Re: Wow, every single sentence in your post is a little gem of stupidity.
Where 'little gem' is an alias for Kohinoor Diamond
... but only if ruby is not installed.
502 posts • joined 19 Dec 2012
Where 'little gem' is an alias for Kohinoor Diamond
... but only if ruby is not installed.
@Being forced to reset the password means either the hole gets closed as the user changes the password or the breach gets detected...
It also means, especially since the users cannot use passwords similar to old ones (along the lines of Password34->Password35), that a (more) significant portion of the user population gives up on mnemonics and starts writing passwords down. The overall effect is that the probability of breach increases.
I have not installed Pokemon Go, nor am I curious enough to try. One aspect does pique my curiousity though. My understanding is that when one starts playing both the phone's camera and GPS are switched on. I am curious whether anyone technically knowledgeable has checked whether the phone sends large amounts of data anywhere.
Given that, as far as I understand, players can be lured to "interesting" places by a third party there seem to be interesting possibilities...
"dont do water in Cologne"
They do. They just call it Eau de Cologne.
"half the country has a below-average IQ!"
It's worse than you think, actually: more than half the country has below-average IQ. But don't despair, even after Article 50 is triggered half the country will still have above-median income.
Let me see... Up to now people have been trying to convince me that using a smartphone to switch on the dishwasher from another continent or unlock the (IPv6-equipped) front door are brilliant ideas compared to pressing a button or inserting a key. Now they say that configuring and maintaining a firewall, a VPN, an IDS, and secure data storage in the cloud to allow me to open my front door without worrying will be even more brilliant?
I suppose the profit-sharing agreement with insurance companies is a brilliant idea.
I do not follow Canadian politics or Trudeau, but this does not prevent me from making a few disinterested observations:
1. The offered explanation can only be judged impressive in comparison with Sen. Feinstein's grasp of number theory.
2. A political press event at a scientific establishment, and no one among the generally skeptical El Reg commentariat voices a suspicion the question could be a plant?
3. Successful politicians tend to know how to be charming, and how to engineer (sic!) situations to apply the charm.
I will see nothing wrong in the situation even if it proves to be a plant, but it's still not like he gave a coherent and informed speech on what D-Wave Systems' success could mean to the Canadian technology (preferably with a high level overview of the controversy about whether they have demonstrated any quantum features... no, that's me being snark...). That would both make him really stand out among the world's politicians and fall well within his remit as the Prime Minister.
No, Apple are not asked to write software that "breaks their own security". They are asked to write software that will exploit a weakness on a single device (an older model, newer models plug the hole) and will be useless for exploiting the same weakness of any other device, even if it gets into the wild.
Why doesn't the Government make whatever local government department in San Bernardino that owns the bloody phone make a request (and maybe also file an amicus brief or whatever lawyers call it with the court) to Apple to help them unlock their phone.
I may be naive, but it seems to me that Apple would lose the privacy argument if the legal owner of the phone asked them to unlock what, IIRC, the FBI locked - and the FBI would not object.
[I don't know who the other 12 phones belong to.]
So what is the security model in this combo? Android's apps usually demand permission to do everything imaginable, including HW control, whether or not their primary function is related, and the security model is all or nothing: either agree or don't install, no granularity. Linux is a multiuser system with a relatively simple but robust and stable user/group/other model of permissions that is familiar, well understood, and works well in practice.
If the big idea behind the combo is having Android apps in the same system (including filesystem) as a desktop Linux, how will these two models co-exist? Will Android stuff run under a special euid? Will it be isolated from the rest of the system (Linux)? How?
If Intel "can go to production tomorrow" I assume they have the answers...
Pheeww.... My first thought was Revision Control System... No, calm down: just messaging with NSA/FBI/LEO support... All is well...
It might even hurt a VC professionally. E.g., I can understand that a VC would not regard "Neither a borrower not a lender be" a serious or useful advice.
And I have lost count of the occasions when I had to quote
We work by wit, and not by witchcraft,
And wit depends on dilatory time.
to various VCs and managers.
Admittedly, having read all of Shakespeare and being able to quote some stuff from memory did not make me rich. Not in a sense a typical VC could relate to, anyway.
[Aside: both quotes are by not the most attractive of Shakespeare's characters, but not the stupidest, either. A VC would probably point out that both were ultimately unsuccessful.]
@article: "Apple says that the policy is designed to keep users safe."
Why does it make no sense to me? Consider:
1. A member of the public (MOP) repairs his iPhone.
2. The iPhone works fine for quite a while after the repair. If there are any security issues because an unauthorized repair shop touched the device they are not noticed by the MOP. The firmware/OS does not tell him that there is unauthorized hardware in the device or anything of the kind. For all we know the MOP's personal information has been delivered to some volcano lair in Eastern Ukraine or wherever 3.5 seconds after the repair+boot, and the replaced fingerprint scanner recognizes the fingerprints of 11 well chosen henchmen with heavy accents.
3. A long time later an OS update bricks the iPhone.
How is item #3 a security feature exactly?
Probably in Israel, like your laptop's CPU.
Judging by the link in the end of the article (which gives a blurb only before you hit a registration wall) apparently attempts - so far not very successful - to expand into China and India cost an awful lot.
And all those servers and Big Data and analyzing how often an average customer visits hookers every month and how hot a typical French "driver-partner" is on a scale from 3 to 7 must have operating costs attached... To say nothing about office parties.
It seems to me that in this case encryption is irrelevant.
WhatsApp encrypt messages only to make it difficult to eavesdrop in real time. If they do not keep the keys they presumably do not keep the messages past delivery since it would be a pointless waste of storage. Thus, a court request/order for past messages would be answered with a simple "we don't keep messages on our servers after they are delivered". The answer would be the same with or without encryption.
I also assume that if one changes one's phone there is no way to retrieve past WhatsApp messages from the servers, since there is no way to resurrect the keys. Can anyone confirm or deny? If there is such a way then I'll assume that the company could have complied with the court order...
I wonder if WhatsApp keep the metadata (who messaged whom when) and if metadata were requested.
Fine, here it goes...
"Built on maven"... Found impossible to maintain... Released as spin data to confuse the enemy?
[Disclosure: looked at maven once, a few years ago... Still shuddering uncontrollably...]
Just shut down the company!
@skeptical i: Many cultures still hold a "many children = much status" belief.
I doubt it is much about status or the other explanations you mention, although there may be some truth in each of them. Most of all I think it is an alternative to insurance and welfare. Western societies have this notion of paying taxes / life insurance / national insurance / medical insurance /etc. with the understanding that one will get support when one is unemployed, ill, old, injured, incapacitated, etc. Societies that do not have such a system create large families instead: some children will die young, some will turn out no good, some may become criminals and get thrown into jail, but there will still a couple or more who will work the fields, get a job at a factory or abroad and send money back home, and in general will support their parents when they grow old or fall ill.
Ha-ha! I have an empty Yahoo! mail account I sometimes use to register on websites, mostly those that block Mailinator and such. I just logged in out of curiosity (I use AB+, but I am not in the US). In 2015 a grand total of two email arrived in my Inbox, but before I could see that I had to close a popup that offered me to integrate Yahoo!, Outlook, and ... AOL? Is that still a thing?
I lived in California back in the day, long enough to need to pass a driving test, both theory and practical exam. The "driving too slowly is just as dangerous as driving too fast and is just as big a crime against humanity" mantra is instilled into you so hard that you won't be able to free your brain from it by any surgical means. Until this day whenever I see a car (in a different part of the world) moving slower than the posted speed limit I can't help thinking, "in CA the Highway Patrol would have your ass by now, buddy."
I can only assume that no one at Google who is involved in the project has ever had to pass the DMV test. Otherwise there would be no talk of limiting the speed to 25mph "to look friendly and approachable".
... to read the thread in LKML (just go to the link to Linus's post and follow from there). The person who submitted the code immediately responded (no need for detective work), the network subsystem maintainer (Dave Miller) followed, the commit was reverted, a patch without the offending compiler wrapper was re-submitted.
It is obvious that despite the (characteristically) colorful language the criticism was understood by everyone involved to be professional and not personal, the reaction was professional as well, and the entire situation was handled intelligently and efficiently.
I suspect Linus knows very well that the somewhat impersonal nature of email provides for additional tolerance of colorful vocabulary, and the strong language is probably both a personal trait and a tool. When he makes a technical point he does it forcefully, and this makes him more effective in the absence of personal interaction.
Does it have a flux capacitor or not?
"from 19 million incidents a year in 1995 to under 7 million a year today"
So ONS sorta-kinda attributes this to traditional crims going digital, eh? I think it's a safe bet that at least some politicians - and media - will claim this to be a wild success of ubiquitous CCTV and will demand even more surveillance to protect the public even better.
I was alluding to Stuxnet which SYNful Knock obviously isn't (see the article's title).
...are not needed to write malware. They are needed to get a few SCADA systems and at least a decent simulator of a nuclear site those systems are supposed to control, to test your malware before you commit your sneakernet to installing it.
@ecarlseen: "every dime of profit"
Eh, did you mean revenue? I don't really know about the other two companies - they are private and information is not easy to obtain - but Tesla is most definitely not profitable. I would be very much surprised if either SpaceX or SolarCity turned out to be profitable, actually. This, of course, only strengthens your comment about tax handouts.
SpaceX seems to be at least two orders of magnitude more efficient than NASA
Is that "efficient" in terms of what they deliver at what price? If you are not profitable then you certainly can seem more efficient. Besides, it is not clear to me what is meant by "NASA's efficiency" - the US space program has always been driven by private enterprise, it's not like NASA build rockets themselves (they do make landers and rovers). So, SpaceX should probably be compared to ULA (Lockheed + Boeing) who make Delta and Atlas rockets. Again, this does not necessarily invalidate your statement (e.g., ULA certainly feel cost pressure from SpaceX, albeit not by 2 orders of magnitude), but it could benefit from some clarification.
@AC: "Never wondered why most of the websites where they have to ask permission have two tickboxes, one for the privacy terms and one for the T&Cs? Well, that is what "explicit" means, you are not allowed to hide such approval in the usual 6 point grey-on-white clauses at the end of another agreement..."
a) I must be using a different Internet from you. b) I looked it up (gotta justify my Reg handle): the EC Privacy Directive talks about "unambiguous" rather than "explicit" consent.
The terms very clearly allow Google to use the information they collect, including your "personal information" (the terms for "personal information" are more restrictive than, say, for your IP address and search queries), in all sorts of interesting ways worldwide[*]. This means (IANAL) that even today these terms go way beyond the Safe Harbour agreement that, as far as I understand, covers data sharing between the EU and the US. [Google is on the Safe Harbour List, in case anyone wonders.]
So what's about to change as far as Google are concerned if the Safe Harbor Framework is torn up?
[*] To quote: "Google processes personal information on our servers in many countries around the world. We may process your personal information on a server located outside the country where you live. " You have unambiguously agreed to that when you created an account.
IANAL. I must admit I have but a very vague idea what kinds of "personal data" the EU protects and how. It stands to reason that there is some sort of "without explicit permission" clause. Otherwise all sorts of simple things that we all take for granted may suddenly become illegal. If countries A and B mandate that their citizens' "personal data" must be stored within their respective borders where can emails - arguably full of personal data and metadata - between citizens of these two countries be stored? And so on.
I may be naive but I doubt even EU bureaucrats can by a stroke of legal pen prevent Europe's citizens from willingly dealing with American businesses. Today, I mean - in another 20 years we'll see.
And if there is an "explicit permission" provision then an awful lot of endangered good-paying American jobs can be saved by simply updating the TOS with paragraph 11.4(g) that says, "you give us explicit permission ..." if it is not already there.
So what really is the threat to Facebook? Can El Reg maybe commission a lucid explanation from Tim, Lewis, Andrew, or a pet international lawyer?
1. I don't know anyone who has knowingly given LinkedIn permission to go over his/her contacts - that would be necessary to prompt the user to send an invite.
2. I definitely received invitations and reminders to email addresses that could not possibly be in the contact lists of the people who invited me. And I asked them to check - they weren't.
3. Whenever I talked to people who had sent me the invites they said they had been firmly under the impression that I was a LinkedIn user (had joined shortly before, whatever). No one realized that LinkedIn prompted them to invite me to join the network, not just connect on it. My friends know I am not on social networks, and they would not pester me with invitations. But if the impression was that I joined LinkedIn of my own volition, that's another matter.
A. LinkedIn do not explicitly ask for a user's permission to sift through their contact lists.
B. They use more sophisticated and sinister methods of metadata analysis to connect people than just going through the users' contact lists.
C. They do not tell users that they will be inviting others to join LinkedIn as opposed to join them on LinkedIn, which is misleading.
Now, will anyone tell the lawyers they can sue again?
Before Roadrunner there was Blue Gene. I am really surprised it is not mentioned, all the more so that even the current Top500 list has 3 Crays and 4 Blue Gene/Qs in the top 10, and that's a hell of an achievement for both Cray and IBM.
And Roadrunner was based on Cell processors (i.e., PowerPC cores), not AMD as the article claims.
Liquid water is just the first step!!! NASA are presenting Mars as GREEN!!! To pander to both liberals and Muslims!!!
...whether being trim and healthy is positively correlated with being truthful about past sexual experiences?
Re the monkey in the headline image: with rights come responsibilities, so if a monkey can have IP rights to a selfie then a monkey should do time for tampering with mail.
In a cage, yes... Oh...
Was the three part series of "build your own mail server" articles a clever warm-up for this?
...to choose his blood type as an example. He might not care about people knowing that, but he (or someone else) might care about, say, information of chronic illnesses he might have, and that information might well be in the very same database.
So, thank you for integrity, but I will insist on confidentiality as well.
And while the principle that you should know who has looked at your data sounds very nice indeed, I am sure there are exceptions even in Estonia. What about bona fide crime investigations, for instance? That would be a case for allowing certain officials to look at a suspect's data without alerting him. Court approval, you say? By all means, but we have already seen how that can be subverted under certain circumstances ("national security" by one definition or another) in ostensibly free and democratic countries.
It is refreshing indeed to see a technically literate head of state. However, he does seem like a start-up founder in an elevator. Before there is a successful, stable, useful, supported product he must realize that there is a place for people who gather, analyse, and formalise product requirements, too. The result may be not quite similar to his first dream.
@AC: "Can Donald use a computer?"
He has an Apprentice to do that.
...as indicators of which of the candidates are capable of hiring decent help and competent advisors? Surely a necessary qualification to running a government? And arguably much more important than being personally well versed in the minutiae of every single issue.
"So hyperlinks and click to call?"
No, those are the results, not the algorithm. The algorithm is... let me waddle through the legalese... not quite clear... anyway, I assume it is just a regular expression or two, quite obvious to those of us who are "skilled in the art", but not to the USPTO.
The mind boggles.
Won't that mean constant overheating? Won't those vents just stay wide open all the time?
"I wish to dislike facebook.com"
What's stopping you? Just map it to 127.0.0.1 in /etc/hosts - done.
I looked at the reference list of the good Dr.'s "Research-Position Paper" and there is a glaring omission: "Satisfaction Guaranteed" by Dr. Isaac Asimov. I strongly suspect it may take the research - and position - to entirely new directions. The good Dr. may also expand the scope of her research after studying Dr. Asimov's "Evidence", too.
I have. I admit I just read it and I did not go into the details of the Parallel Ice Sheet Model or the GENIE Earth system model (I once looked into that to the extent of the open literature, but I assume there have been significant advances since). So I can't review the methodology, which I would do if I were doing a peer review. I will offer some observations to those who cannot be bothered.
1. I do not see Lewis making any misrepresentations. He takes just one aspect of the results, and not the main one from the authors' PoV, but his understanding of that aspect is correct. Lewis, the authors of the paper, and IPCC (I mentioned that in an earlier and shorter post) all agree - imagine that! Kudos to Lewis for digging into "supplementary data" - the main paper does not deal with such small scales - a mere century is not worth much attention, after all.
2. The larger scale (think millennia) Fig 3 provides an interesting reference number: "Between 2010 and 2014, there has been an increase in cumulative emissions of about 40 GtC." [GtC stands for Gigatonne of Carbon - TFMR]. That's about 8GtC/yr during these last 5 years (NB: there isn't much history of anthropogenic carbon emissions). The authors then run a range of models that go up to 80GtC/yr at peak. The burn rate is not uniform, but they assume that within 500 years we will have nothing to burn, anyway (this is me being Lewis-y, apart from the 500 years figure that comes from the paper). To their credit the post-2010 cumulative emissions cover a wide range - they don't just focus on the worst-case scenario.
3. They make assumptions that the effect will last tens of thousands of years. I can't say without further reading how well-justified the assumption is. The justification is based on another assumption that if you pump a lot of CO2 into the atmosphere the mitigating effect of the oceans will be weaker than what is observed. I seriously doubt we know enough of the relevant properties of our oceans to state this as a fact. I suspect it is a result of some other (uncertain) model, but I cannot state that as a fact. I also don't know whether the models take into account, e.g., that the resulting carbon will block sunlight sufficiently to reduce warming (don't be surprised, such things are often omitted).
4. In any case, they have a very short observation period to get any input for their models, or to estimate parameters. They extrapolate their results to many millennia though. Under their assumptions and models, if you keep pumping 8GtC/yr on average for 500 years (that's 4000GtC cumulative emissions in their parametrisation), the Antarctic will lose a significant proportion of ice, and the sea level will be rising at a rate of ~2m/century for the 1st millennium from now, and slower after that (this is from the same Fig 3 mentioned above). Given that fossil fuels have been in use for a lot less than 500 years and there is no reason to assume they will remain our main source of energy for that long, I am not terribly worried.
5. This extrapolation does not make the paper completely useless academically, far from that. It should not, however, support any "We are DOOMED, I tell you!!!" screams or used to justify any spending of taxpayers' money beyond research grants that are a drop in the ocean (pardon the pun) anyway.
The caption (not written by Lewis - this will teach him to provide enough context...) reads: "Fig. S2: Sea-level change within the next century. Given is the ice volume change from Antarctica in meters sea-level equivalent within the 21st century." [boldface mine - TFMR]
Actually, the caption goes on to say, "The values are consistent with the IPCC-AR5 projections for the Antarctic Ice Sheet which range from -6 to 14 cm within the 21 century." Thus, according to the paper, IPCC, and Lewis Page the sea may rise a bit or actually recede a bit by the end of the century. Hmmm...
This was the most surprising inclusion for me. My first thought was that it stood for "Minx". Then I looked it up...
Everybody logged to Facebook to see who of their buddies found what in Ashley Madison dumps?
Lesson well and truly learned: most laptops that are stolen are by opportunistic thieves.
If I understood the article correctly, that conclusion is based on a sample of 1, right?