213 posts • joined 21 Nov 2007
"redundant Wi-Fi networks"
Even a piss poor WiFi setup usually proves more reliable than 3G / 4G. Lower latency, packet loss. Far less issues with network contention (mostly due to covering a much smaller area per transmitter). Even if it's a little slower on paper than the fastest 4G which you'll never actually get in reality, there are more metrics to network quality than just burst speed.
What is the fuss about?
"Sysadmins are among the groups inconvenienced by leap seconds, as while network time protocol (NTP) is aware of them and includes them in its updates, not every device is connected to an NTP server."
If hardware has neither a network time protocol nor an accurate time source, you'll have more than 1 second a year to worry about anyway. If you do have an accurate time source, then it'll be acting as your time server and you'll only have one box to update.
There are very few applications where you have many disconnected nodes which all have their own accurate clocks.
There is the small issue that applications can behave badly if the real time clock is modified underneath them. Normally NTP clients slowly adjust the RTC for any drift, which negates this issues, and even if it is an issue then the application is badly written and should be using the system clock for measuring the passage of time, instead of the RTC.
Chinese Hacking Group?
Symantec were a lot more careful and stated "Much of the attack infrastructure and tools used during these campaigns originate from network infrastructure in China.", which is quite a careful statement which deliberately avoids the implication that the group itself is Chinese.
This is quite a long way from what was stated in the article "Hidden Lynx is a sophisticated hacking group based in China...".
Given the recent NSA kerfuffle, I thought we'd all gotten over the idea that all ne'er-do-wells on the net hail from China or Russia.
Re: Nokia on Android?
In September 2011, Nokia had an arguably viable smartphone product with the N9, at the time Android had 50% market share up from 25% the previous year. Windows Phone had 1.7% down from 2.7%. Elop bet that version 8 of windows phone would be so mind bogglingly good it'd be worth burning both Nokia's platforms, and delaying having a viable product in the segment for a whole year when they were already very late to the party.
I think Elop's reputation as the CEO who sank Nokia is well deserved.
"Our chief psychic here at the Trash, Madame Headhurts, sanely predicts that on the first day the new law is implemented, an inconceivable amount of students will be innocently late, too many to keep back for detention, the new rule will be scrapped, and the School Management members will have more egg on their faces than Jamie Oliver at a Fetish Orgy."
His writing isn't so bad, maybe The Register should give him a column.
Re: "...unlikely to be something most non-techie users could pull off..."
You do not have to run your own code on a machine in order to modify memory, typically plugging in a device to the machine is enough.
I note that there are still DMA access to kernel memory over firewire issues in existence today on every operating system. If this is ever patched, there's a whole slew of badly written USB and Bluetooth device drivers left to target, reprogramming a USB/Bluetooth/Firewire client via an automated tool is well within the reach of most people on the street.
Having said that if you can modify kernel memory then all bets are off regards any sort of signed executable protection anyway, so the news that modifying a single byte can turn it off isn't much to shout about.
The ironic thing is that Ubuntu made the same mistake as Windows 8. Try to please two audiences with one desktop shell.
Given the ease with which you can change the desktop shell on linux per login it seems rather pointless. It's not like Windows where you have to go and change a registry setting, and then pray you haven't broken your shell and locked yourself out of your own account.
All in all it hasn't been a bad year for Linux despite the fuckups from Ubuntu and Gnome. The gaming industry (at least the indy/PC part of it) seems to be pay a lot more attention to it, and the lack of attention has long been one of Linux's biggests failings when it comes to gaining new users.
Re: File System Permissions
If you already have access to the mysql user, and can write files owned by mysql, the ability to make a database user have full admin access is rather unsurprising.
Privalege escalation is not privalege escalation when you need privs higher or equal to the privs you are attempting to aquire.
The mysql user is a higher privalege than any database user account.
Re: "The length of a password is less important than its strength"
Ok, I never stated 'generated by a human', I was assuming a computer would generate both the random words and password, because humans are frankly shite when it comes to generating random sequences of anything.
Even 5000^5 is more than 64^8. That's ignoring the fact that a normal human vocabulary is *50,000 words (and we're still not including inflections). So your argument fails even on it's own rather suspect numbers.
*source: BBC http://news.bbc.co.uk/2/hi/uk_news/magazine/8013859.stm
"The length of a password is less important than its strength"
Strength is an exponential function of a password's length.
*Even if you throw together 5 random unrelated dictionary words, you still have ~ 200,000^5 possibilities.
An 8 letter password using a-zA-Z and punctuation is ~ 64^8 possibilities.
It would take 1136868377216 times as long to crack the password based on dictionary words using a brute force attack.
Clearly long passwords using just dictionary words are vastly more memorable and secure than 8 letter passwords composed of random characters.
The statement is at best misleading, though I'd go with just plain wrong.
*Assuming 200,000 dictionary words, OED estimates a quarter of a million not including inflections
RE: Russian/China handle it.
A lot of commentards seem to have missed the fact that Russia and China are not proposing they manage it, they're proposing a neutral international party handle it. Lets ignore the fact that they're holding American up as a fine example of a country that promotes *free speech.
ICANN aren't exactly doing a great job at the moment, maybe it's time for them to give the reins to someone else.
Having said that, I suspect the ITU might suffer from being unable to get anything due due to political conflicts, but I'm struggling to see how that would be a terrible thing.
*only applicable to US citizens.
Couldn't have put it better.
On a positive note, it's nice to see the courts being used in sensible ways for a change. More than half the legal battles reported on The Register leave you wondering if putting the two people in a padded room and leaving them to it wouldn't be a better option, and certainly waste less money.
Screen flicker: software fault will be fixed in an update, and if you can't wait you can force gpu rendering somewhere in the settings.
Loose screen: open it up and tighten some screws.
Screen calibration: will be fixed in a future firmware update, hopefully exposing the settings to the end user, or someone will make an app for it. (I believe this is the digital vibrance (tm) setting on the nvidia gpus).
These all seem pretty minor and fixable.
Not like say putting the wifi antenna and 3g antennas on the outside such that you can bridge them with a finger.
Be thankful the thing can be opened up, a lot of modern hardware isn't designed to be user modifiable.
You'd struggle to find a device that ships from anyone which doesn't have at least one major firmware glitch on launch these days.
I'm actually tempted to buy one now.
"However, as a result of our enquiries, we can say that the data breach was the result of a sophisticated and carefully orchestrated attack on the CRU’s data files"
Presumably a standard vulnerability or poor password, and they left their fingerprints all over it (.bash_history etc) but they point back to a compromised machine somewhere which no longer exists, thereby putting an end to the waste of tax payers money.
Oracle are trying to commercialize a free version of a commercial linux, which is itself based on a free linux.
I remember Deadrat in the early days, no love from the developers because they were taking something essentially free and charging for it combined with a few bells and whistles. Then came CentOS, which basically exists by extracting the free and not so free work that Redhat do with Linux into a completely free version.
Along comes Oracle and they want to install a few binaries on top of CentOS which add a few bells and whistles and provide a few extra updates.
Disclaimer: I have no love for Redhat*, Centos or Oracle.
*I will concede without Redhat, Linux would not be where it is today.
Microsoft Windows Image Problem.
I don't think it matters if Windows 8 isn't great, I think the problem is that the requirements of a mobile phone's operating system are very different to that of a desktop PC. Reliability is far more important, everybody hates their phones being unreliable. Windows might be a associated with a lot of things but reliability certainly isn't one of them (to the general public, I'm ignoring IT professionals which have windows 7 PCs which never crash, because they know how to use a computer).
As far as Nokia goes, I think they've already signed over their soul to satan. Which is a shame, as far as their brand goes, at least outside of the US, they shouldn't be in this mess.
They've suffered from no good overall strategy for a long time, and unfortunately when they did get around to choosing a single strategy it was too late and they chose the wrong one. Maybe they have some sort of backup plan, but I think I agree with the article that they've burnt all their bridges and the chairman is selling snake oil.
Re: fire with fire
Even BAE's site says it can only use the GPS jamming signal under certain circumstances. It's a fair assumption GPS spoofing can't be used, and that under most realistic circumstances it can't be used at all (Mobile jammer? Jammer varies it's signal strength?). At the end of the day these guys are selling a product.
The technology is probably useless without the data uplink to HQ, and any GPS spoofing attack is probably going to attempt to jam the hell out of that anyway.
And yeh, it can always fall back to gyros, but then it can do that without this technology (Though the technology might be useful for identifying when to fall back to gyros, but then that isn't what they're saying it's capable of, hence my grumpy post).
Isn't this called AGPS and currently used by mobile phones (though extending the signals used beyond phone masts and wifi).
Minor downside that it doesn't work without a data connection because you need a bloody big (and up to date) database to query your location against.
I also fail to see how this does not suffer from exactly the same problems as GPS regards spoofing.
A rights-holder's representative who spoke to us on condition of anonymity told us:
It's an example of astroturf: of a corporation using the collective action of not-for-profit groups to further its own interests.
Pot calling the kettle black?
Surely rights holders groups have been doing this for years?
The idea that in political debate everybody involved is entirely trasnsparent is laughable at best.
The cars were looking for wifi networks of any type (encrypted included), mostly to build a database for agps.
The issue is that instead of just writing packet headers to the hard drive on the streetview cars, they wrote out entire packets, which in the case of unencrypted networks included private data.
My personal feeling is that if you transmit unencrypted data on a public channel then it's your own bloody fault, and frankly google grabbing your private data and not using it for anything is the least of your worries.
Still, the whole thing is entertaining to read about, not least for highlighting quite how clueless the people responsible for policing this stuff are.
Re: Trust common sense
Call me stupid, but surely if your data is anywhere other than on your own hard drive someone else has it? Be it a hosting provider or 'in the cloud' (there's not a lot of difference). Explain how a startup is supposed to fund it's own data center, even with a 5 million first round (choose your appropriate currency).
As for private individuals storing their data on the cloud, that's barmy, but the article isn't about that.
It doesn't change the fact that git was written by and for developers who live in a completely different world to developers who work on windows. Whilst there might have been some convergence between these two worlds in recent years they are still very far apart.
I wouldn't like to predict the meteoric rise of git or github to becoming the defacto industry standard, every few years a new one comes along.
Wonder if it's feasible to...
...power a gym by the users expended energy.
Well, at least the lights & music, I imagine heated showers would consume far too much energy.
And for bonus points you could make it a ridiculously up market gym catering to rich people who like to feel like they're doing something for the environment, to counter balance the ridiculously oversized vehicles they drive 500m down the road to the local school to pick up the kids.
Oh crap, already been done.