Posts by Ross 7

No2AV

AV would just eat CPU cycles and battery life. Plus, as has already been stated, there has been no actual malware for standard iPhones, so what need is there?

I'm not saying the iPhone is immune to malware (I don't know enough about the intricacies of it) but the fact it's so darned popular and has yet to succumb suggests it's at least highly resilient. I'd say cost-benefit would show more grief ensues by having AV than not.

PS - @BristolBatchelor - ummm, no, he's on about signing bins, not data files. It wouldn't solve every issue (the numerous flaws in every single Adobe produt spring to mind) but it would make it much more difficult to install bots after a successful exploitation. You'd need to re-exploit boxes after each reboot.

blah

Re: the Opera bashers - well one browser has to be the best (it being a relative term), and whilst I am not saying here that Opera is the best, whichever browser is has security updates. So really your comments are a fat waste of electrons.

Regarding the alleged security issue with Unite - if you have that problem then Unite is by far the tiniest risk to your system. Anyone that joined the C21st will have hardware firewalling. If you don't then your system (especially a Windows one) is wide open to exploitation by any number of worms.

The biggest issue would therefore be the extra CPU cycles it eats waiting for packets that can never arrive. Anyone got any numbers on that?...

I laughed

I laughed twice when reading this.

1. "One file encrypted using software from the German firm Steganos was cracked, but investigators found only another PGP container"

and

2. "I'll type this slowly for you - there is no proof he got it whilst commiting, or planning to commit a crime" (AC, 24 Nov 09 12:41)

I cried during the rest of it :'-(

fast track

"UK and US authorities are working on a similar scheme to fast-track entry to the UK"

The underside of a lorry from Calais?

rant

1. Keeping a portion of the loan on the banks books

No! That isn't forcing banks to do what made them go bust in the first place. In the first place banks lent out £100 expecting to get £150 back in 5 years. However, 5 years is a long time, and there's some risk associated with it, so they sell the loan for say £120. There, they made a profit nice and fast! Not as much as they would have made if all went well, but good enough.

The trouble with that model is it incentivizes banks to lend shed loads of money to people they know can't afford to pay it back, then sell the loan at a reasonable profit before it goes bad. As long as they can keep shifting debt for cash all is good. Ofc it can't last forever as we saw.

Making banks retain some of the long term risk makes it a less viable option and so they won't do it. it may look very similar (banks got caught with risk and went bust, banks are now to be made to keep risk so they'll go bust) but it's entirely different. Now the banks KNOW they will be retaining risk, whereas before they made the stupid assumption they would always be able to shift it in time. It's all about changing the bankers frame of mind and making them more careful rather than getting carried away like a gambler in Vegas.

2. Hedge funds

Yes, yes they did cause problems. Back before anyone in the Ox and Cart had heard of hedgefunds they did a very simple and valuable task. They mitigated risk. Anyone that wanted to stabilise their expenditure (for example fuel costs, grain costs etc) they hedged. It's kinda (but not very much) like having a fixed rate mortgage. You know what you'll be paying for a certain period of time, but the pay-off is you lose out if the prices drop short term.

Then hedge funds started thinking hey - we're soooo good at this betting malarky! We hardly ever get it wrong. Let's bet shed loads of money on...oops. Ok, we got that one wrong, but we can't possibly get it wrong twi...oh bugger.

The point of hedge funds is stability, not betting on the markets. If they don't focus on their core job then everyone else that relies on hedging to keep their staff in jobs suffers. And everyone hedges. So everyone pays when it goes to pieces.

Dear Lord

Wow, some very poor understanding of copyright law and the judicial process, not to mention a lack of common sense.

As the article says:

The Copyright, Designs and Patents Act (CDPA) makes it an offence to sell or distribute "any device, product or component which is primarily designed, produce(sic), or adapted for the purpose of enabling or facilitating the circumvention of effective technological measures".

The guy was selling something - that wasn't in issue. However the court was asked to determine two points -

1. one of law - does breach of copyright occur when you *play* a copied copyrighted material on a console?

2. and one of fact - if the answer to the previous point is "yes", then is the mod chips *primary* purpose to breach copyright (i.e. to play copied material)?

The court decided that playing a copied game does constitute breach of copyright. The manner of explanation is a little odd, but I promise you, *any* ratio you read is couched in very odd terms. The Plain English Council don't hold much sway on the benches!

To be honest it seems a fair decision - as the court said, each part of the game is copyrighted. That's why you can't just make your own Lara Croft posters and sell them on eBay. Her likeness is copyrighted. You could say the same about the code - any original algorithms are copyrighted (note the difference between copyright and patent before jumping off on one!), and so their being copied into the consoles memory is likely to constitute a breach.

*sigh*

OMFG. So the choice is have hardware based ID and risk big brother showing the slightest bit of interest in you (seriously - you're boring. No one gives a shit about you. I know - you really, really wish they did. That's why you blog/write your deepest feelings on Facespace, but really, no one gives a shit) or stay as we are and risk a bunch of Russians/Chinese/Nigerians taking an interest in your online banking (and they *are* interested)

If you're that worried that you have an interesting life rent a decent VPN, but if you;re just throwing your arms up in the air for the sake of it then please God STFU.

Work on

"We need to make sure that records are properly kept because we need to have precise facts to work on"

By work on does he mean to create an evidenced based policy or "work on" as in "we're still working on your car sir - it'll look just how you want it to by the end of the week"?...

Arms race

Although the fix is far simpler than finding a way to exploit the vulnerability to execute arbitrary code, I fear that yet again the arbitrary code execution exploit will be doing the rounds before the patch.

Doh

"An MPV on the forum confirmed that the software appeared to have unintentionally shut out lots of WHS customers"

I bet it was a Renault Scenic. They're always talking like that...

Opera

I do use Opera, but mainly because the last time I used FF it was pretty poor in comparison. Then I just stuck with it.

The adblock thing is do-able, but I totally agree it's much more work than on FF. If they sorted that out it'd be great.

I don't really care about source code availabilty - if you want to know how it works get a copy of IDA Pro.

As far as I can tell the main web exploits tend to be PDF/SWF related anyway, so regardless of which browser you use I;d be more worried about keeping your PDF reader and Flash player up to date.

Eh?

Paradise seeking XP die hard - wtb superglue. Gud money paid!!!!1!!! /w me nowz

Who votes on these things?

Seriously, the x-ray machine? If you look out of your window, what do you see? x-ray machines? No, you see production cars. What do you see if you look around your room? Mass produced cruft, that's what. Just like the Model-T.

And as has been pointed out, we did not invent the DNA double helix. Nor penecillin either. Although the *discovery* and subsequent farming of it has had a massive impact on our world.

You'd think they'd have the electricity generator or fertiliser in there...

Poor management

Gotta say, as awful as EDS are (and they are truly awful), it doesn't help when their clients don't specify their requirements properly. That's a recipe for massive cost increases and delays.

Personally I think for large projects like this the project management should be done in house, everything else should be contracted out in little sections. Pay someone to do the design work (properly), break it down into lots of black boxes then tender for each black box. All of a sudden you have hundreds of possible contractors fighting it out to produce the best quality at a reasonable price, instead of EDS and Fujshitsu deciding who gets to eat at the trough this time. It also makes it really easy to terminate contracts as you only need to resolve one small area, not the whole darned project.

However, as that means less money for certain people that ain't ever going to be the case.

PS - the SRO had *no* project management experience?! Seriously?! Forget sacking him, what about the HR numpties that employed him? Christ on a bike...

Touch is ok

I eventually gave up on my K500i a couple of months ago as the joystick thing was getting dodgy (understandably) and got an LG KP500 "Cookie". Cheap as chips but the touch screen thing seems ok to be honest. Capacative would have been a nice improvement but for the money you can't complain. Oh, and a battery that wasn't designed to be used in a Casio watch...

I guess like all such things it comes down to UI. Once you make it more like a PC experience ppl expect more. I personally dislike the iPhone on the grounds it's the size of a shoe box (and I ain't paying a grand for a phone for 18 months*), but the UI is pretty nice from what I've seen. The Nokia 5800 (?) seems to be quite nice as well.

The main attraction is probably the screen size. All that shiney looks nice, and finally makes web browsing (almost) bearable. Touch screen also makes it far more PC-esque than half a dozen keys.

-------

*until we get hyper inflation in 6-10 months of course. I should start shorting the £ now...

Possible sec issue?

Can't wait for the first worm/trojan to make use of that bit of code in its payload!

@Displacement Activity

I like your comment, but have one point to make re: no net thrust (I'm not saying there *would* be net thrust...)

"he ignores the fact that the radiation impacting on the narrowing waveguide also gives a lateral thrust to the right. In short, the two endplates are effectively the same size, so no thrust"

I thought the same thing - if you view either end in 2d you'd see the same size target. However, a proportion of the narrow end isn't "as perpendicular" (for want of a much better phrase) to the wave as the end plate. Throw Pythagorus at it and you should see a slightly lower rightward thrust due to this (i.e. the photons "glancing" off the narrowing section).

I still struggle to understand how photons that are reflected and retain the same energy content can produce any thrust - you're creating energy. However, that's probably why nobody pays me to do physics :)

omfg

Oh dear Lord. Everytime I see the argument that weed < tobacco I want to kill someone. Wtf do you smoke weed with? Pixie dust? You may as well say water < alcohol so my scotch on the rocks is going to do me no harm. If you imbibe both things together you're going to get the benefits and harmful effects of both.

Saying that I don't have an issue with them legalising pot or reclassifying it as class C. As long as the reeking smokers stay the hell away from me I'm happy.

You can argue about the risks of tobacco and alcohol all you like, but all you do is risk those being banned too. Tobacco is getting there here in the UK, and in 30 years time I'll be surprised if alcohol isn't headed the same way.

Big fish

To be honest, I don't see the rights holders paying to send letters to each and every dodgy downloader. They'll just hit all of the big fish that download crazy amounts of stuff. All El Gov is doing is moving the actual coal face work to the people that want it to be done. A bit like you and I campaigning for zebra crossing to be put in and the Council handing you a bucket of paint and a roller and telling you to get on with it.

The difficult bit is what is actually illegal? I hardly P2P anything - the odd ep of tele now and again. This weekend I d/l'd eps 1 and 2 of Dollhouse S2. However, that was after checking scifi.co.uk for an iPlayer type app. I pay to get SciFi UK via Sky, so I don;t see it as dodgy in the slightest. If I had recorded them onto VHS, DVD, HDD it would have been fair use. The fact someone else did it for me and I watched them later should still come under fair use, but I bet the copyright holders would argue otherwise.

Physicists

"a nuclear weapon that fails to work is actually somewhat safer than one that works as expected"

However, a nuke that works unexpectedly is rather more dangerous! Left a bit, left a bit more, just a tad *BOOM*

The bit that worries me is that physicists are the worst type of scientist for going "hey we have this model of X which is almost 100% accurate. It just doesn't take account of Y. Other than that it's perfect!". Gravity? We've heard of it.

It's fine for most things, but whether or not your stockpile of 1000s of nukes is safe to maintain is maybe not one of them...

Still, I look forward to the home version. Real time radiosity may well be just around the corner.

Re: Really?

> What people who have something to hide don't use encryption already?

That's the point. At the moment anything encrypted looks interesting to the spooks and there is probably some value in analysing it. If every Thomas, Richard and Harold starts using encryption then the signal to noise ratio starts to worsen and even finding the interesting encrypted streams amongst the camcordered versions of Tom Hanks latest becomes a nightmare.

Facebook is a useful tool insofar as it allows spooks to very easily piece together networks of people just by monitoring port 80 traffic. It's cheap to do and doesn't involve hacking Facebooks servers etc. If you know person A is a person of interest, you know he has 2 Facebook profiles, you can just watch the streams of Facebook traffic looking for his "friends" and group memberships. Not all of those will necessarily be persons of interest too, but it gives an easy starting point to go digging from.

Personally I think increased use of encrpytion is inevitable. The spooks need to get used to the fact and change tack. They've spent far too long idling by whilst the huge computer in the corner does the work for them. That ain;t gonna work soon, and they should have been planning for this a long time ago.

No surprise

Ah, Government and stats.... To be expected really. Especially as 99%* of your Sun readers have as good a grasp of stats as they do of hydrodynamics.

It will *never* happen under NuLab, but the best bet for everyone (and I do mean everyone) would be to license brothels in non-residential areas (say industrial parks), crack down on street walking, and provide NHS health checks for all the workers.

You get the prossies off the streets (mainly), remove them from their drug dealers/pimps (not that I'm saying all prossies are druggies, but the most vulnerable tend to be), get a small amount of income from licensing, get a larger amount in tax/NI and keep as many law abiding folk as possible in good health (taking or giving money for sex ain't illegal in the UK. OK, in England and Wales - not sure about Scotland so can't comment there).

Of course El Gov has no interest in protecting its population - just subjugating it, and with that pseudo-Nazi HH swinging her weight about it'll never happen.

*made up hugely inflated number

Re: different case

Israel having nukes and a few satellites is a whole other kettle of fish to Israel *making* nukes and advanced satellites. Make no mistake, America isn't Israels friend. It merely gives it the tools to do Americas bidding. Lord forbid they should be able to stand on their own two feet and ignore America.

Personally I don't get the issue with nukes. The material science is a bit complex what with UF6 being kinda "tetchy" , but t***ing two 8Kg lumps of U-235 together a few hundred feet over Tehran ain't rocket science (ok, so there's *some* rocket science involved in getting over Tehran...)

NN is insane

Networks need managing, whether they be data, voice, road or whatever. If you let anything happen at any time on your network, and it's relied upon by *lots* of people you can guarantee that all hell will break loose and productivity falls.

The easiest way to illustrate it is to have every London Borough cease enforcing parking and moving traffic contraventions for a month. See how business fares then. Not very well obviously, as everyone will be doing what benefits them personally without regard to everyone else. Lord forbid you'd need a fire engine...

The movement of data is vital to so many businesses today. How do they guarantee it? They pay for it. You can't do that with NN, because nobody can provide any better service than anyone else without a dedicated line.

The best solution IMHO is to have networks properly managed, and legislate to force network providers to publish (on their website, with a prominent link on their index page) their traffic shaping and other management policies in plain English. That way, everyone can compare and contrast, and make their own judgement on who they want to pay and how much to get the service they prefer.

If there is no company providing the service you want, well that's what we like to call a gap in the market - a buisness opportunity.

The hippy crap about free networks is just that - crap.

Beautiful

You log into a wireless network named "blahblah_secure" - it *must* be secure right? It says it on the name!

lolz. There's only one thing you can trust to do what it says on the tin...

Pedo = criminal, but criminal != pedo

Slight correction - the machine doesn't make anyone a "pedo". That implies that they love children (in an improper sense I presume). It does however make them a criminal, thanks to NuLabs affinity for strict liability offences.

Basically one of Tonys (wifes?) mates said "oh noes, getting convictions is taking up too much of my golf/bar/"massage" time, 'cause I'm having to work to prove intent!". Tony then discovered strict liability offences and now mens rea is out the window and the police and CPS have an easy job of it as they only need to prove that an action took place (or didn't, depending on the offence).

Now it's come back to bite them - I'd laugh if it wasn't so retarded.

Making it worse is the CPS holding possible charges over people so that their overlords can apply pressure when they want. A prime example being the assisted suicide issue. They won't change the legislation as that removes power they currently wield. No, they tell the CPS not to prosecute unless they don't like the person for some reason.

Alternatives not well known

The lass broke her works laptop (she claims it just stopped working...) and it seems her IT bods don't actually install half the software required for the job by default when they do a HDD replacement. So, she went to install Reader - cue slow mo' shot of me going "Noooooooo!". You wouldn't believe how dificult it was for me to convince her to go with Foxit instead.

The trouble is nobody has heard of the alternatives, and even if they have, trying to explain why they should use one rather than the crap pumped out by Adobe invariably results in a shrug and "So?".

People need to be taught the value of diversity - it's the same in IT as in gene pools. If we're all the same, some disease/exploit comes along and it's goodnight Vienna. I use Opera and Foxit not because they are the best in their respective fields but because nobody is going to pay a blackhat to design an exploit for them - the RoI just isn't there. I'm therefore a lot safer than the masses just by picking another (free) tool to do the exact same job as IE or Acrobat.

Can't blame 'em

I can't blame the Police for wanting the speed limit lowering and adhering to. It's the Police that tend to be the first (professional) people on the scene of a road traffic accident, and having to witness some poor soul having been "assimilated" by a car because some dip-**** was driving (a) like an idiot and (2) too fast isn't something anyone would aspire to.

I agree that road safety design is more than just speed restrictions, but speed restrictions *are* a part of it. To say "oh speed limits alone aren't enough so I should be able to ignore them" is plain retarded.

The argument about increased vehicle safety holds no water either - I can easily prove it by driving a Range Rover Sport into the back of you at 70MPH whilst you ride a bike. Whilst the guy (and let's face it, it's usually guys) that's speeding can shake himself off and walk away from the crash, the same doesn't necessarily hold true for the poor bugger that they hit.

The delays and hassle on the roads are often the fault of idiots driving too fast and having to anchor up, or push their way into another lane at the last moment. We've *all* seen it a million times. If everyone is driving at the same speed or thereabouts due to average speed checks then that doesn't happen (I speak from experience of driving down to Braintree - I'd never seen avg speed cameras before and was amazed at the compliance and how smooth it made the drive).

Anyone that thinks it's "taxation" can easily avoid it by following the bloody speed limit. It's not like you need to employ an accountant...

Worry *for* the cat, not about it

"never ever leave a cat alone with a child under five"

Presumably for the safety of the cat - ever seen a young 'un "caressing" a small animal?

And as has been pointed out it's a cross breed rather than a chimera as they are capable of producing fertile offspring and so are the same species. How you go about mating the two without the domestic cat ending up as lunch is an interesting point though...

I wouldn't be too worried about them mauling the local wildlife. For one the local wildlife here is seagulls, so it's 50/50 who'd win, and I'd prefer the uber-chat anyway. The other reason being if you paid 6 grand for a cat are you going to (a) keep it locked in doors, or (b) let it run the streets and end up on eBay? Exactly.

OS job to hand-hold

First of all I'm not dissing *BSD here (or any other OS for that matter).

However, that said I find it amazing that in a highly networked world the OS doesn't shield itself from poorly written binaries. With C++ being so prevalent you get pointer arithmetic being used left, right and centre. By combining ASLR with prevention of mmap'ing below the first MB or so an OS can make arbitrary code execution a statistical improbability.

Instead though we live in a world where an attacker has a decent idea of where their exploit code is going to end up and a relatively simple way of getting it executed.

I know that developers don't want to spend time fixing other peoples problems but kernel development is rather different to anything else - it's your job to hand-hold the processes running on it. If you don't then some 9-5 drone programmer working out of Bhopal is going to make your OS look crap when it gets pwned via an exploit in his code.

Workplace OS is about the apps

MS don't seem to understand the large organisation and its IT needs. I work in a large public sector organisation. We run XP across every desktop - we got IE 7 and SP3 only 2 months ago.

We don't actually care what OS we have, just that every single machine uses it (and the same version) and every single app runs correctly on it, and is supported on it. It makes life reasonably painless.

If MS want W7 in the workplace then they need to spend the pennies on ensuring *all* of the business apps used by large organisations are supported on it. That just ain't the case right now, so IT depts across the world just carry on as usual with XP.

ASLR vs number of reboots

Wow, just wow. The fact that you only reboot once a month does NOT mean that ASLR is worthless. If you think it does then please stop reading any of the security articles, or at least stop posting comments on them.

If you *never* reboot your OS it's still massively advantageous to have ASLR because at least that way your Mac has a different memory layout to mine (and everone elses) so it's not possible to use the same code to exploit more than one machine. It's the stable environment that makes mass exploits possible - ASLR removes that stability and is valuable for any OS.

Title

"It's a shame that Opera only quite recently dropped its fee based approach if you didn't want the advertising sponsored version of its browsers"

Eh? I can't even remember when they dropped the advertising banner - prolly 2000-ish. Certainly was a long time ago like. The original fee based approach prolly didn't help initial take up mind and gave FF an opening (which is the only reason I can think that people initially went to FF 'cause it was awful to begin with)

Not sure about the memory leak - I run Opera on a 756MB 1GHz Athlon under Win 2k and have never noticed any resource hogging either in Taskman, increased paging or general slow down. When you run with less RAM than a netbook you tend to notice memory leaks. The alleged 40% speed increase will be nice if it does pan out though. Anything to avoid me having to enter the C21...

Oh well, as long as they keep chuntering along making decent, fast, standards compliant browsers I'll be happy. Roll on September...

It worked!

My time machine works! Muhahahah....

Oh, wait... What do you mean it's still 2009?

Why oh why?!

Wow. *More* money?! I don't know why the airforce get to spend so much of our money on toys like this, when it's hardly practical for them to use it.

The B2 has a cruising speed of 830 km/h, so the bomb will break the sound barrier approximately 25 seconds after being released. Stealth planes tend to fly subsonic when they want to be uber stealthy. A 14 tonne lump of metal going sonic boom 25 secs after you pressed the big red button is going to enable your enemy to determine where you are reasonably accurately.

Even worse, you also have the problem that the bomb is going to show up on milli wave radar like an effing Christmas tree. There's nothing your enemy can do to stop the bomb, but they can pinpoint where your billion dollar plane was when the bomb was released and have a damned good try at breaking it.

Why the hell don't they just build a missile they can fly up to about 15-20km before it drops out of the sky and puts a hole in a baby food fac...errr....nuclear research facility. Stick 'em on a boat, use satellite intel to target (it's not like underground bunkers move around that much) and forget about risking flight crew and billions of dollars of high tech gear over enemy territory. It'd be cheaper to boot. But oh no, we need our kewl-laza-guided-bombz footage for the tele don't we?

Eh?! Is it 1990 again?

First things first - networks ain't my thing.

So, that said, I thought ARP poisoning went out with hubs and perms? So that would require the box to be plugged into the same network segment as the camera (somewhat more difficult than just binding to the network at any given point).

It's a nice excercise, but hardly ground breaking or particularly worrisome. If people are in your roof space patching your cables then your CCTV isn't top of your "oh dear Lord" list. It just proves the old point about physical security (notably that if you ain;t got it you ain't got *any* security) Nice party trick all the same.

It'd be nice to see a remote exploit of it - now that would have value...

Hydrogen production

Hydrogen production doesn't need to use any electricity at all, never mind lots. There's no need to break the 2nd rule of thermodynamics either. Chloroplasts have been doing it for billions of years using only sunlight.

Personally I don't like the idea of sitting on 1Kg of hydrogen whilst surrounded by a plastic box, but that's a survival instinct not an environmental or technical feasibility issue. I do agree that we're going to have to get a decent amount of energy from renewable sources though (or at least the sun - who cares about where the leccy is coming from when the sun goes out/swallows Earth) but I don't think current thinking on hydrogen tech is the way forward.