.
Sorry Phil, a common mistake, like people confusing light-years with speed rather than distance.
Whbs aren't a measure of wealth but rather a measure of frustration or angst.
* He was so rude to me, I hope the next guy pays with 2 Whbs!
* These #£&+ mosquitos are everywhere. Every time I get one another starts buzzing. It's like 7 Whbs.
* Is it so hard to put your phone on silent at the theatre. May the parking ticket machine return her 400 mWhbs in change.
> “The protocol also determines which determines which device is going to be the master clock – there's a mechanism for devices to evaluate which is the 'best' clock,
No I'm Spartaclock!
No I'm Spartaclock!
> They are as factual as the accuracy of the information provided to the ATO and centerlink
No. You are either ignorant of the issue or trolling. They are not using the information provided to the ATO. The ATO doesn't hold income per fortnight. Centrelink have inferred that fortnightly ATO figure through a patently flawed algorithm.
It is outrageous to falsely accuse a person of fraud, send in the debt collectors (oh hi there credit ratings) and not have sufficient resources to deal with challenges from people who have evidence to show they were indeed entitled to those benefits.
It's not just 'dole bludgers' who should be worried by this crazy math shoot first ask questions later behaviour. Should we apply this logic to pension asset tests or family tax benefit?
A few years ago I lost elegibility to part b after a pay rise in one of those perverse getting a rise leaves you worse off cases that makes living wage an interesting idea. The same 'logic' applied here would have seen me being asked to repay a debt I didn't owe.
If they are moving into speculative invoicing, then here's a thought. Anyone found to have been incorrectly accused should be paid at minimum wage for their reasonable time in producing the evidence and their refunded amount should be returned at government bond interest rates.
Opel have been caught with something slightly more subtle. It only operates it's emission controls in a very narrow temperature range which luckily coincide with lab conditions. It doesn't operate whilst revving beyond 2400 rpm which again luckily isn't needed in the lab. That it hops out the way when you give it the beans isn't surprising (safety first), but the fact it remains off even when the engine is just ticking over once the need for hard acceleration is done means that in real world city stop start driving you will likely disable the emission controls on pretty much every trip. That doesn't excuse VAG. There is enough criticism to go around.
> Far better than giving kids a new tool to go and harrass others with.
Look it has a few minor challenges but at least the device can't be disabled with a few layers of aluminium foil....
It's a cloudflare certificate, so at least the initial hop is encrypted. Doesn't mean traffic between cloudflare and El Reg is encrypted. It might be but you can't tell. Anyway kudos for removing prying eyes from at least the most vulnerable link.
> Were you involved with the Australian Census?
No you have me confused with someone else. I've been working on an innovative welfare compliance system where we crosshatch tax records, divide a magic number by 26 and assume every fortnight is paid equally then send out the debt collectors.
Makes sense though. Fibre only has a very small diameter so you can't fit much light through it. But look at all the light you can fit in the outdoors. Clearly that gives much more bandwidth.
> "Unlimited" doesn't mean "infinite",
> it just means there are no pre-set limits.
No, you should have stopped at infinite.
It means that they don't have a limit that you can violate. If you wanted to put a number on it, an ADSL2 line can in theory download 25Mbps. There are 2678400 seconds in a month. There are 8 bits in a byte, so
2678400 * 25 / 8 = 8370 GB per month.
Don't call something with limits unlimited. At its kindest, that is a bait and switch scheme.
> The take-out-the-trash timing of the review, announced in the afternoon of Friday December 23, meant Vulture South missed it at the time.
Glad it's being picked up in its own right though. It seems to my reading to be just waiting to be abused. It doesn't take too much imagination for some jilted partner who knows the WiFi password to ensure some less tasteful/borderlining illegal websites make an appearance in the ISP logs and then use that in some custody hearings to argue why the other should not be allowed near kids. It is also not beyond imagination that a business partner wanting to escape some contract responsibility could generate the appearance of SMTP traffic to a recipient which wound strongly indicate that confidentiality clauses had been breached.
My 2c. The retention policy is an expensive way of generating large haystacks and it should be scrapped. My visits to el Reg or any other site are not in my ISP logs. Only connections to my VPNs endpoints, and they don't log. Legislators should try harder to understand the systems they are trying to regulate and stop with the do something brigade logic. Otherwise we end up with π == 3 laws.
African or European? Or does it depend on the weight of your order?
> You're overlooking the obvious flaw: the descent would need to be controlled and hence would require power
At 45000 feet this object will contain a lot of potential energy and very little kinetic energy. As it drops, most of that potential energy gets converted into kinetic. Even commercial jets use a ram air turbine for emergency instrumentation power in the event of fuel exhaustion or other engine failures. Flight calculations are relatively modest unless you start trying to get into weather modeling or something. We are talking iPhone battery levels of power.
Actually, come to think of it, maybe if they use a note 7 battery, they weeks then have a good rocket to launch the drone back to the mothership.
It's already done. Google WiFi pineapple.
I am totally against people bringing lions onto aircraft; especially in hand luggage.
No sympathy from me. Clearly using encryption makes you a pedoterrorist.
Now that's off my chest, I can continue with the broadcast of my simulation of a very long running game of heads or tails.
It's even easier though* given quantum computing. Bob can tell if the qubit from Alice has been observed by the waveform collapsing. Makes a very nice key exchange channel.
* It's getting the quantum qubits to survive without near absolute zero and for more than a handful of milliseconds that's the hard bit.
Why so much trouble. They always put extra screws in as evidenced by the leftovers once everything is reassembled.
You mention a consultation period. I need to clarify for context, are we referring to a Brandistanian consultation, or something more Gleesonesq?
> I think most companies are smart enough to realise the negative PR would cost them far more.
So you're suggesting that Oracle will probably try it?
I don't see a big problem getting it through. It may be a solid rocket booster and oxidiser so there is a small risk, but it's not like they're launching something really risky like a Note 7.
Well no doubt German has a word for such types of work being performed by a Danube steamboat captain.
You are right in pointing out that the brokenness of md5 isn't the key issue here. I mean, broken when talking about cryptographic hashes is a technical term which basically means that there is a more efficient algorithm to discovering the input than to brute force it.
It's big flaw here is that we have much better hardware now and can do most of the computations on GPUs at rates best measured in "billions per second". That makes brute force attacks for passwords under 7 characters practical and dictionary attacks highly likely to spill the beans in a substantial percentage of records.
Collisions just get you another password that the system would accept. In other contexts they are more worrying. The following link gives 2 example executables that do different things but have the same md5 hash.
But at the end of the day, it's much less effort to try hundreds of billions of combinations of words, common letter substitutions, common prefix and suffixes and passwords found inside plaintext password dumps. The attackers here won't be worried if they can't unlock all accounts. Even if it's "only" tens of thousands, they can still use it as a steppingstone to attacking other services a user might have, doing a ransomware on flickr photos or whatever or resetting passwords for other non yahoo services they find emails for.
The big benefit with salting is that you can't leverage knowledge about one user's password to determine someone else's. Md5 was considered a bad choice 10 years ago. Why were yahoo still using it is a big mystery. It is literally broken to the point where you can google the hash to reverse it.
If you aren't using salt, you find someone with the password hint "password is Bernie2016" and now you know what all those F1697D2047065D93EECFEC16D670CD61 hashes mean. At least with salt you have to brute force each user independently.
And now you have that detail, you can use enumeration attacks on other sites to see what other accounts are valid and then try your luck with the same password.
Use a different password on each website, so your yahoo breach doesn't give away your other more important passwords.
Use long passwords. 4 random English words (like random, not quotes, verses or xkcd comics). This will guarantee that it is easy to memorise and type yet is too much entropy to exist in a rainbow table.
Use a password manager if you find that easier.
There's no such thing as an untested backup.
> wouldn't it be simpler to make it a "Internet not delivered by NBN tax" tax.
Simpler maybe but politically unpalatable. It makes it impossible to not look like your trying to ruin a business model. To be honest, I'd rather they funded it from general revenue. It is useful infrastructure with a long shelf life* and will add to GDP and hence future revenues, plus borrowing is still at an excellent rate.
*FTTP, not the crappy FTTN half arsed obsolete before it's finished crap.
> would assume this pretty much impacts every mobile phone (cell phone for our American readers) bill too.
No. It won't impact mobile. From the linked proposal:
"... which will require all eligible fixed-line superfast broadband networks to make a proportionate contribution to the long-term cost of these services"
4G isn't fixed line.
It's just a money go round. The "tax"is really the built in cross subsidy amount and gets around the problem of tpg et al cherry picking the profitable high density rollout sites and leaving NBN to do the less profitable and loss making sites.
In principle it makes sense but I'm not convinced they have thought it through (law of unintended consequences). Will tpg just spit out a new 24.999Mbps fibre plan to sit just below the cut off point? Will Telstra or Vodafone provide faster services than the cut off point but be exempt because they're not fibre? Of course they will.
I can't comment on Iceland specifically, but generally speaking minor parties would be weighing up the short term influence they would hold in a coalition against the base who get angry when their hobby horse issues are horse traded. Many minor parties who find themselves in a coalition or even guaranteeing support in a hung parliament find their own base abandons them at the next election. Add to that that many minor parties don't have an obvious viewpoint on issues not in their field of concern means they can find their candidates splitting on those issues (particularly in a hung parliament where every vote counts). The leader might agree to some trade deal only for someone else in the party to vote against it.
As opposed to pokies?
> I'm unconditional about it.
Er, uncomfortable. Bloody autocarrot.
I'm unconditional about it. Without question there is a design flaw that poses a very real safety concern in a very small but significant percentage of these devices. Yes the recall should be mandatory, but this solution fails to take into account that risks are always relative to other risks. Perhaps there is a risk that someone in possession of such a device can't make an emergency call in a timely manner? A better approach would be to include a nag screen that pops up every minute and forces you to watch some recall notice in 5 different languages, and otherwise limits the apps it will load. There are plenty of measures to make the experience so bad that laggers without a really good excuse will make the effort without adding any risks to safety.
You are right. It was a terrible misunderstanding. The cheque was actually for $10!!!
Not sure how that would work. Definitely worth a look, but as I understand it this is just a "try these areas first" collection of data points. That is to say, it can't interfere with the positioning values themselves (via http MitM).
My old tom tom would take several minutes to find itself; you basically have to drop to that sort of brute force scan.
It is possible to believe that a malformed file could be misprocessed causing a buffer overflow or equivalent. Seriously though, if you want an easy way to pwn most android handsets, write a simple app with two threads, activate copy on write, load an executable owned by root and .... you know what, I'm not doing your homework, this isn't stack overflow here...
> US Army backs droid for search and rescue missions
Yeah. That's definitely the use case they have in mind. The other one plays jingle bells.
That has got to be the most awesome job title for your business card.
-- Adam 1 - Roboticist
At least there is no way for an evil app could get itself root access. Oh wait....
Come on Chocolate Factory. You get all 90 days on other vendors.
> you can login as root and get command-line-level access to the operating system if you can crack these password hashes:
$1$$mhF8LHkOmSgbD88/WrM790 (gen-5 models)
iMaxAEXStYyd6 (gen-6 models)
In that case I'll be extra careful to not Google those hashes in a day or two.
I know it's only Tuesday, but @gazthejourno for FotW.
Tbh, it's not the premature shutdown on a galaxy note that would worry me about their batteries.
Going for a walk alone in the wrong part of town is going to result in a mugging or worse. Leaving your iPad on the back seat of your car in some poorly lit car park is going to result in a smashed window and no more iPad.
None of this excuses or reinforces the behaviour of the perpetrators. It's simply a recognition that there are injustices in this world. We can chew gum and walk here.
> IoT security camera vendor ...
> A new firmware is due to be released within the next couple of weeks
Clearly a real IoT product would never release updated firmware to fix things
Well that pretty much describes windows update. Here's a font vulnerability fix that breaks outlook.
Seriously though, it is the responsibility of the original developer to create sufficient test case coverage that my fix gets rejected by the build server. Apart from the most egregious introduced bugs, if someone breaks functionality that I wrote, I ask myself:
* Did I adequately name the variable/parameter/method/field/const/enum/class/whatever?
* Did I include a comment where what is being done is obvious but why it's done less so?
* Did it structure my code with single responsibility principles?
If the answer to those is no then I tend to blame myself.
It happens with software all the time, where by the time a specific bug bubbles up through onto a sprint, it has been coincidentally neutered by another fix or improvement. It can also happen when a developer working on an unrelated ticket stumbles upon the initial problem and fixes it at the same time, legitimately believing that it had never been reported. Obviously not saying that this is definitely what happened here, but let's not feign surprise about something that would happen in a product as big as windows at least daily has indeed happened.
> But the publisher can tell if ads are being loaded or not
To do this they need to wait for the ad content to download and render before delivering the content. With video or animations that is impossible. Even for simple images or text you would be adding substantial lag to your page display time for the 80%ish users who aren't using them.
There are other possible measures. Many moons ago I had to deliver a "way too complex for html of the day" report over the web which ended up being a dynamic png rendered on the server side. These days you could do it with html5 and angular. It was an absolute usability nightmare. You could get dynamic screen sizes to be taken into account and image map out hyperlinks but it was non trivial. It also made it inaccessible to screen readers.
I'd like to think that websites would not screw up everyone's experience to spite the relatively small proportion of users who bypass their ads. Then again, we are already stuck with animations that interfere with content, fake download buttons, etc all apparently in the name of supporting websites so yeah.