Posts by Pete 2 3497 publicly visible posts • joined 10 Jun 2009
> critical infrastructure organizations to take immediate actions to protect against cyberattacks from these foes
There is only one way to secure (even then, not entirely) critical infrastructure: take it off the public internet.
It all boils down to one simple question - do you want convenience or security?
> "Imagine that all people around the world could use voice AI systems like Alexa in their native tongues,"
To quote the good book about universal translation:
“Meanwhile, the poor Babel fish, by effectively removing all barriers to communication between different races and cultures, has caused more and bloodier wars than anything else in the history of creation.”
> expensive kit, if it does NOT rely on a firms back-end "servers"
The same applies to "smart" TVs.
About 5 years ago we bought an £1100 Samsung. It vcame complete with loads of apps: Youtube, other streaming services, etc.
Within a year software "upgrades" had withdrawn most of these and the only ones that remained were the crappy ones that nobody ever wanted. Now all that TV does is act as a over-the-air receiver and display. About as "smart" as a 1960s telly!
> customers, who are now wondering what they will do with various "smart" home accessories that are looking rather dumb.
Some suggestions:
* doorstops
* "dummy" security devices (were they ever really anything else?)
* conceptual art: on the topic of once your data leaves your domain you no longer control it
* turn it into NFTs and find yourself a sucker
* learn from the experience - repeat "never again" several times a day
* replace all those "smart" appliances (were they ever any more than a lazy way to turn on a light / appliance) with a long stick. It doesn't even need batteries.
> a date for a return to the pad for another dress rehearsal has yet to be set.
ISTM that the FCC approvals for SpaceX to launch their Artemis killer, sorry: Starship, from Texas will be delayed until such a time that NASA get a successful launch in, first.
Given that SpaceX are also building a launch facility for this monster in Florida and seem to be amassing more Starships as the days go by, it would be highly amusing to see them have two flight-ready vehicles (one in Tx the other in Fl) on the pad, waiting for someone to light the blue touch paper, the day after Artemis fiiiiinaly lifts off.
> AI software is being offered to sales teams to analyze whether potential customers appear interested during virtual meetings.
How about this:
An AI analyses the sentiments of victims people who are cold-called. It determines that absolutely nobody, ever, feels positive about having their lives interrupted. Nor about being pressured by a stranger to do something they have no interest in.
The AI then works out that the best thing to do would be to route all sales calls through to other AI-answered numbers. Those (other) AIs could appear interested, engaged, receptive - and not swearing at the caller ... even once. The sales people would then have much happier lives. The general public would be rid of one of the major nuisances of modern life (does anyone answer calls from numbers they don't recognise, any more?) and the number of telesales made would probably not change from the almost zero percent success rate they currently have.
Everybody wins!
> That function authorizes who can control a user's tokens and was created primarily to enable third parties like Rarible and OpenSea to control tokens on behalf of the users
Never mind, an NFT is no more than a link. Nothing of value¹ was lost
[1] assuming people understand the difference between value and cost
> So, the bottom line is, no matter how much someone tells you that "Linux is hard!" They're wrong.
I do not think they say that. What people tell me is that they find Linux to be hard. Impenetrable. Unfamiliar and generally hostile. Even now, after 30+ years of development I still get the impression that the man pages and online information is written in a style that a person would use when answering a graduate-level exam question. Not in the style of a "for idiots" guide.
Sure, these sentiments do not come from IT professionals, but they do come from people who want computers to work the way they expect them to. To deny that is one of the biggest failings of the Linux community. Which could explain why most Linux desktops strive to look like Windows or Macs.
However, the other hard part about Linux is UI design. Making apps that "flow" in a logical manner, So that the right options are presented in a logical order. Getting the user interface to with with the user rather than in the ad-hoc way the coder slapped together options, is so difficult that not even the professionals manage it very often. Just look at the standard options on any windows frame: Linux or Windows.
Now open the option titled "Edit" and see if it allows you to edit your document!
> The Register contacted Starlink and parent company SpaceX for comment and will update should a response be received.
Presumably after they have rebooted / fixed their problems.
In other news: Sunspot Activity On the Sun [ where else? ] Is Seriously Exceeding Official Predictions
> Previously, all installs of the Raspberry Pi OS (formerly known as Raspbian) had a default user called "pi".
Speaking of, what about all the other default users:
root, daemon, bin. sys
sync, games, man
lp, mail. news
uucp, proxy, www-data
backup, list, irc
gnats, nobody, systemd-timesync
systemd-network, systemd-resolve
_apt
Or don't they count as every Un*x system has a lot of them hard-wired in.
('pollies for the whitespace. Blame someone else's CSS for that!)
So is this survey for the same quality of service? The same bandwidth? The same data caps?
Or does it vary from a 1MBit/s Wimax in a rural domain to a 1GBit/s FTTH in the most expensive cities in the world.
It seems to me that these variations are in line with the (lower) cost of equipment in countries with lower abilities to buy top quality kit when compared with those that prohibit cheapo hardware on the basis that a foreign power might be eavesdropping. Also that the cost of installing infrastructure is heavily dependent on local labour costs - which also vary enormously.
> Dick changed all the comments in the code. Sure, they all still looked OK to the casual observer but bore no resemblance to what the code actually did.
Ahhhh. Otherwise known as "version 2"
The amount of time I used to spend believing the comments, rather than the code. A working practice I have been completely cured of for many, many, years.
It seems to me that most of the time that bug fixes, tweaks, modifications or any other changes are made few people see fit to alter the comments to reflect what was done. Or why it was done.
At best you might get a passive-aggressive: # fix for bug report 93315 which is neither helpful (or often correct).
... there will still be the same old my language is better than your language (grandad!) arguments. Ones that are criticising rust, go and all the other trendy stuff. Pulling them apart and inflating their inevitable weaknesses into major fashion faux pas.
Even though almost all of the platforms those quasi-religious arguments will be taking place on will still be written in C
> plenty of people outside China will be hoping Shenzhen gets on top of this outbreak quickly.
Maybe the UK should help out by sending China their secret weapon.
How quickly can Dido Harding be dispatched? it would be interesting to see just how much damage (to the virus - what did you think I meant?) one person can do.
> Backups were performed and rotated and once a week
Necessary, but not sufficient.
Did they ever check that the backups could restore their systems?
In practice a much more difficult task than many would imagine as you need a complete identical set of servers (plus other infrastructure) to restore to.
> the first thing organizations should do to prepare themselves
Surely the first thing to do is to consider just what systems actually need to be connected to the wild west public internet?
Home working has required more companies to expose themselves(!) to outside connections. Hopefully from their employees, only. However, it still boggles the mind that there is sensitive, vulnerable and juicy targets of national infrastructure and security that is accessible, and therefore hackable.
I realise that nothing will be done until it is too late. That governments will take no action to protect vital systems until they get hacked into oblivion. Even then, there will only be an inquiry, conclusions that nobody was to blame and "lessons learned" while business carries on as usual. Just as the NHS learned in 2017 with the Wannacry attack. Although there was much fuss, many NHS systems remain open to attack - some even from the same malware.
> only 29 per cent of IT workers globally have a "high intent" to stay in their current roles
Although most will do!
All this shows is the large gap between what people SAY and what they actually do.
However, this is a global study, so is not relevant to any particular country. It is far too general for any company to use for planning.
The study (as reported) also fails to provide a time limit. Stay in their current roles for how long. A year? Life? Or until they get promoted while staying with the same company?
The Jevons Paradox
From the Wiki article: technological improvements that increased the efficiency of coal-use led to the increased consumption
> chip fabs stockpile the gases they require, so "gas production line interruptions in Ukraine will not halt semiconductor production lines in the short term."
So not much of a stockpile, then?
As far as I am aware neon, being an inert gas, doesn't have a shelf-life as such. Maybe whatever it is contained in might contaminate it past the extreme levels of purity required given enough time, but we are told nothing about that.
Though whatever the background facts are, I still reckon that this conflict will be used as an excuse to raise prices.
> Mars parcel pickup rocket ... Until today, no contractor had even been appointed
If NASA was going solely on price, they might have chosen DPD.
I can just imagine, instead of sending a rocket, they would just have slipped a card under NASA's door to say that they tried to pick up the stuff from Mars, but nobody was in.
> The long-term nature of these chip orders is turning out to be a boon for NXP
And therefore making it more difficult for developers to break away from existing designs, to use new chips with better features.
"Whaddaya mean you want to use a device with 32 times as much memory? We've just signed a contract obliging us to buy 20 billion of these 8-bit processors in the next five years"! Make do with the 32kB of RAM - that's all you have to work with.
As the lady says:
> "Social media is a time-wasting pit of crazies, pornographers, criminals, and perpetually angry nobodies flinging insults at each other,"
and in conclusion:
> Mme D's social media feed managed to irrevocably breach social media content rules within minutes of creating her account – without actually having any content in it.
The account (obviously) was banned, blocked and b*ggered due to the LACK of hate-content.
> use LG’s ThingQ app to upgrade their clothes dryer with new software
I reckon this is just a ploy for the company to extract more revenue (nobody said these upgrades would be free) from existing products. Maybe even as a marketing ruse to increase the price above and (far) beyond the actual cost of the additional hardware.
OTOH, "upgradable" is just another word for hackable.
On the gripping hand, it means they can do away with their software testing team. Gotta bug? Never mind, we'll just push a patch.
> within a couple of minutes I had rebooted the FreeBSD server that ran DNS into single user mode, made the necessary modifications to the DNS files and restarted the server
No doubt the half of management who were pleased had realised that the network team could be replaced by a lone individual with the right motivation. I assume the other half of the managment who were livid had just realised the same thing.
> Dutz's distress call comes just days after another open source developer, Marak Squires, sabotaged two of his own projects.
The 2008 financial crisis arose because lots of american financial products were made of a mixture of high-risk debt that nobody quite understood their exposure to. It worked for a time, until confidence ebbed and some of those debts turned bad.
Are we now seeing the same thing in the world of FOSS? That every organisation fed at the trough of "free" (gratis) software with little or no understanding of the risks and exposure they were building in. And just like in 2008, it worked fine, until some "players" defaulted and then the whole mess turned sour.
We have all heard of technical (or software) debt. Where past shortcuts in design, implementation or documentation lead to far more work in the future. But that at the time, those failures did not seem important.
Are all those chickens coming home to roost?
> the real problem isn't that it was open-source software
No. The problem is that it takes virtually no skill to download a package and follow what every other user does with it.
Having the knowledge and experience (and time: paid for by a person's employer) to perform a security audit, or even a risk analysis, on that software is a rarity.
Much of the popularity of FOSS packages is the knowledge that lots of other people and companies use the same stuff. So it's gotta be OK, hasn't it?
Whether security is a product or a process is not really relevant. The problem is that nobody takes responsibility for FOSS. Nobody has to fix problems when they arise, get written into new releases or are discovered. That lack of enforcability and the associated freedom from obligations, is the major factor behind such software being free (as in beer).
Apparently you can now use BTC to buy an american politician.
Judge for yourself if that is either a legitimate or a legal use.
> Get rolling again, and streaming content will continue in audio-only form.
> It makes sense; one would not want drivers jabbing away at the touchscreen while their vehicle thunders down the highway.
Unless they are randomly jabbing away trying to get the video back. Something that mysteriously disappeared as soon as the driver should have started paying attention to the view in front, rather than on their screen.
> But the supply chain challenges have also worsened for Raspberry Pi 4 models in the last month
Not what you want to announce if you are planning an IPO in 2022
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
