Posts by lostinspace

How exactly is NSO any different to any illegal hacking organisation that sells malware?

Why do NSO get some sort of legitimacy rather than being locked up in prison?

"And tell me Mr Musk, is the wolf in the room with us at the moment?"

Why are people setting up systems to generate these AI bug reports?

Do they think they are being helpful?

Is it malicious, e.g. are they trying to "denial of service" the maintainers?

I honestly don't see why people are doing this!

The CAB rules requiring revoking all the certs in 24hrs is such a disproportionate response to this. It's going to cause an immense amount of flat out work for all the admins of sites and cause untold amounts of outages and lost transactions for users of these certs. This is different to the CrowdStrike cockup because they haven't accidentally revoked all the certs, the 24hr requirement could be longer.

Shouting about how certificates are the backbone of the internet and there must be no tolerance for error isn't helpful. Why can't there be a more proportionate response measured against the actual risk that is caused by the error? Sure, if they've issued certs with *no* domain validation then revoke them all, but for something like this really they could pay a fine to someone and revoke the certs in 14 days or something which would give everyone a lot more time to resolve this.

I pity all the admins with these certs - it's them that is being punished by this excessive response.

If you insist on using a CDN to host libraries you use, please please at least use the "integrity" attribute on your "script" element to ensure the files are what you expect

Otherwise you are basically giving the CDN owner full access to all your users data.

So to check I've got this right:

- SLS/orion will launch with the astronauts, get to the moon and go into orbit.

- Starship will launch unmanned, but carrying the moon lander.

- It will need to refuel in earth orbit then fly to the moon.

- Rendezvous with Orion, astronauts transfer into it, have their jolly on the moon then launch back to moon orbit.

- Astronauts transfer back to Orion and fly home?

Is that correct? Sounds very complicated! Why can't they just have the moon lander and everything else all in one rocket like Apollo?

Using Javascript as a beginner language is fine for a while. All the curly brace languages are basically the same at a superficial level. The problem with Javascript is it's inheritance model is like no other common language. Most widely used languages have a concept of a class and an instance of that class. Javascript has a crazy prototype model, which is far more complex and hard to understand.

Python is a far better choice for a beginner.

It's hardly a crisis. Plenty of cloud services don't allow rebranding with your own domain name. Try getting your own domain name for Google docs, office 365 etc and let me know how that goes.

Could someone educate me on what exactly is required by the GPL? If you produce a system which runs Linux, and you write software which runs on that system, do you have to distribute the source code of your product?

If that's the case there must be huge numbers of systems that break the GPL. Pretty much everything now seems to run on Linux!

I got a bit lost in the detail of some of this, but I can see having more tightly limited permissions being good for extension authors. At the moment pretty much every extension I've tried to install into Chrome has warned it will have access to all my data on all webpages, at which point I hit "Cancel". So I only use a few widely used, and so hopefully more audited extensions. I'll never install some random extension I don't know about because of the amount of access they all require.

If this new manifest format limits how much access they can have, I'm far more likely to try out some unknown but useful looking extension.

I've never understood why certificates need expiry dates.

Given they can be revoked, why do you need to guess when issued how long it will need to exist for?

If the argument for expiring them is that hash and signing algorithms improve, them simply revoke the cert when it is considered sufficiently weakend by advances in cryotography.

So many outages have been caused by certificates expiring.

I'm lost, how is this NSO software/service any different to "normal" criminal malware or hacking? Why aren't these people being arrested and prosecuted?

My laptop gets updates direct from Microsoft, and it doesn't matter what the manufacturer does. Why can't Android phones be the same and get updates direct from Google? Why do I have to wait for the manufacturer to distribute updates?

Do existing satellite phones/internet not work already in China? What is new about Starlink except speed and latency? I imagine most people the Chinese government are worried about won't be trying to play games online or stream Netflix...

From their website: " The entire service is inaccessible from the public Internet"

Eh?

If you actually search github for "faggot" you get precisely 7 hits back, one of which is referring to bundles of sticks. The others are hardly big projects, they're all dead. This idea

seems a bit of an over reaction to me!

Oh for God's sake ENOUGH ALREADY. I'm not even an eco warrior and I'm finding all this anti-environmental propaganda is getting really fucking annoying. Get a new drum or go and bang this drum somewhere else. At least most stories have a vague IT related angle but the deluge of unrelated anti-environmental stories has got dull.

Can't believe no one else has posted this - http://xkcd.com/277/ !!

I really don't understand why MySQL is so popular. A a friend refers to it accurately as MyFirstDatabase. With InnoDB it just about scrapes into being a proper database, but for years with MyIASM tables it was orders of magnitiude away from competing with Oracle, certainly for high end transactional storage.

Suddenly the reason for new TLDs becomes $180,000 clearer. And what does ICANN plan to do with all this new found money?

oh for fucks sake how hard can it be. Just put the amount of data on the contract and be done with it! You gert x tetxts, y min and z data a month, and then you can use that data how you like. All this smoke and mirrors so ISPs can offer "unlimited" data is a farce.

It's hardly "CODE-BREAKING CHALLENGE CRACKED BY GOOGLE SEARCH". This whole thing is just marketing for GCHQ. There's no prize for solving it, or finding that page. Storm and teacup.

I'm confused, wasn't this invented years ago by Sun and called "Java"? Or have I missed something?

the title

This is what pisses me off, why do we need all these seperate passwords for 00s of sites?? OpenID for all the low value stuff and then a small number of secure passwords for the things that matter, along with 2factor auth, like texting a code to your phone or something.

Sure, with yahoo, google (and facebook?) providing them 35billion people now have OpenID accounts, but find me ONE site where I can use it? Even the tech sites (like El Reg) don't support it...

I'm suprised the figure is so low, I'd have thought password resuse for similar "low value" sites would be near 100%...

The title is required, and must contain letters and/or digits.

I blame the phone companies. Voicemail should be secure automatically. There should not _be_ any default PIN number. I think it is totally understandable that people didn't realise there was a PIN number set to defaults that needs changing. I just took out a new phone contract and nothing was mentioned about this at all. A random PIN can easily be sent in a text message to the phone when voicemail is first accessed.

I access my voicemail using my mobile which lets me straight in. If I lost my mobile then sure, voicemail is vunerable but I wouldn't expect anyone to be able to access it without my mobile.

The phone companies seem to have got away lightly with this, but they deserve a massive bollocking for enabling this to happen in the first place. It's their fault, not the mobile users.

Bring on the app stores!

@michael C ="What BS is this? There is no wall. US LAW prevents apple from closing the PC down, even if they wanted to, which they do not. the phone is only closed because the FCC gives carriers the right to do it, and because you do not own the phone, and because the OS is essentially inseparable from the device. PC and the OS on it ARE seperable."

Is this the same as the way that the apple lost the case against the iphone devteam? i.e. there is no obligation on Apple to open the iPhone to 3rd party app stores (or enable sideloading to use an Android term), but people are entitled to jailbreak the device IF THEY CAN? i.e. a Mac out the box would be locked to the Apple App Store, but tech savy people could jailbreak it? Because the vast majority of people are never going to jailbreak their phone/PC.

@Stephen Booth - It's not the device manufacturer that matters, it's the OS supplier. Obviously for Apple this is the same company, but not MS. Sure, you _can_ use other App stores, but how many people are going to (a) know that, (b) bother? if one comes with the OS. Look at Android, you can install alternative app stores to Googles, but how many people do?

Personally I think app stores are great, especially for small devs/apps. Before App stores, if you wrote a cool but simple app that people would pay 50p for (but no more), how were you going to sell it for 50p? No one is going to type their credit card into an unknown website for an app that costs 50p. Now you can sell it. And make a profit.

And I think the whole PC software model needs turning on it's head. WTF is with this still requiring admin rights to install software? And shared libraries? Yeah great when disk space was expensive but not now. Every app should come with everything it needs to run (that doesn't come with the OS), be installable into User space, and sit in a sandbox so it has very restricted access to the host OS, even when installing.

The current way of installing Apps hasn't changed since PCs were invented.

indicating the sad fact that some folks

"indicating the sad fact that some folks can't be bothered to use a unique password for different sites."

Hardly, I'm probably registered on 20+ different websites for various reasons. I'll give a medal to anyone that can remember 20 different strong passwords and which one is for each site. I use different passwords for internet banking and anything that really matters. The rest all use the same. Sure, you can save the passwords in your browser but that has it's own security issues, and then you can only login from that PC.

The solution is for websites to use something like OpenID, but I've not come across a single website that uses that yet.