gah, my head
this week's Queen-infused rundown
I've now got A Kind Of Magic and Another One Bites The Dust playing in my head. And Flash too since it seems apt.
But I'm not sure why I also have Killer Queen mixed in there as well.
2354 publicly visible posts • joined 23 Feb 2011
You can have more than one Domain Name System, there are other DNS systems out there, just not many people use them. Hell, having an /etc/hosts with hardcoded host:IP mappings is a local alternative DNS system.
There is absolutely no technical reason another large, powerful body couldn't set up their own alternative DNS system, say the EU, or a body formed specifically for this purpose, e.g. the BRIC countries gathering together to do it, or even a purely commercial cartel such as big (or a shedload of small to medium ones) IT companies banding together to do it. You'd just need enough mass behind it to make it effective.
There are political ramifications to it though.
If @Matt 83's explanation is accurate, then it isn't exposing you to POODLE as far as I can tell. For POODLE to work, the communications between the client and across a network (usually through a routing device or at the destination site) have to be downgraded to SSL3 or earlier, with the attack occurring on that part of the comms that is at SSL3.
For starters, this is downgrading the connection to TLS1, not SSL3, and as @Matt 83 questioned, is the downgrade along the entire client <-> server communications path, or is it only between the local client browser and the local proxy, where the proxy communicates with the destination site via newer TLS versions? e.g.:
browser <-> TLS1 <-> local (same device as browser) proxy <-> TLS 2+ <-> network
But we don't have enough information, at least from this article, to know. But even then, POODLE requires SSL3 as far as my brief research has found, and, since no citations on POODLE affecting TLS1 were provided, brief is as far as I'll go.
I agree and upvoted for the first statement.
However, I do not believe the second statement is accurate. As far as I can tell in my admittedly non-expert - vague would be more appropriate - understanding, this is not a Meltdown-equivalent or similar attack.
These attacks seem to be more Spectre-equivalent attacks.
Which is not to say that they aren't, potentially, serious.
The thing is, the only lawyering way out of it would be to clarify the exact number of Australian Citizens affected, and influence the payout amount. 300k is an estimate. So they might be able to get this number reduced (perhaps significantly).
But the rest of it? Most of the rest is indisputable fact. Facebook, while disclaiming liability, has admitted to most of the facts around Cambridge Analytica, Dr. Kogan, etc. in the various commissions it's been dragged in front of. Not to mention there are multiple fines that have already been levied by the ICO, FCC/FTC (I forget which one had), and so on.
The evidence is out there and incontrovertible.
Will they have to pay £266b? Of course not. It's likely to be something like $1k per person, which is still $3b (assuming their lawyering doesn't get this number of affected people down), or $5k per, or $100 per.
We can all hope it'll be big, say in the (low) 10's of billions, but that's the best we could hope for, and even that is far-fetched, more likely at the $1k per end.
Firstly, there isn't enough money in the world to pay off all the spiders.
Secondly, if we could do that, without the spiders, the snakes would fill the vacuum and take over.
Thirdly, the sea snakes would migrate to the land to help the land snakes, thus allowing box jellyfish to spread around all the costs, rather than just the northern quarter.
Fourthly, the box jellyfish swarming all the coasts would chase the white pointers away, which would allow the salt-water crocs (whose hide is too thick for the stingers) to multiply, making the coastal waterways man-traps.
Fifthly, this'd also free the drop-bears and bunyips, and nobody would be safe if they were given free rein.
And finally, most horrifically of all, if the bunyips and drop-bears were allowed to rampage, the Aussie politicians would flee to the rest of the world (leaving everyone else behind to distract the bunyips long enough for them to escape). You think having no immunity to COVID-19 is bad? Wait until you get exposed to Aussie politicians. Cats and dogs living together would be the least of it.
It's a shame that "industry-leading" is just a fluffy-sounding name for "we're actually a completely amoral company headed by a psychopath who wouldn't think twice about selling his/her kids to the highest bidder. So you're privacy concerns have got no fucking chance mate!"
We are the industry leaders in amorality, sociopathic executives and not giving a fuck about you, our valuable products.
I would hardly call Google Search, Chrome, or Android open source.
In addition to @deive's reply, which points out that upstream Chrome (Chromium) and Android's AOSP are Open Source, most of those web sites that are accessed by Chrome and whose content is indexed in Google search engines is run on Open Source webservers (Nginx, Apache to name the primary ones) runnning mostly on Open Source operating systems - Linux and the BSDs.
Most of the server-side systems run on Open Source webservers, operating systems, databases, directory servers and so on. Most of the shop-fronts backends use open source - or open source derived - database engines.
In fact TheReg's own 'Under the hood' link in the site footer states in part:
Your requests are served by a few Debian GNU/Linux servers, running nginx and Apache.All our web applications (search, forums, whitepapers, etc) are written using mod_perl and connect to MySQL or PostgreSQL databases.
Android itself runs on top of Linux - an Open Source project, without the Linux kernel in there there would be no Android as it is today.
The Chinese (EMUI, MIUI) and Korean (Tizen) mobile operating systems being developed as alternatives to Android are Linux-based.
Most of the network infrastructure these packest are being delivered by run on Open Source. Most home routers/modems/AP's run Linux, as do most of the CDN's (Cloudfare, etc.) that cache and deliver the content you are viewing. Even many of the Enterprise appliances are running Linux or a BSD, SSL accelerators, reverse proxies, 'white box' routers and other software defined network devices, ESB devices, the list goes on.
But this only has to happen once, on one machine, anywhere in the world. Doing this the once, even on their own perfectly legally purchased kit, will now give them the global master key to unlock the local platform keys for every intel computer of the last several generations.
Once this global master key is unlocked, then they may be able to remotely attack other intel computers, at least that's how I read it.
As the crow flies, it is only ~10km away from Canberra's airport. Technically it's an international airport, but the international traffic is fuck-all. It is the major regional airport for about ~500k people (~400k in the city of Canberra, and another ~100k from surrounding towns/small cities).
The problem usually isn't the random developers in the dev teams.
It's usually the senior, 'bored' developers who get "executive capture". That is, they get in the ear of the executive (CIO's etc), reinforce the de riguer keywords being dropped by vendors and Gartner et al., because they want some new shiny to play with.
Then you get the CIO's and other senior managers pushing it because they think that's the way to go. No research papers about the organisations needs, just 'parables' and examples of how well its worked in totally unrelated industries (anyone else have Agile consultants come in and use Toyota - a completely unrelated industry to mine at least - as a reference/case-study?). No rigorous cost-benefit analysis of the effect on the organisation.
It happened with 'agile' and 'cloud' too. Senior management taking it on gospel that it is the way the world is going.
And it'll happen again, AI looks like the thing being pushed now, and I expect it'll be quantum computing in a decade or so.
Capitalism depends on competition to limit power, and therefore abuse. It makes a virtue of profit seeking by allowing companies to compete in any market. If one pharma refuses to sell a cure expecting instead to sell a temporary remedy, there is nothing preventing another pharma from pursuing that profit by making its own cure.
Well there is, patents.
If a company discovers a drug and patents it, but it'll cure something that they get more money from treating, then they may very well decide not to commercialise their patent, or charge such excessive fees for it - far beyond the costs - so that very few can afford it. And while that patent lasts, no other company can compete with them. That's the whole point of a patent.
There have been recent (as in the last 2 or 3 years) documented - it's being investigated for antitrust currently in the US - cases of pharmaceutical companies paying other companies to not produce drugs that have gone out of patent so that the original patent holder, the one paying the 'bribe', can continue on with their monopoly.
I'd suggest the best place to look would be at pharmaceutical patents, since some of the world's biggest pharma companies are UK-based.
How much of that did the inventors, that is, the natural persons, the researchers, scientists, the university staff where most of the actual novel research occurred, get out of those? I'm sure the corporations and the executives at those corporations made a killing, but the actual people who did the actual inventive work?
What is this bog roll obsession?
Two reasons IMO:
1) It doesn't go off, so if the apocalypse doesn't happen, you don't have to buy bog paper for a while as you go through the hoard, you don't lose anything (such as going-off food) by stockpiling it if it wasn't necessary;
2) people are squeamish about bodily functions, they often seem to lose common sense when it comes to piss and poo, so they stock up on bog-paper to avoid that squeamishness. I once had someone who pee'd their pants when the toilet at home was occupied (and they arrived home absolutely bursting to take a piss) rather than just going into the shower or bathtub or laundry sink and pissing there or on the grass in the back yard behind a bush or something. Hell, worst case, it's only piss, piss on the cement of the verandah and hose it down afterwards. All better options than pissing their pants.
Better hope that you're one of the 81% with only "mild" (whatever those are!) symptoms.
Rumack: Extremely serious. It starts with a slight fever and dryness of the throat. When the virus penetrates the red blood cells, the victim becomes dizzy, begins to experience an itchy rash, then the poison goes to work on the central nervous system, severe muscle spasms followed by the inevitable drooling.
[Oveur does all of the above as Rumack describes each one]
Rumack: At this point, the entire digestive system collapses accompanied by uncontrollable flatulence
[Oveur begins to fart uncontrollably]
Rumack: Until finally, the poor bastard is reduced to a quivering wasted piece of jelly.
Just because the test itself costs, say, $100, is irrelevant if the entire experience of going to the hospital to get tested for COVID-19 costs $3k - travel, admissions, testing for other things, taking up a bed for a few hours, etc. In that case, the cost of being tested for COVID-19 is the $3k (or more) cost of the total hospital visit.
And Sony classically on the PS3 where an update removed Linux capability.
And Sonos (though maybe they backed down a bit?) where they are making older speakers incompatible with newer ones.
And Google/Nest where they bricked older devices.
And Apple with their iPhone-throttling iOS updates.
And the list goes on.
3.) The kids need to learn that mummy and daddy can be away from them. Otherwise separation anxiety ensues later. Helicopter parents do no good for their kids.The reverse is also true, that is, parents have to get over separation anxiety from their children. Which having a remotely accessible monitor isn't going to do.
If you notice the icon, and read the post in relation to @Dan 55's post, the reply is more playing with the fact that @Dan 55 used 16Gb and 512Gb, which is Gigabits, for a notebook, a Pixelbook, which translated into GigaBytes is 2GB and 64GB. Whereas they probably meant - but typo'ed - 16GB and 512GB.
And further to this, if these batteries can be charged in minutes, with the 10's of thousands recharge cycles, then the required battery range of many commuter vehicles could be reduced, due to being able to charge it in minutes, and a smaller battery even less minutes, thus reducing the size and weight of batteries required on the vehicles, thus improving vehicle efficiency (less weight to push around).
This would apply for the vast majority of vehicles that never leave the cities or diverge from major highways. But it doesn't really apply to vehicles that need a long range, that tend to travel more remote routes that have less access to recharge points, e.g. 'outback' travel to remote towns/cities/farms/science stations, etc.
Maybe it's "working as intended"?
There have been cases of apps being able to listen for specific signals from broadcast TV, mostly used for marketing/advertising/profiling purposes. So perhaps this is an intended capability of the device for use in those types of situations?
And kids today aren't smart enough to wear masks that cover their face & hairBut if they cover their face, how are they going to unlock their phone to record the prank so they can post it on Facbeook, Youtube and all the other social media outlets they use? And they need to have their face seen in the video of the prank to prove that they did it.
I'd think Nokia would be an interesting purchase for those companies trying to break Qualcomm's stranglehold. Apple, Samsung, even Intel (though they sold their 5g modem interests to Apple already I believe?) just to get their hands on Nokia's 5G patents to use to battle Qualcomm and its predatory 5G patent licensing strategy around modems and related technologies.
If you really want, you can set it up to create a new value on every reboot.
Although, it seems it is only strictly necessary to reboot on changing the /etc/machine-id if you use D-Bus (if you use systemd, you are using d-bus) because d-bus uses it as a machine identifier (duh!) for the bus on the local machine for IPC (Inter-Process Communication).
Oh my god, how about a plugin that can share ID's with other random users? Therefore when an ID is created on a browser, it gets put into a central or shared ID pool, which the plugin can then randomly pull from. Therefore each request sends a different pre-existing random ID of another user.
That'll pollute their tracking data.
Since Opera are the proxy operators, Opera will still get all the data they want from the proxy server. So the browser sends unique ID, referer and user-agent strings to the proxy, which Opera can then pick up from the proxy before stripping off for forwarding onto the destination site. And, since it's Opera's proxy, they can customise it how they want, therefore any extra HTTP header information in Opera requests (the aforementioned unique IDs, referers, user-agent, etc.) might not get stripped by the proxy, they could still be forwarded to the eventual recipient, perhaps even conditionally based on contracts Opera could have with certain end-points. Just because you are using 'a' proxy, doesn't mean that it is stripping off everything you'd expect an impartial 3rd-party proxy provider using unmodified open source software (e.g. squid) to do.
I'm not saying that Opera are doing this, I'm saying that relying on a proxy (or even VPN) operated by the browser vendor to prevent the browser vendor from getting this extra information from their own browser is, well, crazy.
In this case (mostly), 'more' requests == more granular data.
For example, where they said edge sent every keystroke typed into the address bar. Which means it gets even aborted (deleted/corrected) typed in data.
e.g. pornhub^H^H^H^H^H^H^Htheregiser
Since edge sends every keystroke, Microsoft will know that you were at least considering going to pornhub, then changed your mind and decided to go to the register instead.
Of course, they could have still sent all that information as a single 'bundle' of information, but the generality is that usually more frequent data transmission is more granular data.
Not if you self-tattoo. Tattoo equipment (at its most basic a toothpick and a source of ink, like a ballpoint pen) isn't exactly restricted or hard-to-get equipment. I had a friend that had a professional tattoo 'gun' and needles at home. And this is just some characters that any unskilled, unartistic person (like me!) could do, not artwork (well, unless you wanted to also implement steganography).
... they only have 'theories' ...I'll just quote the perfectly clear and simple wikipedia entry on what a theory is as opposed to your completely ignorant interpretation (emphasis mine):
In modern science, the term "theory" refers to scientific theories, a well-confirmed type of explanation of nature, made in a way consistent with scientific method, and fulfilling the criteria required by modern science. Such theories are described in such a way that scientific tests should be able to provide empirical support for, or empirically contradict ("falsify") it. Scientific theories are the most reliable, rigorous, and comprehensive form of scientific knowledge, in contrast to more common uses of the word "theory" that imply that something is unproven or speculative (which in formal terms is better characterized by the word hypothesis). Scientific theories are distinguished from hypotheses, which are individual empirically testable conjectures, and from scientific laws, which are descriptive accounts of the way nature behaves under certain conditions.
Perhaps the original phrase was in terms of percent rather than overall numbers.If that was the case, I would have expected different phrasing, like "a small proportion" or "a small percentage". To me, at least, a "small number" is referring to absolute quantity terms, not relative proportions.
In what way is it time consuiming? It takes just as long to buy an AMD based PC as an Intel one, ditto installing Windows, apps, etc. Other than creating a new master image with the required drivers I don't see what is different and you would need to do that for a new range of Intel based PCs anyway.It's a little more complex than that at a large enterprise.
New hardware means new drivers as you pointed out, which is for all intents and purposes a new O/S from a SOE (Standard Operating Environment) point of view. You have to build a new SOE (master O/S image with drivers and other required software). As part of building that new SOE, all the apps used by the enterprise will have to be certified for the new SOE - will third-party vendors support that software on a non-intel PC - that's not as silly as it sounds in the Enterprise, paid support space. They also have to support the new SOE. There will be different support processes (i.e. different error messages that will need new or updated support flowcharts, documentation, wiki entries, etc. for the non-technical frontline helpdesky people). New hardware to support, so instead of having 30k desktop of poduct X that all use the same BIOS/UEFI firmware images, drivers, installation routines, patches, etc., now they could have 20k product X and 10k product Y that also has to have the same effort put in (i.e. rather than effort X, it's now effort X + effort Y).
You are right in saying it is no different when doing a major desktop replacement, going between generations, where you'll have a desktop replacement program and for a year or two you'd have to support both as the migration progresses. But those are usually planned and budgeted process. The issue here is that this is an unplanned, un-budgeted situation. This could be happening mid-cycle, i.e. they expected (and budgeted for) only be supporting X, but because of the chip shortages they can't get any more (or enough) system X's for their current needs, so if they want to have enough desktops, they have to get system Y at a time in their budgeting cycle they hadn't budgeted to have to support two systems, so they might have to support 25k X's and 5k Y's, each of which take the same SOE-building and certification effort.
Or, even worse, they already were in the middle of a desktop replacement cycle, having to support (Intel) X and Y systems, but they are unable to get enough Y's to finish the migration, or enough X's to offset the Y deficit, therefore they now have to get (AMD) Z's to create a 3rd SOE and use Z's to complete the replacement of their outdated X systems. So now during their aborted Y migration, where they've had to substitute unfilled Y orders for Z's, they might have to be support 10k unreplaced X's which are being replaced by Z's, 15k Y's which they can't get any more of, and 5k Z's (whilch will eventually be 15k once all remaining X's have been replaced with Z's). So they've had to build an additional SOE on top of what they budgeted ($100k+, possibly way more) plus support three, rather than 2, SOEs during this transition. Which means instead of supporting just one SOE/firmware system for the 3 years between cycles when the replacement is completed to the beginning of the next replacement cycle, i.e. just Y, they now have to support Y and Z for the rest of the 3-year cycle until they can do a full refresh of only 1 type of platform - during which time they'd again have to support 3 SOEs until they'd done a refresh of Y+Z with a single new type of system.
When you are talking large corporations, thousands, tens of thousands, hundreds of thousands of desktops, it's a bit different then just going down to the local computer store, ordering 20 computers to pickup next week, and replacing all 20 of your business computers in one weekend with a single office IT nerd instead of a dedicated IT team doing all the work ...