Wow. That's nearly as bad as an extra 3 Passats.
Posts by Adam 1
2545 publicly visible posts • joined 7 May 2012
Page:
California methane well leak filled a Rose Bowl a day
'I bet Russian hackers weren't expecting their target to suck so epically hard as this'
Friday 26th February 2016 08:03 GMT
Re: RIGHT!
@Tridac
Most of the time you see the count down style, it is of the form
for (int i=list.Count-1; i>=0; i++)
{
if (!list[i].IsStillNeeded)
{
list.RemoveAt(i);
}
}
That has its own risk if you attempt with an upwards counting list. Another example is a locate last item in the list matching some criteria.
Don't take a Leaf out of this book: Nissan electric car app has ZERO authentication
Thursday 25th February 2016 20:22 GMT
Re: Dear Reg,
It returns the last time the car was used and the number of km driven.
Imagine someone with a creepy ex who knows the VIN and can now take a pretty good guess at whose house they are now staying at. Or when it says it is charging and they know that pretty much guarantees that the car is at their targets house.
Note that the APIs tested were read only, or at worst activated the climate control, but that doesn't mean there aren't other remote unlock and find my car calls that haven't made their way into the app as yet but may be supported on the server. Setting up a WiFi pineapple next to free fast chargers to get the VIN and then unlock it.
It's bad enough that they should have worked alongside the researchers to minimise the attack surface and buy time to fix it properly.
Thursday 25th February 2016 06:53 GMT
Updating the smartphone app is the easy part. Both play and apple store will push the notification to your phone and you press install. Simples!
The hard bit is upgrading the firmware in the leaf itself to authenticate the various API calls. At least, I really hope that involves a trip to Nissan with a USB cable in hand and not some other unauthenticated API to reflash things.. .
US boffins propose yet another low-low power Wi-Fi for Things
NASA boffin wants FRIKKIN LASERS to propel lightsails
Lithium ion batteries banned from passenger aircraft holds
Spare ship found to fix broken submarine cable slowing Oz internet
ADpocalypse NOW: Three raises the stakes
Sunday 21st February 2016 23:12 GMT
Re: Hahahahahahaha
> then the site becomes solely responsible for it. If they start including malware in their content then they're going to have to face the legal consequences
Firstly, I fully appreciate what you are getting at here. Every single occasion that I have seen pwned advertising infect users via web ads, it has always been the fault of some nameless intermediary. Not the site. Not even the ad network. Yet the viewer is the one left carrying the can. Site's are happy to take the (tiny) revenue but not the responsibility. And I am talking literally every occasion from big name sites even security researchers.
The question is whether pushing it to the publisher themselves will fix this. I have my doubts. We have literally just seen a reasonably known OS vendor just ask everyone to reinstall the whole OS because their website got pwned and hosted a backdoored version. Oh yeah, someone else's fault (WP). Nice, but who is carrying the can.... Again.....
Under-fire Apple backs down, crafts new iOS to kill security safeguard
Shopping for PCs? This is what you'll be offered in 2016
Monday 15th February 2016 21:38 GMT
Re: "Nobody needs to load software from disc any more"
> I am living, travelling and working on my motorhome with my own network on board
It's possible that you may not be the target market of large OEMs line Dell or Lenovo. Dropping the DVD drive let's them bring the per unit costs down by £20. Less to screw in, less SATA cables, less power cables as well. They can then either drop the price or bump the CPU or RAM or a slightly larger monitor over their competition.
Then again, perhaps the strategy of chasing the motorhoming system administrator market may go someway in explainiy HP's profit figures?
How to build a plane that never needs to land
Monday 15th February 2016 00:29 GMT
Re: 2000 hour inspection cycle
My understanding about much of the fatigue was that it related to the expansion and contraction of the materials as the relative air pressures change (inside vs outside). Planes that do a lot of short hops have more stresses than one doing long distance for the same km.
When asked 'What's a .CNT file?' there's a polite way to answer
Sick and tired of modern Windows? Upgrade to Windows 3.1 today – in your web browser
Hollywood gives up speculative invoicing attempt in Australia
Thursday 11th February 2016 21:07 GMT
Re: Expect the decision to be overturned.
Expect the decision to be not overturned. It is the correct application* under Australian law**. It is not considered a criminal offence*** under Australian law and so damages payments should not be punitive. The pirate will be liable for the purchase price plus reasonable administration costs, so they don't "get away with it" as such. Those administration costs could reasonably be several 10s of dollars which makes it a rather expensive way of acquiring films but isn't going to push people into financial ruin either.
DBC didn't play ball here (in spite of the obvious benefit of recouping lost income) because they really just want to find some chickens to kill to frighten the monkeys.
*IANAL etc
**but agree if you are referring to some way that the TPP will roger our laws.
***at personal use levels. Becomes criminal if you do it for commercial gain.
Australian astroboffins reveal hundreds of hidden galaxies
Scary RAM-gobbling bug in SQL Server 2014 exposed by Visual Studio online outage
Tuesday 9th February 2016 22:14 GMT
Actually knowing your vendor will be upfront and wear their mea culpa in public rather than behind legalese (cough vtech) means that it is a culture of learning from your mistakes rather than shoving it under the blanket or finding some rogue engineers to blame (cough VW).
Now here is where I should feel smug for internally housing our SVN but I suspect that any outage we may suffer will be quickly blamed on some SAN or switch or someone else.
Tuesday 9th February 2016 21:58 GMT
Re: Simple temporay fix
Simple problem is that customer A doesn't want their queries slowed because of a problem they don't face with their usage pattern. You don't need to be very imaginative to consider a big data analytics required by a small team of researchers for whom allocation of 10s of GB per user is an average day and no problem. They would be hit for 6 with such a change.
It isn't just the slowdown either. SQL server uses locking concurrency control* (usually). Even very small decreases in performance can exponentially increase problems with deadlocks.
* as opposed to MVCC / MGA etc
Submarine cable cut lops Terabits off Australia's data bridge
Monday 8th February 2016 22:09 GMT
Re: yet another reason
obligatory.
To show the doubters out there, here are the first 7 hops with and without VPN (pia in this case) over tpg to NASA.gov . The exercise is left to the reader to work out how these are routed, but the participation of trunk links via Kenya and the involvement of Swiss ISPs should give you some hints.
VPN off
1. 192.168.0.1; www.routerlogin.com; 2.069, 4.426, 4.576
2. 10.20.xxx.xxx; 21.066, 23.260, 24.255
3. 202.7.xxx.xxx; 202-7-xxx-xxx.tpgi.com.au; 25.745, 28.481, 28.636
4. 203.219.35.67; syd-sot-ken-int1-be-20.tpgi.com.au; 30.506, 33.322, 34.271
5. 62.115.49.137; las-b3-link.telia.net; 208.953, 212.432, 212.689
6. 213.155.137.58; las-b21-link.telia.net; 211.422
6. 62.115.116.179; las-b21-link.telia.net; 211.839
6. 62.115.116.187; las-b21-link.telia.net; 210.804
7. 213.155.131.76; dls-b21-link.telia.net; 237.292
7. 62.115.139.6; dls-b21-link.telia.net; 222.407
7. 80.91.254.168; dls-b21-link.telia.net; 223.347
VPN on
1. 10.113.xxx.xxx; 21.241, 23.388, 24.962
2. *
3. 46.166.188.254; 326.402
3. 46.166.190.254; 313.348
3. 109.201.154.254; 314.520
4. 85.159.239.65; 326.518
4. 85.159.239.41; 317.522
4. 85.159.239.77; 317.991
5. 195.22.213.169; ae7.amster32.ams.seabone.net; 324.957, 337.009, 329.025
6. 195.22.216.227; xe-1-0-0.ashburn2.ash.seabone.net; 416.610
6. 195.22.206.2; xe-0-2-0.ashburn2.ash.seabone.net; 402.819
6. 195.22.206.1; xe-1-2-0.ashburn2.ash.seabone.net; 404.017
7. 195.22.206.51; amazon.ashburn2.ash.seabone.net; 474.928
7. 195.22.206.59; amazon.ashburn2.ash.seabone.net; 450.211
7. 195.22.206.51; amazon.ashburn2.ash.seabone.net; 454.509
So is this difference academic or are there real world implications? The answer of course is that it depends. For browsing it is pretty minor. Throughput is limited by my ADSL2 which is in about the worst possible place relative to the exchange. It is measurable but for the most part feels normal. I did a speedtest from a few places. The most noticeable difference was via Seoul where the VPN was nearly 100ms FASTER in the ping test than no VPN.
This is hardly surprising given the detour that the packets are taking. Unless the packets between your home an the VPN endpoint are traversing via Guam, or the backbone of your VPN provider is carried via tpgs private cable, then a break in that said cable isn't going to affect you. Tpg have two choices here. They can route around the fault by using their other cables (as they did in the traceroute above) or they can buy additional capacity from their competing northbound fibre links. No doubt they will be doing both at different times but a lot of that capacity (on competing links) would have been bulk purchased so it isn't always available and unlikely to be cheap.
Sunday 7th February 2016 22:18 GMT
Re: yet another reason
The problem is with the TPG owned cable. If you connect to a VPN endpoint in Australia (mine has Sydney or Melbourne options), your traffic that would ordinarily travel across that cable won't. It will go via the VPN provider infrastructure from that point onwards.
Won't help you in Tassie obviously.
Ducks, Lord of the Rings, movies and maths: The GCHQ Xmas puzzle solutions revealed
Who would code a self-destruct feature into their own web browser? Oh, hello, Apple
Winning Underhand C Contest code silently tricks nuke inspectors
Microsoft's malware mitigator refreshed, but even Redmond says it's no longer needed
When customers try to be programmers: 'I want this CHANGED TO A ZERO ASAP'
Windows 10 will now automatically download and install on PCs
Tuesday 2nd February 2016 02:46 GMT
Microsoft are mad
Where's that program to disable it?
(Don't get me wrong, I quite like it. That is why it is installed on the laptop I want it installed in. I don't want it installed on my media centre box because some Muppet decided to sunset arguably the most family proof PVR and replace it with a DVD player)
No, George Brandis, telcos still don't want you taking the console in their networks
Tuesday 2nd February 2016 02:38 GMT
I don't understand all the hate
This is clearly the guy you want in charge of your networking decisions
Random ideas sought to improve cryptography
Monday 1st February 2016 12:33 GMT
Re: Way back when
> And data derived from a quantum mechanical process are no good, either, if there's any possibility that an attacker might be able to observe the same process or intercept the data
At a quantum level, the observer would collapse the state. They can't passively observe because cloning is impossible.
https://en.m.wikipedia.org/wiki/No-cloning_theorem
Quantum == weird
Why a detachable cabin probably won’t save your life in a plane crash
Sunday 31st January 2016 03:05 GMT
Re: Thunderbird 2?
> how did X get a patent for something they patently did not invent, merely copied from fiction?
You must be new to the way that the USPTO operates.
Step 1 - fiction
Step 2 - Copy and patent the idea
portable display device USD670286
Step 3 - profit
Two-thirds of Android users vulnerable to web history sniff ransomware
Saturday 30th January 2016 02:14 GMT
Re: Building their own coffin
> Google can't do anything about pushing updates to anything except its Nexus devices
I hate having to wait for Dell, Lenovo and HP to push out Windows updates after patch Tuesday.
If the system is modular enough, the OEMs can wreck their users'experience without compromising the OS's ability to be patched.
PS, smart move on the Nexus.
Saturday 30th January 2016 02:07 GMT
Re: Bit unfair blaming Google
> Much of the Google infrastructure, including WebView, is built as apps and updated from the Play Store - to anybody.
Only since lollipop...
And how about that fix for stagefright. Did you get that through play store? Didn't think so.
Look, they are moving the right way but it is a long road.
TalkTalk CuffCuffs 'ScamScam CrimCrims'
Thursday 28th January 2016 08:46 GMT
See what happens when you let people copy/paste?
Biting the hand that feeds IT
