Posts by Ed L

Not a good idea...

If large numbers of users were to deploy this, it would be bad news for web hosting providers and web site owners. Using SSL for everything will add significant extra processing demands in places where it is not necessary.

The bandwidth is irrelevant, encrypted data does not take up much more space than raw data. The important thing is the processing overhead. To protect the privacy of communications, we rely on modern encryption technology such as SSL without thinking about the considerable maths that needs to be performed.

More CPU power = more energy used = more heat dissipation.

This would have serious implications in a data centre with hundreds of servers hosting thousands of web sites. To serve the same number of requests, more physical computers will be required, more electricity will be consumed and more heat will have to be removed.

The bottom line is, potential massive impact on the environment, not to mention budget worries for businesses in today's economic climate.

The intentions behind this little tool are good, I wholly advocate privacy and the right to protect it. However, these concepts must be applied appropriately. It seems they might not have fully thought through the implications of such a blanket approach.

The tool should provide users with the ability to 'prefer SSL' in specific cases where they would like the additional peace of mind. It should make these choices as granular as possible, for example by targeting certain pages; targeting only pages where information is submitted (forms) and giving the option to include or not include images and other multimedia.

Apple's iPad resellers are revolting

They certainly are. I can't stand them myself, either.

Worse are the people who pay money for these products. They are truly the dregs of society!

ERROR

"if the Google cars travelled over Wi-Fi networks while one of its vehicles was in range. "

Yes, I know it is called the Information Superhighway but I must have missed the bit when Google invented cars that drive on IP networks instead of roads.

Umm... Fractions of bits?

"Currently, we estimate that your browser has a fingerprint that conveys 18.31 bits of identifying information."

Apologies if this has already been covered...

But, is anybody willing to explain how 0.31 bits can exist in a computer system?

Sounds very strange to me.

Velociraptors

Don't fly at all!

@False advertising

I'm pretty sure that every one of the adverts for broadband I have ever seen have the large words "UP TO" preceding any quote of maximum speed. Even before a bunch of fools started waving their arms in the air and shouting about 'not getting what they are paying for'.

As the sync speed achieved by each customer varies depending upon a large number of factors, what figure do you expect them to advertise?

As for voting with one's feet, BT standard ADSL connections will usually achieve the same sync speed at a premises regardless of the provider. If your ADSL speed is crap then fibre-optic might be better - but that is not comparing like for like.

As has been mentioned previously, the sync speed is at best only one factor in the overall user experience of Internet applications.

What a lot of fuss over nothing!

Show me some sex and I'll buy any kind of bear that you want me to...

Whether it's a Kodiak, Polar or Grizzly, I really am a sucker for advertising!

@C++ Can't do...

To Tempest and Shirley,

I would hasten to agree with you that using techniques like this probably are not best practice, and there is always another way of accomplishing the desired outcome. However, sometimes it makes sense as the code is so much more elegant or easier to understand than the alternative method.

Ultimately of course, anything should be achievable in any language as it all ends up as machine code instructions in the end!

I think you are right, they probably would just leave this out of HipHop for the reasons discussed above.

The optimisation (cache) side of things I had not actually considered before, but now I can see that you would probably want to work around such a method if your application is going into the big time... Thanks for your insightful comments.

"C Drive"?

When you talk about the C drive, do you actually mean the C drive?

Not all Windows installations are located on, or even are fitted with a C drive.

No, I see that you do not in fact mean the C drive.

The exploit can gain access to any Windows share. This would make any and all local partitions vulnerable where administrative shares are created (C$, D$, etc).

It is possible to use Group Policy to disable their creation, which may be implemented in some environments.

I think you should have been clearer on this point for your readers. The information you offer could well be misleading.

What are you talking about?

"a marketplace that is no longer dominated by one key player"

Which marketplace? I think it's safe to say that MS still do dominate the desktop OS market...

@Charles Manning

>Who really does backups?

Are you for real?

How about this for an answer: 'anyone who cares about keeping their data!'

Backup is the #1 essential principle of computers. I know this is preaching to the converted to most Reg readers, but obviously some fools have still not got the picture.

How stupid does one have to be, to store their entire life in an electronic box of tricks and not even think about what will happen if one day the lights don't come on? Despite the fact that one is repeatedly reminded by anybody else with a clue (as well as the "legal weasel wording" - like that one) that such an eventuality is worth at least thinking about.

As mentioned above, if these morons have the money to buy fruit-flavoured equipment in the first place, then surely they can get themselves an external hard disk, or at the very least some DVDs and a pen drive!

I have no time for these whining incompetents. If I were to meet one, they would deserve it if I were to laugh in their face!

Time zones?

"13:01 EDT (17:03 GMT)"

As far as I am aware time zones operate in increments of one hour, with the exception of some special ones which are half-an-hour. How is it that New York is 2 minutes behind the rest of the world?

Illegal to phone whilst driving?

In the UK, the law says it is illegal to operate a hand-held mobile phone whilst driving.

If it's in a cradle, there's no problem. By the same token it would probably be worth arguing in the case of phone on lap, using speaker. I don't have a problem with conversations, as long as the driver is paying attention and their driving is not impaired. Sadly, each day I observe many people whose driving is obviously degraded by something else they are trying to do. Hmm.. but that is why we already had a 'driving without due care and attention' offence in law.

So the survey might have revealed that 25-29% of drivers admit to taking phone calls behind the wheel, but we don't know how many of these do so perfectly legally as they have a handsfree/headset. I wonder if the survey asked how many people use such a solution? Personally, I think there is no excuse for not using one. All phones are supplied with a headset, and cradles can be picked up for peanuts!

Whatever the law says, and whether one is technically breaking it or not, to do something obviously distracting such as tweeting or browsing the web whilst driving definitely nominates the perpetrator for a Darwin award! It's unfortrunate though, that in many cases one person's stupidity when driving results in pain for others.

Jaffa Cakes

Good to see that Mindlab included Jaffa Cakes for comparison. Although technically, they are a cake, not a biscuit. Maybe that is why they are least dangerous!

I suppose, if you poked yourself in the eye with one, it might be quite dire all the same. I'm not sure whether I find it hard to believe that a THIRD of Brits are forgetful of the location of their mouth?

Egg online banking

This article reminds me of an incident a year or so ago. I notice that Egg are not mentioned in the article as being either good or bad, but my experience is probably one worth sharing.

After some late-night searching for some urgently-needed software, I noticed my home PC behaving strangely and determined that it was infected by some nasties. Not a problem, I thought, simply restore an image backup from a few days ago and carry on. The thing was that I had used Egg online banking that evening, and I wasn't sure if the infection occurred before or after this.

So, as a common-sense precaution, I changed my banking passwords. However, my security-researcher side was curious as to whether in fact there had been, or would be any attempted logins by someone who was not me. Disappointingly, the Egg website does not offer any useful 'you last logged in on' or any access log function, as I am used to seeing on other banking web sites that I use. So I composed a message telling them about this and asking politely if they could give me some sort of log-in history.

I was most surprised to receive a curt response, quote:

"Dear Ed I'm sorry but we don't keep records of when you log into the Egg website. Thanks for your message. Regards Siobhan ***** Internet Customer Services"

Cue loud alarm bells. A 'secure' banking web site that does not have any logs? Doesn't sound right to me. So a reply went back to Egg, again polite, explaining that I work in the IT field and I thought this was a most unusual state of affairs, could they please clarify the situation for me?

A week later, on a Saturday afternoon whilst I was walking in the Lake District, I got a phone call from a lady at Egg. She seemed to want to be helpful and reassure me that my accounts and funds were not in any danger. However, she completely failed to undestand the principle that logs are a pretty essential thing in any web site, especially a security-sensitive one. As I was trying to enjoy some relaxing weekend time, I didn't want to labour the point so after 20 minutes I gave up and left it at that. I never found out whether the malware compromised the password and a malicious individual might have attempted to gain access to my accounts.

I would be most interested if anybody has anything further to say about this experience, or their own...

Protection?

It appears from first glance at the screenshot that the option 'open' will in fact go ahead and open the malware-containing file despite it being detected as such. Surely this cannot be the case?

Privileges?

I hope I'm not the only person who thinks that something must be amiss, if government workers with access to sensitive files are even allowed to install any software on their desktops!