Posts by sysconfig 305 publicly visible posts • joined 5 Jan 2010
Seems like a lot of effort to achieve zero savings
That's the bean-counter angle, which does not always work out well in the long run.
The intention, as stated in the article, is obviously not saving money short term (or at all) -- and 5 years is a pretty short term view on that scale.
To be honest, in large projects you'll probably want to use standard libraries as much as you can, because a lot of homegrown stuff will sooner or later reach the "nobody present knows how it works, nobody dares touch it" sort of maintenance category. Or legacy. Bottom line is, a lot of broken and insecure code will stick around once the developers left, whereas standard libraries usually have a lifetime beyond the contractor's or FTE's term.
Sure, crap happens either way, and it's not uncommon to benefit from the power of hindsight and point fingers then.
There's no 100% secure and bugfree software beyond "hello world". Personally I'd go with something that will (or is most likely to) receive future updates.
How often did we end up with one player missing for the weekly session, or dice being lost, or the story just not making much sense. We started over so many times... maybe CDPR should too?
More seriously though, I have been looking forward to this game's release for years. Nostalgia. Hype. Whatever it is. I know I will eventually get it and might have already if it had been released on schedule. But the constant pushing of the release date did not make me very confident, to put it mildly. The first reports and reviews did nothing to change that either, to the contrary! I'll just wait now until it's on sale on Steam. Maybe I'll have a new PC by then and can get a much better experience altogether.
I already determine everything that happens in this Universe including it's backstory. (Well, not exactly as I used a template.)
Universe As Code? Universial DevOps?
Put that Covid bug fix in the release pipeline, then!
They're not changing the rate mid contract. They are ending it by normal means (notice period) and will then offer less if contractors decide to sign a new contract, which starts the day the current one ends.
No breach there.
Yes it's shit, but it's not illegal. And because the contract and job markets are dire right now, they can do it. They will find replacement for those who decide to not sign the follow-on contract.
The same shit is going to happen when the IR35 changes finally hit next year. (And for some it happend pre last April, which is when the changes were first intended to go ahead before the government decided to prioritise fucking up their Covid response first.)
Isolation isn't just inconvenient it's also potentially expensive.
What's the price tag on your life, mine, or that of any other person?
Yes this pandemic costs money. So what? That does not give anyone the right to sacrifice the lives of 10s of thousands of people, least of all an inept government with a cabinet full of clowns.
It's been a while since I set up Xen-based clusters. But from the top of my head I'd say, yes, in theory. The fact that Bitdefender's toolkit would add ability to analyse your VM's memory for malware, supports that.
If data is so sensitive that not even the hosting company must ever be able to read it, don't use it in someone else's hypervisor (or indeed on their hardware).
@Marketing Hack
Are you holding out Amazon,..., as some kind of privacy champion??
Certainly not. It was not my intention to make them look like saints. You could argue that they have been less evil than some other global players, especially those in corporate America, but that debate would lead nowhere, since we only see what they've been called out on. Best to assume that they're all after our private data, the more the merrier.
(the door that is)
More seriously though, I'm not really shocked any more that privacy is trampled over. Happens everywhere all the time, sadly. But to see the scale of disregard in this case, from an Amazon-owned company no less, is a bit baffling. They are clever people. I'm assuming that someone has come to the conclusion that the free (albeit negative) coverage they get for this will be worth it.
Things won't change until (deliberate) privacy violations become crimes, where a person (not a business) can be held accountable and ultimately end up behind bars.
I've been dropping Dropbox slowly over the last couple of months. Going to switch it off by end of this month now. I use Syncthing instead. N-way filesystem sync between PC, laptop, home backup and remote virtual server, all of which use different encrypted file systems and three different OS between them. Has been working like a charm. Oh, and the transfer off-site goes via OpenVPN link between home router and virtual server. Not that I have reason to believe that Syncthing's in-transit encryption of traffic isn't good enough, but I trust OpenVPN to be better tested and scrutinised.
[...] it greatly benefits certain agencies
Exactly that. Especially given that Intel and AMD are American, and ARM is British, but their chips are used globally. From an agency and gov point of view: What's not to like? I bet they are more upset that this has come to light than they ever were about the existence of those flaws.
I'd also be inclined to wager that there are more flaws like this in CPUs and other chips/hardware. It's no secret after all that the 5 Eyes would like to see backdoors and reversible encryption everywhere.
...and conveniently lose paper trail and jail door key. Let's see how quick the database is fixed and/or a previously unheard-of backup found.
The mere fact that a law allows to snatch assets because somebody (police officer) thinks they might be connected to a crime, sounds very Wild West. Sad that these laws actually exist.
Customers of these companies might therefore be affected by the attack despite not having signed up for Equifax's services. The US agency holds the personal details of 44 million UK citizens
I'd be curious on which legal basis they hold the data in the US. And I'd be even more curious how they are going to inform all non-customers about the data they kept and failed to secure. 44 million UK citizens, for Christ's sake. That's almost all of the adult population.
Absolutely spot on!
I'd only like to add one thing: You don't need to ponder "smart" control of resources, while hundreds of tons of water are wasted in London every year due to mains pipes that leak. Don't know about other countries, but this one has to get the basics sorted first. In the meantime I'll keep the little privacy I've got left, thank you very much.
"You have the issue of bad guys wanting to kill you because you don't believe in the exact same things that they do. They think of you as the evil incarnate."
I've got a few issues with this statement. First and foremost it's the moral high ground which the U.S. and many of its citizens are still claiming. The number of civilian casualties in the Middle East caused by the U.S. and their allies, is likely a lot higher than the number of terrorism victims on U.S. soil, in the same time frame. You don't even need to go as far as including the Gulf wars, which were based on the evidently false claim that WMD existed in Iraq. (That claim was known to be false before the war, not after returning empty handed.)
Moral high ground and fear mongering together are the biggest threats to our society. They're both used for political and economical gain, not to make us safer.
Besides, a lot more people have died in car accidents, drug misuse, gun accidents and crimes; each of these categories individually have produced more fatalities. And they are domestic. Now why do you think that not a lot is happening to tackle those? Because there's nothing to gain for big arms dealers, intelligence agencies and politicians; all of them desperately need fear and threats to further their agendas, inside the country and abroad.
Every time we give a piece of privacy away, the terrorists have actually won another battle.
Unless the US social media companies are actually supporters of terrorism?
You don't have to go far back in time to find plenty of cases where the US, UK and others have made a sizeable amount of money by selling war machinery into countries which are now "evil" and supporting/hosting terrorists. In some cases you don't have to go back in time at all. The Saudi's are UK's biggest importer of weapons currently, for example, and as long as they keep fighting Yemen, they'll need more gear.
So if our governments (via arms manufacturers' lobbying and tax collection) have no interest in having an entirely peaceful world, why would companies in such countries care much about it?
1. They want to be seen to be doing something, anything.
2. They want more control over what we can and cannot see. Even if it's done with best intentions (I doubt that), there's no way anybody can effecitvely control which website should or shouldn't be visible. No pattern is perfect: Country of origin? (Hey there Donald!) Keywords? (let's ban everything about cars or knives?)
The UK Gov's wish (and that's all it is) answers to the demands of rags like the Daily Fail and their readers. But it's a futile attempt at best, and it's a very slippery slope.
Also, unless UK Gov somehow manage a world-wide ban of certain sites on Google (and all other search engines), people with enough criminal energy will easily be able to work around it. So it achieves nothing. Meanwhile, all the false positives will affect Law Abiding Citizen. Another win for the "terrorists" (in quotes, because we use that word way too lightly and sometimes inappropriately).
That's a very good point you're making there, JimmyPage.
Since false certificates were part of this discussion, I'd like to see that too. A cert is nothing but a ASCII text document of a very specific format. That should be a lot harder to pull off than using binary blob formats like PDF, which would allow you to hide a lot of stuff quite easily to tweak the hash to your liking.
Having said that, I'm not defending SHA-1. It was already known that its days are numbered.
Also, let's not use the term "calculate" when we refer to this stunt Google pulled off. Anything that uses 6500 years of compute time sounds a lot more like trial & error to me... or trial, verify, dismiss, repeat. Not quite a straight forward calculation. So SHA-1 is not really broken; it's just too weak as compute power becomes cheaper.
EDIT TO ADD, even if wandering off on a tangent: There are better ways to break SSL encryption, regardless of the hash used. How many of the Certificate Authorities that your OS&browser know, do YOU know? How many of them do you personally TRUST? SSL is fundamentally broken by design; unfortunately with no feasible alternative as yet.
If big companies who earn money with coms and networking (in the broadest sense) struggle to keep their stuff secure (TalkTalk, I'm looking at you, but not only at you), how on earth can anybody think that some random company from far far away can and will keep their cheaply produced IoT stuff secure? Even if it was secure at time of purchase, who is going to update their daughter's doll? I mean seriously.
They did the right thing in Germany; the ban won't help much, but it raises awareness of the risks. It's a start, and goes quite in the opposite direction of what's happening here in the UK (as pointed out by someone else before).
This whole Internet of Trash is going to blow up in all our faces, if it hasn't already (depending on what gadget you have bought or intend to buy, or what is forced on you).
Expelling known spies is and has always been just a gesture to show Joe Public, "Look, we're doing something about it." Just political bullshitting, to be honest.
Much harder to expell spies the US doesn't know are spies. Even more difficult to expell those who have an American passport. And those are the one to worry about.
On a side note, I don't buy this RU interference nonsense. It's a desperate attempt to depict Trump as an illicit successor in the White House. (Disclaimer: I think he is a shite candidate. But so was Clinton. Choosing the lesser of two evils was particularly hard this time around.)
We're going to lose a lot of data business, I think, just by creating yet-another-jurisdiction to deal with
Exactly. New, currently undefined, red tape and uncertainty about what and when and how are poisson.
Also, the giant holes in the left and right foot? They are called Snoopers' Charter Crater and Digitcal Economy Abyss. Neither of them is going to help attract business, to say the least.
Who replies to text messages from numbers they don't recognise or people who won't identify themselves?
The same people who click on links in spam and phishing emails, and hand over credentials to third parties. We wouldn't see any of those "attacks", if there weren't enough stupid "customers".
to force one of those smart meters on me. And boy are they persistent. But so am I.
It might be the case that energy companies are supposed to roll that shit out by 2020. That doesn't mean that I'm obliged to help them with that. There's neither a law that requires house owners to have those snoop smart meters, nor is there any law that allows energy companies to deny supply based on what meters are installed. So service will commence as usual, for the time being.
I don't care how old EDF think my meter is. It counts kwh just fine. They will not convince me otherwise, unless my leccy bill is suddenly much lower than it used to be (meter stopped working).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
