Kadjar
Pronounced cadger?
344 publicly visible posts • joined 6 Jul 2013
"Apologies if this is as hard to read as it feels."
It is!
It's an interesting idea though... if I managed to parse it correctly! A sort of cyber-variant of the "9 11" conspiracy theories, except plausible because:
1) You're not suggesting that the US TLAs killed thousands of Yanks. Or actually did anything at all.
2) There's no reason (other than the politicians' words - and we know what they're worth) to believe that anything at all has even happened.
If you're right, I'm not sure the motives are what you (appeared to) imply. I can't see how you'd spin this entertaining débâcle into a compelling argument to stem the apparent tide against US surveillance... "Er, you remember all that data you were making all that fuss about? Well, you'll never guess what. Some bastard's only gone and nicked it. So we're gonna have to collect it all again. All-right?" (?!)
Definitely worth keeping an eye peeled for signs of slightly more subtle / less direct motive in a similar vein. An obvious candidate that just popped in: I wonder what odds one can get for a flutter on this incidentoid, in due course of course, being "traced" to Huawei network kit...
TLS/SSL are broken by design. Both the specifications and the implementations - not the primitives - that's too time consuming. And YES! It was all done (perfectly openly) by the TLAs. That's their job. I'm astonished anyone with enough interest in this field to read the Reg and splaff into these discussions still doesn't fully understand this! It has been an open "secret" since the bloody '90s!
Here's a little titbit from this very site which you obviously must have missed: http://regmedia.co.uk/2014/05/16/0955_peter_gutmann.pdf
If still don't understand, try to find some time to read up on the history of the drafting of these protocols. It's all fully documented - how they were drafted by various boffins etc for a whatever quasi-independent committee, dutifully and openly sent off by said committee to the US government for review and special enhancement, returned obviously kludged and borked beyond belief, dutifully ratified by said committee despite a small flurry of squawking from the dismayed boffs... and you know the rest... you're commenting on the most recent instalment of the inevitable and ongoing rewards. Plenty more to come, to (again) surprise and perplex you in due course... watch this space...
"Strictly speaking true for a given value of 'foreign'."
Indeed. ...and spoken by a pair of Yanks who've based themselves in the UK and Czech Republic, it's probably safe to assume those values of "foreign" include Uruguay, Paraguay, Angola, Cuba, Tuvalu, Mongolia... and probably several others.
They WILL listen. There's a reason they're asking. Could be harvesting marketing "intelligence" for some forthcoming marketing operation. Or somesuch. I wonder if there's anything significant coming up. It's doubtless far too late to actually fix anything (even if they wanted to) except the phrasing of the press release and the lobbyists' patter..
MSFT (10th June): “we want to know more in-depth how your organization monitors Linux servers and challenges you face monitoring these Linux servers.” “We are NOT trying to sell you anything, we just want you understand your pains in this area,” ie. "Tell us what you are using now and what you don't like about it? Please? Give us a nice list please.
Sphenisciphiles: <insert list>
MSFT (29th July): Redmond® (29th July) 2015, The Microsoft™® Corporation® Inc.®, today announces Windows™ 10®, the best Windows™ ecosystem ever... ...blah, blah, blah... ...cloud... ...fully empowering gorgeous open source loveliness with the world's most scalable vertical solutions for taking Linux™ VMs to the next level leveraging Windows®™ core competency in state of the art <insert list> blah, blah, blah... best practice... open the kimono...
Not sure if it's related but I just read something of obvious public interest about a possibility that Flash Networks and Bharti Airtel are injecting JS and iframe ads into peoples web browsing at http://johndasfundas.blogspot.com/2015/06/are-airtel-and-vodafone-india-3g.html and https://www.techdirt.com/articles/20150609/06505631281/guy-reveals-airtel-secretly-inserting-javascript-gets-threatened-with-jail-criminal-copyright-infringement.shtml where it's claimed that "[A] Guy Reveals Airtel Secretly Inserting JavaScript, Gets Threatened With Jail For Criminal Copyright Infringement"
Do you think they might be the same Flash Networks and Bharti Airtel?
"Perhaps the next steps ought to be to find more efficient ways of implementing it and defining situations in which using it makes more sense... "
Here are both ways:
1) Pop your iot shit into a big foil balloon and poke your router's aerial in too.
2) Fabricate a big fractal mesh aerial for your iot shit and wrap it around your router.
As everyone else is pointing out: It's an exceptionally shit suggestion.
Sounds like an effective way to burn out some post-warranty networking tat though. I wonder which firm sponsored the study...
@VRH
Exactly. While that list of damage observed in rats was certainly impressive and alarming I'm confident that we (and the medical profession) might notice a dose of blindness and liver failure with our morning toast. So the implications are obviously being inferred ("extrapolated") from rats which must be either vastly more sensitive to AA than us or receiving significantly greater exposure. Wouldn't be "the media" if the facts weren't at least partially ignored for the sake of another good sensation.
@80sC
Not a great analogy. While the immediate toxicity of ethanol is transient, the metabolites are pretty nasty. The ethanal first stage metabolite isn't something you want scudding about and causes all sorts of damage, releasing cascades of other damaging nasties... not at all unlike AA. The genetic, neurological, etc damage resulting from both these agents is insidious and cumulative. But as VRH implied, *EVERYTHING* (absolutely, without a single exception, *EVERYTHING*) we consume is toxic AT SOME CONCENTRATION and invariably contains all manner of other compounds which are also themselves invariably toxic AT SOME CONCENTRATION. So THE POINT is: How much of these agents is necessary to cause significant (extraordinary - in it's most literal sense) damage? *ALL* this kind of dietary news shit is *ALL* *ALWAYS* a matter of thresholds. Scares like this which (deliberately?) miss THE POINT are utterly worthless and potentially damaging themselves. Let's all have a bread *SCARE* now shall we?
Shame on you El Reg.
Need a "FFS" icon --->
NSA supports Linux...
TFTFY
Don't see so much non-strategic[1] "support" for Linux from NSAFT. Do you? When do you expect "Office for Linux" to be along? lmao! Comprehensive file-format de-obfuscation? As if! Full (and FUDless) support for others' open standards and formats?... etc.. NEVER! ...but a back-doored proprietary chat app which the US splaffed $9bn to buy in specifically to pervert? Ah, well that's different. First rate "support" there. Please use this! Wouldn't want anything nasty like zphone accidentally gaining any traction, now would we?
[1] Governmental mass surveillance "strategic" interests (Skype) differing, of course, from the Microsoft Corporation's commercial monopolism "strategic" interests (Office). Can you see which of those is in play here?
Indeed. There's no security in this. It's all about marketing crap at the indolent ignorant.
Expect a tiny disclaimer to be buried somewhere near the end of the devices' manuals, where no one will ever see it, just "for legal reasons", to the effect of: Do not rely on this "security" crapware for anything requiring actual security now will you? Mmmmmmkay.
https://cansecwest.com/slides/2015/I see therefore I am - Jan Starbug.pdf
@AC
Not sure I follow your logic. Seemed to be:
"The boffins only spent their time scrutinising what is BY FAR the market leader, ignoring all the others. Therefore we should all pretend that NSA's Redmond's obscure little offering is secure"
Did I get that about right?
A sort of obscurity is security argument?
Tit.
DO NOT UPDATE your kernel!
The BUG is in "stable" while the FIX has yet to reach Linus.
DO NOT UPDATE your kernel!
It's (another) Neil Brown special in the software raid code.
It:
Only affects filesystems on software raid (md/raid0) on SSD
Probably affects other filesystems.
First appeared in a "bugfix" patch committed in April and has been percolating down through the "stable" branches.
Is the consequence of a misdirected DISCARD instruction and can be avoided by disabling discard/trim or DOWNGRADING the kernel.
DO NOT UPDATE your kernel!
Exactly what I came (clipboard loaded) to say!..
"...was in a highly distressed state..."
Well no shit plod! Was that before of after the marauding mob of armed coppers, up to twenty cars and a helicopter started chasing her about? Under the same circumstances I imagine I'd be "in a highly distressed state" too! Would you shot me? Don't answer that.
This isn't bloody Los Angeles you know.
"I genuinely think I am the only person on earth who actually likes Unity."
Not so. Although it certainly seems that way. Presumably the trolls, gremlins and honestly disgruntled simply make far more noise.
In general I like the UI too. Though I do wish they'd stop treating us all like morons and allow a bit more versility/configurability. If they really are worried about the helpdesk costs of mouth breathers borking their own UIs then why not provide an "expert" flag which toggles between "dumb" and functional modes, simply causing Unity to hide all the useful stuff from the fucktards and ignore any "expert" settings they may have (mis)set? Could be an admin-only admind flag.. part of the user profile?
Please canonical! We're not all fucktards... Shirley you can find a *simple* and *manageable* way to cater to the rest of us too?!
In an emailed statement Apple tells El Reg...
OMG! WTF? OMG! WTF? OMG! WTF? OMG! OMG! WTF? OMG! WTF? OMG! WTF? OMG! OMG! WTF? OMG! WTF? OMG! WTF? OMG! WTF? OMG! WTF? OMG! OMG! WTF? OMG! WTF? OMG! WTF? OMG! WTF? OMG! WTF? OMG! WTF? OMG! WTF? OMG! WTF? OMG! OMG! OMG! OMG! WTF? OMG! WTF? OMG! WTF? OMG! WTF? OMG! WTF? OMG! OMG! OMG! OMG! OMG! OMG! OMG!...
What the hell has happened? Has hell frozen over? Was the statement delivered by a squadron of carrier pigs? Has the Apple's Corporation Inc. finally outgrown its splendid little tantrum? Shirley not?
I feel strangely disorientated.
Help me Reg! What the hell just happened?
Cheers!
I fleetingly considered Preflight Aerial Error Detection Operation but was afraid I'd end up on the register and had to destroy my brain.
(Another Round of System Evaluation)
Why do I keep missing these? X*(
...
T his
I s
T he
L ast
I ntegrated
C omms
K ick-around
---
T his
I s
T he
F inal
E lectronic
S ystems
T est
---
T his
I s
T he
F inal
U nufied
C ommunications
K ick-around
---
m ore
m agnificent
m anoeuvres
T o
I ntensively
T est
T he
I ntegrated
E lectronics
S ystems
---
H elium
O rbiter
H asty
A ssessment of
N avigation
---
P robably ( although, arguably Certainly)
U ltimate
N avigation
T est
---
T hat
W as
A nother
T est
---
N ear
I nauguration
P reflight
P erlustration
L everaging
E lectronics
S crutiny
---
B est
E valuate
L OHAN to
G round
I nformation
A nd
N avigation
---
A erial
I nformation
R elay
B egins
A nother
G ruelling
S hakedown
..needless to say, I chose FIST (with CLARKSON close behind).
Personally I thought it was all quite miraculous!...
While undeniably quite astonishingly abysmal, considering they were taken in the dark ("hoped the low light wouldn't make pics too horrid...") every shot appears to have been taken in full sunlight! Really quite incredible. Must have been one of them newfangled Microkia/Noksoft miracle phones wot Orwellski was raving so frothily about a while ago >;)
Not sure how "Vulture South's office at top right in the red circle." managed to find its way to the extreme top left corner of that snap though.
lol
I know.. but wondered if he might have a look at some of the coverage of his story and find us that way. There might even be a commentard in the valley who knows him but doesn't know about the free dialup?
No harm in trying anyway. ;o)
Mr Ronald Dorff, Woodland Hills, San Fernando Valley, Los Angeles 91302 91303 91364 91365 91367 91371 91372 91399 better dialup internet than your AOL/AT&T is available FREE of any charge! (See above)
Poor soul is being robbed. $50 per month?? $600 per anum?!?!! For *DIALUP*?!?!??!?!!!!!!OMG!!!one
All local calls in LA are FREE
Proper (megabit) internet in LA is ~$15-20 per month
...and AOL is exploiting its poor victims to the tune of $50 every month? THAT is DISGUSTING.
There are at least THREE long established sources of FREE dialup in LA. All at least as reliable AND less intrusive than AOL.
If you're out there Mr Dorff (and haven't been frightened off the interwebs by that nasty brain eating corporate dinosaur): YOU CAN GET DIALUP ABSOLUTELY FREE. Remove ALL that apaling AOL crapware from your computer and simply enter a FREE DIALUP number into your operating system's own little dialup program. Your computer will ask you for a username and password the first time you connect and you can enter anything you like for either - they don't care - it's FREE!
Here are a few FREE local access numbers to get you started... use whichever you fancy. They should all be local to you and so completely free to use:
818-574-1010 (VAN NUYS)
818-200-1010 (NORTH HOLLYWOOD)
310-409-1010 (BEVERLY HILLS)
818-806-1010 (BRBN SNVY)
310-923-7010 (W ANGELES)
818-451-1010 (CANOGA PARK)
818-812-1010 (NORTHRIDGE)
http://www.fastfreedialup.com/free_dialup_access_numbers.html
Time for a new slogan AOL? How about this..
AOL :: We're mugging the elderly
Citation, please, along with definition of "long term"?
Really?
That will last or have an effect over a long period of time.
That is not likely to change or be solved quickly.
In the context of encryption as I used it above, I personally consider the terms of "terms" to be something in the region of
short term: >5yrs
medium term: ~5-20yrs
long term: ~20-50yrs
or thereabouts. With people often living for around a century a good argument can be made for doubling those figures but in the context of "classical" asymmetric ciphers things get a bit (even more) sketchy: I doubt you'll find *ANYONE* competent who'd recommend anything other than "well, 2kB if you must but you really should be using something symmetrical" for a 40-100 year range.
"Citation"? Is your Google broken? There are hundreds. All remarkably similar. Here's a nice succinct table from 2012 presenting NIST recommendations with all the pertinent data in one place:
http://www.arpapress.com/Volumes/Vol10Issue2/IJRRAS_10_2_16.pdf (page 7)
*EXACTLY* what PD said... and that's *EXACTLY* we're so vehemently discouraged from generating keys greater than 4kb in size, even though *EVERYONE* with any expertise in the field *AGREES* that you *NEED* a key of at least 6kb-8kb to stand any chance of attaining long term security.