And on the 7th day, she rested
So 80 hours watching telly and then a 25 page (standard 400 words / page) report. Sounds like a good week's work!
2593 posts • joined 10 Jun 2009
So 80 hours watching telly and then a 25 page (standard 400 words / page) report. Sounds like a good week's work!
> "not related to any warrant for user data which we have not received”
so they received a warrant (or: didn't NOT receive a warrant) for something other that user data.
Really: any programmer past novice level deals with more complex conditionals than this every day.
Nobody here is unfamiliar with De Morgan's theorems, are they?
I think the reason that the uptake is so low is that nobody can make a good financial case for additional security.
It's all very well bringing in someone who'll wave their arms in the air and scare you with apocryphal stories that don't have enough detail to be useful. But when it comes down to it, these SMEs will ask the following:
* What will it cost me?
* What financial savings will I make ?
* What guarantees can you give me?
And, like all things to do with IT security, there are no solid, consensus numbers. No formula. No certainty. So there will always be some companies - usually the ones that have suffered a major incident - who will be receptive, most will have more pressing, tangible, objectives for their budgets.
> Think of the analytics possibilities! What level of risk do your employees present if they decide to say negative things about you?
Meh, it's already been done.
There was a piece on /. the other day about a British (good to see we can still innovate) outfit that would trawl social media for landlords to determine whether potential tenants had any skeletons in their Facebook closet.
The thing is, once you know what "they" are looking for, it shouldn't be too difficult to feed a 'bot what it wants. One could suggest that for an IT person worthy of the name, it would be one of the 6 impossible things they do before breakfast.
> That is one way to hinder progress
Not at all, it's "free" money.
The americans realised a long, long, time ago that imposing massive fines on foreign companies is an excellent and painless way of raising revenue. It brings in enormous amounts of capital. It costs the taxpayer nothing and, well, they're foreign companies, so who cares?
Since they've been doing this to british and european companies, there doesn't seem to be anything wrong about the EU (or the UK, if it had the balls) fining "their" companies back, to the same extent, for acting illegally.
> do nothing for three months
Where I am, that's called the Change Management Board. The workplace equivalent of a delay loop.
> Project managers report faster and more often
Neither of which does anything to improve the accuracy of what they are reporting. I am reminded of a piece from a comedy sketch (can't recall which genius of comedy it was), that went a bit like this:
They gave me 2 weeks to answer a very difficult problem
I said I could give them an answer straight away
They asked me what my answer was
I said "I don't know"
speed of reply is not always what you want.
> *"Periscope" not a verb, you cry? It is according to Spanish cops,
So they're the language police as well?
and remember that most organisations of any size have at least three IT operations: production, test/development, business administration - and that these should never be allowed to meet.
You really don't want people who work on one of these to act as a bridge to any other. If that means having two PCs (neither with any USB ports) on a desk, then make it so. But if you want to stop contamination spreading and to protect, or at least slow down attacks, your production - revenue earning - systems, then you need barriers between them.
> You aren't one with the machines in the way that today's kids are and you never will be
I should bloody well hope not!
We read stories about people who are prepared to give away their passwords for a bar of chocolate. Just do a search for "millennial" "password" and "security" and you will be confronted with the opinion that today's under-30's neither care, are aware, nor practice any form of computer/information security.
Whether the slackness is limited to individuals of this age group (I doubt it), there is a clear warning that security is only ever an afterthought - usually after the attack: yeah, we really should start to think about doing something. But I've got a ton of work to do, maybe next week.
Aircraft hit birds all the time. Occasionally - very occasionally - it is with tragic results. But the risk is real enough that major airports go to some lengths to keep the larger birds away. We also know that engine manufacturers test the ability of their products to withstand bird strikes,
They do this by firing (dead) chickens at the engines, very, very fast. Isn't it time that someone did some work into quantifying the effect of a drone-strike on an aircraft engiine?
Until that research is carried out, we have no information either on the effect that such a collision would have (drones being made of much harder materials than birds) or what measures could be taken to mitigate the effects. Or even to assist with post-crash forensics to find or discount the signs of a drone collision.
> the BOFH would never have foolishly created extra work for himself
A true BOFH would set the defaults so that incorrectly addressed internal mail would go to everyone. That way it would be sure to end up in the right person's email (and all the wrong people's, but that's FH-ism for you).
It sounds like the email "bucket" needs a little more functionality. After something has been undelivered for a set amount of time, simply knock it back to the sender as "undeliverable".
That removes the need to actively do anything and the response can be made as "machine generated" as the admin likes. It depersonalises the situation and alerts the sender that something was amiss.
The Arduino isn't the future of IoT. The soon to be released ESP32 is / will / should be. At least for the next year or so.
Its predecessor created a lot of buzz and even a few working projects. But if the boards based on this "Mk II" live up to expectations they should really start things moving. But as with all things IT, the success will only come if the software and manufacturer / user support is in place.
In some places, security (and H & S) is used as an excuse for not doing anything. "I can't send you that data ... it might not be secure" "I can't do that for you ... you're not authorised". "I can't access that ... I haven't been given permission".
The first tenet of security is to allow the right people to have access and for everyone who needs to, to know who those people are. After that, comes the need to deny those who shouldn't be allowed.
It would seem that people continually need to be re-taught that you only have control of stuff you can touch.
Relying on "web" or "internet" services is always to put yourself at the whim of some anonymous (or Anonymous) decision-maker who has no interest in you or your problems.
Web services or cloud computing users take note.
Oh, and when an online company offers you a "lifetime guarantee", they mean the lifetime of the company - not your lifetime. This is usually to be measured in months.
> Failing to identify advertising and other marketing, so that it appears to be the opinion of a journalist or blogger, is unlawful and unacceptable
Hopefully the CMA will start to target some of the blatant adverts that pass as "user reviews" on Amazon, too.
> if your boss assigns you work, they should also assign the work a relative priority
There are only 2 levels of priority: the important job (note: singular) and everything else. The top job gets worked on at all times when progress is possible and everything else is filler in the gaps while you are waiting for the top job;s critical path to come back to you.
When a new piece of work comes in, the conversation has to be: "My highest priority is X at the moment. I expect it will take so-many more days / months. Do you want to me to stop this and work on the new job, instead?" Unless the answer is "yes", the new job goes on the bottom of the pile.
Needless to say, all of this must be conducted by email - never merely in a conversation - so that there is a paper-trail, come review time.
> allow its [ British Gas ] analysts to identify patterns in data covering customers' energy use.
Let me take a wild guess: more in the winter and less in the summer.
I think the issue here is that the AI was learning faster than it's human "controllers" could keep up with.
One would hope that this AI (and all the others that Microsoft must surely have spawned) is actually feeding into a higher AI. One that will in the future produce better AIs by learning from the mistakes of the earlier generation of man-made ones.
> it’ll also enjoy full support and updates until 2021
Just so long as you don't need / want /accidentally add a package that doesn't form part of the LTS suite - which requires a later version of a library that is lagging in the LTS stakes. Then you're (back) on your own again.
Given the amount of stuff - not just the pretty dam' popular packages that the article mentions - that don't form part of the LTS, that would be a large proportion of the user base.
... was to announce that this was a 'bot and that people could "teach" it things. They might as well have put a "kick me" sign on it.
Hopefully, the next time MS do this, there won't be any announcements, no "Hi, I'm a bot" hoopla. Just an anonymous "person" joins Twitter and starts saying "normal" things - if anyone on Twitter actually says normal things.
So, the first lesson in machine learning would be to not tell the world that you're a machine. If the people who interact with it don't twig that fact then maybe you've got something interesting going on¹. Plus, of course, Twitter could really use all the new 'bots to boost its flagging membership.
I wonder what will happen when it becomes mostly bots? Will there start to be something worthwhile on it (at last).
 but more probably that its followers are even dimmer than the bot is.
> One or 2 more ethernet ports
A tenner will buy you a USB - Ethernet adapter. Or < £3 if you buy from China
So after Alice has published something and Bob "webmentions" her writing in his response. Then Alice sees what Bob has said - something complementary - she decides to link her stuff to his stuff.
Fair enough so far. We have two pieces of compatible material.
Now, after a day or so, Bob (or Alice) swaps out their original text and replaces it with an advertisement for bodily elongation, loan applications, political endorsements or pr0n. How is the weblink policed?
So long as the link stays the same, would the process be able to detect changes; whether benign such as a correction of update or nasty, underhand or fraudulent?
> security staff getting in the way
A not unreasonable attitude - and one that is prominent (dominant?) in the real world, with users, too.
The problem with "security" is that it's not built-in. If it was, it would be transparent and nobody would be able to point to a thing, server, person or process and say "that dam' security [ whatever ] is slowing down our business". The security elements of a business should be ubiquitous, rather than discrete. There shouldn't even be a security component, just like there isn't a literacy department (unless you count Q.A) or someone who's job is ensure the staff aren't walking around naked.
As with real people in the real world, if security gets in between them (us?) and what we are trying to do, it's a failure. And therefore it will be no surprise that people will ignore, disable or subvert all the bad security implementations that are seen as annoying complications to their lives. The level of engagement that users or businesses should have with IT "security" needs to be down at the putting on your seatbelt level - and even then you still get idiots who think that is too much trouble. Anything more complicated for users is just bad design and poor implementation.
> And if they're worn rather than fitted to windows
The difficulty is whether the protective glasses would interfere with the colour rendition of the cockpit displays.
What I would like to see is detectors in the cockpit to quantify the incidence of laser "attacks". While they are certainly annoying, without some hard data on both the frequency and intensity it seems to me that an effective response is impossible to implement.
I wonder if any of the passengers noticed the beam? Given that the aircraft must have been miles away from the origin and traveling fast, you'd have to be extremely
unlucky for only the cockpit window to get zapped.
Either that or your "smart" fridge will notice that it's packed full of junk food and beer. It will ping the node in your bathroom scales that will confirm you've put on a couple of kg in the last month. Your intelligent doorbell will pass that on to your car, which will refuse to unlock the door in the morning, so you have to walk to work.
The toaster will order you a treadmill off Amazon and the TV won't work until your electricity monitor confirms you've done an hour's running each night.
And it'll be your waste-analysing lavatory that rats you to the DEA.
One reason that the IT industry is so tardy at fixing potential problems is that until they turn into live issues - with actual exploits that affect real users, there are always more pressing (if not more important) things to focus the available talent on.
So if people want to promote IT security they need to not just wave their arms about potential security holes, but to tell people how many actual incidents of exploits are affecting¹ real customers, NOW.
It's also worth noting, that customers / users are just as bad. They don't install available fixes until after the "horse has bolted". So unless fixes are forcibly pushed down - an extremely risky strategy: just ask Apple or Microsoft - it's left up to an equally resistent user population to act on patches and fixes.
 and "affecting" means: dickin' with their IoT stuff. Not just ssh-ing in and having a poke around, but turning the thermostat up to boiling point or having other material affects on the users' lives. Without that sort of information, it's still just a theoretical threat that they won't take seriously.
825m eh? Do I smell a Special Projects Bureau project in the offing.
1km would be something to aim for (rather than a passing airplane)
> Facebook has told the Belgian government that it cannot proceed with its privacy case against the social media giant because of its use of English terms
But surely England (you know: where English is spoken - and invented) can step in and "allow" the Belgians use of some of our words. Since the Americans actually speak american, not English, their argument seems invalid.
Of course, it's complicated, since the american word for their language is "English", although this is really just a failure of translation, than them trying to lay claim to an entire language. Especially when it's one they don't actually speak!
Cantrill seems to be promoting an idea that "proper" OS's, Like Solaris / Unix are more reliable because there is an interface that stops user-space mistakes migrating into kernel-space. This is obviously flawed, as anyone who's ever made a system call with incorrect parameters will know. Or anyone who's application sits, waiting on an I/O to a networked device can see - after that device (or the network) has gone away.
In theory, what he proposes has merit. A reliable, resilient, impenetrable, wall between the two. However faults in device drivers and poorly written code, APIs or bad implementations mean we never get this in practice.
And then there's the performance issue. Moving between kernel and user space takes time. The more checks, tests and privilege validaions you put in place, the longer it takes. (I recall that Sun moved their telnet server from user-space to kernel-space in the 90's for this very reason) and the slower your machine gets when you scale up to production levels of load.
One area that he does flag up is the ability to debugger your applications. But isn't this just a function of the tools that (would) be built into a unikernel? If they aren't there now, that doesn't mean they couldn't be in the future. It might even bring about the return of hardware based debugging - which has the advantage of sitting outside the running system and therefore not affecting it's performance or logic flow.
Although it's a given that the Earth is getting warmer, the "approved" belief is that is could only be a bad thing.
After reading this piece, there is doubt. Are we really warding off an ice-age? If so, surely that's good and if a bunch of ugly insects and a few cute, furry, things can't cope - well that's life! Many more ugly insects and cute furry things would become extinct in an ice-age, so aren't we doing them a favour?
The real issue seems to be OMG! Change is happening! We're scared of change! We must stop it!". Without anyone being able to run the model forward to work out what the options or outcomes of more or less global warming would be. Maybe we should be cranking up the CO2 and CH4 emissions¹ - just think of the cute furry animals.
 Just add water to make booze and free oxygen. What's not to like?
> When we are afraid, we have only our intuition and built-in responses to draw on.
And we all know that "intuitive" answers, in IT, are frequently wrong and rarely the best choice.
However, when it hits the fan a good bit of JFDI style panicking can work wonders. So long as it's limited to digging yourself out of the mire. The crucial next step is to know when to stop panicking and start on the first stage of recovery:
the witch hunt learning, and ensuring something similar won't happen again.
However, when organisations are crisis-driven and seem to be continually reacting to one problem or another, then someone - someone very high up - needs to recognise this as a failure of management and to step in (or find a new position).
The sad thing is, that so many IT shops these days are so hidebound with processes, reviews, buy-in, "quality" (ha!), and all the other buzz-word stages that get between a dam' good idea and making it happen that it's often more rewarding, much less effort and a lot of fun to move the fan closer to the brown stuff - and instead of avoiding problems, let them happen and then be a superhero. After all, who doesn't like a good panic every now and again?
> The attacker might not always get the device into a juicy target, but whats the risk/cost? Buy it second hand, flash, resell for much the same price.
The place this is most likely to happen is with used phones. Yet we don't hear of it. We do hear of people buying s/h phones and finding all the stuff from the previous owner still on it, so it's clear that there are many people who have neither the knowledge nor the inclination to protect their privacy.
I'd use the phone market as the "canary in the coalmine" for this sort of thing. It's a bigger market and therefore potentially more open to exploitation. The buyers seem to be an order of magnitude less savvy and the scope for illicit gain is much greater.
So, the guy reflashed a commercial product and added a backdoor.
What was special about this particular camera, that couldn't be applied to pretty much any device capable of being upgraded by its owner or a potential baddie? [ See below for the answer ]
ISTM the only "weakness" on this device is that the researcher was able to work out how it worked and to add code that didn't screw up it's operation (although given the parlous state of the software on some of these cheapo cameras, it's difficult to say what "normal operation" actually is).
> A fix would require a Trusted Platform Module or specialised chip to verify software updates.
That's not going to happen, so it's probably best that these devices remove the upgrade / reflash option (although how you'd stop people whipping the lid off and reflashing through the internal programming / debug interface, I do not know). Alternatively, since this device can already be hacked to run OpenWRT (why? FFS!), maybe the easy access and hackability that Linux provides is becoming more of a liability than a benefit?
> Rather than taking the viewer beyond their prejudices or acquired experiences, it’s confining the viewer within the prejudices and experiences that they have already acquired
So very like choosing which newspaper to read?
Although I would fully expect that the prospect of tailoring programme content to individuals will be far too difficult and expensive. Rather, this technology will merely become a way of tailoring advertising to the punter.
> Most companies ... collect data they never use,
That's OK. Most people provide data that is completely made up.
> The article you cite says that their existence has not been confirmed theoretically.
All right then, how about this:
Theoretically, there there are theoretically Quark stars.
> pressed the eject button on the floppy drive and went home
The lone techie in a far away office was instructed to insert *the* one and only diagnostics CD into the drive of a rather large server box to determine what the fault was. The CD drive didn't have a tray to put the disc in, it had a slot that you pushed the CD into. sadly, there was a small gap in the chassis just under the CD drive.
from the report:
> Figure 55: Childrens belief in the truthfulness in [ social media ] websites ... 28% of 12-15's think "all or most is true"
How many people read this article and thought it was true?
You can imagine the scene inside Talk Talk's IT department:
The IT boss is there, yelling at his/her/its subordinates: "Your (note the shifting of ownership) security was so crap that even children could break into it! Maybe I should sack the lot of you and employ some kids, instead?"
and from the back of the room comes the anonymous, quiet reply: "We've been telling you it was hopeless for years, but you management did nothing about it. Maybe we should replace the management team with some script kiddies who know the importance of security in IT systems?"
The last stripper I hired was fantastic. Cheap, Friday night to Monday morning. Very easy to get along with. Did exactly what I expected and left the living room walls completely undamaged and free of wallpaper.
Journalist writes article saying journalists won't be replaced by machines.
The triumph of hope over experience, or was that article already written by a computer?
Although I can see a large number of sub-editors being replaced, After all it can't be that difficult to automate the spelling / grammar / fact-checking aspect, can it?
The two rules for defending your job against all-comers, including automation:
1.) Don't tell them everything you know.
2.) Well, that would be telling. Wouldn't it?
The abilty to read small stuff a long way away is a function of the pixel size and focal length (magnification, to the layman) of the lens. Not the number of pixels on the sensor. That will increase your field of view, but not your resolution.
It's still an impressive chip. Gimme call when I can get the colour version in my DSLR for < (a grand).
> Players are encouraged to bribe, do deals with drugs lords, set up shady contacts with weapons traders, flash money around and make a killing, all without getting caught.
What a real corrupt person would have done would be to claim this was a training programme, not a video game and then applied for a grant to develop it.
> They're so going to get shut down when their own mayor hears about it and takes it personally.
Nah, they just bung him or her a couple of €50s and keep going.
(Anyway, isn't it "Alcalde" who is the top person in a spanish town hall?)
> the wake will be held in the Restaurant at the end of the Universe
> Attendance by Invitation Only
And invitations may be posted to oneself from the Big Bang Burger Bar where you can also deposit 1p which, by the laws of compound interest will be more than enough to pay for the funeral service when the universe ends.
Definitely worth growing an extra arm for.
> don't understand why Time decided to show everyone what the Oculus looks like when you're observing someone using it, instead of an illustration of what the experience of using the Oculus is like
Two obvious reasons: first, more people will see someone else using one of these than will ever use one themself. Since most people form an opinion of another (a) very quickly and (b) almost entirely based on visual perception it is important for potential buyers to be aware of how others will perceive them if they are seen wearing one of these. It's similar to buying a little motor-scooter, Segway (remember them?) or the "wrong" sort of car. It still gets you from A to B, but many will not like being the object of ridicule.
Secondly, it's impossible to depict to someone on the web, or reading a magazine, what the user-experience is like, as it will look just like the innards of any other video-game screenshot.
As a final offering, the shot also shows that the user (or wearer) is basically blindfolded while using this device. That should alert all pranksters to get their thinking-caps on as to how best take advantage of the user's predicament.
Biting the hand that feeds IT © 1998–2017