Posts by An0n C0w4rd 359 publicly visible posts • joined 24 Oct 2011
The assumption a lot of commentators appear to be making is that the quad-core CPU has all the cores of the same type and capabilities. Some recent ARM technology is to bundle a simpler, lower-power core which is used for basic tasks when the bigger cores aren't needed for heavy number crunching. Not sure it would make sense to have two lower-power cores.
Flip side is if BT can recoup more of their costs then high speed broadband can be rolled out to more places. If OFCOM is setting the price for LLU too low then BT have no incentive to invest as the competition will come in and not pay enough to justify the FTTC or FTTP investment.
No, I'm not saying BT should be able to charge whatever they want. However, there is a case to be made that if the prices paid to BT are too low then they have no reason to make the investment in the first place.
My exchange is FTTC enabled but my cabinet doesn't have the connection density to justify the upgrade, so I'm stuck. Something has to change, and that could include the ROI that BT get on the investment.
Of course, the fact they deployed a new cabinet as copper in the first place is just dumb
Actually, I don't understand the "20 suppliers" part. They want to split the mail service up over 20 different providers? With different mail systems? Calendar interoperability and directory services would become a nightmare. Or are they splitting the platform into different bits? Mail, directory, etc, going to different vendors? If so, who gets to host it all?
some companies buy others just for the userbase. in this case I think they want to drive more users to the facebook messaging service so they can gather more data on their users to sell to advertisers.
I don't believe the "WhatsApp will remain autonomous and operate independently," bit at all. It will be integrated into the main Facebook platform. Operating independently doesn't make any sense. The only way Facebook can justify the cost is by merging the platforms.
@ Simon Buttress
They're being hammered because of several things:
- the analysts expected better results than what was reported. this probably says more about the value of analysts than anything else. there are plenty of El Reg articles commenting on the fact that analysts are largely useless as they try to take rumours and then earn a living from telling you what to expect. honestly, if analysts knew what they were doing they'd earn a much better living off their own investment portfolio than they do as analysts.
- the future guidance was low. remember that you're commenting on what has happened. that is largely irrelevant. investors own stock because of what the future holds - in other words, they expect the stock to increase in value and that dividends, etc, keep their wallets fat. if they think that a company won't be able to deliver on growth they find acceptable they'll dump it like a hot potato. the fact that they continue to expect record growth each Q when the smartphone market is obviously approaching saturation or is already saturated is clearly unrealistic, but that doesn't stop them from punishing companies who fail to live up to the analysts expectations.
The difference is that under the GPL, they can do that to RedHat because the code is open source. Just like CentOS can ship RHEL without any fees whatsoever - they just can't call it RHEL.
Solaris isn't permissively licensed and therefore the situations are not as similar as your comment suggests.
@Denigor
There may be work behind it, and there may be justifiable ongoing running costs. However, in situations like this the product manager typically goes "what will this be worth to the end customer" and bases the price on that. Hence the spin in the e-mail about protecting your brands reputation - or in other words, is your brands reputation worth $1,350.00 a year?
I would tend to suspect that the price given to end customers "to recapture the costs of maintaining this extra level of security" are significantly higher than the actual cost of delivering the service.
MAE-West (remember that?) suffered a massive outage in the 90s from a power outage where they got the generator running but it didn't provide aircon and it fried most of the equipment in the room from the heat. Rebuilding the equipment in the facility drained most big router vendors spare parts stores for all of the USA.
(the story I heard was there was a gas leak so the fire dept. killed the power to the street, MAE-West ops people dragged the genset outside the exclusion zone, fired it up, got the NAP running again, but in the summer heat in San Jose, CA, the temps in the room quickly exceeded the operational specs for the routers and switches)
You also never EVER want your aircon on UPS, even if you could size the UPS that big. The motor load from the aircon does nasty things to the inverters in the UPS. You need the UPS sized to carry the compute load for the genset spin up time plus the clean shutdown time of the compute load if the genset fails to fire up. The 1.6 megawatt genset at my last job could spin up from complete stop to carrying load in under 5 seconds from the time it was signalled to start (or so the suppliers claimed - I don't think we set the transfer switch that aggressively)
One of the risks that is definitely NOT advertised by LASER eye surgery places is that if you later develop cataracts then the treatments are more difficult or not possible due to the LASER eye surgery. My dad was told this when he went in for cataract surgery a few years ago.
Stick with glasses or contact lenses.
According to http://bgp.he.net/AS51040#_peers the IP range is hosted on it's own BGP ASN (AS51040) which is multi-homed to 3 different providers. Their IRR record seems to indicate that they could announce their prefixes to as many as 6 upstreams.
That makes it easy to move between providers as they come under pressure to cease the connection or face the Wrath of Khan, I mean, The Music and Film Industry.
I'm somewhat amused by the IRR record that states it is for "Piratpartiet North Korea"
The fall-back system to flight strips (the "cards") will probably also fall back to manually looking up and dialling the controller you have to hand the flight over to when it runs off the end of your RADAR screen. i.e. instead of a 20% reduction in capacity it's probably closer to 50% because of the added workload.
The manual dial system is what worked for decades before all these fancy computers came in and cocked everything up.
People who don't take basic security steps, like anti-malware and anti-virus, also trend to choose dumb passwords!
Providers need to put basic checks into their systems to prevent such passwords in the first place. Just because 12345 is the combination for your luggage doesn't mean you should use it for your bank accounts!
all good things must come to an end
You forgot to justify XP as a "good thing". Familiar, yes. I'm not sure it is "good" any more.
Since it's EOL was announced support for new hardware isn't guaranteed (and I suspect a lot of new wifi dongles/cards don't support XP very well, if at all), and the less said about it's IPv6 support the better.
I've not seen any indication of hardware failure in these incidents. It's all process or software related.
When I opened a bank account with RBS in my local branch in 2003 I found their office computers were running OS/2 (the banking app that the guy was using to open the account crashed and I saw the desktop). I suspect that's because the backend was an IBM mainframe and they were using one of the proprietary IBM communication protocols. The desktops (and ATMs, which also ran OS/2 for the same reason) have all been upgraded. You can see the result of the ATM upgrades on flickr and other photo sharing sites - Windows error boxes all over the place.
The backends? To be honest I'd probably trust a 20+ year old IBM mainframe that's under a proper support contract than I would a lot of the newer gear and newer OSs.
even better, I know of places that keep the ESS systems in place so they can say there is no room in the CO and that they can't allow other carriers to locate equipment there for unbundling services.
There's also a story I heard about a non-RBOC carrier who had a switch delivered many years ago (>10), but since the order was placed they'd started moving to a packet switched architecture and wanted to cancel the order. The manufacturer refused until the carrier said they'd take it out into the middle of a field and blow it up as a statement that circuit switched telephony was dead. The manufacturer suddenly changed their minds and took the switch back. Not entirely sure I believe that story myself, but I've heard it several times.
From various people who work inside large enterprises, Cisco appears to have lost the plot quite a while ago. From personal experience, the 65xx chassis was massively underprovisioned in terms of backplane speed for the port density it provided (and this was back in 2002 when I worked at a large ISP. They haven't revised the backplane since AFAIK).
Cisco's answer? Push behaviour modules. Want your firewall in a blade? How about your IDS and IPS? Oh, and your e-mail hygiene product too!
They tried to cover up the lack of backplane bandwidth by pushing stuff that really should not be in a chassis slot in the first place. With the benefit for Cisco that they get to sell more switch chassis also!
The "cloud" companies moved off Cisco a while back, especially Google. If you take a minute to think about the way Google FS works, you'd realise why.
Encrypting the traffic by default is pointless unless you can authenticate that the system you think you are talking to is actually the system you want to talk to and not some intermediate spook system.
Mandatory encryption would therefore fail to solve the NSA "problem" because of the lack of trust in the authentication systems, i.e. the certificate authorities. They've been proven to be the weak points in the system before. And if people *don't* use authenticated certificates, then the mandatory encryption is pointless.
"I suggest you try SSL between client and server, with TLS between servers."
While that IN THEORY prevents snooping the message as it is transiting between servers:
- most MTA's do not enforce certificate chain validation of the certificate provided by the remote MTA, so spoofed, unsigned SSL certificates will generally be accepted
- that doesn't address the e-mail being stored outside your network border, which will invariably be in clear text (very few servers encrypt on disk, Lotus Notes being the only one I can think of and even then it's not on by default)
Why on earth do they need the full content of the e-mail to pull down someones Linkedin profile? Surely all they need is the header From line, and maybe the To and CC lines if they're pulling down the profile for everyone on the e-mail?
If the complete e-mails pass through the Linkedin servers, then to me, the entire system is designed backwards. The client should pull down the mail to the phone and then make a request to Linkedin to see if any of the header From/To/CC addresses are recognised. End of story.
So where are the "voluntary solutions" from the content industries to make their content more available? I recently tried to give them money for some content in HD just to find out it's not available in Europe. I could buy the stuff from Amazon in the USA and have it shipped over, but that's a risk since the MPAA love region locking crap for dubious reasons.
If they keep shooting themselves in the foot, they shouldn't be surprised when people go to "unofficial sources".
And maybe they should stop assuming that spending hundreds of millions of dollars on a single film will rake in the moolah. Make the films cheaper, and charge less for cinema tickets, DVD and Blu-Rays and see what that does for legal consumption.
However, in a series of meetings in Bali last week, China took a more conciliatory tone, indicating that it was prepared to shorten the list of products it wants excluded
What are they asking for in return for their "concessions"? I doubt very much whether they are going to reduce the list of exclusions without getting something else in return....
Not just shot once, but repeatedly.
One of the principals of Unicode is to separate the character from the representation of the character. In other words, ASCII 65 (decimal) is "A". How your system chooses to display "A" is up to the system. The character is transmitted as decimal 65 no matter what the display representation is.
Unicode promptly goes on to rubbish this ideal.
Pre-Unicode Asian fonts had "full-width" representations of ASCII characters so displays that mixed ASCII and Japanese characters kept their formatting as the characters had the same width, while the usual ASCII characters were narrower and hence broke formatting.
Unfortunately this lives on in Unicode, shattering the idea that the display of the character is independent of the code point of the character because there are now two different Unicode code points that both print out a Latin-1 "A" (and also the rest of the alphabet and numbers and punctuation). In reality, the full width "A" should not be U+FF21, it should be decimal 65 with the renderer deciding if it should be full width or not.
This has caused me more than one problem in the past with things that sometimes correctly handle the full-width and ASCII mix and sometimes don't.
I read in a different article on this subject that Samsungs outside legal council did NOT share the confidential documents directly with Samsung. What happened was that the legal council hired some 3rd party to write a report on the confidential data, and did NOT mark the report as having the same level of confidentiality as the documents it was based on, despite directly quoting the source documents. It was this report that was shared with Samsung, allegedly.
It would be good if someone could clearly state what happened, as there are several different versions of this story floating about and while it doesn't change the fact that data was shared with Samsung that should not have been shared, it might be human error (in not marking the report as confidential) rather than deliberately violating attorney privileges.
However, there is no argument - Samsung should have known that they should not have had that data, and the fact they went on and allegedly used it in contract negotiations is highly indicative of the morals and character of Samsung executives.
<quote>I love how their power/internet bills were all paid up until the 1st of October, and no suddenly since they apparently have no money to pay them, they've been shut off with no notice.</quote>
It's more secure to leave a minimalist "We're not here" website up than the full website which could get severely pwned before the muppets on Capital Hill get their act together.
There's also a ton of infrastructure behind a lot of the sites, that will probably be turned off (or at least secured from being available online) for similar reasons.
Really? Given that AHCI is a default industry standard for cheap SATA controllers to emulate (including a lot of the on-board controllers on most motherboards), I somewhat suspect that should be
"VSAN has a known issue with AHCI"
Given that the rest of the bloody planet has figured out how to work with these controllers, I somewhat suspect vmware are doing something wrong.
Data aggregrators are big targets because pwnage allows access to lots of data that would otherwise take a lot more pwned targets to find.
The fact that these places got pwned (again) is not a surprise. Humans work there, and spear phishing is a popular sport amongst miscreants and is proven (repeatedly) to be highly effective. The fact that someone, possibly one of the sysadmins if they got access to the databases, fell for it is concerning as they are in the "should know better" category.
The fact that they were pwned for months and didn't know is only mildly surprising.
These places need to learn some real security.
<quote>Indeed, plus the way they say they're sold out "today" when their next shipment will be in October (according to the article anyway).</quote>
No, the article says that orders placed online will be shipped in October. About 2am the online store was saying 7-10 days, and it's now slipped to "October", so there is (at least one) earlier batch that is already fully claimed for online sales, but presumably the physical stores will operate on a first come, first serve basis and they'll get some allocation from the earlier batch(es).
to enter my own country (the United Kingdom) at a UK border point than it is to get into Europe. Every time I've gone to Europe (France, Netherlands, Germany, ROI), the passport bod takes a cursory glance at my passport page and indicates me to move on. No RFID chip scan. No anti-counterfitting measures are checked (uv light, etc). No databases are checked.
I enter the UK and I have to stand and wait while they read the RFID chip on my passport and do whatever it is that they do in that process.
Security is fine when used appropriately, but is it really necessary to make all the UK passport holders wait through that process? Making the process more efficient and/or reducing the requirements could go a long way to helping the passport control queues by allowing staff to process the non-EU visitors instead of harassing the natives.
No idea what they all do, but the antennas are movable. Not just rotation and inclination, but between pads to alter the "focus" of the telescope. There are two (from memory) special vehicles that were used to transport the antennas up to the observatory from the assembly point (much lower down where supplemental oxygen is not needed). Once all the antennas are up there, they're used to move the antenna between pads, and presumably drag one down the hill again if it needs more than a quick fix.
That's probably a few dozen people needed to do that work.
What the others do I have no idea.
@Justicesays
a) It's the Government's secret information, so they already know it
Actually, they don't. Or more precisely, not everyone in government does. Lets consider a hypothetical situation where you are given a security clearance. That doesn't mean you instantly have access to all material classified at that level or below, it means you could be exposed to material at that level or below that is relevant to your job.
That is the entire point of compartmentalised (i.e. secret) information, you're only told on a need-to-know basis.
What has the spooks most worried is likely what the government doesn't know about what the spooks have been up to. It's been proven that the heads of the USA security services have been less than completely honest with their oversight committees and therefore with the people that authorise their expenditure and enable their function through legislation. It is not difficult to imagine that the same is true of the UK security services.
They're probably also worried about the risk to the Snoopers Charter currently being considered in the UK
aka "Dreamland"
As part of any outage which affects 911 services, US telco's have to file a report with the FCC detailing areas affected, what happened, and what the fix was
10-15 years ago Sprint filed an outage notice with the FCC detailing a DACC (from memory) that had failed. They listed one of the affected areas as "Military Base 'Area 51'"
I may still have a copy of that outage notification somewhere. Oh, it's even on the wayback machine
http://web.archive.org/web/20011217044254/www.fcc.gov/Bureaus/Engineering_Technology/Filings/Network_Outage/1999/reports/99-228.pdf
American government require a court order to read you emails, here we are talking about companies.
And there is some very interesting legal minefields in that very statement. Technically, if an employee of a company in the USA fires up tcpdump or wireshark, that COULD count as a wiretap and that COULD require a court order, even for a company. ISTR there was some law passed ~10 years ago in the USA that got some people looking a bit nervous, and AFAIK there has been no case about the law to define it's boundaries.
This came up because some customer I was working with didn't know their customers plain text passwords and wanted to fire up dsniff to pull them off the wire when they logged in to their e-mail or whatever (and no, they didn't use SSL). I told them they could do that, but I couldn't be any party to that action and had to explain why.
An interesting comment I saw buried deep in an article, I think on the Washington Post, is that members of the Intelligence Oversight committees gave up trying to get the Patriot Act amended for one very simple reason: they couldn't discuss the reasons for wanting the amendment as it relied on compartmentalised information. It's very hard to make a coherent argument for changing a law when you can't tell the people who will vote on the proposal why the amendment is needed.
The committee members have to read their intelligence briefings in a secure room and can't take any of the data out of that room.
Since all the committee does is ask questions (as I understand it they have no real authority to change anything without a vote of the full house), which makes the entire oversight process a waste of time. The only real effect of the oversight committee is that the electorate probably think that the committee is there to stop abuse of power. i.e. yet more security theatre.
Assumption: the NSA does most of it's gathering on data that transits US soil, since most data is sent via oceanic fibre it can't be sniffed off satellites or radio (yes, I'm deliberately discounting the assertion Snowden made that they've spliced beam splitters into Chinese fibres)
The obvious conclusion from that assumption is that they're probably very deliberately using a very large figure (total global Internet traffic) and figuring out what percentage of that is caught in their sniffers.
A more relevant statistic is probably the percentage of USA traffic that they capture. I suspect it's quite a bit higher than the 1.6% from their publication.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
