Re: It was a reused prop...
"I like the round things"
276 publicly visible posts • joined 4 Feb 2015
manufacturers who have not traditionally had experience in application development will be tasked with creating and maintaining secure software stacks
The lack of experience isn't the issue. Any experienced software engineer will tell you that all the common problems in software have been solved, and it's not a good idea to start re-inventing the wheel (even though it does still happen far too often).
No-one in their right mind is going to write their own uPNP library if there's an existing one already out there, especially one that has been pounded on by a lot more people than in your testing team, and used in situations that you never thought of. Most of those obscure edge and corner case bugs have been found and fixed, and many of the security holes plugged.
But not all. So when some more bugs are fixed, you need to update the software that uses the library (if it's statically linked), or update the library file itself (if it's dynamically linked).
It's a decent updating process that's needed - the IoT equivalent of "Patch Tuesday" for the Windows world. That, of course, has to be fed by updated code from the manufacturers, and that is the biggest challenge of all.
Hardware manufacturers don't have a great reputation for producing good software in the first place, but they have a truly terrible reputation for updating it afterwards.
We're also a little bemused by the fact Windows Server 2003 makes Uncle Sam's lists, but other versions of Windows Server do not
This might actually be 64 bit XP systems. They would report a 5.2 kernel, which the stats tracking might be mapping to Server 2003. What was marketed as 64 bit XP was basically 64 bit Server 2003 with the Themes service set to auto-start.
There's no "actual" money anywhere these days, and in practical terms there hasn't been since bartering ended.
A £10 note is only "worth" £10 because everyone agrees it is. In reality, it's a bit of paper with almost zero intrinsic value. You can't eat it or drink it, and if you burn it to keep warm, it won't last very long at all.
The new crypto-currencies aren't that different really. Their worth is in what everyone agrees they're worth.
you should have no way of knowing if those clients had recycled passwords... Unless you're telling us you store passwords in plaintext?
If the compromised web host leak included email / password pairs, anyone can see if one of their own customers is reusing passwords, even if they themselves only store hashed passwords. You simply need to put the leaked password through your hashing algorithm, and see if you get the same hash as you have for that email address.
My only small niggle is that the foot rest is just a little too high for my taste. I’ve noticed this on a few French cars. Are the French getting shorter?
It's more likely that the foot rest is positioned so that it's reasonably comfortable for both genders, bearing in mind that women tend to be a good few inches shorter than men.
Personally, I think it would be naïve not to assume that they have every SSL certificate issued by every US-based certificate authority. Why go to the bother of trying to find weaknesses in encryption algorithms when one NSL gets you all the keys anyway?
Yes, there's much more to encrypted communication than SSL. But someone who thinks that a gold padlock at the end of the address bar protects them from Five-Eyes is living in a fantasy world.
The "if I was a permie" implies you're a contractor, and generating revenue by selling your services. If you are billing VAT registered companies, the VAT you "collect" is simply claimed back by the company paying your invoice, so the net gain to HMG is nothing.
So, using your figures, currently HMG gets 30K from you, and if you were permanent, HMG would get 30 - 35K. By my reckoning (in your specific case) they will either get the same or more money from you.
It's not a leak. If the sub-structure allocation succeeds, the goto just after it is there to skip round the free. The free is only called if the first malloc succeeds and the second fails, and in that case, you want to free *s but not the sub-structure.
Having said that, the confusion caused by a supposedly simple example of how to write good code with gotos is a shining example of why most people steer clear of them.
"The registry for example is basically a one-stop-shop for everything on the system and has no concept of restricting apps access to their own area. The entire registry is there for the taking. Likewise there's no jailing an app to its own directory or preventing it overwriting files or programs in other areas of the disk."
Log on to a default-config Windows 7 machine as a non-admin user, and try to modify files in C:\Windows\System32 or edit any registry setting in HKLM\SOFTWARE or its children. You won't be able to....
In a "normal" driving situation, a car with traction control, ABS and all that gadgetry would flip its nut if it saw the front wheels spinning at 50 mph with the rear wheels stationary, assuming a catastrophic loss of traction.
You know, people have thought of that when they design and build rolling road test rigs. The rollers for the front and rear wheels are linked, to avoid this problem.
Within days, the Check Point research team detected another instance with a different package name, but which used the same code. Check Point notified Google on 10 September and the app containing the malware was removed from Play on 15 September.
I realise that someone has to make sure this isn't just the developer of a competing app trying to cheat the system, but five days seems a very long time for a company with Google's resources.
http://www.asus.com/uk/Notebooks/ASUS_ZENBOOK_UX305/wheretobuy/
From http://rsagroup.com/rsagroup/en/home/Customer-Notice#.VfX7oJ2qpHx:
Will you be compensating your customers?
We have taken precautions to protect our customers through Cifas. No customer has reported any theft or fraudulent activity to date and we will monitor the situation going forward.
Notice how the response doesn't actually answer the question...
Perhaps El Reg should contact Louise Shield, Director of External Communications (from the PR page) and ask her direct?
...an ornithologist ... who was there to study vultures, knew next to nothing about their flight performance or how they operated in the sky
Doesn't seem odd to me. I quite often study something I know next to nothing about, so that afterwards I know something about it.
though she was an expert on their species and breeding habits
She probably got that way by studying their species and breeding habits (before moving on to study some other aspect of them).
There's a link in an El Reg article from May. See http://www.theregister.co.uk/2015/05/14/azure_overtaking_aws_for_cloud_storage/. The link to the report is at the bottom of the article.
CEIP can be disabled in the Windows Control Panel. Do these updates still send data in that case?
"The notes explain that diagnostic telemetry data is sent to settings-win.data.microsoft.com. Privacy advocates note that this is hard-coded, so blocking access via the hosts doesn't work."
Not sure I follow that. Hard-coded where? Why does hard-coding a DNS name prevent the TCP stack from using the hosts file entries as part of its name resolution process?
Those who run this global financial IT consultancy
The other approach is simply to not store any sensitive information on the device itself. All data is stored on the company's servers and accessed via VPN / RDP to a suitable terminal server. That way, if you lose the hardware, that's all you've lost.
The downside is that you need connectivity to do any useful work, but since for the vast majority of laptops, the "offsite" work is actually "at home", where there's low-cost connectivity, that usually isn't an issue.
For the road-warrior salesman it might be more of a problem, but if you consider how much information someone *needs* to take off-site, rather than how much is *convenient* to take off site, quite often it's surprisingly little.
Everyone's doing it these days. AdvancedInstaller (who, apart from the following, make a very good product), recently added "Analytics" that phones home with all the details every time you install an MSI built with their software. See http://www.advancedinstaller.com/analytics/.
If the car can't have an at fault accident then it doesn't need insurance against it.
It can still get damaged in other ways (a tree falls on it, for example), or it is stolen. Those are risks people would be willing to insure against.
As was seen recently, sometimes people just damage a nice car because... ...well, I can't really understand why, but it happens. See https://www.youtube.com/watch?v=k0vk99vhP1Q.
For the next 100 years there will be vehicles available without computer guidance. I base this on the continued existence of classic cars.
It's true they'll exist; whether they'll be driveable is another matter entirely. If (and I admit it's a big if), battery power becomes usable to the point of the convenience that we now have with liquid fuels of "add 600 miles of range in 90 seconds", it may be that the petrochemical companies don't make the fuels any more, since the demand won't be there.
See http://www.telegraph.co.uk/news/science/science-news/11805987/Inflatable-space-elevator-invented-by-scientists.html for the latest idea.
Time goes forward at a fixed rate, all the time.
The General Theory of Relativity covers how the relative motion of two observers and the gravitational fields they are in affect how the passage of time is perceived by each of them.
Start with https://en.wikipedia.org/wiki/Time_dilation
I'm certain it's not a "kernel module"
Just because the term "kernel module" is widely used to refer to packaged software used to extend the Linux OS, that doesn't mean it's the only usage.
When you're developing software that runs on multiple platforms, it's usually structured around "core" and "edge" code. Core is the stuff that can be portably developed and simply shared across all platforms, and the edge is the stuff that has to be platform specific.
For example, with Chrome, the code that parses URLs and validates SSL certificates could be "core", and the installer would be "edge".
The actual voice recognition would also be considered "core", although the means by which the audio was acquired from the microphone would be "edge".
Another term for a "core" module might be a "kernel" module, since it's in the middle of the software.
Just because it's now called a cloud, with auto-provisioning, that doesn't stop end-users doing things like:
using all the disk space*
putting business critical data on non-backed up servers
surfing to porn sites from the domain controllers
etc, etc...
It still needs managing by someone. Do you really think the commercial off-premise cloud providers don't have staff managing the systems?
* If you have some magic "expand to AWS, so we never run out of disk space" enabled, you now have a problem of running out of money when the very large bill comes in.