Posts by regadpellagru

Re: If I were a layman

"I never got why we need a CA anyway.

If I trust Facebook, then I trust Facebook. I don't necessarily trust every website ever created by anyone who's bought a certificate from the supplier that Facebook's bought their certificate from.

SNIP

Key security should be in the DNS, and should be tied - the .uk root should be saying THIS is the cert for the .co.uk TLD and it's the only one I specify. And then when asked, .co.uk will say THIS is the cert for the facebook.co.uk site (and here's the IPv4 and IPv6 addresses). And then Facebook can specify what THEY want under that domain as required. All signed, all authorised, back to the root."

Actually, I don't think security by network (which seems to be your point) is enough. After DNS is secured, you have to secure the transport, and the physical layer etc ... Long efforts before you're SURE www.facebook.com is really facebook.

SSL took the approach of end to end cryptography, which is desirable and good.

The only problem is there is a gap: all CAs are hard coded in the browser and no user ever look at them (they're so obscure ...) and there is no secure directory service. That's the current security hole exploited by superfish and its siblings and the real short-coming of SSL.

Re: complex documents

"Use LaTeX"

Well said. Upvoted :-) LaTeX was my first Word Processor.

Speaking of this (formulae processor), has anyone managed to write some complex sigma formulae with Word 2010 ? The formula processor of 2010 is totally awfull. I thought it would be OKish, but not. That very day I tried, reminded me how simple it would be with LaTeX.

Re: @Halverflake @P.Lee

"Lenovo produced the hard drive image, not Microsoft.

Lenovo is fully reponsible for including the bloatware, not Microsoft.

Microsoft makes operating systems and office software for many laptop/PC manufacturers, not just Lenovo.

Is "SuperPhish" present on those units too? Not that anyone has heard."

The problem, here, is MS has let OEMs, like muppets-Lenovo and many others, package their OS, to their will, including the possibility to add any full-scale spy/mal/bloat-wares, if it brought revenue. And this is gonna hurt them, even if they've only been naive.

MS really need to regain control of Windows from the OEMs and provide certified (whatever that means) install media that can bring a secure baseline to any HW. It is abolutely pointless to have invested in things like secure boot and have let OEM act as Lenovo had.

MS is not the culprit, here, but they've let things go titsup.

Re: Orange Alert!

"MS should take note as well. This is not their fault, true, but they also provide no means for users to do a clean-slate, non-manufacturer bloat, install of Windows. By that I mean provide essentially the same disks/downloads as if you walked into a store and bought Windows off the shelf. Not their fault, but it leaves you with the same question: can you trust your brand-new PC? No, not entirely.

We should get a valid, go-to-MS-when-needed, OEM license for Windows, not just some bloated manufacturer install. I for one have no idea what happens if I re-format my Asus laptop. I assume I can re-install Windows somehow from their recovery partition, but I won't know that unless I try it. I know how to rebuild with a Windows install disk and I would much prefer to be in that position with my Asus."

That's actually a very good point. I've always been very worried of seeing people around me *never* get an MS install disk, and being served the usual "recovery partition" pitch by whatever sales droid.

Now I know why: the OS sold is not the one from MS, but from the vendor, who definitely has incentives to put crapware in it, unlike MS.

Creepy.

Re: TEMPORARILY???!!!!?????

"So, long term, Lenovo's intention is to continue bundling software from this highly trustable source.....

Holy Crap."

Upvoted. Well, since this one was not concealed enough (they thought no-one would notice an unusual ROOT CA in the browser), that's exected they'd come-up with something better, no ?

"All the receiving dignitaries have my undying respect for keeping straight faces...I would have howled."

Yep, same from my side. Have an upvote.

Really good to see the ol' sacrcastic UK (Wales is still part of UK, I think :-) humor can also be put into official guard music.

I wish we french can do that as well. Sadly, it won't happen here.

"I can never understand this attitude that people come up with - oh let's charge them because they are providing content that has already been paid for twice, but let's charge them again anyway."

No logic in there and no point to even try to understand it. Just general "tax to see if they pay", without any regard of fairness whatsoever, then if things go titsup (Eco Tax, geez ...), backtrack all along.

Desperate try to rob any money to close the gap with EU. Bear in mind France is the only country in the world where people pay taxes on raw salary (they don't get) not net salary (they get), due to the wonderfull CSG invented by Michel Rocard's administration (90s I think ?).

Hollande policy, nothing more.

Re: Server 2003

"A typo that's far too common these days. Your too restrained - I tend to loose my temper when I see those, or assume there stupid."

Yeah, happens also on videogames forums where all sorts of people ask tips on playing "rouge" instead of rogue.

Re: Not so bad really

"Les Francais sont loin d'être aussi cons que certains peuvent l'imaginer."

Je suis bien d'accord !

But in this instance of policy, it is totally retarded and will fail in the usual way:

- extend the powers to any copper (within 2 years I'm sure)

- see any forum being kicked whenever a bot posts something terror-like plus any website any copper don't like

- no more forum hosted in France (are there any to be honest ?)

This plus the smart people who will game the system as alredy devised higher in those columns.

And then a report in newspaper the darn thing costed millions ...

Re: OEM's

"But what happens if many users (highly likely) don't bother buying new hardware and just go down the home upgrade route? Will the large corporate customers go into rolling out upgrades instead of a hardware swap? If they do than MS is really digging a hole here for the OEM's, and they aren't exactly in a strong position as it is. Do think it's going to be interesting though to see how it shakes out down the line."

Easy fix for you: Win 10 will probably not boot on any of the systems running W7 (CPU tweaks, RAM, ...). But surely it'll boot on most default W8 gear. Solved. W7 killed through "no support", and W8 killed through "I want the mistake fixed". Actually quite clever.

Re: It's shit programming

Yep, and it is even worst timing:

http://www.gamespot.com/articles/valve-steam-machines-will-be-front-and-center-at-g/1100-6424591/

So basically, they're gonna unlock the steam machines from their stasis, running on SteamOS, which is a modified debian.

And they stupidily screw up in the steam Linux client !

I'm sure the dev's butt has already been nicely kicked.

Re: @ Chris Miller Y2k - in your experience

"For 1, assuming you had the source code, there were code-scanning tools that could help."

Part of the problem was, a lot of companies had no longer any source code for their executables. Sure, it's totally retarded, but staff turnover and no source mgmt in place made the problem.

Re: half of the week only

You need to read, AC, or work for NSA.

Have those 2:

https://www.torproject.org/about/overview.html.en

http://www.theverge.com/2014/12/28/7458159/encryption-standards-the-nsa-cant-crack-pgp-tor-otr-snowden

Re: The Project for a New Oceanian Century

"Does anyone have the totally unwarrented feeling that he had a big folder in his desk and was just waiting and hoping for someone's cat to fall downstairs?

Totally unwarranted, I am sure."

Yep, obviously, he just needed the opportunity, which is appaling at best from a gov. leader. I'm happy someone else's prime minister is a bigger clown than mine ...

Re: That Nadella fella is worse than Ballmer

Agree, here.

In a couple of years, security patches will be paid for on top of maintenance, at MS ...

Re: Ctrl-Alt-Delete

I'm somewhat surprised the most messy tax system known to human kind in this Unverse has not yet been mentioned: our sublime french system.

I need to renovate part of my house, and here is what I've been blessed with:

http://www.impots.gouv.fr/portal/deploiement/p1/fichedescriptiveformulaire_8418/fichedescriptiveformulaire_8418.pdf

All of this because there are 2 VAT ratios, 10% and 5.5 %, depending on which work is carried on.

I'm sure noone sane will go through all of this, but rest assured when you have (as I've done myself), you still need to read the article of Code des Impôts it refers, in order to know which ratio you'll get.

Awesome.

Re: An ideal car for the French market

"I once asked a group of French ski instructors why they all used "Atomic" skis, when the brand had a piss-poor reputation of snapping in half after a weeks gentle use."

Hmm,

I agree the french market is chock-full of people that "buy french", and therefore, we indeed build crap to maximize income. Note it is now changing, as Peugeot learnt their lesson, after shafting their customer base for one decade, basically building cars with all parts to be replaced within 30 000 km, at insane costs.

However, Atomic is actually a good ski brand. I have a handfull of Atomic skis and they are great and don't snap, at least if you're under 150 kg :-)

Re: 90 days?

"I find their attitude astounding. More arrogance from the chocolate factory, as usual."

Whether this is arrogance or anything else is irrelevant. As has been said already, Google IS the internet for Joe User.

The point is, with people like MS, who have utterly failed to even think about security in their OS (remember 4-5 years back, when they said they would put security at the core of Windows and all dev processes ?), don't give a f**k, and don't have a clue, you need to break their arm to get get any bloody security fix.

This is what Google is doing.

Arrogant ? Maybe. But this is in the interest of users, pending their migration to other solutions ...

Re: disaster waiting to happen

"we're all very cool, aren't we, until a passenger jet DOES go down. Given the steep rise in popularity, this is bound to happen :("

I'm with you AC, on this one. A small airliner (2 engines) is likely to be impacted seriously in case of impact with a drone, to the point the pilot may not be able to recover the situation. Heck, The 2010 flight Rio-Paris was downed by one 30 s incident (recovered after that, therefore plane was fully functional) and the 2 pilots panicking and stalling the plane for what, 4 mins before crash !

Imagine them losing one engine out of 2 at 200 m altitude during landing !

So, a drama WILL happen, and then relevant authorities will likely install radio detectors for drones (triangulation of radio freq ?) around airports, and I take it, also shooting devices.

Re: Linux future

"It'll all be fine after Torvalds. Lennart Poettering and Kay Sievers can take over. Only they can make the "Open Source community [..] one happy place"."

Quite possibly you are sarcasting. But, truely, this could happen: bunch of crazy egos forking the kernel everywhere. Scary.

Re: Hasn't this happened already with Upstart?

Is it just me, or I'm starting to see why SysVinit is script-based ?

This was to avoid ANY dependency ! Dependencies are a complete evil,

and the only way is likely to have the start sequence be script-based ...

Re: Joker in French is just "joker"

"You chose to complain about this, instead of "vestibuleurs de consommation"??"

Ah ah ! Or the whole "french" title for what matters. Has anyone decoded what they meant by that ? Is Jar Jar Binks working at El Reg ?

Re: Virtualize hardware?

Years ago, many people would say that of OSes, now they're more or less all virtualized, because chips can't go faster anymore (since years) and actually can only be better by having more cores/functionnal units.

Same goes for network stuff: it is possible to have special cicuitry for network on current mass market CPUs (ARM or X386 or anything else). This will rapidly bring virtulized LAN systems on-par with ASICs based classical systems, therefore they will prevail.

Exactly the same happened for virtual OSes: their performance was sub-par without special virtualisation HW API that brought them, at the end, on-par.

Re: Windows.

"Still not ready for the desktop.

Discuss."

The very slight disagreement with this would be the word "still". I think XP was OK as a desktop, but all the rest after, including 7 has been utter bollocks as far as desktop goes.

Heck, I built a Win 7 VM a while ago, and it took me a stunning one week (day and night) to bring it up to current patching level ! One freaking week !

If you screw your mac's OS, it takes no time to restore from backup (yes, I know, a couple of bugs with Maverick as far as restore goes, but still), and only 1.5 day to install from scratch via internet (on a 2.5 Mbps link). And patching occurs only every 6 months or so, and they're bundled, not distributed into 100s of sets that take forever to download. Updating a Mac takes no time and a single reboot, while Windows is now a permanent download/reboot thing.

I still remember when this bloke brought me a Win 7 laptop not booted since 6 month as a tool for a jogging race. Upon plugging it to WIFI, 5 hours after, after everything was finished (on my Mac), it was still updating and was still unusable !

Redmond will need to change their OS update schema or they will loose even more to OS X and/or Linux.

Re: equips tinfoil hat

"Norton AV has been a disaster area since 2007. Uninstall it already. MSSE should be enough for anyone."

Not sure about the date, but indeed the darn thing has been shite for years. Too intrusive to OS, and not providing any significant cover.

Use avast, destroy anything bearing the Norton tag you can see ...

Re: No Excuse

"There really is no excuse for a webmaster not to have updated to a 2048bit certificate, it's not like we haven't been aware of this for the last 3 years.

All the major CAs have had big warnings plastered across their sites for a long long time."

Agree. And I also praise Mozilla for taking the lead of the cleanup of the smoking mess that is TLS CAs signoffs. They are doing it at the expense of pissing off the clueless, but ultimately securing communications of everyone. Hence, hats off to them.

" I bought a Netgear DGN-1000 a few years ago. Disabling WPS was disabled (if you see what I mean) and the company explicitly announced that they weren't going to issue a fix. (They expected owners to buy a newer model.) "

Pretty retarded indeed.

Solution is to buy only those routers that can install one of the popular freewares.

And you forgot one of the worst aspects: false positives on Win XP core libraries !

Geez, how much time this costed me for local neighbours that failed the "fix/ignore" button !