274 posts • joined 19 Dec 2012
Any idea what the mistake was?
Dates and calendars are, indeed, difficult, but how does one make a 3 day mistake? I am genuinely curious. The 365 day rule indicates that we are talking about calendar days, not business days vs. holidays, thus the problem is simpler. Anything related to leap years would cause a one day delay. Even pretending that there are 31 days in February is more likely to send the reports 3 days earlier, not 3 days later. The mind boggles...
personalized spam and malware detection?
How exactly snooping on my mail and searches helps Google to filter out spam and malware? Do they scan my mail in the hope that I might share a desire for a bigger penis (or breasts?) with my mates and if I do they will modify my personalized spam filters to be more permissive? And since they continue filtering all the offers of cheap Viagra I can conclude that my partner remains discreet? At least on her GMail account?
rm is temporary...
only if you can restore from backups...
Re: Odd timing
@AC: "at minimum the bug is 1 year old, as it is claimed that Sievers created the bug and since he the last time he worked on said code was at minimum a year ago,"
You did not read the Reg article properly, you certainly have not looked at the linked material, and it does not surprise me at all that as a result you called Linus Torvalds an idiot. Allow me to say it does not improve your own (anonymous) reputation...
Executive Summary: The last time Sievers submitted a patch to the *kernel* was a year ago. The bug is not in the kernel but in systemd that Sievers develops and maintains, and the "years" part is Linus's post refers, apparently, to a repeatedly observed attitude.
For those who might be interested in the actual problem, see the bug report. It is obvious that Linus is not even the main person who is annoyed. Quite a number of top kernel developers seem to be of the same opinion (Borislav Petkov, who reported the bug - and later added, "I was right to be very skeptical when considering opening a bug here," - Mel Gorman, H. Peter Anvin, and others). And look at Comment 14 by Luis Rodriguez - Sievers rejected the bug report within ~20 minutes without any discussion. To emphasize, a userspace program reads the "debug" parameter on the *kernel* command line (used for ages), seemingly interprets it as *its own* parameter and starts spamming the *kernel* log buffers with *its own* debug messages so much that the machine fails to boot.
Linus's comment about not accepting patches is addressed not to Sievers but to Greg KH who, apparently, has related patches in his pipeline. Linus is saying he is not willing to risk destabilizing the kernel by code that originates with developers who routinely dismiss bug reports out of hand. He does say that if distros merge said patches and test them he would be willing to consider them.
I have not checked, but judging from the LKML thread the fix for systemd was actually submitted by a kernel developer (Greg KH).
Might it be...
... a really crafty plan to generate circumstances that would mandate shutting down Gitmo?
Re: How long will it take the NSA to get the keys ?
And FISA and the secret "courts", the legal foundations for the PATRIOT act and PRISM and MUSCULAR, date from 1978 (that's Carter). The only lesson of this history is that a two-party democracy is not guaranteed to act any better towards its citizens (or others) than one-party repressive regimes.
To be fair, "is not guaranteed to" != "never does".
Re: Re:if an attacker has control of the server...
@nickety: One can go and read their paper...
So I did - thanks for the link. They are aware of the simple fact that to *share* data (as opposed to storing it "in the cloud" for one's private use with free backup or something) users need to exchange keys. All I saw in the paper was an acknowledgement of a need for a trusted 3rd party that would sign the keys. They seem to think that separating the "IDP" ("identity provider") from the server that stores the data is novel and significantly better than letting the server itself verify the keys. Huh?
I am very reluctant to chalk it up as even a partial success against an adversary such as NSA/GCHQ/FSB.
Re: Hubris or indifference?
@Ole Juul: I suspect s/voracity/veracity/ - where their data input is concerned they are voracious all right, and that is the part they do care about... ;-)
Whatever shenanigans Apple (or any other iRich entity) employ to pay as little as they can in Australia, China, and Ireland combined I fail to see, frankly, how the US government is to blame. Is the distinguished academic saying that the US government waterboards the Australian and Irish legislative bodies (and the Chinese Communist Party?!?!?) to provide convenient tax structure to American multinationals (and the CIA hides the activity from the Senate)?
the number of sales (which make your profit)...
Ehm... not profit - revenue, actually...
Re: Come on IBM..
@Ian 55: "... which three patents?'
Come on Ian... :-) Click and you shall find: the patent numbers (and links) are in the Reg article from November that the article you are commenting on links to...
"$63.8m debt in meatware currency"
Jargon nitpicking: you probably meant "meatspace currency". Meatware may have been related to the root cause of the problem, but the conventional meaning renders "meatware currency" awkward, if still understandable.
The vultures are keen to know...
Your curiosity is laudable, but you could just read the LA Times article you based your report on and link to. It clearly states the survey was made of multiple choice questions with three definitions to choose from for each term.
I am troubled and concerned by untargeted, warrantless snooping by NSA and their ilk no less than any other commentard, but I could not help noticing that neither NSA nor FISA nor terrorism nor national security were mentioned by the lawsuit, by Bloomberg, or by El Reg. FBI, DEA, USMS, ATF, IRS, ICE, US Postal Inspection Service, US Secret Service, and Defence Criminal Investigation Service were named in the lawsuit. All those may have quite legitimate reasons to wiretap selected targets by court order.
El Reg cleverly uses rather provocative wording, "services related to American government wiretapping programs". This certainly brings up unpleasant associations, but is it ... ahem ... warranted? Bloomberg specifically talks of "cost of assisting in court-ordered wiretaps". The lawsuit also talks of "assistance ... in executing court orders".
Might this be, in fact, about actual crimefighting *not* related to Snowden's revelations? Hmm, OK, not *completely* related? Oh, well, what are the chances?
Re: Brings a whole new buzz...
Ehmmm... Not so new, I am afraid. Not since the days of Mark II. Look it up. ;-)
From the article: "most other app competitions involve the winner getting cold hard cash"...
If I understand correctly, "most other app competitions" shell cash for already developed apps. In this case contestants are supposed to "come up with an idea" and IBM will provide assistance (resources? expertise?) to develop a product based on the best ideas. Seems fair...
Re: You'll get nothing from clang using -w
GCC also has -Wunreachable-code. There are reasons why it is not enabled by default: unreachable code warnings are very often spurious. Debug code may be unreachable with one set of preprocessor flags and reachable with another. Code in inline functions may be unreachable in one instance and not in another. Etc.
A slight inaccuracy
I have not read the paper yet, but given that it is about Sunyaev-Zeldovich effect and gravitational lensing in galaxy *clusters* I suppose what is "weighed" here is the clusters - the largest structures in the Universe - and not the constituent galaxies. There is more intergalactic matter (luminous or dark) in clusters than is "sitting in galaxies" as the article says.
I assume that the (surprisingly) inaccurate title in Nature influenced the Reg - the contents of the Nature piece clearly talk about "weighing clusters".
Most popular apps, eh?
So what is the selection bias here? Are paid-for app writers slightly less interested in user data (having a revenue stream from the app itself), or are pundits more reluctant to open wallets for flashlights that want their location data whereas freetards are just happy with the price tag? More research is needed, methinks...
Similar approaches using light rather than sound have been in use for a while. You get a token - a little device the size of a credit card but thicker. It has a fingerprint reader and a tiny display for a few characters. You start an application, bringing up a window on your screen. A part of the window flashes a bright light. The flashing is coded. You hold your token card close to the flashing region, and it generates a one-time password based on your biometrics (fingerprint) and the flashed code. The card shows you the password and you type it in. The password is matched on the server side - it also has your fingerprint and knows the code.
While it *is* a security device, there is another purpose. This is used in cases where you pay, say, a high monthly fee per seat for access to your "cloud" (for some definition of). Today, you no longer can tie the client to a particular HW or place. People upgrade, travel, work from home, coffee shops, airports, etc. So you've sold an expensive license to a customer. What prevents 2 or more customer's employees from sharing a login, even against the terms of the license? You can limit the number of concurrent sessions, but what if one user is in NY and another in Tokyo? They work different hours and won't interfere with each other. Thus, such a token is a revenue generator, probably more so than authenticator.
Of course a crafty commentard can find a way around such an obstacle with today's technology. Say, the NY employee does not log off, and the guy in Tokyo accesses his computer with one of the multitude of tools and has full control. That's full control of the NY computer though, not of a single application.
Re: So you don't want any airbags then ?
"You could try wearing a seatbelt."
Seatbelt tension is governed by microcontrollers...
Re: Google worse than NSA
@AC: "If I don't use any Google service, then Google cannot create a profile and view what I do."
This is repeated so often that I feel compelled to repeat (with a lame pun that is not actually intended but will probably be noticed): Yes, they can!
You send emails to people and/or companies that use Google services. You visit websites that may use Google services. You may exchange information - documents, files, what not - with organizations that use Google services. Google can create a profile for you without you ever signing their ToS. Your problem is that other people use Google.
Think of them as a contractor for every CCTV camera everywhere. You are not a customer of theirs but your municipality and your local businesses are, so if you walk along a street or enter a shop or a bank they will have it on tape.
The difference lies in what they can do with the information they gather. Google cannot (yet?) infringe on your freedoms and rights to the same extent as a government can. In my mind, this does not mean that everything Google currently do should be allowed, and there is a strong potential for abuse beyond intentions.
I'd say, intuitively, that laws limiting the lifetime of stored information would be a big step in the right direction (including phone companies' datasets going back dozens of years, not just Google). Including destroying backups save for historically relevant information. Historically relevant information should be specifically created as such (think books or articles or specifically designated archives such as civil registers), accidentally collected metadata do not qualify. "The right to be forgotten," if you will.
Re: WTF is "tiles"?
> This is the 9 "tiles" that appear when you open a new tab.
I just get an empty window... I'll assume that I have not installed FF for a while then, just upgraded it while keeping personal configurations. The only important thing (to me) is that this is not some AdBlock-circumventing conspiracy.
WTF is "tiles"?
I have no idea what this thing called "tiles" is. Is it something I disabled - and forgot - years ago? Or is it something they are going to introduce (and bypass AdBlock+ etc.)? Is this about the "Tile Tabs" add-on that Google has just found for me and that I have no intention to install anyway? That would be a relief...
Does not sound "personal" to me at all
I'll admit that I have not studied the details of the case. But it does sound to me that the junior staff involved were acting in a professional capacity, on behalf of their employer, in this case a public authority, though it might have been a private business under different circumstances.
I expect a person I am dealing with to introduce himself/herself, which is just common politeness. I expect to be able to refer to him/her by name if the issue I am trying to resolve is referred to another person. I expect to get enough information to understand the area and the extent of the person's competence and/or authority. I expect any written communication to be signed with the name and the title of whoever wrote it. I do not need personal details such as the person's home address, FB login, or personal mobile number. I deal with him/her as a representative of the organization. Oh, and by the way, if he/she is, say, rude to me or otherwise behaves less than professionally, I expect to be able to complain against him/her personally. Though an actual person is involved the context is not personal at all.
Is it possible for a disgruntled customer to Google Sigourney (or hire a PI, for that matter), find out all sorts of personal info, and, if the customer is crazy enough, do something nasty to her personally if he thinks that she is to blame for delay/denial/whatever? I suppose it is. Is this potential hazard serious enough to scrap all the norms of human and business communications? I would hope not.
It is not clear why the gentleman with a very unusual name had to resort to FOI to get the names of the people who handled his case at FSA in the first place. Had he just forgotten to write them down or does it say something about FSA's practices?
"If a report published in the New York Times is correct, all Edward Snowden did to create his library of thousands of classified documents was run wget in recursive mode, and let it grab whatever documents were visible from his machine."
Hmm... I actually clicked on the link to the NYT "report": it specifically states that while "then-PFC" then-Bradley Manning used wget Snowden used some unspecified but more powerful "web-crawler", whatever that was, that "functioned like Googlebot".
It is certainly provocative to El Reg's audience to attribute the haul to "wget -O -r" (actually, probably "wget -x -r"...), but this is not what TFA says. Sloppy...
Re: Is it possible for "crypto currencies"
"Imagine if real currency had an unusual number of phony coins, not just physically circulated for purchases and debt settlement, but for containing microdot-like transmission of dead-drop-valuable info."
Someone already did imagine that: Hermione Granger's phony galeons in "Harry Potter".
"ANY government would want to shake that money tree and drop those coins into a forensices hopper."
And Hogwart's Administration did.
Sorry, but I had to chuckle (and warn anyone thinking of a juicy patent that J.K.Rowling was the first).
Any sufficiently advanced technology is indistinguishable from magic...
Linux on Macs and Android on iPhones
@Mark Southcombe: "And Mac's should run Linux!"
I assume they still do. Years ago I grabbed an unused G5 from under a co-worker's desk and installed RedHat on it. My intent was to play with PowerPC's LPARs (Intel didn't have HW virtualization support yet). I quickly learned that Apple had made IBM disable the virtualization features in PPC970, which otherwise would be a perfectly good POWER4. Kinda obvious once you learn which side of Apple's sliced bread is buttered, but on that occasion the possibility that a HW company would deliberately cripple its own CPU didn't occur to me in time. I made the G5 a (Linux) development server instead. Servicing it, compared to IBM/Lenovo PCs, was a pain, as I recall.
Back on topic: how crippled would Android be on iPhone HW? NB: no criticism actually intended - iPhones may have been specced with iOS design in mind, which I would assume may be very different compared to an Android phone designed to run a (more) open OS. Hence some stuff common on Android may be degraded on or difficult to port to an iPhone. Does anyone know?
Re: How much?
Sounds like you assume that the price tag scales linearly with radius. Why? I would expect at least R^2, but probably worse.
On top of that, if memory serves, LHC saved a lot of money by reusing the tunnels and much of the infrastructure of the earlier Large Electron-Positron Collider (LEP). It looks like digging the 100km ring will be a major expense.
At this point I suppose people are mostly waving hands rather than spending real money. The article mentions a 5 year long "feasibility study". That is an expense humanity can afford, I hope. And the intellectual exercise may well yield fruit by itself, too.
So a trick-cyclist in Singapore finds that out of 150 women - presumably mostly local in such small sample - the majority find men with wider faces more attractive? Can it be that they find wide-cheeked Asian men more attractive than longer-faced Occidentals? Or longer-faced Asians, for that matter?
Malware may be the least of your problems
"The State Department warned that travelers should have no expectation of privacy, even in their hotel rooms."
The NBC hack may have lost his breath over this, but if you go to Sochi - or to Russia in general - heed that warning. The bloody Soviets had in-room bugs and - more than occasionally - hidden cameras in virtually every half-decent hotel in their glory days, just to keep tabs on their own population. Surely no foreigner would ever be assigned a room without mikes or cams in the USSR. I rather doubt that Putin's FSB is any less "efficient", especially in all the hotels built for the games. The floor may be unfinished and the tap water may be brown, but the monitoring infrastructure is certainly there. Oh, and don't assume the hookers don't report to HQ.
That's before we get to comms intercepts and malware.
Re: The small ironies of life.
"Without enforcement, drivers take the piss and we end up with chaos and selfishness like in Rome or Bombay."
Or maybe not, as proponents of "shared space" argue - and implement with reasonable success in Europe (notably in the Netherlands, but even in some places in Blighty) and beyond:
V2V vs. on-board sensors
My knee-jerk reaction is that only on-board sensors can be relied upon to affect automatic actions such as braking. One cannot rely on an external signal (V2V) at all. Even just alerting the driver through V2V may be questionable - someone may decide to spoof the signal to spook or just annoy a driver. Besides, once on-board sensors are installed there will be no need for V2V for collision prevention at all. (V2V+relaying may improve traffic flow, provide information on traffic conditions, etc., stuff Waze does for you today in exchange for personal identification / location info / snooping / ads / etc.)
Re: Privacy? Easy.
Why is there any need for an ID at all if the goal is to alert the driver to a possible collision? If the car gets signals with position/speed/direction data (plus maybe vehicle type such as private/van/light truck/18-wheeler) from the vehicles in the immediate vicinity it should be able to create a representation of what is really happening. No need for an ID, no need to keep the info, etc.... Anything else has purposes other than safety, IMHO.
Content data numbers?
Can anyone clarify whether the quoted content data requests are FISA-related or not? FISA covers just foreign intelligence / terrorism, right? Thousands (tens of thousands in the Yahoo! case) of users whose content data was requested under FISA every 6 months would mean that an awful lot of suspected terrorists and accomplices hang out on GMail and Yahoo! and FB (just Americans? or do the Feds request data on foreigners as well?). If these requests are not just FISA-related but include every kind of criminal investigation, missing persons, whatever, then the numbers do not look quite so frightening.
Life is the art of tradeoffs. Looks like you really need usable email/web (and apps?) on your phone, that is tough with dumb- or featurephones. On the other hand, after a few years with a smartphone I keep thinking of pulling my old Nokia (still have 6310 and 6230, unless I mix up the model numbers) out of the bottom drawer, since apps are not an issue and email/web are nice-to-have only. Wins would include size, weight, battery life, a much better integrated calendar (today to create a reminder to call John Smith at work I use a 3rd party application, and the reminder does not show up in the calendar, which the calendar has no integration with contacts - Nokia had it right), quick profile switching.
I don't recall any problems syncing or importing VCFs into contacts - have things changed to the worse? And I always liked T9 - its predictive quality was awesome (at least in 3 languages I used reasonably often). While probably not quite on a par with a 4" smartphone's on-screen keyboard it was quite usable for texting, searching for contacts, and even short memos.
I'll admit that I have only skimmed the article, but the described technology and the quoted performance do not seem to be competitive with InfiniBand...
Situations where a speeding car's engine can be shut down safely without the driver in control (hmm... the driver will almost certainly panic and he/she will still be able to steer, right?) are so few and far between that the mind boggles at the idea. That is before one considers the assumed infallibility of the devices themselves, of the control infrastructure, of the network, of the "operator", of the other drivers on the road (out of the camera's FoV and not expecting anything), etc. Just how many thefts and robberies will result in injuries and deaths?
And to add insult to injury (sic!) it is the public who will pay for this, be it through a mandatory additional charge at purchase or through taxes or both.
See $SUBJECT ...
Ballmer as basketball coach?
Do they play with chairs now?
Re: Look you have all taken this the wrong way.
"Always assume that if an official government spook wants to spy on you, they can and there's nothing you can do about it. They can bug your home, shadow you all day and tap your phone, and you'll never be any the wiser. If you ever want to do anything that would be of interest to those sorts of people, keep that in mind."
There is a difference between "they can if they want to" and "they do even if there is absolutely no need to". I don't do anything that can possibly be of interest to the security services (no, posting to The Register under a pseudonym does not count), so why are they spying on me? Surveillance state is not what I, for one, think the UK (or the US, for that matter) should be, even if it can be.
[I]s Cameron a stupid piece of shit or an evil piece of shit?
Never attribute to malice...
What do they say in Michigan?
If memory serves, the Michigan State Legislature was awarded the Ig Nobel prize for Visionary technology for making it legal to WATCH THE TELLY while driving. http://www.improbable.com/ig/winners/#ig1993, Michigan House Bill 4530,
Public Act #55, signed into law by the Governor on June 6, 1991 (I don't know if the Bill is available on the Interwebs or if it has been amended/repealed since then).
Re: Linux should still be pretty secure
Unfortunately, java applications frequently run as root, usually with no good reason or with a reason that is limited in scope and can be avoided. If such an application (and/or the underlying JVM) is vulnerable then it is not inconceivable that something will be inserted into /etc/init.d and enabled. It is also not inconceivable that it will not be noticed for a while.
Note that there is no setuid in java. You cannot do what you need with enhanced privileges and relinquish them, limiting the target for malware. Not in pure java, anyway: you can call setuid() with JNI, but that is not pure java and is not typically included in the toolbox of the average java programmer.
So, while Linux is quite secure by design (e.g., /etc/init.d is owned by root out of the box, no need for an admin to "harden" it) it won't help much if the admins disregard vulnerabilities one after another, e.g., install a vulnerable JRE and run random java code with root permissions.
Re: Shortening the remediation Window
@AC: "Linux is no panacea, given it's from them we got the term "pwning" and "rooting" as euphemisms for privilege escalation."
I don't think anyone argues that "Linux is a panacea", but you are utterly wrong about its relation to "pwning" and "rooting". The former apparently derives from adjacency of "p" and "o" on English keyboards. The latter is an Android term not related to security at all (you can argue that rooting an Android device is "privilege escalation", but it is not "hostile privilege escalation" that the context implies).
@Titus Technophobe: "So, you think this intrusion into "ordinary" lives can prevent tube attacks by extremists. So why did it not work?" - "Have there been any attacks on the tube recently?"
No, but that is because I am wearing a bell around my neck, no thanks to mass surveillance. Terrorist attacks have not stopped: the killing of the soldier in Woolwich by two maniacs is but one recent example. My bell is not designed to help with that, sorry. Surveillance was supposed to help, but didn't.
Untargeted mass surveillance is also an old school way of doing things. In the past it was not closely associated with the United States of America though, but rather with other countries with extensive security apparatuses. It was rarely, if ever, in the arsenal of regular plods, unlike following up on tip-offs. The official justification of "fighting external enemies" is very old school as well.
The preferred approach in those other countries was labour-intensive rather than technology-intensive, the technological foundation is the only "innovation" the US can chalk up. To put it in terms sadly familiar from our own industry, no "business process" patents will be awarded - just a "one click" one.
Why minimal bonus is not zero
At IBM the bonus is in a range between some minimum and some maximum that depend on where you are in the food chain. The actual annual figure is calculated according to a formula that is a combination of your personal success, your division's success, and IBM's success. If on all three levels the year was very successful you will get the maximal bonus (or close). If the year was lousy for your division and for IBM in general AND you are deemed a slacker by your boss(es) you will get the minimal bonus (or close).
Why minimum != 0? Basically, it reduces your "base salary" that is used to calculate various benefits that IBM may or may not pay you in various jurisdictions. Any payment that is a percentage of your salary is computed from the base pay only (typical example: severance pay in case of termination).
If there are additional tax or other considerations for IBM I don't know. I assume that in most places base+bonus is the employee's income and is therefore taxed in the same way.
The above is for many (all? dunno...) regular IBM employees. I suppose the top executives like to pretend that they are just like the common folk, and their bonus structure is similar (it may be a larger proportion of the overall pay - I don't know). Thus, forgoing any bonus and taking home just the base salary and the associated payments/benefits is understood by poor Joe Q. Ibmer without detailed explanation, regardless of what he might think of the significance of the step.
Does this mean that no one can market candy apple red or candy pink bathrobes anymore? A lot of people, including some famous designers, may object (I just googled for fun).
I assume films with "candy" in the title (or as the first name of someone in the cast) can still be released. Someone tell Robert De Niro et al. to change the title of Candy Store (maybe to Candy Crush as it is a thriller?) before it's too late.
Seriously though, I do realize that one can trademark a word in a particular context related to a recognizable product. But what does the stupid game have to do with bathrobes or DVDs, FFS?
@NightFox: I seriously doubt rape seed oil trading was as much as the rounding error of the overall losses, given the normal, matter-of-course, business-as-usual vocabulary of your average banker.
FWIW, I remember when "business-appropriate" filtering was introduced in the messaging system of one of the world's major global financial information networks - the one whose owner later became the Mayor of New York City, if you really must ask. The effects were splashed over the front page of the Wall Street Journal, as I recall (in the 90ies - the paper didn't even belong to Murdoch then).
One conspiracy theory was that the real purpose of the filtering was to block the famously foul-mouthed company owner (he was not a politician yet). But the most noticeable effect was the frantic experimentation, on a *massive* scale, by everybody and his sister to see what would and what would not be blocked. In many different languages. For many days. Probably at the expense of real work.
Re: Somehow I don't think so.....
Nah, Middlesex is no problem, it's the other sexes that will be filtered.
- Updated Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
- Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
- Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
- Pics Audio fans, prepare yourself for the Second Coming ... of Blu-ray
- Microsoft: Windows version you probably haven't upgraded to yet is ALREADY OBSOLETE