Have you not heard of Guernsey either? It's a British-owned island out in the middle of the sea between England and France and technically in Europe.

Tiny island, population 65,000 and for many years the central hub of almost every EU delivery for Amazon as it was possible to avoid VAT. The money that went through that place was incredible, and hiding behind a historic tax law designed to protect growers of tulips (I believe).

Or Luxembourg? Similar thing, ten times as big (but still a tiny little country), guess how many companies have their EU headquarters there.

By comparison, Singapore is positively huge with 6 million people.

If SSL'ing a site is more than a 10 minute process for you (not including the time to return the cert from the CA after you've sent them the CSR), including anything more than a single restart of the web service (and that doesn't even need to be a full restart with Apache, etc.) then I worry about how you go about it.

SSL sites with existing keys - upgrading the key, or changing the order of allowed cryptography, etc. - that's literally a one-line change (to point to new certificate file, or change the configuration line) and a restart. If the site is visibly down for more than a second or two, I'll be disappointed.

And in terms of CA's, just use the proper ones. If you have need of SSL, then you can spend the annual renewal on a decent CA. It's part of the running costs of having a web presence. Hell, if you're worried, use two different root CAs and if one gets revoked for whatever reason, you can just switch the config to the other.

It's not difficult.

And, you know what? If you have SSL and need SSL then there's a reason it SHOULDN'T be a brainless operation. Because that's just one part of securing the data being transferred.

I do network admin and I only do SSL once a year or even less when the certificates expire. I'm often at a different employer by the time certificate renewal comes up and have to familiarise myself with software I've never used before and never put SSL certs into before. It's not that difficult a process at all.

And your "solution" is exactly what happens already. The reason you get SSL errors if you just enable SSL is because the default cert isn't signed or is only local but it's (usually) there. To get it signed you make a CSR, upload it to your CA, and they send you back a certificate that you plug into. And then the browser decides the quality of that cert and trust chain.

Sorry, mate, but if this is too difficult for you, you shouldn't BE setting up SSL sites. It sounds like you're doing it just to shut user's browsers up when they whinge. That's the EASY part of the process of making sure you're securely handling whatever data they are sending your way.

Visit a web page.

That pages loads iframes etc. from the local network.

Say, the router configuration page. Let's say certain models of router fail to adequately validate credentials before they apply setting changes you request, etc. and that you can request those settings change via HTTP POST/GET methods.

Yes, some of this SHOULD generate security warnings. But it doesn't always. And that's the problem.

People have had their home routers "hacked" by visiting a webpage which changed their home router DNS settings to a malicious provider. The attackers don't need to do anything on your home network, as such, because you do it for them. XSS vulnerabilities like this have existed for years and no browser has entirely eradicated them.

What makes you think that other devices aren't just as insecure? It takes one default-open hole, one well-known credential, one hidden admin interface on your local network for something as simple as a web page load to cause havoc.

And the point of lots of these devices is to be bale to talk in/out of your network with ease. They only need to send a single UPnP request to pop a port-forward to themselves and you'd barely be able to tell (one of the reasons many people disable UPnP, but I've been on dozens of home networks that have it on by default). And once they are exposed to the world, they become a front-line device on your network.

Consider your home NAS, which might well have port-forwards for it's home-cloud features? Or things like ChromeCast that allow 3rd party browser extensions to stream video (encoded in normal formats and subject to the normal overflows) direct to the ChromeCast over your network. Once you start getting into more and more obscure, never-touched, never-monitored devices, your attack surface is growing all the time.

Every single time something wants to cross the boundary between "sheltered device" and "available to the Internet", you have to see what it's doing or you'll run into this.

This is the whole problem with things like UPnP, default "ALLOW ALL OUT" rules, etc. Devices want to talk out, and they'll punch holes to do it, and you don't have to be a genius here - connect their capabilities to find out what COULD happen.

The Chromecast dongle has your wifi password in it. It has access to your network. It has access to your Google account. It has access to the HDMI port of your TV (which may include Ethernet?). Three of those are DANGEROUS (the fourth probably isn't but a lot of people have said similar things and been wrong).

Now consider that it doesn't even need to be be Google that's malicious / incompetent to be a problem. Oh, look, all Chrome browsers on your local net can discover Chromecasts. And send data. Data encoded in complicated codecs which I've often seen in Changelogs because they allow overflows. Oh, look, third-party apps in Chrome are allowed to jump onto the Chromecast too.

Join the dots. Unless you have security against those steps in the chain, there's nothing stopping the mere presence of a Chromecast dongle on your network being a vulnerability. They cost £30 so I doubt they could have a massively-overarching security audit that covers them for years in the future.

Now apply that to your Nest equipment. To the apps on your phone (that game can read from SD card, allow in-app purchases, send text messages to your friends, whatever.... join the dots on ALL that it can do and see what could potentially happen!). To the junk that you plug into the network or wireless. It's a nightmare. And as soon as you break the line and let those things talk out (or be port-forwarded to) you have an Internet-facing vulnerability that amplifies everything a thousand-fold.

This isn't shocking, unless you've been blind to the potential for the fifty years.

Making things go boom isn't terrorism, but it's treated as such. Reading books about how things could be made to go boom isn't terrorism. Intent is behind terrorism more than any amount of relevant knowledge.

Every driver, however, has a terrorist tool at their hands. You can buy bottles of gas for a pittance. You can't stop the tools because the tools are so damn simple and cheap and basically include every compact source of energy we have and use (I'm waiting for the first electric battery / supercapacitor terrorist, but the energy density is probably still too low to do anything but blow your own head off).

Terrorism is designed to invite terror. To make you fear the people doing it.

By doing what we're doing as a planet now - making terror so terrifying and then beaming it into every home - we're basically playing right into their hands. One guy, with one simple device can make the news worldwide. Even if it's a complete botch (I'll say "shoe bomber", you tell me if you've heard of him, now tell me why you now have to take shoes off in airport security when you NEVER used to have to).

Want to defeat terrorism? Stop giving a shit about them.

The UK was dealing with terrorists willing to bomb cities and bring down planes since the 70's (and a lot further back than that because we were arseholes). We learned how to deal with them - ignore them. Don't stop catching them, but just make their efforts have so little impact that - in this case - they give up the terrorism and become politicians.

IRA bombings in the UK (and London especially) only invited comments like "Fuck, I'll be late for work now" or "Does anyone know which buses are still running?" Stop terrorism being terrifying and you're just some pillock who blew himself up.

It's the same with historical "terrorism". We're all scared of Nazi's and Naziist groups. Want to destroy them overnight? Change the international symbol for toilet to a swastika, and label it a "Nazi". "Where's the Nazi, I need a shit?" Instantly destroys the power in the word and the association it has.

But, no, places like France and Germany continue - over FIFTY YEARS LATER - to ban Nazi-related items. It's a Streisand effect. The best part of my walking-tour of Berlin I did a few years ago - they stop outside a building with a car park. They tell you that's where Hitler's bunker was. You're so fucking terrifying, your legacy is under a car park, mate.

People don't know how to deal with terrorists because they are far too self-centered. "What if *I* was blown up?" Fuck that, what if we allow people to get infamy so easily just because they tried to blow other people up? What if we make terrorism so terrifying they are instantly heroes for our enemies and we cower in fear of them? What if we spend billions on a international manhunt for one man in the public eye proving that MILLIONS of people are scared of one man who did nothing noteworthy himself but orchestrated others? What if we live in a world where terrorists get on the news and science doesn't? Fuck THAT.

Terrorists are cocks. And we're pandering to their media whims, like fucking dickheads. Want to see a proper reaction to terrorism?

https://www.youtube.com/watch?...

You beat terrorists by removing the terror. Then they have nothing left.

I never owned a NES, but even I know just about everything in that article, just from downloading an emulator once (anyone remember Nesticle?).

Where's the "technical" information? The fact that memory mappers exist for the platform, or that it was sprite/palette based graphics is hardly some massive insight to anyone starting down the route of writing an emulator for something of that era.

At least if Steam does go down, hacks exist to run the Steam games outside of Steam. And you can download the compressed files of Steam games at any time, as a Steam owner, and use the backup facility.

With OnLive, you don't even have access to your own configuration or saved games, except through their systems.

Nope.

You licensed use of several games for a maximum period of three years (go read what "lifetime" access was for a game you purchased).

Probably the most you'd ever get back would be a part of the purchase price proportional to the time you've had them (i.e. if you had access to the games for a year maybe you'd get a 2/3rds refund - after you brought in the lawyers).

One of the reasons that systems like OnLive weren't a good idea for consumers.

I tried OnLive because they gave a "full" game at the time without paying a penny. Mainly to see whether it was worth buying properly. When I read the terms and conditions of the "full" game, I realised I'd have to buy it somewhere else anyway as the game could disappear in a few years and I'd have no recourse, so instead I used OnLive purely as a demo and actually bought the game elsewhere.

"Fix your shit once-and-for-all and we might deal with you again."

That's not really an endorsement, any way you look at it.

Also a k-sound. With a harsh-ending 't' too.

Have you seen OOXML?

The reason they had to fork is because the format is SO binary and tied into the old legacy codebase that - even masquerading behind an XML front - there's no illusion of portability whatsoever.

They were forced to document it, by the EU, and all they did was describe every hack, binary fudge and kludge that went into it so that it was almost impossible to make a compatible format.

When you're talking Office on Mac, it's not a question of just adding Mac UI code and incorporating another platform into the build process. It's replicating all those stupid bit-wise assumptions made throughout the format. It's like WMF used to be - literally just a description of the Windows GDI commands required to replicate the object on the screen (which is why WMFs were capable of containing executable code!). That's pretty much the best analogue to something like MS's "open" XML formats.

I'm not surprised that the Mac versions are staggered by several years and not entirely compatible. That's how long it takes to emulate the Windows-specific fudges in the format.

What MS are scared of is a format that works across all platforms because, then, what's to say you'll bother to buy Office?

That's my cue.

Now to stop reading for over 24 hours while all the poor April Fool's junk slams the front page over and over.

It's now an annual ritual. See you at the weekend, guys.

Boo hoo.

http://www.ukpower.co.uk/home_...

0.10p / KWh. (excluding VAT at 5%) = 0.148c / KWh (at current exchange rates). Call it 0.16c in reality, rounding up etc.

And that's just the lowest priced ones (because that's a price comparison site), on average, not including VAT, not including service charges, and tied into long contracts to get that etc.

And we have little solar alternative (the UK isn't great at producing sun, though we do have some).

And of course providers are charging fees for solar users - if you want to push back to the grid, it's horrible to do so for solar as it's so variable and in the wrong "format" for grid energy.

To quote your link - "We're supposed to encourage conservation but it must be cost-effective."

Consider yourself lucky that you have a viable alternative at all.

5%, in one of the sunniest states there is.

Seriously, guys, that's just pathetic. And that's considered newsworthy?

Wow. Talk about picking the wrong forum.

Unless you're interested in starving geeks, love, you've come to the wrong place.