Forgot your password?

Comment: Re:Wireless security (Score 1) 83

by ledow (#47809217) Attached to: Wi-Fi Router Attack Only Requires a Single PIN Guess

Sorry, but maybe it would pay to Google things and keep on security news sites occasionally. Sure, I'm a home user for the most part, my home connections aren't liable to be attacked.

But WPA-TKIP is fatally flawed and allows - while not password revelation - replay-attacks that allow packet injection and all kinds of other nasties. Some of this has been known about since 2008. Some of this is because WPA still uses the RC4 stream cipher (which is dead nowadays) in some situations too, whereas WPA2 uses AES.

Services such as CloudCracker also mean that anything not already a seriously complex passphrase is only a couple of hundred dollars away from complete compromise - and NOBODY at home has a passphrase that complex, as you normally have to give it to people (yourself included!).

WPA / TKIP are thus dead. WPA2 / AES have measures against such things. And WPA2 hardware is old-hat now and it's been available for years. There's no excuse to still be lingering on WPA, and WEP is just asking for it - it's actually quicker to crack WEP even casually than it is to piss about asking people for their passphrase (have done it to several friends who told me they were "secure"). WPA's life is, to put it bluntly, limited at best.

Guest network - I have no need of one. I certainly have no need of one I have to turn on and off all the time. So it stays off. With modern 3G, the chances of anyone wanting to join your wireless are entirely minimal, but a lot of home routers that offer guest Wifi have associated vulnerabilities or are commercial services I have no desire to offer (BT-FON etc.).

And there are three channels on 802.11g. Three. Ignore the 13 that you might claim to be given on the router config, they overlap. And, thus, chances are that in any suburban environment, you are already picking up a ton of other networks that overlap yours. Kill off the guest networks, whatever the channel, or move to 5GHz (which is still pretty dead, but liable to get a lot busier over time).

And I VPN all my wireless. The extraneous ping is 1ms on normal hardware (and, no, I don't have particularly high-end equipment on the VPN side - usually some old crappy desktop running Linux). You can test this quite simply with even the simplest ping to Google using the Linux tools that will show sub-ms pings as proper floats. VPN costs are extremely minimal. Gaming is NOT affected any more than anything else. In fact, bulk download/uploads are liable to have more of a delay than tiny regular packets.

Comment: Re:Wireless security (Score 1) 83

by ledow (#47796387) Attached to: Wi-Fi Router Attack Only Requires a Single PIN Guess


I didn't personally use Wifi until it had been in place, with an encryption system that had proven itself, for a number of years before I trusted my networks and data to it.

WEP was broken, so I reset the clock. WPA was compromised so I reset the clock. It was only WPA2 that has proved difficult to "simplify" the problem by using real, proven encryption schemes rather than making-one-up-as-we-go-along.

Common bloody sense.

Comment: Games (Score 4, Insightful) 88

by ledow (#47794899) Attached to: RAYA: Real-time Audio Engine Simulation In Quake

Realistic sound has been around, as people point out, since the Aureal days. Now, to be honest, it should be baked into every engine and tied to your textures (soft textures absorb sound, shiny textures reflect sound, etc.).

The fact that it isn't means a couple of things - it's too expensive (which I can't believe nowadays), it adds too much cost to development time (but surely modifying those sounds for echo etc. is more costly than just putting in a pure sound and letting the engine modify it as necessary),, people just don't notice that much, or the patent field is too heavy.

Take things like TF2, HL, CS, etc. They are all same-engine. They are all 3D open environments. It is vital to know where shots etc. are coming from in order to play properly. But we don't see such audio tricks. That, to me, suggests they aren't necessary or certainly not the right value to waste time on.

And, to be honest, I watched "ray-traced quake" over, what? Ten years ago? That tech still isn't used in modern games because of the above reasons. It's do-able but expensive, the development time is costly, the effect isn't that much different from pure cheating on the 3D drawing, and it's not in any of the major game engines. This is suggestive of the value of such things being minimal.

And, to be honest, the realistic-"ness"of a game is the first few minutes of unboxing and then that's it. What destroys your immersion from then on is crappy plot, unrealistic capabilities, and AI that still - to this day - sucks. Fire gun, run around corner, wait for the idiots to pile round. The "better" ones might well throw a grenade but once you know that, you take account of that, and that's the AI beaten. To "win" the AI has to have reactions infinitely better than yours and outnumber/outgun you. Think about the average FPS game - there are several THOUSAND bad guys. And you. And though you might get stuck occasionally, you will win. You can use first-aid kits, they can't. You can lure them into traps, they can't (unless scripted). You can sit and wait them out. You can guess where they will walk next, they forget about you one second after they stop seeing you. It's ludicrous.

Please stop wasting our game industry by reinventing tech we've had for decades and could put in any game, given time. Let's try and make a game with one, single, scary opponent (and maybe some NPC's to fill in the gaps). A Matrix-like game, for example. Agents are few and far between, maybe one per real player. There is only one that's a real threat. And there's you. And a world that you can both use to your advantage.

When humans play humans you HAVE to have the same numbers on both sides. When humans play AI, you HAVE to be vastly outnumbered.

I'd much rather Half-Life 3 had intelligent enemies who will choose to camp the chokepoints and not be lured out, than some fancy water effect or proper audio reflections or whatever.

You're not telling me that with the CPU/GPU available nowadays, we couldn't make a Quake 1 opponent that - with the same programmed reaction times, capabilities, and facilities available to them as a human player - couldn't be a serious threat. I'd rather play that than yet-another "look how shiny" kind of game.

Comment: Wireless security (Score 5, Informative) 83

by ledow (#47792921) Attached to: Wi-Fi Router Attack Only Requires a Single PIN Guess

Is it just me that hates shit on my router?

- WPS (a.k.a. turn your massive password into a four-digit number): turned off on every router I've ever used, since day one of installation.

- UPnP (a.k.a. let anything open any port to anywhere without authentication): turned off on every router I've ever used, since day one of installation.

- WPA/WEP (a.k.a. half-arsed encryption that we never really thought through): turned off on every router I've ever used, since day one of installation.

- Guest networks (a.k.a. let random strangers use your Internet connection without you knowing): turned off on every router I've ever used, since day one of installation.

- Remote administration (a.k.a. let random strangers on the Internet sit and brute-force your passwords with no way to tell it's happening): turned off on every router I've ever used, since day one of installation.

And, in fact, on anything BUT my actual wireless router of choice (e.g. any Internet router supplied by my ISP):

- wireless (a.k.a. give people another way into my network and hinder all my other - wanted - wifi connections by flooding the airwaves): turned off on every router I've ever used, since day one of installation.

Seriously, people, just turn this shit off. And layer VPN over the top of it, if you can. Seriously. There's zero impact on always VPN'ing over your wireless connection to a machine that has a fixed line to your actual Internet connection. Then even if WPA2 is broken, you're still secure. And yes, you can game. I've done it with OpenVPN over my wireless for years - for EVERY packet - that goes over the wireless.

Wireless is the leaky, draughty hole of your network. Seal that fucker up and treat it like an Internet connection, even to your local network.

Comment: Re:Remote management (Score 5, Informative) 153

by ledow (#47791151) Attached to: Reformatting a Machine 125 Million Miles Away

Not really...

The chances are that "reformat" isn't what we think and includes one of more of:

1) Rewriting cells and allowing wear-levelling and sector-replacement to take place, and make bad sectors as bad.
2) Write-testing and manually avoiding those sectors that don't perform as expected.
3) Rewriting all the critical storage functions to avoid the already-known bad sectors.

It's the kind of thing that anyone can play with. Not saying it's not risky on a remote device, but BadRAM etc. patches have been in places for years and that's a way to run Linux on machines with faulty ***RAM****, not just long-term storage.

Many years ago, a bad sector on your hard drive was something you found out with scandisk (or previous tools) and then it was marked as bad and that was the end of that. Your PC wouldn't use it and so long as it wasn't the boot sector, that was the end of that. It was only the "creeping" bad sectors, where you got more bad sectors over time, that would really worry anyone.

I imagine that it's not at all difficult to make sure that multiple boot sectors were in place if you really wanted to but why bother? The chances are billions to one. Chances are this hardware has MUCH better fault tolerance and multiple hardware watchdogs, firmware, and boot attempts to make sure it eventually gets back up SOMEHOW.

There's a reason that even FAT stores two copies of the allocation table, why Linux ext filesystems store multiple copies of the superblock, etc. They come from a legacy where the occasional bad sector wasn't a problem and where 20Mb of hard drive cost more than the computer did so it was better to cope with the fault than just tell people to buy a new one. And their predecessors were (and still are) mainframes with hardware that's just that fault-tolerant in the first place anyway.

It's not at all hard to write a filesystem that can cope with not only damage, but even recurring damage. You've seen PAR files presumably? The same could easily be done on a filesystem-level basis (and I imagine, somewhere, already is for some specialist niche).

It's not that big a deal once they KNOW that's the problem. The biggest problem is that they only "suspect" that's the problem.

Comment: Re:Soon? (Score 1) 299

by ledow (#47775949) Attached to: WikiLeaks' Assange Hopes To Exit London Embassy "Soon"

Charge of resisting arrest.

It's a charge. He did it, by his own admission. We can confidently charge him. The charge will, more than likely, make it through a court successfully given that he was - a) under arrest and then b) knowingly resisted it. Resisting arrest is an offence, like any other. However, notice that although he was arrested on the Swedish request, there has been no CHARGE whatsoever. He's being extradited for questioning. That's not a problem. You can do that. That's how the system works. Because an allied country asks you to detain someone (arrest them), it does not mean that that it's up to you to charge them yourself, or determine what Swedish charges he should face. You arrest them, you extradite them. Petty thief or war criminal.

However, the initial arrest would not necessarily have resulted in any charges whatsoever, especially if the Swedish case is so weak as people try to make out. And the UK, in case you haven't noticed, made Sweden go back SEVERAL TIMES to ensure their reasonable cause for wanting to question him was proper and above board and lawful.

You might absolutely hate it. But it's all above board. And if you make "resisting arrest" not a crime, then you have a lot more problems on your hands than some moron costing the UK millions of pounds JUST SO they can send him to Sweden at great expense, after taking through the UK courts at great expense and finding NOT A SINGLE legal get-out clause that means they aren't obligated to do just that.

To be honest, I'd be over the moon if we just charged him with the UK stuff and then the Swedish stuff all blew over immediately. It would prove what a overblown pillock he actually is, and that you don't escape UK law just because you disagree with it.

You don't like UK law, get it changed, or don't come to the UK. Don't come to the UK, break it, and then expect to get away scot-free. And if you're truly fleeing false charges in Sweden, get the fuck out of the UK. They are both in the EU, so the laws are pretty much identical.

Fuck the Swedish crap, you BROKE UK LAW. Quite clearly. In front of the world's press. And then cost the UK millions. Damn right, you should be arrested, charged and banged up for that.

If the UK has problems with Swedish law and their history, that's for the UK to decide. They did. The courts said there was no plausible reason not to hand him over. Several of them. Appeal, after appeal, after appeal, all the way to the Supreme Court. Call it conspiracy. Call it authoritarianism. But it was by the book and the lawyers funded by Mr Bail-me-out-and-I'll-flee couldn't find a single hole in it. In fact, as part of the EU, they don't even really get a choice. And if they did, they wouldn't be handing him over if there was a credible threat.

The UK has a LOT more to lose by fucking up than the Swedish do.

I don't give a shit about what Assange revealed, personally. I don't think it was even worth risking jail time for, and it certainly wasn't worth the media circus. And Snowden and even Manning did INFINITELY more at much more personal risk than Assange ever did.

I'm not an authoritarian, but I am a nut for legal-wranglings and doing things by the book and STILL WINNING over authority. I've personally sued several companies I've used in the past, when I could easily let it drop - there's always a way for someone "in the right" to get through the law system unscathed no matter what's threatened and it's actually entertaining to do. Assange had no case. If he'd gone to Sweden and ANYTHING had happened he'd have the biggest case in history on his hands - the kinds of things that start wars. But it was never going to be. And the legal wrangling stage, I thought he was an idiot to try, but I admired him for trying.

The second he skipped bail, all sympathy left. To hole up in an embassy for YEARS is just taking the piss. He's lost. It's game over. He'll go to jail in the UK no matter what happens in Sweden. He's lost legally, morally, and intellectually.

But, at the end of the day, he skipped bail and is resisting arrest. Game over.

Comment: Re:Just being honest here... (Score 1) 113

by ledow (#47765949) Attached to: Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support

1) If you're in business, likely you don't care about the privacy of searches anonymised under legal agreements because, well, there's just nothing quite that interesting and if your employees complain, you have to wonder what they are Googling in their spare time that they don't want you to know about.

2) Alternatives. I was an Opera user since before 3.something. It peaked a year or two ago, the developers were moved on, and it's now just junk and uses Chromium backend. IE isn't a sensible alternative either (trust no browser that wants you to go to Bing by default, has the Bing toolbar, etc. either). Quite what are we supposed to use and deploy? Firefox? The MSI and GPO integration is still all random-third-parties that we have to trust did it right and didn't add their own junk in.

Sorry, but on the face of it, the privacy "problem" isn't really a problem for most people. I agree that privacy is an issue and I get more than most people that privacy is just something you should have by default, not be made to justify or fight to get. But, honestly, there's little choice.

And when you're a techy working for a business, you'll deploy what's been agreed on, which will be the lesser of most evils. At least Chrome MSI-deploys and has proper GPO and respects Windows Internet Options, and is cross-platform in other respects.

At home, I still use Opera. But only until websites start crapping out on it, because there's no way I want to touch the newer versions anyway (whatever their underlying browser).

Comment: Re:LibreOffice (Score 1) 190

by ledow (#47748787) Attached to: Munich Council Say Talk of LiMux Demise Is Greatly Exaggerated


Their idea of a changelog is:

Problem description.
Before Screenshot
After Screenshot
Example document that triggered bug.

Best fucking changelogs in the world, because they have one of the best bug-hunting projects in the world.

Just send them the file. See if the fix is in the Changelog for the next one/two small releases they do.

Comment: Re:Where's the money? (Score 1) 276

by ledow (#47741195) Attached to: Among Gamers, Adult Women Vastly Outnumber Teenage Boys

See my post above.

My mother is in retirement. She has owned and completed basically every Nintendo console and Mario game in existence (there's probably some obscure Japanese title somewhere, but if you've heard of it, and it has Mario, she's completed it).

We buy her the console for Christmas, we buy her the games when she completes them. It's an expensive outlay all round, given her gaming abilities. She's had more spent on her than my brother and I (old-school "gamers" from the ZX Spectrum era through to today) have spent on games collectively. She destroyed four Palm Pilots back in the day playing Bookworm.

This is exactly the point the article is making. What you THINK is a gamer and funding the industry isn't. Sure, buying your competitive CS:GO server and getting a huge rig to play it on and playing endlessly and winning championships makes you feel like a gamer. But, actually, the money Valve got from that was, what - a copy of CS:GO and maybe a competition entry that mostly went on marketing and prize money? It's a drop in the fucking ocean compared to a teenage girl or mother dropping a few quid every month for years on new Candy Crush levels or Wii Fit titles.

The industry isn't catering to a HUGE PORTION of its market. And it's stupid not to.

Comment: Sigh (Score 4, Insightful) 276

by ledow (#47741183) Attached to: Among Gamers, Adult Women Vastly Outnumber Teenage Boys

Just clarify your fucking terms.

A "gamer" is someone who plays games.

However, if you are only referring to "serious" gamers who invest hours of training to play a particular game, then specify that. Of course, most of the Candy Crush generation aren't doing that (they have a life for a start).

If you want gamer to distinguish between those who buy hardware for their PC to game properly, even that definition won't help you - I've had two people ask me about desktop PC's capable of playing The Sims 3 for their teenage daughters, and you need a decent graphics card for that.

What you want is to use "gamer" as some undefined term that meets your particular clique of game geek. It doesn't. It never has. To me a gamer is someone who was around in the 80's and will happily fight through 10-minute loading screens, unsuitable hardware, pump money into an arcade machine, for proper 8-bit graphics (not the fake-8-bit-retro OpenGL shite you get now) on a game that's almost, if not actually, fucking impossible to complete.

Sorry, guys, but most of you just aren't "gamers". I enjoy a TF2 jaunt as much as any of the other 800 games on my Steam account, that I've had before some of the gamer kids around now were even born. I've run CS servers from 1.6 to the current day. But I still sit and play Altitude like a demon.

Gamer is not a definition beyond "one who games". If you mean FPS player, say it If you mean professional-level twitch shooter, say it. If you mean someone who plays new titles on new hardware, say it. If you mean someone who plays lots of games, or for a long time, or spends lots of money, say it. If you mean someone the industry can sell games to, say it.

But "gamer" means nothing. My mother has completed every Mario game in existence (up to and including Wii U), used to play Horace Goes Skiing back in the 80's, broke four Palm Pilots playing Bookworm Deluxe so much, played Gin Rummy on our first DOS machine, and has caused more money to be spent on the gaming industry than the rest of her family combined. So the industry will target her. And get money from her. And she will buy stuff. To "ignore" her because she's not the stereotypical gamer playing whatever game is considered "real" at that moment would be insanity for the industry.

Maybe she won't join you in a 32-player CS:GO competitive tournament (though she did used to win at Turok quite a lot). But you can't say she's not a gamer any more than anyone else.

Comment: Re:Thoughtcrime (Score 2) 391

by ledow (#47726773) Attached to: UK Police Warn Sharing James Foley Killing Video Is a Crime

Surely, viewing certain types of illegal pornography is no different.

It's not a "thought" crime if what you're watching (and thereby encouraging the production of) is illegal to view.

It would be a thought crime if, say, the police arrested you for signing up on a website where you COULD have watched the video.

Comment: Cancer. (Score 4, Insightful) 185

by ledow (#47726739) Attached to: New Research Suggests Cancer May Be an Intrinsic Property of Cells

My girlfriend is a PhD geneticist who specialises in cancer studies (leukaemia etc.) and is currently working in hospitals doing genetic test to confirm cancerous tumours and other genetic diseases.

When we talk about it, I can't talk on her level, but the way she explains it, cancer is an inherent factor in living things. There's a reason for that. It's a natural replication mechanism that is based on parts of a cells DNA. DNA is basically damaged ALL DAY LONG in your body. UV does it. All sorts of things do it. And DNA has repair mechanisms not dissimilar to a error-correcting code that runs your RAID array, or your PAR files.

So most of the time, when a cell is damaged, it "fixes itself". If it doesn't fix itself, then there are mechanisms in the body itself to detect and cull damaged cells that get that far (the immune system, basically). If those mechanisms fail against the damage, or the damage is of certain undetectable types, then the cell will replicate. But, crucially, the damage to the cell will mean it will never stop replicating. And all the replicated cells will share the same error. And basically then you end up growing a tumour.

As such "cancer" is inherent in all living things with DNA. The question really is whether you live long enough to be statistically affected by the amount of damage it takes to get a cell that can't be fixed or eradicated by the body, or not. Babies can get cancer. It's pretty much down to chance.

So, I'm not at all sure what we're being told here. It seems like someone is trying to claim that somehow cancer is some kind of "disease" that they've found in an older species so it must have been around for longer. Actually, from what I gather, it's ALWAYS been around. Pretty much since DNA existed, if not before. Because it's a misfiring cell that never gets the "stop" signal when it starts replicating (which happens millions of times a day throughout your body).

It's a "flaw", if you like, in the DNA error correction mechanisms. It's not a disease as such. It's not something you "catch". It's not even something that "evolves". It's a mistake. An error. A bad sector or flipped bit on your cell's hard drive that corrupts the rest of the files on there and, when you then blindly execute those instructions, can lead to writing over your whole hard disk.

Comment: Re:Soon? (Score 1) 299

by ledow (#47726709) Attached to: WikiLeaks' Assange Hopes To Exit London Embassy "Soon"


The bail was with a UK court. The UK are seeking his arrests. It's UK police hung around the embassy waiting for him to come out and arrest him.

What part of that is difficult to understand?

Whether what we was originally in court for (which is now a legally-sound extradition to an EU country that we are legally bound to oblige after SEVERAL TIMES sending the Swedes back to dot their I's and cross their T's more correctly) he is innocent of or not, it doesn't matter. While there, under UK court bail, he fled against his bail conditions, and it currently knowingly resisting arrest.

Game over. Even if all the original allegations are definitively proved false. It's like running out of the police station after being arrested - whether what you were originally arrested for was committed by you or not, it's still illegal to do.

What this country needs is a good five dollar plasma weapon.