Email address displayed?
Of course, no email client would ever hide the email address of the sender, would they? That would be inviting impersonation.
50 publicly visible posts • joined 6 Jan 2019
If a business has 24/7 IT requirements it needs to employ people on shifts 24/7. Or at least pay somebody to be on call.
Expecting employees who are paid for 38 hours a week (standard Australian work hours) to respond to work issues 24/7 is absolutely unreasonable in any circumstances.
People on high salaries, well over AUD 100,000 may be an exception to this.
FM (VHF) does not have the frequency or coverage to be useful for emergencies. I doubt that DAB+ would cut the mustard either.
AM (medium wave/MF) can propagate hundreds of kilometres in the right conditions, over hills and down valleys. The Australian Broadcasting Corporation (ABC) uses this for emergency broadcasts when required, or predominantly talk radio the rest of the time.
If you live in a bushfire or flood prone area it is essential to have a battery powered AM radio. The second service to usually fail is the cellular network and internet, right after the power fails.
The whole model of developing and supporting software is broken.
The fact is that as soon as someone can write an application which uses some other piece of software, that other piece of software (the platform) will be used indefinitely. Look at the number of mainframe systems written for the IBM/360 which are still in use, some of which no longer have any source code. The cost of changing the system to run on a new platform is prohibitive for most businesses, even though they may be using a platform which has known security holes.
We need a model of software development and support which acknowledges this, not denies it.
This is a whole of industry problem, not just a Microsoft one.
This EU law will create unwanted consequences.
If Google's spyware, er, Chrome, runs on the iPhone then web developers will develop apps which only work with Chrome. I know they really want to.
I don't run Chrome because I don't trust Google. I don't use their search engine either except as a last resort. I don't want to be forced to use Chrome because it is the only way to access apps which I use.
My first computer was an Exidy Sorcerer. This little known computer was Z80 based, supported full ASCII and, by using RAM chips for the top 128 characters of the character generator, supported programmable graphics.
It was possible to add an S100 (bus) controller via a proprietary expansion connector, and the computer ran CP/M very successfully with the addition of floppy disks. The original, of course, used a cassette interface to record programs and data.
It supported plug-in ROM packs with software, using 8 track cartridge shells which were cheap at the time. While the design limit for RAM was 32K, it was possible to expand to 48K by piggy backing an extra row of RAM chips and connecting the right address lines. Ah, the things I got up to in my younger years!
Exidy was an arcade games manufacturer and didn't know how to market the Sorcerer. Dick Smith in Australia sold more than Exidy did in the US.
Both Apple and Google charge 30% commission in their app stores, including for in-app purchases. That is simply way too much.
If they charged something closer to 10% then maybe these lawsuits wouldn't occur.
Spotify are however another tech monopoly. Not any better than the others. They pay tiny fees to the original artists whose material they stream.
I just use AirPrint, which is well supported by both my old Canon and current HP all-in-one printers. I used the HP iPhone app to get the printer connected to the home WiFi, but after that no special software is required.
All printer and scanner functions work correctly (duplex, scan quality, etc).
Anyone on the home network can print, and it's wireless (except the power cable)!
Digital certificates and TLS/HTTPS offer two benefits.
1. Traffic is encrypted between yourself and the web server. Only the web server can read your input and only your browser can read the result.
2. Both the client and server are authenticated to each other. This means that if you connect to "https://example.com" then you can be certain that you are in fact connecting to the web server owned by the owner of "example.com" and not some random interloper (a banking site impersonator?) which is intercepting your traffic. This matters, especially for financial sites which lets face it is almost everything nowadays.
For this trust to work, you must be able to trust the "root certificate authority (CA) server". Provided the root CA server is trusted, then all other CAs and certificates down the chain are trustworthy by design.
This is why it is so important that internet software companies, and end users, are able to remove trust from ANY CA server if it is found to be compromised.
The proposed EU law prevents this, making it impossible to trust certificates, and therefore impossible to trust anything on the internet.
Last time I looked, at least one EU member was not a true democracy, and another EU member has only just had democracy restored. You cannot trust a state just because it is a member of the EU.
America and other Western countries are dreaming if they think they can delay China by more than a few years.
China spends more on science and technology than any other country in the world, by quite a long way. The West may have the best chip manufacturing technology today, but it will surely be surpassed.
China also takes a long view, not the short termism that Western governments are hamstrung by.
I’m waiting for all the Fandroids who have been cheering this on to ditch their device and buy a new Apple phone with USB-C. They were all saying “I don’t buy Apple because they use lightening”.
Or will hell freeze over first?
I’ve never had a problem with a lightening connector, though one cable wore out, replaced with a spare I already had. I’ve used the same charger for all my devices for years.
I guess there will never be a USB-D as they would need to get the EU to update their laws first.
Precisely. I don't and never have used Chrome. I do not trust Google with my data and try to minimise the use of Google services accordingly. Half the Google ads I see are for scam products.
If native apps go away then we would be in the same situation as in the 2000s, where you in practise had to use IE, only this time it will be Chrome.
I prefer Safari as it protects my identity when I am browsing the web. You have the choice to buy an Android phone if you want to use something that has a different browser engine.
The EU is barking up the wrong tree with this one.
Retrenching someone who is 60 is the height of cruelty, unless it is for misconduct.
Realistically he will have very little chance of getting a new job of similar value. An action like this could result in him retiring into poverty rather than having a comfortable retirement.
We need to demand better of companies!
I used to manage certificate services for my then employer, and as I gained skills became aware of how absolutely critical they are to modern IT security. Including the bit that clients must always fully validate any certificate they receive.
Yet knowledge of this technology is known to so few systems admins and application developers.
No wonder practical IT systems, including big name ones, still contain so many security holes.
Just think, if the EU had brought this in in 2009, when they started considering it, they would have specified an original USB connector, or maybe the round Nokia connector.
In 10 year’s time I’m sure USB-C will look just as dated.
For years now I’ve charged all my devices with a single Apple charger. I just swap cables if I need to charge a non Apple device.
In short, this is a really bad idea which solves a non-problem.
This case was covered today in the Sydney Morning Herald. It is actually a straightforward extension of existing precedent in defamation law, and so is quite robust from a legal standing.
The High Court has determined that an organisation which publishes pages on Facebook are also publishers of associated comments, from a legal perspective. Note that the publisher is not the same as the author.
The judgement isn't about the defamation per se.
Personally I think it is time that social media platforms were required to identify the posters behind the vile comments that some seem to think are acceptable so that they can be sued directly. But that is a different issue.
I'd refine that slightly. An OS consists of a kernel and a standardised operating environment that application programs can assume will exist and make use of. So this may include a shell and will almost certainly include a set of libraries and utility programs. Some of the environment may be optional, for instance the X window system and associated libraries is an optional component of the Linux OS. An application which needs a GUI will use X but not all applications may need a GUI.
The utilities/libraries in an OS do not have to be exclusive to that OS, they may be used on a number of different operating systems.
Indeed. It would be straightforward to use this technique to match photos against a hash database of, say, faces of people that a government doesn't like instead of a database of CSAM hashes.
The technical details really are irrelevant. It is the fact that Apple will scan your photo library at all which is the issue.
The fact is though that both enterprise network equipment and modern kernels are massively optimised for TCP.
In a LAN environment, NFS was originally written on UDP. Some time later, NFS over TCP was defined, but the TCP overhead made it slower. However, for at least the last 10 years storage vendors have strongly recommended NFS over TCP for performance. The difference is kernel support on both server and client.
In the WAN, if you control both end points there are devices which will optimise TCP to radically increase performance, even with high latency. This means that you can use standard applications such as SFTP to transfer data efficiently between continents. As these devices work by managing error correction it is hard to see how they would work if that were done at the application layer.
I can see the advantage of including encryption as a tier 1 protocol feature though. If TCP were designed today it would surely have that.
I find ACIC's comment that cryptographic apps on the internet are almost exclusively used by criminals to be criminally wrong!
Any time you use a web site with "HTTPS" you are using a cryptographic application. And almost all web sites (including El Reg) do that. Any that still use plain old HTTP cannot be trusted!
I use encrypted chat apps, because I value my privacy. I have yet to do anything criminal with them. Same for my friends and associates.
If the government breaks cryptography by forcing the use of back doors we will all lose!
The last smartphone I owned with a replaceable battery (a low end phone used for travel) had a woeful life. It couldn't even get through a morning without wanting the charger. I never even bothered trying to buy a replacement battery.
Even the last low end travel phone I bought had a non-replaceable battery. And could almost make it from morning to evening!
It's pretty simple. A replaceable battery is more than twice the volume of a non-replaceable one, as it must have a hard plastic case in order to be safely handled by a non-technical customer.
People prefer smaller phones to replaceable batteries.
Apple worked this out years ago. As usual, everyone complained, but then the other vendors quietly started doing the same, to gain the same advantage. It doesn't cost all that much to get Apple to replace your battery, relative to the price of the phone.
The non-replaceable batteries also save all that hard plastic which would otherwise go to landfill.
Indeed. Most of these apps are free to download and install, and only start charging you once you actually use them. Games in particular are notorious for enticing you in for free, then having to purchase things to actually progress in the game.
If Apple can't make a margin from in-app purchases then its platform would not be viable.
In a corporate environment this is a hard to solve problem.
At home I patch now and ask questions later, as is best practice.
But in my last employer they were dependent on software by vendors who did not get computer security at all. And some of them are big names in the field. We were forced to run versions of MacOS and others that we knew were insecure as a result.
Then there’s Windows and Active Directory. Do they support dictionary checking passwords out of the box now? If not, why not?