Posts by Grendel 43 publicly visible posts • joined 3 Nov 2010
Fix most of it by:
1. Fresh installation of Windows 11 Pro
2. Upgrade to 25H2
3. Remove fluffy rubbish with Raphire's Win11Debloat (removes unwanted apps, games, telemetry, etc)
4. Harden system using MS Baseline Security Policies with HotCakeX's Harden-System-Security
... and you have an almost sane system.
M
Most definitely name and shame (as a minimum) and should the game be raised to 'prosecute' for violations of the GDPR and/or Anti-Trust as this is a deliberate 'deception' to ensure that ad-trackers continue to work?
Perhaps we also need a new 'first party' (same origin - exactly the same URL), 'second party' (sub-URL of the first party domain) and 'third party' (different domain) approach and rulesets in our defences?
G
Most definitely name and shame (as a minimum) and should the game be raised to 'prosecute' for violations of the GDPR and/or Anti-Trust as this is a deliberate 'deception' to ensure that ad-trackers continue to work?
Perhaps we also need a new 'first party' (same origin - exactly the same URL), 'second party' (sub-URL of the first party domain) and 'third party' (different domain) approach and rulesets in our defenses?
G
The cost (ex factory gate) of a TETRA radio is under £600 and not much different from a high-end SmartPhone... when you consider the engineering quality that has to go in to one of these radios to make it "squaddy proof" and work for extended periods along with the security, encryption, etc. its not bad value for money.
The problem is NOT the Tetra technology but the expensive Airwave service behind it! Hence, it might be that Arqiva could run it better and for less ;-)
As with many thing in life "its only the profit that makes it expensive" ...
G.
I certainly wouldn't want to be the Senior Responsible Officer (SRO) of the ESN project/network the first time a policeman dies because he couldn't get backup on his radio!!! I'm not sure the 4G radio network operator would want the reputational damage either!
To quote: "... What is it about this human passion for tyranny? Stifling diversity, stomping on creativity, putting the boot on the throat of others and crowing, "I own you, sucker! Now just be good and give me your wallet, your first-born, and your soul" ..."
... and I thought that was how Apple worked?
God forbid that Qualcom and Apple team up to make this 2G/3G/TETRA/GPS/WiFi/BlueTooth killing machine!
"We're doomed! We're all doomed I tell ye" ;-)
G.
The French have a bi-static radar called GRAVES operating on 143.050MHz - from recollection it runs 1MW ERP. If you are a radio ham with a decent 2m (144MHz) system its fairly easy to receive meteor reflections from it.
There's an article on Wikipeadia as well as this more interesting "cook book":
http://www.fas.org/spp/military/program/track/graves.pdf
Mike
Surely the correct speech would have been:
... "Mars: the final frontier. These are the voyages of the Mars rover Curiosity. Its two-year mission: to explore strange new worlds, to seek out new life and new civilizations, to boldly go where no man has gone before" ...
voiced by William Shatner?
Grendel
PS. Why Paris? Because she probably things that Mars is a chocolate bar :-)
Ok, so Carbonite can't claim "unlimited storage", so what about the farse that is "unlimited internet" then Mr. ASA? For years we've had the "unlimited (with conditions)", the "unlimited (with acceptable use)", the "unlimited (unless the ISP doesn't like you)" etc. etc.
Please go sort our ISPs out first - they're a darn site closer to home and affect a lot more consumers!
G
Forget the 11+ hours hold time, why do Quantas think that 17 minutes is acceptable as a hold time?
Its utter clap-trap to tell customers that they are "valued and respected" and then treat them with contempt by under manning call centres, rationing resources and making people wait.
If Quantas think that 17 minutes is acceptable then they won't be getting ANY of my business.
So, the rules for an App in Apple's store is that if it allegedly infringes someone's patent then the app gets taken off sale... so when Apple's own products allegedly infringe on Samsung/Motorola/Google patents why is it they they won't take their own products off sale?
This is clearly a case of double standards by Apple. Perhaps the FTC should look at this and consider holding Apple to their own high standards?
Whether the BOM costs $180, $188 or $203 isn't really the issue here... its the fact that they're only paying $8 for the whole of the manufacturing process - this is what the factory workers get paid from...
I work in electronics in the UK and that's an incredibly low figure - it should be more like 10-15% of the BOM costs - so more like $18-25 to be reasonable and 'fair'.
If you want "fair trade" then talk to Apple about social responsibility and corporate responsibility and paying a pair amount to get the assembly work done... if they took $10 from the sticker price and moved it to the manufacturing cost they (Apple) would still make billions and those that actually 'make' it, working on the shop floor, would be hugely better off AND the price would stay the same.
Grendel
Too many years of faffing around... too many years of putting of the decision for more nuclear... too much burning gas to make electricity (which is just plain stupid)... and now the lights are going to go out!
The government knows about that they euphemistically called "unserved energy demand" and it'll hit us about 2015-ish...
Should have started building next generation nuclear generation plants 10 years ago and been bringing them online now...
I have an 11KW standby generator... have you bought yours yet?
Strikes me the solution is pretty obvious - we need two "times" and one "interval" (the second):
a) a 'scientific' time that is rigorously defined and that increments at the standard interval - the second - forever and does not have leap-seconds - lets call this "epoc time", and
b) a 'practical' time that is is aligned to the scientific standard, i.e. it uses the same interval (the second) but is adjusted via a local "offset" which provides the local time that we see - the yakns call this "wall clock time".
Leap-seconds are applied to "wall clock time" via the local offset as required to keep the time right (within 0.9 seconds) such that sunrise and sunset work and people watches work.
Important systems such as international telecommunications, computer networks, scientific experiments use "epoc time" and simple humans use "wall clock time".
GPS already does this with its difference between GPS time (1st Jan 1986) and UTC with its "UTC offset". We can reuse this idea - all we need to do is to take the existing unix time_t epoc time, extend it to 64-bits (UINT64) and synchronise it to the 300+ atomic clocks in the world and call this the international standard.
The trick here is to have one internal standard that just keeps counting without interruption and a local representation with is adjusted on use/on display, i.e. on output, without resorting to changing the underlying master source.
unix does it already... can't be hard...
Mike
The real problem is how far they can go before they are in breach of contract? What I mean by this is if I bought "internet access" and then they change it to "crippled internet access" will they let me out of my contract? If they won't let me out of my contract then where's the competitive pressure going to come from? I could end up locked in to a contract for DSL service for a year!
I had an argument a bit like this with Demon internet 6-7 or so or so years ago when they, without warning, blocked ICMP on several of their London DSL nodes (like lon1-aj1c.demonadsl.net) - this really mattered to me because one of the uses of my DSL at home was to monitor services at work. They said they had to "protect their network" - I argued that ICMP is a *core* part of the internet suit of protocols. After some to-and-fro they eventually gave in and let me transfer to Zen internet, whom I am still with ;-)
Competition with strings or with no redress is meaningless in terms of pressure...
Mike
We need to know the distance in that other el-Reg defaco unit of measure... Sheep... if Sheep can be used for height then they can also be used for length (we'll need to know if the sheep are standing or stacked on their side)...
So, what's the distance from Darwin to Adelaide in Sheep?
Mike
/^v.+b$/i
Luckily the moon doesn't affect radio reflections from meteors (strictly speaking the plasma trail from meteors) so if you cannot see much of the night sky you still might take a 'listen' for Perseids...
If you have an FM radio and an outside aerial facing north east through to south east and tune to a quiet part at the bottom of the band (around 87.5-88MHz) you may be able to hear "bursts" of foreign radio stations lasting from a fraction of a second up to 20-30 seconds or so...
Mike
Sir,
To quote you: "...Governments sponsor academics to produce "science" of dubious quality to support conclusions reached in advance, what you might call "evidence-based policy-making..."
Are you sure that you didn't mis-typed this and mean "policy-based evidence-making" ?
Mike
So, lets get this right... anyone can take an piece of electronic equipment and stamp Chinese Export ("CE") on it and whether it passes the required testing or not is irrelevant?
As far as I was aware "... a criminal office is committed if a device is placed on the market or taken in to use [after the proscribed date] that fails to meet the basic protection requirements of the (EMC) Directive".
There is something very dodgy going on here... Ofcom *should* publicly state that XYZ products fail to meet the requirements of the Directive at which point they *should* be prohibited from sale or use *and* Trading Standards *should* enforce it.
Otherwise what is the point of all the legislation, standards, conformance testing and enforcement people? Is this all just some glorious gravy train that actually means NOTHING??
Surely its about time that the BBC, CAA, RSGB, Police, Military and any other stakeholders in the radio spectrum **forced** some action out of Ofcom... perhaps they need a big pointy stick in the form of a judicial review of their (in)actions and failure to enforce law?
Mike
Ok, so we recognise that storing plain passwords is bad or even passwords that have been simply hashed - which are vulnerable to attack.
There are various layers of defence available, such as hashing with passwords with a 'salt' (yes, my comment was generic and doesn't represent the exact recipe we use on any specific system) but better solutions exist - for example maintaining the authentication on separate back-end systems accessed via RADIUS or LDAP.
Personally, I think that the time for static passwords has passed... how many people use the same password on multiple systems? How many people never change passwords? Answer: the great majority of people. Why? Because we're innately lazy! ... and we think security is someone else's problem.
[BTW: how many of the people reading this post have an insecure front door on their house, flat or property?... Brute forcing that old Yale lock is very easy these days... http://en.wikipedia.org/wiki/Lock_bumping or YouTube 'lock bumping'. You won't get in to my castle trying that technique either... ]
The days of the "fixed password" have to be numbered? We need something better and while RSA's Secure-ID looks to have just had a significant compromise of its own recently one-time-passwords (OTPs) have to the the future...
We've just built our own implementation of RFC4226 HOTP and are evaluating it for a client project as the majority of users have Crackberry, Droid or iJobs smartphones and can run a software implementation of OTP so we don't even need a token. For those users that do need a token they can be purchased from China for $8 USD each these days :) Who needs RSA Secure-ID anyway?
Mike
Why is it sooooooo easy to match hashed passwords using rainbow tables? Doesn't anyone implement "salt" (salting) of hashes?
All the systems we install for customers have username/passwords stored as SHA1 hashes of username+password+salt where 'salt' is an installation or site-specific string hidden elsewhere in system configuration. This means that even if you read out the usernames+hashes from the tables you can't necessarily get the password from it...
Mike
We are using Node.js to deliver real-time web-based resource tracking (vehicle tracking, asset tracking, staff tracking) and mapping solutions to tens of customers with thousands of resources and millions of resource-movements per day on our SaaS service called 'Xlocate' over at www.xlocate.net
We use Node to provide all of the real-time communications between a range of radio and GSM based tracking devices, MySQL databases and client machines usingusing a web-browser and HTML5+WebSockets.
The architecture is real-time being almost entirely event-driven and the applications are developed in Django using model-view-controller and Javascript in the client and comms servers (Node.js).
Our solution is implemented with Dell R210 application servers at the front-ends and medium performance Dell R410/R710 servers for the comms and database have bench-marked our system at over 6000 transactions per second (TPS)... (as long as our clients use Chrome! and not IE9 or FF3.5) ...
We like the event-driven nature of the system, ease of coding/prototyping/test harness building, outright performance and especially the ability to move modules of code between the back-end servers (Node.js) and the client (browser) as the solution develops.
Node.js + V8 really rocks and was a great find for us!
To me it looks like Google/Microsoft/Apple are wrong in sending 'stealth plugins' - if this is indeed what they are doing *and* it looks like Moz Firefox is wrong to accept/install them without querying it!
However, the interesting question then is if, say, Microsoft do download a stealth update to my computer via this method then are they in breach of the computer Misuse Act (1990) - afterall it means that they modified the contents of my computer without my express permission and while I was using a third-party application, ie. not covered by an M$ EULA.
It would be an interesting one to see argued out in court...
Ideally two things would happen:
1. the website, service or whatever *should* on detection of the need to install a plug-in direct the unwary user to a page that says something along the lines "To use service 'foo' we need to install plug-in 'bar' - click 'ok' to proceed"
2. Moz Firefox should alert and pop-up a message along the lines "Wesbite 'foo' is attempting to install plug-in 'bar' - click 'ok' if you trust this site and want to install this plug-in"
Mike
... but if you're going to bring up aviation then that takes us on to the International Telecommunications Union (ITU) and callsigns for which the UK was assigned the prefixes '2' (as in "London calling... 2LO calling"), 'G' (as used on all aircraft, telex numbers, ham radio callsigns) and 'M' (less used).
As 'Petur' said this is *exactly* the way for Turkey to set back their EU entry hopes another five years!
Grow up and stop acting like a spoilt brat or a country that had its 'god' ridiculed in a comic strip!
If you want to be 'western' you have to accept plurality and freedom of speech.
Grendel
PS. Why Paris? Well she would probably know a thing or two about romps in hotel rooms!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
