Posts by doperative 173 publicly visible posts • joined 15 Dec 2010
@Peripherals: Take two computer-literate-enough-to-do-email-and-a-word-doc average people .. sit each at their computer and without any help from you other that verbal advice, see which one can get all of the peripherals fully working ..
Sounds like a test elREG could organize, how about it.
> Once upon a time I loved the look and feel on this upstart distro called Ubuntu. But recently their Quality control has... well bee sadly lacking ..
I'm puzzled by the term "Quality control". I find Ubuntu one of the most polished and stable desktops out there. From the base installation you get browsing, email, word processing and multimedia. And without the malware infestation that plagues the Windows universe.
"I think the regulators should put pressure on the people involved, the ISPs to come up with a solution to this."
How about OpenDNS configured at the router not on the desktop computer where little johnny knows more than his parents about how to bypass it.
http://www.opendns.com/familyshield/
How about focusing on a vertical stack of products and forming an alliance with the telecoms and content owners. Provide a low cost consumer media center and license the servers to the content providers - that's where the real money lies. It's the difference between the iPhone and Nokie. Nokie sells bricks while Apple provides a total online experience. Sun could have been doing this years ago before they self destructed. AOL-Time Warner could have been doing it also but didn't seem to know what to after the merger.
Never ever download and run apps from unknown sources. If you have to run malware.exe to get access to a site then it is almost certainly a scam.
> McLouglin is reckoned to have accessed at least 20 individual accounts belonging to the estimated 100 victims hit by the scam.
How were the other 80 victems not affected ?
> The vulnerability comes through the time-honoured practice of URL guessing .. he combined a Facebook friend ID with a brute-force-guess for the remainder of the URL to the photographs, in a process which Heinrich said meant testing 200,000 numerals and took around seven days ..
The solution to this would be to generate a onetime hash and dynamically generate the URL path from this. The onetime hash being constructed from a master key generated at registration. The key being some kind of PKI digital signature thingy.
I'm no expert, but even I can come up with a solution in the time it took to type this. Makes me wonder what they teach these security professionals in techie school. Facebook did ask the question 'how can this be hacked' before putting this feature up, didn't they ?
"We have a good extradition relationship with the UK and I'm confident that the review that the Home Secretary will make will be an appropriate one", Eric Holder
No, under the same criteria McKinnon could not be extradited from the US to this country.
"Well McKinnon is a person who commited serious crimes resulting in about a million dollars worth of damages in the United States", Eric Holder
What really happened was McKinnon logged into Windows NT machines with a blank administrator password (presumably because they were all loaded from the same image). Installed a remote desktop app (RemotelyAnywhere). Alerted the operators by typing msgs in wordpad and leaving them on their desktop. They caught him because he used his own email address to register the RemotelyAnywhere software. And finally Gary was only looking for evidence of secret spaceships, only he can't really remember if he found some as he was "smoking a lot of dope at the time".
http://www.guardian.co.uk/theguardian/2005/jul/09/weekend7.weekend2
"I'd instant message them, using WordPad, with a bit of a political diatribe. You know, I'd leave a message on their desktop that read 'Secret government is blah blah blah.' "
http://www.zdnet.co.uk/news/security-management/2005/07/13/the-nasa-hacker-scapegoat-or-public-enemy-39208862/
> BUT, the general concept of a firewall and Protocol Validation (aka "deep packet inspection") is sound ..
No it isn't, Google the InterTubes for real world examples.
> The reason is that restricting ports and validating protocols (e.g. HTTP or FTP) can be seen as an instance of the security strategy called "Privilege Restriction".
No, you just don't allow HTTP or FTP processes to bind to ports or or else you tunnel them through an SSH connection. You see the root of the problem is the process-binding-to-port model. Once you've got a secure, verifiable end-to-end connection then the rest, PrR, MaCP, dPI is just so much techno-waffle. Without using a single acronym I will say this. If you can't be ever sure that the code/scripts running on your computer are yours then its game over as far as security is concerned.
> De-perimiterisation and the move to cloud computing will not alter the central place the firewall occupies in corporate security architectures, according to Check Point chief exec Gil Shwed.
Given the nature of todays communications infrastructure, a firewall is next to useless. Once upon a time inter-communication between systems were run on a restricted set of ports and since only root could bind to these 'privileged ports' the remote system could be sure of the calling systems identity (at least if it was calling on port 22 then it was the real SSH daemon and not some spoofing process).
Later on more services were added to more ports and non-root users were allowed to bind to these ports. A firewall is designed to block IP addresses and/or ports. As such it has to allow 'safe' ports and disallow unsafe ones. Since for the reasons stated previously, it's next to impossible to verify such safe port/IP combinations, the effectiveness of the firewall is rendered useless.
If by 'intrusion prevention` you mean deep state packet inspection, that also can only be margionally effective as it has to maintain an ever expanding blacklist of unsafe scripts. IE downloading and running scripts from remote systems and relying on the local system to verify them as authentic and safe.
It has also previously been reported that Islamic terrorists use Steganography hidden in porn to transmit msgs, it must be true as I read it on the Internet ..
"Link between child porn and Muslim terrorists"
http://www.timesonline.co.uk/tol/news/uk/crime/article4959002.ece
"Hiding in Plain View: Could Steganography be a Terrorist Tool?"
http://www.sans.org/reading_room/whitepapers/stenganography/hiding-plain-view-steganography-terrorist-tool_551
--
PROTHERO: Do you believe this crap, Dascombe?
DASCOMBE: It's not our job to believe it, Lewis. Our job is to tell the people --
> Windows is targeted far more often that other operating systems because it is used on far more machines ..
That's a debatable statement, imho the design flaws are a combination of Windows and how the Intel chipset handle memory, as it it seems incapable of isolating each processes memory.
--
Modded up two, modded down seven ...
> Oracle is going after the Apache Software Foundation .. with a subpoena demanding they surrender a raft of communications with Google, plus other documents on the source code of ASF's Project Harmony ..
If the source code is already available, then why can't they point to the offending lines-of-code, or are they pulling a SCO here ...
> Oracle wants written proof that Google and ASF knew there were restrictions on what Google could do with Harmony in Android and that people looked for ways to bend the rules or just break them.
ASF to Google: are we compliant with the license.
Google to ASF: Lets make sure we're not violating the license.
Oracle: See, proof positive that they are in violation.
According to this logic, anytime someone consults a lawyer over the terms of a license, then this constitutes proof that they are in collusion to violate the license. In that case the entire legal process is in doubt.
"The district court found that the Cole claims in suit read on a system disclosed in German, French, and British patents issued to Dirks between 1948 and 1957, none of which were considered by the examiner during the prosecution of the Cole patent application.
The district court agreed with HLA's assertion that "The Dirks system ... is the Cole system implemented in 1940's technology, and, since the Cole claims are drawn to cover all digital systems generically, as opposed to a new implementation, they are anticipated by [the] foreign Dirks' patents."
The principal issue in Appeal No. 83-782 is whether the district court correctly found that claims 1, 2, and 3 of RCA's patent, covering a digital video character generator, are anticipated by the disclosure in the "Dirks" patents. We reverse the holding of invalidity in view of Dirks alone.
http://openjurist.org/730/f2d/1440/rca-corp-v-applied-digital-data-systems-inc-lear-siegler-inc
"Data General also contends that the Cole patent was anticipated by the prior art and by a printed publication stored at the Stanford Research Institute"
http://de.findacase.com/research/wfrmDocViewer.aspx/xq/fac.19880715_0000048.DDE.htm/qx
"The following stuff is from Electronics magazine, Jan. 3rd 1958 issue .. Generating Characters: Summary Although may plans have been devised in the past for scribing numeric and alphabetic characters on a scope face by spot deflection"
http://www.nixiebunny.com/crtgen/crtgen.html
> It is not mentioned that the researcher was trying to force the company into using his services ?, wim
"They misunderstood that I was getting money for doing this ... and illegally breaking into networks"
http://tinyurl.com/6g853kg
http://mobile.darkreading.com/9287/show/87388ff1d2461814c5a84f7207f6f9a3&t=5747b086486247295f80f245d99fd035
> Capitalism works fine, in principal .. Bilgepipe
What goes on in Wall Street isn't capitalism, more akin to a giagantic shell game where even the con artists can't tell the real from the imaginary. Trouble is - when the bubble invariably bursts - it's the poor schmuch consumer who has to pay the tab, in the form of higher prices, higher interest rates and bogus taxes, the revenue of which being forwarded to the fat bastards in bail-outs, the same fat bastards who caused the crash in the first place.
--
http://i.imgur.com/AlKzP.jpg
http://www.rense.com/general82/carrlin.htm
' "By launching instances in separate Availability Zones," Amazon says, "you can protect your applications from failure of a single location." But today's outage – which began around 1:41am Pacific time and also affected the use of Amazon's Elastic Block Store (EBS) service – spread across multiple zones in the East region.'
I do believe this whole cloud computing concept has been over sold. For a business with multiple locations, a number of servers sited locally, in a peer-to-peer configuration would provide a more reliable service. All they rely on is an end-to-end IP connection, if one site goes then the rest can carry on.
@westlake said:
> What I wanted and needed in FOSS had been ported to Windows or begun as a native Windows app -
What licensing issues does FOSS running Windows 7 have.
> What I want and have in Windows 7 are subscription services like Netflix
You also get to endlessly subscribe to online Anti Virus services ..
@nederlander wrote:
> I have an android phone and I run ubuntu, but I still keep windows 7 on the dual boot for two reasons. Firstly there are no decent games on linux. Secondly,
You buy a phone depending on what games run on it, isn't the screen a little small ?
> I like to do a bit of programming in my spare time and java+eclipse just isn't as good as C#+VS. The java language and framework seems to be languishing while C# moves on in leaps and bounds. Death by committee I suppose.
It says here Eclipse works with other languages ..
http://en.wikipedia.org/wiki/List_of_Eclipse_projects#Third_party_projects
I find their choice as to which-command-goes-where, curious. The inability to customize is also a major flaw.
> The Ribbon, which is part of the Microsoft Office Fluent user interface, is designed to help you quickly find the commands that you need to complete a task. Commands are organized in logical groups that are collected together under tabs. Because each tab relates to a type of activity, such as writing or laying out a page, it is not possible to customize the Ribbon without using XML and programming code.
http://office.microsoft.com/en-us/word-help/can-i-customize-the-ribbon-HA010227754.aspx
> The UI could replace the familiar menus and toolbars. It was first introduced by Microsoft to make it easier to find features buried in the depths of long menus of Office.
I'm not impressed, all they've done is taken the main menus and sub-divided them into sub-menus. It does it make it easier for the complete newbie to do basic editing but I don't see how someone could speed-up their work flow using this Ribbon UI.
Home: 50 menu items sub divided into 6 panels
Insert: 24 menu items sub-divided into 7 panels
Page-Layout: 25 menu items sub-divided into 5 panels
References: 21 menu items sub-divided into 6 panels
Mailing: 21 menu items sub-divided into 5 panels
Review: 23 menu items sub-divided into 6 panels
View: 23 menu items sub-divided into 7 panels
Would any of the 18 (?) of you care to explain what it is you disagree about in the original post.
http://i53.tinypic.com/jz6rus.png
> The flawed evidence relying on Credit Card receipts that the perps could claim were stolen over the Internet. What they should have done was tag the images with digital signatures and use the presence of such images on the perps hard-drive in evidence ..
.
> Could have guessed the "because it works at home" angle. Last I checked, a Windows Domain was a lot easier to manage and lock down .., Ammaross Danan
Right now I'm looking at both Windows and Macs that are happy to authenticate to the same Domain controller. Besides the entire infracture could be replaced by portable devices, the base system providing a screen, keyboard, mouse and Internet access. What could be more efficient than that.
> While Open Source does make projects perhaps more agile, it definitely doesn't always lead to "more efficient" nor "smaller.", Ammaross Danan
I've worked in IT tech support for a few decades and have never needed to use the word 'agile' in a sentence before. In my experience once a Linux/BSD/SuSE system is configured it just runs-and-runs, with Windows on the other hand you are for ever reinstalling-reinstalling-reinstalling ..
> Microsoft's webOS luvvin' partner HP is among the PC manufacturers getting copies of early Windows 8 code, according to reports.
They're not getting copies of the code, they're getting copies of the executables. Releasing code to the 'partners' would be equivalent to communism ..
> According to leaked screen shots on different sites, something called History Vault, which is described to be analogous to Mac OS X's Time Machine for back up.
Haaaa .. and Steve Jobs went forward in time and stole the History Vault from Microsoft.
> There's also a system-reset feature that'll let you reset your machine and retain your data once that inevitable day comes, often very soon, that your Windows PC starts slowing to a crawl.
That should be retain user data, something that's been availabe on Linux machines for decades. User files being stored on a seperate partition under the /home directory. Besides, system-reset sound a lot like the Lenovo One-Button-Restore. I also recall on earlier Windows versions creating a D: drive on a seperate partition and storing Documents-And-Settings there. That we have to wait till 2011 for such 'innovations' merely serves to demonstrate the total stagnation and lack of innovation on the desktop. And finally the 'PC starts slowing to a crawl' feature is only available on the Windows platform, something you never see on the Linux/Mac platform.
Instead of passing an SQL statement to the end user app, which fills in some place markers and then the entire statement is loaded back to the server. How about designing a system where it's impossible to run such remote scripts. Is there any other method of providing such functionality?
"The situation at the Fukushima Daiichi nuclear powerplant in Japan, badly damaged during the extremely severe earthquake and tsunami there a week ago, continues to stabilise"
Would you please stop regurgitating this PR waffle. What corrosion effects will seawater have on the damaged reactor cores? What happens when the radioactive sludge reaches the water table. How are they even going to move the radioactive waste?
"Officials at the Nuclear Safety Agency have raised the severity of the nuclear crisis unfolding at the plant damaged in last Friday's magnitude 9.0 earthquake from 4 to 5 on a 7-level international scale"
http://rt.com/news/races-restore-cooling-plant/
> A recent round of phishing attacks targeting customers of Bank of America and PayPal circumvent fraud protections built in to the Mozilla Firefox and Google Chrome browsers by attaching an HTML file to the spam email.
Do these phishing attacks work on the Mac or Linux, or with scripting disabled in your email application and can I have a link to a working demo ?
"Our own infrastructure is routinely and independently tested and we are confident that it is robust,"
"We are working with industry experts including the card processing companies to identify possible causes both inside and outside the control of CRC."
Does that mean the Credit Card data is stored in an encrypted form and is never transmitted across a network in the clear and that all end-to-end transactions are fully and irrevocable audited. Cause if none of this applies then the above robust statements are just so much arse-covering waffle.
“Vulnerabilities in websites make it all too easy for hackers to tamper with the content "
No, it's badly written applications that make it easy ...
> Maakaroun said. "To stop this from happening, it is vital that organisations take a more proactive approach to their security by continually scanning for web vulnerabilities which hackers find relatively easy to exploit.”
How about storing the student data on a separate encrypted system not accessible directly from the Internet. Oh, and requiring authentication before allowing access, and implementing a second system to provide a full audit against the first.
> F-Secure has apologised for the problem, which only affected users of its Mac security software. Windows- and Linux-based users of anti-virus packages from F-Secure were unaffected by the problem ..
Cause we don't ever install it, relying instead on making the core OS readonly, and not downloading executable code over the Intertubes ...
> Such false alert problems are all too common to Windows users .. Developers of security software for Macs aren't stuck with this problem ..
I fail to see the logic of those two statements. AV for Windows works just the same on the Mac platform, as in they both search system files and perform a pattern match on a very long list of known signatures. The mathematical odds of false-positives are quite high ..
> Trying out IE9 as default browser for a couple of days, and so far very impressed - memory footprint is a fraction of firefox's and all appears to be working very smoothly.
I don't usually use Windows so can't really comment and IE9 won't run on the hobbiest Linux desktop. I have tried the latest Firefox 4.0 version that runs as a PortableApp on Windows. It's responce is equivilent to Chrome, IE alwas seems a little sluggish ..
> McAfee has an installed base of over 300 million endpoints, and has amassed 500 patents as it built its products and the systems that keep its security products in step with malware.
How about designing computers that don't ever run malware. Keeping an ever growing whitelist of malware is bound to fail.
> Wind River has 200 OEM partners, and they crank out about a billion new devices a year. That's a lot of McAfee licenses ..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
