* Posts by doublelayer

317 posts • joined 22 Feb 2018

Page:

Chinese biz baron wants to shove his artificial moon where the sun doesn't shine – literally

doublelayer

Re: Eight times brighter than the Moon?

Like most Chinese cities, this place is really busy and has a ton of lights inside buildings. They could probably turn a lot of streetlamps down or off that are near big buildings already pouring a ton of light out and save some money there. Meanwhile, it's going to be more cost-effective to just get more efficient systems for generating power and turning it into light rather than sending even more unneeded junk into orbit.

0
0

Stroppy Google runs rings round Brussels with Android remedy

doublelayer

Re: Ha

We are not saying that google doesn't have the right to do with their OS what they want, although that has more limits than you say. However, yes, they have the unlimited right to make it the privacy-invading, closed-source in reality, complete mess that it is. They are not allowed to make it deliberately destroy competitors' systems, which it does. If you build a television that searches out my television and targets it with harmful interference if it isn't one you make, then you have violated the law. You have the right to build a television, but not to destroy mine. No matter how complex your system to destroy competition, no matter how many other useful things it does, no matter how much value people get from it, no matter how much effort they went to to create it, and no matter how much worse the competition is, you don't have the right to do that. It's wrong, and it's illegal.

6
3

Open-source this, open-source that, and the end of the Windows 10 Creators Update

doublelayer

Re: Too True.....

For me, usually it works like this:

Me: windows, pause, types "note", enter

Notepad opens.

Me: Closes notepad, windows, pause, types "note", down arrow, enter.

Notepad opens.

Me: Closes notepad, windows, pause, types "note"pad++, enter.

"notepad++" - Bing - Microsoft Edge.

Me: Closes edge, checks that default browser is still set to firefox, Windows, types "note", looks at list. Finds correct position of notepad++ in list, arrows to it, enter.

There might not have been a good search facility before, but I miss when you could pin things to the start menu and they would actually stay there.

23
0

Samsung Galaxy A9: Mid-range bruiser that takes the fight to Huawei

doublelayer

Re: Mid-what?

So it's the median. That doesn't always equate with mid-range. Mid-range is a category that falls between low-range and high-range, which usually applies to what a normal person spends. Perhaps it'd be more accurate to do a median of the phones by how many of them were sold, which would probably be more like a mid-range phone. In general, however, a phone that is essentially identical to a $1000 phone and costs $600 is still high-range, even though it costs less. The internals are high-range, and the cost is high-range. If they downgrade the internals, the specs may become mid-range, but the price is still high-range and so the phone is just overpriced. If I start selling phones for $2000, it won't make Apple and Samsung flagships mid-range, it will result in nobody buying phones from me.

0
0
doublelayer

6 gigabytes

Out of curiosity, how frequently does a phone actually use six gigabytes of RAM? More specifically, how often does it use it for a reason other than "why ever remove something from memory when you have six gigabytes of it to play in"? There seem to be a lot of phones out there with 2-4 gigs, and I wonder how noticeable the difference is. If I had two phones with exactly the same specs except one has six gigs of memory and the other only four, is there a recognizable difference in standard usage between them?

9
0

Yale Weds: Just some system maintenance, nothing to worry about. Yale Thurs: Nobody's smart alarm app works

doublelayer

Deadlock?

18
0

Does Google make hardware just so nobody buys it?

doublelayer

Re: Do we care anymore?

I wasn't in on that memo. Just because it uses the Linux kernel doesn't mean it's good. You can build all sorts of things with the Linux kernel running the low-level stuff. The resultant device can be terrible, it can be evil, it can give you no options, and it can lock you out completely. Linux on its own doesn't guarantee anything; it's Linux plus a free user level and access to root and system components that gets you a system that either is great already or can be made so.

5
0
doublelayer

Re: ChromeOS Pyrrhic victory

I can see your point about the long battery life making an underpowered device more useful, but consider two points:

1. This chromebook has a ridiculously overpowered processor for the processing it can actually do. If they included a processor that ran with less power, it would run for more time,

2. I like long battery life too, which is why I look into computers with processors that can standby or sleep in many conditions, then load them with operating systems that don't thrash them. I can still do real work on them, rather than be tied to my internet connection. This also helps my battery life because I can shut down my WiFi and bluetooth radios to save even more power when I'm not using those services. I have a laptop that I was recycling for someone else, with a really low-end AMD chip in it. It can run forever with a minimal Linux install, even though it has a smallish battery. I think this one was very cheap when it was bought new, as well (although I doubt the battery life using its preinstalled windows was so nice).

0
0

Chinese Super Micro 'spy chip' story gets even more strange as everyone doubles down

doublelayer

Re: phoning home

Some assumptions you made:

1. The chip, assuming it exists, is meant to exfiltrate data.

2. The chip, assuming it exists and is meant to exfiltrate data, would be doing so frequently, rather than sleeping most of the time and sending out bursts on some occasion.

Assuming that it did need to exfiltrate data, it could be doable on Amazon's network if it could be programmed to recognize an AWS image with specific characteristics. The data could be sent to that VM by the kernel, and stored there. From there, it could be encapsulated into traffic that is sent out as normal.

This wouldn't explain exfiltration from other systems, as Apple doesn't run others' VMs on their systems. However, it could be possible to send data in standard-looking packets if there wasn't that much. This is not an explanation, but it is feasible.

It doesn't make that much sense that the chip would have another purpose, although I suppose you could come up with one. It could be a remote destruction device that merely watches for a request, then takes the system down. That doesn't seem like a useful thing to do, but that could be the purpose. I'm sure we could think of lots of other things the chip might be doing if it exists, so let's not assume that exfiltration is the only task it might perform.

1
0
doublelayer

Re: Why are ICs always in large packages, how is this dot powered?

I'm not saying it happened--in fact, it seems likely that it didn't happen, but the chip in practice does not need all of the things you say it does. If the original description is correct, it merely sits between a flash chip and a processor, replacing serial traffic. It could use the data traffic from the flash as enough power to inject another signal. After that, the new code could be run just fine by the processor running the servers' firmware, which can do all of the actual stealing, embedding of information into something hard to detect, and exfiltration over the internet. I don't think this happened, but your reasons wouldn't explain why not.

15
1

Punkt: A minimalist Android for the paranoid

doublelayer

Re: Rather a sad battery

The point of six weeks of standby is the three times as long you could do other things, like using the tethering if you have an account that will actually permit tethering for long enough to run the battery down. The benefit would be that, with a massive profit margin already, it could be useful to the user without doing much to the company.

0
0

Microsoft yanks the document-destroying Windows 10 October 2018 Update

doublelayer

Re: But that wouldn't bring three thousand million, seven hundred and sixty-eight deleted files back

Yes, this would have been much less of a problem if people backed up their files. That's correct. It's also quite relevant, except:

1. There are some people who never back up their files. They aren't reading this comment or this site at all.

2. Microsoft's update system is such that it will run the update when it wants to, without asking you. Therefore, you don't have the chance to say "Let me take a full backup of this before you do that."

3. Windows now gets updated a lot, such that you can't take a ton of time out of your schedule to do something unusual every time it does. I used to be in the camp of always doing a clean install if a new major version of the system was coming out, just to avoid any problems that the upgrade process has. This includes taking a full backup, both through my normal system and onto alternate media that is confirmed bootable or externally mountable in an emergency. I'm not going to do that multiple times a year, thanks.

13
0
doublelayer

Re: If this was an Apple product

"The user account I'm typing this from was first created in Tiger in 2005 and has been migrated through all the intervening releases."

In my experience, I've never seen it do anything to the user folder, or really most places on the hard drive. However, it does at times reset settings. You have to go to system preferences to switch them back. I've seen this on IOS too. It's not a terrible bug, but I set those settings and I'd like them to stay that way without my needing to go back in. I've also seen certain installation bugs (the one that hit me when high sierra was launched at me is particularly memorable). Still, I'd say that apple OS releases haven't really had anything as bad as this one on windows.

As usual, I'm glad that yours is working, but if others' systems aren't, there is still a problem.

10
0

On the third day of Windows Microsoft gave to me: A file-munching run of DELTREE

doublelayer

Re: Not a good look here.

"No they don't and no it doesn't. They get stored in the AppData profile "

A lot of stuff gets stored there, but I have several programs that put configuration in documents/$program_name/config or something. They usually don't give you any other option. Yes, they're bad programs, which is why I try not to use them. No, I don't have much choice not to.

I don't really have a problem storing data on the same volume as the OS, which simplifies things if I'm using a single-disk machine, like most laptops. However, since they made documents, etc. into libraries, which means that there are several things called documents that are not necessarily the same thing, I've not liked to use them. I mostly use folders of my own choosing, which also helps as I spend a lot of time in the command line when I'm on windows.

12
1

You dirty DRAC: IT bods uncover Dell server firmware security slip

doublelayer

Re: CIA? NSA? Not a bug, a 'feature'?

It wouldn't go through customs. A server manufactured in China/Taiwan gets sent to Australia and used for something $agency wants to receive, and it hasn't gone through a U.S. controlled customs. You could intercept it at the factory, or perhaps get the Australians to help you, but you can't get every one of them. And if the Australians will do that one, do you have the same relationship with every other country that server could be going to? Especially if the path is China->Iran, it won't be so easy for you.

0
0
doublelayer

Re: CIA? NSA? Not a bug, a 'feature'?

I'm as paranoid as the next security person but somehow I think that the tool that does this won't be something this version-specific. The espionage people wouldn't want something to break just because a new update was released. Also, they'd have trouble intercepting servers manufactured outside their borders between factory and customer. Not that they couldn't do it, but it would be harder to do so to a lot of people at once.

3
1
doublelayer

Re: I don't understand

I assume the key and a tiny bootloader checker is hardcoded into something non-writeable, so the code must be signed with the known key and checked before it runs. Therefore, new code can't be installed unless it's signed with the key, and without said new code, you can't ignore the key. Not perfect, but it will probably work. It would be difficult enough to run the previous exploit, limiting the number of people who have sufficient access, so this further restriction will probably reduce the likelihood that something of the kind will happen. Hopefully, dell has really good security on that key.

2
0

Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?

doublelayer

Re: One questions seems to have been missed

As I remember, elemental had a contract with an American intelligence agency, although I don't think they're still doing that. However, that could have made them a target at the time.

2
0
doublelayer

Re: Seems like Rube Goldberg approach to spying

That doesn't work. If anything modifies those chips later (I.E. the manufacturer updates something), your bug is destroyed. If the chip is tested, you are discovered. And you can't easily make new holes in the thing because you didn't design it. With a separate chip, the manufacturer updating a chip can't kill you, a test of a component cannot find you out, and you can use all those existing chips to hide yours, which can be really tiny and be set under another chip.

2
1
doublelayer

Re: Only just passes the plausibility test for me...

You are right about a lot of this, but have missed a few points:

It would indeed burn itself out and use too much power if running at CPU speeds. It doesn't need to. If the story is correct, it only needs enough processing to inject code into a serial line. That takes a lot less power. After this, the CPU handling the BMC handles all the work.

It probably wasn't (if it exists) created by the factory. Instead, the plans would have been created elsewhere, and a slight modification to the process would be necessary. I don't know much about the organization of Chinese motherboard factories, but if I had plans that were almost identical, I assume the factory could build them just as well.

The point about monitoring internet traffic is a good one. I don't have a great explanation for how that worked. The best I can come up with is that you could set up an image on such a system that could interact with the firmware and exfiltrate information into that VM, then hide the data as it is sent out from that VM with other expected traffic. Still, that's hard. If it actually exists and was used (it could be a sleeper system for some purpose), perhaps some network traffic systems aren't as thorough as we hope.

6
0
doublelayer

Re: Chinese agents slip spy chips into Super Micro servers

There are easier ways to have a backdoor, but this way is pretty good for having a backdoor that's hard to spot. If you simply replaced the chip containing the BIOS, made a backdoored flash chip, etc. then all you'd need to do to find them is to test that chip, as they do just to make sure they're working. If, for example, you took a flash chip and asked for its contents, it would be instantly obvious whether the contents were right or not. By having a separate chip to handle that, you would have to test all components of the board together, and that only helps if you know what to be looking for. For the people doing this, it would actually be easier just to see if you can find the chip in the board. So I don't know whether this chip was ever created or installed, but the details make sense if it was.

1
1
doublelayer

Re: One thing that apparently happened after this story was posted

While you can't be ordered to lie, you can be ordered not to disclose information. This leaves you with the following options:

Apple: No comment.

El Reg Readers: So clearly it's happening.

Apple: Definitely not. We can categorically deny all of this, in any terms you like. Just read out sentences and we'll tell you that it didn't happen, to avoid any sense of our being disingenuous.

El Reg Readers: It's almost certainly not happening.

Judge, 2022: The government finds for the plaintiffs, owing to clear falsehoods released by the defendant in an attempt to protect them from adverse actions on their share price... [until you fall asleep]

Apple: We can tell you that we aren't under a gag order, and that we haven't found a security device embedded in supermicro servers we purchased between the dates of ... [and other overly specific terms]

El Reg Readers: They sound somewhat confident. Maybe we'll believe them, but we're not entirely sure.

Meanwhile, if there really is no chip and therefore no order, you have the following options:

Apple: No comment.

El Reg Readers: So clearly it's happening.

Apple: Definitely not. We can categorically deny all of this, in any terms you like. Just read out sentences and we'll tell you that it didn't happen, to avoid any sense of our being disingenuous.

Apple attorneys: Yes, this didn't happen, but if you are that specific, someone could find a loophole and get you to say something that we could get attacked for. We don't have the time to evaluate any specific statements, so we should just issue our own denial, as specific as you think it needs to be.

Apple: We can tell you that we aren't under a gag order, and that we haven't found a security device embedded in supermicro servers... [extra details to assure people watching that they're being honest and really trying to demonstrate that there is no cause for worry]

El Reg Readers: They sound somewhat confident. Maybe we'll believe them, but we're not entirely sure.

3
1

Microsoft resurfaces Surface kit alongside Windows 10 update

doublelayer

USB-C

"The two portable Surface slabs rely on Microsoft's proprietary Surface Connect port and a USB-A port, which may annoy those who'd prefer USB-C."

I really don't care that much about the USB-C. I consider it a slight advantage to choosing what computer to buy if it has such a port, which frees me to buy things that connect using that port, but I don't own anything using USB-C connectors. In fact, if my only choices were "only USB-A" or "only USB-C", I'd have to go with the USB-A ports. The major problem is the fact that there is only one port. That's not going to work very well for a lot of use cases.

1
0

MIMEsweeper maker loses UK High Court patent fight over 15-year-old bulletin board post

doublelayer

Re: "Imagineer"?

What's wrong with "re-imaging"? Maybe I'm not thinking of the same definition as you are, but in the sense of "returning a computer or other device to a state where it was initialized to some level by writing a stored disk image to it", it seems descriptive enough. I do have a mild dislike of the term "Imagineer", though; at least I'd never want to be called such.

11
2

The ink's not dry on California'a new net neutrality law and the US govt is already suing

doublelayer

Legal basis

I'm having trouble with the federal government's arguments. I would think that, while the constitution/federal law can tell the states they must or must not do something, the FCC's removal of regulations on companies wouldn't count as doing that. For example:

Federal government: You must not allow people to buy uranium.

State: Citizens can buy uranium here.

Court: Sorry, state, the federal government told you that you can't do that.

Federal government: We don't care how much ethanol is in gasoline, as long as it is safe.

State: If you want to sell gasoline here, you have to include a specific amount of ethanol. Also, it must be safe.

Court: The government didn't say you couldn't do this, so that's fine.

Federal government: We are retracting our previous rules, so now the network companies don't have to adhere to any net neutrality regulations.

State: They have to inside California.

This sounds like the ethanol example. Maybe I haven't seen the relevant part of the regulations, but I don't remember their saying that states must not restrict things further.

9
0

Your specialist subject? The bleedin' obvious... Feds warn of RDP woe

doublelayer

Re: re: sucking data

The contest isn't between "RDP" and "VPN". It is between "RDP left wide open, with the only security being the password box" and "RDP with security built in". My favorite security built in for RDP is having it accessible on an internal network only, and then giving computers that are already on the network a method by which they can VPN into that network remotely. Your home computer can't get in in any case, and nor can the people just looking for targets. But really, a lot of things that are more basic can still fix this problem. You could use 2FA, or limit the number of password attempts, or block people who try too many times. Those won't fix all the problems created by having an RDP session running publicly, but at least the people running brute force password attacks won't be able to continue. And none of that is hard!

0
0
doublelayer

Useful advice that won't help

All of the advice is nice and useful, now all we need is for those people who haven't been following it to pay attention to an advisory about security and practices to do to make things more secure. Except the people who are insecure are lazy about their security, so they won't have paid any attention to the announcement. Anyone know a way to break this loop?

9
0

Facebook: Up to 90 million addicts' accounts slurped by hackers, no thanks to crappy code

doublelayer

Re: Data Slurping Company's Data Gets Slurped

WRONG.

"50m is only 0.0022421524663677% of 2.23bn so [...]"

5.7e7/2.23e9 = 0.02242152466367713

0.02242152466367713 = 2.242152466367713%

And the detection wasn't based on sequential accesses; we don't know in what order, if any, the accounts were accessed. The thing that tipped them off was the quantity of accesses, so the perpetrators could have gotten more data by slowing it down, potentially evading facebook security forever.

Also, the people didn't break in with the intention of taking facebook down. They wanted the data, and they got it. We don't yet know what they're going to do with it, but the results were intended to be and will be problematic for the users, not facebook.

1
0
doublelayer

Google-issued Captchas

I think they did that already. I notice a lot more of the message "Sorry, your computer or network is sending automated requests [it is not] so we can't handle your request [so I just give up]" when the email address isn't a gmail one. I have considered just never using such a site anymore, but that cuts out a lot of smaller sites that use it for spam prevention.

4
0
doublelayer

Re: Has anyone been informed by FB?

There is absolutely such information. I don't know how much facebook divulged to these people, but they could easily have gotten post history, images uploaded, messages between people, etc. This includes data that was not public on that person's pages. It is possible that the people may have gotten more information. It is not safe to use facebook for many reasons, this being only the latest one.

35
0

Cloudflare ties Workers to distributed data storage

doublelayer

It's not the sort of thing you'd want handling millions of rapid-fire financial transactions

What would a good actual use case for this be? Not in general terms; I'm asking for a specific application where this works better than a database or a set of databases that are stored across regions and coordinate. What benefit does this bring, other than being something that absolutely won't run on anything else without changing a lot of code, thus providing a sustainable source of income for whatever service provider the user starts with.

2
0

Amazon Alexa outage: Voice-activated devices are down in UK and beyond

doublelayer

Re: Hahahahahahahahahahahahaha!

Maybe because I have a long way to drive and the car could, by automatically driving me there, free me to spend that time productively? That's why I'd like a fully self-driving car, anyway.

I see a few limited use cases for these voice assistant things, such as the convenience of asking what the weather is and getting a response without getting my phone, unlocking it, and clicking an app. No, it doesn't change my life, nor does it really save that much time, but it is marginally more convenient so I'll use it for that purpose. Of course, I haven't bought one of these things, because they're unnecessary and creepy. I can already do this using the voice program the phone people shoved onto my phone without asking me, or with about ten other ways.

0
0

The 2018 ThinkPad X1 Yoga: A bendy-legged workhorse walks into a meeting

doublelayer

Re: So how is this a workhorse?

I know I'll get a lot of disagreement with this, but for many people, 16GB is a perfectly fine amount of memory. I don't know what you do, but I assume it's not one of those things. If you're using a lot of VMs, writing code in a large IDE with a lot of features turned on, or anything that deals with a lot of video and audio stuff, for instance, large amounts of memory can be very important. However, most business things aren't doing anything of the kind. Anyone who is just browsing, doing word processing, and using email and some videoconference thing won't need 16GB. I think that 8GB would be perfectly fine for that use case. Some business uses may need a bit more, such as the machine that's actually running that tremendously bloated financials package. However, a lot of places I've seen have moved that to a server with the machine just providing a frontend to it. That's another case that doesn't need a ton of memory.

I have a computer with limited memory. I'd love one with 32GB of memory, and if I had it, I'd find a way to use it. However, I handle certain exhaustive workloads and I tend not to run into a situation where my 16GB is insufficient. I have multiple VMs open at most times, each one having been given quite a bit of memory. Of course, some help may come from not running windows as the base OS, but even with that, you can still run quite a bit with 8GB memory, and 16GB, especially for a business machine, will work for almost everyone*. *Everyone refers to the business at large, not the technical areas, where the percentage is lower.

15
2

As one Microsoft Windows product hauls itself out of the grave, others tumble in

doublelayer

Re: schrodinger's browser...

What if it's one of those wonderful tabs that, when they crash, manage to take the browser or, if they're ambitious, the entire OS, down with them? Is that what quantum entanglement is like?

0
0

Turns out download speed isn't everything when streaming video on your smartphone

doublelayer

The best explanation I can think of is coverage, such that a country with good download speeds but bad video would have a fast network that isn't reliable, probably when moving. Video consumed while on a train or something like that could cut out a lot. But really, I have no clue. Maybe the article could get some more details?

1
0

Microsoft pulls plug on IPv6-only Wi-Fi network over borked VPN fears

doublelayer

Re: Why do we need IPv6

For example, if they have five different servers that could work, they don't need to have large load-balancers to handle that case. Five ports on a public IP would mean that there was a theregester.co.uk:443, theregister.co.uk:444, etc. Who is going to type :444 when they don't have to? Nobody. Five servers running internally that are mapped to the same IP takes more networking setup that isn't really necessary. If they have servers in different places, many places can easily direct people to a nearby one, but again, doing that with the same address, while possible, takes more effort than doing it with five distinct ones. If addresses had a good reason to be rare, then I'd have more sympathy with the argument that people are just wasting them and should be better, but there isn't such a reason, as addresses can be made extremely long and extremely plentiful. So go ahead, use a hundred addresses if you have a hundred things at the other end.

There are plenty of reasons to dislike IPV6. I agree with most arguments, even the often-attacked hard to remember the addresses argument. However, the argument that four billion addresses should just be enough for a world of seven billion people and millions of companies, including tech companies with a lot of stuff running on them, and that we should just fix the problem of people using too many addresses, seems foolish to me.

0
0
doublelayer

Re: Why do we need IPv6

I can see your point with most households, but there are some who will have publicly-facing devices and may need some more. In some cases, they may have small servers of some type, which could be quite a few. I wouldn't judge them without knowing their use case; they probably have their reasons even if you don't like them.

As for companies, there are some who use only shared hosting, and there are those who have several IPs for the web server alone. For example, The Register has five addresses for their web servers because there are real advantages that having one would not bring them. The company might have a lot of systems running that need to be public. It would be possible for one system to have the only public IP and direct traffic as needed, but it would be inefficient and a tremendous single point of failure with the capacity to bring down a lot of access should it break. Some of these workarounds are necessary with limited address space, but if more addresses are available, I see no reason giving people the benefit of the doubt that they need a few hundred addresses. Of course, deciding that the logical unit to give each user is a /48 (2^80 addresses) may be going too far in the other direction.

0
1
doublelayer

Re: Catch 22

If only the process of getting dedicated IPV6 sections for a single unit were more convenient. I had cause to try to get one, going for one block for an organization rather than getting one from the ISP because we have multiple areas served by different ISPs. I figured we could assign subsections to each area and have a coherent block. Of course, blocks for end-user use are only allocated at /48 blocks, because there is never any way we could run out of addresses if they hand quadrillions to each person who has a reason, but also it turns out to be nye impossible to get an ISP to accept a block that isn't directly from them. So, of course we're using blocks allocated from the ISP themselves, losing any coherence provided by the structure, and making firewall rules (E.G. people from location A may connect to the server at location B, but people from the wide internet cannot) more complex. This happens because we have to know each subnet that the ISP has provided if someone at one place wants to run up something internal, rather than knowing our address section (which, IANA, could be a /96 without causing us any problems whatsoever). I think they might have constructed that a bit better.

1
2

Bug? Feature? Power users baffled as BitLocker update switch-off continues

doublelayer

Re: Bit(un)locker

Incidentally, what's the benefit of storing the key in the TPM, without requiring a password, USB dongle, or pin to unlock it? The key is nice and secure, but the system can just read it and go right ahead. So the only difference is that if you steal only the hard drive, you can't read it. But if you steal the computer itself, you can just boot it up and attack the login window, which can gain you access to all the decrypted contents of the drive. Since encryption is primarily a defense against physical access and theft, storing a key in the TPM doesn't strike me as at all useful, let alone a good idea.

4
1

Cloudflare invites folk to dabble in the 'distributed web' with InterPlanetary File System gateway

doublelayer

So, this is... wait, what is it?

As far as I can tell, this is a version of the internet where everyone has to hold a bunch of data that no one needs because what if it dies? It can be annoying to get a broken link because someone's host has gone down, but it might be even more annoying to have to store a bunch of garbage that was posted at one point but has no purpose anymore. For example, could I use this as free storage for my encrypted backups, just by splitting them up and uploading them? How does the IPFS network feel about keeping that around so I can retrieve it by smaller and easier to store hashes?

Another problem is the hashes themselves. It's wonderful that they can make it impossible/somewhat difficult to replace data, but that is what normal hashes already do. I somehow need to get my hands on all the hashes I need, and it's not that hard to put in some documents that look like what I want, but contain sneaky tracking code and incorrect hashes to other files, then ensure I get the wrong one. The lack of a secure way to indicate locations means that the secure delivery once a hash is entered is a lot less valuable than it sounds.

2
0

Top Euro court: UK's former snooping regime breached human rights

doublelayer

Nail in the coffin

So this is another nail in the coffin of state surveillance, huh?

Hey! You've got to take those nails back out! You forgot to put state surveillance in the coffin before you started nailing it up! Next time we need something buried, we're going with a different group of coffin makers.

11
0

Apple in XS new sensation: Latest iPhone carries XS-sive price tag

doublelayer

Emergency call

Please tell me that this can be turned off. The last time apple did this, they did it badly. They installed an easy to call the emergency services using the same shortcut that used to be for respring (essentially, stop apps and reload the interface, but don't reboot), which could be useful if you were developing an app that had bugs and caused the phone to lag. So, I ended up on the phone talking to the emergency dispatcher who did not need to hear from me, and my phone was still laggy and required a force restart. If I was crazy enough to have the apple watch, what would happen if I dropped it on a desk, or I set it down to charge but accidentally knocked it off the table, or I dropped it somewhere where I couldn't get it, such as through a grate? I don't want to burden the emergency services with a bunch of useless calls.

9
1

Email security crisis... What email security crisis?

doublelayer

Re: Microsoft announces threat intelligence service?

Unless this has changed in the past two weeks, the phone number step is not required. Fill out the original form for a free account. They will demand proof of humanity, which I think is set to phone number. However, you can do a captcha, get a mail to another account, or donate to bypass this. Then you have an account. I speak from experience, having done this twice.

0
1
doublelayer

Re: Unsecure

That is exactly my point. It was easy enough for me. However, it involved using a gmail address. In the days when people are unwilling to trust gmail, what can I offer them as an alternative. Very little. It isn't possible to set something up that would be independent of it. In the end, you end up with a chain of things that are all tied to an email address, and the only place you can get one of those that isn't connected to another chain is a company that is external to you and that you may not trust. You major options are google, microsoft, and apple, with a few Russian and Chinese participants available too. I'm sure you can find some more that will let you pay them for access, but there is not a guarantee that they will be any more trustworthy. A new system may not fix this.

0
0
doublelayer

Re: Unsecure

One of the major security problems I have with email is how it is required by most things. Consider my recent attempt to switch from using a mail account provided by a company to having my own mailserver that would be more secure and more under my control. I've seen it recommended by a lot of people, so it should be doable, right?

I already own a domain name, but if I wanted to get one, the registrar requires an email address for the account. It can't be my new one because I haven't bought a domain name yet.

The place from which I'm buying my server space needs an email account. While I have a domain now, and thus could probably set up an address through it from the registrar's tools, they don't give me free mail facilities, and I don't want that anyway because I want to set up my own. So, since I don't have a running mail server yet, I can't use my new address.

Fine, so I can't use server space that I buy from a remote provider. Maybe I can get a static IP and run a mailserver on physical hardware in my house. The ISP requires an email address.

It seems that there isn't a good way to have an address that doesn't rely on an external address itself. I did end up setting up that mailserver, which now handles most of my mail. However, I still have to have that third party address, to deal with the messages and identification for my domain registrar and my server provider. I considered switching those accounts over to my new domain--I would have needed that third-party address at one point, but it could now be dispensed with--but then I realized that, should either the registrar or server provider become concerned and suspended the account or asked for additional verification, I'd be immediately locked out because I'd rely on the server they'd just cut off or shut down to authenticate myself. And people wonder why nontechnical users just set up free accounts with gmail. It's a losing game, it seems.

0
0

Dust off that old Pentium, Linux fans: It's Elive

doublelayer

Re: GUI ?

Of course you are right. There are a lot of good use cases for machines with 256 MB or less of memory. However, my original point with respect to memory was basically these two:

1. I wouldn't recommend the use of a machine with 256 MB or less of memory as a computer to be used as a desktop, running GUIs of multiple applications,

2. I wouldn't recommend a pentium computer (referring to pentium meaning the typical age of chips called pentium when they might regularly be shipped with 256 MB of ram) for any purpose. Among the reasons for this are power efficiency, raw processor speed, memory speed, and speed and reliability of the disks typically found inside these things.

2
0
doublelayer

Re: Best live distro to run from a USB

In general, whatever distro you already use, minus some stuff that requires a lot of disk access. If, for example, ubuntu is your wish, just install it, pick a desktop that you like and that doesn't lag much when you run it on the oldest computer you have, and install the utilities and applications you'll use when the machine you're using your USB disk on isn't connecting to the network. I'd suggest making a partition on the disk for general data storage that can be safely mounted and written to by other systems, so you can continuing your USB drive as a drive and for dealing with data stored on encrypted disks you can't mount when booting directly, and you'll have all you need. With very few exceptions, any linux distro will run well enough. Some desktops will use a lot of resources, especially disk, so they might not be available to use while retaining your patience, but there are many, including mate and KDE, that run perfectly well.

1
0
doublelayer

Re: GUI ?

I can't really see the use case for a pentium with 256 MB ram. Anything that still needs one will probably also require whatever software was running on it already. Otherwise, a better computer can be had for $5 for the raspberry pi zero. A better computer with a screen can be had for $25-40 if you look for a used laptop being sold on your used-goods-emporium of choice. Power consumption means they aren't even good for places that can't afford modern systems. What's the point?

5
1

Trend Micro tools tossed from Apple's Mac App Store after spewing fans' browser histories

doublelayer

Re: It wouldnt be a Trend Micro product otherwise

I've seen it used as well. The version that we had had a scan scheduled every week during the middle of the afternoon on Wednesday, when you were working. The software would courteously ask you to confirm the scan, with the option to delay it. Nice and respectful, no? No, not really, because the delay function didn't work all that well, and would sometimes delay all the way until you logged in on Thursday morning, when it wouldn't ask you but would just cheerfully scan everything with the accompanying lag in performance. And because whatever group was responsible for scheduling the original scan for when people were working, most users would go with the only guaranteed way of continuing to be productive: clicking the "skip this scan" button every single Wednesday.

0
0
doublelayer

Re: 1 - 2 - 3 - Not it!

Yes, that's so. How does it work if it went like this:

Due to GDPR, we require to accept our terms of service and privacy policies for doctor antivirus [tm] to REMOVE ALL MALWARE from your system. In order to perform our 99% effective algorithms, we will need to collect information about whether the code crashed [several more clauses] and some information about your computer [left unexplained]. Please check these boxes to note that you understand that we take your privacy and security seriously, and then we'll start our medical scan [tm] algorithm to find the malware that caused you to install this in the first place. Just check these boxes, and it's all done!

I certainly hope it still works in that case, and I'll cheerfully watch on as Dr. Privacy Cheat and the rest of their software earns them a massive bill. However, I figure that lawyers eventually figured something out with regard to that particular issue.

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018