Posts by Robert Helpmann?? 2583 publicly visible posts • joined 31 May 2011
The alternative is to specifically request access to adult content via your ISP, which leaves little doubt about your intentions, should the "perv" list ever become public.
If usage data published concerning porn sites is anything to go by, then the list of people who don't partake is much smaller than those who do.
Not saying what's in the pocket... just saying.
The point is the vulnerability shouldn't have been there in the first place.
I respectfully disagree with you here. I cannot think of a single IT outfit that hasn't screwed things up royally at some point. It's going to happen. What I am more concerned with is how it is handled. While we do not have all the details on this, it seems to have been dealt with appropriately once it was made known to the ISP.
I noticed that non-state actors were included in the mix.... So they are basically making a list for terrorists to follow when figuring out where to hit the rest of the world hardest. The point of this sort of agreement depends on states being signatories. How many non-states have signed the Geneva Conventions? As far as I can tell, maybe one and it very much wants recognition.
That's the point of having a 'safety' driver - it's the equivalent of a driving instructor...
It might be the legal equivalent, but I cannot believe a qualified driving instructor would fail to monitor the student to such a degree as was shown in the video released concerning the Uber pedestrian fatality. The issue is not just the tech. It is the ethics of those at the top of the company. It is the care with which they choose their employees and how they treat them. It is a direct reflection of the people running the company and it is a very scary sight to behold.
Four require physical USB access – you need to plug a booby-trapped gadget into a USB port... That means an attacker has to be inside your vehicle to exploit them.
No, that is not what it means. It only means the device has to get plugged into the port. Attacks like leaving a rigged USB drive lying next to a target vehicle with a label indicating it has some music on it will definitely snare some hapless individuals.
Respect the classics!
Hardcoded root password...
LDAP credentials sent in cleartext...
Saving the worst for last. These two are so ridiculous, it's like someone lost a drinking contest and the penalty was to put these in the loser's project somehow. Either that, or there was a bet as to how long these would go undiscovered.
The UK, in particular London, have had problems with high knife crime - banning knives would not be practical but guns are a different beast.
The genie is already out of the bottle and it isn't going back. The US is never going to be rid of guns. My take on politicians of all stripes who bring that up is they are trying to get out the base using scare tactics because they know this, no matter how sincere they are on the subject.
Your statement, Simple Si, points to one thing that seems pretty important: the weapons are not the core issue, it's the violence that needs to be addressed. Easy access to guns makes the scope so much greater than it might be otherwise (until kids learn some basic chemistry and we shift from school shootings to school bombings), but why the hell are people resorting to this level of violence? What are the underlying causes that lead people to do these horrible things? I doubt there a single cause. Gang violence, poverty, teens looking to commit suicide by going out in a blaze of glory because teens, mental health issues (of which "teen" might be a subset), a culture that glorifies violence in many forms - how many of these are addressed by the groups fighting over gun rights? How many of them have been addressed successfully or even in part?
Icon not just because of my handle this time.
I had a rack of beautiful new routers and switches set up in the server room I had recently reworked all the wiring for. One of my coworkers brought in a contractor for some additional wiring work going to some of his systems. The switches were plugged into several different UPS-powered outlets through a set of surge suppressors that were located behind the rack, under the raised floor. Redundant power supplies? Check! Surge suppressors? Check! Multiple power outlets in use? Check! UPS for everything? Check! Idiot who pulled up the floor and danced along the power strips turning everything off? Check! Check! Check!
The contractor got walked out of the building. My coworker got a reprimand for letting this guy loose unsupervised. I got to enjoy having our department head watch over my shoulder while I reconfigured the kit which had lost some of its settings as a result of the power outage.
When Trump says "they are not sending their best", he may not be half wrong.
Deeper political context aside, this statement means virtually nothing with the combination of qualifiers and waffling that you have managed to cram into six - six! - words. While El Presidente may not be half wrong, he might be or he might be entirely right or entirely wrong. He might be right (or wrong) about whether someone is sending someone else and the same for the quality of those being sent (or not). A little of Column A, a little of Column B?
From the down votes, I would assume that our fellow commentards believe you agree with Trump and disapprove of this sentiment, but I have to give you one for phrasing.
Where's the Archer icon?
There are times, more and more of them lately, when I'm disgusted by my own government.
This only means that you have become more and more aware of what our country has practiced all along. Study a bit of history. It may no be the most cheerful of experiences, but it will certainly be eye-opening. You might want to start with Miranda v. Arizona and why the warning has to be given in the first place (funny how Arizona keeps popping up in this discussion). Work your way backward from there. Have fun.
For a while computer + human may be better. But soon computers will be better without humans.
Better in what sense? Better in being able to solve a problem or set of problems? Perhaps, but then what? At this point, AI is a means to an end. Just as cars are a more efficient way to go long distances than walking and self-driving cars might soon become a safer way to do so, AI is and will provide better ways to achieve certain goals. Once the goal is achieved, is there nothing beyond it? Is there any intrinsic value in the goal or is it simply a way to gain something else?
This isn't a new story and it's one I do not think we have the ending for yet.
1. Default character limit
2. Add numbers, symbols, and uppercase
3. Rotated at minimum every 3 months
What can we do to improve upon that? 2FA is a good start, personally if I were smart enough I'd create a password creation system that doesnt allow proper words from a dictionary at all.
2FA is a really good start. Definitely none of this biometric, my fingerprint is both my UID and my password crap. How about a check by sites that rely on password using a hash comparison much as was done for this study?
As far as not allowing proper words, if you just rely on the math, you could allow it if you stipulated a minimum number of words be used to get the same degree of complexity a more standard password requiring upper, lower, numeric and special characters. You might also have to adjust hashing to avoid collisions due to the greater number of characters involved. An unabridged English dictionary has about 470,000 entries (https://www.merriam-webster.com/help/faq-how-many-english-words). Knocking that down to most common words, let's call it 100,000, still gets you huge variability. More educated people are apt to have a larger vocabulary, but less educated are more likely to misspell words, so from this very loose analysis there is little practical difference in terms of resistance to brute force or dictionary attacks.
A four word pass phrase, assuming any may be capitalized, would yield somewhere around 1.6E21 combinations. Assuming 100 possible characters for use with a more standard style password, it would have to be 10 or 11 characters in length to achieve the same.
Perhaps an interesting follow up on this might be passwords as used by mobile users vs those generated from a regular keyboard.
It was about as dangerous as the neighbor's German Shepherd.
Based on what criteria? An average year old Kodiak bear weighs around 100lbs compared to a very large German Shepherd of 85lbs. This animal is most likely first or second generation in captivity compared to a German Shepherd with literally thousands of years of domestic breeding behind it. The zookeepers are not, presumably, animal trainers and were doing something that they most likely have little to no experience with and therefor little to nothing upon which to judge how the animal would act. Understand, too, that zoo enclosures are as much about keeping people from harming the animals as the other way around. In many jurisdictions, local law enforcement is responsible for animal control, including dealing with bears that wander into the area. They typically have at least some training in this area. I have seen this play out with bears on two occasions, both of which amounted to keeping people away and letting the animal get where it was heading. I have friends who have had to deal with bears in this capacity when they have got aggressive toward people. Also, I believe the article specified provincial government, not local. Finally, the zookeepers admitted they screwed up!
At least now we know what the Canadian equivalent to "Here, hold my beer!" is.
amanfromMars, could you at least make your response an acronym or use alliteration or something? If it's worth doing, welll.... whatever it is you are doing, isn't it worth putting that little extra effort in to make it entertaining? No, not an attack, just a request.
People freaked out over automated elevators/lifts. It wasn't until there was a labor shortage that automation in that area picked up. It took almost 50 years from viable automation to widespread adoption. It isn't the technology that prevented the uptake, but people's opinion. People haven't changed, so I expect a similar lag in acceptance of self-driving cars.
Which is where the sterling work of the Reg Standards Bureau comes in - no risk of mixing up metric and imperial...
Still difficult as the article references the "briefcase-sized spacecraft" only briefcase is not a standard measurement. I did in-depth research on the subject and found that a briefcase may range in volume from a little over 6 to right at 13 Bulgarian funbags. The engineers need to be careful with this or the whole thing could be a bust!
Remember how George Lucas had a fit in the '80s when the media started referring to the "Strategic Defense Initiative" as "Star Wars"?
Lucas is a pioneer when it came to marketing. He funded the second and third installments of his Star Wars franchise using funds gained from being able to sell the merchandising rights to various toy makers, et cetera. No-one had done anything like that before. While it might have seemed at the time that he was upset about the use of Star Wars in this context, he was really trying to keep his properties in the public eye. Like all such efforts, it's just mind tricks.
Remote car start, smoke detectors... those actually can be useful. To fully embrace the cluster that is IOT, it needs to be more along the lines of the smart light bulbs that double as speaker, microphone and laser turret or the smart toilet that ties into the wireless stereo to provide superb sub-woofer functionality to your wireless whole-house media system along with a seat-based shiatsu massage. Or an IoT pet rock.
...should be set to allow only the owner/creator. I'm only starting to deal with systems in AWS and haven't set any up, so maybe that is the default and the folks responsible for this wen out of their way to screw things up. Maybe there were no tools that would allow the auditing of permissions. Maybe the cat's out of the proverbial bag and the only thing we can do is to point and laugh so those who made this mistake know to never do it again.
It's the artificial red tape and its associated rules that lead to cheating.
I might concede that without rules, there would be no cheating, but I don't think that this is the direction you wanted to take your argument. There can and never will be such a thing as an unregulated free market because as soon as one company achieves the upper hand, they crush the competition and have a perpetual self-serving monopoly thus making the market significantly less free. The only thing that makes self-governing associations work is the threat of outside governance and even then it is often a case of setting the fox to watch the hen house.
If I understand this properly, in order for this to be effective, the malware would have to be installed on the target machine or machines and it the attacker would have to have physical access to the facility power lines and the machines should not be on battery backup and definitely not on multiple battery backup systems (a scenario not uncommon in high value targets). This sounds like something a nation state actor would use as a last resort as there are plenty of easier ways to get the job done.
Yep, we should erect something to stop it happening
No, you are onto something here. If a simple patch has an limited lifespan, then increasing the length and hardness of the patch will extend that, allowing it to stay up and working it for months. I propose shoving a 10 foot steel pole right into each hole. This will have the practical effect of plugging the holes and extending the length of time the patch will be effective. Bigger is better!
My current solution is to restore from a backup image once a week or so to remove all traces of flash.
You might find it just as secure but less of a hassle to use a non-persistent VM and not restore the host machine so often. This essentially automates what you are doing now.
And clickbaiting works
... and so do other kinds of ...baiting, though not what was claimed in this case. I am interested in how the fine was assessed. If there was a signed agreement or if there is just something posted saying don't do this or if it is the sauna telling their customers they have to pay the sauna a fine for a civil violation or be taken to court to face charges. Being in the same room together cannot be illegal even though a public sex act might be. Proving the latter is problematic as it implies having cameras or eyes where they shouldn't be. This leaves the sauna in a position where customers can tell them to pound sand and kick rocks, which seems to be the case here.
does it keep rabbits and deer at bay?
Rue and cat piss keeps them away. If you don't have a cat of your own, see about getting the remains of a neighbor's litter box and spreading it in a circle around the perimeter of your garden. If you add a double fence, you will have a very effective deterrent.
We use 2FA for everything where I work. From getting on the network to accessing shares to logging into internal applications, it's all 2FA. We still have to change our passwords on a regular basis which means that most users will have forgotten what they set it to weeks ago and need to call the help desk to get it reset for them.I cannot think of a single person who enjoys this drill and it is completely unnecessary. I'm trying to get the process changed so that I don't have to endure it any more and someone up the ladder can take credit for my idea (a win-win situation in my environment).
Possibly some people are sensitive to polarization of light, but if so it would only work during the day when the sun is shining.
Sunlight is not the only natural light that is polarized. Moonlight (technically reflected sunlight) and starlight are available at night and are polarized, too. Do a search for the greater mouse-eared bat's use of polarized light for navigation for an example.
Plus ca change.....
...plus ça devient de la merde.
I so wish OS publishers would treat the GUI as a separate, distinct thing. This applies many times over to Microsoft who have cost untold amounts of time in re-training people do do the exact same jobs they had previously done for years. Every time there is an OS or application upgrade, they push out something new. None of it is great, but at some point it works and those that only use 10% don't need anything more. Those that use the other bits don't get excited over wasting more time over the egos in Redmond imposing another change, or at least not in a good way. Change should not be conflated with progress. Added functionality should not require a complete revamp of the user interface in order to be implemented.
Also, PowerShell is a command line interface, despite the phrasing in the article that implied otherwise. Like everything else Microsoft, it was a change that no-one was crying out for.
More likely we are just getting coverage on Telegram while other services are being targeted but remain out of the media spotlight at this time. Also, Telegram has a large number of users. Make an announcement like this and see who starts downloading other similar apps in your region and you have a ready-made list for surveillance purposes.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
