Posts by Charles 9 16605 publicly visible posts • joined 10 Jun 2009
Honest question. Why is there an aversion these days to unannounced tests, given the reason for preparedness drills in the first place is to ensure procedures are followed in as close to emergency (read: unannounced) situations as possible? Yes, it's nerve-racking, but acting as a disaster sentinel will inevitably be nerve-racking because disaster can come at any time...without notice.
"Point being it would take deliberate collusion and just not a normal confused cock-up to send a false alert."
Not necessarily. Never underestimate Murphy. We don't know if there is a "break glass" scenario for the unlikely-but-not-impossible scenario that all three executives (and anyone else with the possible authority) can be dead, unconscious, or otherwise incapable of performing the duty at the same time. The Hawaii scenario along with many other faultless engineering disasters show it is possible to "thread the needle" and bypass every single failsafe and still fail spectacularly.
"Semaphore code using brightly coloured grass skirts signalling arm and body movements."
Lost in the horizon due to the distances between islands, unless you're of the Flat Earth cult who honestly believe that's the opposing beach you see across the miles of ocean between islands.
As for radio, one good typhoon or volcanic eruption will knock out all the power to the radio transmitters (including the backups).
"A message about grandmas oatmeal cookie recipe could easily be code for some nefarious plot, but good luck detecting that with your fancy AI that can barely read a Wikipedia article."
But you have to establish the code beforehand (First Contact problem), raising the possibility of moles. Unless you can demonstrate a zero-knowledge code.
"What is coming is smarter, faster AI-driven software-based biometrics that will allow us to be secure using one factor."
I frankly don't see how you can make biometrics any more secure than the crapsack they are now. In fact, given all your criteria, practical security is a fool's game because the minimum standard for anything that's practically worthwhile is basically too irksome for the average Joe. Thus why we're stuck at deadbolts (that can be defeated with a well-placed kick), passwords that people forget, and fobs people tend to lose.
Frankly, if you want better security, you're going to need to start with a better human being.
"The root cause of the problem is the combination of the following subsystems of a processor’s microarchitecture. Note that none of the individual components is to be blamed for the vulnerability - it is how they work together"
IOW, we have a "gestfault" here: something worse than the sum of the parts.
As for solutions, why not find a way to solve the bottleneck of context switching so that it can be used more liberally to keep things more separated without killing your performance?
"So 'cause admins want it, it was rammed down every throat - and I thought a lot of h/w venders had a problem with business users using consumer tech"
But what about the other way around--consumers using business tech--which means the foundry process gets simpler and you know what they say about the KISS principle?
"Would there be any less if theses companies didn't try hare-brained schemes like IME or other bloat and complexities when there is little need."
Do you think they would've stuffed such a thing into the chip if there wasn't a demand for things like long-distance remote administration? Remember, ME was demanded by admins.
"I'd prefer the hardware equivalent of Archlinux and i3wm - that way, I can be sure any bugs aren't introduced by fripperies."
That may be you, but you're in the minority. In the REAL real world, people just want to get crap done, using whatever tools are at hand.
"Upshot? Anything can be faked. Always be sceptical. Engage brain before feelings."
But feelings are in the brain, too, and unfortunately, instinct tends to favor emotion over reason, thus something that appeals to emotion has more power than one appealing to reason, and there's little we can do to control it; we're no Vulcans.
It's your source that is incorrect. The date in question refers to the passage of The Diplomatic Privileges Act, 1964, which adopt MOST the Vienna Convention to UK law but not ALL of it, AND there are local additions like the override clause I previously mentioned, which is Section 3. You can feel free to read the text for yourself in that link. It's all there, including a PDF copy of the original printing. BTW, MY source is considered authoritative since it comes directly from the UK government itself.
"You're right that the Convention isn't UK law (few treaties explicitly are), but invoking that loophole puts you on exactly the same thin to non-existent ice as detaining a courier - it's a flagrant breach of international law."
Not in this case because the UK is not explicitly signatory to the Vienna Convention. The Diplomatic Privileges Act is not the Vienna Convention and has various local alterations as noted. The local override is one of them. Plus there's also the matter of abusing immunity (talking the mick, as another put it). You mention the Yvonne Fletcher incident but neglect to mention they couldn't pin the culpability to a single individual due to (1) there being more than one shooter and (2) secrecy concerns. Plus it should be noted the UK got theirs back. They severed diplomatic relations with Libya and allowed the US to bomb Libya from bases in the UK in retaliation. Plus Libya eventually paid compensation for the incident, probably because they had no friends on northern Africa.
This time, we know exactly who the culprit is, he hasn't made any move to conceal his crimes, so as the saying goes it's open-and-shut. Any attempt to use diplomatic immunity to try to get him out can and would get called out as abuse of immunity. About the only reason the UK doesn't sever diplomatic relations with Ecuador is that Ecuador DOES have friends in South America which can result in reprisals. And while there is little the UK needs that comes from Ecuador, other South American countries may have products of value (like say Venezuela with its petroleum).
"That's an awkward position to be in since you're explicitly asserting that local statutes trump the Convention which means that you're agreeing that Afghan blasphemy law (for example) overrides the immunities of our people in Kabul."
That depends on the laws specifically set down in Afghanistan. If blasphemy laws explicitly take precedence over anything the Vienna Convention defines, then you're up the proverbial creek. I strongly suspect this was very much the case when the Taliban had full authority there, thus the lack of diplomatic relations there at the time.
Ah, found it. The relevant part IS an earlier article: Article 9, which does take precedence because it covers more fundamental issues, including the issue of personae non gratae. Last I checked, Assange IS persona non grata in the UK, meaning if Ecuador tried to make him a diplomatic courier (which they can do unilaterally now that Assange is an Equadorian national, before it would've required UK approval), the UK can still cry foul. After all, the Vienna Convention is not actually UK law. Not entirely. The parts that apply are contained in the Diplomatic Privileges Act, 1964. One important consideration of this Act is that it gives the UK the power to withdraw immunity within its territory, subject to procedure. IOW, the UK possesses an override, and since the embassy is in UK territory, there's SFA Equador can do about it.
There's no way to have complete security, short of total destruction. The only way to be sure is to burn it, dissolve it, or melt it: something sufficiently physical and irreversible.
But if you have to use it, then there WILL be a way to pwn it, simply because legal and illegal access can use the same interfaces.
You forget TEMPEST. They can glean information simply from electromagnetic radiation: a natural consequence of it being SWITCHED ON. Basically, the only secure computer is one that is never used AT ALL. If it's used in any way, it CAN be pwned by a sufficiently-determined adversary. Problem is, that bar keeps getting lower.
I think if ad blockers become the norm, ad agencies will simply relocate to Western-hostile countries and offer blocker-proof proxy services whereby blocking the ads blocks the contrnt, full stop, by making the site look single-origin. Wonder if it'll be time to abandon the Internet at that point.
"However, we should recognise that it's impossible to exploit an properly implemented execution-less protocol; perhaps we should consider it as a way forward."
But then how does the client interpret the stuff you send down the wire? Through a client, which no one can guarantee can't be exploited in some way. Remember, some clients (including browsers) have been directly pwned through strange code: not via things like JavaScript.
Can do. Have been using a Singer (and old one, mind you) unassisted since I was 9 or so, sewing up small projects as I needed. I'm at least passing familiar with different thread types and needles, I still possess enough ocular clarity to hand-thread the needle, and I DO know how to set up the bobbin.
"The youngsters often feel they must answer every call even when it disruptive."
Because the young live every moment like it's their last, or at least someone else's. So they treat every call like it's "A chance to move up if you act before everyone else." Or "Your mother just had a heart attack and is dying."
"If the US really wanted to be great again, they need to dump their ridiculous partisan politics."
Partisanship goes to labeling and ganging up, and labeling is part of the natural human condition. Not even George Washington, who was all too aware of the risks, couldn't stop the Democratic-Republican Party from separating from the Federalists, and even Washington got labeled a Federalist, against his wishes.
IOW, if George F'n Washington couldn't stop partisanship in spite of his charisma, who's got a chance in he'll to best him?
20 years is a lot better than two, especially if you have spouses and children to feed right now and no hope for other employment (because the available jobs is shrinking, not expanding or holding steady like before). If you can't stop the inevitable March of progress from killing you, the best you can do is to slow it as much as possible.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
