* Posts by Michael Wojcik

5704 posts • joined 21 Dec 2007

If at first or second you don't succeed, you may be Microsoft: Hold off installing re-released Windows Oct Update

Michael Wojcik
Silver badge

Re: Cannot reproduce the net share issue...

I rather suspect that Microsoft is mucking around in SMB again, probably in an attempt to rearchitect/reengineer it yet again.

I believe the issues with SMB mounts not reconnecting is due to activating the Hardened UNC Paths feature by default. So it's not "mucking around in SMB" in the sense of altering the protocol itself, but in adding security features to their SMB client implementation (which it desperately needs, of course) which break some existing connections. But I admit that's a subtle distinction.

The October update broke Group Policy Updates to my corporate laptop, for example, because of an authentication failure. (I didn't bother investigating further to figure out which machine was failing to authenticate the other.) I had to configure HUP in Group Policy (on the client) to not require mutual authentication for SYSVOL shares to get it to work.

There are various articles online discussing the issue.

0
0

Empire state of mind: NYC scatters palm leaves for Bezos' cloudy web shop juggernaut

Michael Wojcik
Silver badge

Re: DC and MD are the big winners

the realization of how bad it was for the state is the main reason Walker lost his re-election bid last week

That's a cheerful thought, but is there any evidence it's true? I'm not saying it isn't, mind, but it seems rather more ... aware ... than what we generally see from much of the electorate, based on polls and such.

0
0
Michael Wojcik
Silver badge

"Need" doesn't enter into it. Big businesses can get tax breaks, so they do.

0
1

Oi! Not encrypting RPC traffic? IETF bods would like to change that

Michael Wojcik
Silver badge

opportunistic TLS

The usual problem with opportunistic TLS (client offers to use TLS, e.g. with a STARTTLS message as done in this I-D, and sees if the server will accept it) is that a man-in-the-middle can just reject the offer and force the client to downgrade.

A quick glance over the I-D suggests that in this case the MITM would either have to intercept the conversation and forge the rejection, or replace the client's authentication message with AUTH_NONE, which should fail safe (i.e. the MITM could just start its own AUTH_NONE session if it wanted). So the downgrade would only work if the MITM sent a rejection, the client downgraded, and the server was configured to accept a non-TLS connection.

Still, that's far from ideal. If the server is supporting non-TLS for compatibility, a MITM can force any compliant client to not use TLS.

It'd be good if the protocol had a downgrade-detection mechanism like TLS_FALLBACK_SCSV, but I don't think there's any integrity-protection mechanism available if TLS (or other encryption mechanism like SECRPC) isn't used which can prevent the MITM from removing the downgrade signal.

But all that said, opportunistic TLS prevents a passive attacker from snooping, so it has some value. And it can help with a phased migration to an always-secured configuration.

0
0
Michael Wojcik
Silver badge

Re: Was RPB ever meant to be exposed over a public network ?

any security failure in TLS itself is going to open a yawning canyon in the overall security for all computing. I've no idea if/when that might happen, but we've been surprised that way before.

Er ... there have been many failures in TLS, both in the protocol and in the implementation. CRIME, BREACH, Lucky13, Logjam; MD5, RC4, and RSA weaknesses; Heartbleed and goto fail... I could go on.1 Every SSL/TLS protocol version prior to TLSv1.2 has serious published vulnerabilities. Many of the suites still available in 1.2 have major issues. Many applications continue to use known-broken implementations. Many applications that use implementations without known severe or critical bugs do so incorrectly.

And then there's the ongoing complete fucking disaster that is PKIX.

1A couple of years ago I did, in fact, go on at some length on this topic, in a presentation for ISSA. It's probably available on their website somewhere.

0
0
Michael Wojcik
Silver badge

Re: Was RPB ever meant to be exposed over a public network ?

This vulnerability can be prevented by using a VPN between your sites.

Until you have an attacker in the network, in a position to monitor or interpose traffic, but not yet with comprehensive elevated privileges. Then RPC becomes a fine way to pivot and escalate.

The egg network-security model (hard perimeter, soft inside) lacks defense in depth, as many organizations have learned to their sorrow.

1
0

Ethernet patent inventor given permission to question validity of his own patent

Michael Wojcik
Silver badge

Re: So why was it granted in the first place?

I figured his departure just wasn't all that newsworthy. While he was in office, he was a danger; once out of it, he's just a historical curiosity.

And, of course, summer is the Silly Season and staffing is reduced by people taking holidays. (I know I sent the Reg one tip for a story and got a response saying they didn't know if anyone would be available to research and write it, due to seasonal backlog. I sympathize.)

0
0

Alexa, cough up those always-on Echo audio recordings, says double-murder trial judge

Michael Wojcik
Silver badge

Re: Latest advice

"Release the man-eating tiger!"

1
1
Michael Wojcik
Silver badge

whatever smartphone, also with wake word, you wander around with these days

It's easy enough to disable the Android wake-word function. That does appear to prevent any visible reaction to it. Whether it prevents background recording is another question; hard to tell without rooting the phone and hooking some APIs, which is more effort than I'm going to go through right now.

Devices like the Echo, on the other hand, exist for precisely this purpose. For people who don't want "digital assistants" listening to them all the time, there's no reason to have one of the damned things.

1
0

Oi, Elon: You Musk sort out your Autopilot! Tesla loyalists tell of code crashes, near-misses

Michael Wojcik
Silver badge

Re: Whisper it…

My wife and I actually own a Tesla Model S in real life. It's been our only car for two years now. That makes me relatively well qualified to comment on it.

"Everyone generalizes from a single example. I know I do."

4
0
Michael Wojcik
Silver badge

Re: Whisper it…

The customers didn't want electric cars because the manufacturers said they couldn't have a long range.

"Hold my <burp> beer" - 400 miles

400 miles is "long range"? Not in the US it isn't. It's medium-range at best. I drive over 400 miles in a day once or twice a month, on average.

The longest daily drive I make on a regular basis is around 850 miles, so with a 400-mile-range EV I'd have to recharge completely twice.

400 miles is good range for an EV. It's certainly sufficient for many use cases. But it is not "long" range.

3
1

Another Meltdown, Spectre security scare: Data-leaking holes riddle Intel, AMD, Arm chips

Michael Wojcik
Silver badge

Re: Basically the mfg *promised" both speed and security, but couldn't deliver them

I wonder how many process crashes over the years could also be traced to miswritten code influencing another process and crashing that instead?

From transient-execution side channels? None, barring major CPU bugs that have mysteriously gone unreported.

I think you do not understand how Spectre-class attacks work.

1
0
Michael Wojcik
Silver badge

Re: And in other news

Rings a bell.

0
0

Scumbag who phoned in a Call of Duty 'swatting' that ended in death pleads guilty to dozens of criminal charges

Michael Wojcik
Silver badge

Re: Fractured

It's a subtle, but important, difference in semantics.

Really it's just the difference between the mode and the mean.

0
1
Michael Wojcik
Silver badge

Hopefully, the great publicity surrounding this particular trial will serve as a deterrent to any other epsilon semi-morons out there who are considering following their misguided example.

We can certainly hope it will deter some, but swatting is common enough that some police departments are taking measures to counteract it (finally), and like any country the US seems to have an inexhaustible supply of morons.1

Krebs noted that the idiot who (successfully) swatted him got 3 years probation, while some members of the gang that sent heroin to his home and "tipped" police were sentenced on unrelated charges. The sort of people who do this won't be deterred by the thought of probation. And note there have been two other attempts to swat Krebs, and he's just a well-known security researcher.

I think the real lesson here is: don't play multiplayer online video games. That seems to be the number-one attractant for such morons.

1Those who are so inclined may recall the relevant Einstein quotation at this point.

2
0
Michael Wojcik
Silver badge

Re: Hostage situations...

Actually, he's not even doing that : if he wanted to get his friend killed, he'd have given them HIS address

It's not clear what you're trying to say (the antecedents of some of your pronouns are unclear), but it's almost certainly not what happened in the Finch case.

In brief:

1. Two young idiots, Viner and Gaskill, were fighting over some idiotic thing in Call of Duty.

2. Viner asked Barriss, who has form, to swat Gaskill.

3. Gaskill dared Barriss to do it, and gave him an address where he (Gaskill) had previously lived. This is where Finch and his family were currently living.

4. Barriss made the swatting calls to Wichita PD.

It's not clear what exactly any of the Three Assholes thought would happen. ("Thought" may be too strong a word to describe their mental processes.) Clearly they all share some culpability. Of course the police, as the only adults (besides Finch) actively involved, do so was well.

poor police training leading to frightened officers, panic reactions and trigger-happy result

Frankly, based on the evidence released to the public, I don't see much sign of significant fear (not enough to impede rational thought) or panic among the officers on the scene. What I see is a lot of adrenaline and machismo. They were there to Take a Bad Guy Down.

1
0
Michael Wojcik
Silver badge

Re: Hostage situations...

Since the alleged shooter called 911 (multiple times) there's a pretty good chance he would answer´if it was real.

Not even 911. Since Barriss was swatting from another state, he had to call the police on a regular department number. Which, as many security experts have pointed out, the police should have treated as a reason to consider the calls suspect, and exercise additional caution. They did not (as is clear from the excerpts of the interviews that have been made public).

Finch flinched and that was it.

Only 10 seconds after he emerged from the house. He probably never had a clue what was going on.

There was no real attempt by the Wichita PD to de-escalate. According to the report of the sergeant in command at the scene, as soon as the door opened "multiple officers began yelling", and the sergeant elected to try to get Finch to "focus away" from them by "screaming louder".

So, essentially: There's a commotion outside. Finch steps out. There's 10 seconds of multiple people screaming at him, and then "Officer #1" shoots him, from across the street, with a rifle.

We have a word for a group that behaves that way: "mob". That's not good policing. It's not policing at all. It's just the state exercising its monopoly on violence, and it's the direct result of the past few decades of militarizing the police and fear-mongering.

Yes, confronting a possible killer in a possible hostage situation is dangerous. That's what you sign up for when you put the badge on.

I have no animosity toward the police in general. It's a necessary function. My best friend is a reserve police officer. The police in the city where my main residence is have been great, and the department near my other residence is pretty good. But there are far too many places in the US where screening, training, and procedures are criminally inadequate, and the judicial branch has largely abandoned its oversight duties.

2
0
Michael Wojcik
Silver badge

Re: So the police bear no responsibility ?

It remains to be seen.

The county DA decided (not quite four months after the shooting) not to bring charges. So there won't be any criminal liability for the police officers involved in Finch's murder.

However, the last I heard, the family was still pressing a Federal civil rights and/or wrongful death suit (various news agencies have conflicting reports) against the police department.

In the US, frankly, a civil action like this is far more likely to be brought, and to succeed, than criminal charges against the police. Because of the adversarial nature of the US judicial system and the predominance of plea bargains rather than trial convictions, prosecutors have extremely close ties to the police forces. (See The Chickenshit Club for more background.) Couple that with the fact that the various local and state prosecutorial offices are now widely treated as stepping-stones to higher political office, and the candidates that emerge from them appeal to the "law & order" fear-fetishist rabble, and you can see why there are relatively few prosecutions (below the Federal level) of police officers and very few convictions.

2
0

That Old Time 2018 IT songbook: Verity, Verity - give us your lyrics, do! We're half crazy, all for the love of you

Michael Wojcik
Silver badge

Re: Great stuff, Verity!

My favourite Tom Lehrer is "The Irish Ballad"

Thanks for reminding me - it's been years since I've sung that for Granddaughter Major (now quickly closing in on her sixth birthday). She should be particularly appreciative of verse four now that Granddaughter Minor has appeared on stage and is taking the spotlight.

0
0

OK Google, what is African ISP Main One, and how did it manage to route your traffic into China through Russia?

Michael Wojcik
Silver badge

Re: Put your life in the cloud

All these people and companies who, like me understand nothing about the global infrastructure, but who, unlike me are prepared to stick their life and work on a remote server somewhere.

Yes! And the fools rely on shipping companies to move goods! And telcos for communication! And utilities to provide electricity! And banks to provide a financial system! And governments to maintain civil order!

When will they learn? You can't rely on anything. Just give up now.

3
4

It's November 2018, and Microsoft's super-secure Edge browser can be pwned eight different ways by a web page

Michael Wojcik
Silver badge

Re: if an open source project had MAJOR flaw rates like this

the idea that making the source available automatically guarantees quality let alone security has been debunked long ago

Yes. There's broad agreement in the infosec community that the "many eyes" theory does not hold water. While it's certainly useful to security researchers to have access to the source, and while there have been some quite successful static- and dynamic-scanning projects run against large open-source codebases, the assumption that public source automatically leads to improved software security is simply not supported by the evidence.

8
0
Michael Wojcik
Silver badge

Re: if an open source project had MAJOR flaw rates like this

Since when was Windows 95 a rewrite? It was mainly DOS + MFC.

Not really. Win95 was mainly W4WG (Win 3.11) plus a push to use MFC (which was introduced in '92). For Windows/386 in Enhanced mode and later - so including W4WG - DOS was used only as a bootloader; Windows was in fact the OS once the system got running.

Windows 3.1 introduced win32s, a subset of the 32-bit NT APIs. It was substantially different from Windows 3.

So while I'll agree that Win95 was not a ground-up rewrite, it wasn't "DOS + MFC", either.

2
0
Michael Wojcik
Silver badge

Re: I'm tired of making this response as well

What exactly is your point?

All competent national governments have infosec agencies that actively seek vulnerabilities in common software. The larger governments are, of course, quite good at it; they have the resources to throw at the problem.

Everyone in the infosec community is perfectly aware of that. It's a commonplace. There doesn't need to be an article discussing it, just as there's no need to have an article arguing that access controls are a good thing, or that cryptography can improve data confidentiality.

If you're arguing against public disclosure, I don't see how your claim supports that thesis. If you're arguing something else, then, frankly, I don't see what your thesis is at all.

8
1

Russia: We did not hack the US Democrats. But if we did, we're immune from prosecution... lmao

Michael Wojcik
Silver badge

Re: So, what's in the emails?

Surely, if they were the best choice for Government, even their private emails should not cause [offense].

Oh, that's just adorable. Come on, give us another one!

3
3

Just a little heads up: Google is still trying to convince everyone that web apps don't suck

Michael Wojcik
Silver badge

Re: insanity is doing the same thing over and over again and expecting different results

I therefore find the definition useful ...

I suppose for people who fail to understand psychology - the psychology of random reinforcement, for example - a wildly incorrect definition of "insanity" would indeed seem "useful".

1
0
Michael Wojcik
Silver badge

Re: insanity is doing the same thing over and over again and expecting different results

an obscure novelist called Rita Brown

Rita Mae Brown may well have coined the "doing the same thing" cliché (and it is indeed a marvelously annoying one), but she is by no measure "obscure". Anyone with even a passing familiarity with twentieth-century US literature should at least recognize her name.

1
0
Michael Wojcik
Silver badge

Yes. It'd be nice if house styles everywhere were updated to ban this idiotic cliché. It's as tiresome as snowclones or citing the dictionary.

0
0
Michael Wojcik
Silver badge

Re: Web app? No thanks.

PWAs are great additions to websites

Why? What's "great" about them?

3
0

Stay classy: Amazon's Jassy gets sassy with Larry

Michael Wojcik
Silver badge

Re: "It took 9 years for Oracle to get to PL/SQL"

just remember what databases were before Oracle

What, you mean System R? INGRES? MRDS?

Or, y'know, if relational DBMSes aren't your thing - SYSTEM 2000 (hash-pointer), IMS (hierarchical), various CODASYL (network-index, such as IDMS), and so on.

Oracle was the first software vendor dedicated to an RDBMS product. They were the first to bet the farm on the relational model and push it hard. They weren't the first to sell an RDBMS or make one available for free. And while the relational model unquestionably had certain advantages over network and hierarchical databases, those earlier approaches did well on the modest hardware of the day and were suitable for many use cases.

0
0

Junior dev decides to clear space for brewing boss, doesn't know what 'LDF' is, sooo...

Michael Wojcik
Silver badge

Pointless Shibboleth o' the Day

I am annoyed for no good reason when people refer to SQL Server, a Microsoft DBMS product, as "SQL", which is the name of a standard language for expressing relational database queries and other operations. I knew SQL. SQL was a friend of mine. And you, SQL Server, are not SQL.

I would like everyone to refrain forevermore from doing so, beginning immediately.

Thank you.

2
1

FCC Commissioner slams San Jose mayor for not approving 5G cells… then slams him for approving them

Michael Wojcik
Silver badge

Re: It's not idiocy

Yes, but that doesn't mean Brendan Carr isn't an idiot. Available evidence, courtesy of Twitter, suggests that indeed he is.

It's perversely entertaining to watch Pai, O'Reilly, and Carr compete for Stupidest Public Statement of the Week.

1
0

OK Google, why was your web traffic hijacked and routed through China, Russia today?

Michael Wojcik
Silver badge

Damn, that sounds so simple. I wonder why US telcos don't give a damn like that ?

Because it's not that simple.

As I mentioned just the other day, AS routing is a big, complicated problem, which many experts have been examining for many years. (Bellovin's original paper on the subject was published in 1989.) "Drop all BGP announcements from your peers" isn't a good strategy when you may need to adopt changes published by other ASes.

There are a bunch of mechanisms (prefix lists, communities, etc) for filtering BGP, and they're widely used. They can't solve the general problem. In fact, the 2008 Pilosolv & Kapela attack (which introduced BGP interception to the public) uses filtering as a critical component - they construct prefixes so that the victim AS will forward traffic to their AS, while some other ASes retain the original, valid route, so they can forward it on.

Now, it's true that Kapela claimed at the time that "aggressive filtering" by ISPs could prevent BGP hijacking. But he was talking specifically about certain classes of attacks; the filtering would be expensive and require frequent maintenance; and all ASes on the path (for a given packet) would have to implement it for it to be secure.

If there were an easy, inexpensive fix for BGP hijacking, it would already have been implemented.

4
1

Townsfolk left deeply unsatisfied by Bury St Edmunds' 'twig' of a Christmas tree

Michael Wojcik
Silver badge

Lighting

Size isn't everything. It's the way it's decorated. Last year the tree was larger but it looked like the lights had just been thrown at it.

Too true. Personally, I feel volume lighting is the only way to go. Lighting just the hull of the tree is simply lazy.

On my trees, I start at the trunk, pick a bough at the bottom in the back, bring the light string out along it and wrap all the branches coming off it that are large enough to hold the string without drooping excessively. Then back along the bough to the trunk, advance to the next bough at the same level, and repeat until you reach the top of the tree.

Since that takes more strings than can safely be daisy-chained,1 I drop a couple of extension cords down the trunk to different heights, so I can plug additional strings in as I work higher up the tree.

My trees are typically around 8 1/2 feet high and 5 to 6 feet in diameter at the largest point, and I get 4000 or so lamps on them. If a tree isn't bright enough to read by, what's the good of it, eh? And there's something to be said for a massive cone of multicolored lights in the parlor to really convey the holiday spirit. (I use all solid lights. Blinking ones would be a bit seizure-inducing.)

Naturally I have all this running off a dedicated circuit with GFCI and AFCI protection. We always use Frasier firs and have a stand that holds a few gallons of water, which I top off twice daily. Adequately-watered Frasiers can last a long time; the tree's still flexible and moist when I discard it after Twelfth Night. The lights don't come near the ignition temperature of the tree but they could certainly dry out one that didn't keep soaking up water, and a big pile of well-aerated kindling is not really something you want in your house.

1The incandescent tree light strings sold in the US are generally rated for up to 6 strings of 100 lamps in a chain. I play it safe and go with one fewer than the strings are rated for.

3
0

Six lawsuits against FCC's 5G idiocy – that $2bn windfall for telcos – is bundled into one appeals court sueball

Michael Wojcik
Silver badge

Re: $270 per site per year

That's just part of the cost of doing business.

Yeah. I'm not seeing the problem here.

Of course, I don't give a damn if I never see 5G in my lifetime, either.

0
0
Michael Wojcik
Silver badge

Re: It ain't all about poor cities and states

"If it says I-280, it should be free."

Note to anyone visiting the SF Bay Area: Interstate 280 is NOT free, in fact it cost us tax payers quite a bit of money. However, there is NOT a per-use fee, so don't expect to find toll booths.

OP may have been referring to one of the other three I-280s (New Jersey, Ohio, or Illinois-Iowa). The three-digit Interstate numbers are not unique, and since I-80 runs coast-to-coast, there are plenty of I-x80 roads.

There are also two roads that used to be I-280s but were renumbered, according to Wikipedia.

In any case, I'm not sure what OP's point about the Federal Interstate system was supposed to be. The Interstate system is a collection of Federally-subsidized, limited-access, multilane highways. They're "Interstate" because they're supposed to facilitate interstate commerce, which is why there are Interstate highways even in both isolated states (that one in the middle of the Pacific and the one you can see from Russia), and even major (two-digit) Interstates in the Contiguous 48 that are confined to one state.1

There's nothing about the Interstate system that says states aren't supposed to be able to impose additional per-vehicle fees. The Feds subsidize Interstates - they don't pay the whole cost. Many Interstates in the eastern half of the country have tolls, including the Big One, I-90, much of which is tolled east of Wisconsin.

Offhand, the westernmost Interstate toll I can think of is I-70 outside Topeka, Kansas.

In any case, though, while I can appreciate that many people don't like toll roads, I can't see how this is specifically the violation of some compact, explicit or implied, between the government and the people. Indeed, I can't help but feel it makes a certain amount of sense to have road users pay a greater proportion of the cost of road maintenance. (I know, money is fungible and tolls only notionally go toward paying for roads. Still, this means people who drive on toll roads throw a few extra pennies in the pot.)

1OK, I may be exaggerating a bit, since the one I'm thinking of actually extends over two miles into a second state, and I don't have another example in mind. But close enough.

0
0

DXC: Everything is going to plan, too well in fact... we've chopped so many staff, our IT projects are now behind

Michael Wojcik
Silver badge

Re: "near shoring"

Perhaps it means they'll put people in ships in international waters, to avoid pesky regulations.

1
0

Supreme Court tells Big Cable to shut up for once: Net neutrality challenge shot down

Michael Wojcik
Silver badge

Re: Grammar Police

you don’t own English

Alas, English-usage prescriptivism is a religion, and you'll discourage few of its adherents with reason.

0
0
Michael Wojcik
Silver badge

Re: Let me understand...

Demagogues do not consider consistency a virtue.

Like Whitman, they contain multitudes - the better to convince multitudes to follow their bidding.

0
0

Foxconn denies it will ship Chinese factory serf, er, workers into America for new plant

Michael Wojcik
Silver badge

Re: In other news, Amazon played a dirty game with its new HQ...

Looking into Trump[']s history, despite doing the Apprentice, it turns out he's actually shit with business

Unfair, I think. Trump has been pretty successful at his business, which is extracting money (for himself) from investors to fund a lavish, if tasteless, lifestyle without consequences (again, for himself).

He's in an extraction industry. Those tend to leave a lot of damage behind. In Trump's case, the resource he's extracting is capital, and the environment he's trashing is a series of corporations. But those "businesses" exist only as a vehicle for his personal profit.

Trump operates in a middle ground between genuine investment and entrepreneurship on the one hand, and honest embezzlement on the other.

0
0

Oracle 'net-watcher agrees, China Telecom is a repeat offender for misdirecting traffic

Michael Wojcik
Silver badge

Re: Some good samaritan should fix this

If only the hundreds of people who work with and research Internet routing issues had thought of this!

Or, perhaps, they have, and it is not in fact "doable".

As it happens, there are quite a few people (and systems) who watch BGP announcements and sound the alarm about suspicious ones. There are Twitter posts when a suspicious announcement is made - see Madory's blog post, linked to in TFA. There's a whole complex theory about what makes a "good" route (starting with the "valley-free property", originally defined by Gao in 2000, and about which a great deal has subsequently been written).

Complex problems rarely have simple solutions. Complex problems being examined by a lot of smart people, with significant benefits attached to solving those problems, almost never have simple solutions - if they did, they'd already be solved.

0
0
Michael Wojcik
Silver badge

Re: Raises hand

Or blockchain!

Tigra 07 uses Trollface! Trollface fails!

Come on - you had to know someone had already proposed this. Indeed, lots of people have. This is one of those use cases where it might even make some sense - except, of course, blockchain settlement networks are routinely attacked using BGP partitioning hijacking.

Chicken, meet egg.

0
0

Mything the point: The AI renaissance is simply expensive hardware and PR thrown at an old idea

Michael Wojcik
Silver badge

Sigh

Here we have an author who displays a limited understanding of the subject, and an axe (hardware innovation) to grind. Of course the Reg Commentariat, which tends to curmudgeonliness and cynicism (not bad qualities) agrees.

Yes, popular accounts of ML research are overstated, oversimplified, and often incorrect. Yes, they employ vague and misleading metaphors. In what area of research is this not true?

And if you're going to object that ML algorithms don't display "creativity" or other anthropomorphized features, I'd like to see an applicable definition of those features. While we're at it, can Fentem or any of his commentard supporters explain how the human mind is anything other than the effect of a mechanism, and thus anything that is qualitatively different from a computable function?1

And a more specific objection: Fentem's claim "In other words, there has not been any significant conceptual progress in AI for more than 30 years" is bullshit, for any useful definition of "AI". Even a cursory review of several of the many papers on ML in, say, Adrian Colyer's blog shows that there has in fact been considerable conceptual progress in the field. Also, not all ML systems - not even all NN systems - use backpropagation; see the extensive research on gradient-free optimization of ML systems.

I do think that ML is in a bubble right now; that it's oversold and over-applied; that research is already demonstrating that our ML systems are much more fragile and considerably less compelling than they might seem when you just look at the shiny demos. But to claim that the field hasn't advanced in 30 years, or (more egregiously) that only some sort of vague, handwaved hardware approach can produce true innovation, is rubbish.

1 And no, I'm not buying Penrose's appeal to quantum effects. As Thomas Metzinger put it, "For middle-sized objects at 37°C, like the human brain and the human body, determinism is obviously true". I might consider "obviously" a bit strong, but the burden of proof falls to the non-determinists.

0
3

Facebook quietly admits role in Myanmar killing fields – but fret not, it will do better next time

Michael Wojcik
Silver badge

Re: Needed: prosocial data diode for amplifier

It is also noteworthy that most of the current sites reward short ill thought out rants over longer and more considered posts.

This is particular to these sites: it did not used to happen on forums predating facebook.

What in the world are you talking about?

Flame wars, personal attacks, and hate speech were quite common on Usenet and BBS forums. They happen frequently in older forms of web forums, such as the comments sections for blogs.

Early academic studies of online discourse pointed this out frequently. The famous special issue of SAQ edited by Mark Dery in 1993 on the subject was titled Flame Wars; flaming was already one of the most noted features of online discussions. (Dery subsequently enlarged FW into a book; it remains widely read.) I myself commented on flaming and discursive conflict in my piece in the 1994 "Geography of Cyberspace" issue of Works and Days.

Your prelapsarian world of courteous online discourse never existed.

7
0

Veracode Software gobbled by private equity house Thoma Bravo for $950m

Michael Wojcik
Silver badge

cautiously optimistic

This may be good news. The Veracode technology is interesting, and history suggests CA was unlikely to adequately fund continued R&D.

0
0

PortSmash attack blasts hole in Intel's Hyper-Threading CPUs, leaves with secret crypto keys

Michael Wojcik
Silver badge

Re: So much for trusted execution environments

Actually now wondering if I can ever rely on SGX given the constant drip-feed of side channel attacks

That's impossible to answer without the context of a threat model.

Security is not an absolute. It's an evaluation of relative probabilities, costs, and rewards under a threat model. SGX might well add sufficient cost, to all but extremely improbable threats, that it makes your system not worth attacking.

It's important to be aware of side-channel and other microarchitectural vectors, but we shouldn't treat them as a reason to conclude there's no possibility of security at all. Absolute security was never an option anyway, and new attack vectors just move some of the cost mass back to defenders.

1
0
Michael Wojcik
Silver badge

Re: Javascript

but it is easy to deny access to the precise timing features that would be necessary for this attack

Not as easy as you might think.

That said, a more plausible case here is that an attacker gains the ability to run code with reduced privileges, and uses this to extract enough bits from a private key used by a server to break the key, and then can impersonate the server.

It's a pivot vector.

0
0

What's that? SSH can still use RC4? Not for much longer, promise

Michael Wojcik
Silver badge

Re: Good for them but compliance will be another matter

The graphs end in 2008

That's even worse - there are still sites using 2008!

2
0

Which scientist should be on the new £50 note? El Reg weighs in – and you should vote, too

Michael Wojcik
Silver badge

Re: Not De Morgan?

I'm in two minds over John Venn

Surely you can find some middle ground.

5
0

Nikola Tesla's greatest challenge: He could measure electricity but not stupidity

Michael Wojcik
Silver badge

Re: country & western singers

Should it run over Beech before Ash, Horse Chestnut before Sycamore, Elm before Oak, on number 4 - the larch

Less of a problem in the US, where thanks to invasive pests we essentially no longer have many chestnuts or elms, and ash is on the way out too.

The loss of the American chestnut is particularly unfortunate. Those were huge, attractive trees that once represented maybe a quarter of all the trees in large parts of the Appalachian forests. They still survive in some isolated areas, where the blight hasn't been introduced or has been displaced by less-virulent strains, and various organizations have been working on varieties with better resistance to the blight.

Oak, on the other hand, we have plenty of. Run those suckers over.

1
0

Pirate radio = drug dealing and municipal broadband is anti-competitive censorship

Michael Wojcik
Silver badge

Re: Nothing changes

The US is governed by corporate morons

For morons, they're amazingly successful at achieving their aims. Don't ascribe to stupidity what is better explained by malice.

0
0

Forums

Biting the hand that feeds IT © 1998–2018