Just a seal...
Well a seal is just as likely to eat your face, if there is a shortage of blue sharks to munch on...
http://i.dailymail.co.uk/i/pix/2013/01/29/article-0-173BCD69000005DC-968_634x555.jpg
Posts by ElReg!comments!Pierre
2711 publicly visible posts • joined 22 Jun 2009
Page:
Australia puts 300 sharks on Twitter
You're spending WHAT on iPhone 6? Wells Fargo downgrades Apple stock
Thursday 2nd January 2014 17:50 GMT
Re: They haven't since about 2007
"If you mean no espresso machine, fair enough. If you mean the iPhone 5 has feature parity with iPhone 1 then I'll have some of what you're smoking please."
True. The iPhone 5 has cut and paste, for a start!
More seriously, AC's point was that the iPhone 1 had significantly fewer features than pre-existing smartphones, has set the trend for other smartphone makers to cut features, and that smartphones are just getting back to where they were in 2007.
I don't know if AC is right but I do know AC meant that because I tried that newfangled thing they call "reading his post". Not that I expect it to gain significant traction in El Reg's comments section...
CryptoLocker creeps lure victims with fake Adobe, Microsoft activation codes
Thursday 2nd January 2014 17:31 GMT
Re: Bastards....
This story has fuck all to do with software piracy; the fuckers disguised their nasty as oft-downloaded stuff, is all.
Although I do seem to struggle to gather any significant amount of sympathy for people who try and download cracked MSOffice copies: it hurts the competition. Just get OpenOffice or LibreOffice or any other in the myriad of open source office software around, it's not like there's a shortage.
Thursday 2nd January 2014 17:20 GMT
Re: Bye Bye BitCoin
> Without untraceable BitCoin, the culprits being CryptoLocker would struggle to collect their cash.
Nonsense. Ransomware is not new, they use a lot of different methods to collect money like pre-paid credit cards, Western Union, and pretty much anything else that cannot be easily traced.
IBM spends holiday season wrangling e-tail FAIL
Thursday 2nd January 2014 09:11 GMT
Re: Whatever,
I know I do. Not very often, but a couple times a year. Usually when I'm after something that no brick-and-mortar shop has in stock; it saves me at least a week in waiting time, plus usually a bit of cash. Plus, some cool things are only available that way; that's how I got my Pis, for example.
And then there's everything job-related...
Haswell micro: Intel’s Next Unit of Computing desktop PC
Thursday 2nd January 2014 09:48 GMT
Neat in a way, but too "middle ground" for me.
The thing looks nice, but it's not for me. It couls be a pretty good media center but is way overkill (and over budget) for that, or it could be a nice unobtrusive desktop but is too limited (I like being able to swap parts, add a drive, etc, so full-blown tower it is for me I'm afraid).
And then there's the power cord, which together with it's (too nice) graphics makes it quite unsuitable for server use.
Still, nice little machine, I wish it well.
Boffins invent LUMINOUS PIGS again, glow-in-dark bacon sarnies presumably imminent
Thursday 2nd January 2014 09:22 GMT
Re: "could one day be used to inject useful DNA into human embryos"
Calm down lad, it's not what the man suggested, at all. He was talking about using the pigs as enzyme-making factories, the enzymes being then administered to human. It's a long way from gene therapy.
Gene therapy has been famously tested in cystic fibrosis, a very simple autosomal monogenic disease, and it failed for reasons that are still being investigated. Congenital haemophilia is a wholly more complicated beast, being gonosomal (single-allele in men, that means trouble) and very subtle (if you over-correct, you clog the blood vessels -> death, most likely antenatal).
So, no DNA injection in human embryo yet for haemophilia; "just" medicine-producing pigs.
Yes, the BBC still uses FTP. And yes, a Russian crook hacked the server
Tuesday 31st December 2013 16:04 GMT
Re: If it's not broke...
> There is also FTPS
I don't usually consider FTPS a separate protocol; it's still FTP
> a software bug leading to rights escalation and so could just as easily affect SCP/SFTP.
Indeed. Especially SCP, which is known to be vulnerable (which is why most "scp" clients actually use SFTP under the hood).
Tuesday 31st December 2013 11:03 GMT
Re: If it's not broke...
Yup, nothing wrong with FTP if you ask me. It's simple, robust and can be made as secure as a remote connection can be. Certainly the method of choice for the Beeb's field reporters, safer and more robust than pretty much anything more "current", bar sFTP (which ain't that "current" itself, if a good 20 years younger).
US Department of Justice details Kim Dotcom evidence
Tuesday 31st December 2013 11:35 GMT
Re: The usual, inflating the crimes.
> However, on each item there was a load of links, but he would leave all the others active and the file still avaliable.,If that's true, then that;s really not "making every reasonable effort".
You have to remember that MegaUpload was a file locker. That is, you could upload content there and access it from wherever you wanted. Nothing prevents you from putting your entire collection of copyrighted music and films in there, for your own use*; what was deemed illegal was the subsequent distribution of links to world+dog.
The _distribution_ of the link only, because obviously you'd have to retain a link for you to access your own stuff. So the appropriate remedy to a copyright infringement by link distribution would be to remove the distributed link.
Removal of the material on the server is not appropriate, as it's perfectly legal for anyone to put copyrighted material up there in what wasn't called The Cloud yet. Plus, MegaUpload was probably technically advanced enough to have de-duplication going on like crazy, which means that they most definitely did NOT host 349,076,454 separate copies of Never Gonna Give You Up.
So, the distribution of the links was a breach of copyright. When notified, MegaUpload removed the infringing link (which was infringing only in that it was distributed, remember). There was no real way nor reason to remove the file from the server, so this wasn't done.
Seems pretty reasonnable to me. Then again in the opposite corner we have people who think that 120 years of royalties is still too short to provide adequate remuneration to the shareholders, so clearly we don't have the same understanding of the word "reasonnable".
Tuesday 24th December 2013 11:14 GMT
Re: He refused to allow the NSA snooping rights.
> But in that case, how can Mega also be inside the scope of US jurisdiction when it comes to this vengeful extradition attempt?
Some of the servers Mega used were physically located in the US. It's on the wrong side of tenuous but that's what they used. If it hadn't been the case they would probably have used something like "some of the traffic went through US tubes", or "some US citizens were exposed to it" (as was used to seize domain used by foreign gambling sites).
Monday 23rd December 2013 15:32 GMT
Re: He refused to allow the NSA snooping rights.
In my opinion you're closer to the truth than many may think.
When it comes to distribution of copyrighted material, MegaUpload is no worst than, say, DropBox. But DropBox anchored in the US under US juridiction and so acronym agencies have direct access to everything that happens there.
Now where's a good tinfoil hat when you need one?
Monday 23rd December 2013 13:38 GMT
Re: To those who approve of Kim Dotcom
>To those who approve of Kim Dotcom
Disapproving of the prosecution methods does not mean approval of the fat moron; same as reticences to carpet-bomb Iraq's civilian populations did not mean approval of Hussein's regime.
>Do you advocate us taking what you own and working for free?
Do you advocate foreign special forces illegally busting your door at the little hours and stealing your customers' property without reason or warning and without providing a way for them to get their stuff back?
>chauvinist argument
"Chauvinist" does not mean what you think it does.
> When Karl Marx advocated out of pity for the starving proletariat of the 1840s, the abolition of private property
Karl Marx did not advocate the abolition of private property, nor did he do anything out of pity for the starving proletariat of the 1840s. It was "private property of the means of production" and there was nothing about pity; Marx was a philosopher and an economist, not a charity.
The rest of your post seems to be some kind of headless rambling, it's hard to see you point, you should probably rephrase. Focus on one idea per sentence, it usually helps.
Monday 23rd December 2013 13:08 GMT
> Produce proof that Akamai is *knowingly* distributing pirated copyright material and that may well happen.[...] he seems an intelligent man [...] he couldn't possibly be under the impression all those people were paying a subscription just to distribute a lot of personal date, Linux distributions or gigabytes of their own personal compositions?
Dat. Argument.
I'm afraid I don't really share your admiration for Kim Dotcom, he does not seem like an intelligent man to me, but that's not the point. A lot of people were using MegaUppload for legitimate content, as a lot of people are using DropBox for legitimate content, too. Be it images of Linux distros, GB of their personnal compositions, "personnal date" (?) or copyrighted works (which you have every right to store wherever you want, including DropBox or Megaupload, should you so desire).
Apple wants sales ban on Samsung smartphones nobody is selling
Tuesday 31st December 2013 10:19 GMT 
I'm going to be a Samsungite, do I have to choose sides?
Apparently the Mighty Handbrake gets nervous when I'm alone on my bike for a long trip, so she's handing me her old Sammy*. Does that mean I have to kick Apple users in the nards when I spot one in the street?
More importantly, will that be a valid defence in court? Waddia mean, "aggravated battery"? He pulled his iPhone on me without provocation!
Cheers!
*for the paramedic to call her in case anything happen, I guess, as I can't picture myself dialing her from the freeway...
Samsung: Men, our Gear smartwatch will make you a hit with the sexy ladies
Tuesday 24th December 2013 14:11 GMT
Re: I'm sorry, can someone explain?
> Samsung fanboy perhaps?
Not particularly, no. I don't own any end-user product made by them (although I am well aware that some components of my stuff may come from them).
> Not shocked at the advertised stalk-mode camera?
It has a camera cunningly camouflaged as big black lens protruding in the middle of a bright orange plasic band, if that's what you mean by "advertised stalk-mode camera". What does it have to do with anything (apprt from being somewat ugly)?
Tuesday 24th December 2013 10:52 GMT
I'm sorry, can someone explain?
I just watched the thing (without sound obviously, cuz you know, work) and I found it several times less annoying than pretty much any of the other ads currently being broacast. Does it have something to do with the soundtrack, or is it the "people using pointless gadgetry to impress the opposite sex" part that is getting your panties in a twist? Because I'm pretty sure that's been standard operating procedure since Adam lost a rib. Childish perhaps, but shocking? I think not.
Feminist Software Foundation gets grumpy with GitHub … or does it?
Torvalds: Linux devs may 'cry into our lonely beers' at Christmas
Tuesday 24th December 2013 11:50 GMT
Re: You shouldn't plan to have more than one RC, although you can have as many as you like.
Yes, that's snake oil merchants' strategy: "we'll have only one RC and we'll be perfect, honest". Meanwhile, responsible people in charge of a very complex project like the Linux kernel have a reasonnable roadmap based on history of bug finding and bugfix time. Remember that every bugfix has to be tested in the whole RC before it can be deemed safe; inevitably some bugfixes will create issues with other parts, and all this needs to be ironed out a couple times before it's stable enough to power ~80% of the world's computers. Planning a single RC would be an obvious lie, a bit like saying that your new car will cost you $30 in maintenance over it's entire life because that's the cost of the first oil change, and why would you plan for anything else, ever?
We don't need no STEENKIN' exploit brokers: Let's FLATTEN all bug bounties
Monday 23rd December 2013 17:52 GMT
> half-arsed coding during the weekend for Internet-facing software by C++11 hackers freshly out of uni
Where it would be an improvement... Copy-pasted PHP with a dash of horrendous java seems to be the norm. Developpment has to go through a committee of non-technical people, charged with putting together a spec. Of course it ends up beeing a mix between Miss Marple's understanding of computers and the latest fake gizmo they saw on NCIS, only even blurrier. They outsource that to the lowest bidder, they usually get a quick-and-dirty rehash of a database frontend the contractor had lying around, and then starts the haggling period (~a year) in which the committee asks for a mod, the contractor applies a dirty patch to make it more or less happen, lathe, rinse, repeat ad nauseam. And then when the committee is satisfied with the Frankenstein monster of a clusterfuck it has become, they call in the tech people and say: "It costs us 250000 so you'd better make it work".
It's good that we have a zero-tolerance policy about people showing up at work when sick, because if someone was to sneeze too close to the servers on which these horrors are running, Dog knows what would happen.
Monday 23rd December 2013 17:32 GMT
The amount is not the problem
You can get into really serious problems for discovering a vuln and letting the vendor know about it. The problem is not about Google paying too little for bugs, it's about the gazillion other firms willing to set the legal dogs on anyone suggesting their stuff may be less than perfect.
Attrition.org has a non-exhaustive list of such behaviours: http://attrition.org/errata/legal_threats/
This "uniform reward" thing is stupid; most hackers I know aren't in it for the money anyway, a step towards protection against revenge lawsuits, and perhaps not being considered a threat to national security, would help much more.
How much did NSA pay to put a backdoor in RSA crypto? Try $10m – report
Monday 23rd December 2013 16:22 GMT
Re: unlike in the UK.... @Tom13
I think you'll find that by the time the US got involved in Europe, USSR had pretty comprehensively thrashed Germany. All the valid troops were busy on the East front trying to contain the Russians; all that was left on the West "front" on D-day was a shell of concrete vaguely manned by kids and geezers. The last real westward effort of Germany was the Battle of Britain, which they lost to the Brits.
The US did beat the crap out of Japan, that we can all agree on.
Monday 23rd December 2013 16:01 GMT
Re: Don Jefe "Comparing to Naziism and Stalinism does not boulster your case."
Who are all these principals you keep referring to? Some very principled persons it seems. Some friends of that Mr Boulster you mention in the title? Though Charles Manning is to blame for this one I suppose.
I somewhat agree with your point but those really hurt my poor lil' eyes.
'F*** off, Google!' Protest blockades Google staff bus AGAIN – and Apple's
Monday 23rd December 2013 10:22 GMT 
Blockaded, heh?
Even if* we allow that godawful barbarism to mean "subjected to a blockade", it's use is improper here. With an extreme stretch of the language boundaries Google's campus was "blockaded", not the bus.
I hope that this comment will not be blockadedized, although moderators are soft on the blockadedizationer button these days.
*(and that's a big if)
DJANGO UNCHAINED: Don't let 'preview' apps put you off Fedora 20
Monday 23rd December 2013 11:42 GMT
"If you're a fan of GNOME 3 and the GNOME Shell"
I stopped right there. It's probably a bit unfair, as Gnome probably evolved quite a bit since I used it and came to the conclusion that it is a steaming pile of shit, but there you have it. And I tried to like it, too. My conclusion was that it missed a lot of the integration, bells and whistles that KDE had, for roughly the same pharaonic ressource consumption. Gnome also had a bizarre fixation on using an arcane, not text-editor-friendly config system which made it a PITA to maintain. After a few years of trying, I switched all my graphical, luser-friendly machines to XFCE.
Unlocking CryptoLocker: How infosec bods hunt the fiends behind it
How Britain could have invented the iPhone: And how the Quangocracy cocked it up
I KNOW how to SAVE Microsoft. Give Windows 8 away for FREE – analyst
Thursday 12th December 2013 09:44 GMT
Re: This is nonsense of the highest order. (Mad Mike)
> So, it is critical they keep Windows position, even if they have to give it away for free.
And if they DON'T give it away for free but keep charging $40, which OS do you reckon will replace Windows?
In any case from the home user point of view they DO give it away for free, as you generally can't get a windows-free machine for less than a machine with Windows pre-installed*. The channel is taking the hit, not the end user.
As for enterprise, a lot more arguments come into play, especially with bundled and volume licensing the OS is often free, too. Plus, in a big organisation jumping OS is not a decision you make based on few bucks per machine.
*there are exceptions but they are few and far appart
Wednesday 11th December 2013 15:26 GMT
Of course it will change everything... oh wait
So, let's say Windows 8 is available for free. We have a bunch of machines here that run reasonnably well under XP, it would be nice to upgrade them... what do you mean, "they won't run Windows 8"?
Oh well, we'll buy new machines then, with Windows 8 for free they're gonna be cheap as chips, surely. What do you mean, "it only shaves $80 from the price"?
Frankly I don't see a free Windows 8 giveaway making the slightest change in PC purchase decisions; it won't make a difference in "customer goodwill" as most customers have litterally no clue about the price of the OS; most don't even know that hardware and software are two different things. It could theoretically curb Linux and other Alt-OS adoption on the desktop, however I reckon most people who end up using a free OS instead of Windows do it for the free-as-in-freedom aspect, not for the free-as-in-beer one. Plus the numbers aren't exactly threatening for MS right now (as much as I regret it).
You can't spell "analyst" without spelling "yst", it would seem. Oh look what Apple did now, surely I can sell an article saying MS are doomed if they don't do the same. After all these Apple chaps are pretty smart aren't they.
Malware+pr0n surge follows police op to kill illicit streaming sites
French gov used fake Google certificate to read its workers' traffic
FreeBSD abandoning hardware randomness
Tuesday 10th December 2013 16:15 GMT
Re: Linux wasn't using RDRAND directly
> Processors are much bigger physically than 8x the size they were in 1983
ORLY? the iAPX 432 die was 345 mm². Times 8 that's 2760 mm², or a bit more than 5x5 cm, for the processing die alone, not the package. Ivy Bridge is 160 mm²... a bit less than half the size of iAPX 432.
So whatever the secret NSA-addeed instructions may be, they must be written in a somewhat smaller case than the iAPX ones were.
Tuesday 10th December 2013 14:41 GMT
Re: AVEGED
> it seems HAVEGED can do the job pretty well, be it on your computer or your Android phone
Yes, but HAVEGE originates from a French institute (http://www.irisa.fr/caps/projects/hipsor/index.php) and so is likely to fart in your general direction, you son of silly persons.
* Attached to the Uni I got my Master from, as luck would have it
Tuesday 10th December 2013 12:51 GMT
Re: "Not everybody believes that RDRAND falls into the same category"
> My understanding is that pseudo random number generators have nothing to do with providing entropy which is what this is all about. What Linux does is XOR the rrand provided values with other sources of entropy
Mmmmyes, and that's what I wrote, isn't it?
> a commentator here http://security.stackexchange.com/questions/42164/rdrand-from-dev-random says that may not be a good idea either.
Messing with the XOR instruction so that it behaves differently when used with RDRAND as an input is a different issue that was brought up mainly by the tinfoil hat brigade; it would be hard to implement, trivial to detect, trivial to defeat and would be an awful lot of investment for something bound to target only one implementation of one system. Plus, it would be pure commercial suicide.
Open source bods magic up Qualcomm tech to unlock Internet of Things
Tuesday 10th December 2013 12:01 GMT
"the mountainous issue of data privacy"
It's indeed the problem, and not just for medical applications.
Perhaps more mountainous for BlueTooth as it inherits from it previous incarnations the reputation of being the most insecure communication channel ever. Reputations like that tend to linger on even when the basis for them has disappeared.
Regardless of the communication method, the "IoT" will need to adress the fact that it would be putting a _lot_ of very personnal information in the open, and the communication stage is perhaps the less problematic. Because all this data is going to be stored somewhere, and the real questions here are "how", "where", asd "for how long".
Fiendish CryptoLocker ransomware survives hacktivists' takedown
Friday 6th December 2013 17:56 GMT
Re: backups and...
> Am I mistaken in thinking that if the Linux box was managing the copy-on-write with snapshots (say every hour/day etc...) and exposing the filesystem as SAMBA (or whatever) to a windows guest, that cryptlocker would come in and mess up files (I am assuming users home directories), but since copy-on-write , the old version would still be around?
You're mixing things. CryptLocker will attempt to encrypt every filesystem that is visible to the machine it's running on. A secure way to do it would be to have the host perform a snapsot of the VM every now and then, without involving the guest at all, and with no access -no write access at least- from the guest to the snapshot. That's usually built in the virtual machine manager, for a very good reason. If the guest OS (Windows) is the one requesting the archiving writes, then it's at least partly vulnerable as the malware will be "aware" of the existence of the "archive" filesystem and will attempt to encrypt it as well. SAMBA especially sounds like a bad idea, FTP is probably easier to lock down.
In short, as long as the system running the malware has write access to the "backup", you're toast.
Biting the hand that feeds IT
