99 posts • joined 14 Jun 2015
The EU vs US?
The problem here is that you have an EU entity trying to enforce its laws on a US company. The quote "Given that US law doesn't really address consent for cookies and the FTC is kind of wishy washy on it, the MoU would be about as much use as a chocolate teapot in this case." pretty much sums it up in this case. A case could be made for reputation, but they have to pay the bills somehow. Besides, EU law does not apply inside the US just because the EU says so, especially if laws conflict. This was more or less resolved in previous cases (Yahoo!, France). The same thing applies the opposite way as well (Well, it should). Although nobody could blame you for thinking otherwise with recent developments like the CLOUD act here in the US where US Law Enforcement can force a company to turn over data which is stored on foreign soil (Microsoft, Ireland), which in my opinion, is a violation of the foreign nation's sovereignty. Time for me to grab my jacket and hit the door.
One other thing... From a technical perspective, you *MUST* have cookies if you log into the site. As a developer, HTTP/HTTPS is a stateless protocol. So you have to have cookies to maintain user state on the server. So basically, if you don't agree to having cookies set on your browser, then you are not going to be logging into a website. That's the short and long of it from a technical aspect. PHP doesn't really give you any other option, unless you handle the session state yourself, but you will still need to have cookies to keep track of it.
We asked the US military for its 'do not buy' list of Russian, Chinese gear. Surprise: It doesn't exist
There is...or used to be...
There is or was a federal law on the books that goes something like this: "Products purchased for government user must be bought from US companies." or something to that effect. So a list like this is probably classified, which means el Reg can FOIA it till they are blue in the face and they response will always be "We can neither confirm nor deny that any such list exists."
Frankly, I'm quite surprised they didn't outright ignore your request.
'Pure technical contributions aren’t enough'.... Intel commits to code of conduct for open-source projects
Respect is given where earned
I am from the school of thought that respect is earned. In general, I respect people until I have a reason not too. If this offends someone, then they can go kiss my hairy white ass. The whole feminism and SJW special snowflake thought police leaves a bad taste in people's mouth. Before it was about bullying...now it's against people who hurt other people's feelings.
Well, I say get used to it. That's life. There are always going to be assholes out there. In places like California, we are growing people who cannot function unless they are wrapped up in bubble wrap. Any slight to their fragile egos and they start crying "Whaaah. You hurt my feelings. I want my safe spot." I'm sorry, but in this world there is no safe spot, which means that these people will be facing a very harsh reality.
But can it fix coding bugs that cause security holes?
Alexa heard what you did last summer – and she knows what that was, too: AI recognizes activities from sound
Not too far off....
I can imagine that in the not too distant future, when you are getting frisky with your significant other, a package gets delivered which contains...adult...play toys. Or, have a telemarketer call you to pitch some new IoT connected 'stimulating' device. Um...no thanks. The knowledge of some activities should not be leaving the bedroom.
Considering that this guy published STOLEN documents belonging to the United States Government (confidential, secret, top secret), I support the move to have him brought here to the US to stand trial under espionage charges. He published over 250,000 diplomatic cabals between the State Department and our embassies, now there's the whole Vault 7 thing which consists of communications, documents, and source code that was stolen from the CIA's internal, air-gapped network. This guy needs 'el Chappo' Guzman as a cell mate.
Personally, I welcome his current accommodations. A self imposed prison sentence at the hands of a foreign nation. If more criminals could be like him we wouldn't need jails.
One other thing. The UK says they will arrest him if he leaves the embassy. The question becomes what if Ecuador grants him diplomatic immunity? Or if they sneak him out? Surely the UK is not searching diplomatic vehicles. They could smuggle him out to an undisclosed airport and send him to Ecuador.
What really needs to happen is a complete redesign of how networking works. Many of the protocols that we currently use were developed in the 1960's and 1970's. In that period, ARPANET as it was called back then, connected universities and military installations together. Because of the caliber of the users back then, security wasn't a forethought, or an afterthought, for that matter. Fast forward to today, and much of the security that is now in place is patch after patching patch of bolt-on fixes for newly discovered vulnerabilities. DNS is no different. So we need a redesign of networking protocols which implement security from the start. However, 40+ years of code will have to be scrapped for that to work, which I do not see happening any time soon.
As a developer...
As a developer myself, it's nearly impossible to ship software that is bug free. The best that you can do is just check your input and make sure that it makes sense. I write operating systems, so there is a level of expertise that is required that most other developers do not have, and the security implications are more serious. For an app developer, a security hole can compromise a user. For a system software developer like myself, a security hole can compromise the whole system.
In Soviet Russia...
In Soviet Russia, you do not perform Q&A on the software, the software performs Q&A on you.
Downgrade to Oracle...
"If so, the hackers had seen fit to install a full version of Oracle too, which struck me as a little cruel and unusual, even by the low standards of your average cybercrook."
Well now, looks like I'm not the only one who considers Oracle a downgrade.
There are several problems with this. Let's go down the hit list, shall we?
1. As the first commentor stated, trust in IoT is dead, and for the reasons given.
2. IoT devices are made to be cheap, get flung out the door quickly, with security as a second though.
3. The reason behind #2 is every manufacturer wants to be first to market with a device, so the software people don't have enough time to fully test and secure the product before it is shipped.
4. The average lifetime of an IoT device is about (guestimate) 18 months before manufacturers no longer support it.
5. This bill, although it is a step in the right direction, is misguided for several reasons. Those are enumerated below:
5a. Most of this hardware is manufactured oversees, which means that the law won't even apply to most.
5b. For those who do manufacture the hardware here in California, you are going to significantly increase the costs to the manufacturer. They will need someone to program a password into each device (or generate one automatically), and then print more, unique documentation because now the passwords between the devices are different.
5c. Hope that the person who is typing in all these passwords gets it right.
6. How are you going to enforce this? Have the state become a nanny? More so than it already is? Sorry, I'm tired of the nanny state. I don't need Big Brother telling me what I need to do to improve the security of my devices.
A much better way to do this is to educate the public on the security issues. Make it part of the public school education curriculum. That way, everyone will at least be aware. However, that will not help when you have a IoT Tea Pot with a default password of 000000 that cannot be changed...
Serverless huh? For who? That is just the current industry buzzword that is floating around. There is nothing new to see here folks. What the buzzword really means is that you have to pay money to host your data on the cloud. That's where the server is.
Sunny Cali goes ballistic, this ransomware is atrocious. Even our IT bill will be something quite ferocious
It was the Russians.
It was the Russians I tell you, the Russians did it!!!! They are getting back at us for the election hack...wait...they did that to us... Nevermind.</joke>
Probably not, but it was still fun.
#1 Programming Language? Think again...
Our programming language is still number one, insists database goliath.
I disagree. Java is a piece of shit language with delusions of grandeur. It thinks it's a real programming language like C++, but when in fact it's the schoolyard bully, and it fails even at that. It's slow and cumbersome. It's only saving grace is that it is platform independent.
I'm more interested in the fact that hackers were caught installing vulnerabilities directly into the source code and very few people are noticing. The ones that have been reported are probably the tip of the iceberg. That is one of the big issues with open source, when everybody is working on it, who is vetting these people and making sure that they are not doing something nefarious? Brings to mind "too many cooks...."
Re: These scammers do not like me.
Oh, it's hilarious. It's been my new form of entertainment for about 3 months now. I learned how to do it by watching youtube videos. Some have links to the tools that they use too.
These scammers do not like me.
Why? Because one of my hobbies is to trick them into thinking that I am in need of their 'services' when in actuality, I am scamming them. The longer they stay on the phone with me, that is time they can't scam someone else. In some cases, they downloaded and ran programs off my VM that they were connected to and ended up destroying their computer. WannaCry anyone? Hey, if they were legit, they wouldn't be downloading fake word documents titled banking_details.doc.exe with the extension hidden and a word doc icon.
These fake tech support scammers will syskey your machine and then you have to pay $200-300 to to get the password to unlock your machine. That is how they make money. And a lot of them use iTunes gift cards, and they are mostly out of India...at least that's been my experience.
Maybe, just maybe...
Maybe, just maybe he was using the telescope to spy on naked kids taking a bath through their bathroom windows. With a telescope that big, you could almost see through walls.
I second the concerns raised here. Malware is rampant on computers these days, especially Windows PCs. Yes, the IP addresses that they have are the ones that attacked them. However, was it the person who is actually sitting at the computer doing it, or was the computer commanded to do so because it belongs to a botnet.
These guys do know what a botnet is, right?
A valid defense is that when the machine is examined, if malware is found, then what? Are they going to continue to sue an innocent person who had no idea that their computer was infected?
"You were complacent in the attack because you allowed your computer to participate in it, even if it was without your knowledge and/or consent."
That will go over real well in the courts and the media.
They failed again...
So why is it the application developer's responsibility to mask this information?
Netowrking is system level information that only the system should be aware of. Giving the responsibility to keep it private to the apps guys is like putting the personal details of government employees on the web and hoping that China/Russia won't steal it. Because as we all know, not app developers are created equal. This is a big glaring security hole if you ask me.
There's been some cases dealing with similar issues that have already been decided. The cases are as follows:
A copyrighted file is a copyrighted file regardless of what it contains. However, APIs are key for interoperability and should not be copyrightable. As someone else said, if SCOTUS rules that APIs are copyrightable, then all software development will be driven out of the country which will bring the country down. There are literally hundreds of thousands of independent software developers out there whose livelihoods are being threatened by this decision.
Microsoft's *REAL* Response
That Microsoft Guy:
You are all mistaken. What is referred to as the ALPC bug is actually an obfuscated feature that we put in at the request of the NSA. It allows a user to gain system level privileges without having the the password to the Administrator account. It is to be used by users to perform admin tasks on the machine without actually bothering the admin. Eventually, we plan on expanding this feature so that the end users will be able to administer the networks they are connected to without needing a password. Therefore, lazy system administrators will be rendered redundant and can be laid off saving the company the unneeded expense of paying a dedicated person to administer the network.
So what can possibly go wrong?
What will it take?
What will it take to reign in these greedy corporate bastards? Someone dying because of their action or inaction. Granted, in THIS case, Verizon owned up to their mistake and made a public apology. Thank God nobody was hurt as a result of their screwup though.
However, during the late 1990s, US West (before they were bought out by Quest Communications) had a work stoppage (aka strike). During that strike, 911 service went down and a 9 year old child died as a result. The next day the FCC told both US West and the Union (Communications Workers of America) that the strike was over and ordered the workers to return to work. US West was almost fined into the ground for that because ultimately, it was their responsibility to maintain service.
This smacks of a security flaw caused by a lazy programmer. In fact, either it's someone who is lazy, doesn't care, or they do not know how to fix the problem since it was first reported to Wordpress Feb 2017.
The simple fix is do not allow regular users to upload. Leave that for an administrator. Problem solved.
Interesting, if anyone downloaded it, it should be popping back up pretty soon. Now that they have done this, they will never be able to take it off the net.
AT&T stock has been stinking lately. Now it's going to stink even more regardless of the outcome of this case. Time to move my investment somewhere else. Oh, and stinking is not a city, county, or state in the USA.
Seriously though, AT&T has had problems with employees in the past who took bribes or did not follow procedures which then enabled further security breaches. The person who did this will most definitely lose their job, and may even face prosecution if it can be proven that they took a bribe. ASSet Protection (also known as Corporate Security) is staffed with former FBI agents who conduct these investigations internally.
I have a few stories if anyone is interested.
One company that I do not see at all on any list is AT&T. I have AT&T Uverse and the quality is pretty good, and good customer service. They aren't cheap though. They are using IPTV with custom set-top boxes, so you have to get the boxes from them, but they will replace them on a drop of the hat if there's a problem. And the internet service, although slower than Comcrap, has better performance during high congestion periods.
However, to be fair to the cable companies, the bills are high because the cable channels that are carried charge the cable companies to carry them. This is especially true for sports channels. The cable companies only own a handful of channels. The rest are owned by media conglomerates such as Big 10 Networks and such which charges an arm and a leg. They charge an outrageous amount for each registered subscriber. I don't really watch sports, but I have to get it because the FCC killed off the 'al-la-cart' proposal because then nobody would get smaller TV stations and they would go under. I don't speak Spanish, I don't watch sports, so those channels are useless to me, but we are forced to pay for them anyways. So the high prices it not entirely the cable companies fault. I know, because I used to be an insider...which leads to the following:
Disclaimer: I used to work for AT&T.
With this news, we will soon see Winnebagos flying around in space.
Facebook insists it has 'no plans' to exploit your personal banking info for ads – just as we have 'no plans' to trust it
Well now, I can safely say, that here in the USA, that won't happen (for the time being anyways) because there a quite a few laws on the books that say that banks must keep your financial information private... I guess nobody told Experian this when they got hacked last year.
Not legally binding...
Unfortunately, for the EU, any court decision against ICANN is not legally binding. You have to sue them in the district where they are, and that means the USA. I can see ICANN eventually just disallowing European registrars from registering domain names, which will kill the internet in Europe.
With these policies and it's own obtuse and arrogant behavior, Internet governance should be taken over by the UN-UTI or even the World Network Council (WNC).
Either that, or put ICANN back under the direct purview of the US Government.
The story of Eta Carinae
Eta Carinae has an estimated mass between 90-120 M☉. Unlike our sun which will for a white dwarf and a planetary nebula, Eta Carinae will go out with a bang: A Type II Supernova. This type of supernova is a core collapse supernova. What happens is that the star rapidly burns through it's fuel to offset gravity, forming heavier and heavier elements until it starts making iron. During the nucleosynthisis process, the elements form shells around the core, similar to a Russian nesting doll. This is due to the fact that the specific gravity of the elements in question have a certain density. Since Iron is the heaviest, it sinks all the way to the center of the core.
Iron will fuse, but it will not produce energy when it does, so the star is robbed of the energy it needs to support itself against gravity. Then the core collapses. If the core mass is > 1.4 M☉ (the Chandrasekhar Limit), it will form a black hole. The star is then eaten from the inside out, and the black hole will spin up rapidly, throwing matter out through the poles at very high temperatures and energies (aka the gamma ray burst). To produce gamma rays, the matter must be heated up to billions of Kelvin.
This is a very simplified version of what happens. In case you are wondering, Astronomy is an interest of mine and I have taken a number of courses on it. In fact, Type II Supernovas was the subject of my thesis paper in my writing intensive class which was Astronomy. So, when it comes to Astronomy, you probably could group me in with the boffins.
Re: Add-on item
"Does it have an option for adding a beverage tray?"
It doesn't come with one, but I'm sure you could use an old CD/DVD drive to add a retractable one.
I find it strange that Intel is holding out until at least September before handing documents over to Qualcomm. That implies that there might be something to Qualcomm's argument that the chips are infringing to some extent.
Now why is QC suing Apple for patent infringement again? Apple didn't make the allegedly infringing chips, Intel did. So why isn't QC suing Intel instead for patent infringement? In my mind, going after Apple who just uses the chips is libel to backfire right on QC's face because then you have to prove that Apple knew that those chips were infringing. Proxy suit?
I don't particularly like Apple or their viewpoint, but I'm with them on this one. QC should be going after Intel.
Re: Too late
Well, the Bible is a real book (As is the Koran and the Torah), and churches are a real place (as is mosques and synagogues). However, Christianity is a religion, and so is Islam and Catholic. I can see that .catholic is a strange one because that religion is centered around what the Vatican (which is a separate country in and of itself) says and does. This is similar to .judaism because Israel is the only Jewish theocracy in the world that I'm aware of.
A few issues
All that I see here are issues with no solutions. Well, maybe one...
1. Fracturing the DNS root system is not a good idea because that is how someone from the US like me, can read and comment on these forums. It will be like the .onion TLD which was never approved but is in use on the dark web and requires a special browser to access.
2. This issue started when ICANN was under the purview of the US-DOC. But now that they are on their own, they have gone completely out of control. If they will not follow their own bylaws, then it makes me wonder if they will follow a court order issued by a judge in a court of law. I know they probably won't if the court is in a foreign jurisdiction, but even in the US...
3. Currently, ICANN's regulations that the registrars must follow are in direct conflict with the laws of some countries. Case in point is Germany, which puts the registrars between a rock and a hard place. Either follow your country's laws and risk your status as a registrar or follow ICANN's regulations and risk getting sanctioned by your country's legal system.
4. The fact that this as been going on for six years already makes me ask the question Why? According to the article, they are disobeying their own bylaws, which a judge in the US should be able to make them follow with a court order. This just demonstrates the abuse of power they are committing since they are no longer under the purview of the US Government.
In the past, I was against making internet governance part of the UN-ITU. However, seeing how ICANN has been abusing their authority lately, that may not be such a bad idea considering that every man, woman, and child is a stakeholder in the global internet which crosses international borders.
Waiting for a response...
"El Reg invited AdsTerra, AdKernel, AdventureFeeds and EvoLeads to comment. We'll update this story as and when we get a response."
And there's some more to add to the DNS block list. I need a full list so I can block all of them. Ad block software not needed, and it's not detectable since it's running on my own server.
Hmm... It sounds like the software is not working correctly with a 95% error rate. All 535 members of Congress are crooks...they just haven't been caught yet. Which means that the ACLU has it backwards.
"Wi-fi uses photons, not electrons."
Neither, actually. It uses radio waves just like most other wireless communications systems not dependent on line of sight (which rules out infrared which is still an electromagnetic wave).
Wrong. It is photons. A radio wave is a photon. Go look at your electromagnetic spectrum chart. Visible light is on it.
"For the Wifi I changed the SSID and set it to not broadcast"
"This provides you very nearly no additional protection."
What if I put a condom over it? I hear that Trojans are the best protection that you can get, and it feels like nothing at all.
So it wasn't...
So it wasn't the face on Mars that's responsible for all that dust then?
Man, I thought it really was the aliens.
What right does Google really have to dictate to independent websites on what protocols they can use? Especially on an intranet where both endpoints belong to the same entity? This is Google becoming the North Korea of the internet.
As for getting a cert, just self-sign your own. That's what I did. I became my own CA and rolled the cert out to all machines on the LAN. It's a pain in the arse, but what can you do when you have a company who thinks they can dictate internal company policy.
Time to dump Chrome and go for a different browser...I hear that Opera is pretty good.
Crypto gripes, election security, and mandatory cybersec school: Uncle Sam's cyber task force emits todo list for govt
In other words...
...God forbid that the average citizen has the ability to lock down their data so that spooks, spies, and government agents on fishing expeditions (or otherwise) cannot access it. After all, a citizen who can enforce their privacy rights is an enemy of the state, right?
Or to paraphrase a quote from Putin in The Hunt for the Red October "Privacy is detrimental to the well-being of society..." or something like that.
The Georgia one is a real winner. You cannot get the official state code without paying US $23,000 or some outrageous amount for it because it's copyrighted. I can see it now:
Defendant: Your Honor, I had no idea that there was a law saying that I could not do that.
Judge: Ignorance of the law is not an excuse.
Defendant: But your Honor, how am I to know what the law is if I cannot get access to the text of the law? It's not available publicly, and I can't afford the fee to get access to the law.
Judge: Not my problem. Ignorance of the law is not an excuse.
The big issue with this and cases like this one is that it fosters secret laws and the double standard. The law must be available freely to the public. Otherwise, you can end up in jail for violating a law that is on the books, but nobody but a select few is allowed access to the books.
Extraditing random people?
I'm not familiar with the Silk Road case, other than the fact that it was on the dark web. Where was the server located? If it was not located in the US, then what authority is the US claiming to have for his extradition?
It is beginning to sound like if a citizen in another country violates US laws, then the US wants to throw them in jail, even if it's legal where that person is.
That was actually my question as well. As someone already mentioned, Qualcomm can go after end-users for licensing fees if they so wish, but that will be very bad PR for them. Assuming that Intel manufactured the LTE modems, shouldn't both be sued? A number of years ago, Qualcomm violated Broadcom's patents and the latter won an ITC ruling that banned the import of devices using the offending chips.
Besides, Apple and their little spat with Samsung, Apple needs to be brought down a couple of pegs.
The Bastard System Operator From Hell
Oh that story brings back memories. It's quite a read. Do yourself a favor and enjoy it here:
And once again...
...we are met face to face with the main issue of software development here in the USA. Companies are so keen to get their product out the door as quickly as possible, testing is either minimal or non-existent. This is why commercial software (even open source in many cases) here in the USA is always in Beta. We write the software. You buy it to have the privilege of testing it for us. If you find a problem, we'll fix it in the next version which you have to also buy.
And it's not just software...it's everything tech. Even websites, as this case has shown.
Atari accuses El Reg of professional trolling and making stuff up. Welp, here's the interview tape for you to decide...
Hey el Reg, you messed up some facts in your article...
This here is wrong: "We made no mention of the fact that there is every reason to believe that Atari's entire enterprise is being funded by hype and that the only way the company can afford to create even its first console is by persuading people to hand over their cash before the company itself has a working prototype."
This is by far not first console with the Atari name. Atari used to make consoles back in the 1980s. The one that most people remember was the Atari 2600. There were other consoles, and even some computers during that time. But then they got kicked out of the market and went to being a software only company. And before someone says something, there was a number of mergers and acquisitions as well.
As for Atari, if they go through the trouble to get an el Reg reporter in there, then perhaps they should have shown more than some plastic. Instead, they just wasted everyone's time. el Reg called them out on it, and rightly so. If they want to get a product to market quickly, maybe they should get in bed with V-Tech. At least then it can be marketed to the Fisher-Price age group which seems to be about the same age/intelligence rating of the current executive staff.
"Atari is so full of crap that it should be labeled as a hazardous waste zone." LOL LOL LOL British humor at it's finest.
Uhggg Another C++ standard?
You know, we don't really need any new features to the language. In fact, there's a few features that probably should be removed. So yes, I agree with Bjarne Stroustrup. Right tool for the job really. I view C++ as the object oriented version of C, and I use C...a lot in my coding since I code close to the bare metal. C and assembler for my work.
C: Low level system stuff such as kernels, device drivers, libraries, etc...
C++: Higher level application stuff (especially on GUI platforms) or when using objects make sense...like the Abstract Syntax Tree that's generated from a parser and is fed into the code generator for a compiler. OOP makes sense here since the nodes are all the same, the data they contain is what differentiates what type of node it is.
Here's a little thing that Linus said about C++. Enjoy.
Re: Didn't get the memo?
Didn't the war with Oh Canada already happen some years ago in the movie Wag the Dog?