I actually want to compliment El Reg on that one - beautiful job :)
Posts by Fred Flintstone
3106 publicly visible posts • joined 9 Jun 2009
Page:
UK cops trial £250k drone squadron
Security bods disclose lock bypass bug in iOS
Nest bricks Revolv home automation hubs, because evolution
Truly crap exhibition dumped on Isle of Wight
'Panama papers' came from email server hack at Mossack Fonseca
FreeBSD 10.3 lands
Re: Who uses FreeBSD in preference to Linux and why?
Security through obscurity may get laughed at, but it's difficult to pull off a convincing laugh when oneself has been hacked and the weird guy with the what-in-the-hell-is-that OS is running quite happily totally unaffected.
Let me correct you here, it's security through diversity. You're not hiding what you're doing (although it's fun to tweak the IP stack so an nmap -O provides a different output), and it has been the mainstay of any good defence strategy by ensuring that you never had the same two firewalls in subsequent layers (so a bug in one could not affect the other).
The "I Love You" virus was IMHO in that respect a wake up call. It demonstrated just what could happen if you have a monoculture, whole platforms fell like dominos resulting in outages sometimes for a whole week (no, we didn't have the problem, but that was more because we didn't run Outlook).
Elon Musk takes wraps off planet-saving Model 3 vapourmobile
Re: Interesting - Just hope the dates match up.
But it doesn't need service as much as a traditional car!
That's actually a very interesting point - does anyone know how much service a Tesla needs?
There's still brake fluid that needs replacing biannually, and I would imagine the moving parts will still need some lubrication but I'd be quite interested to know how much maintenance the motors and the batteries need.
Bash on Windows. Repeat, Microsoft demos Bash on Windows
Apple's fruitless rootless security broken by code that fits in a tweet
Re: OpenBSD Pledge?
Would the way the OpenBSD project is going be any better with 'pledge'?
No idea. It will leave it a lot shinier, though.
The one with the IKEA bills, thanks.
Here's a great idea: Let's make a gun that looks like a mobile phone
FBI: Er, no, we won't reveal how we unmask and torpedo Tor pedos
Indeed, I don't want to see their code. I want to see their warrant.
No, you need both, or you are basing on an assumption that the FBI has done the right thing, and that is far from certain. We have already seen in Apple vs FBI That they have no problem gaming the system, the last shred of trust has in my opinion been destroyed.
Evidence based on unassessed or unexplained technology should be as inadmissible as evidence obtained through magic - in the eyes of people without technical competence they are, after all, indistinguishable..
Something useful from Cupertino?! Apple sees the light – finally
Re: Obviously a definition of "new" that I was previously unaware of
Is this type of thing patentable and who had the patent, anyway?
Probably the researchers who discovered the effect light has on us. f.lux and the rest were just ahead of the curve, but the original concept belongs with the researchers. However, there is no OSX implementation yet so I'll keep f.lux nicely where it is..
FBI backs down against Apple: Feds may be able to crack killer's iPhone without iGiant's help
Apple stuns world with Donald Trump iPhone
You're absolutely right. There used to be a saying that giving any comment on a competitor -even negative- was marketing. Not only is it weak, but it also highlights that competitor as one you actually care enough about to mention them.
I would keep that man away from any ability to make public statements. Especially someone who actually ADMITS to being in marketing let alone be "boss of" ought to know better.
Microsoft will rest its jackboot on Windows 7, 8.1's throat on new Intel CPUs in 2018 – not 2017
Re: Microsoft has lost it's way.
And that test-based interface you sneer at? Quite often I use KDE to throw up a terminal screen so I can use it for those tasks where no GUI is quite as slick or where I need the world's best text editor.
I can remember the days of Slackware on floppies where the main reason to get XWindows up was to have more command lines on one screen, and because Unix platform and UI are decoupled, quite a few command lines were not even local but exported from servers somewhere else in the world.
This lead fairly rapidly to escape codes for command lines and terminal window headings so you didn't accidentally do something terminal to a live server (following the adage that experience is something you acquire AFTER you need it :) )..
Apple engineers rebel, refuse to work on iOS amid FBI iPhone battle
Re: You're missing one point
What would be most helpful to Apple at this junction would be proof that the FBI actually already has the ability to get past the current sticking point they claim to be at--whether that ability is original in-house, or available through their friendly, neighbourhood NSAgent, or whatever... Such proof would certainly blow the lid off of the the FBI-initiated theatre that is now playing out.
I must admit that I'd love to be a fly on the wall in FBI HQ when something like that would leak..
New York senator proposes tax credit for open-source developers
How to make the trains run on time? Satellites. That's how
Make the trains run on thyme...?
Hotel light control hack illuminates lamentable state of IoT security
Re: All that capability..
This highly creative activity can be highly technical, simply clever, or both.
What I miss in there are words like "amusing" and "funny". Sometimes the very idea is mad enough to follow up - no extra motivation required.
Rights warriors slam US-Europe pact on personal info slurp, urge reforms
What isn't beyond EU policymakers is to simply say no to data transfers until the US behaves itself.
Although I'd agree, there are three problems with that.
1 - MASSIVE amounts of companies and people have fallen for the "your data is safe with us, we're the nice guys" ruse of the bigger data thieves such as Google and Facebook, or do you really think that any mention of the word "security" in any conversation is for YOUR benefit? That's not something that will unwind itself quickly, especially since myth 2 prevents company management from switching: it's "cheaper" (until it fails). If even the UK government uses Google for data internal to the government, what chance does the average citizen have? In that context I would like to visit a pox on companies that use things like Facebook and Twatter for their only customer interface because it forces their customers to agree to their onerous terms just to get support (we've canned 3 companies over the last month alone for trying this one).
2 - We don't have the same size companies here. The massive benefit of the US market is that it's unified, whereas in the EU we still basically have a lot of legislative islands. This means if you can spin up a company fast enough in the US (read: solve an actual problem and have lost of investor cash to keep pushing), you can become big VERY fast to the point that you can more or less buy the laws you have been ignoring up until that point. You can't do that in Europe, which makes for better and more ethical products but it makes it harder to get something sizeable off the ground. Not impossible, but *a lot* harder.
3 - the problem in the US is legislation, and that is not exactly a trivial one to fix. You cannot undo a mess that took over 2 decades to grow in a few years, especially not by proxy from the outside.
In that respect I laugh at the whole Privacy Shield idea: it's yet another ruse with a fancy name, but it is only a ruse, a mirage, a fiction. It is a political fix to for what is in effect a massive legal problem that cannot be fixed overnight.
Personally I'd prefer a holding pattern: no NEW services should be bought. Let be what is, and make people aware so they can exit the companies that use US resources, but make it impossible to buy NEW services. A slowing down revenue stream is far more effective than quick fixes because it cannot be explained away as a blip, it's a trend. And a trend is scary for people who are 90% emotional. (apologies for referring to this article again, but it's worth reading - not because of Trump, but because of the fairly sensible assertion behind it).
New-economy poster child LivingSocial slashes staff amid another startup collapse
Re: Hipsters don't have money
Investors do, and in their desperation to eke out returns in an era of effectively negative interest rates, they piled into VC without understanding how to gauge a startup, thus the surge of dumb money following the herd.
Absolutely. This is another lesson from the Trump campaign: people are 90% irrational, and in my opinion you get rid of the last 10% by making them panic.
Millions menaced as ransomware-smuggling ads pollute top websites
Re: Checks for anti-virus?
"Are there any PCs without anti-virus products which are not already infected?"
Yeah. Mine.
And no, I'm not running Linux or BSD. Running Windows 7.
Yes, I'm sure.
I think the OP meant systems actually connected to the Internet :)
Joking aside, you can secure any system. The difference is how much effort is takes to secure it and maintain that security, which is where you make your choices.
Mechanic computers used to pwn cars in new model-agnostic attack
ExoMars mission thunders aloft from Baikonur
Love the retro feel..
I rather love the retro quality of this video. On the one side of the planet we have people hyping 4K television, on the other side we have rather important events seen through a camera that, judging by the image quality, was manufactured somewhere in the early 90s.
Bonus feature is an audio track that could have been lifted straight of the old "Moonraker" Bond movie, complete with echo.
All I'm missing is a guy in a chair busy generating static electricity by means of a cat..
Auto vulnerability scanners turn up mostly false positives
You need both..
I can't see the binary choice there, sorry.
You use an automated scanner because it's MUCH faster than a human going through established vulnerabilities, and then you use a human to interpret the result. A vulnerability scanner is a tool, but it's output requires interpretation in the same way that non-medical staff can look at an EKG and probably work out that the patient is still alive but it takes a specialist to distinguish anomalies from normal variations.
You use a human for 2 reasons: 1 - to identify issues and 2 - to discard even CORRECT positives if they represent no actual actionable risk. That's what you pay someone for, but that's also why you license scanners such as Nessus: you don't want that expensive person wasting his or her time on doing what is in essence script kiddie work.
Maybe I haven't had enough coffee yet, but I fail to see the insight or news here. High false positives? Well, tune the tool or flame the supplier, but you need AND the humans AND the tech.
Microsoft's done a terrible job with its Windows 10 nagware
You say I mustn’t write down my password? Let me make a note of that
Re: stick notes ?
I have a friend who can't remember his wife or kids' names, drives him nuts but he just can't do it
There is an XKCD cartoon for that too (one of my personal favourites) :).
2016: Bad USB sticks, evil webpages, booby-trapped font files still menace Windows PCs
Boffins bust biometrics with inkjet printer
Re: It very much depends on the reader
citation required. Not in any of the US airports I've used in the last several years.
Maybe if you fly inland, but if you're a foreigner they want their scan (or they just had something against me personally, but the whole row of terminals was scanner equipped :) ). They also photograph you while you're giving your prints. Although they tried not to be too obvious about it they simply don't do subtle very well :).
Microsoft seeks Comcast subpoena to nab activation pirates
Why is this news?
To be honest, this is your normal bread-and-butter law enforcement. Suspected crime with enough evidence to pass due process, warrant for information. That's how it is supposed to work.
Or is it because it involves Microsoft and they can't play a "you wouldn't steal a handbag" video before the installer starts? :)
Essex cop abused police IT systems to snoop on his in-laws
Uncle Sam's boffins stumble upon battery storage holy grail
Regenerative towing?
I'm wondering how you get the vehicle home for a recharge
I have seen Tesla's towed, but I'm wondering if towing wouldn't be one way to get some charge back into the batteries (slowly, of course, or it would be hard to tow). Regenerative braking without the braking, so to speak.
McDonald's Sweden adds fries to VR
We survived a five-hour butt-numbing Congress hearing on FBI-Apple ... so you don't have to
Re: Yes, you CAN remove the "non-volatile memory".
As far as I can tell, the long term goal is to brute force a return to their golden days of the Clipper chip backdoor, this time by setting a precedent to enable unprecedented legal harassment.
The phone and its content is merely incidental, a tool to game the legal system, the press and the politicians.
And from the comments I read here on El Reg, I daresay those of you across the pond feel the same way about Parliament.
It's more a source of frustration and sadness. There is so much potential wasted in a great nation by a dangerous mixture of idiocy and self interest that I despair at this ever righting itself without some pretty aggressive corrections, not helped by the fact that everyone has guns. The fact that there are only two political parties (again mainly focused on their own interest) is not helping either.
There are a lot of good things that the US can do globally, but it does indeed require some sanity to return to the way it is governed. So far, the signs are not that good :(
XMA shutters its City pad, will service London from St Albans
Re: I wonder when that racket will hollow out?
When you can get 10Gbs fibre-to-your-headquarters in the Outer Hebrides.
No need - I have access to high speed satcomms with low enough latency to even make phone calls possible. I can have a link up in 30 minutes after arrival, the only delay is proper fittings for the dish :).
Google robo-car backs into bendy-bus in California
Microsoft gets into the advanced intrusion sniffer game – but only for Windows 10
Irate IT distributors chase Amazon over unpaid bills
Re: Amazon's "Uh oh" moment:
Hmm, I would still agree with suppliers walking away from Amazon.
There is no point in being able to reach "millions of customers" if you don't actually get paid for it - you might as well take less of a hit on your margins and re-establish a direct contact with your customers. It also reduces leverage - YOU remain in control. But it will take a bit more work.
Having said that, quite a lot of these mega-startups are starting to piss off customers. At some point there will be a competitor taking those away and the cycle starts anew.