* Posts by Chris C

671 publicly visible posts • joined 6 Oct 2007

Page:

Microsoft conjures imaginary 'Apple Tax'

Chris C

Color me shocked

Gee, Microsoft is lying in its advertisements? Wow, color me shocked. I never would have imagined that they could possibly stoop to that level. Just as I'm positive that Apple has never done the exact same thing. Of course, Apple goes one step further in their ads by attacking PCs (the hardware) as opposed to Windows, as if a PC running Linux suffers from constant failurs and/or malware attacks. But it's not "cool" to diss Apple, so we won't mention that.

What's the point of this article, really? Is it just a chance to bash Microsoft since that always seems to be "cool"? I got bored halfway through and only skimmed through the rest, but that seems to be the only point. If I were cynical, I might suggest that this was written by an Apple fanboi due to its overly defensive tone. Face it, both Microsoft and Apple are huge corporations that lie, cheat, and steal to get what they want. And yes, a LOT of people DO buy Apple computers because it's the "cool" thing to do.

Oh, and in response to the last paragraph, I've never had the need for a "regular malware-purging system enema", I've never lost time wrestling with an OS, and I don't need Jägermeister to calm any Conficker jitters since I have no such jitters. The same can be said for everyone I know who uses Windows So who's lying now?

I've said it before, and I'll say it again -- damn, I miss Ashlee.

Conficker botnet remains dormant - for now

Chris C

@ Pierre

"And, more importantly, even if you DO manage to disable autorun -not a trivial task-, there's no telling *when* it will automatically switch back on (note the *when*, not *if*. Because it *will* turn itself back on)."

That's funny. I've had my system since 2004, and since I disabled autorun during my initial software install, it has never turned itself back on. Five years, and it's never turned itself back on. So tell me, when should I expect to see it happen?

Also, this shouldn't need to be pointed out, but obviously it does -- if you have a piece of malware installed on a drive and it's activated through autorun, then you were in trouble before you were infected. Allowing people to write to your drive and indiscriminately popping CDs and flash drives into your system are actions that you control. As such, you are the one responsible if you become infected through such methods.

Now, I will wholehearted agree that Microsoft is partially to blame if you became infected through a fileshare because of their inconceivable and inexcusable decision to have a blank password for the Administrator account, and then not give you access to the Administrator account (unless you use Safe Mode, or unless you know that hitting CTRL-ALT-DEL twice will bring up the normal type-in-your-username login box). Having said that, you still should have known enough to not use blank, default, or easy to guess passwords.

Chris C

re: Just give them time

"Maybe people who's computers are trashed by things like this should sue Microsoft for creating an attractive nuisance, on the grounds that if they'd secured their software properly this type of thing wouldn't happen"

Get a grip, and stop being a total idiot. Yes, Windows has vulnerabilities, however a patch was released for this one LAST OCTOBER. The reason there are so many infected systems is because people don't install updates when they should. Using your logic, an ISP who is experiencing increased traffic because of a virus should sue their customers on the grounds that if their customers secured their systems properly, it wouldn't have happened.

We have this thing called personal responsibility. I know most people deny its existence nowadays, but it's still there. YOU are responsible for what you do. Period. If you stick a knife in your eye, you are the responsible party. If you stick your hand in a fire, you are the responsible party. If you connect your computer to the Internet without the proper defenses, you are the responsible party. If you indiscriminately browse and download, and thus become infected with something, you are the responsible party. Do you recognize a pattern?

I'm no Softie, but this time, they're not the bad guy a lot of people are making them out to be. This time around, the blame lies with the people who became infected.

Chris C

Shoot the media

A few people have been sending me links to articles this past week about the Conficker malware (whether you call it a worm, virus, or whatever). All of the articles make it out like it's the worst thing in the world, that it will destroy civilization. Usually, I have to stop reading well before the end of the articles, as my blood has already reached the boiling point from the outright lies being told.

Making people aware of malware is good, but lying and/or purposely playing on people's fears helps nobody (I've even heard people claim that this is an attack by Al Qaeda to funnel money from everyone's bank account, launder it through multiple offshore banks, then deposit it into their accounts). But what was with this unhealthy obsession of April 1? What, just because the worm was set to do something different today? Guess what, people? EVERY DAY could be the day this malware becomes destructive. To think we're "off the hook" simply because a single day has come and gone is ridiculous.

Simply put, today was no more or less dangerous than any other day for this or any other piece of malware. Watch where you go and what emails you open, keep your system (all software) up-to-date with the latest patches, use a firewall (preferably hardware), and use antivirus (though antivirus, reactionary by definition, has become pretty meaningless in today's environment). Do that no matter what OS you use (no, OSX and Linux are not un-exploitable, so you are not immune). Put another way -- use common sense. To be even safer, use Firefox with Adblock Plus, Flashblock, and NoScript. And if you think your system is infected with something, get it looked at immediately. Period. Don't let the current date or any media hype sway you in any way.

I've been online since 1992 (BBSs from 1992-1996, and the Internet from 1994 to present day), and I've only only been infected once. That happened within this past year because I wasn't paying attention when I clicked on a link on a Google search results page (for the record, I was searching for "set-cookie"). Simply visiting the page, no further action required, got me infected. That's what convinced me that I needed NoScript. But that's the only time I've ever been infected in 17 years. Use common sense and caution, and you have little to fear.

Now, if we could sandbox browsers (and the apps/plugins when called from browsers), we could drastically cut down on infections, but that would require a radically new way of thinking about security. Perhaps it's time we started thinking about only allowing whitelisted software.

Bondage bonzer for bonding, beam boffins

Chris C

Makes sense to me

At first thought, it might seem strange or even contradictory that engaging in S&M activities would bring a couple closer together. However, the more you think about it, the more you realize it's the logical conclusion. Simply put, when you become submissive and effectively give yourself to someone to do with as they please, you're doing so because you trust them completely. I'm sure there are instances where that's not true, but I would guess that it is true in most cases. That trust, and the reinforcement of that trust through such activities, will inevitably bring a couple closer together.

Carbonite tells Promise: You're toast

Chris C

Idiots

What a bunch of total idiots. First, everybody who is serious about data integrity knows not to even consider Promise controllers. No offense to them, but their products just are not enterprise level. They may work on your two-drive RAID0/1 home system, but even those have a habit of failing in my experience (on both Windows and Linux). Add to that the fact that all the Promise controllers I've ever seen aren't real (hardware) RAID, but are basically multi-port controllers with the software (hence, the system's CPU) doing the real work. There's a reason the cards are cheap. Inexpensive, too.

Regardless of which manufacturer they chose, who was the idiot that designed the arrays? So here you are running an online backup system, and you don't have a backup? Huh? What? I'm sorry, I'm having "if it weren't for my horse..." flashbacks. Unless the controllers failed catastrophically, you would be able to replace failed drives with no data loss. That is, unless you designed a horrible array which virtually guarantees data loss (too many drives in an array, RAID0, etc).

Oh, and here's the relevant part of the article (and of the product) -- "The array product was WARRANTED for three years..." Please note the terminology. Warranted, not guaranteed. There IS a difference, a very big difference. Guaranteed not to fail means "it won't fail". Warranted not to fail means "we'll replace it when it fails". EVERYTHING electronic WILL fail. It's not a question of "if", it's a matter of "when". Also, if you read the documentation that came with the product, I'm certain it will say that they are not responsible for losses, including data and financial losses, and losses to your reputation, and it most likely also states that there are no guarantees, either express or implied.

But again, seriously, what kind of backup company doesn't make backups of its data, especially when it's someone else's data? To store data on any kind of RAID with no backup is just asking for trouble. If your OS acts up and writes bad data, or the system gets infected with a virus, or a disgruntled (ex-)employee decides to trash the data, you've just lost your data while the RAID controller did exactly what it was supposed to. Any backup company which can't design an appropriate array or follow basic data integrity practices (including keeping multiple backups, including at least one off-site backup) deserves to go out of business.

Third e-bike to line up for 'zero-emission' TT sprint

Chris C

Can't... stop... laughing...

Wow. This might just take the cake for the most useless piece of shit ever. First, it's UGLY. No biker would be caught dead on that thing. Actually, that's the ONLY way a biker would be caught on it -- dead, because no biker would voluntarily get on that thing. But even more horrific is the maximum range. Are you kidding? Forty-five miles?!? Regardless of recharge time, no biker would even consider getting a bike with a maximum range of 45 miles. It's just not going to happen. That's less than an hour of riding. Has this company ever spoken to a biker to find out WHY they own a bike in the first place? It's not just a way to get from point A to point B, but that's all this thing is good for, and probably not even that.

Worship Google, banish those broke business blues?

Chris C

How to make money

I have not, and never will, read the book, as I never drank the Google Kool-Aid. I have no problem saying that Google is evil or that Google wants to take over the world. With that in mind, this book sounds more like a comedy to me, but I have no doubt that the author is being sincere is his words. What scares me is the fact that many people agree with it.

Regardless of what you think of the book, the author is doing exactly what he should in order to make money -- tell people what they want to hear. Books like these are not meant to explain anything, and they're not meant to offer data or a convincing opinion. The types of people who read these kinds of books already have an opinion, and they're looking for someone else to validate their opinion, to tell them that they're right and everyone else is wrong. Things like truth and facts merely get in the way, so we can easily disregard those in the quest for the almighty dollar. Hell, I might do the same thing if I was ethically bankrupt. Sadly, I've been saddled with ethics and morals, and am thus kept down here with the rest of you.

eSATA: A doomed stopgap?

Chris C

Speed hype vs real speed

One thing nobody has pointed out yet is that USB is a shared bus. Actually, one other commenter did point it out, but they pointed it out as an advantage. It's not. A shared bus is a disadvantage when you're talking about storage devices. With my USB2 connection, I have an approximate bandwidth of 48MB/sec. That 48MB/sec is shared between my external hard drive, external DVD rewriter, UPS, mouse, keyboard, and audio device (Zoltrix 5.1-channel). It may not sound like much, but trust me, it is. Without music playing, I can burn an ISO to CD at an average speed of 48x. With music playing, burning that same ISO reaches a maximum of 42x.

Will that really make a big difference? It depends on what you're trying to do. If you hook up multiple external hard drives, then USB will most definitely slow down transfers when both drives are transferring simultaneously. With an eSATA connection for each drive, each drive would have its own channel, thus its own dedicated bandwidth, so it wouldn't be slowed down.

Also, as others have mentioned, USB is *VERY* CPU-intensive. When playing music from WinAmp through my laptop's internal Conexant HD Audio output, my average CPU usage is 1% (as you would expect when it's not doing anything else). When I switch the output to the Zoltrix 5.1-channel USB audio output, the CPU usage averages 14% (it averages 14% whether I set it for 5.1 or 2.0 channel mode). When I look at the processes, the System Idle Process averages 97% and the System process averages 3%, yet the total CPU Usage shown at the bottom of Task Manager shows 14%. That very clearly illustrates that the USB bus (specifically, sending the audio data to the Zoltrix) is taking up a lot of the CPU's time.

USB is a good idea for general connectivity, though something does need to be done about the CPU usage. But no matter how you look at it, USB is not the bus to use for storage.

Juror tweets could force retrial

Chris C

Didn't think he broke the rules?

How can this idiot NOT think he broke the rules? What part of "you're not allowed to discuss this case with anybody" did he not understand? Did he honestly think publishing information about the case would not be considered wrong if nobody spoke back to him? I may not like jury duty, and in my younger days I always hoped I wouldn't be picked for a jury (and luckily, I wasn't), but in theory at least, it's the best method we have. Unfortunately, people's rampant stupidity has turned it into little more than a mockery of justice. In cases like this, I think it should be declared a mistrial, and the offending juror should be charged with obstruction of justice and have to pay the full cost of the original trial (court costs, lawyer's time, everything). Maybe then jurors wouldn't be such idiots.

London stab murder rate entirely normal, says top stats prof

Chris C

SHOULD be?

"Four murders on the same day in London would be expected to occur about once every three years, and it has done," says Spiegelhalter. "Seven days without a murder should occur about six times a year, and it does."

Um, no. Seven days without a murder SHOULD occur fifty-two times per year.

iPod Touch torches tyke's trousers

Chris C

Whatever

Regarding the line about him suffering for the rest of his life, I, like most of the commenters, offer a hearty "FUCK YOU" to the dumb shit who uttered that line, and a mighty boot to the head to anyone who actually believes it.

As for the child's leg burns, I'm not too sympathetic there, either. Why? Because he was stupid. If I heard a pop and felt my leg getting hot, do you know what I would do? I WOULD TAKE THE DAMN DEVICE OUT OF MY POCKET! I would not remove my pants, and I would not run to the bathroom. I would remove the device, thereby eliminating any chance of serious burns. It's not like we're dealing with a child of diminished intelligence here (are we? Well, it IS Kentucky...). This was a 15-year-old who, if he had average intelligence, would have removed the offending device immediately.

And, of course, a hearty "FUCK YOU" to the twat who filed the lawsuit. Shit like that pisses me off. It's as if everybody forgot the meaning of the word "accident". I really wish judges would exercise some backbone and point out that these types of lawsuits are, for the most part, frivolous, and punish the plaintiffs accordingly.

Right-wing Oz politico in nude snaps rumpus

Chris C

Why is this an issue?

Could someone please explain to me why this is an issue? It seems that whenever pictures or a video is released of someone having sex, society in general says "Oh my, what a tramp! Let's ruin his/her career/life!" Why? You didn't think the person was celibate, did you? So if you already thought the person was sexually active, then why do photos or a video affirming your assumption cause any reaction at all, expecially a negative one?

Similarly, and more to the point of this article, why does a person posing nude thirty years ago have any bearing on their career/life today? Even if posing nude is taboo to you, you have to admit that people change, and people can change quite a bit in thirty years. Add to that the fact that young people often do things without thinking of the consequences, and you're likely to find things that would be out-of-character with who they are when they're thirty years older.

Ma McKinnon plans musical extradition protest

Chris C

@Steen Hive

"His motivations are relevant. Maybe not in the disneyland justice system, but in the UK they are... Are you saying people should be locked up for decades under trrrrrist legislation for visiting 'unauthorised' pages at http://www.cia.gov for example? Get a life... These numbnuts left their computers wide open in a public space - trespasser? arguable - trrrist? fuck off."

Wow, what a spectacular piece of ignorant rambling showing absolutely no common sense or comprehension of simple thoughts. I never once called McKinnon a "trrrrrist" as you so eloquently put it (that would apparently be "terrorist" to the rest of us). Nor did I mention any sentence duration or a specific criminal charge. That was, apparently, something you conjured up using your imagination. And I'm sorry to say it, but your defense of him doesn't hold water. He admitted to accessing systems without authorization for the explicit purpose of attempting to access information he was not authorization to access. That's quite different than visiting a website. It is also NOT arguable that he trespassed. Even if the system administrators were incompetent and used easily-guessable or default passwords, it was STILL trespass. He knew beyond a shadow of a doubt that he was not authorized to access the systems, and he then proceeded to access them without authorization. That's textbook trespass. I suppose you think that if I don't have a fence around my property and don't keep my door locked, then you're free to come in, have a look around, watch my TV, eat my food, and generally make yourself at home? After all, without a fence, and especially with my door unlocked, my home must be open the the public, right?

Do I think McKinnon is a terrorist? No. But then, I never once said he was. Knee-jerk reactionists like you are just as bad as the knee-jerk reactionists in the government. Do I think he should be locked up for a significant duration of time? I haven't formed an opinion as to that because like you, I don't have all the facts. Unlike you, I won't make assumptions to replace the facts I don't have.

For those who think he shouldn't be locked up, and saying he shouldn't be extradited, ask yourselves this -- how would you feel if a US citizen hacked into the Parliament systems and started snooping around? It's not about national protectionism or embarrassment, it's about a crime being committed and responding appropriately.

Chris C

re: Ma McKinnon Sing In

"Gary should stay in the U.K to face a Jury of his peers as his right under the Magna Carta."

The Magna Carta says that if you violate another country's laws and cause real damage (be it physical or financial), you have the right to be tried in your own country? Funny, I don't remember that part. I do see this:

"No freeman shall be taken, or imprisoned, or disseized, or outlawed, or exiled, or in any way harmed--nor will we go upon or send upon him--save by the lawful judgment of his peers or by the law of the land."

But nowhere does it say that you can be tried in your own country for violating another country's laws. In fact, "or by the law of the land" explicitly states that a person may not be tried by his peers.

The facts are simple. He was purposely and voluntarily accessing US government computer systems without authorization, and he knew exactly what he was doing. The reasons for his actions are irrelevant. The incompetence of the administrator(s) for the machines he accessed is irrelevant. He knowingly accessed the systems without authorization. Period. As for the Asperger's Syndrome, I seriously question the authenticity and accuracy of that diagnosis since it only came up once all other efforts to escape extradition failed. In other words, it's a little too convenient and coincidental.

That said, I hope he's not extradited. I don't want my tax dollars paying to try this idiot (and if convicted, to keep him housed, clothed, and fed). You guys can keep him.

Visa yanks creds for payment card processing pair

Chris C
Happy

There is no security

While PCI DSS compliance may help prevent some attacks, it, like everything else, does not guarantee security. Since processors must accept unsolicited data from untrusted sources (sources they do not control and therefore cannot be assured of anything), and because they use general-purpose software running on general-purpose operating systems which themselves run on general-purpose computers, there is literally no way to guarantee security. There could be any number of vulnerabilities in the hardware itself, the OS, the apps, the communication medium, or through social engineering. That said, they (in theory, at least) do cut down on the possible exposure to known exploits.

Simply put, people have to realize that compliance does not guarantee security, especially since the processors are only audited (tested) once per year. McAfee's "hacker-safe" tests sites every day, and even that doesn't guarantee security. It just means that the sites are protected against known exploits.

re: Disingenuous -- "Visa does not supply a one time tokens, banks do... They need to provide a one time token for their Visa cards..." Your argument falls flat on its face when you realize that Visa does not provide cards, the banks (the ones lending the money) do. They (the banks) are the ones who decide what type of cards to use and what level of security the cards use.

re: "Retrospectively decertifying them on the grounds that 'Oh, well if they got hacked they must not have been secure after all', merely points out that the original certification process is worthless and guarantees nothing." The article mentions nothing of the sort. It does, however, say ""Based on compromise event findings, Visa has removed Heartland and RBS WorldPay from its list of PCI DSS compliant service providers", which is something very different. Most likely, it means those processors were storing data they are not allowed to store, or the findings showed that they did not have the proper protections in place. Since they don't explicitly say, we don't know why the processors were decertified. However, as I pointed out above, even full compliance is not a guarantee of security.

Simply put, there is literally no way to guarantee security. Ever. Period. You can do a lot of things to lower your risk, but there will never be guaranteed security. Once you accept that, then its time to move on to try to find a balance between acceptable risk and inconvenience and cost.

ISS crew flees flying space junk

Chris C

They don't know?

"Crew members have sheltered from debris in a Soyaz as many as five times in the past, NASA said."

"As many as"?!? Am I the only one bothered by the fact that NASA doesn't even know how many times the crew members fled to the escape pod? In other words, even NASA doesn't know what goes on up there. I'm so glad my tax dollars are hard at work.

Science-boosting thickie questionnaire backfires

Chris C

How do they know?

"Only 59% of adults know that the earliest humans and dinosaurs did not live at the same time."

Really? I would guess that ZERO percent know that. Unless they're saying that 59% of the people surveyed were among those "earliest humans", or unless they're using an unusual definition of "know". Since we're talking so many thousands/millions of years, it's safe to say that we don't know. We can make guesses based on fossils and carbon dating, but that's all they are -- guesses. Unless, of course, your god told you.

Court rules 'ceaseless liability' for net libel fine for free speech

Chris C

How is this fair?

To those people saying this seems fair, I ask you -- exactly HOW is this fair? They're taking two identical acts (publishing to a physical medium versus publishing to a digital medium) and treating them differently. Unless, that is, you believe that when an article is considered defamatory or libelous, every single copy of the paper containing the article is considered a separate publication and is thus a separate actionable entity.

"The High Court ruled that, based on a case from 1830 involving the Duke of Brunswick, a new defamation occurred every time a piece was published. This meant, it said, that a new cause of action occurred every time defamatory material was accessed on the internet."

I wholeheartedly agree with the 1830 ruling. The key is the word "published". "Published" does not mean "accessed", and never has. Are they actually saying that if a newspaper published a single copy of a paper which defamed someone, then that person could sue the paper every time somebody read that one copy of the paper? That's what this new ruling says with its interpretation of "published == accessed". In fact, using that logic, I could sue a company every single day if they published something defamatory about me. All I have to do is read (access) it each day. What a way to make money!

"Published" means "written and made public". "Accessed" means "retrieved (and probably read)". There's a huge difference. "Published" only equals "accessed" in the same universe in which "made available" equals "up/downloaded, thus guilty of copyright infringement".

The long road to Reader and Flash security Nirvana

Chris C

re: A great problem indeed

While I can understand why you think Adobe should have a separate systray app to check for updates, I'm torn on that issue. While I do think software products should have auto-update mechanisms that the user can choose to use (or choose to not use, if the user so desires), I feel that every product having its own updater is an unnecessary drain on system resources.

What software authors should do is agree on a framework by which product updates can be looked for, downloaded, and installed. That way, the user could install a single application which could keep all installed products updated (similar to the way various Linux distributions use one updater app, but instead of updating software packages from the distro's repository, the app would check for and update from each product's home). With that approach, the user would only need one updater app, thereby reducing the resources consumed and allowing much greater control over the updates (frequency of checks, choose whether or not to create a restore point before updating, update method [auto, download+notify, notify-only], etc). But for this to work, software authors would have to agree on a standard update method for checking versions of installed products, checking the product's home for the latest version, how to download the latest version (including any required user authentication), and how to update the software (whether the patch would be an .exe, .msi, or some other format). Preferably, Microsoft could integrate Windows Updates into such an updater so that all updates can be done from one app. It would be much more convenient for the user, and much less confusing to the user.

Eset false alarm puts system files on remand

Chris C

Credit where it's due

"The issue is more severe when system files are miscategorised as malware, as in this case, but Eset deserves credit for responding promptly to the issue."

Yes, Eset deserves credit for responding promptly to the issue. However, Eset also deserves negative credit for obviously not properly testing the definition file before they went live with it. I'm not saying they should test every OS ever released, but at least test it with the ones which are still in common use (which, for Windows-based AV software, would be Windows 2000 and later). If they had done that, the problem never would have been seen by the public.

Barnes & Noble muscles Kindle with e-book buy

Chris C

re: I don't think you get e-ink, Chris

"e-ink isn't like a LCD screen. e-ink displays are of higher DPI than most printed books, so they're hardly going to enrich optimetrists - the opposite, if anything."

Please go back and read the article. The article (and my comment) was not about e-ink, it was about e-books. There *IS* a difference. Specifically, please note the first sentence of the second paragraph:

"The cash acquisition comes just days after Amazon extended its Kindle e-book store to support the iPhone and iPod Touch for US customers."

That kind of kills your reliance on e-ink, don't you think? That is, unless you're saying that the iPhone and iPod Touch use e-ink for their displays.

"While some providers charge high and use DRM, others like Baen completely eschew DRM, and their books are typically $5-$6, far less than the £6-7 which is charged for paperbacks in the UK."

So because (at least) one supplier sells their e-books for less than the physical product, that means I cannot make a statement about future prices (or the average price in general)? Well, in that case, Fat Wreck sells their CDs for $12.99 and under, so I guess I can't ever mention that most CDs are commonly sold at prices up to $18.99 or even $21.99 now.

Chris C

Optometrists rejoice

Digital books will be one of the best things to happen to optometrists. Their business will go through the roof. Seriously, how long have optometrists (and health professionals in general) been telling us that spending hours looking at a monitor/screen is *NOT* a good thing? So what do we do? We take one of the last bastions of non-monitor/screen entertainment and put it on a monitor/screen. Bravo!

The really funny part will be when the digital copy of a book is more expensive than the physical product. This is already the case with many of the CDs I've purchased in the past year. I bought the CDs on Amazon for a (regular, not sale) price of $4.99 - 7.99, while they were offering the same album as MP3 tracks for $9.99. So that's $4.99-7.99 for a lossless, physical product which I can rip to any format I want , or $9.99 for a lossy 256kbps one-time-only MP3 download. Hmm, that's a tough choice.

It will be similar for books vs ebooks. A book is a physical product which I can take anywhere, loan to anyone I want, it requires no electricity or batteries, and I can use it any time I want (provided there is enough light to see). An ebook is a digital product which is tied to (a) specific device(s), cannot be loaned to anyone, uses electricity/batteries, and has limited use (batteries need to be charged, and can't be used in areas which prohibit electronic devices). As with my CDs, I'll stick with the physical product.

Conficker gets upgraded with defenses

Chris C

@AC 12:37

"I don't think for a second that a US-based non-profit would go to the trouble of creating or financing the creation of a worm to infect 100,000 to 10,000,000 PCs (causing who knows how many $ in damage) for the purposes of driving domain sales up by 30% - for only a single day."

Did I misinterpret the quote from the article?

"Up to now, a pseudo random domain name generator produced 250 addresses that infected machines reported to each day... The new component ups the ante by increasing the number of domains to 50,000 per day"

I take that to mean that the original strain produced 250 (unique) addresses every day, and that the new variant increases the number of (new) domains to 50,000 every day (not 50,000 domains total). Do I believe that ICANN is the cause of the new variant? No, I don't. But if they get 50,000 new domain registrations every day (or even a fraction of that), it's hard to ignore the boost to their profit, and hence a possible link.

As for your non-profit comment, don't be so naive. A *LOT* of non-profits are in the business of making money. They just make sure to stay just on the right side of the law. How do you make sure you don't have any money left at the end of the year? That's easy. Pay your execs outrageous salaries and bonuses, just like in private industry. Please don't misinterpret "non-profit" to mean "altruistic". I made that mistake once, but have since been shown how wrong I was.

@ David Wilkinson:

Nooooooo!! That would be just what we need, even greater powers legitimately given to the government organizations. Hey, let's make it legal for the Department of Homeland Security to hack into our computers when they've proven time and time again that they can't even protect themselves. Yes, I know you specifically said "FBI", but with such a law, all government organizations would be given the power.

No, we don't need to legally allow people to hack into systems in order to clean infections. That would make the "good guys" no better than the "bad guys". What *WOULD* be helpful, however, is to set up a framework which would allow researchers (and others) to notify ISPs if the ISPs customers were infected. The ISP could then search* for the identifying traffic and alert the customer that they may be infected. If the customer continues to exhibit signs of infection, allow the ISP to sandbox the customer, either cutting them off completely, or only allowing them access to specific sections internal to the ISP where customers can find information regarding their infection and how to clean it. That, however, would require input and cooperation of ISPs who may not want to go along with it.

* By "search for the identifying traffic", I'm speaking real-time searching, not logging of any data.

Chris C

Call me cynical

"Up to now, a pseudo random domain name generator produced 250 addresses that infected machines reported to each day. The industry consortium... snapp[ed] up those domains... to prevent the infected machines from sustaining further damage... The new component ups the ante by increasing the number of domains to 50,000 per day... 'It's clearly trying to work around the work of the cabal,' Vincent Weafer, vice president of Symantec Security Response, told The Register."

That's one way to look at it. Another way to look at it is that it was created (or modified), directly or indirectly, by ICANN specifically to gain additional profits by collecting their $0.25 fee for each of those newly-registered domains. But nobody here would by cynical enough to think that.

Stargazers spy elusive binary black hole system

Chris C

@ Chris Miller -- Pedantic correction to a pedant

"10 ^ (8.9 - 7.3) = 10 ^ 1.6 = 40 ... So the larger object is 40 times heavier (800 million Suns), not 50 as stated in the NOAO article."

Since we're being pedantic, I feel I should point out that it would NOT be "40 times heavier". 40 times heavier would be a 40X increase, which would result in a 41X multiplier. It would, however, be "40 times as heavy". This mistake is made far too often.

I'll also point out that the NOAO quote can be easily misinterpreted. "The smaller black hole has a mass 20 million times that of the sun; the larger one is 50 times bigger..." It's easy to interpret that (based on the writing, not the maths) as saying that the smaller black hole has a mass 20 million times that of the sun, and the larger one is 50 times bigger than the sun. And, of course, it must be questioned whether they meant the word "bigger" or "as big".

Windows 7 test build 'turns off' Internet Explorer 8

Chris C

Turned off how?

I don't have Windows 7 (and I won't get it), so I must ask here -- is IE "turned off" in the sense that it really won't run, or in the sense that the shortcut simply won't load the IEXPLORE.EXE executable?

For example, with WinXP and IE6, I can click the "Internet Explorer" shortcut to start IE and browse to any website. I can then enter a local file path in the address bar (say, "file://c:/") to browse my local filesystem. Wherever I browse to, Internet or local, IEXPLORE.EXE is the executable/process used.

If, however, I open "My Computer" (or use the shortcut for Windows Explorer), it shows my filesystem, and the help menu shows "About Windows". If I then go to the address bar and enter a website URL (say, "http://www.example.com"), that window is transformed into an IE window and the help menu shows "About Internet Explorer". Wherever I browse to, Internet or local, EXPLORER.EXE is the executable/process used.

Vatican vetos 'dot god' domain

Chris C

Fewer, not more!

We don't need more TLDs. What we need is to get rid of TLDs. There's no reason to have TLDs. The only thing they do is confuse people by allowing multiple companies/individuals to register the same name but with different TLDs (such as whitehouse.com and whitehouse.gov), and increase ICANN's and registrars' profits by artificially forcing companies to register multiple domains to (hopefully) prevent squatting.

It could be argued that TLDs are beneficial in the sense that each TLD can be administered (hence controlled and maintained) by a separate entity, and that entity is responsible for that TLDs root nameserver. Neither of these carry much weight, however. ICANN/IANA can simply stop allowing domains to be registered by that entity, and the global root servers could stop resolving queries for the TLD (at which point you would need to know the IP address(es) of TLD's root nameserver(s) in order to determine the IP address of a domain in that TLD).

EC retires the Microsoft watchdog

Chris C

@AC 01:47

"@ Pirate Dave : sure, they could do that. But in the real world why should they? It's their product so what they parcel with it is up to them. The whole anti-competition thing, in this case at least, is invalid."

You would be entirely correct if you weren't so absolutely wrong. There's a reason we have anti-competition laws. In this case, Microsoft is using it's dominant OS position (monopoly) to artificially increase adoption of it's browser (gain a competitive advantage in another area). Many people have used the line "But they give IE away for free, so it's not as if it makes them any money". This line is both true and false. It is true that Microsoft gives IE away at zero cost. However, it is false that it doesn't make them any money. It doesn't directly make them money, but the indirect money is very lucrative. It goes like this -- 1) bundle IE with Windows; 2) people use IE because "it's already there, so why should I bother finding another one?"; 3) websites code to IE's non-compliant browser because that's what the majority of people use; 4) those websites won't work on non-IE browsers; 5) IE is only available for Windows; 6) If you want to browse those websites, you'll need Windows.

As for the question of how to obtain a browser without having one already, the answers have already been given, but I'll sum them up here anyway -- 1) the computer's distributor will put one on (like they do with trial/junk software); 2) possibly telnet; 3) FTP; 4) installation CD or USB drive. For those people in a business, the network administrator can/will install it, or it will be available from a shared network path. On any networked system, if you have downloaded it on another networked machine (even a Linux box which has no browser installed but does have wget) with SMB/CIFS (file sharing) configured, you can copy it from that file share. In short, there are multiple ways of obtaining a browser without having one installed already. Just because you may not know how to do it doesn't mean it can't be done. I don't know how paper is made, but I'm pretty sure it can be done.

US court urged to block warrantless GPS tracking

Chris C

Same action, different method

In the old days, the authorities would put two people in a car and have them follow the suspect. The same can be done with aerial surveillance (helicopter, RC copter/plane, etc). Quite possibly, it might even be accomplished using live satellite imagery. The point is, the only difference in this case is that the suspect's vehicle was tracked by planting a GPS-capable tracker on it.

While I'm no friend of Big Brother, here's a newsflash for people -- when you're in public, you have no reasonable expectation of privacy. That's why they call it PUBLIC -- because it's not PRIVATE. "Not private" equals no reasonable expectation of privacy. The same is true for people who leave their blinds/curtains open and then complain about "invasion of privacy" when someone happens to look through the window.

There was another case a while back about the FBI using the OnStar-type device in a suspect's car without the suspect's knowledge. The only reason the judge blocked them from doing it was because the suspect would not be able to contact the assistance people in an emergency.

Government wastes £4.6m on mobile telly nonsense

Chris C

Education?

OK, I know the kids of today are stupid, but are they really so stupid that they don't know you have to practice safe sex? Put another way -- is it really education that's lacking, or is it common sense? A lot of people know they should practice safe sex, but for one reason or another, fail to do so. The problem is not that people are not educated. The problem is that many of them think "it won't happen to me", and so they decide to risk it. No amount of education will change that.

ICANN supremo opens escape hatch

Chris C

Bah

"We owe him a great debt for long and faithful service"

Correct me if I'm wrong, but didn't he get paid to perform that service? As a result, nobody owes him anything. You can be as grateful and as thankful as you'd like, but there is no debt for which he is owed anything (not even praise).

"Twomey will depart ICANN just as it starts accepting applications from people interested in buying their very own url suffix."

Except .xxx, of course. The idiotic prudes lobbying the US government made sure that that TLD will never see the light of day. It's funny when you stop to consider that having a .xxx TLD would make it easier to block that content. Sure, not everyone would use that TLD, but it would still be more effective than the current filters.

Bill Gates bans progeny from iPhone Nation

Chris C

re: Are you fucking kidding me

"You're having a laugh, arent you? from the 30gig brick zunes to the RRoD-nation of 360 owners, Microsoft has proved they cant make reliable hardware"

Don't forget the piece-of-shit Microsoft keyboards. The Microsoft Natural Elite (one of the first split-style ergonomic keyboards) was so forward-thinking, they redid the positioning of the arrow keys and the home/end block so that you could no longer hit keys by feel/memory. But hey, at least they had all of the keys, instead of what appears to be the new fad of removing the [INSERT] key entirely from that block.

Then there's the newer Microsoft Natural Keyboard Pro that I got because I needed a split keyboard with a USB connector. It looked like a good keyboard until I used it. It turns out there are quite a few three-character groupings that you cannot hold down at once. Hold down one or two keys, and there's no problem. Try holding down a third key, and it will refuse to recognize the third key. The combinations I specifically recall are L-I-C, I-N-C, and I-S-C. That was a problem for me because when I type, I'm usually hitting one key before my finger is completely off the previous key (or before the keyboard controller acknowledges the release). As as result, I was constantly misspelling words and had to force myself to slow down (words such as "since", "licensed", "application", etc). I've had other keyboards with similar limitations that I noticed when playing FPS games, but nothing that even came close to the limitations of the Natural Keyboard Pro.

Child porn suspect ordered to decrypt own hard drive

Chris C

Stupid question time

"Sessions reached his decision after concluding the act of producing an unencrypted version of the hard drive wasn't necessary to authenticate its contents, presumably based on Boucher's statements to border agents."

So my stupid question would be -- if the act of producing an unencrypted version of the hard drive isn't necessary to authenticate its contents, then why is he being forced to produce an unencrypted version of the hard drive? Either it is necessary or it isn't. You can't have it both ways. You can't say that it IS necessary for the Grand Jury, but is NOT necessary for the Trial Jury.

From the Fifth Amendment: "No person.. shall be compelled in any criminal case to be a witness against himself..." Seems pretty clear to me. By giving a passphrase, you are effectively a witness against yourself. Yes, it's ALSO an obstacle to the authorities, but that shouldn't come into play at all. Forcing a suspect to give the passphrase which will be used to decrypt his hard drive is analogous to forcing a suspect to say where he was at a specific time (because you think he committed a crime, and you need him to admit to it since you have no other evidence). Or, to offer another analogy, it would be the same as forcing a suspect to provide a list of every name (alias) he has ever used (in the hope that it will lead to evidence which will lead to a conviction). Yes, it will make it easier for the authorities to do their job. However, it also violates the Fifth Amendment and eliminates the presumption of innocence. Instead of the authorities proving a person guilty, it reverses the situation and makes it so that the person must prove themselves innocent.

But hey, when we live in a world which has done away with the presumption of innocence (and where even well-meaning people now use the phrase "innocent UNTIL proven guilty" instead of "innocent UNLESS proven guilty"), should such behavior really come as a surprise? This is just another example of the US being jealous of the UK's Big Brother style laws and wanting to enact similar laws without having to go through that pesky legislative process. Why bother with the trouble of crafting a bill, bickering about it, and hoping it's voted into law, when you can have a judge make a precedent which will then (in all likelihood) be used by other judges to create a de factor / common law? It's so much easier without the "checks and balances".

Great Australian Firewall dead in the water?

Chris C

@ Sarah

"I'll restrict myself to saying that I think that represents an awfully restricted absolutist view of an incredibly complex issue."

I apologize if I offended you, as that certain was not my intention. Re-reading my comment, I can understand why you might think that, but I don't see myself as having an absolutist view. I just haven't met anyone who can give me any legitimate reason for their opposing viewpoint (their viewpoint being that porn, strip clubs, and skin-baring clothing are exploitative and degrading to women). All of the people I have heard from use one (or more) of these three reasons:

1) "Because it is". I immediately ignore this crowd because that's not a valid reason. If you can't tell me why you object to something, then I cannot consider it a legitimate objection.

2) "It makes men think of women as sex objects". This group obviously has no idea how men think. Whether a woman is nude or clothed, having sex or filing her taxes, men will see her the same way. If a man sees a woman as a sex object when she's showing some skin, he'll see her as a sex object when she's completely covered as well. The clothing she is or isn't wearing is irrelevant.

3) This last reason is specifically regarding skin-baring clothing: "It makes young girls think it's acceptable and encourages them to dress the same way". This, however, is not a legitimate reason, either. The fact that young girls may start wearing the same clothing does not explain why someone finds it degrading. Do I think young girls should be wearing midriff-exposing shirts or short skirts? No. But that doesn't make it degrading or exploitative to women.

I have no doubt that there are women who are forced into the sex business, and that there are many who enter the sex business because they feel they have nowhere else to turn. I wholeheartedly agree that those two groups are exploited. But what percentage of the sex industry does that account for? Am I just being overly naive in thinking that it's a very small percentage?

If you have an opposing viewpoint, or can point me in the direction of one, I'd love to hear it because I'd honestly like to understand why so many women are against porn and strip clubs.

Chris C

Who's exploited?

"The Australian Sex Party exists to represent the interests of businesses who make money from the exploitation and degradation of women"

I love that line. "The exploitation and degradation of women". It' s used by puritans and feminazis all over the world, apparently. Doesn't it just get under your skin and make you want to revolt against such vile businesses that would do such a thing to these poor, helpless women? Maybe it's just me, but I fail to see how consensual-sex pornography exploits or degrades women. The women acting certainly don't seem to have any problem with it. Personally, I think those people who complain that it's degrading to women are the ones who are degrading women by acting as if those women are hurting themselves but are too stupid to realize it.

Those same puritans and feminazis like to say the same thing about strip clubs, too -- they exploit and degrade women. Every time a woman has the audacity to show a little skin (whether it's in porn, at a strip club, wearing a bikini at the beach, or simply wearing a midriff-baring shirt), these people claim it's degrading. Contrast that to the woman showing the skin who feel it's sexy and liberating. It sounds like a jealousy issue to me. Those who are against it are only against it because they can't do the same thing and get the same reaction. Either that or they're bible thumpers who say that showing skin is the work of the devil and the skin barer is going to hell and will bring all of society with her (remember: showing skin = bad, killing people = good).

Let's face it. Pornography and strip clubs DO exploit people, but it's not women they exploit. It's the men who are quick to part with their money that are exploited. What pornography and strip clubs show is not the degradation of women, but the empowerment of women. They are clear and undeniable illustrations that when it comes to sex, women have all the power. And when it comes to non-sexual issues, women still have all the power if the men think there's even a microscopic chance of having sex. So let's be honest about it. People aren't against pornography and/or strip clubs because they're exploitative or degrading to women. People are against them because in those areas, women use their bodies and/or sex to get what they want, and those people would be more comfortable if women used other means to get what they want (money, intelligence, fear/intimidation, etc) -- anything but body/sex.

Caching bugs exposed in second biggest DNS server

Chris C

Stupid question

OK, so here's a stupid question -- if DNS caches can be poisoned so easily, why do we continue to use UDP connections for them? Wouldn't TCP connections, due to their stateful nature, prevent these issues (unless it was a man-in-the-middle attack, where the attacker would know the exact response to send)?

Microsoft aims 'non-security' update at gaping security hole

Chris C

re: Given the Vista hate expressed by Reg posters...

"But everyone here uses XP forever, right? (snicker)"

Considering the FACT that Vista uses substantially more resources to perform the same functions at the same speed, yes, most people WILL keep using XP until they have a REASON to change. While you may not believe it, most people don't buy a new computer, at a true cost between several-hundred and a few thousand dollars, unless they have a reason. They won't replace their computer "just because", or for the sheer pleasure of spending money they don't have.

Computers are a tool used to perform a task. As long as the computer performs that task to a satisfactory level, there is no incentive to replace it (this is especially true in business). On top of that, most businesses don't have the money to replace all of their computers every few years. Scheduled, regular replacement might be a good idea in theory, but until you can point to the trees upon which money grows*, it's not going to happen.

And it should go without saying, but when comparing Vista to Windows XP, there are many reasons to avoid Vista. Why else do you think big-name companies such as IBM and Intel have publicly stated that they have no intention of moving to Vista? "Newer" does not equal "better".

* For those using satellite imagery to find such trees, they're probably located in close proximity to the GoodExecutive/BadExecutive line. That's the line where on one side, losing billions of dollars and failing in your objectives results in either a multi-million dollar bonus or termination with multi-million dollars severance pay (GoodExecutive), and on the other side, losing billions of dollars and failing in your objectives results in your immediate termination with forfeit of all bonuses and no severance pay (BadExecutive).

Chris C

@ Mike re: Autorun

" Autorun for CD/DVDs is a good idea, the convenience of it allows users to just shove a CD in the drive and have it come up with a program specific welcome menu with options to install/run/whatever, just like you expect your DVD player to do when you put a DVD in - and let's face it malware trying to spread by piggybacking on CDs you burn isn't going to be very effective (hence there not being any malware problems with it)"

Wow. How utterly uninformed. The problem of malware on optical discs is not limited to "burned" discs, as the Sony rootkit pointed out. Please go back a few years and investigate the Sony rootkit problem and the massive security vulnerabilities it introduced. Then please take some time to look into the formats of optical discs. Take a few days and let the information sink in, then come back. If you're not so inclined, allow me to spell it out -- an optical disc may not be what you think it is. An optical disc labeled as "CD" may not really be a Compact Disc (it may not be formatted to the Red Book [CDDA] standard). The Sony rootkit was like that, as are all "Enhanced" "CDs" (they are not real CDs [CDDA]). When the user put the disc into their drive, they thought they were inserting a music disc, and expected music to start playing. But because it was an "Enhanced" disc, Windows only looked at the data volume, and executed the autorun.inf in the data volume instead of playing the music in the audio volume. THAT is why autorun is bad for optical drives.

"(for those who think autorun from a CD is a bad idea... did you know that these days you can actually boot an entire operating system from one? that's autorun taken to the extreme! i doubt you still use floppies to bootstrap your OS install CDs "for security" though)"

Sorry, but that analogy is flawed. In the latter case, I'm explicitly telling the BIOS to boot from the disc; I want to execute the code on the disc. In the former case, I want my media player to access the data files on the disc; I don't want anything from the disc to be executed. There's a big difference.

Texting: Good for kids after all?

Chris C
Joke

@ Lupus

"Surely I must be the only one who abbreviates NOTHING."

No, you're not the only one. Many of us abbreviate "NOTHING" on a regular basis. We abbreviate it as "nil", "nul", or "null", depending on the scenario :)

Proxy server bug exposes websites' private parts

Chris C

Help me understand this

Am I the only one who fails to see the security implications here? I read the vulnerability note, but I still don't get it. If your client system is compromised and your network traffic can be altered, then it's game over for your client system. So that just leaves the scenario of the client system using the proxy as a gateway to access a third system, where the client system normally is not allowed to access that third system. But that doesn't sound like a problem, either. If you designed your network right, and configured the appropriate ACLs and firewall rules, that wouldn't be an issue. Maybe it's just because I'm tired, but I don't see a software vulnerability here at all. The only ways I can see this being a problem are through bad configurations. Am I missing something?

Microsoft asks laid-off staff to refund overpaid redundo cash

Chris C

Pathetic

This is pathetic... and I don't mean Microsoft. Many of the comments posted so far advocate not giving the money back. Look, nobody likes getting fired, but how do you justify not giving back money that you know you didn't earn (and by "earn", I'm referring to the amount of pay according your agreement with the company, not underhanded deals such as promised overpaid not being paid) and money that you know was given to you by mistake. If the company made an honest mistake, and you did not earn the money, pay it back. It really is that simple.

Personally, I would not have deposited the check if it wasn't for the amount I was told I would receive. I would have questioned them about it, and made them give me a new check for the correct amount. But then, I have a moral code I live by, and I don't lie, cheat, or steal to get what I want.

Go ahead, refuse to give the money back. But then you're no better than they are.

@Henry Wertz re: @Storm in a teacup:

"I wouldn't tell them dick. It's illegal to not pay overtime, they can't expect you to stay in extra but not authorize overtime. Stay the course!"

In my experience, overtime pay is only required for hourly employees, not salary employees (and I would be very surprised if Microsoft hired anyone as an hourly employee). You might want to try looking at the employment laws of various states. It could be a real eye opener. For example, the state of Massachusetts requires overtime pay in general, but has a long list of exclusions: http://www.mass.gov/legis/laws/mgl/151-1a.htm

Such exclusions include "a bona fide executive, or administrative or professional person or qualified trainee for such position earning more than eighty dollars per week". Sounds to me like that would most likely cover most of Microsoft's employees. I don't know if Washington state has similar exclusions, but most likely it does.

NASA talks little green men with Vatican

Chris C

@AC re: Religious people are funny

I apologize if I offended you. That was not my intention. Nor was it my intention to paint/tar all religious people with the same brush, which is precisely why I said "...I find most (not all, as this article points out, but most) religious people extremely funny..." It was my way of pointing out those specific people without having to name them all individually.

As for your assumption, no, I'm not an atheist. The closest definition to what I am would be agnostic. I will never say that God does not exist because I don't know that to be true, nor can it ever be proven. That's the funny thing with negatives -- they can never be proven. Given enough time, effort, and resources, you might be able to prove that something does exist, but you will never be able to prove that it does not exist (if for no other reason, than that it may exist in a way that you don't understand or are unable to measure). For example, with my limited resources, I cannot prove that you exist. You may be someone's AI project. Of course, I cannot prove that I exist, either. I may be a figment of someone's imagination while they are dreaming.

I'm not saying all religions are bad (though, morally-speaking, I do consider any religion which teaches people to hate and kill other people to be bad). And I'm not saying there's no room for science and religion. There are a lot of things we will never know, such as how it all began. The Big Bang theory (as I recall it -- that originally there was nothing, which exploded, thus creating the universe) is scientific heresy since one of our most basic laws of physics is that you cannot create something from nothing. For the same reason, I cannot blindly believe in the existence of God (how did God come into existence?). However, I'm smart enough to know, and strong enough to admit, that the fact that I personally believe in neither is not proof that neither is true.

One thing I do seriously question about all people, but religious people in particular (all religions based on ancient documents), is the complete faith they put into these ancient documents. People literally take these books' words as gospel. Why? Because they're written in a book, even many books? Will human beings one thousand years from now believe that Hamlet or Romeo and Juliet are factually and historically accurate? I'm not saying that specific religions have it wrong, but I think it's a bad idea to blindly believe in anything simply because a book tells you to.

Chris C

re: Its very easy to prove life exists elsewhere.

"It will may be that we fail to recognise another life form because it is so different from us."

That's the way I've always thought, but have not yet met anyone else who agrees. We (society in general, including scientists) seem to believe that all life everywhere will share common traits. For example, we seem to have this notion that all life forms must be carbon-based; anything which is not carbon-based cannot be considered a life form. Why? Simply because we cannot identify any characteristics we classify as "living"?

Also, since time is merely an abstract concept that does not exist, it seems silly to tie our concept of life to our concept of time. Maybe other life forms are just too fast or too slow for us to notice (or to measure reliably). For example, to a hummingbird, a sloth may not look alive because the sloth moves so much slower than the hummingbird (so slow that the hummingbird may not even realize the sloth is moving at all).

Chris C

Religious people are funny

Without wanting to offend anyone, I must say that I find most (not all, as this article points out, but most) religious people extremely funny (and, of course, hypocritical) on the concept of life beyond Earth. These people firmly believe in God without any proof whatsoever, and yet they need to see physical evidence of non-Earth entities in order to believe they exist. So it's good to see non-banished religious figures exercising a little intelligence and open-mindedness.

Wikileaks publishes secret donor list

Chris C

@ Jerome

Please remove your head from your anal cavity and learn how to read. I didn't say it was a theory, I said it was one possible motive. I also never mentioned "revenge"; that angle was apparently created in your own imagination. I also mentioned another possible motive, but I guess in typical knee-jerk reaction, you simply stopped reading at the point where you disagreed.

California ban on violent video games killed on appeal

Chris C

Sex-based censorship

While I agree with this ruling, I wish we (society in general) would stop propagating this nonsense that anything sex-based (and even more so, that anything simply showing the nude human form) is "harmful" to minors. Watching people have consensual sex is not harmful. I'd imagine a lot of kids have seen people having sex, either catching their parents (inadvertently, or purposely because they were curious) or by looking at a magazine (or, nowadays, the Internet).

Let's be honest about it -- we don't want minors to see anything sex-based (or anything showing the nude human form) because if they see it, they may view it as normal, not something to be hidden or covered up. And what could be more detrimental to our society than people realizing that sex isn't the work of the devil, and that sex and sexual urges are normal? Hey, we still live in a society that says masturbation is bad, that a 17-year-old female taking a nude picture of herself is child porn and she must be locked up in order to protect her from herself, that a half-second image of a nipple is going to bring about armageddon, and that if we don't talk to our kids about sex then it'll be as if it doesn't exist.

Congress mulls stringent data retention rules

Chris C

Arrest everyone

Why don't we just force mandatory sterilization upon birth? That way, people won't be able to have children, thereby completely eliminating the exploitation of children. Until that time, I suggest we create a law to prevent motor vehicles from going faster than 5 MPH. Anything more than that is just too damaging if a child runs out in front of you. And for the love of all that is sacred, we must rid ourselves of plastic bags, lest the little kiddies suffocate themselves. Don't even get me started on chainsaws...

Look, I'm all for protecting children. And I'll do whatever I reasonably can to stop the exploitation of children. But we've become a surveillance society and eliminated many of our freedoms on the basis of "something MIGHT happen, so we need to be prepared". A car MIGHT drive through the front of your house, too, but you haven't done anything to prevent it. A child MIGHT stick their finger in the electrical outlet, too, but that doesn't mean you've decided to forgo electricity and live like the Amish.

You know, gloves can be worn to avoid leaving fingerprints while committing a crime. Maybe we should require all merchants who sell gloves to retain all data relating to the sale of gloves. And rope can be used to tie people up, better add rope to that list. And what child doesn't like candy? As such, candy can be used to lure a child into your car, so we better start collecting data on everyone who buys candy since they're all suspected pedophiles. If you're not doing anything wrong, then you've got nothing to hide.

Kaminsky calls for DNSSEC deployment

Chris C

re: A fake hot potato

Please tell me that you're being sarcastic, and that you're not *THAT* stupid. The US government has a very long track record of doing whatever it wants, regardless of legality and regardless of how it affects other countries. Here are just a few examples:

1. Changing the US' daylight savings time (which isn't even permanent; they reserved the right to change it back if they feel like it).

2. The illegal NSA wiretaps.

3. The US government refusing Freedom Of Information Act requests requesting the truth about the JFK assassination which occurred over 45 years ago.

4. The UIGEA law, the US law banning online gambling, which was ruled illegal by the WTO. The US basically said "screw you, we'll do whatever the hell we want".

5. The "agreements" between the US and EU regarding airline passenger (PNR) data. The US has never, and will never, agree to the same data protections that the EU requires on such data, but the EU has agreed to hand the data to the US anyway (thus violating EU law) because otherwise EU citizens would not be able to fly to the US.

6. Guantanamo Bay, whose sole purpose is to imprison and torture people without having to follow those pesky US laws, not to mention those pesky international laws agreed to at the Geneva conventions.

As for your comment about this being no different than the International Standards which are located in France -- how often are those original standards used to verify data? DNS servers are queried millions of times every day, and a change could result in anything from an invisible man-in-the-middle attack (because if your system gets a rogue DNS answer, it'll think it's connected to the correct site, and you won't know any different) to literally sectioning off any part of the Internet the government wants to censor. Think about it as Big Brother to the Great Firewall of China. By giving the US government complete control over the root server, you're effectively giving the US the ability to censor the Internet for the world. But hey, that's OK, because I'm sure nobody here is cynical enough to believe the US government might ever do anything unsavory or questionable.

Lastly, given the US government's undeniable lack of computer security, do we really want THEM to be the ones in charge of protecting the security of the entire Internet?

Philips prices up 21:9 ratio 'cinema' TV

Chris C

Aspect ratio

For those people saying it's "7:3", you're wrong. It may be "7:3" in maths, but not when referring to cinema/TV aspect ratios. In cinema/TV, the ratios are most often written as 4:3 (sometimes 1.33:1), 16:9 (sometimes 1.75:1), and 2.35:1.

Page: