105 posts • joined 2 Feb 2008
Re: Shared Hosting
One little-discussed 'gotcha' of SNI is that, unexpectedly to the user who's been told 'no one can see
what you're browsing with https' ... with SNI they can. Because SNI isn't sent encrypted.
This gets significant when you, say, live in Iran and want to visit 'www.how-to-become-a-christian.org', (or in USA and want to visit 'diy.nuke.designs.nk')
Re: Only one so far
Public Cc: list? Never mind the fraud, extorting money with menaces etc,... they've gone and broken GDPR too!
That'll get them in trouble.
(not a lawyer!)
Re: Given Spectre
Watch this space... how long until all the mitigations for meltdown/spectre/rowhammer etc. mean that there is such a cost-disadvantage / admin nightmare to 'cloud computing' that it ends up as out of date for 'real work' as dialing in to someone's mainframe?
Re: Oh Lord
My 2007 car has said hooks. The mfr-designed, bought-with-car-from-new floor mats, however had no provision for connecting to the the hooks and relied on sticky-backed velcro which came unstuck after a year or 3.
Re: Unplugged most of the time.
If you're in the UK, and they don't take it back, then talk to your local trading standards people.
"not fit for purpose" sounds like a good description.
If the FBI can tie the IP address to people...
I hope they're GDPR compliant.
Re: @Herring`- "is there a chance of any document data being sent to MS?"
Back in the days pre-Y2K, I was a postdoc researcher in space debris impact science, we had various bits of data about the properties of highly compressed metals we were using (for entirely peaceful purposes) that originally came from one of those ^^^ .
The nice guys who let us play with their data would have been rather unhappy at the thought of, say, a (very strictly internal!) report that included such gems being exported to wherever MSoft decided to send it.
I vaguely seem to remember that thermite was one of their recommended disk-disposal methods to ensure compliance with arms non-export / non-proliferation regulations, when more serious tools weren't available. Just imagine the help-desk call for that one.. Hello, I have reason to believe you've just slurped some nuclear secrets. Where do Uncle Sam's guys with the thermite need to go to ensure that it doesn't proliferate?
Shock/horror: unpatched software vulnerable to known vulns
Mikrotik patch was released > a year ago.
Excuse me for being stupid... if I was designing something to connect the engine management system to entertainment system - presumably for display purposes? - it would be strictly one way, probably with 1-way, physically separated opto-couplers, so that some kid pouring coke into the entertainment system had zero chance of inflicting, say, 50w of audio signal onto the can-bus.
Why would anyone want to let the stereo muck about with engine management?
Re: I'm still waiting for e-mails from Facebook(*) and Google
Isn't this wrong? There are multiple options for the legal basis, consent is only one of them. They might decide they ought to be able to claim that knowing my browsing habits is a legitimate business requirement.
The biggest "problem" is when they used to rely on 'we could do it, and we're too big to bother with fines, so we did it.' For some reason that isn't in the GDPR.
Not being part of the EU didn't noticably stop them before we joined, why should leaving make a difference?
Is it rocket science?
Having wielded the rocket equation a few times, I think it's the rocket engineering (and orbital mechanics and re-entry maths) that are the really hard bit(s).
Re: GDPR Deadline...
I thought it was 4% PLUS damages/time/etc?
After all, if they're failing to protect your rights, (72hour notification...) and on top of that they're causing significant stress, hair-loss, sleep-loss, humour-loss....
GDPR rights vs MS
I wonder what happens if/when someone (on May 26th) demands MS (a) hand over all the data they have on them (b) delete it, (c) never collects any more, (d) does not contact them for advertising purposes.
Does MS send them a complementary copy of Windows 95, freedos, or ubuntu?
Oh joy. Added complexity...
My wife half-expects that at some point the sum total of IT/networking/power distribution will become so complex and (for want of another term) balkanised into specialisms, that it essentially becomes impossible for humanity as a whole to maintain it, and then something will break and we'll be back to heating with wood and communicating with pen an ink (or maybe IT jobs will become more critical to society than doctors/nurses and we'll all die from treatable diseases??).
When you add in obsolescence, shortening product-lifecycles and lost/outdated skill-sets (is anyone anywhere employed as a thermionic valve designer any more? How many people can read amd64 assembler compared to the numbers who could write 6502 or Z80 30 years ago?) then I tend to agree with her.
acrn should be arm-centric!
Given the early days of ARM as of Acorn RISC Machines.
the oldest bad practice in the book.
I <it>have seen</it>, in a book my son was lent by his school teacher, about a year ago, exactly this sort of code. Take variable from $_GET, build string by concatenation, pass to SQL. No input checking at all.
Someone - big name publisher - made money selling that book. Someone wants to make money selling the revised version, which I'd hope talks in detail about sanity checking and prepared statements.
Someone ought to be offering a permanent recall on the early version of the book and free-replacement including shipping to anyone with a copy, because it was plainly never fit for sale. Instead, copies are still being lent to school kids by teachers because the school budget can't afford to restock the library.
Ob disclaimer: I have no connection with anyone in the above certificate fiasco. And I expect that no one bothered fixing it because that would take time. WHY do CAs who ask for your private keys still get any custom?
...to the darkness bind them
I thought the whole thing about the one pin, was that assuming you don't want to be subject to the evil overlord, you needed to throw it into Mount Doom? (see icon for effectiveness >>>>)
Now all we need to do is work out how you that to the customer services bod....
Re: "effort wouldn't be better expended on something of more value to society."
Well argued and informative. Have an up-vote.
Now, we need similarly sane and coherent* arguments against HTML in email. Any takers?
* Not to be confused with the light-sources on top of sharks.
Re: feature request
I remember, back in the 90s, we all said "ignore the scare-mail chain-letters, you can't get a virus just from opening email."
Because it's plain text.
mutt is (this) man's best friend
Re: 1,000 Satellites?!?
The probability that one 'rapid disassembly' will have a reasonable chance of causing another has been calculated numerous times. I seem to remember that if you pick the right orbit then a bit of precession, etc. will effectively obliterate anything in a similar orbit. But it's a long time since I was last at a space debris conference, so I don't remember the details.
Just wondering... which band are they planning to render unusable for radio communications purposes?
Has anyone raised this with ITU / CEPT / Ofcom / FCC about this?
Re: Alien UFO's are Real - True / False...
Not a solid scrap of evidence to say that no god exists either. Of course there's lots and lots of circumstantial, hear-say and personal non-revelations, not to mention fingers-in-ears 'I can't hear you' arguments that get repeated often enough that they're assumed to be incontrovertible fact.
Which God don't you believe in? There are an awful lot of awful ones, and a lot of awful people who use their awful misconception that 'My friend says we're doing it for God so God must approve' as an excuse to do awful things. Politics-dressed-as-religion and hatred-dressed-as-religion and ambition-dressed-as-religion, etc. just tell us that religion is a powerful social force.
My own opinion is they tell us quite a lot about human nature (<sarcasm>deep down there's good in everyone, yeah, it shows</sarcasm>) and basically nothing about why the one who keeps the electrons spinning would decide to get born in a stigmatised way into a despised minority group with a well-proven history of rejecting him. Oh yeah, it was so that he could spend about 3 years as preaching to people who mostly didn't listen and then get tortured to death, that explains it.
Have a very happy Christmas everyone. Don't get so merry you get stupid.
it tuns with elevated privileges...
So.. we can't trust programs that run with elevated privs to check files such as (shock) network access, (horror) upload data, and (gasp) receive OTA updates. Based on this reasoning, and the current rash of Govt.s worldwide giving themselves super-dooper-snooper data-demanding capabilities, do all nations now need their own brand of AV?
Or is it finally the year of the VT100 desktop(TM) ?
Re: 98.2 percent of all statistics
I thought it was 97.4850006487
I thought the whole point of the block chain was that everyone can (has to) verify that block X went to wallet Y, and therefore the transaction is verifiable.
Surely there ought to be a mechanism to undo that? At least partially, even if there's no roll-back due to other transactions, shouldn't the receiving wallet(s) be marked as criminal and so blocked, etc, by all miners everywhere?
Re: ferc is a nice one.
I sincerely hope that excludes power station designs, floor plans etc.
Especially anything that might do that if mistreated -->
Re: What worries me
What worries me even more is that I've seen a big-roadside-screen add showing people how to get to their wonderful site.... just enter our URL into google's search box.
Complete with the http:// bit.
Re: Flying is the easy bit...
I thought it was throwing yourself at the ground and missing.
please can I have a patch for my phone? Tnx.
Dear Reg readers... is there ANY brand of <200quid phones that actually provides long term (> 2year) patch support?
Or, put another way, what are the chances of me ending up with a non-bricked, fully-functional phone if I try installing lineageOS on it?
#10 - 15
10. Ignorant and wicked are the doings of those coders who, in the case of the desktop or the desktop application include a dependency upon systemd.
11. This perverse dependency upon systemd is quite evidently one of the tares that were sown while the greybeards slept.
12. In former times the init process was relevant not after, but before user interaction, as tests of true geekdom.
13. The geeks are freed by devuan from all penalties; they are already dead to systemd, and have a right to be released from them.
14. The imperfect knowledge of the command-line, that is to say, the imperfect globbing, of the GUI-user brings with it, of necessity, great fear; and the smaller the knowledge of globbing, the greater is the fear.
15. This fear and horror is sufficient of itself alone (to say nothing of other things) to constitute the penalty of EMACS, since it is very near to the horror of despair.
100 MW of batteries
100 MWh, or 100 MW in/out for (people in the know) knows how long?
embrace... extend... bloat?
So instead of an out of band unreliable message that works on every mobile phone, those with no smart-phone are left in the cold, those with an ageing phone barely enough spare storage (after all the decent bloating of apps /OS) to run what they want get to give up some more precious MB, and everyone gets pushed into installing another piece of google spy/bloat-ware which needs to regularly contact home and report on us just-in-case....
Is this supposed to be an extension to the otp authenticator app? Google's version is already bigger than the free versions.
:-( The weaknesses are in the Wi-Fi standard itself.
:-( make sure all your devices are updated, and you should also update the firmware of your router.
:-( Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients.
:-( Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, (linux, android >=6 )...
Equifax's malvertising scare, Chromebook TPM RSA key panic, Cuban embassy sonic weapon heard at last – and more
Re: cuba noise sounds like cicadas or other noisy insects
My guess is it was just someone trying to play the violin on the wrong side of the bridge. Or slightly more seriously, a few really badly configured baby monitors or network-over-mains in the embassy electrics doing bad things to the the tube lighting. Someone should stick an oscilloscope on the live wire and start turning things off one by one.
could set off on the right hand side of the road
Been there, done that.
I comes from just having spent ages driving on the wrong side, and thinking "O great, I'm home now, and can relax."
Fortunately I was on my bicycle, so while I and the oncoming car were semi-shocked into a state of utter confusion about what on earth the other was doing on the wrong side of the road, it wasn't too hard for him to actually avoid me.
But you could also do *FX 200,3 or something like that which would, if I remember both disable escape but also clear RAM on a 'soft break' and so make sure no one knew how bad your code was.
Why do I remember this?? I haven't used a BEEB for thirty years!
Re: Are the complainers...
I've got an epson L210, inktank printer. It's about 3 years old now. Was really surprised a few months ago to notice the colour ink maybe needed refilling in the next month, after something like 6-7 reams.. (No, I don't print many colour photos). Another (hopefully) two-three years of printing cost me about £25, if I remember correctly. Sorry HP, I've voted with my feet.
Re: Because It's Not Google
Yes, but they don't want to become /so/ synonymous that the verb becomes leached of meaning. e,g. "Should I hoover that up with the dyson or the electrolux?",
"Did you google with yahoo or altavista back then?"
Re: Fuck a duck!
Five megabytes! You were spoilt.
I started on an 3kb Acorn atom with a bit-banging tape drive... Definitely B+W to start with. I think it ended up having 4 colours..
Some how I doubt it'll run for a week+ on 2AA batteries.
npm is security hole...
This is news?
I worked /that/ out as soon as my first venture into running a node package - from an apt repo - that looked interesting started downloading unsigned packages without asking me.
sudo apt-get purge gnome-exe-thumbnailer
Given the two (plus) nationwide issue, I propose that .bank be 100% required to also include the country code in any registration. That way some innocent doesn't accidentally end up at an organisation in Nigeria when they think they're going to the one just down the road.
Not that I'm suggesting she's innocent>>>>
I've just checked my nominally 50Mbit connection via our local cable TV company (rural Transylvania). According to http://beta.speedtest.net, I'm getting 60Mbit download and 30Mbit upload.
The Older ISP (wireless based) is just being taken over humungous cable company who are offering 300Mbit FTTH for about £3.50 / month. Not sure what the installation fee is. The other problem is that my main router only has only 100Mbit ports... It looks like the router upgrade is going to cost more than a year of internet.
Just in time for 2038
If this law's been around 2 decades, does that mean it's about time for for unix "end of time" compliance reporting to start up?
We must be getting into the era when hardware (IoT?) is going to last long enough that this is a problem.
That by the time it reached that sort of level someone's gone over the code and removed any storage bloat quite carefully.
On the other hand, maybe it's all running in Java and burning someone else's cash...
OK, I recant my bit about "most" impacts, as measured per hit. But I stand by my argument regarding plasma, since I'm pretty sure that's far more prevalent in higher velocity impacts, and so for real velocity you want to look at plasma-creating dust, not so much debris.
@Bill Gray "Low-earth orbital speed is 8 km/s, relative to the earth's center. Most satellites, and therefore I assume most dust, is in lower/medium-inclination orbits,"
Urm, to me (out of the field for a few decades, I admit) Dust=natural, debris=paint flakes, dropped zips, ASAT tests, and of course impact ejecta.
Dust, by the time it's dropped down the gravity well can be prograde or retrograde, at any inclination, and (back when I was studying this stuff) is/was considered a significant source.
Hmm... looked it up. Dust impacts on the space face of NASA's 69 month LDEF experiment consistent with the natural flux at an average impact velocity of 15km/s. So, 15km/s average, with a random inclination, and you're going 7.8km/s or there-abouts, in LEO circular orbit, faster for elliptical orbits, of course.
I'll leave the calculation about if we can or can't just average the max & min (15 +/- 7.8km/s) because of the "running into the rain effect" as an exercise to the student. I know it's spawned papers....
5-10km/s? Come /on/ people, I know that's an attainable lab speed, but admit it, it's really slow. "Most" orbital impacts are going to be 10-14km/s, and get some Perseid particles involved and it's 67 or something.
ICON: Mine's the one with the 20 year old space debris conference proceedings in it.>>>
Re: Poweredge T20?
I've just found my 2nd hand fujitsu celcius. But the patch is windows only, and it arrived from the
refurbisher running linux.