* Posts by Pascal Monett

6701 posts • joined 10 Apr 2007

Stunning infosec tips from Uncle Sam, furries exposed, Chase bank web leak, and more

Pascal Monett
Silver badge
Thumb Up

Moxie Marlinspike

Now that seems to be a name worthy of being put on my personal whitelist of people to pay attention to.

Encryption is a complicated affair and my own pathetic dabbling in that area has taught me that you need a solid mathematical mind to go about it properly - which I sorely lack. That's one good point for him, but an even better one is that he seems to have principles and is not afraid of standing up for them.

And for us at the same time.

Thanks for that, Moxie.

3
0

Software shortcuts: Pay down your tech debt. It's time to fix a price

Pascal Monett
Silver badge

Fail fast and fix it

"Agile development makes the idea of rapid failure much more acceptable because you’re looking at continuous improvement as a way to fail fast and fix it"

I can't help but think that this sentence contradicts the one later on that says that devs should say what they need from day one.

That said, I have worked on a few large projects myself, and no amount of planning can cover all the bumps you encounter during development. So, in a way, I concur with both statements in as much as you plan all you can beforhand, then you fix whatever potholes you encounter during development.

Still, all the articles I read about DevOps, this one included, make a lot more noise about developing, fixing, developing and fixing fast, rather than writing proper specs and having an execution plan that doesn't involve regular week-end marathon sessions.

7
0

Hey, you. App dev. You like secure software? Let's learn from Tinder, Facebook's blunders

Pascal Monett
Silver badge

Seems to me the initial premise was flawed

If all you need was a phone number, then there is no other information to tie a number to an account.

So duh, give any phone number and you're in. Yup, sounds obvious.

Ah, hindsight.

The point is, when cooking up a security mechanism, always check that simply replacing one element does not entail logging into another account. All elements must be present to log into the specific account they point to - if one is absent or wrong, you shouldn't be able to log into anything at all.

3
1

Bosch and Daimler jump in together on driverless vehicle tech

Pascal Monett
Silver badge
Flame

"No single company can build the Internet of Things itself"

No, but they can royally screw it up perfectly well on their own.

4
0

Bright idea: Make H when the Sun shines, and H when it doesn't

Pascal Monett
Silver badge
Coat

Re: "probably deter potential thieves"

Nope. It's called a challenge.

7
0

The YouTube crackdown on fake news: Promoting bonkers Florida school shooting conspiracies

Pascal Monett
Silver badge
Thumb Down

Re: "that premise has actually been debunked by none other than the VP of Facebook"

And that is such an authority on such matters.

On any matter, actually.

20
0

Use ad blockers? Mine some Monero to get access to news, says US site

Pascal Monett
Silver badge

Given that rooftop installations typically generate 5-10KW, I think he made a typo.

I his installation is indeed generating 4MW, his roof must cover a few hectares, in which case : Hi Bill G, nice of you to be posting here !

4
0

*Wakes up in Chrome's post-adblockalyptic landscape* Wow, hardly anything's changed!

Pascal Monett
Silver badge

If you have paid a subscription and you're still getting ads, you're going to the wrong sites.

26
0

Google's robo-CTRL-ALT-DEL failed, hung networks and Compute Engine for 90 minutes

Pascal Monett
Silver badge

Deeper we go down the rabbit hole

Finding out, bit by bit, another new failure point that does not act as we thought it would due to error conditions that were visibly not expected.

And it's pretty hard to expect that an automated process shutdown should not shut down the process - unless you use Windows and experience a process not shutting down even manually until you go to the Task Manager to kill it off. Once I had to power down the computer at the PSU in order to get rid of a pesky thingamabob that just wouldn't go away.

In other words, these things do happen, and the consequence here was a lot more important than could have been foreseen.

Makes me wonder if we ever will get a truly reliable cloud.

6
2

Microsoft reveals 'limitations of apps and experiences on Arm' – then deletes from view

Pascal Monett
Silver badge
Coat

Microsoft has altered a document

Pray it doesn't alter it further

14
1

Oi! Verizon leaked my fiancée's nude pix to her ex-coworker, says bloke

Pascal Monett
Silver badge

Besides, what kind of numbskull takes pics of the fugly parts ?

Topless pic ? No problem there.

Nude pic ? Why not.

Pussy pic ? Why ? Are you a dog ?

7
9

Oh sh-itcoin! Crypto-dosh swap-shop Coinbase empties punters' bank accounts

Pascal Monett
Silver badge
Trollface

I'm sorry, are you talking about actually planning something ? In the Internet age ?

What a concept.

7
0

Astro-boffinry world rocked to its very core: Shock as Andromeda found to be not much bigger than Milky Way

Pascal Monett
Silver badge

"By measuring the escape velocity, scientists have recalculated the galaxy’s mass and size."

Um, I don't get it. How can they get a proper escape velocity measure if they've gotten the mass wrong in the first place ? Seems to me that those two things are related in a specific way. It's like throwing a ball four feet and then saying it was a bowling ball.

Doesn't make sense.

6
0

If this laptop is so portable, where's the keyboard, huh? HUH?

Pascal Monett
Silver badge
Coat

Re: classic!

What's a 710 cap ?

20
0

Bloke sues Microsoft: Give me $600m – or my copy of Windows 7 back

Pascal Monett
Silver badge

Re: "you could go back for 30 day"

Um, kinda hard to go anywhere if the machine is bricked.

9
0

Look out, Wiki-geeks. Now Google trains AI to write Wikipedia articles

Pascal Monett
Silver badge

Change in article category title

Please rename the "Artificial Intelligence" category to "Pseudo-Artificial Intelligence".

That will make things more realistic, thank you.

3
1

PCI Council and X9 Committee to combine PIN security standards

Pascal Monett
Silver badge

Re: Obligatory XKCD

Exactly what I was thinking of.

1
0

Magic Leap's staggering VR goggle technology just got even better!

Pascal Monett
Silver badge

"evolved for millions of years into something that is many billions of years old"

With logic like that, I would definitely not give that man my money until cold, hard product is available.

Promises are nice, but when you start making too many, you undermine your credibility. And he has hit rock and is still digging.

20
0

UK names Russia as source of NotPetya, USA follows suit

Pascal Monett
Silver badge

So it was Russia

That is not an excuse for hooking up work PCs and servers to the Internet without proper protection in the first place.

Nor is it a cop-out for not training personnel properly.

Finally, it is a wake-up call : organizations have no reason to allow the use of USB ports or CD players. In more and more companies where I consult, I find that the USB ports have been disabled and the desktops/towers do not even have a CD tray any more.

Couple that with the threat of firing the person who clicks on a bloody link/attachment without thinking, and we have the start of proper on-site protection.

7
8

Crypto-gurus: Which idiots told the FBI that Feds-only backdoors in encryption are possible?

Pascal Monett
Silver badge
Trollface

A million politicians, a million typewriters, and we have found the copy that is actually interesting for defending public interest.

7
0

You're decorating it wrong: Apple HomePod gives wood ring of death

Pascal Monett
Silver badge
Trollface

Re: Lace Doily

On the contrary, Apple is just about to announce the HomePod Base, a $150 wireless charger that the HomePod fits perfectly into. Entirely innocuous to all types of surfaces (*), the HomePod Base is the must-have purchase for this Spring.

Don't miss your chance, order now !

*) Doctors recommend not posing the HomePod Base on children of any age.

19
0

Six things I learned from using the iPad Pro for Real Work™

Pascal Monett
Silver badge

Shh, don't rock the boat

They're so desperate to try and make those slablets important, don't ruin their illusions.

Those things have their uses, but when surfing, email and chat are in the top 5 apps to use, you take the rear of the line when actual work is concerned.

44
3

IBM declares it's the 'backbone of the world's economy'

Pascal Monett
Silver badge

Nope, not gonna happen.

IBM is part of the companies that write the law. Don't worry about those work agreements either - the courts don't have time to bother with that, they have The War Against Drugs to occupy them.

8
0

Icahn't get right Xerox Fuji merger spoils, cries activist investor Carl

Pascal Monett
Silver badge

And now he's whining like the spoiled brat he is.

I have never ever heard of that guy unless it was in some shareholder scandal that he's in the middle of. This bag of hot air is one of the most toxic useless people on this planet.

14
0

Yes, Assange, we'll still nick you for skipping bail, rules court

Pascal Monett
Silver badge

"I find arrest is a proportionate response"

Indeed. You can lock yourself up for as long as you want, it makes no difference to the law.

What this whole affair shows is how twisted the mind of that man is. His ego is probably just a byproduct of that.

31
4

Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Pascal Monett
Silver badge

That is exactly the problem. Those in charge are never held responsible for the goofs. I don't care who you are or how well you've been working for the past 30 years, if your department or company negatively impacts the lives of millions, you're talking the fall and it should not be to land on a cushion full of money.

Except, of course, that in a country where the laws are written by corporations, that has a snowball's chance of happening.

13
0

Facial recognition software easily IDs white men, but error rates soar for black women

Pascal Monett
Silver badge

So facial recog is not reliable for non-white skin

If I recall correctly, there's an issue in the USA between the police and black people. This is certainly not going to help.

It is a curious result, though. One would think that the color of the people who wrote the facial recog code doesn't matter, a process was thought of, agreed upon and implemented and there isn't any reason why code examining a face should have a harder time detecting skin tone variations in dark pixels than in light pixels. I think that this might be a sign that the cameras taking the pics are having a bit of trouble properly capturing dark tones. If the data in is insufficient, the data out will be flawed.

Maybe the coding teams can find a way around that, but it looks like it's going to be difficult.

11
0

Until last week, you could pwn KDE Linux desktop with a USB stick

Pascal Monett
Silver badge
Thumb Down

Um, looking at my Windows 7 install, that effing Autoplay is still there - even with all the options turned off.

So no, stuff like this is not thoroughly tested just because MSFT.

Generally, though, I have to agree that because Windows is still everywhere for the moment, whatever goes wrong on it is generally found pretty quickly. As for problems being corrected, that will depend on whether or not Microsoft decides to declare that it is a feature.

8
3
Pascal Monett
Silver badge

Absolutely agreed. Software is like the medical profession : beyond the common cold, you need a specialist to get a reliable diagnostic.

Creating an OS is not making a fart app for a mobile phone. Even making games has become a very complex undertaking, what with the predictive network code, world mapping and multiplayer handling, not to mention graphics and object interaction (with or without physics involved). There is no way a single human being can assimilate the particularities of each domain in what is commonly called a triple-A title.

You want code that a single person can understand ? Go for the 2D platformers in Early Access on Steam. That is likely to not be too complicated to understand because a lot of them are written by a small group of people. But if you get the code to Call of Duty, I'll wager you'll never get through it all.

So don't knock Open Source on such arguments. That simply doesn't hold up to reality.

13
2

Apple's top-secret iBoot firmware source code spills onto GitHub for some insane reason

Pascal Monett
Silver badge

@oldrusty

You had to drag Ukraine into this discussion, didn't you ? I see, Russia is pure as driven snow, it is the rest of them that are evil.

Of course.

Go tell that to Anna Politkovskaya. Or would you prefer some of her friends instead ?

0
0
Pascal Monett
Silver badge

Closed source code has a legitimate place in the market. As a developer, if I manage to code an application that has a market to sell to, I do not see any interest for me in posting the code on GitHub or anywhere else because that would remove any incentive to pay me for the application.

If, however, I want to create an application with the firm intention of giving away the code to ensure maximum adoption, I have the freedom of doing so.

On the other hand, I firmly believe that closed source is not the way to go in future for creating operating systems. Our computing platforms must be managed by things we can trust, and the only way to trust them is to have them based on open-source platforms.

Open-source platforms that will run the applications we need or want, whatever source the code is.

As for giving the owner root, on a PC I totally agree because I've been using one since the first IBM PC 8086. On a consumer item though, I can totally understand that no manufacturer wants to do that because customer complaints are already hard enough without allowing the clueless lusers the ability to royally fuck their hardware up and them come back complaining - which we all know they will do.

6
0
Pascal Monett
Silver badge

Re: "in [..] the "Communist" block, the party itself is not all powerful"

I think you have a rather nebulous grasp of what the Communist block is, and of how elections are held in those kinds of countries.

You might want to research that, for educational purposes, of course.

For example, are you going to maintain that Putin got elected for the people ? Did you actually follow his political career ?

I think not.

12
1

Ruskie boffins blasted for using nuke bomb lab's supercomputer to mine crypto-rubles

Pascal Monett
Silver badge

Re: Dosvedanya, nerdskis !

And you're not going to want to be in their shoes for quite a while, I reckon.

I don't think Russian prisons and methods have been upgraded much since the Soviet era, and these guys were fooling around in a top-secret, military-style location. The consequences will most certainly not be pleasant.

2
0

Winter is coming for AI. Fortunately, non-sci-fi definitions are actually doing worthwhile stuff

Pascal Monett
Silver badge

"We have only just seen the beginning of what AI can achieve"

No. What we are seeing is the beginning of what correlating and evaluating massive amounts of data can achieve with a bespoke program.

We are nowhere near AI and talking about improvements in translation, although impressive indeed, has nothing to do with AI and everything to do with better coding (meaning code that does the job better).

Besides, translation still needs a ways to go before you feed a text to Google Translate in English and get a proper German/French/Spanish/your choice version that does not need to be almost completely rewritten by a competent linguist to be up to par with the original version.

11
0

TalkTalk to splash £1.5bn laying full fibre on 3 million doorsteps

Pascal Monett
Silver badge

Yeah, but investors bought shares for the dividends, not because they're interested in the company's activity.

15
0

Talk about a hot mic: Dodgy Pixel mobe audio lands Google in court

Pascal Monett
Silver badge

Re: Crappy consumer laws in the US

That's what you get in a country whose laws are lobbied by companies.

33
2

PSA: If your security starts and ends with bug bounties, you're gonna have a bad time

Pascal Monett
Silver badge

"Uber has learned something from the public ignominy"

Yeah, it has learned it has to get better at hiding its activities.

I'm sorry but I do not, for one second, believe that an Uber exec can be "contrite". Just looking at the picture I am convinced that he just went through the motions, mouthed the words and scurried back to HQ to harass a secretary in order to wind down.

The fact that the guy looks like a creep is hardly surprising, he's CTO at Uber, the creepiest Internet scam outfit there is.

8
0

CLOUD Act hits Senate to lube up US access to data stored abroad

Pascal Monett
Silver badge

@veti

"The new bill would render this argument moot by adding a section to the SCA that says firms must pass on data in their possession, even if it is held outside the US"

Sorry, but there is nothing in that quote that gives anything to US companies.

4
1
Pascal Monett
Silver badge

"Lawful Overseas Use of Data"

The only lawful overseas use of data possible is respecting the laws that are in effect overseas. Yes, it is a nightmare for police in New York. It's supposed to be.

The fact that this bill handily disregards not only the above but also the framework that is already in place to grant access to personal data via diplomatic channels is simply the US being its usual bullying self. The fact that the title of the bill is actually the complete opposite of what the bill actually proposes is just normal US politics., par for the course.

Extraordinary Rendition got a bad rap and was put to pasture. Now we have Ordinary Data Rendition, and nobody gives a flying one.

I need a whiskey.

8
0

Unlucky 13 collared by cops hunting cyber-crew who stole up to $2.2bn

Pascal Monett
Silver badge

"as this case shows"

Oh really ? Nice to know. So all those Nigerian Prince mails are going to stop as well ?

I'm glad the law put an end to some criminal activity, but don't get carried away. You only got the guys because they got big enough to warrant however much money was spent on catching them. In multiple countries at that.

If that is what it takes to catch an Internet crook, I think the Internet is plenty safe for the small-time criminals who only bother a few thousand people with cryptomalware. And since that is being shelved in favor of virtual currency mining, there will be even less incentive to go after scum like that. After all, it'll be difficult to indict them for an hour of illicit CPU use. On the other hand, that's all they took, so . . .

2
0

I see you're writing a résumé?!.. LinkedIn parked in MS Word

Pascal Monett
Silver badge

I did delete mine. I still receive invitations.

Could someone please explain how that is possible ?

12
2

LISA Pathfinder sniffed out gravitational signals down to micro-Hertz

Pascal Monett
Silver badge
Thumb Up

"a separation of 2.5 million km"

Are they going to use lasers to keep things in line with that as well ?

Humanity is truly a thing of wonder. On the one hand, we have people capable of thinking of, designing and creating wondrous things like LISA, and on the other hand we have . . . let's not go there.

Thumbs up for boffins, once again !

3
0

MPs: Lack of technical skills for Brexit could create 'damaging, unmanageable muddle'

Pascal Monett
Silver badge
Trollface

Yeah, but that could still work by candlelight.

Something you might want to prepare for on your side of the Channel, if all those dire warnings carry any weight.

3
0

Oh FNZ, Aviva! System back up, still trudging through queries backlog

Pascal Monett
Silver badge
Coat

The "shiny new online pension system" . .

. . that was either not (sufficiently) tested, or not specced properly, or badly configured, or all of the above, but one thing is for sure : somebody did not do their job correctly.

I have the feeling that that botched job may have been right from the beginning, in not telling Aviva that what they thought they wanted would not work and needed beefing up.

In any case, this appears to be yet another project that was handled by high-level marketing people (ie shysters) who sold a dream to a bunch of clueless suits who were obviously eager to drink the kool-aid, before foisting the baby and the bathwater onto the techs and hightailing out of there with their bonuses.

And now everybody suffers except the marketing yoiks.

Here's an idea : marketing gets its bonuses when the customer is happy with the product. That might focus a few minds.

6
0

Newsflash! Faking it until you make it is illegal in Silicon Valley: Biz boss pleads guilty

Pascal Monett
Silver badge

Does this really count ?

So one guy in a startup nobody's heard of got caught cheating. And ?

It's going to take a lot more than catching one little pig to stop the likes of the board at Uber or other startups who claim great things and deliver nothing.

Spring Cleaning is long overdue in Sillycon Valley. I'm not taking this as a sign that winter is over.

18
2

UK Home Office grilled over biometrics, being clingy with folks' mugshots

Pascal Monett
Silver badge

There is indeed an interesting juxtaposition

But only if you forget the one big difference : people give their personal details to social media sites, the government takes that information without consent (unless you think they ask you to please stay for your mugshot) and does not give it up even when confronted with express demands in that sense.

For all their faults, social media are becoming experts in generating sympathy, something the government is totally clueless about.

5
0

CableLabs signs off MAC spec for DOCSIS full duplex

Pascal Monett
Silver badge

Another lease extension for the life of copper access

I wonder what law there is on copper data bandwidth increase ? In any case, kudos to the boffins on this one, I imagine there will be rejoicing in many telecoms data centers.

In response to the initial poster : currently people on cable in my area have, at best, 12Mbps for the household. Every phone in the house is capable of WiFi speeds exceeding that, which means that everyone in fighting for a piece of that bandwidth. Let us say that WiFi is capped at 30Mbps (don't know if that is case, just speculating). If you have 3 phones, that's a potential 90Mbps. And if you're streaming YouTube, you're likely to use a fair part of that. Add a torrent client on that and your Internet will be slow as molasses and everyone will be complaining.

Get a 100Mbps connection and all of your phones have their 30Mbps available - no more fighting for bandwidth. That is why there is no problem having a connection that is greatly more capable than the things that are attached to it.

Because let's be serious, even if overnight, by magic, all copper cables were replaced with fiber optics and everything was magically able to continue operating, ISPs will not be handing out gigabit connections to households. It'll be a looong time before Joe Schmoe can sign up for anything better than 100Mbps.

0
0

Knock, knock. Who’s there? Another Amazon Key door-lock hack

Pascal Monett
Silver badge
Windows

Okay, let's pretend I had an aneurysm and bought one of these IoT lock thingies

It's like Star Trek : why use ball bearings when magnetic confinement is soo more high-tech ?

If I ever was stupid enough to splash dough on one of these pseudo-locks, there is one scenario in which I could find a use for it - but that would require more dough. Indeed, I would not replace my trusty mechanical security lock with that piece of tat for protecting my house and belongings, no. I would build a small shack good enough for housing a few Amazon boxes and put the tat lock on that. Delivery guy can put the box(es) in there, and if shitty lock does get hacked, well the only thing to take is the boxes.

Meanwhile, my house remains properly protected by an actual, honest-to-goodness, proven security lock. One that even works if there is no power for a week. Can you imagine ? A week !

25
1

Exoplanets from another galaxy spotted – take that, Kepler fatigue!

Pascal Monett
Silver badge

"2,000 moon-to-Jupiter sized planets for each main sequence star"

I'm sorry, my mind has a problem processing that information. How can a star have that many orbiting bodies, and how is it possible to determine that there are that many free-wheelers in any galaxy, let alone one billions of light-years away ? My gast is well and truly flabbered.

Oh, and there's a problem in that paragraph. If there are indeed 2000 moons & planets per main sequence star, it means that there are trillions of moons and planets, not trillions of stars. That would be recursive and likely reverse the expansion of our Universe due to the creation of infinite stars with 2000 times more stars for every Universal Processor tick. Check your Unicraft Handbook, I'm sure it's explained in there somewhere.

9
3

Should ISPs pay to block pirate websites? Supreme Court to decide

Pascal Monett
Silver badge
Thumb Up

Thank you for that information

I understand now how complex the situation has become. Indeed, blocking an address does seem to be a lot more difficult a prospect than I initially imagined.

0
0

Forums

Biting the hand that feeds IT © 1998–2018