Ah yes, obviously posting comments using wi-fi. Much more secure.
Posts by Paul Crawford
5665 publicly visible posts • joined 15 Mar 2007
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- Next →
Use QuickTime … and become part of the collective
Sony PC owners to get Windows 10 upgrade as early Christmas present
Apple's AirDrop abused by 'cyber-flashing' London train perv
Re: moralism and the bubblewrap generation
"how would you feel if your son/daughter came back and reported the same thing happening to them in a public place?"
Why care if it is a public place? Maybe they should be outraged at the stupidity of Apple (or anyone else with similar tech) for not making it more secure?
Also we have the underlying point of giving kids a tool to access practically any information in the world, how about they give them a dumb phone and problem solved.
Sex app Tinder in public meltdown – because a journo dared suggest it was, well, a sex app
Samsung says micro-sats could blanket the world with Internet
Antenna gain
You don't get anything for free, if you have a given power flux density at the Earth (you know, a fixed transmitter power and coverage area) then going up in frequency achieves nothing - the increase in directivity gain for a fixed effective aperture is NOT producing an increase in power, and going to a smaller antenna for a fixed 'gain' is not helping - in fact it is counter-productive. The reason why "free space loss" in link budgets includes wavelength instead of simply being inverse-square is specifically to reconcile the relationship between an antenna's effective area and directivity gain.
The only benefit you get in that scenario from higher frequency use is the directivity gain allows you to separate sources (.e.g. satellites) that are close together. But you pay for it by having to steer the beam very accurately (mechanical or phased array). Also rain losses are massive at W-band so for some users in some areas they won't be seeing better then 95%-ish connectivity.
It makes some sense for users in really sparse areas, but not for high density cities, etc, where putting in some fibre and a few mobile base stations operating at frequencies that penetrate building is going to work much better. The real question (beyond pollution of space when those reach end of life and can't be de-orbited from 2000km altitude for millennia) is the economics of doing so for a large number of very poor users. Yes, I feel they should benefit, but I do wonder if the companies behind this can make money. Iridium went bust because the advent GSM, etc, stole its most profitable user base in the big cities and densely populated areas of wealthy countries.
CAUGHT: Lenovo crams unremovable crapware into Windows laptops – by hiding it in the BIOS
When is a BIOS not a BIOS?
When if it root-kitting you machine obviously.
But the more serious question is why are open/replicable BIOS not more widely demanded? Are our gov departments happy to buy mass-market PCs with such crap-ware (or even foreign spyware) pre-installed? If not, what are they doing about it? When do we start to see contracts for gov PCs that demand open source BIOS without any shit-ware installed? Only then will there be enough of a commercial pressure for suppliers to make enough details available for reliable 3rd party BIOS to be used.
Want Edward Snowden pardoned? You're in the minority, say pollsters
Sadly I can believe it. But then a lot of Americans believe the world is 6000 years old and evolution is less likely. Apparently a National Geographic survey found 77 percent of all Americans “believe there are signs that aliens have visited Earth”, and according to a recent Harris poll only 68 percent of all Americans believe that Jesus is God or the Son of God.
If we simply took the majority's views as always right then the world is flat and slavery is something that is good for business so keep it going.
Patching a fragmented, Stagefrightened Android isn't easy
Re: A general problem
"And how do you do that when the manufacturers are located in countries that simply don't care?"
Then it is the importer. If they can't get an agreement from the manufacturer to cover such requirements & costs then they won't import. If a few go under due to legal problems then no one will import the product and they lose £Ms in sales. Simple really.
Re: A general problem
You could make the phone suppliers responsible for any reasonable loses due to known but unpatched bugs for, say, 5 years after the product was last sold.
Hell, why not the same thing for ALL products with built-in firmware/software? At least then manufacturers have to factor in the support costs for the shit product development cycle and that might lead to better software by design, and certainly a patching system. You know, like the ones that Linux has been using for 10+ years that for some reason Android phones did not have.
Red-stained Opera wants someone to hug it and whisper: 'No more pain, no more tears'
Re: I would be worried...
I tried the "new" Opera and it was crap really, the only saving grace being the 'Turbo' feature still working.
What happened to configuration options? You know like disabling animated GIF images? Blocking certain types of content easily? Turning on and off plug-ins and javascript from the menu or short-cut keys? Bookmark menu down the side where it is easy to find and works on wide-screen monitors?
Still on 12.16 for Linux for a lot of the time as it is less shit than Chrome and (to some degree) Firefox as it also suffers from chrome-envy by a number of the GUI morons developers.
'WOMAN FOUND ON MARS' – now obvious men are from Venus
Oracle pulls CSO's BONKERS anti-bug bounty and infosec rant
Tesla tech top dog downs slug, hikes bug bounty to $10k
Salutations to Tesla
For once we see a car company reacting sensibly to the holes in their systems. Of course, this should have all been done before the cars were leaving the factory, but at least Tesla has the balls to realise they did not, and are apparently taking it seriously enough to do something about it. OK, bounty is not so big as some other companies, but its a damn sight better than most auto companies.
A close shave: How to destroy your hard drives without burning down the data centre
Really, why go to all the physical risk and effort apart from the fireworks in testing?
Doh, I just answered my own question...
But really the answer is much simpler: all disks encrypted with a long random block of data that is stored on a chip, and then just zap the chip with a high energy discharge while rebooting the servers in to the usual memory testing slow BIOS start-up that you always use as you worry about data integrity if your RAM is not checked. Key gone = data gone and in-RAM copies overwritten as well.
All hail Ikabai-Sital! Destroyer of worlds and mender of toilets
Safe as houses: CCTV for the masses
Battery life?
How long do the 4 * CR123 cells last? It could become an expensive toy to feed if its not for 6 months or so.
Also, and I guess its out of the scope of a quick review, how secure are any of these? Have any been subject to a proper penetration test? Given the on going crap about home NAS being insecure, etc, I would be very weary of letting and of these products loose in my home/work.
Hack a garage and the car inside with a child's toy and a few chips
Known technique
From the Wikipedia page on De Bruijn sequence:
The sequence can be used to shorten a brute-force attack on a PIN-like code lock that does not have an "enter" key and accepts the last n digits entered.
So not only a fail for using only 12 bits for the garage code, but a fail for not enforcing a start and/or end sequence, nor a minimum time between codes, to make it harder to guess. And that is before we even consider a rolling sequence...
Re: Well...
"Don't all garage door openers use rolling codes now?"
I have no idea, nor any obvious way of finding out.
And therein lies the problem - so many crap implementations of systems with known flaws (to experts) and nobody doing any public ratings of them.
While a garage door is less of a concern than, say, a self-driving car, it is high time that anything with high value or safety was forced to be independently audited for safety and security before sold (or at least insured). Yes, I know that sort of legal talk is not favoured round these parts, but we have seen time and time again really dumb mistakes being made (often to save some money in terms of who is hired to do it) and companies then using legal threats to silence those who question them.
Re: Driving the car
The problems with the simple version of "high tide mark" sort of approach are:
1) Key fobs usually reset when the battery is changed.
2) You might have several key fobs for his & hers, etc, that are at different points in their sequences.
A much better approach would be a two-way negotiation where the car can query the fob for information about a shared secret but then the cost & complexity of the fob, etc, goes up a lot.
Death to DRM, we'll kill it in a decade, chants EFF
Re: People slowly realise how much of a problem it is
The EU could help here, but probably won't. It they made it illegal to discriminate on trade & sales by electronic means not just on inter-EU sales, but on sales and services brought in from outside the EU then region coding world-wide would be a goner. By a toner cartridge from Australia or whatever and it won't work? Then sue Xerox in EU for illegal regionalisation.
Oracle waves fist, claims even new Android devices infringe its Java copyrights
WTF?
"what Oracle has worked hard to build and maintain, and in the process to destroy the value of the Java platform"
For a start, most of the work was nothing to do with Oracle, they bought Sun's stuff then have trolled it chasing Android.
As for destroying the platform value, I think the endless security holes in Java, slow patching, and the various problems of which specific JVMs will actually work for a given application have done that. Had Oracle managed to make Java what it promised, i.e. "write-once and run-everywhere, securely" then I might just be able to pull some sympathy from the depths of my arse. But they have not.
Crackpot hackpots pop top of GasPots
Is there no end to the stupidity of companies?
You put something of value on the internet and have a system without (a) proper security from the start or swift patching to help out, and (b) allow it by hardware, etc, design to actually do something physically that could either irritate the owner/users or compromise the safety. Guess what, it then gets hacked? Surprised?
Sadly it looks as if serious fines and/or jail time for company execs is going to be the only thing that might stop the tide of moronicity. Always blaming the "hackers" for a stupid design is not an acceptable excuse.
Windows 10 wipes your child safety settings if you upgrade from 7 or 8
I could spoof Globalstar satellite messages, boasts infosec bod
German prosecutor given Das Boot over Netzpolitik treason charge
Wait, what? TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin
Re: id10t
"What are the ways to beat a keylogger?"
Tricky, but I would go for booting from a 'live' CD-ROM so you always have an un-tampered OS (assuming it was clean to start with). Bad luck if they manage to infect it just before you enter your pass phrase, but I guess you should not do email/web sessions before you have already closed the encrypted container.
How long you could do so and put up with the inconvenience is another matter...
OFFICIAL SCIENCE: Men are freezing women out of the workplace
Temp difference also matters
I was once installing stuff in Egypt a long long time ago and the IT/computer room/office was set to 18C when outside it was 35-40C. This room was mostly workstations and some photographic plotters, etc, not a data centre.
They had to wear extra cloths / coats indoors and complained about fingers going numb. Despite being used to much colder in the UK I also found it uncomfortable when dressed for that sort of region so set the A/C controls to 25C as no one there felt they had the authority to do so. End result was a much happier work force and greatly reduced electricity bill!
W3C's bright idea turned your battery into a SNITCH for websites
What balls! India blocks 0.00008 per cent of web in anti-pr0n move
It's enough to get your back up: Eight dual-bay SOHO NAS boxes
Re: Just wondering...
The one with btrfs should support snapshots to allow a roll-back to a past point in time. Not sure I would choose that over ZFS mind, but then all file systems have sucked donkey balls in my experience. As a previous commentard reminds us RAID != Backup, and of course an on-line file system is not a backup.
Re: Unlike ext4, btrfs provides "file security against viruses and malware"
Not exactly, but it supports 'snapshots' as it is a copy-on-write file system. So malware that trashes files on your Z: drive or whatever will cause the file system to write the malicious changes to new blocks on disk. Once you find out, and have killed the infection, you can go back to the snapshot time and get your previous files' contents back.
Assuming you snapshot regularly and notice the infection before those snapshots get overwritten.
Re: access speed
What you need in access speed depends on what you are doing, i.e. the balance between your computer's ability to process data and the storage systems ability to provide/accept it.
Most cheap NAS can achieve about 1/2 of a HDD speed if you have Gbit networking and if your budget is limited you might be happy enough just to let it run overnight, etc.
Re: Macs can be problematic
If you are not using the NAS for sharing (i.e. it is a backup copy and/or space for keeping very large files) then try to use it as an iSCSI target, and then have the block storage formatted in Apple's own file system. That way the (stupid IMHO) use of alternate data streams for photo metadata, etc, are all supported.
Down side is the extra faffing to get that running and that you can't really access those files on any other machine.
RAID-0 FFS?
Please, there is only one application for a RAID-0 box and that is a temporary store for massive video files, etc, while you work with them. You should make that very clear in any proposed test. If you value your data then RAID-0 has no place at all!
Also worth pointing out for the more technical commmentards to consider, you can get an HP ProLiant Gen8 G1610T micro server for under £200 and slap FreeNAS on it, and if you want some more performance also stick in a small SSD for the ZFS Intent Log to give you a reasonable comprimise in performance vs. storage cost.
$100m fine? How about, er, $16k? AT&T teabags FCC with its giant balls
Re: Its a shame
"There are always conditions attached"
Which are not explained, or often are changed after you have signed up. THAT is the problem.
If I have paid for a 8Mbit/sec connection why can't I use it all the time? Why should it slow down?
Now you and I both know the realities of networking hardware and the fundamental limits of information theory so we realise the situation is complex and usually over-subscribed so throttling is inevitable at times. But the majority of customers were lied to in order to get their custom, and they know SFA about how it works. That is the whole point of this action.
Re: Fine seems reasonable
"I know half a dozen people who abuse their "unlimited" data plans or have in the past. People who would stream Netflix and Hulu for hours on end."
I'm sorry but you can't "abuse" unlimited because it is, as they say: unlimited.
Now if they can't actually deliver on that, why did they offer it? Did they lie to millions of customers who know nothing about spectrum usage and contention ratios, etc, to obtain their custom? If so they deserve the fine and it has to be big enough to make them, and others, think again.
It is just a shame that other toothless regulators have not been forcing honest advertisement of what you can expect to get from an ISP for your money.
Stop forcing benefits down my throat and give me hard cash, dammit
@TheTick
Maybe gov spending is not very efficient, but are any of the other options actually better? A lot of charities are way less efficient at delivering aid to the intended.
Here is a good infographic on what the UK spends money on, though I have not verified it is correct:
http://headlinesuperheroes.co.uk/stuff/cashogram/cashogram-1.0.1.png
"People in the UK give over £10 billion a year to charity"
The problem is the UK's welfare spending is an order of magnitude bigger than that, and there is no way that those of a chartable disposition are in a position to donate 10x more for reasons that are not personal factor to them (e.g. protecting animals, children, etc)
Windows 10 marks the end of 'pay once, use forever' software
Re: Linux @DropBear
When you install Linux go to the advanced options for disk partitioning and set up something like this:
/ ext4 (~30GB if you have enough space)
/home ext4 (most of the rest of the disk)
And leave about 30GB if you can (say on a 1TB HDD or similar so its no big deal). That way you can nuke your OS installation without losing your own data, and if you prefer install a later version in the unused space and also have it mounting your home partition later. Then the grub boot menu will give you the chance to boot in to old or new versions.
Open source Copyright Hub unveiled with '90+ projects' in the pipeline
Sounds like a good idea
Firstly I must thank you for cheering my day up with the description " the rancid free-for-all of today’s clickbait-infested swamp", it is spot-on!
It remains to be seen how well the system works, but for a lot of commercial sites I can see it would be a great advantage if photos and other materiel could be licensed for a small fee more-or-less instantly. Even for some of us who choose to put things up for free, it would be nice to track its popularity (particularly if your funding is based on "public impact" factors).
However, the issue of meta-data stripping is more complex as it can reveal information about the person they really don't want public. For example, the lat/lon of their home, or a personal identifier if its a crime they reported. Having an agree copyright metadata field that is not stripped by web sites on pain of legal action is much better, so long as phones, etc, always confirm you want it sent in sensitive cases.
UK's first 'DIY DAB' multiplex goes live in Brighton
Ofcom report
It is worth a read of the report, in particular section 6.7 is damning of the quality and consistency of the DAB radios out there.
I am not surprised really, and having read parts of the DVB-S2 standard you can see why it is a high risk to implement and of these sort of systems in silicon for space projects etc - the standard is so damn long (from memory about 1000 pages in the various pdf documents) and complex that the chances of someone implementing all of it correctly is quite small.
Really, when you compare DAB in practice to FM and factor in receiver availability, battery life, coverage, etc, there is not a good case for DAB. The suggestion of killing it off and leaving FM and IP radio is a worth considering.
Small number of computer-aided rifles could be hacked in contrived scenario
Microsoft's Windows 10 Torrent-U-Like updates GULP DOWN your precious bandwidth
Think beyond the Beeb: Gov consultation is crucial for free telly
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- Next →