How can this make a headline/slashvertisement on Slashdot? That sounds like they're doing the right thing and giving the gamers a better gaming experience by not just ditching all of the hard work from previous games. I'm sure there must be some flaw or lie somewhere - it's just not the corporate thing to do!
I'll have to double-check my sites to be sure, but I think I'd be throwing a huge optimisation at any of my pages that got near 320KB, never mind averaging that large. That's just crazy-huge for a page given the amount of actual useful content that most pages have. If only people put in useful stuff instead of filling sites with pointless cruft.
Chancellor George Osborne is doing what all countries should do in that situation but are afraid to do, due to the unlikelihood of reelection
But the advantage that he has is that they're part of a coalition, so it isn't just his party that takes the blame. In a way, this coalition has its very good points. There are almost certainly some of these measures that wouldn't have been taken without it, even if they were necessary.
I ended up thinking about how it was going to be k'new and so kompatible. Then I realised that was K'nex and not some fad of a new controller system.
I wonder if someone will eventually decide that controllers are 100% unnecessary, thereby forcing loads of console gamers back to proper machines and better graphics on their PCs?:D
openSUSE has an RPM that pulls in Flash, because they're not allowed to redistribute it directly. What it mainly seems to do is show an EULA and then download and install Flash. I know I've had a couple of updates to it, so it'll be interesting to see what happens if the 10.1 Flash site is disabled.
Oh well, I guess I can manage without Flash. It's not as if the occasional YouTube video is a big loss.
Definitely the BCS has been dumbed down successively over the past 16 years I have been a full member, I suspect that this is because they basically want more members so lower the entry bar, in order to get the membership funds in their coffers. I definitely did not like the CITP membership level, it is the British COMPUTER socienty, that should cover anything in the field of computing and not just information technology.
The odd thing is that I agree with the sentiment, but not with the votes. If you read the monthly magazine then you end up skimming it - management, management, buzzword, management buzzword, etc - and it does feel more Pointy Haired Boss than Alice and Dilbert. I can't say I've gained much from the BCS (I had to join when I was a student to do Industrial Experience, then my company paid for it) but there definitely seems to be a focus on the management aspects rather than the techy aspects.
That said, I think there probably was still a need to invest in change for the future, especially when politicians are screwing it up with things like the Digital Economy Bill.
The difference is that Level 1 is "newbie with no experience and easy to achieve" where as level 5 is "experienced professional requiring a reasonable amount of evidence".
I had to use the levels when I did an "Industrial Experience" year and found that even moderate programming experience shot you up to about level 3 without much effort. The problem was that I was supposed to show development, but level 4 required more specialist things that not everyone does.
Yeah, that must be accurate, because I'm sure they factored in things like:
1) People downloading way more than they could ever afford to buy 2) Multiple downloads by one person 3) Downloads of games that were already legitimately purchased by the individual but unusable for some reason
The Tetris Company, LLC seems to simply abuse the DMCA.
There is some legislation that can let you easily and quickly stiffle small competitors due to potential legal expenses, and companies are mis-using it on things it doesn't apply to? Say it isn't so! I'm sure all of our governments (whichever nation we live in) will be livid when they find out, will side with the good of the populate who voted them in and will resolve the loopholes and abuses to show those nasty corporations where they stand.
This also hides information from applications that they might need in order to make a good security decision.
For example, if the firewall constructs a fake SSL session, the information about the effective encryption has been hidden... they can no longer verify that the session is encrypted end to end using a cipher strong enough for the information they are about to send.
I think that if you're in an environment where they're MITM-ing your HTTPS sessions for corporate security and other reasons then you're probably also in an environment where you're not allowed unapproved network apps. If you do want a new network-aware app then you'd need to get it fully tested and approved for use, which would generally include checking its behaviour with the MITM system. Luckily, the developer network isn't tied down with such limitation on HTTPS, but we're not allowed SSH out and other filters kill SVN over HTTP (they don't like any HTTP requests other than POST and GET).
A decision needs to be made based on how the site will be used whether to proceed or not despite the error.. A Firewall quietly hiding errors will result in an insecure situation, since the user proceeds to a site under false pretense of security.
A Firewall producing spurious errors in result of self-signed certificates or expired certs, will result in user complaints. And a demand from vendors that they simply 'OK' the cert warning.
That's not my experience. I've had SSL sites not work, almost certainly because they weren't using a recognised certificate and so the filter rejected them. You don't get a choice in the matter - corporate security set up the firewall and you live with it. If there's something important to work then it is normally set up with a normal certificate from a standard root and is intercepted by the filter. If you visit anything that fails but is for work then they'll add it to the whitelist, but anything else almost certainly won't get actioned.
The CPU requirements to deconstruct and reconstruct SSL sessions are not insignificant. This would have to be some monster of a firewall or filter in order to avoid introducing latency that would hurt the entire enterprise.
Really? All it is doing on top of the normal scanning is initiating two SSL sessions - one between itself and the client with a "fake" certificate and one between it and the server that the user made the request to. I've not looked into the detail, but if a webserver can handle huge numbers of SSL connections then I wouldn't have expected a firewall/filter to struggle much either.
It is actually compromising security of SSL. This represents a substantial security risk, and if the Enterprise actually has a security policy designed to ensure protection of Enterprise data, a MITM of this nature is probably a violation of security policy in and of itself.
It depends on your point of view. To the person using the SSL then the security is compromised in terms of their confidentiality, but in terms of the corporate network then the unmanaged SSL itself is a security risk as it can be used by employees to leak data without it being monitored. It depends on how the company handles its data and how "high risk" the data is.
The "new root-signed cert" becomes a point of attack, any intruder who can compromise that endpoint, now has full access to all the Enterprise's encrypted SSL transmissions, banking, etc.
I'm not sure how that would work. If all of the communication from the filter/firewall to the client is within the corporate LAN then having the certificate is useless without remaining within the LAN. Besides, as I understand it then you'd only be able to sign things as the actual HTTPS encryption or similar would use its own symmetric key that was created at the time.
Also, I'd expect that you only do the MITM for external transactions over the Internet to general HTTPS sites. If you have some specific systems that have known and constrained interfaces that are regularly used for corporate functions then I'd expect them to have a waiver and be allowed to connect as normal.
Imagine you're a site owner and rely on keyword analysis. You want that referer data, and suddenly more and more people who use Google SSL aren't giving you the data on what they searched for.
What do you do?
Implement SSL on your site as well!:D Then the referer data comes to you cleanly, and still remains out of the hands of eavesdroppers.
Damnit, I bet that the certificate authorities are rubbing their hands in glee. I don't know how many of my visitors will use Google with SSL, but a dozen sites on one machine would require a dozen certificates and a dozen IP addresses (or using non-standard ports, which would freak some people out and wouldn't work on some corporate networks).
Actually, now that I think about it, maybe Google have a plan. Maybe they want to get people using more IPv4 addresses so that they can support SSL on their sites, which would decrease the remaining amount even faster, which would force the introduction of IPv6 more quickly. We can but hope:D
Not that I actually read my stats all that much, just the occasional browse to see if anything interesting is happening in referral patterns or new phrases.
The simple solution there, since they are corporate computers, is for them to put their own root certificate on each machine and make their firewall/filter machine perform a "MITM" on all connections then re-encrypt with a new root-signed certificate. Since the client has a root that it trusts then it won't show an error and since it gets decrypted at the firewall/filter then it can be read. It works and it probably isn't all that expensive, in the grand scheme of things.
Re:Even though Fedora is my desktop of choice
on
Fedora 13 Is Out
·
· Score: 1
Printer configuration is insanely complex and obscure. Really, this is a gripe about CUPS, but I just don't like either that much.
I've had to configure a network printer at work on Fedora 11 and it didn't seem that bad. Could have been clearer and simpler, but I've seen much worse given what information it needed.
NetworkManager is an abortion that doesn't play well with the usual Unixy config files, but is strangely necessary for the desktop to operate correctly. I think this finally got fixed in more recent versions (Fedora 12).
Oddly, I'm doing fine without NetworkManager on my openSUSE 11.2 system at home. Some apps, like Banshee, look for NetworkManager on DBus or something but fall back perfectly well when it isn't running. That said, I've got a nice and sensible wired network.
Audio is just plain broken. Major features -- such as the ability to mix external audio -- have been missing since Fedora 11. Nobody seems to care, or know how the new audio system, Pulse Audio, works.
The only time I've had issues with Pulse Audio was because of hardware. I was using an old Soundblaster because I had it, but it needed timer-based scheduling disabling (I think). After that it was fine. The extra features (like per-app muting) can be quite useful and I definitely think it is the best way forward in general.
It isn't in the feeds yet, just at the top of the search results. They're supposed to be relevant, but some of my programming searches get Starbucks and Virgin Airlines promo-tweets. In the grand scheme of things it is small peanuts compared to a) Google Ads on Google searches and b) big companies that slap large Flash adverts and more all over their articles/"blogs" while splitting the article into multiple pages for more ad views.
Except for the bit where the EU is supposed to have a cross-member ban on patenting software. I know Germany broke it - first with some approval of FAT patents and more recently with a more wide-reaching decision - but they're not supposed to be accepted/enforceable.
Don't kid yourself. In computers, everything is either patented or is about to be.
Only really in America...oh, and Germany as of recently. Damnit, I thought we'd kept those silly "software patent" ideas on the other side of the Atlantic.
It is great how patents are getting so horrendously abused, and yet the people holding them always make it out like a good thing. "Yeah, we've got patents, but we're nice enough to license them to you, and if you sign up then we promise to never sue you (but we'll keep quiet about any other patents that may be floating around)".
Don't worry, I was poking fun at iPhones and the like and the sudden "wow, everything must be touch-screen with gestures" pattern. Given the size of the screen, can you imagine the comparative effect of fingerprints?
It's okay - it'll be a touch-screen display, so you can use your fingers to zoom in and out and to scroll. Give it a day and you'll wonder how you ever did without all of the zooming and scrolling just to see useful stuff!
they intend to offer a free PSN game to subscribers each month (from a choice of 'two to four games'), which should make the premium PSN effectively free if you already bought a game every month
That depends entirely on what games they give away as the free options. I've not got a PS3 and not seen the PSN (why waste money on a cut-down computer that isn't even as good as the real thing?) but if you buy the best game from the PSN each month then I doubt that it would be the one that they put in the list of freebies. Chances are it'll be some fairly naff one or a middle of the range one that they just want to increase the numbers on without giving away anything they could make good money on.
You mean like running a custom-built Live distro with the apps you need built in? Not exactly what you said, but the same effect. That's what we've got access to at work for remote access over VPN on other hardware.
Hurrah - now I'll get pre-built nVidia drivers!
on
Linux 2.6.34 Released
·
· Score: 1
I put an openSUSE Build Service version of the.34RC kernel on my new desktop because it fully supported the new Core i5 I'd just installed. Down-side was that there weren't any pre-built nVidia drivers because it wasn't a final kernel yet. Hopefully nVidia will start building the drivers in their repo so that I can move to a repo for my drivers:)
Slashdot Mirror
How can this make a headline/slashvertisement on Slashdot? That sounds like they're doing the right thing and giving the gamers a better gaming experience by not just ditching all of the hard work from previous games. I'm sure there must be some flaw or lie somewhere - it's just not the corporate thing to do!
I'll have to double-check my sites to be sure, but I think I'd be throwing a huge optimisation at any of my pages that got near 320KB, never mind averaging that large. That's just crazy-huge for a page given the amount of actual useful content that most pages have. If only people put in useful stuff instead of filling sites with pointless cruft.
But the advantage that he has is that they're part of a coalition, so it isn't just his party that takes the blame. In a way, this coalition has its very good points. There are almost certainly some of these measures that wouldn't have been taken without it, even if they were necessary.
I ended up thinking about how it was going to be k'new and so kompatible. Then I realised that was K'nex and not some fad of a new controller system.
I wonder if someone will eventually decide that controllers are 100% unnecessary, thereby forcing loads of console gamers back to proper machines and better graphics on their PCs? :D
I assumed it was a 64-bit package, but maybe it was just 32-bit all nspluginwrapper'd up.
openSUSE has an RPM that pulls in Flash, because they're not allowed to redistribute it directly. What it mainly seems to do is show an EULA and then download and install Flash. I know I've had a couple of updates to it, so it'll be interesting to see what happens if the 10.1 Flash site is disabled.
Oh well, I guess I can manage without Flash. It's not as if the occasional YouTube video is a big loss.
Huh what now?
That's one very clever Thursday to go publishing attack code. And, even better, it appears to be a special Google Engineer flavour of one!
If you outlaw encryption then only outlaws will have encryption...Crap, that's not a good situation to be in, is it?
The odd thing is that I agree with the sentiment, but not with the votes. If you read the monthly magazine then you end up skimming it - management, management, buzzword, management buzzword, etc - and it does feel more Pointy Haired Boss than Alice and Dilbert. I can't say I've gained much from the BCS (I had to join when I was a student to do Industrial Experience, then my company paid for it) but there definitely seems to be a focus on the management aspects rather than the techy aspects.
That said, I think there probably was still a need to invest in change for the future, especially when politicians are screwing it up with things like the Digital Economy Bill.
The difference is that Level 1 is "newbie with no experience and easy to achieve" where as level 5 is "experienced professional requiring a reasonable amount of evidence".
I had to use the levels when I did an "Industrial Experience" year and found that even moderate programming experience shot you up to about level 3 without much effort. The problem was that I was supposed to show development, but level 4 required more specialist things that not everyone does.
Yeah, that must be accurate, because I'm sure they factored in things like:
1) People downloading way more than they could ever afford to buy
2) Multiple downloads by one person
3) Downloads of games that were already legitimately purchased by the individual but unusable for some reason
There is some legislation that can let you easily and quickly stiffle small competitors due to potential legal expenses, and companies are mis-using it on things it doesn't apply to? Say it isn't so! I'm sure all of our governments (whichever nation we live in) will be livid when they find out, will side with the good of the populate who voted them in and will resolve the loopholes and abuses to show those nasty corporations where they stand.
And back in the real world...
I think that if you're in an environment where they're MITM-ing your HTTPS sessions for corporate security and other reasons then you're probably also in an environment where you're not allowed unapproved network apps. If you do want a new network-aware app then you'd need to get it fully tested and approved for use, which would generally include checking its behaviour with the MITM system. Luckily, the developer network isn't tied down with such limitation on HTTPS, but we're not allowed SSH out and other filters kill SVN over HTTP (they don't like any HTTP requests other than POST and GET).
That's not my experience. I've had SSL sites not work, almost certainly because they weren't using a recognised certificate and so the filter rejected them. You don't get a choice in the matter - corporate security set up the firewall and you live with it. If there's something important to work then it is normally set up with a normal certificate from a standard root and is intercepted by the filter. If you visit anything that fails but is for work then they'll add it to the whitelist, but anything else almost certainly won't get actioned.
Really? All it is doing on top of the normal scanning is initiating two SSL sessions - one between itself and the client with a "fake" certificate and one between it and the server that the user made the request to. I've not looked into the detail, but if a webserver can handle huge numbers of SSL connections then I wouldn't have expected a firewall/filter to struggle much either.
It depends on your point of view. To the person using the SSL then the security is compromised in terms of their confidentiality, but in terms of the corporate network then the unmanaged SSL itself is a security risk as it can be used by employees to leak data without it being monitored. It depends on how the company handles its data and how "high risk" the data is.
I'm not sure how that would work. If all of the communication from the filter/firewall to the client is within the corporate LAN then having the certificate is useless without remaining within the LAN. Besides, as I understand it then you'd only be able to sign things as the actual HTTPS encryption or similar would use its own symmetric key that was created at the time.
Also, I'd expect that you only do the MITM for external transactions over the Internet to general HTTPS sites. If you have some specific systems that have known and constrained interfaces that are regularly used for corporate functions then I'd expect them to have a waiver and be allowed to connect as normal.
Damnit, I bet that the certificate authorities are rubbing their hands in glee. I don't know how many of my visitors will use Google with SSL, but a dozen sites on one machine would require a dozen certificates and a dozen IP addresses (or using non-standard ports, which would freak some people out and wouldn't work on some corporate networks).
Actually, now that I think about it, maybe Google have a plan. Maybe they want to get people using more IPv4 addresses so that they can support SSL on their sites, which would decrease the remaining amount even faster, which would force the introduction of IPv6 more quickly. We can but hope :D
Not that I actually read my stats all that much, just the occasional browse to see if anything interesting is happening in referral patterns or new phrases.
The simple solution there, since they are corporate computers, is for them to put their own root certificate on each machine and make their firewall/filter machine perform a "MITM" on all connections then re-encrypt with a new root-signed certificate. Since the client has a root that it trusts then it won't show an error and since it gets decrypted at the firewall/filter then it can be read. It works and it probably isn't all that expensive, in the grand scheme of things.
I've had to configure a network printer at work on Fedora 11 and it didn't seem that bad. Could have been clearer and simpler, but I've seen much worse given what information it needed.
Oddly, I'm doing fine without NetworkManager on my openSUSE 11.2 system at home. Some apps, like Banshee, look for NetworkManager on DBus or something but fall back perfectly well when it isn't running. That said, I've got a nice and sensible wired network.
The only time I've had issues with Pulse Audio was because of hardware. I was using an old Soundblaster because I had it, but it needed timer-based scheduling disabling (I think). After that it was fine. The extra features (like per-app muting) can be quite useful and I definitely think it is the best way forward in general.
It isn't in the feeds yet, just at the top of the search results. They're supposed to be relevant, but some of my programming searches get Starbucks and Virgin Airlines promo-tweets. In the grand scheme of things it is small peanuts compared to a) Google Ads on Google searches and b) big companies that slap large Flash adverts and more all over their articles/"blogs" while splitting the article into multiple pages for more ad views.
Except for the bit where the EU is supposed to have a cross-member ban on patenting software. I know Germany broke it - first with some approval of FAT patents and more recently with a more wide-reaching decision - but they're not supposed to be accepted/enforceable.
Only really in America...oh, and Germany as of recently. Damnit, I thought we'd kept those silly "software patent" ideas on the other side of the Atlantic.
It is great how patents are getting so horrendously abused, and yet the people holding them always make it out like a good thing. "Yeah, we've got patents, but we're nice enough to license them to you, and if you sign up then we promise to never sue you (but we'll keep quiet about any other patents that may be floating around)".
Don't worry, I was poking fun at iPhones and the like and the sudden "wow, everything must be touch-screen with gestures" pattern. Given the size of the screen, can you imagine the comparative effect of fingerprints?
It's okay - it'll be a touch-screen display, so you can use your fingers to zoom in and out and to scroll. Give it a day and you'll wonder how you ever did without all of the zooming and scrolling just to see useful stuff!
That depends entirely on what games they give away as the free options. I've not got a PS3 and not seen the PSN (why waste money on a cut-down computer that isn't even as good as the real thing?) but if you buy the best game from the PSN each month then I doubt that it would be the one that they put in the list of freebies. Chances are it'll be some fairly naff one or a middle of the range one that they just want to increase the numbers on without giving away anything they could make good money on.
You mean like running a custom-built Live distro with the apps you need built in? Not exactly what you said, but the same effect. That's what we've got access to at work for remote access over VPN on other hardware.
I put an openSUSE Build Service version of the .34RC kernel on my new desktop because it fully supported the new Core i5 I'd just installed. Down-side was that there weren't any pre-built nVidia drivers because it wasn't a final kernel yet. Hopefully nVidia will start building the drivers in their repo so that I can move to a repo for my drivers :)