sick on a stick
He noticed rather late Labour became the proverbial sinking ship -- or sick on a stick?
259 posts • joined 3 Nov 2007
He noticed rather late Labour became the proverbial sinking ship -- or sick on a stick?
The title of the article is somewhat misleading. The attack is not enabled by the modem feature, only the sustainability of an already succeeded attack vector (rogue app etc) would be increased. For example, some rogue app could be just a Trojan and the audio input through a placed, brief telephone call ("wrong number, beep-bepede-beep") could then serve various command and upload features. While it doesn't look like something of interest for massive scale operations, for targeted spying it might work quite well!
But uploading material first and pay or validate later is the whole formula for Grooveshark. It's actually a good concept and completely in tune with the broader nature of the Net (not "free" in terms of money but in terms of looser, more chaotic appearing processes and less central control) and a bit ahead of the wave simply because the music industry is massively, seriously behind -- actually it's still standing at the beach, toeing the "surf". For any music service to become relevant and "modern", in my eyes at least, a massive catalogue needs to be in place to start with. Nobody has that and there's no sign of such thing on the horizon. Grooveshark made a relevant attempt but might not escape the legal red line. What should be an example of good thinking, to drag the industry along, will be another example of the industry killing everything it doesn't like because it's losing control (while they say "money" but that's not a fact at all).
What I miss in the story is the most obvious myth buster of them all: a lot is about pure chance. Or random arrangements which just work while everyone else is left studying the exact formula or magic taking place. The ones with success are always tempted to think they got some clear idea why it worked so well and the "losers" often blame themselves or some list of errors in their strategy. While it can be that, please be aware that in the end, well, just allow some room for pure luck -- like the right time, place and people happening to be there.
Are there still people browsing without those blockers???
Just kidding somewhat, I know I live on a different planet but I personally cannot use the web without protection from additional content purely aimed to district me from the reason I visited in the first place. Or just the idea that a page would load external script and flash from various to me unknown commercial parties -- it would seem a very unsafe idea to surf like that every day! That's just me though. Anyone is free to board any ship and cross any surf how he or she seems fit.
Ads might have "made" the web in several ways, it's also breaking it, in several ways.
The X.25 public data network, who doesn't miss it?
Too late now for me to consider XFCE again since I moved to Cinnamon 2.4. The tweaked version included with latest Mint was everything I ever asked (not too little, not too much). The end of what seems like a long trial & search period (Gnome2, Unity, Gnome3, KDE, Mate, Cinnamon, Openbox, XFCE, KDE, more KDE etc).
The committee established that "bulk interception cannot be used to search for and examine the communications of an individual in the UK unless GCHQ first obtains a specific authorisation naming that individual, signed by a Secretary of State".
Summarized with "yes we can do that if the right person pushes the right buttons but trust us!".
Thereby misunderstanding the majority of the resistance against this mechanism: that its presence becomes already the abomination because only a slight change in legislation or national emergency level could easily change this "signed" procedure. The only proper protection against this is then by not having the infrastructure at all as it will take a lot of time building one from scratch. It's the same with nuclear weapons as there's only way to make sure one doesn't end up using them in ways that will extract a price too big to pay.for all.
Just regard the NSA as the Google of American Intelligence Agencies. The NSA collects while, amongst other interested parties, the CIA wants to do the looking and analysis. The NSA, like Google, always has excused collecting and storing of other people's data with the claim it's not constituting any violation of anything because machines do not "invade" anything by just the processing or storing. That's a rather weak logical basis but considering the scale of businesses and secrecy build on this precept, the consequences of such reasoning.are staggering and seemingly impossible to challenge. Actually only more agencies and IT companies are getting aboard that same high-speed train to nowhere as we speak.
DavCrav: "... then say they didn't know about IS seems a bit weird."
The larger point is here of course the failure of proper intelligence reaching the desks of policy makers and ideally entering their minds. Despite all the high tech cowboy spying and drone flying, enormous intelligence errors appear to occur more as rule than exceptions, for example: Iraqi WMD, linkage between Iraq & Bin Laden, 9/11 hijack & crash threat, airspace readiness, Iranian nuclear bomb and consequences of meddling with Libya and Syria for regime change.... all disastrous advices and reports if not meddled with by politicians of course - hard to say at times.
The moral of that story is that computers, hacked or not, like communications, hacked or not, rarely make a government or a human being for that matter one ounce wiser. Any seasoned IT professional should already know that! If anything, computers and modern communications dumb down, overreach, distract and inflate in spades. Especially politicians seems to be vulnerable - even more so than teenagers!
Reality remains fundamentally ambiguous -- especially while trying to study it with more and more observations. What we call object remains all movement trying to escape analysis and almost succeeding.
The puzzling thing for me about Clapper's bragging is that one can hardly justify any moral or legal objection against this Sony hack when you just admit you've broken into and basically control someone else's digital properties (spanning a whole state) all for your own benefit. Then lets call the Sony hack a "vile" act from the NK state hacking department. But violation remains violation. What is the difference between a burglar hiding forever in your closet or take some stuff, run off and show the world? The basic crime is really the same and all potential intelligence "benefits" seem like more of the same to me too, that is: relative.
It's weird though this picture of NK controlling their state with a system of control and NSA controlling that system again in the digital realm.
Bigger Brother keeping an ever watchful eye on Big Brother?
Androgynous Cupboard, you're so wrong there:
"Snowden was a system administrator, not a spook"
Since he was sent abroad with diplomatic cover it would classify as spy in most books. And the term "system administrator" is something the feds suggested. Deeper investigation by several newspapers reveal a way broader expertise and training.
"but almost certainly doesn't have the knowledge to put any of them into context."
But Snowden didn't publish them! All the background check, verification and expansion appeared to have been done by a team of journalists and their contacts inside and outside intelligence. This is well documented by the way so you're commenting in lazy mode.
Not sure why you dismiss so quickly tapping fibre at the bottom of the sea either. It was one of the most believable parts as it would be the logical place in those hotspots of the world where they could obviously not get into the main access points or core routers.
"If you're wondering why economists harp on about that efficiency, that TFP, so much the reason is one that Karl Marx not only understood but popularised."
Hmm, how do I read that convoluted sentence exactly? I think I might agree :-)
In any case, this all assumes oil and other resources to be commodity which only works as an abstract, unlimited entity. But oil obviously isn't. Actually it depends on vague calculations on "Oil Peaks" and the various cost analysis and estimates for new fields and retrieval methods. Right now they are generally way more optimistic and hyped than they were earlier. It's not inconceivable that world instability and/or regime changes are just another tool for influencing or stabilizing oil prices on the long run.
The story about efficiency is generally true but does not really apply for the principle of scarcity. When that happens, it's all about perception, prediction, belief and ability to stabilize (eg OPEC pricing schemes). In my view that's exactly the global chess board right now. No matter which "model" one takes, the power of mood and emotion are the most defining in the larger economical games corporations and politicians play. Which does introduce the topic of (civil) wars and rumours of war rather quickly in these sort of discussions.
Not sure why some people were so upset by this Barbie episode. It's always been a teen-age fashion doll, that was the whole point! She was supposed to be superficial and stupid while having as many accessories, friends and glamour as possible. Although it's based on a certain actually existing type who are around already since the 1950's and arose with modernity I suppose. But to start now to wonder if the doll might be still encouraging the Barbie in the child.... that's really,...uhmm naive? It's the Barbie World which influenced and influences the doll as icon and gadget. The criticism on the book is like believing FPS games has signicant influence when ti comes to murder in the streets or terrorism. A message then to all the upset women and men: the doll is not meant to educate. If you think education has anything to do with the doll or the books than you should get a job in the fashion industry for a few years and learn how the business, and the world, really works. It will make you laugh more and cry less about these things while at the same time realize the modern world is very much populated by the Barby types seeking assistence everywhere but not because of education or toys.
Smartypants wrote: "Putin != Russia, no matter what the propaganda suggests."
Indeed ... although you have it possibly the wrong way around here as homophobia is very much prevalent throughout the population of Russia and way less so with Putin (if at all). Your rather naive sounding opinion on what "Russians" (as nation or ethnicity?) desire and what not appears also to be in conflict with your belief that they are "not a monolithic" people. While in fact they are, at least compared to "European" or "Western" people.
"Nag it from orbit. It's one of the many ways to make it less sure".
Wow, the War on Rudeness.
It might become just as costly and pointless as the War on Terror.
Plus, it redefines the definition of "troll" to something else altogether. But that's part and parcel of every modern war, redefining words, I suppose.
A Non e-mouse: "This was due to NetWare not having a protected memory model like *nix or Windoze NT."
Utter Nonsense! It was not much different when developing kernel modules for Unix or anything video related for NT4. Most people's problem with NLM's were caused by a) it operating in the lower ring or more often b) exposing a bug in the buggy main kernel or c) not knowing how to deal with a crashed NLM.
Protected memory worked way better since Netware 5 but as you said, by then it was already writing on the wall. There was no comeback from the lure of having a Windows operated Application & File Server combo, no matter how slow, insecure or unmanageable and featureless those turned out to be for a long time to come. The intuitive looking interface and seducing promise of more (visual) integration between client and server was enough.
Upvoted, seems an improvement over mine. Still I think the 3d printer reference would be nice to retain. But does it blend? And of course we know nothing yet on the design but it needs to be ass-kicking! Double the kick.
Kickstart Assisted Revised ³D Automated Spacecraft Having Intelligent Ass-kicking Navigation (playmobil pilot included)
KARDASHIAN hmmm, a first dash at it:
Kickstart Assisted Revised ³D Automated Space Haunting Intelligent Agile Nipper
Def "not that fucking graph again", lets hope you never will put your money in any stocks or shares. If after 18 years the value is still at 0.24 above the long running average then there was effectively zero growth. What you are thinking of perhaps is a different question: is the Earth surface temperature still warmer than the long running average of 30 years? Yes it is but that's "globally warmer" not "global warming" as defined at least by for example EOS/NASA.
Normally the usual goalpost widening starts here to describe the Earth as one giant energetic system where the "warming" is some process that is taking place especially in all the hidden corners. Some would call that process "change" by the way.
Mage: "email" <> SMTP/POP/IMAP
The point of the article is that sometimes a protocol becomes adopted because of its apparent simplicity and ease in use and implementation. And after setting up a couple of X400 gateways in the 90's I could see why (while not completely agreeing with it). And many secure mailers still use X400 based exchange.
Same story some might tell about IP vs IPX or even Microsoft vs OS2. While you can wish the world would wait and think before it acts on implementations, that doesn't mean the world will listen to that advice. The world doesn't revolve around finding "sound solutions" but more often about "who is first".
AC, I'm pretty sure Solaris 10 has the Bourne shell as default. Your example should not invoke "/bin/sh" then.
Mongo: "That's an evil DHCP server sending shell script to the client,"
That's a disturbing application of the shellschok misfeature. I might change my mind on the scope now.
Then again, this example is then also about the insecurity of DHCP client-server model (unauthorized DHCP servers being a well known and unpatched attack vector). Plus the proof of concept will probably work only with the DHCP client using the dhclient-script process (written by Ted Lemon). For some reason they found it nice to pass parameters to the subprocess by setting environment variables. It's the naive, 80-90's somewhat lame but also consistent "CGI approach" -- deeply embedded (in my view) in some of the UNIX philosophy of the time: everything a file, composite approach, interconnecting well made general tools through simple, transparent mechanisms, etc. But it makes it too easy to trick as well ("worse is better?") with all the current day security challenges.
Do we really have to be worried about those leaky CGI scripts? Bigger than Heartbleed? Which financial or government institution, social network or hightech company works with CGI still this century? But HTTPS and OpenSSL, that was being used. Therefore it seems to me silly to say "bigger than Heartbleed".
The local worm effect is a worry but it might be tricky to write something effective to run on routers and control devices everywhere. Again I'm not sure if a) Bash would be in use so much there and b) privileges of web daemons would be restricted more or less on those devices making it hard to run the hack tool universally.
Somehow I smell a scare being employed and perpetuated by a security and expert world in need of excitement.and audience. This is a common phenomenon culturally these days.
Emma: "Both men and women should feel free to be sensitive. .... start defining ourselves by what we are — we can all be freer and this is what HeForShe is about. It's about freedom."
But this implies they also should be free, men and women, to be very insensitive and defining themselves as a troll, by haunting celebrities on soapboxes? Her rhetoric goes nowhere. Since the dawn of time the person on the stage has been subject to praise and rotten tomatoes in all shapes and forms. The whole world wide web is a stage nowadays and we are merely surfers, icons, avatars and tweets. This whole thing seems up-side-down logic: the limelight is so harsh, please dim the audience!? Keanu Reeves has more right to complain with the female stalkers in his house lately.
"If you love Ubuntu for the Software Center, Kubuntu might disappoint. Kubuntu uses Muon for GUI package management, which lacks some of the hand holding that made the Ubuntu Software Center friendly to beginners."
Muon? As Kubuntu user of a few years old I've always ignored that name and just started Software Center. Not sure how more options could disappoint! And as an aside, I'd happily try something else than KDE but every time I try any other sane flavour I end up running into major bugs or insane impracticalities. But I really would like something else, simple, clean yet powerful. Lets hope something "mateures" sooner or later!
I'm pretty sure the original title waS:
"Bored Neanderthaler locked inside a cave"
Voice control as one of the many user interfaces. What will liberate (not kill) the app market is the complete freedom to interface with any app with voice control being just one voice in the crowd. Maybe I want specific gestures, automation, external sensors, mind control, a mouse, normal touch, secure locks, childproofing etc. Same reasoning on output, flexibility in how and where to display things will have to grow as well.
Standards will set us free. Single interface designs are pipe dreams. The world of form is legion and will always demand more ways to access it, not less.
From The Mirror: The whole town came together recently to help buy a huge widescreen TV for our community centre so we can all watch soap operas together. "And there's always time to stop and gossip, try on each other's clothes and do each other's hair and nails."
They do not really advertise, ehmmm, the romancing part, do they now? Their first catch should be an advertisement guru to create more illusions about wild romances and complex triangles. I mean the article does say they "share everything". Until the snake in paradise enters I suppose: the village will become soaked in blood when jealousy rears its ugly head.
"NIST points to the vulnerabilities in old versions of SSH"
Wasn't Heartbleed, being related to a new feature, present in what was at the time the latest major version but not present in many older ones? The exception confirming the rule then? While applying patches remains crucial, proper monitoring of (unusual) activity remains key in my opinion.
Killing Time: "A delusional egotist whose relevance faded several years ago."
Still way better than being a delusional egotist who never had any relevance at all, mostly because of lack of sufficient skill, understanding and balls. In my opinion that sums up 82.4% of Assange's critics and 24.5% of his supporters.
Ross wrote: "downvoting... doesn't bother me."
A whole post to explain yourself because you noticed some down votes? Do you have any self-reflection at all? Anyway, your posts were just bad on many levels: humour, comprehension and information wise. That's all that there's to it. But keep looking for that "other" reason if that makes you happy...
"There is no justification as to why the content of a document can only be displayed properly if the execution of macros is enabled."
"The timing of the outage came just days after the BBC's Internet Blog ... celebrated the fact that it had been nearly a year since the Corporation .... moved live processing into the cloud".
Perhaps somebody got the wrong idea and the timing this week with the internation media contest "how to pizz off 75% of the Russian population" might also have provided fuel. As mentioned above, the caching service might have been targetted and then it's just a question of stressing the load.
Extreme weather? There are more extremes in terms of recent record setting perhaps. But no sign of increase of hurricanes, cyclones at the like worldwide since the start of the most recent global warming. Flooding, perhaps, but many of those are extreme in terms of impact because of human stupidity in failing to prepare for the inevitable.
What the actual conversation sounds more like: the energy went to the oceans where we can't exactly measure it yet because we don't have the equipment and a complete model to compensate for all factors at work at such depths.
As are all other pedants who think mediocre Google skills makes them feel a bit like god almighty. For two reasons, mainly:
1. Birth certificates in the 19th century certainly did not contain exactness for a couple of reasons, for example to keep within maximum registration periods. One needs to find out the date of registration and see it was perhaps around a six week window (or whatever was used at the time). Check with any historian and archivist, you know, real people with actual knowledge based on experience.
2. It's certainly not strange, or wrong, for biographies to select birth certificates over other claims or sources. Even if the person involved herself would make the claim. One might not agree personally but that's how it's done and Wikipedia is not different here from many formal biography projects. Same goes for spelling of names, if one has to be picked it's the one officially registered, if known, and not how someone might have decided to spell it over time. Ideally one would find the entry in both instances but that's not always a good idea.
Better to start troubleshooting with asking the exact error or description of whatever is visible on the screen during any attempts to open or close things. This will make sure there is actually something on the screen to work with. Dabby went into the whole thin a bit too impatient, solving without actually seeing what might be happening. It would also help using Teamview or similar products. That is to prevent exactly conversations like these! I guess I had too many of them in my helpdesk years and soon you start to understand and accept the reality of them, you stop judging the customer and start criticizing ones own line of questioning. And oh yeah, don't support people when not feeling comfortable when other customers are staring at you, wondering what you're doing. It doesn't help. That's also not Bill's fault by the way. The silliness is yet again Dabbs's....
Bulleyes and some follow-up comments. The weight based shelves would only work if every item in the fridge is RFID enabled and not thrown at the shelves and containers in a chaotic way but preferable in a neat sequence. Just like programmers would fill their virtual fridge in a fricking demo! In real messy life the fridge will forever remain in a partially confused state.
"Sensitivity stripes" would be a problem on items where the packaging is already too much part of the cost and recycling woes. And as you already wrote, fridges of people not working on these projects - with less predictable and organized live - are often filled with many fresh, self-made, rather undefined and other unpackaged items. So then we need to have two administrations where there was only one before.
But with large scale applications, like storage rooms for massive food preparations, high volumes, predictable items, this could be actually useful. And as someone else already wrote here, it's already being done. But at consumer level it's in the "hoover car" and "jet pack" category for sure!
"According to Mr Snowden's colleagues,..."
Ahum. And who are those exactly? Former colleagues? Colleague whistle-blowers? Fellow planespotters? No reason for this added mystique here, I'd think.
The article displays a rather convoluted and paradoxical approach on the subject. On the one hand the "abuse" factor in the Snowden files is downplayed in favour of praising some degree of self-restraint these same files appear to suggest. On the other hand it ends by admitting there's now the start visible of NSA reform and as well the potential of much needed GCHQ reforms. But all of this is hard to imagine without Snowden's decision to do exactly what he did, where he did and how he did it. Alternative but sane options open to him at the time I'd love to hear!
Or is perhaps the case being made these reforms could have happened without Snowden since "its theoretical extent has been obvious for many years". This is a giant leap, asserting with now almost (and assumed) perfect hindsight that large complex organizations could change somehow by spontaneous inner pressure or political oversight. This line of thinking has zero historical credibility.
And then a defence like: "in an Orwellian world, Edward Snowden would never have made it to Hong Kong" sounds pretty desperate, considering all the rather well documented hoops Snowden had to jump through to make sure he was not taken out even before he got his information out properly and particularly his flight out of Hong Kong, getting involuntary stuck on a Russian Airport, between a "Brave New World" rock and an "Orwellian" hard place.
Any implication that Snowden's own success somehow would prove that all those warnings about the largest security agencies might be overblown is an argument collapsing under its own weight. As are perhaps these overweight security agencies themselves are already doing under all the increasing pressure and scrutiny.
"Some of the original engineering team got together"
But those are not the blokes on the photo I presume unless they cryopreserved themselves in their secret lab for the last decades and only recently woke up because of some old signal.
There's no real fixed definition, Jim59. Someone can also speak about "local" in terms of "local access" to the hardware under the OS itself which is fairly common with (shared) workstations since decades and since last decade even more so with all the Unix derivatives and improvements around. Local access which by the way would change the whole security context right there and then. Perhaps a better term in this article would be "users able to start-up a local shell process". This is not that much different from starting some sshd or httpd subprocess or thread by accessing some port. Although shells are more powerful processes with more possibilities than most other user services. By design of course. Perhaps on a large shared hosting provider, one might have some different security concerns and expectations than on private platforms. For that reason the impact factor of this bug doesn't seem that high but still important enough to think about though. Briefly.
Slow changes spanning geological time-spans are not of the same order of impact as the same change within centuries. In the same way an overall rise of sea levels will not manifest everywhere evenly as something to be measured with a ruler. Even so, it's hard to imagine what a flood coming from such an enormous surface with slightly raised water-level would look like when you stand there with the ruler. It's a lot more water coming your way.
I do agree though we'll just have to deal with this like with all the other major disasters, many probably larger and even more serious, and most of them little to do with CO2. Let starts not to build cities on flood planes or earthquake faults. Oops.
Or perhaps 2,500 admins or developers wordlwide decided to have a test machine online for a while to play with key extraction themselves? And some honeypots too perhaps. Numbers don't mean much.
Article: "...would also not allow light to reach the pilot".
Note: in space it's pretty dark unless one is close enough to a light source like a star. Pilots won't steer by visible light unless they are flying in a carton cabin hung inside a well lid studio. But I guess radar beams won't go through the plasma either. Enemy ships need to be detected at least with "sub-space particles scanners" one would presume. At least in Startrek.
Or a SF movie like Tremors: innocent geeks being swallowed by a million angry unloved cartridges. They're unstoppable! Now heading for Hollywood and Sunnyvale, to wreak utter revenge on their unsuspecting heartless makers.
Puzzling how anyone at this stage could determine that these attacks are "state sponsored". Obviously there'd be a lively global trade in information which hackers and intelligence agents from all over the world might be involved in. But to scream "state sponsored" without some Snowden-scale leaking -- would likely be a tad primature.
What about a general FOSS project health check? For all core projects insist perhaps on a certain minimum amount of developers and reviewers, with some properly documented reviewing processes? Perhaps this is just about having some standards even when it's free and volunteer work. This is not about creating more overhead but about learning from mistakes and underlying causes in all the practises and work-flows. It hardly seems an incident, how many important libraries are maintained and minimally reviewed because of similar reasons?