But in a good way
So when the November MCT download vanished over the weekend, it was a pain in the ASCII for people...
... so Microsoft binned it.
I'm just looking through the pockets for my (license) keys. ->
1509 posts • joined 31 May 2011
So when the November MCT download vanished over the weekend, it was a pain in the ASCII for people...
... so Microsoft binned it.
I'm just looking through the pockets for my (license) keys. ->
Who colonized Japan?
Perhaps you should ask the Ainu.
So it is techno-babble enhanced by a quick trawl through a few tech sites? I am now putting it down for that as it still rises above the research efforts of so many Hollywood productions, most of which I am not allowed to watch in the presence of my family as I shout at the boob tube when they throw up technical jargon that a grade-schooler with intermediate cell phone experience would spot as bogus.
Suddenly building your own servers is starting to look like a good idea again, if you appreciate actual security and must use Windows.
Or at least creating custom images from scratch and then standardizing on those rather than the canned OS that the manufacturer provides. Unless the manufacturer includes this sort of malware in their equipment's drivers... You are right, cross them off the list.
The other services you mention do all have functional, and fairly compliant, DMCA-compliant takedown procedures.
I would add eBay to that list. They have a fine tradition of allowing knock-off goods and infringing items to be sold on their site. I don't recall anyone busting down their HQ doors even though they were facilitating the sale of goods that fell foul of the exact same laws that Mega is purported to have broken. This is clearly a case of selective justice.
...but in the case of the prosecutor, I find it harder to agree unless his suggestion of warrant, in front of a judge or court, showing probable cause, becomes what is required.
In all cases? In all jurisdictions? This is the proverbial bridge too far. Can we simultaneously prevent
our political adversaries some foreign, repressive regime from using the tools we want to have for their own goals while allowing ourselves unfettered access to those same resources? Nope. If a skeleton key exists, then the knowledge of its existence is enough to allow someone with enough resources to recreate it. The alternative is to allow potential terrorists to have secure comms. Is that acceptable? Again, no. What to do?
The question seems to come down to, "Do we opt to protect our citizens from hostile state entities or from terrorists?" Solving this dilemma is the main challenge from the perspective of western governments. The two goals are mutually exclusive as stated, so either the question needs to be re-framed or it needs to be answered in terms of acceptable long-term risk (e.g. which is likely to cause the least amount of damage over the next decade).
Dell said it will post information on how to do this properly on its support website, and future machines will not include the dangerous root CA cert.
However, they did not say what the replacement for this "feature" would be. Car manufacturers have to issue recalls for defective products, but Dell just gets to say sorry and post a self help guide. Yes, yes, it's a case of life and limb vs severe financial impact, but it seems as though Dell's fix is a little less than robust.
First the OPM data breach and now Pearson... it's almost as though the targets' data might be cross-referenced. I wouldn't be surprised if CompTIA and the (ISC)² have their doors knocked down next.
Not so much. The Internet as a whole has debunked the myth of monkeys reproducing Shakespeare long ago. In fact, where Shakespeare added words to the language, our fellow online denizens have created emoji, downplaying the need for literacy. Sure, people make poetry with them, but there is really no comparison.
It's not just the grammar, it's the incorrect use of Republican in the context of the story as well as the messy mixing of styles when listing party affiliations and constituencies. I did, however, send a note requesting a correction and acknowledgement of my pedantry.
I wasn't confused about it at all and still think it looks a bit like polishing a turd. If there already is a better starting point from which to work, why not use it? NASA might have a particular bias, and the two entities that they chose are definitely not bad choices, it's just that they are decidedly not the best choices. I would have thought that NASA would have learned by now that politics and engineering do not combine well in achieving good outcomes.
Also, if NASA reverses course on this, the next headline could be "Valkyrie gets the SCHAFT!"
Android 6 (Marshmallow) apps would also require asking users if it's OK to use the Microphone.
Applications written for Android 6 allow you to choose to grant permissions as you install. Those written for previous versions of Android still take the all-or-nothing approach when being installed on an Android 6 device. Once a legacy Android app is installed, users can manually adjust app permissions (they can do this for all apps, in fact). This holds trues for apps that were installed on an older version of Android which was then upgraded.
I bought a Nexus phone knowing that it would be upgraded to Android 6 soon after. I had previously avoided any app that required permissions that I thought were beyond what they needed. With the new phone, I downloaded everything that caught my eye (almost entirely time wasting games), secure in the knowledge that I would be able to whack any unauthorized access. I got the update and went through every app on my phone to set permissions.
First, it was a tedious process as the interface is not meant to be used for more than individual changes (Take note, Google!). Second, I denied all rights for pretty much every app I had installed unless the requested rights had a direct and obvious requirement (e.g. access to location is important for getting directions from your current location). I managed to break two games made by the same company; they seem to think that access to my contacts list is needed to play cards. I also found that many, many apps request "Modify, delete and read storage" rights, but don't actually need them to function. This gives an app permission to access to public folders (e.g. photo gallery). I would guess the apps have control over their own files, but they certainly do not need access to my pics and music.
The ability to control app permissions in Android 6 is a step in the right direction, but it still could do with a bit of polish.
When that speech involves gratuitous beheadings, rape and slavery, my tolerance level is a lot lower.
So what would non-gratuitous beheadings, rape and slavery look like?
Are they trying to remove porn by the back doo?
Doctor_Wibble, have an upvote and a virtual drink of your choice for that beautiful, beautiful malapropism!
Also shut down the roads that ISIS drive on, but leave the other roads open. We can also burn stuff in the air that ISIS breath so they have no oxygen, but leave the other air untainted.
Yeah, that's pretty much how a bombing campaign works. Well spotted! And while I hesitate to draw close parallels between the online and physical worlds, I would think that online activists (and government entities, too) have been able to do just these sorts of targeted attacks on web sites. So it is possible on a technical level.
My question would be is it an appropriate response? If a country is going to war, or whatever passes for an online war, wouldn't taking down enemy assets, especially those used for propaganda, be considered a legitimate goal? If so, then what methods do we want our governments to employ? I know that some of these questions need to be hashed out between countries, but that there are differences of opinion as to how the final agreement will look.
Also, the conflation in the article between websites and domain names is troubling. It is quite possible to host an unregistered web site or to register it with an alternative registry, though it may blunt the propaganda role of such a site. Also, missing from the critique of the proposal is that while web sites that are devoted to a particular subject or ideology are easy to identify and target, it is much more difficult to fight an online campaign that makes use of third party assets to get its word out. How many unmoderated forums are there? How would anyone begin to police them for ISIS-related material?
The bald assertion that "the less time the user spends in the app, the more productive they're going to be" sounds nice, but does not seem to have much in the way of proof behind it. In fact, it looks a lot like other pushes by Microsoft to overhaul the user interface without checking to see what actually works for its customers. There have been plenty of studies which clearly demonstrate that people who think that they are quite good at multitasking are actually deluding themselves (many have been done to demonstrate that texting while driving is a bad idea). This looks like another way to fragment the user experience, even if it is not done on a visual level. If you are bouncing around between tasks, even if it is not reflected by what's on the screen, your overall productivity will go down.
It also looks like a way to dumb down the user interface to the lowest common denominator. People who cannot type might be able to input info into a Word document a lot faster with Cortana to start with, but will not be able to ramp up to the speed that someone who really knows the application can achieve. Similarly, I suspect that this will hold true for working with computers and apps in general. This tech might make things easier, but I do not think it will make things better - and that is my unsubstantiated assertion.
A free bar of soap
That's for a silver badge. For gold you get soap on a rope.
Cockpit's greatest contribution to the server world isn't its ease of use, though: it's that its ease of use means more secure deployments.
And this is enough to make me want to check it out.
The individual *users* should however also have a specific key so that they are also authenticated with respect to the backend.
Well, yes, but as the researchers point out, the users are pretty much at the mercy of the developers in this respect and that the developers are only putting in enough effort to get the app talking to the back end. At no point in these flawed apps would I expect the people using the apps to have an opportunity to set up their own keys. To go into a little more detail, the article states:
By default, most BaaS solutions require an application only to authenticate using an ID that uniquely identifies the app, and a so-called "secret" key, used to indicate that the app uses the ID legitimately. These credentials, however, neither authenticate a device nor a user. They merely authenticate the app as such and are therefore shared between all installations of this app.
So it looks as though it is not only the devs basing their apps on the BaaS solutions that fail to practice good security, but those that offer the BaaS solutions as well. And so the dominoes fall.
From the linked OIG report, "Among other hiring challenges the audit identified were that the FBI’s background investigations are more onerous than those used by many private sector employers, and it was difficult to retain top talent because private sector entities often pay higher salaries."
This totally misses the point. It's not that the private sector pays more, it's that by working as a government contractor, one can make more money doing the exact same job for the exact same people. One of the basic ideas with shifting the US government to a contractor-based model was to allow more flexibility in responding to change. Sure, it can cost more, but the government people should not be handling the technical work in such a model. Instead, they should be providing the leadership and oversight and contractors should be doing the actual work.
For example, a Computer Forensic Examiner's pay grade goes from a GS7 to a GS12 which has the person starting at $33979 and topping out at $78355 (link). Considering that many of these positions will be in the Washington, DC area, there will also be an cost of living adjustment along with that. Still, someone doing the same work as a contractor can make enough from the start to compete with the high end of the GS scale and expect to have plenty of opportunities for growth while at the same time enjoying the job security that only an extreme shortage in one's field can bring about.
The FBI needs to cut those positions as government slots and contract them out in order to actually be able to fill them (as in actually getting the job done). The only way I can see that these positions will be filled by government employees is to train existing employees after getting them to sign an agreement that they will continue to work for the FBI for a period of several years. This will be a partial solution, at best, leading to a longer time before employees move to contracting, but not slowing the overall rate of attrition.
Many government systems require smart card login which I believe would at least complicate this hack, assuming drive encryption. This can be expensive to implement, but as the main target of this sort of attack are likely to be corporate assets, it would probably be within reach to implement.
...why not just find a sadist who'll gouge out your eyes with hot spoons for free?
Because with the sadist option, it probably could be traced back to you when you send it toward your victim of choice, but combining that font with an anonymous email... yeah, that could do some untraceable damage.
They definitely broke some rules but are not YET implicated in giving the information to the government prosecution without warrants.
I would be fascinated to know what kind of warrant would authorize the government or, anyone else for that matter, to wiretap a conversation between an inmate and his or her attorney.
Well, that'd work in Blighty but not in the US of A, so...
It would work differently, at any rate.
Learn something new every day...
...these drone thingies have no people aboard or if they do then they are no longer drones.
I believe it is more a matter of who or what was piloting the thing that defines it as a drone, regardless of crew, passengers, cargo or payload.
Or does every developer occasionally get lucky once?
If they were occasionally lucky, it happened more than once. The answer to your question is "No."
I think that "probable cause" and a warrant for phone records needs to be established...
Perhaps a better way to deal with surveillance and information gathering of all sorts is to require a warrant no matter what. We will still have warrants rubber stamped, but there should be no possible case of the judiciary or other oversight bodies not being aware of what is going on unless a law is broken. It is a simplistic and perhaps absurd approach, but it certainly removes ambiguity.
Our spies have counter spies,
Behind their backs: espy 'em
And their spies have anti-spies,
who in turn decry 'em.
But the master spies, themselves, it seems
Have fewer rules to go on;
While higher up have fewer still,
And higher still, and so on.
Their civil overlords to placate,
The spooks will prevaricate.
And the public so is served
In a matter most undeserved;
All the while Spies Black, Gray and White
Covertly scheme us all to spite.
... is any movie with Tom Cruise in it. I guess I should FB to the shortlist, too.
Perhaps the best way to go is to register with different information at every site for which we are forced to enter our personal details and to set up several electronic accounts that we only transfer money to via several intermediate hops just as we are ready to spend it. Figure out a way to automate this process without also causing red flags to fly for our government overlords and you should be well paid via very secure and untraceable means.
Makes me wonder when paranoia turns out to be the best option.
OK, at the high end, we have Bill Gates and Warren Buffet while at the entry level, we have computer science and engineering vs everything else. Based on that, at least, it looks like STEM areas are a reasonable investment if you want to encourage people to be productive and make pretty good salaries.
Pigs on the wing?
Yes, the DSM-V eliminated Asperger's Disorder and a number of other diagnoses and replaced them with autism spectrum disorders. This has caused concern for a lot of people as it can complicate their lives - patients had one diagnosis that now no longer exists in a clinical setting. On the plus side, the change was at least in part because of better models for cause and treatment of these disorders than were previously available.
An application whitelisting technology might be considered unsuitable if, for instance, it had to be disabled in order to install security updates for the operating system or particular applications.
If set up properly, it should in fact block whatever does not fit a predefined pattern of behavior (including information about the installing user ID, source of install files, target of the install, temp directory used, et cetera). Unfortunately, the people who put together patches have a habit of changing many things a signature may be based upon from version to version which cause the white listed app's update to fail. This can be avoided by implementation of proper dev and test environments and verifying each new application and patch in them. Unfortunately, the need for setting up said environments in shops that do not have them prior to implementing white listing typically will lead to less than desirable outcomes.
Also, there will always be one-off applications in any organization. Rather than set up rules for all aspects of these, it is typically acceptable to turn off blocking, run the installation, turn logging on to make sure the app can run and then go back to blocking as normal*. This is in contrast to enterprise standard applications that should have rules created for both installation and patching.
* Based experience with McAfee's HIPS.
So 4 out of 5 allegations were true?
[ Sorry, my sense of humour is not working very well today. :-/ ]
Well, if not written at least sarcastically, I have to say that your statistics ability is offline as well. A more complete statement might be that for every 3,000,000 teachers, on average 600,000 are falsely accused of inappropriate acts by a student, while around 2,500 are justifiably accused and an indeterminate but significant number are not accused at all even though they should be.
DDOS attacks are often a prelude to something else. They are essentially used in this scenario as a method for testing the waters. Also, they can be used as a distraction, causing all of the people who might catch on to what is being done to look elsewhere at the time it is happening.
Whether that plan will be good for anyone expressing dissenting opinions online is anyone's guess.
I'm going to go with "No" on a hunch especially as those individuals are among what the Chinese government is apt to clean up.
In my experience, Samsung devices won't receive a patch for AGES.
And those dependent on their ISPs for updates will never get theirs at all.
Typical Windows application installation: Prompt, prompt, prompt, prompt, prompt, and then a final prompt called 'Finish', which may itself churn for ages. Possibly reboot required as well.
Perhaps, for home users. Most installers have command line switches that you may not have bothered to use. Not so much for enterprise environments. There, everything should be done in the background. At the very most, a notice that some new feature is being set up on some user's machine on an ad hoc basis because of licensing issues is acceptable.
As far as running files from the temp directory is concerned, it is typical of malware to do so, therefor it should be blocked. It is that simple. Likewise, restricting admin accounts access to the internet and to email is useful because those are more properly things that a regular user account should do. Too, if Mozilla's install process under Windows is an issue, then Google's is even more so. The Chrome browser does not require admin rights to install and does so using fairly non-standard methods and locations. Regardless of the quality (or lack thereof) of the software, doing that sort of thing just makes life difficult for anyone trying to maintain large numbers of machines.
The joke used to be, "What does 'XP' stand for?" The answer, of course, is "eXtremely Painful." That aside, users have had plenty of time to learn the interface and how to do whatever needs doing. As the author mentions, the new version "didn't ask anyone to radically re-learn what it takes to drive a computer." That matters more than anything else to consumers. Having to spend weeks or months of frustration while they have to relearn how to do things they had already learned years ago is a sure way to cause slow uptake. I argue that if MS should learn anything from the Linux community it is that the GUI should not be married to the OS. If they would allow their customers to easily maintain their desktops across versions, there would be a dramatic shift in acceptance of Windows 10 and beyond.
It does look a bit like bacon when I squint at it... which might make it work in a post-pub setting, but would certainly add to the list of regrets upon sobering up.
Boffins have debated whether Voyager 1 has left the Solar System for a few years now...
This is what happens when you move the solar system limits from Pluto to some other locale: it just confuses everyone! Actually, I was not able to easily find a definition as to what the solar system is, much less what its boundaries are, on the IAU's web site (they really have a crappy web site, especially when it comes to search functions). As far as I can tell, they have defined what a planet in the solar system is without defining what constitutes the solar system itself.
weapon systems weapons of mass destruction are specifically forbidden by international treaty.
It is within the bounds of the Outer Space Treaty to develop space-based platforms using conventional weapons, which would presumably allow a country to place a large mass in orbit and simply nudge it down onto the heads of whomever that country happened to be having an argument with at the time. I would prefer that this loophole be closed as I would not want the chance of falling rocks to be included in my local weather report, but it seems to be on the table.
My experience is that one of the biggest biggest factors in the lack of uptake of DLP has been that it would block access to personal email, social media and similar web sites at work. A potential spy might not be able to burn a CD or plug in a thumb drive to copy all of a victim's data, but being able to upload it to the cloud works just fine. Any hole in the protection that DLP offers makes the entire effort useless.
A hacker would ... [only get] usernames & emails from the breach.
So that would be verified information that could be used in phishing, DOS and other attacks? Perhaps it's low hanging fruit, but it is rather nice to have all in one place.
See what I did there...[?]
Yes, you explained the joke, which ruins it for everyone.
@James Micallef, What you seem to be alluding to in your comparisons between countries would still seem to come down to cultural differences in attitudes toward guns, their possession and their uses. I think that this goes to the root of the issue of not just gun violence but violent crime in general. I consider @DavCrav's earlier comment concerning the way the UK counts violent crime in contrast to the US as a reasonable example of cultural differences in this regard.
"Gun advocates say that high gun ownership promotes deterrence, that no-one is willing to commit a gun crime because anyone else might pull a gun on them." At least in the US, this does not seem to hold water. Nor does the counter that making access to guns will decrease their use in crime. I realize these statements really upsets a lots of people, but given the available information it is clear that neither approach has proven useful other than for fear mongering among our politicians.
Perhaps you are correct concerning a more nuanced approach to what is appropriate in terms of pistols versus hunting weapons. It certainly seems logical that hand guns are more apt to be used in crime than more traditional hunting weapons (long rifles, shotguns) and should be approached differently by legislators, but I would like to see some evidence that such an approach will be effective before having to listen to both sides talk past each other yet again. What does seem clear is that changing people's attitudes concerning gun ownership in the US is both a necessary and extremely difficult task for which there is remarkably little political will given that it is now used by both our major parties to get out the vote.