Posts by djack 317 publicly visible posts • joined 16 Jun 2009
I never fail to giggle at it, but 'nonce' is a long established term in the fields of crypto based authentication. It is just a random blob of data that is generated on demand. basically it is unique and unpredictable so it can be used to establish a challenge for proof of possession of a key and a differentiator between different transactions.
As the actual value is irrelevant I guess that the name comes from a contraction of nonsense.
In partial defence of C4 as I totally agree with your thoughts about that other show (which was a totally different set of circumstances) ..
The BBC clearly didn't want F1 and were trying to do so in as quick a way as possible. So C4 picking it up has been a very good thing indeed. Whilst they haven't done quite as well as the BBC did in previous years, their coverage hasn't been too bad and also their live race sessions are broadcast advert-free (which wouldn't happen if a more commercial terrestrial channel picked it up).
With regards to EJ, he is essential viewing in the F1, his knowledge and insight is second to none (I don't believe any rumour until he has repeated it) but in TG he was totally wasted - not that I suppose he minded being paid to travel 1st class on the orient express.
One of my big annoyances is the way that Samsung do updates.
Each update is mandatory and takes an age to install. The annoying thing is that it doesn't check and apply updates while it's in standby, oh no. Clearly the absolute best time to do so is when the user says that they actually want to use it.
Yeah, can have video on deman... Just as long as you give half an hour's notice first.
Me. It means that you can have a neatly wall mounted tv and not have to juggle with remotes etc.
A device that is a hdmi stick and uses the hdmi ethernet channel and integrates with the tv remote viahdmi-cec would be an ideal solution. Unfortunately it seems that no one wants to make one.
That has been the poison-drip from the Murdoch press
Successive governments have been to blame for this and they've allowed the press to fan the flames. Over many years, the blame for anything that could be seen as unpopular (regardless of the issue) has been placed with the EU., "It's not us, guv.. those forriners are making us pass these laws"
A case in point (one of many) is in food hygiene. At some point in the past, the UK gov passed laws forcing butchers to store cooked and fresh meat in separate coolers. This cost businesses a fair amount of money to implemented and caused a fair amount of wailing and gnashing of teeth. The presence of the law was blamed firmly on the EU. As France hadn't yet enacted such laws, some butchers were up in arms about how unfair and unbalanced the EU clearly was.
So... forcing you to reduce the risk of poisoning your customers is a bad thing., and of course you are going to lose business as your customer walking down the high street is going to see the price increase needed to pay for this in your shop (and all your local competition) and then therefore go over to France to get some bacon.
If past governments had grown some balls and pointed out that many of these rules (I'm not saying that this applies to every rule made over the channel) are a good idea and explain why it won't put most people at a disadvantage instead of weaselling out of it then we probably wouldn't have the strength of anti-EU feeling that has lead us to this.
That is perfectly true, but no-one in their right mind* would be running Ubuntu on such an embedded system anyway. Ubuntu != Linux, the operating systems designed and suitable for that sort of role will continue functioning for a long time to come.
*OK, there may be some geek points available for using an industrial system as a desktop, but that's hardly normal.
Of course Cameron wasn't going to invoke, its something that he disagrees with and he's right in saying that someone who does it must actually want to do it and deal with the consequences.
Boris has found himself in the position where his chickens have come home to roost. His political maneuvering has backfired as he sees himself to be the architect of this mess.
I fear you may be unaware of modern firewall design.
Many modern firewalls implement integrated application layer proxies with policy based filtering alongside a stateful packet filter and have done for many years. I know that Checkpoint had limited support (covering http and ftp) at least since version four (released around the millennium), Microsoft's firewall also does it and with Palo-Alto it is very well integrated into the rules-base. I am sure that there are many other examples.
You talk of Checkpoint as being a brand new firewall at the time. If you are going that far back in the day, the other firewalls you were probably dealing with would have been little more than stateless filters, which were leaky as sieves as you had to open huge holes to allow 'return' traffic back from a server (packets travelling to a 'high' numbered TCP port). Checkpoint's big contribution to firewalls is not the friendly GUI but they claim to have invented the concept of a stateful firewall. Unlike the older filters, a stateful firewall monitors the state of connections thus eliminating the need for rules opening up huge holes. The stateful design is used by pretty much all firewalls now.
I was recently watching a series of '24' (other similar shows are available) that featured a device that bypassed pretty much any firewall and network security. My mind rebelled against the proposition (though I persisted as otherwise the storyline and action was good) as the idea of such a device is ridiculous.
The whole 'breakable encryption' brigade is trying to lead us into a world where such a thing is not only feasible but likely inevitable.
"I'm in the same position, but I also recall there is now a charge levied by 123 Reg if you want to transfer your domain away from them."
Not as far as I can see, I've just gone through the whole process (up to the point in specifying the recipient registrar's IPS tag) and there is no mention of a charge.
They are running a two for one offer of some description. It may be that they are (reasonably IMO) asking you to pay for the 'free' registration before moving it away.
You're all nearly there with mentions of junctions an mklink. However, they are the equivalent of hard links, not symlinks.
Hard links exist at the filesystem layer. Symlinks happen at a layer on top. Hard links can only ever link files within the same filesystem but symlinks can cross fs boundaries.
The closest windows equivalent to a symlink is a shirtcut. However whereas shortcuts are provided by Explorer, symlink functionality is in the core system libraries and therefore used by everything.
"for US companies operating in the EU the solution is simply making a sincere effort to abide by the law there."
The problem is that they can't .. at least not without falling foul of US law when the feds come a-knocking. Not that I trust those companies an inch, but giving them all the benefit of the doubt that they have all the will and the right intentions, they still cannot guarantee to conform to European levels of standards.
It is a shame for those companies who are stuck between a rock and a hard place, but it is good that the EU is prepared to stand up to this erosion of privacy.
"So IT people can be petty and vindictive. Wonderful."
Umm, no. IT were just going to leave it with a quiet word so the guy can sort himself out.
Instead it was the user that was being spiteful. He was accusing the tech of deliberately planting an image on the user's machine - an offence much more serious than looking at a bit of porn. Collection and presentation of evidence is very much warranted in case the thing blows up threatening the iccocent tech's job.
I don't normally play with such things in anger, but I did spend a few minutes looking at a HID access control system a few years ago (shared office building and my client was only a tenant, so the controllers etc were inaccessible to me).
Not only was the thing using the hellishly broken Miffare Classic cards, but the system wasn't even checking the encrypted blocks of the card, everything was done on the UID that is read without authentication and sent in clear.
What took the biscuit was possibly the world's most ironic encryption key. The keys when converted to ASCII read as 'HID IS' and ' GREAT'.
"it's like saying the ferrari F12 berlinetta is one hell of a car, so this fiat 500 must be great too."
Not sure what you are trying to imply there as the Fiat 500 is a great car for what it is designed to do. Whilst I wouldn't want to take one anywhere near a motorway, they probably have the Ferrari licked for a day-to-day town-center commute or shopping trip.
Whilst I agree that the quality of previous Tesla cars doesn't necessarily mean that the new one will be as amazing, they have done enough impressive stuff to deserve a little faith.
I thought that the key difference between this device and newer ones is that in this case, the encryption key handling is done in software whereas the newer phones have a dedicated hardware module that (should) securely handle the authentication, perform the encryption and prevent access to the keys.
Attacking a key handling system in the OS is far easier than one which is in hardware.
I think that every hotel I've been in that has fitted 'new' contactless card door locks have been using Mifare Classic cards.
These things have been known to be horribly and disastrously broken for the past ten years. It only takes a couple of minutes to discover the encryption keys on the card. From there it only takes a couple of seconds access to copy all the data off an 'master key' card issued to staff. Drop that data onto a blank card and you can access any room in the hotel
IMO any company still selling these (MiFare Classic - there are many other more secure options) as a security measure should be prosecuted under some form of fraud or gross negligence law.
"How about blocking the entire internet, then you won't see a single attack."
That's precisely what I do. For services where no legitimate traffic originates from the Internet, that whole outside world is blocked. Pretty much anyone running a boundary firewall has been doing that for years. ... which leads me back to my original point, locations from which you are not getting any legitimate traffic can and should be blocked.
It is understandable that website operators will want to protect themselves from attack. When 100% (or near enough) of traffic from ToR is malicious then it seems reasonable to assume that you treat that traffic as though it is hostile.
It is a shame and operators are aware that it inconveniences the (potentially tiny) group of legitimate users who use ToR, but until there is universal support for the evil bit then you have to use imperfect methods to identify potentially damaging traffic.
Similarly, many sites choose to blacklist traffic from certain countries, as none of their users live there and all such traffic is hostile and unwanted.
I love both BrewDog and Black Sheep style beers.
technically, what BrewDog do are more American style* 'craft beet' as opposed to traditional 'real ale'. The differences between them are fairly subtle yet can be highly political - CAMRA seem to have a real bee in the bonnet about this style of drink. As I'm a BrewDog shareholder and a CAMRA member, I sometimes think I should be punching myself in the face.
CAMRA should concern themselves with helping independent brewers respond to the inadequacies of products churned out by the likes of Diageo and InBev insrtead of vilifying other equally passionate brewers with slightly different ideas of what can be done.
* IMPORTANT : This is modern 'American Style', typically highly flavourful and heavily hopped, strong beer as opposed to the swill that many people associate with American beer.
"That is pretty much an argument to then try anyway. You already know "what is the worst that could happen", so any moderately intelligent chance to improve on that outcome is IMHO worth a try."
Oh, most definitely.
Doing nothing = certain death
Giving it a try = almost certain death
As we know from dear departed Terry, million to one shots work nine times out of ten.
I got the impression that this is more of an calming thing to demonstrate how the plane could be landed by a novice to reassure (as the video title states) 'nervous passengers'
Though the proximity of the 'Mic' switch to the 'Autopilot Disable' switch makes me more nervous.
Kind of reminded me of a book (by James May?) that covered amongst other 'big boys things' how to land an Airbus plane. Basically it boiled down to following ATC's instructions of what to put into the autopilot and then if you are in range of a suitably equipped runway, press the auto-land button. As to what would happen if the available airports weren't suitably equipped, multiple experts agreed : Everyone. Will. Die.
In a previous article about security vulnerabilities, I argued that imposing criminal charges for producing an insecure service or product was counterproductive, but there should be serious consequences for flagrant negligence, especially in how the company responds to the issue.
This is one example of where somebody at 'c' level needs to be facing the beak.
This sort of thing could be a very useful way of training the mind and thought patterns. Often thinking about something else let's you gain inspiration about the problem you are actually needing to solve.
Besides, they have already said that the puzzles were designed in people's spare time.
How about some actual useful laws that prevent developers and manufacturers from making mandatory detrimental changes to a product after purchase?
(Yes, I'm still bitter that my PS3 had half of it's functionality removed and was then turned into a karaoke machine, with the option of playing some games)
"Email delivery is unbelievably unreliable and should not be used as a mission critical business tool."
That's almost totally incorrect.
Email is (usually) a extremely reliable transmission method with notification when things go awry. Usually if things just disappear it's because of a fault at the very start of the chain or at the very end - I've seen some mail-servers (not just Exchange) 'successfully' deliver email to a user's mailbox when actually just putting it in the local bit-bucket. This is the email equivalent of the dog shredding your mail after the postie has put it through the door.
When mail disappears in transit, it is usually because some 'intelligent' spam or content filter has taken exception to the message (or error notification) and binned it. This is (IMO) intentional breakage of the system rather than unreliability. It's not the post-office's fault if you deliberately disregard your bills.
If sites or mail servers en-route disappears, then mail will be queued and regularly re-tried. If, after a while (usually several days) delivery is abandoned then an error notification is generated and sent back to the sender.
Mail is designed to be a reliable system. It takes a significant (or extremely unlucky) network and server breakage to just lose mail in transit. What it is not designed to be is instant or even fast. It's a measure of it's success and reliability that many people assume that it is meant to be instant.
If something is business critical, it is likely time-critical and in which case email is not the solution (and should be followed up by a phone call, which is instant) but otherwise it is one of the best methods to communicate in long form.
"While I agree with your sentiment I must point out that some custom ROMs, like CyanogenMod, actually don't execute as rooted by default."
Lucky you. I installed CM11 (or maybe 12) on my Galaxy S3 when Samsung stopped issuing updates.
There seemed nothing that I could do to make the Barclays mobile app to not claim my phone was rooted. I know that there were a few settings to try and prevent the detection of the 'root', but none of it did the trick.
Your manufacturer no longer sends out patches for your device. You have two options..
* Continue using your device for financial stuff and have the whole thing compromised exposing all that data to the bad guys.
* Have a secure device but lose the ability to do financial stuff with it.
Bloody typical.
it's not just Google that has this idiotic mindset, banks do that too with their mobile banking apps.
"But why would anybody want to hack this?"
Yeah, I encounter that attitude all too often. My usual response is to point out that somewhere nearby there will likely be a bus stop with any glass panels smashed up. I admit I can't understand why people do that and then expand that people do nonsensical things for no sensible reason. At that point, realisation dawns in the other party.
It doesn't really help as nine times out of ten, they won't fix it anyways.
... not drinking, that is.
I decided to go 'dry' for the first three weeks of the year and I've surprisingly succeeded without any problems. Apparently you are meant to feel better for it, but I've had more random aches and pains and twinges this past fortnight than ever before.
Glad that I get to have a beer tonight
It and home automation is all well and good, but not when it relies on servers and services from other people. My house is my castlesecurity domain.
That said, problems are not solely restricted to software. My hardware heating timer control occasionally sticks leaving the house cold.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
