Re: uhhuh, sure
You must be an idiot.
1575 posts • joined 7 May 2012
You must be an idiot.
Why all the hate? Updating your Samsung to the latest critical fix is really easy online. Simply visit Amazon or your favoured electronics retailer's website and order the new model. Once it arrives, simply dispose of the old one in accordance with your local electronic waste disposal guidelines.
> I believe that (almost) all data between a mobile and the base station is encrypted, including SMS, so yes, it's better.
Better != Good enough
I guess as long as talktalk et al don't have any of their keys compromised, it's all good.
> Would anyone really put anything confidential on them?
Like the call-in number and conference key for whatever teleconference service they are using for that "call in" message
The weather radar. They may be walking around in board shorts but need to know when it's time to put the snow gear on.
and as you pointed out then; "trams are designed for carrying passengers, and do not usually have the specialist equipment that would be required to weigh a rhino."
Why do people insist on trying to weigh rhinos using trams? Shirley there are more convenient, cheaper, easier to operate machines out there? Not to mention that both operating a tram and the handling of aggressive mammals weighting well over a ton each require substantial training and experience to do safely. Simply put, this is cost cutting gone mad.
> bring down a decently designed survey site
I think you just answered your own question there. Their ddos mitigation plan was to block overseas traffic, which they self evidently didn't test sufficiently. But even if they did get that part right, that is a rather blunt sledgehammer which is going to both impact legitimate users (on VPNs, tor and possibly even those using overseas DNS servers) and is useless once the attackers figure it out as they will just switch to a botnet built from compromised Australian addresses or attack other infrastructure like Telstra/optus/tpg/iinet DNS servers.
In my client's defence; it was Friday.
> They might come for El Reg
Distributed Denial of DevOps?
Give Musk some credit to that end.
They are so far out of their depth. It would be funny if not for the millions of man-hours wasted that evening and the almost certainty that the information collected will be pwned at some point.
The ddos was too small to even register on global attack map yet overwhelmed their configuration. And they believed that all the bad guys are overseas and can therefore be easily blocked on IP ranges. That strategy was never going to cut it. They clearly haven't looked at the paid er "load test services" on offer over the dark web. You know, the ones where you can select the country from which the attack should originate. The only thing that surprised me is that noone took credit for it. That combined with the lack of presence on digital attack map leads me to believe they ddos'd themselves by underprovisioning.
DevOps Certified ....
I read/watched/heard recently about a particular data breach. The vendor had in between the time the breach occurred and the time they discovered it changed something about how they stored the passwords, so they judged it unnecessary to inform anyone who had a new structured password. On one level it makes perfect sense as "someone has just stolen your old password you don't use anymore" doesn't sound like a big issue. Of course it means that anyone using the same password for their e-mail or other services is waiting to be pwned. I would name names if I could remember. So in short, yes, self appraisal of the seriousness of a breach (particularly from companies who don't deal in security day in and day out) is rather problematic.
As you predicted, a safety mechanism caused by grid issues caused these generators to perform an emergency safety shutdown. Did exactly what it should have.
Why the grid operators and generators hadn't specifically consulted each other on what those thresholds should be is very much a live question. The fact it took them so long to acknowledge the cause is also regrettable as it allows the opportunist pollies to come out. I wouldn't hold my breath for an apology from them however.
> Why don't they buy an island, make their own country, and move their HQs there?
Yes, you can host with Oracle if you like.
> If this, or other, research comes to fruition, doesn't that make the limitations asserted in the article irrelevant?
I wouldn't worry too much about our research coming to fruition. "Efficiency dividends" will ensure these sorts of projects get shelved.
> it is the ease (or otherwise) of engineering such a collision so that you can fake a digital signature for nefarious purposes.
Let's be honest here. Nefarious actors can just tell Wosign that they own github. No collisions necessary.
> mapping data of size > n into a space = n creates collisions.
Formally known as the Pigeonhole Principle.
> Theres always that eCat thing... The one that lives in a shipping container full of AA batteries that nobody is allowed to open when they "test" it.
I'm sure that uses fusion.
Not quite. It's a bit hard to explain, but in essence you have what looks like a miniature wind turbine, except attached to each blade is an array of cats, arranged in such a way that some of them always have their feet up in the air. The feline self righting principle then takes over causing the turbine to spin at very high velocity. Most of the box is simply sound proofing (very high rpm) and the inverters to produce AC and various step up transformers (largely off the shelf stuff).
> Crime, but where's the punishment?
Oh it's there, you must have missed the bit where the staff were warned. That'll teach them...
> Internal oversight failed, with highly sensitive databases treated like Facebook to check on birthdays, and very worryingly on family members for ‘personal reasons’.
So who's in jail?
The biggest problem with these sort of databases is the complete disregard for oversight. When was the last time you heard a TLA ask their ministers'responsible for additional penalties against their own who are caught doing the wrong thing? No, the solution is always apparently additional powers, secret orders, unwarranted surveillance, indefinite detention without charges etc. Here's an idea. How about they start behaving above reproach with the powers they have today before asking for more?
That's the password on my luggage!
And here I was thinking that casino's were benevolent organisations looking out for the little guy.
"Others who purchased a Volkswagen also purchased 'new gear box for ...."
> We'll never know because applicants request restrictions on trade data through a confidential process: the Bureau of Statistics won't ever divulge who requested data be fuzzed, or why.
Unless they accidentally publish it in a senate inquiry submission outlining why various bungles were everyone else's fault and that they can be trusted on privacy.
I guess we can all be thankful that the current mob will accidentally vote against it.
OK George, you clever boy. You solved the problem so that law abiding citizens can't de-anonymise the data. Job well done.
Can you now solve the other part? I mean the bit about preventing non law abiding citizens and foreigners who are not subject to our laws from doing the same. Then we can draw a line under it and move on...
> Australians who don't what the nation spends on defence also don't mind the country's data retention regime.
Guessing that quote isn't from their School of Literature, Languages and Linguistics....
Don't even make jokes about such matters. Someone should report him.
Oh it's worse than you think. You can flash the whole machine, permitting a malicious actor (whom I will assert to be a nation state because that seems to be the thing™) to change settings so it always makes American coffee.
One issue/feature/fact of life about DH is that whilst on paper it takes however many gazzillion years to reverse, if they are created using the same base seed then the first four phases of the algorithm can be precomputed leaving just a minute or two of actual computations needed on the specific key used.
Now consider some of those bullet points. A small handful of precomputed keys gets you practical computational access to most of the VPNs in use. Don't get me wrong, precomputing the seed is not cheap, but we live in a time where large CDNs can be overwhelmed by IoT video devices, so the "it would cost too much" argument only holds water if Mallory is paying the bill.
Wait! Who broke brake? I said no breaking changes, not no braking changes! Ah hang on. I think I can see the confusion.
They should have expected someone to commented on that.
Yeah, iOS already does that. Hence the San Bernardino incident. Otherwise they would have just brute forced it.
> quite a few people , when learning to drive, have to have their hands labelled "L" and "R"
I know some who need "R" and "the other R"...
It's actual difficult to change password algorithms when your user base is casual and you are using a hash because you have no way of determining the hashed password other than brute force, dictionary or rainbow attack, you have to passively wait for the user to authenticate again and force them through the change password roundabout.
When their cloudy visual studio login stuff went down a few months back they were incredibly open about the timelines, what went wrong, what lessons they had learnt etc. Sad if they are reverting to form.
Maybe Barbra Streisand can email Satya for you?
Let me counter your analysis with a simple question.
Do you think that 2 wind farms that are 100Km apart would switch off within 0.05 of a second of each other because they independently judged the wind speed too strong?
Or is it just possible that they both went into a controlled shutdown after some safety system noticed something very bad about the grid they were feeding as indicated in the article?
SAMSUNG BATTERIES GO KABOOM. Milton cries atrocious.
No thank you. That would only serve to reduce the transparency of the process. I have no major quarms about a self service kiosk system that lets people fill out their intention and prints out the form to be placed in the box (real toner on real paper that is, not a receipt printer that fades a week later) but there are a number of practical challenges for handling faulty hardware, and ensuring booth attendants can't ballot-stuff.
> For most of the other States, it seems it would take a lot of errors to change the outcome
I know it's a quote, but it seems that someone has forgotten many many many years ago in 2013, the WA senate election had to be rerun because a small number of ballots went missing whilst being transported for counting and it was realistically possible for preference flows to go one of two ways which changed the number of labor, liberal, pup and green senators depending on that variation.
You know, the one with a 5% slower CPU, a bit less glass and aluminium and a bit more plastic, a camera with a smidgen less terapixels but with a pricetag that more resembles the Nexus 5?
I've heard about these mythical "house keys" that allegedly work even if they're flat.
> Now going for the long shots.
ICBM what you did there.
> How do we clean house?
There was this novel approach after the blaster worm hit in 2003.
> could vs could not care less for left pondians.
In case anyone missed the tech news of the year:
> has confirmed to El Reg
> the attacker put his hands around the throat of one of the guards
He's holding him wrong!