46 posts • joined Monday 3rd March 2008 14:43 GMT
Changing fingerprints won't save you
A lot of commenters here are saying that your browser fingerprint will change very often, as you upgrade plugins, etc. This is true, but it's not like how a digital hash changes completely when you change just one bit of the input data; the browser fingerprints only change slowly.
They cover this in depth in their paper:
From the abstract:
"By observing returning visitors, we estimate how rapidly browser fi ngerprints might change over time. In our sample, fingerprints changed quite rapidly, but even a simple heuristic was usually able to guess when a fingerprint was an "upgraded" version of a previously observed browser's fingerprint, with 99.1% of guesses correct and a false positive rate of only 0.86%."
And that, as they admit, is only using a very crude algorithm.
The best way to look at this is as a very power "super-cookie" -- like a Flash Cookie but much harder (currently) to defend against. This _is_ a big deal. It gives any website that you visit regularly the ability to know that you are the same visitor as earlier, even if you don't log in and don't accept cookies. And if you have ever identified yourself to that website in the past, they will know who you are even when you visit the site again but don't log in.
This technique must be a favourite of the spooks. And only the browser makers can really fix it -- an add-on that homogenises your fingerprint will only be as good as the number of people who use it, which will be a very small number indeed.
According to the forum posts, or this:
the DNS servers were sending people to porn sites during the first attack (last week). Does this imply the DNS servers were hacked? Did eircom perhaps fail to apply certain recent critical DNS patches? Or could the high traffic volumes alone have caused this?
Eating in the dark
Back in the day, sailors used to eat in the dark so they wouldn't see the maggots that had infested the foodstores. That kind of reminds me of Foxit. A few days ago it was safe:
Now it isn't:
But it's more fun to hate Adobe, right?
It's all a numbers game
"the first humans don't arrive until 11:58 pm. In that same minute, Jesus is born, said Coyne."
So that would mean that humans have been around at most 4,030 and a bit years. (Assuming Jesus was born in 7BC and remembering that there is no year 0. Oh yeah!)
Never trust a journo's figures. Nor a priest's, it would seem. As for me, I'm just approximating.
Poor show, El Reg
This kind of research has been going on for years. You are reporting, I think, on the work presented in a 7-page paper from three and a half months ago ("A Fast Linear Registration Framework for Multi-Camera GIS Coordination")
I would guess that this is a small advance, like most research - not the solving of Computer Vision that you like to report breathlessly every few months. You would do better to try to understand the limitations of these systems and take comfort from how ropey they are.
May I recommend...
KeePass for anybody who isn't using it? It doesn't solve the "problems" that Equifax supposes exist - it simply stores all your usernames and passwords in one encrypted file, and can auto-type them for you.
This means that you can pick ridiculously complicated passwords that are different for each site, so if somebody compromises one site everything else will be safe - the very opposite of the Equifax approach. It's the best program I've discovered in ages.
Actually, Apps Hungarian notation is excellent:
It's MS's Systems Hungarian notation that's shite.
Now I like to bash MS just as much as the next guy, but almost all browsers have problems with rendering:
Shock, horror! Eric Raymond LIED to me!
Also, standards are hard, mainly because there are lots of laissez-faire knobjockeys out there (not Joel):
Just a reminder that Fortium Technologies (then known as First 4 Internet) developed the technology behind Sony's wonderful rootkit.
And any analysis of false positives and false negatives is meaningless without two numbers, e.g. "90% true positives and 2% false positives".
I have personally developed a system that detects 100% of pornographic images. It simply marks all images as pornographic. The false positive rate is crap, though.
Did you change
"Email hacker banged up for exposing boss' sex life"
"Email hacker banged up for exposing boss's sex life"?
If so, thank you. I learn with sadness that the first version is now apparently acceptable.
Well, if I was that closely associated with Bertie Ahern, I'd want to remain anonymous too.
Let me guess
The file corruption was caused by a race condition. Only manifests itself under heavy usage. Something that's probably taught in Servers 101. But these guys got all their back-end PHP coding done by a spotty summer temp who isn't paid enough to care and wouldn't understand anyway.
Am I getting close?
Thales! The company whose radar failed this week in Dublin airport for the fifth time in as many weeks, causing hours of mayhem for thousands of people. And on this occasion their engineers actually diagnosed the problem, so it _might_ not recur.
The average computer user
never reinstalls their operating system. They don't even know what "operating system" means. When their computer seems sluggish and is over a certain age (2 years?) they buy a new one. Or perhaps they get their chump^H^H^H^H^Hmate to fix it. But they never reinstall Windows.
This move will, sadly, change nothing.
Re: all you Zone Alarmists
"Software 'firewalls' are a joke. Zone Alarmist is probably the worst of them...
get real, get rid of it, & get over it"
Has ZoneAlarm EVER saved you from anything?
Security theatre, anybody?
If you think that implementation bugs are the beginning and end of problems in high finance, may your buy-to-let property turn into a crack den that smells of wee. All models are riddled with dubious assumptions.
Correlation does not imply causation
Across European countries there is a correlation between the number of abortions performed and the number of condoms sold.
Across European countries there is a correlation between the number of abortions performed and the number of lollipops sold.
The hidden variable is population size -- bigger countries have bigger populations, a higher number of abortions and higher lollipop sales.
I haven't read the original research article, so I did know if he really did assert a _causal_ relationship (which way?) or just a correlation.
Either way I don't like people who aren't willing to question their beliefs, religious or otherwise.
So these guys...
are claiming that they've solved a very hard problem in Computer Vision: tracking arbitrary objects moving in unconstrained ways in 3D through a scene imaged only by a webcam? And the segmentation problem implied by the initialisation phase?
Notice how the example objects are all very distinctive wrt the background. How convenient.
read a book called Supernature : a natural history of the supernatural? (c1973)
It mentions people with vision so acute that they can read text off other people's eyeballs. At least, I think it's that book. Anybody care to confirm/refute? A fantastic book at any rate.
>I also deeply dislike things like i_variablename (ie - indicating the >type by sticking a tag on the beginning or end of the variable).
I agree that using i_variable to denote an int or szString for a zero-terminated string is a waste of time (and worse). This is called Systems Hungarian Notation.
But the original idea was that the "kind", not the type, of the variable should be encoded (Apps Hungarian Notation), and is a very useful naming scheme.
E.g. i_largest_element -- the _index_ of the largest element in an array, etc. Neither type checking or IntelliSense will give you this sort of semantic information.
for more on this.
This company has hit upon something very important,
Namely, that there are so many people who will
-sell their privacy for a geegaw
-fail to read T&Cs (even the gist)
-stay wilfully ignorant of the dangerous computer environment in which we live
that they can bag up millions of them perfectly legally. They don't even need to break the law!
Whenever I read a story like this I get angry at the company, but I also get angry at the computer users who don't even TRY to educate themselves. You all know the kind of person I mean.
@Picking the wrong pattern
While some pattern recognition systems are "black box", not all are. As AC above says, most image analysis software is _very_ unsophisticated in the features it uses, but it can still perform surprisingly well.
In classifier systems the most important element by miles is the the features you use as input. The classifier (neural net vs support vector machine vs decision tree etc) can't turn a sow's ear into a silk purse.
Paris, because a home video was leaked onto the internet showing her engaging in various sexual acts, including sexual intercourse and fellatio, with a man called Rick Salomon.
Re: 'Just works' clarification
My spleen-venting about "just works" is mostly based around the install.
It picked a screen res that could have been damaging my monitor, and it left me permanently locked out of Windows.
I can easily accept that there are many things that won't work straight away, but the install _must_ work flawlessly. It's a showstopper.
So I installed Hardy Horseshit at the weekend.
First it picked an impossible resolution for my monitor, so that I couldn't even _see_ the Start button (or whatever it's Gnome equivalent is) to go about fixing it.
Then the sound wouldn't work in YouTube and another app simultaneously. Any ideas, anybody?
And then I couldn't boot back into Windows, possibly because the boot loader choked on an extended partition. Cue Windows reinstallation (after trying to fix the MBR).
So, "just works", eh? Christ, Mark, I _want_ it to work. How about you get the devs to focus on making it work for everyone, instead of three dollops of FAIL?
Re: To all web programmers on El Reg
And another problem, Steve:
The MySQL syntax is
i.e. your code will miss any INSERT queries that don't use the INTO part.
This is voodoo programming, and it will get you in the end.
I knew it, you're all still racist against the Paddies, aren't you?
This isn't the first time
Falling slowly, indeed.
Here's a little (a lot of) light reading about criminal profiling, kindly pointed out to me by a Reg reader a while back:
It's just cold reading, and it can do more harm than good.
“I would say that on the whole you can be rather a quiet, self effacing type, but when the circumstances are right, you can be quite the life and soul of the party if the mood strikes you.”
What chance that this software is any better? SFA.
One of the problems
with Wikipedia is that Jimbo and Co. have done Jack Shit to curtail vandalism. If they just raised the bar slightly so that you had to be logged in to edit articles, most vandals wouldn't bother. (And to register you'd have to provide a valid email address and click on the link that they'd send you. All very standard stuff.)
Jimbo is doing very nicely out of his minions, but treating them like chumps.
Just because some gobshite phisher has compromised a server doesn't mean that you can also enter the server (without permission).
Although this seems more of a shortcoming in the law than anything else.
Multi-threading is hard
So hard, in fact, that most programmers don't seem to be able to manage it. The easiest gains will probably come from software libraries that use multiple cores but hide it from the programmer - it has to look like single-threaded programming even if under the hood it's not.
Of course, there are only certain types of algorithms that are inherently massively parallel, but many of them seem to be related to processing video (including computer vision!), and video on desktop PCs has only been practical for about 5 years. With hi-def catching on big-time, that's one area where multiple cores will be useful. But I'm not sure how many people actually run transcoding jobs that take 12 hours. Editing home video is a bit more common.
So in summary then, they'll find a way of making us want this shit.
The idea that it is possible to use microscopes to see the overwritten 1s and 0s is just a claim by Peter Gutmann about intelligence agencies - an unverified claim, obviously.
I few passes of the DBAN CD should be enough for almost everybody - you flatter yourself if you think your data is _that_ valuable. Any angle-grinder approach is just wasting a computer which could do some good somewhere else.