Re: We chose not to open the PDF file
What is this keming of which you speak?
880 posts • joined 10 Jun 2009
What is this keming of which you speak?
> when she got her laptop back after a search at LAX
If your device has been out of your sight in the hands of Security Services, and especially if you unlocked it for them first, then you should never trust it again. Back-to-the-wood re-formatting of storage, and reflashing the BIOS might work...
> If you['re] reduced to using the timezone as "evidence"...
In the same vein, I noticed that the killswitch domain name is significantly non-random, and probably chosen by keyboard mashing. Here's how a classic touch typist on a QWERTY keyboard would achieve those characters :
KILLSWITCH DN: IUQERFSODP9IFJAPOSDFJHGOSURIJFAEWRWERGWEA
TYPING HAND: RRLLLLLRLRRRLRLRRLLLRRLRLRLRRLLLLLLLLLLLL
QWERTY ROW: 11111221210122211222222121112221111112112
Note that only the top two rows of letters are used, and only once does it stray into digits; the nine is probably a near-miss for the subsequent I. It seems to me that the mashing was almost certainly done on a QWERTY keyboard. However, APTs will probably be using such keyboards anyway; all the information I can find about N. Korean PCs indicates that their layout is QWERTY, too.
Hey, I *like* it here at the bottom of the barrel!
 transposed to uppercase for clarity; paste somewhere in a monospaced font to make it line up.
When Microsoft published EULA documents that were (a) accessible and (b) halfway comprehensible, I recall that they used to warn against deploying WindowsTM in mission critical applications. I just tried to find out whether that's still the case, and I can find any deity's amount of information on what I might need to pay in any given circumstance, but no information on what my rights and responsibilities are for licensed MS software.
Crap! Here we are going around with nerves on edge, worrying about spearfishing wannacrypt vectors, and an AC posts a text url for an anonymous JPG file, with a hashtag indicating 'cyberattack'. Hands up who thought "Oo, that looks interesting, I'll just paste that into the address bar right here..."
> having trained the model they realised they had identified people who needed kidney treatment
If DeepMind works like other neural network AIs, one trains the system by presenting it with known outcome data, so e.g. by feeding different representations of the letter "A" you can train a text-recognition algorithm to return a diagnosis of "A", even from a representation that it hasn't "seen" before. In this instance, one would have fed it millions of pieces of medical information for previous patients with, and without, kidney disease as diagnosed and confirmed by a trained human, and ended up with a diagnostic app. What would then be unethical, given the approvals that were given in the first place, would be to let the app loose on new patients.
One point six million is a lot of records. I'm supposing that these came from all over the National Health Service, not just from the Royal Free's patient list?
I recently came across a new phenomenon: in-flight entertainment without a seat-back screen or common-viewing screens overhead. The concept was that passengers would place an inflight entertainment app onto their personal devices, and consume the stuff that way. I suppose I *could* watch a two-hour movie on a tiny phone screen, but it would be stretching the definition to call it "entertainment".
Airlines relying on people having tablets etc. about their persons will be in a quandary.
 New to me, anyway.
> people wont take a business laptop with them or at least not one with anything important on it
Good business information assurance policies would make sure that the laptop was encrypted. This would protect against the risk of unauthorised disclosure should the device be stolen, and make it much harder for state-sponsored industrial espionage should the device be imaged by security authorities. Plausibly-deniable encrypted partitions are a thing, if your situation demands it. You could put encrypted material into cloud storage, of course, but you'd have to be confident about the strength of your encryption.
> where do I send the money ...?
See the first comment (by the author) on the announcement of the split [mozilla.org]. The short answer to the question is to head for https://donate.mozilla.org/en-US/thunderbird/, which is a Stripe or Paypal payments page.
You don't want to set the first working quantum computer (Solves billion-year problems in days! Sale must end soon!) onto factoring big semi-primes. You want to set it on designing the second working quantum computer. Assuming, of course, that it won't quickly deduce the existence of rice pudding and income tax, take the next step of working out that its real problem is not making itself redundant, and then proceed to sit in a corner, pondering the life prospects of some German cat.
> we are definitely not to blame for almost all of that
Humans have been clearing forests and hugely altering ecosystems since at least soon after the last ice retreat; I say no more than that I think your "definitely" is possibly misplaced.
Nations plural. Northern Ireland is one of the nations making up the United Kingdom; the Republic of Ireland is a different nation. This is at the very nub of much bloody and explosive conflict!
> Maybe you're including the US.
Boston, MA, may or may not qualify as a third Irish quasi-nation. Many of its inhabitants were enthusiastic supporters of terrorism a few decades ago.
> ... DHS, at every border crossing and airport ...
I think you misunderstand - certain travellers to The Land of the Free will, under Gen. Kelly's plans, have to cough up their passwords before travelling, e.g. when applying for a visa, or an ESTA.
Others have pointed out that disclosing passwords is uniformly a breach of Terms and Conditions, and presumably it will harm your application for the visa if you change the password during the period when DHS is getting around to logging in with the extorted credentials and having a rummage. At a stroke, Gen. Kelly sacrifices the security of *all* his target travellers, for the sake of an outside chance of identifying the tiny fraction of them that might be undesirable.
However, it is clear how the current administration views travellers from certain (coincidentally Muslim) countries. They're all undesirable. If the criteria really did have to do with countries with a history of terrorism, then the Irish nations would be on the list too, wouldn't they?
Someone possibly masquerading as an Andy Tunnah wrote:
> I *do* have a facebook ...
This use case for Facebook (TM) seems a bit eccentric, akin to using a hammer to drive a screw. If one wanted a method for closed-group communications between friends, e-mail would seem to answer better than putting one's more-or-less sweary opinions on Mr Zuckerberg's servers. It may be that the posts are non-public, but if they were of apparent interest to The Security Services, they'd be able to de-anonymize you in a heartbeat.
> replaced it with some modern tat.
Some Emirates-branded tat, too. "Britain is open for
Aye, and beginning in 1996, too. There were few CD-R drives, memory sticks or unobtrusive portable mass storage boxes, back then. Floppy disks carried no more than 1.38 MiB, which I suppose is big enough for a few documents, but Top Secret networks typically didn't have floppy disk drives. The earliest stuff was probably carried out through a security checkpoint in good old paper files.
 Certainly no office-based ones in NSA establishments, I expect. See Wikipedia entry
> orange fruitcake
Oo! I wonder if that can be on the afternoon tea menu at Buckingham Palace when the President makes his State Visit to Her Majesty's United Kingdom (supposing that he accepts the invitation, of course).
I'm off to research a recipe.
> rises around the mid-single digit mark
That's so elliptical as to be a waste of oxygen to enunciate. If you were to conclude that Premier Foods might add somewhere between four and six pounds sterling to the price of everything, it wouldn't be contradictory.
V1.0 said "This is a school system - probably with a system administrator who is getting paid a pittance"
From TFA: ... the campus' 1,800 staff and 20,000 students
That's twice the size of the university I went to (admittedly a long time ago!) so there will be more than one sysadmin.
In fact, the LA Community College District named in the article comprises NINE colleges with a total enrollment in Fall 2015 of over 130,000 students . The ransomware attack was at Los Angeles Valley College .
 LACCD Fast Facts
 LACCD Chancellor’s Statement [PDF]
> the unpalatable one becomes more desirable from the perspective of continuation of normal business activities
But paying ransom to cyber-criminals isn't a normal business activity, is it? I agree in principle with your cost-benefit analysis, but you ought to factor in (a) the extra cost of iron-clad protection against another attack, since paying up identifies you as an easy mark, (b) the time and risk involved in undertaking decryption (you'll be running software from a known bad supplier with no performance guarantees), and finally (c) the risk that the scum-bag that you pay may not give you the decryption keys anyway. Good luck requesting a refund.
+1 Informative, thank you
> triggering when enough time has elapsed for offline data to be encrypted along with the online version
How would that work? I would expect the attack to be immediately obvious to an enterprise of this size, and the very first thing one would do is to isolate the backups and shut down the network, probably invoking the business continuity/disaster recovery plan at the same time. In the past, when we used to do backups to half-ton tape drives, the backups were 'grand-fathered'. I don't know how modern backup technologies work in this respect.
... to read the whole article before posting!?
Yes, of course Googletm is too powerful. We've often observed that folk who just use the WWW without much thought about how it all works believe that Google is the Internet.
> If the court feels the circumstances are appropriate that provision enables them to dump the defendant's costs on the plaintiff.
Aye, there's the rub. Frivolous plaintiffs could end up with a shock. To make that happen you as defendant have got to engage a lawyer good enough to convince the judge that all the circumstances mean he or she can overturn the statutory award of damages. It's three levels down in the error-trapping code, and certainly not as good a protection as "Truth === no award of costs".
> Even if El Reg was 100% correct in what they write, they still get lumbered with the bill.
There's a bit of nuance to this, as other people have mentioned in these comments.
(3) If the defendant was not a member of an approved regulator ... the court must award costs against the defendant unless satisfied that—
(b) it is just and equitable in all the circumstances of the case to make a different award of costs or make no award of costs. [omissions for clarity]
That's quite a high bar to cross, though; to convince the judge, in the face of inevitable opposition from the plaintiff's lawyers, to vary the statutory award because it's "just and equitable in all the circumstances" [emphasis added].
This is where the law isn't like a program. There's very little IF ... THEN ... ELIF ... ENDIF.
Hmm. The Guardian counts as major dead wood publication, I think, and they covered PRP recognition of Impress in October: Max Mosley-funded press regulator recognised as state-backed watchdog.
> does not come in to force until a Regulator is set up
... which happened back in October when Impress was recognised by the Press Recognition Panel.
Attempted explanation of the dilemma faced by El Reg, though IANAL either:
Key point: there is currently no choice of "approved regulator". Only Impress has received approval, and for the reasons Gareth explains, submitting to regulation by (and paying subscription fees to) Impress is unpalatable. IPSO is the industry's response to the widespread call for a regulator to curb excesses of The Press (phone 'hacking', making stuff up, etc.) following the Leveson report, but it's not approved so membership doesn't give a publisher the protection from the Section 40 jeopardy.
Impress recognition [guardian.com]
Impress site [impress.press]
> I would like to keep the world's paedos in doors wanking to pictures ...
Would you like to volunteer your own children to take part in the photoshoot for those pictures, perhaps?
> Do the images protect our kids after all?
One thing is certain. Unless the images are cartoon/CGI then one or more real children have been abused and exploited to make it. Stamping out the incentive to create images like that will protect children other than mine, and that's a fine objective, right there.
I suppose there's no chance that someone will decide to document the rush to implement this (ha!) at dotdotdash dot com, morse the pity.
That still reads better than 'colonpipepipe', though, which has unpleasant overtones of, um, irrigation...
Version 1.0 proposed a toast:
> a big Christmas Cheer to the unsung coders
If I remember correctly, most device drivers were written by the device manufacturers, not by Microsoft. Before the internet was a useful channel for software distribution, one got a floppy disk  (maybe even a Compact Disc <gasp>!) with drivers thereon, bundled with the hardware device. The ISA card manufacturer (per your example) would have been on the hook for supplying and debugging device drivers, not Microsoft.
I subscribe to the sentiment re the unsung coders, though!
 Exhibit A: ftp://ftp.msan.hr/drivers/LAN/3COM/3C509B-tpo/README.TXT
> I think Signal underestimate how much control these places want over their populaces
Indeed. Outside the USA, not many of us use google.com. If the authorities block google.com, would users still be able to reach google.com.eg? Signal developers may have bought into the 'Google is the Internet' idea.
Definitely not just US. I flew a lot in South America recently, and all the regional airlines we used had announcements during boarding, telling passengers that Galaxy Note 7 devices were banned.
Scene: 1994, office with synthetic fibre carpet and wheeled office chairs with which to sit at desks bearing computers running Windows 3.11.
If one scooted the chair across even a moderate stretch of carpet, a static charge built up which was quite painfully discharged once one touched an earthed surface. I got into the habit of discharging by touching my wedding ring to the metal desk frame, (which produced a nice fat spark but no pain!), and noticed that doing so would frequently lock up my PC. For a while we worried about the quality of the electrical earthing, but all was well there. We conclusively demonstrated that moving the keyboard a foot or so up off the desk prevented the lockups: apparently the discharge through the frame induced a voltage spike in the keyboard that was transferred to the PC (keyboards had PS/2 connectors then, not USB) and the motherboard didn't like it.
I've come late to this thread, and the AC twerp who posted 'one side of the story' has had his post deleted by a moderator. I can piece together part of the yarn from the quotes in the replies, though. What a colossal idiot! Cue a request for web logs to El Reg from The Plod in 5, 4, 3, 2, ...
>For what purpose?
"connected services for drivers, including real-time traffic and weather reports and accident or road works warnings"
> the money you're paying them isn't paying them
Prolly, it isn't money at all... which means it can't be taxable! Doubles all round!
Uber's corporate behaviour reminds me of that of a bolshy teenager, always trying to find a smartass way to get one-up on long-suffering parents.
Ah, but this is the post-truth world, where we are tired of experts, and irritated by facts. Expect more insane court decisions shortly!
I considered the Joke icon, but this one is more appropriate =>
It takes a little time, but if everyone re-read what they had just written before committing the message, fewer mistakes would be made . I'm a bit too far the other way in this respect: I will now click 'Preview', check for spelling mistakes, repunctuate, 'Preview' again ...
 ... and add footnotes. The trick in proofreading your own work is to dis-remember what it was that you *think* you have written (because that's what your brain will see, half the time). Advancing age is a great help :)
 repunctuate seems not to have been a real word... until now.
Ooo! Lawyer-baiting in the URLs, is it? [icon => ]
Simon says this was run by the RAND corporation. They've been researching, and influencing policy, for sixty-odd years, so yes, I would expect the outcomes at least to be placed within easy reach of the policy-makers and executives. Whether they take any notice is somewhat up to people like the Reg readership - there won't be, for instance, a security quality star rating system, unless there's a widespread call for it.
> scrap[e] search queries for ... IP ideas
Ideas are not intellectual property. No-one can own an idea: this is not some utopian ideal, it is a settled matter of law. What you can own is a state-granted patent on an implementation of an original idea or innovation. It is crucial to note that the patent MUST disclose the idea, and the innovation, in enough detail for someone else to implement it. If what we are seeking is a better way of protecting the direction of innovative research at e.g. the hypothetical Green Tech Company, then not shoving illuminating search queries into public search engines would be a hot favourite.
OK, I'll bite.
One of us is wrong, and it depends on your OS which that is. I'm running a KDE/GNU/Linux machine, and if I press Alt-Ctrl-F1 I can have a CLI from which I can shut down the GUI1 and the machine continues to run. The virtual Teletype terminals are certainly not macros sitting on top of a graphical user interface.
If you're running a recent version (like later than 3.1.1) of Windows, then yes, your CLI (cmd.exe or powershell) is an emulated terminal running in your GUI. If you kill the window manager, then your CLI disappears with it.
'Macro language' is still pretty much wrong, though. The CLI doesn't automate the GUI, e.g. by simulating mouse inputs; it provides alternative commands to manipulate operating system objects like files.
1 jonathan@Odin:~$ sudo service lightdm stop
Eighties? I worked for PHBs in the nineteen-eighties (for certain values of 'pointy'), and none of them would have had a clue what to do if you had placed them in front of any sort of computer interface. GUIs then were rudimentary - Windows 1.0 was released in late '85. The rise of personal computing has been faster than we sometimes remember. It was the middle of the nineteen-nineties when giving computers to office workers as a productivity tool  became normal. I submit that the productivity value for PHBs even then was questionable: someone else has pointed out the whole secretary-prints-the-email thing (this still happens, and it's 2016!).
 Scientists and engineers had been using computers for computing stuff, and for information retrieval, for quite some time, of course. I'm talking about word processing and spreadsheets for administration.
Remember the Sony Playstation update that removed much-loved OtherOS functionality?
I have to say that Samsung are in a hard spot here. Suppose they *didn't* take steps to render safe these devices, when they have a mechanism to do so. Are they then liable for increased damages? I bet you can find a lawyer who would say so.
A better change might be one that destroys the ability of a battery to hold a charge (maximum chargelevel := 1%). The phone would still work when connected to an external power supply, then. Maybe there's no way to do that with an over-the-air update.
Afterthought: you're never going to get 100% of phones turned in for refund, anyway. How many have been stolen, or dropped in the lav.?
If Mr Trump was in need of a kidney, he might buy one of mine... Only he can't afford it.
Biting the hand that feeds IT © 1998–2017