In a business, it's a pain to set up and manage a private IRC server. Getting Slack is easy and free.
It's also much easier to use the Slack client than an IRC client, which helps get people to adopt it and reduces support overhead.
255 posts • joined 28 Nov 2009
The MAC says it's Motorola. Motorola make phones. Not sure if they still make laptops, but they certainly make far less laptops than phones. They make tablets, but they are much less common than phones. So it's probably a phone.
This is Europe, so if it's a phone it's a GSM phone. The GSM standards require an IMEI number.
So it probably has an IMEI number.
"There is no evidence that the unauthorized third party accessed either of the components needed to decrypt the encrypted payment card numbers"
Translation: We have no idea if the hackers got the keys to decrypt the credit card numbers or not; given how utterly useless we've been at security you should probably assume they got them.
The specific files that were deleted were her malware folder. (She was an IT Security worker, so had legitimate reasons for having samples of known malware).
That sounds like she had anti-virus installed and it did a scheduled scan. If she didn't configure the anti-virus to exclude the folder of known malware, then the anti-virus would do what it was designed to do and delete the malware.
> All very interesting, but as US States, they all come under US law.
No, they all have different state laws although they have common Federal law / Constitution / International law. This may significantly affect how the contract and the alleged breach are treated in court. Think of the US as a more top-heavy version of the European Union - the states still have different laws despite some overall laws.
> If I travel to Belize and punch another British citizen in the face then travel back to the UK, the UK court system would basically tell the "victim" to piss off if he tried to sue me here.
It was quite common for a website published in country X to be sued by a company based in country Y for libel in the UK courts, because a UK person might have seen the website and the UK has good-for-the-complainant libel laws. They were talking about fixing that, not sure if they did.
Fails due to confidentiality requirements:
I'm sure the person with the violent abusive ex doesn't want a public announcement publishing saying where she just graduated from, along with the names of all her classmates. It makes it too easy for the nutjob to track her down. If it's published promptly, he may even be able to go ruin her graduation ceremony.
Fails due to need to change the data:
People do change their name. E.g. trans people will want their certificate re-issuing with their new name after they transition. Also witness protection. Also, grades get appealed, degrees get revoked due to discovered fraud/cheating, etc.
Fails due to authenticity requirements:
To prevent a record of a certificate being faked, you'd have to have it digitally signed by the university. So how do you know which signing certificates are valid, and not something that the "degree holder" just invented? That implies some central organisation validating signing keys ... at which point the central organisation could just run a database of degrees, or a list of links to the university websites that allow you to check the degrees from each university.
Because they need to communicate with their agents. That means either risky scheduled face-to-face meetings, slow and risky dead drops, radio transmitters that can be located with direction-finding equipment, or reusing some legitimate communications channel. Spies have used letters (can be intercepted), phones (can be tapped), newspapers (coded classified ads), and now the Internet.
There are a lot of advantages to the Internet, if done right. It's fast, encrypted, high-bandwidth, and you can hide the covert communications amongst lots of innocent legitimate data. However, there are obvious risks, too.
> I'd guess that most cars on the road have a tape player.
The article says it was a DAT tape. Car tape players play normal tapes, not DAT tapes. DAT has a different physical form factor and stores the music digitally - it's a Digital Audio Tape.
Well, under GDPR, EU users should have a choice about tracking. US users can be either offered the same choice, or a simpler "if you don't want to be tracked then don't use the app" choice. I was assuming that went without saying, since it's a legal requirement.
But the real issue here is online advertising. Google getting tracking data helps them sell advertising (because they can claim it is "more relevant" and the people who pay for adverts are willing to pay more for that). Google's competitors getting tracking data helps them sell advertising. App developers should be able to choose whether to sell a pay app that is ad-free, or an ad-supported app, and they should be able to choose which ad network(s) they use. The chosen ad networks will do the tracking.
It's quite reasonable for other manufacturers to want to replace the default email client and mapping apps, and to decide not to include YouTube.
Of course, that means less traffic to Google's apps, which means less ad revenue for Google, so the price might go up. That's reasonable too.
Regarding the tracking inside Android apps... so long as the app makers have a choice, that's fine. I don't think anyone is stopping other people from offering an equivalent service to the app makers?
High build numbers are normal. It’s good practice to set up automated builds which build whenever someone commits any change.
Fix a typo in the UI? That triggers a build. Fix the Spanish translation of a different part of the UI? That triggers a build.
There will be many people at MS working on many small fixes to go in this release, it won’t just be the dataloss bug fix.
Diplomatic immunity has to be *requested* by Ecuador, and the UK government can choose to grant it or not. In Julian's case, Ecuador did ask for diplomatic immunity and the UK said no.
The treaty that provides protection for Ecuador's genuine diplomats also says that they shouldn't smuggle him out. So for their own protection, the diplomats won't want to be involved in "sneaking him out".
Regarding "diplomatic vehicles", I don't think the building has a garage? I thought it was just a flat. In that case, he'd have to come out the building and through an area where he could be legally arrested, to get in the vehicle. Then he'd have the same problem trying to get out the vehicle into a plane. I'm not even sure if a diplomatic vehicle would provide any protection if the police knew there was a wanted fugitive in there.
BT Wholesale* offer a deal where your Electric Eel ISP can set up a single datacenter anywhere in the UK, get two or more fiber links from that data to the BT core network, then you can sell FTTP, FTTC and ADSL to anyone with a BT line. BT Wholesale will set up what's basically** a VPN tunnel from each customer to your datacenter. It uses BT equipment to terminate the FTTP/FTTC/ADSL connection and the BT core network to transfer the data to you. You then have to buy a big Internet connection from someone else, and route your customer's traffic to & from the Internet. It doesn't much matter what technology your customer is using, it looks more-or-less the same to your ISP, although the ISP will have to pay BT a different set of charges.
There are other wholesale providers, e.g. TalkTalk, who can offer the same deal - in that case TalkTalk will use their own equipment in the exchanges to terminate the traffic, so TalkTalk only have to deal with BT Openreach not BT Wholesale.
Most small national ISPs will use a wholesale provider. That's because the cost of installing equipment in every exchange, and setting up fiber backhaul from each exchange, is prohibitive unless you can split it among a huge number of customers.
(* There are 3 relevant parts of BT: BT Retail, BT Wholesale, and BT Openreach. BT Retail sells phone & Internet services to consumers and businesses; in turn it pays BT Wholesale to use its national network infrastructure, which in turn pays BT Openreach to use its exchanges and "last mile" copper/fiber wires.)
(** Pedant's corner: It's not actually a VPN, there's no encryption and it's using standards that are moderately common amongst telcos but anyone else would consider wierd. But you get the idea).
It's not a criminal case, it's a civil case.
If it was a criminal case, the the state or feds could throw him in jail, and there's nothing Uber could do to prevent that.
But Google are suing in a civil lawsuit, so Uber have presumably promised to pay his lawyer's fees and if he has to pay compensation to Google then Uber will presumably give him the money to give to Google.
If Uber asked him to do something wrong, then Google could sue Uber too, and get money from Uber... And in fact Google did sue Uber claiming that, and Uber have already paid Google some money (actually a lot of shares) to settle that claim.
> If someone would like to step up and provide the service I get from Amazon, then yes I'll stop using them. Until then I will not.
You'd think nowadays Internet shops could provide a guaranteed delivery date that's next-working-day or 2 working days. And provide easy, hassle-free returns. But so many don't do that. Fulfilled-by-Amazon usually does. So they get my business.
If the limit was 20,700 / 12 == 1725 visas a month, and about half (860) of those were used by NHS doctors and nurses, then only about 860 other people could get a visa each month.
Once doctors and nurses were exempted from the limit, all 1725 visas a month could be used by other people. So twice as many IT & other people could get a visa each month
So there's no need for people to game the system, the change naturally helps everyone who's trying to get a visa.
(And I suspect that if you're claiming to be a doctor or nurse you'd need to be able to qualify as a doctor/nurse under the UK rules, if you're an IT person then faking that would be hard and seriously illegal. It's not just a different job title).
There were 2 problems:
1) Some bug that let them get hacked
2) The monitoring software that eventually detected the intrusion was broken due to the expired certificate.
It's very easy for a PHB to refuse to fund the certificate renewal for (2), or for it to get tied up in the budget/purchasing process. After all, it's only monitoring software, it's easy to claim it's not critical.
For certain uses, you want the datacenter near the users. There are plenty of users in south east USA, but the whole area is at risk from hurricanes. So putting a datacenter there is a perfectly reasonable decision, balancing the risks and benefits.
Of course, for an organisation with multiple datacenters, designing your worldwide directory service to depend on any single datacenter is very silly.
The issue here is it's supposed to be a USB port, not a debug port. The software has the *option* of doing debugging-over-USB-port, which - when enabled - would make it a debug port. But that shouldn't be enabled in production! And if it's turned off, it shouldn't be possible for an attacker to turn it back on.
> I am however surprised that the EU is not more mercenary in its approach. The UK cannot get automatic access as a member state, but pay-for access given a set of conditions ...
The rules that the UK helped write say that PRS is only available to EU members, so any work on PRS has to be done in an EU member country. Partner countries can work on Galileo, but not the PRS part of it. The UK insisted on this, to help the UK to win a lot of the PRS-related work.
Also, changing the Galileo rules would mean that France and Germany get less work. That's not a votewinner for French or German politicians, and the Brexit deal can't pass without their agreement. Why would they agree to that?
> such as partial upholding of EU military goals and not attacking EU allies could surely be arranged.
We're still in NATO, which covers most of that. And we're not going to agree to have our forces fight and die as part of an EU armed forces under EU command, that would clearly be political suicide for the UK government to suggest. So there's nothing significant for us to offer there - certainly nothing to persuade the French or German politicians to vote for it.
> You have a Yes/No decision at kernel build time.
Only if you build your own kernel.
> Why would you want to disable it?
Because you are using a kernel provided by a Linux distro, not compiling your own. In this case, the distro may want to choose a default value for this flag, but the user may want to change the flag.
There are usually good reasons for using a distro rather than building your own Linux distro from scratch: it's a lot less hassle, it gives you software binaries that have been tested, and it makes it easy to get security patches. All those arguments apply to the kernel as much as the rest of the software in the distro. Of course, there are times when people have specific non-standard requirements, and have to compile a kernel themselves, but those are rare.
And yes, most of the people reading this thread are likely part of the rare group with non-standard requirements, but that's because this is a thread about a kernel patch on a tech news website...
Also programmer availability. Windows desktop GUI programmers are easier to find than Linux desktop GUI programmers. Any Visual Basic programmer can do a Windows GUI.
Also on a typical big-company Windows-based corporate LAN, developing for Windows is easier than developing for Linux because everyone has Windows PCs.
I think that, from the context, we all read that tweet and read "attack" as "hacking attack". I suspect the hotel read it as "violent physical attack, perhaps with guns".
That makes a big difference. Try reading the tweet again with that change.
Now of course, to us it was clearly a joke about the traditional hacking that happens on DefCon's wifi network. To a physical security person who missed all the context, it could be taken as a terrorist threat.
I think the hotel took the tweet out of context, massively overreacted, and lied to him (which is never acceptable) about DefCon being involved with kicking him out. If DefCon security or management had gotten involved, they would have seen the context and tried to fix the hotel's misunderstanding.
> People will only be mislead if they don't pay attention.
That old chestnut. "If you'd carefully read the contract, on page 97 out of 233, in tiny print, in grey-on-slightly-lighter grey, in Latin, we clearly explain it. If you were foolish enough to rely on the summary given by the salesperson instead of reading the contract and getting people to translate the Greek and Latin parts, then that's your lookout".
They’re different things. A manufacturer can stop their trademarked product being imported into the EU without their permission. Once the product is inside the EU single market, the manufacturer can’t control the price retailers sell it for.
Sadly, it would go the way of the California cancer warnings.
Pretty much everything is "known to cause cancer" as far as the state of California is concerned, so pretty much everything and every building has to have a stupid warning sign. So the signs don't actually provide any useful information, and most people ignore them. The only people who like the signs are the lawyers, who make money suing anyone who doesn't have the signs up.
The issue is logs to check regulatory compliance. Accurate timestamping helps a regulator compare logs from separate companies, when they're investigating something.
If you have a rule "no trading during the leap second", then you have to have logs to prove that you didn't trade during that leap second. So the systems generating the trading logs have to understand leap seconds and be able to log during that leap second. So you still have to do the same work to make your systems understand leap seconds.
A "no trading during leap seconds" rule actually makes things more complicated - you STILL have to do the work to make your systems understand leap seconds, and then you have to go implement the "no trading during leap seconds" rule (along with ensuring no trades are in progress when the leap second starts, etc).
It's perfectly reasonable that everyone who gets paid £X should pay the same amount of tax, whether they are a contractor or permanent employee.
It's perfectly reasonable for contractors to demand higher pay from their employer in exchange for the lack of benefits and the job insecurity. The employer gets the benefit of not paying for sick/holiday/etc and being able to fire easily, so the employer can and should pay for it.
It's not reasonable to expect other taxpayers to pay more so the contractor can be pay less tax. The taxpayers don't get the benefits of the contract.
Of course, the way this should have been done was to fix the tax system properly, perhaps by taxing dividends as income (with an allowance for any corporation tax already paid). IR35 is an abomination of a law - it's a kludge, it's unfair, it's overcomplicated, and it's unpredictable.
Petrol stations in the UK have a firemans's switch that allows the fire brigade to shut off power to all the pumps. This will very effectively stop people from using a faulty pump - although it would also stop people from using the other pumps. I presume the US petrol stations have them too, since they're clearly a sensible idea.
Alternatively, an employee could go stand in front of the pump, or call the police to get them to come stand by the pump.
But I expect the petrol station was being run by a minimum-wage employee who was trained to do things by the book, and there wasn't a procedure for this. Management chose to limit it's employees initiative, management can take the loss.
It looks like it's related to GDPR in this way: "We changed our systems to try to comply with GDPR, but our changed code had lots of bugs in it and it broke lots of things, including transfers in of .uk domains. We can't roll back to the old system because we're so incompetent we left it to the last possible day to roll out our GDPR-compliant software, despite knowing for 2 years that GDPR was coming, so it would be illegal to rollback and now we have to try to fix the issues introduced by these changes. We've spent a month fixing the long list of other issues caused by this change, but still haven't fixed the .uk transfer-in problem."
(Above is my interpretation of the "GDPR Implementation" section of https://enomstatus.com/ )
Based on the number of bugs, I suspect their GDPR project was scheduled by incompetent manager(s) and was going well past the GDPR deadline, so they pushed it live on the GDPR deadline despite them not being finished or ready.
> Question: If the camera never gets used, why am I paying for it?
You're assuming that one without a camera would actually be cheaper. That's probably not true.
Suppose a phone manufacturer made a phone available in two models, with and without the camera. The camera-free one needs the cameras removing, a new back cover with no hole for the camera, a new software image with the camera support/apps disabled and the other apps (e.g. messaging) modified to not support sending pictures from the camera, it needs fully testing again, including (for legal reasons) all the legally required testing and carrier testing. It also means the manufacturer has the cost of setting up a modified production line, keeping stock, distributing both models, increased support costs, increased cost of shipping a software update, etc. That's a lot of effort and expense.
The actual cost of the camera hardware is quite small. Even if you offered people the option of "would you like to pay £10 less and not get a camera", most people would go for the one with the camera. So the sales of the camera-free one will be very small, and all those fixed costs have to be divided by a very small number of sales. That means that the camera-free one will actually be more expensive, which means almost no-one will want it, which drives up the price further. It's not worthwhile for anyone to make it.
So, 33% didn't opt in...
And how do they know that?
The only possibility is that when you say "NO, DO NOT COLLECT MY INFORMATION" they then ... collect the information that you opted out!!! That's clearly illegal, those people did not consent to that.
What's Canonical's turnover again? The court is going to need to know to calculate the GDPR fine...
To interfere you need access to the fiber. If you have access to the fiber, then a pair of low-tech bolt cutters will work perfectly well to deny service.
However, either kind of denial of service will be followed by the relevant security people driving (or flying) along the fiber route, and finding the problem. If you hang around, you would get into trouble.
If you're not making enough profit to cover the costs of protecting your IP, then either:
A) When you get a blocking order to protect your IP, your profits will go up by more than the cost of the blocking order. In this case, investing in a blocking order is a sensible business investment. OR,
B) Your IP is not worth protecting. Sucks to be you, but you have no right to force ISPs to pay for it for you.
Of course, where your IP is trademarks on actual physical goods, you might wonder what the heck Customs are doing letting it into the country, and what the heck the Police are doing not investigating (including co-coordinating with foreign Police forces where appropriate), and what the heck the Government are doing not getting tough on foreign governments that allow this sort of thing to happen from their territory. But none of that is the ISP's fault and it's not fair to punish the ISPs for it.
Blockchain is an interesting technical hack to make Bitcoin work.
It works equally well/badly for all the Bitcoin clones out there.
For anything else... it doesn't fit.
The whole hype about blockchain is (at best) buzzword-driven / solution-driven architecture. I.e. "we know what the solution is, lets try to fit it to another problem even though it's not actually the best solution to that problem". All the blockchain applications I've heard of could be implemented simpler and better with normal centralized databases.
At worst, most "Blockchain" is a scam that is used to part the gullible from their money.
Why is there an obligation to assist other vessels in distress? Because at the time the rules were written, and until very recently, all ships had the *ability* to assist other vessels in distress, and if you *can* save a life then you should.
That doesn't necessarily apply to robotic ships. If they don't have the ability to deploy lifesaving gear, and don't have anyone onboard who would need it, then it would be reasonable to say they don't have to.
In other words: The obligation is to do the best you can with the equipment you have on board, not to bring extra equipment to help others. The lifesaving gear that ships carry is intended to save their own passengers and crew, the ability to help others is just a bonus.
Of course if your robotic ship happens to sail past someone who's in trouble, and you detect that with your cameras or by a radio call or satellite message, then you have to provide what assistance you can. Likely a human would take over at that point, and drive the ship by remote control from their control centre back on land. Assistance might be limited to sailing over to the casualties, letting them get on the deck, then heading for the nearest port or manned ship at the best possible speed. The robotic ship might not have any cabins, shelter, food or drink, so getting to port or a manned ship quickly may be the best that it can do.
The purchasing process was designed to purchase the cheapest possible items when you're buying huge amounts of well-specified commodity physical items. They stick out an RFP with the specs, and buy the cheapest.
It utterly fails at dealing with things that aren't commodities.
A "commodity" is something where there's a market for the things and they're pretty much the same and interchangeable, like sugar or crude oil.
Bespoke software development is about as far from a commodity as you can possibly get. For a start, the idea that there will be good specs at the beginning of such a project is a fantasy - it's impossible to do that as some developer will always find a way to screw up that the specifier hadn't anticipated. The only truly complete spec is a working system.
And since the purchase process is built around the fantasy of specs, it doesn't incorporate trials.
That's wrong. There have always been some things that can't legally be put in terms & conditions.
E.g. under long-standing UK law, a shop can't usually say "I'm selling you this stuff, but you have to agree there are no refunds, and if you don't agree then you can't buy it". That's because all consumers have the legal right to a refund if the product is not "of merchantable quality" or not "fit for purpose" or not "as described". If a shop tried that, and the product was faulty, the shop could still be sued for a refund and the shop would lose in court. The consumer's "agreement" not to get a refund was illegal and will not help the shop in court - in fact the shop may get punished for that illegal practice.
GDPR says that consumers can't be compelled to consent to unrelated uses of their data. So any consent purportedly gathered that way is invalid, and they can be sued for using the data without consent.
If you're being *really careful*, you don't assume anything. If your training didn't cover what the "no SD" message meant, and you see it, then *you ask Mission Control*. Even if you think you can guess what it means.
And you tell them the *facts*, which are "I can see a message saying no SD", you don't just guess what it means and tell them "oops I must have forgotten to put the SD card in". There are a lot of really good experts on the ground who will help with troubleshooting, but they need facts not wild-ass guesses.
And a spacewalk is a really good time to be *really careful*.
You might say "oh it's just a GoPro"... but being really careful is a mindset, you want astronauts to be really careful with the important stuff, but it's not always clear what "the important stuff" is, especially under stress, so you train them to be really careful always ... and especially on a spacewalk.
Regardless of which is cheaper right now, you don't want a monopoly. In the long term, having 2 or 3 profitable suppliers is much cheaper than having one cheaper-for-the-moment supplier. There are several reasons for this:
* A monopoly supplier could raise their prices and stop innovating. (See: ULA). It's incredibly difficult, slow and expensive for a new supplier to get into the space launch business.
* If there's only a single family of rocket being used, and they have a rocket explode so they ground their fleet, you're stuck. We know such failures happen, even Shuttle had a ~1.5% failure rate. If there are several different models from different suppliers, then common faults are much less likely.
* If your sole supplier goes bust / has its workers strike / has its facility wiped out by a natural disaster, you're stuck. Multiple suppliers means you have less single-points-of-failure.
That's why NASA were careful to award ISS supply contracts to two different companies (SpaceX and Orbital), while the US government also has launch contracts with a third domestic company (ULA). That gives the US government three local suppliers to compete for its missions.
Biting the hand that feeds IT © 1998–2019