Re: That logo
Squint enough and it looks like a double headed eagle - Russian coat of arms?
1285 posts • joined 6 Oct 2010
I agree with your sentiment, though Zoom should take the blame here.
The difference with e.g. Micros~1 vulnerabilities is that Zoom has deliberately chosen a poor encryption cipher for no obvious reason. AES-GCM (amongst others) was available when Zoom corp. was formed decade ago, yet they chose a specific AES cipher not fit for streaming video - amongst many other security snafus recently reported - falsely claiming end-to-end encryption, data-mining with Facebook etc.
This would be somewhat understandable if this was a small start-up that had its v0.9 product suddenly found out by the masses, but it's a billion-dollar software company with thousands of employees, and it hasn't (apparently) had any consideration for security until recently.
Had these exposes not happened, several companies, people (including Boris) would still happily be divulging their secrets, handily routed through China.
"What about those that serve breakfast? Or people who take their (especially young) kids with them to dine?"
Whether I eat my breakfast at home, at a restaurant, workplace or wherever - my dairy consumption doesn't vary very much. The oatmeals and sandwiches won't differ that much from place to place.
Young children typically seem to drink milk at a restaurant, but had the family not gone out to dine - wouldn't the kids drink a similar amount of milk at home then?
I've noticed that the quarantine has changes *some* of my habits. I'm usually drinking perhaps just half a pot of coffee during the day when working from home. My workplace has good coffee always available and I'm just sipping it through the day.
"On this PC (which was running Win 7 32-bit which got upgrade to Win 10 32-bit during the free upgrade period) I followed the steps to enable it, it failed" [...] "I gave in, went on Amazon and purchased Win10 64 bit OEM."
Once your Win7 was upgraded to Win10 (via the free period that still continues, btw!) your PC gained a Windows 10 license, and that license doesn't limit you to 32- or 64-bitness. You could have just downloaded 64-bit Win10 media without throwing any money at Microsoft or Amazon.
"*Long comical arcs of rainbow sparkly crocodile tears over the loss of all my porn*"
There are the Audio Described movies, though I'm not sure whether this particular category is yet to be supported. "In - out - in - out" (in monotone voice), oh yeah!
I'm sure you've heard it many times, but there's always the Braille edition of Playboy...
This all boils down how feasible it is to re-write the Thunderbolt firmware (or more exactly, the NVRAM where the approved devices are listed) Apparently not too hard. And also obtaining a TB device that can be commanded to read or modify RAM.
1. What's to stop an attacker inserting data-stealing PCIe cards in office desktops or servers? Design the card as hot-pluggable and presto! Direct Memory Access. Alternatively PCIe M.2 cards can be used. Or hot-plug NVME slots. No need for the 're-write firmware' portion, unless the the PCIe/M.2 slots are disabled. Typically all slots are enabled at the factory.
2. Attach a data-stealing device between CPU and memory.
3. Attach a data-stealing device between CPU and PCIe, or any other bus with DMA.
4. Attach a keylogger into straight into USB traces on the mobo.
5. Monitor for "micro changes in air density" (Alien style) at the air intake to determine computer operation.
With advancing technology, any of those are becoming more and more feasible to do. Except the last one. Maybe.
I remember testing for the fastest speed my telco would understand the DTMF tones with AT S11 register setting and saving it for the initialization string in Telix/Telemate/Terminate. When you were calling several BBS's (sequentially until an answer), it would really cut down the time used ...by a second or two.
"So much better than the old i7 3770k it replaced!"
It better be since that AMD was introduced just last year and with twice as many physical cores and has higher base + turbo frequencies, lots more cache, has higher TDP etc. That 3770k is an 8-year-old model...
My i7 laptop I'm writing this post is much faster than the K6-2 I had 20 years ago, believe it or not!
"I think you're wrong: the Shuttle was the worst. It killed more astronauts than the rest of the global space program"
Apples and oranges, man...
They could have said the same about Apollo program, since all manned Gemini and Mercury flights were successes and Apollo 1 crew perished in their pod.
Mercury was about putting an American on orbit before Russians. Russia won the race but was it a failure?
Shuttle killed more astronauts purely because there were 135 manned launches vs 28 on Mercury/Gemini/Apollo. There were 2 total loss disasters, 14 killed vs 1 total loss and 3 killed in Apollo 1. Shuttle put total of 833 crewmembers in space, vs 59 for the earlier programs.
Statistically the Shuttle was more safe than the earlier programs.
While each flight brought more or less scientific knowledge, the earlier programs were just about that. And planting a US flag in Moon of course. Shuttle hauled some very important telescopes and lab stuff there. And the also fixed Hubble at one point. How feasible would that have been with the earlier space vehicle design? (I don't know)
"Musk is more interested in space than he is in getting richer than he already is."
How do you know? He's already got enough money to live the rest of his life in opulence. Does he still make money or does he reject extra wealth and direct it to foundations or funds that are pro-space?
"Shame they don't shitcan stuff like pptp & l2tp/ipsec v1 and upgrade their encryption levels for ipsec v2 to something that governments can't spy on."
It is better to remain silent and be thought a fool, than to open your mouth and remove all doubt.
IKEv2 has been there since Windows 7. Windows offers a perfectly fine combination of encryption, key exchange and hash functions for VPNs or IPsec connections.
Yes, PPTP is useless, but please explain how L2TP/IPsec is shitcan stuff? Which vendor has dropped support for that?
My Firefox browser history on this home computer goes back about 3 years. I looked up for the 'ftp://' string it and there's not a lot that I would miss:
F-Secure uninstall tool, HP Softpaqs, Axis camera firmware, Windows NT4 SP4, Info-Zip binaries, C/H/S information for old HDDs, Firmware for some old unsupported D-Link shit.
Most of the aforementioned stuff is available on HTTP, but not all was. (or my search skills failed me)
It's the very old stuff that's getting harder and harder to find. After a few more years all the FTP mirrors for Simtelnet, Sunsite, Hobbes etc. are going to disappear. All those moments will be lost in time, like tears in rain. Time to die.
"Apple don't review the app's source code, it reviews the binary and subjects it to a test."
I agree with what you're saying - yet Apple seems to have way less malignant software in their app store. Google should have equal muscles to vet the binaries, dontcha think?
Play Store seems to have way more cruft and crappy game clones than App Store, but does Apple actually have equal percentage of malware in total, and they just silently take out the garbage? IDK.
Unfortunately - for those of us who enjoy raspberry jam - you couldn't find any in the shops since it would be one more hoarded item.
Also, us legit buyers would need to don at least sunglasses and fake beard (or just Groucho glasses) before approaching the jam shelf. One might as well buy a whole 6-pack of toilet paper since you're already camouflaged.
I have the QC35 (home) and the newer 700 (work) in use. I haven't had any problems with either connecting them to computers or my iPhone. The iPhone apps also work just fine. They're pretty useless though and Bose has in their infinite wisdom decided that the different headphones require separate apps to manage.
"I agree, but the fact that this new firmware is supposedly being rolled out silently and without choice isn't good."
I don't know how that's happening since my Bose QC35 can only be updated if you have
1) installed the update software
2) have the headphones connected via USB to computer
3) visit the Bose update page
The phone app can only change settings, it can't update the firmware.
FWIW, my Bose QC35 headphones have been updated a couple of times in their life and I have perceived no change in the sound quality or noice cancellation effectiveness.
"If you have nothing, the barrier to work is pretty high. First you need to make yourself presentable. You'll need to have clean, smart clothes, which means you'll need to have somewhere to wash, which means you'll need to have somewhere to live, which means you'll need a job..."
There's a film I remember seeing from 30 years ago with that exact plot. A young druggie wants to get clean and is promised job in a restaurant but his bare feet need to be covered. The quest for footwear thus begins.
"I don't overly blame the guy for ending support (you've got to at some point), but I think even his caveated position is a little overly-optimistic on how long it'll take for people to move to something else. As long as request works, people'll continue using it because they're familiar with it (path of least resistance)."
Then people would just use the request code indefinitely.
Surely there are multiple HTTP handler libraries available that implement the same functionality? If your code relies on this module and you can't replace it in one full year or so then I think the problem is with your resource management.
Is there a reason why this request code can't be forked or maintained by someone else?
Sopwith Camel could do this as well...
Here in Finland the Ministry of Defence is pondering replacements for the ageing F/A-18 Hornets. They're testing Rafale, EF, Super Hornet, Saab Gripen and of course, F-35A. I'm pretty sure the powers that be have already selected F-35 but they're just putting on this charade to explaing why we bought the most expensive craft available.
The fighter just needs to be good enough to deter
Russia anyone from attacking, nothing more.
"Some items still use TFTP (basically a simplified FTP without usernames or passwords) for booting."
What's TFTP got to do with Chrome or other web browsers?
A number of websites still allow FTP access as for non-confidential files it has a lower overhead than HTTP or HTTPS.
While my web browser FTP usage is pretty low these days, I don't understand what Google gains here by removing the minuscule FTP code portion from the Chromium tree. FTP is a stable, well understood simple protocol. The code probably is quite free of errors and likely requires very little housekeeping between versions.
Can I live without FTP on a browser? Probably.
"Actually, on my 286 the turbo button did work. I had to turn it off to play a submarine game, because at the higher speed the game became unplayable... IIRC it was "overcloking" the CPU from 10-12Mhz to 16...."
You were playing GATO? One of the first games I played on PC and thought it was fugly as hell with the crappy CGA graphics compared to my C64 version. A nice simple game, but 688 Attack Sub a couple years later totally trounced it, both in gameplay and graphics. (and I still play 688 every now and then on Dosbox).
Turbo on actually meant the CPU was running on its normal full speed and turning turbo off just reduced the MHz on the CPU somewhat.
"I can't remember that last company Intel acquired that actually sold a chip."
Intel (Infineon) XMM cellular modems are used by all laptop manufacturers. My laptop got one.
I'm not well versed on Intel acquisitions, I don't know how many hardware companies they've bought, except fo C&T, which 20-odd years ago was the basis for their graphics division and probably still lives in their GPUs. (in a shoulder-of-giants kind of way)
"Now if your a startup trying to sell your company and don't mind seeing your work destroyed after they give you hundreds of millions, then you gotta love them."
Intel reportedly paid about $400M for a company without any products and with <50 people working for it. I'd be happy to cash in unless I knew the company was worth more than that. Perhaps the original owners thought the same, or perhaps they were running out of money and Intel was their last resort, who knows.
The article states that Nervana under Intel was still led by its co-founder. Despite Intel's massive resources they couldn't ship a product. Perhaps the product design was faulty from the beginning, or required still unavailable technology, or the co-founder didn't have the skill to lead the project to fruition.
Icon for poor grammar.
Biting the hand that feeds IT © 1998–2020