* Posts by jtaylor

68 posts • joined 12 May 2010

Page:

It's 2017 – and your Mac, iPad, iPhone can all be pwned by an e-book

jtaylor

What version of iTunes doesn't run on a personal computer?

0
0

Former RCL director: It was me who cancelled their domain names

jtaylor

No choice, really

It might be hard to transfer a domain to an entity that won't participate in the transfer. If he contacted RCL and asked them to do their part to take control of the domains (which would be easy to prove), then he should be in the clear. He simply released the asset after being warned it might be a liability.

This is why Boards get Directors and Officers insurance: if your name is there (or on an asset), you can be individually liable on behalf of the organization. If he were no longer shielded by the company, he really had to get his name off the list.

9
0

What is this bullsh*t, Google? Nexus phones starved of security fixes after just three years

jtaylor

Bah. I want to be able to recommend a smartphone to people who just want, you know, a smartphone. That will work until it doesn't or they replace it.

I really thought that Google (brand) phones were a good answer. Seems they are not.

In this context, my iPhone is a better investment than I realized.

6
0

Gift cards or the iPhone gets it: Hackers threaten Apple with millions of remote wipes

jtaylor

Re: Am I the only one?

Gift codes are indeed easier to trace than cash / cryptocash. They are also easy to sell on to unsuspecting people before the codes are traced and cancelled.

Before I buy a gift card second-hand, I verify the balance, then spend it all immediately after I pay for it.

0
0

Texas cops lose evidence going back eight years in ransomware attack

jtaylor

Exactly this. If someone could click on email and run software that alters legal evidence, that same person already had the ability to alter that legal evidence.

Malware wasn't the real problem here.

8
0

'Ancient' Mac backdoor discovered that targets medical research firms

jtaylor

Re: "More secure than PC? Ha!"

Ah, I remember when PC stood for Personal Computer. (What does it stand for now?)

I'm unconvinced that Macs transcend personal computing.

But yeah, seems like standard userland malware.

1
0

Seagate hauls out fat form factor throwback hard drive

jtaylor

Ahaha. I remember the Bigfoots. Cheap and cheerful.

Nothing can replace my old full height ST423451W. I keep it around to scare kids and win arguments.

I've had a few experiences getting Seagate to RMA a drive that failed in hardware RAID but passed their SeaTools diagnostics. This new drive would have to be pretty cheap for me to consider it.

2
0

Facebook's internet drone crash-landed after wing 'deformed' in flight

jtaylor

Re: Recurrent theme?

From the report, the aircraft was intact and fully operational until the autopilot balled it up. The autopilot responded to a normal situation — high on approach — by commanding control surfaces to deflect beyond that which was structurally safe for the airframe. (Va or such)

Yeah, I'd blame the autopilot as the proximal cause of this accident. Root cause would be something like "we put our best Python programmers on this project but forgot to include an aircraft engineer," but that's outside the scope of the FAA investigation.

15
0

Uber-creepy: Dial-a-ride devs accused of stalking pop diva Beyonce

jtaylor

Re: Shameless

"you are using an app, paying with a credit card and giving your GPS to the driver to find you... when and on what planet did anyone think that information was going to treated well and respected?"

When you put it like that, it's pretty dire. I do think though, that when I install an app, it shouldn't report my location unless and until it needs to locate me. When I use a credit card, I expect it to be processed through a normal credit card processor and that information like my CVV won't be stored with the merchant. Of course I want the driver to know where to pick me up, but that's a very limited audience (2 people) and I don't expect unknown others to be able to not only listen to that "conversation" but also to then track me across multiple transactions that involve different people.

Uber and Lyft have really opened opportunities for some friends who cannot drive. I don't rail against the services. I do, however, wonder if they're really doing all they should do to protect their customers (and by "should" I mean acting as they claim to and as they are required by law).

7
0

A-dough-be: Photoshop flinger pumps profits 50 per cent

jtaylor

Is this all about moving customers to a subscription (rental) model and off of perpetual licenses?

9
0

In Red Hat, Veritas: Firm backs OpenStack convergence play

jtaylor

Quaker Oats became popular because they offered a consistent product in reliable measures. In other words, customers learned to trust their product quality.

This is important in computing too. Providers model expected demand and then build to it (with varying overcapacity). Customers buy a service as if it were guaranteed. If the provider fails to reliably meet expectations, they lose the trust of customers.

"Predictable quality of service" is a big deal. I'm interested to see how this works.

3
0

Bloke accused of Linux kernel.org hack nabbed during traffic stop

jtaylor

Re: How about community service instead

"Hey, remember that idiot who popped kernel.org a few years ago and put a trojan into Linux systems?" "Yeah, what of him?" "He's working for the city now, in lieu of prison." "Oh, that's nice. What's he doing?" "Installing Linux on thousands of computers that don't belong to him."

28
0

Childcare app bods wipe users' data – then discover backups had been borked for a year

jtaylor

Somalia?

www.orbit.so

No backups, no testing, ad-supported childcare service, and their domain is in Somalia.

I wonder if Orbit was trying for Sketchy Outfit Of The Year.

12
0

Microsoft takes five months to replace broken patch

jtaylor

Re: This is why Windows is no longer viable.

Businesses operate with imperfect tools in imperfect situations every day. The point is to find "good enough" and make money at it.

I think you raise some good points, but your dire predictions are not yet supported by either reality or common sense. If you propose viable and attractive alternatives to Windows, your opinions would have greater value.

Meanwhile, I can't recommend that businesses who rely on Quickbooks or Exchange/Outlook stop using Windows. I can't recommend that photographers change to Linux and leave Lightroom and Photoshop and all those plugins.

1
7

Windows 10 still free, even the Anniversary Update, if you're crass

jtaylor

Re: Missing option in survey @alain williams

"How does the screen narration work in your superior OS?"

I know a few blind people. They all use iPhones because VoiceOver is wonderful. Personal computers are usually Macs, work computers are sometimes Windows. (Macs are actually cheaper than Windows after you add the cost of JAWS or Window-Eyes.)

Apple has been integrating accessibility into their products for years. They are very good at it.

3
0

Web meltdown: BT feels heat from angry punters

jtaylor

Re: What's the fucking point?

I don't know particulars of BT, but you hit some good points there.

"Millions, if not indeed billions, are spent on (advertising) network resilience yet still server centres and other installations fall over, go "off grid", suffer "outages" or "unplanned downtime"." Indeed. Advertising brings in revenue. Infrastructure is just an expense. It's not uncommon to increase spending on the services (like advertising) while cutting expenses on the infrastructure that supports those revenue services. Years ago at a small chain retailer, the manager explained to me that because we were all paid on commission, "we polish the displays but nobody fixes the roof."

"Is it simply impossible to prevent these occurrences?" Not impossible, but it requires awareness and also decision-makers must be rewarded for solid planning over short-term results. "Is all the advertising about resilience etc complete dishonest bollocks?" Not exactly. I've seen very resilient designs get crippled by small decisions like using the redundant link to handle load spikes instead of renting a metered link. As so often in this world, people prefer data that supports their message and may not even be aware of how the facts have changed.

"And what about all these certificates they display so proudly on their websites? Are these all lies as well?" Yeah, sometimes. :) The certificates have very specific definitions. "Certified Malware Free" is much easier than "Scanned Every Hour According To OpSec 15(a) Which Is Has Been Due For Review For Two Years And Meanwhile We Changed Vendors And Our Tech Lead Left To Join A Startup So Nobody Really Understands It Any More But It Seems To Work Fine And We Are In Compliance With Our Accreditation." Again, not unique to IT. We probably all know someone who bought a very expensive car and then "saved money" by deferring maintenance. Or bought insurance but neglected to raise the limit after some major purchase.

Okay, you nailed the big ones. I just spent too much time in Operations!

0
0

Silicon Valley's contribution to the US Republican Convention: Gayness

jtaylor

Big John wrote: "the author implies that acceptance of gay marriage is a prerequisite for acceptance of gays period. They are different issues"

Sometimes big words can be confusing, so I'll break this down. "Gay" - this part is about gay people. "Marriage" - this is about marriage, which is a legal and social (and possibly political) contract between two people. A contract must be accepted to be valid. Thus, "gay marriage" is about accepting that a marriage contract between two gay people is valid.

Big John wrote: "It is possible to accept gays, and still consider the ancient institution of Marriage to be intended for the raising of children and not just a societal label that all have rights to."

Gay people can and do raise children, so that's clearly not quite the issue. Create new children, that makes sense. I defer to John's obviously greater understanding about the ancient origins of marriage. In recent centuries, though, marriage is about much more than pure reproduction. For example, it's deeply tied to property and inheritance law. Although failure to consummate and failure to conceive have been used in English law to annul marriages, I'm not aware of recent cases where a marriage license was refused or revoked because a couple was unable or unwilling to bear biological children together. (Again, it could result in a divorce, but by its nature a divorce recognizes the validity of the original marriage contract, and an annulment is a retroactive challenge to the previously recognized validity of a marriage contract.) (Note that religious entities might refuse to perform a marriage ceremony for any number of reasons, including failure to promise children.)

I haven't yet found Big John's sources, but here are two that I used:

https://www.law.cornell.edu/wex/marriage

http://www.bbc.com/news/magazine-17351133

22
4

Drone bloke cuffed after gizmo stops firemen tackling forest inferno

jtaylor

Re: Glames?

"Or is this some New Millenia term?"

glames looks like a typo. Millenia looks like someone thought that Millennia is singular, and then forgot how to spell.

Unfortunately, while the article has a link to quietly submit corrections without being snarky, comments do not.

And yes, firefighters get my deepest respect. I used to know a retired smokejumper. Her stories were larger than anything I'm likely to see in this life.

8
1

Generous Fiat Chrysler offers $1,500 for car security bugs – or two minutes of annual profit

jtaylor

Re: What about gear shift recall?

Indeed. I trust that Fiat Chrysler Automobiles knows their problems better than we consumers do — and I'm sure they remember the debacle from their remote-control Jeeps. They certainly spend a lot of money managing product quality. It's easy for us to see that electronic security is important, but they are prioritizing vastly larger and more expensive problems that we didn't hear about yet.

3
0

Linux letting go: 32-bit builds on the way out

jtaylor

Sky is not falling

When I read the article, I got the mistaken impression that the major Linux distros are dropping support for all 32-bit architectures including ARM.

It was quite a relief to read the referenced post and learn that it's only Ubuntu dropping the i386 architecture.

Ubuntu desktop seems largely to target Windows converts, so I suspect this is really not a big deal.

The headline certainly caught my attention, though. And that's the purpose of a headline, right?

P.S. Of course there's RPi and CentOS and Gentoo and the BSDs, but those don't have qute the same...culture...as Ubuntu.

3
1

Lenovo scrambling to get a fix for BIOS vuln

jtaylor

Re: it's a backdoor, not a bug

Little Mouse wrote: "Someone else has installed a backdoor on Lenovo PC's? I think that's called Getting A Taste Of Your Own Medicine."

I have a poor memory. Remind me why I deserve a backdoor on this ThinkPad.

4
0

Hackers peer into Uber passenger privates, find and plot trips on maps

jtaylor

BebopWeBop wrote "Passenger photographs???????"

https://www.uber.com/legal/privacy/users/en/

"We may share your information:

With Drivers to enable them to provide the Services you request. For example, we share your name, photo (if you provide one), "

0
0

Cloudian clobbers car drivers with targeted ads

jtaylor
WTF?

Safety or profits?

As I understand it, an effective advertisement captures the viewer's attention long enough and strongly enough to change purchasing decisions.

Pushing these ads to drivers sounds like a genius way to cause road accidents.

23
0

TeamViewer: So sorry we blamed you after your PC was hacked

jtaylor

Read the complaints, not just TeamViewer's pressie

TeamViewer is trying to focus our attention on the idea that passwords shouldn't be re-used, and let the reports of attacks with 2FA die in a corner. Before following TeamViewer's advice to blame users, read the actual user reports. Reddit has quite a few.

For example: https://www.reddit.com/r/homelab/comments/4m5gn7/psa_teamviewer_compromised_by_possible/?ref=search_posts

https://www.reddit.com/r/teamviewer/comments/4l4oq3/tv_hacked_with_2_factor_enabled_and_password/

0
0

Microsoft waltzes users through Azure by killing VM conversion tool

jtaylor

Yay for alternatives

Great article. Microsoft has a bit of cheek.

Fortunately, as noted, there are plenty of other tools to convert. On Unixy servers, I like qemu-img

qemu-img convert WindowsX.vhdx -O WindowsX.qcow2

8
0

Walmart sues Visa for being too lax with protecting chip cards

jtaylor

Re: A holdout explains

"you could probably sign as M.Mouse with a crayon gripped between your toes and a picture of your arse on your ID, and the average cashier would accept it without a second glance."

Certainly. This is why I mentioned "Sure, someone can steal the card and make some charges, but unless they also thought to obtain my signature, it shouldn't be too hard to show that the purchase was not made by me." This is distinct from a PIN, which is easy to record and reproduce.

I am willing to accept higher risk of fraud, as long as that comes with lower risk that I'll actually have to pay for it.

I'm still curious what I'm missing. Or was your point that if someone signs as M. Mouse, that my credit card issuer will use that as proof that I was the purchaser?

2
3
jtaylor

A holdout explains

I haven't yet been convinced that PIN is better for me than a signature (and yes, my cards are now Chip + Signature).

How difficult is it to obtain someone's PIN? With debit cards, a mirror or tiny camera or keypad overlay or just a nice viewing angle are enough.

My credit cards are signed "See ID" on the back. Sure, someone can steal the card and make some charges, but unless they also thought to obtain my signature, it shouldn't be too hard to show that the purchase was not made by me. And that assumes the clerk didn't ask for ID.

Given the choice between "less fraud, but I assume the risk" and "greater fraud but I am less liable" I prefer the lower liability.

What am I missing?

0
8

Facebook image-tagging to be tested in Californian court

jtaylor

As noted above, the nasty part of this image tagging is that it does not require participation or consent of the people who are tagged. Nor is there a mechanism to notify those people.[1]

Thus, you can be at a party and people take photos. Some of them post to Facebook and tag you (put a name to your face) in it. Facebook has time, location, social context, and your face.

Facebook also uses facial recognition software to identify people in photos.[2]

[1] If you create a Facebook account (and agree to all their T&C), you can be notified when someone tags you in a photo. You can also opt out of being tagged. I'm not clear whether this actually removes your data from Facebook's facial recognition database, or just from being named in posts. I opted out and am still occasionally tagged in Facebook photos.

[2] https://www.facebook.com/help/122175507864081/

4
0

Embattled 123-reg flings six months' free hosting at angry customers

jtaylor

Adam, I completely agree that 123-reg could be blamed. I also think that customers could be blamed. My point is that blame doesn't help.

"The script was run by them for them with no customer benefit." Do you suggest that hosting companies should not do this?

"in a production environment without any fallback plan" I suspect most companies run scripts in prod. The lack of a sufficient fallback plan was indeed a serious mistake.

"without giving notice to their customers" Do you suggest that hosting companies should notify their customers any time a script is run that touches their service?

"inadequate precautions were taken." Hindsight is wonderful. Is your point that in the future, be sure that all precautions are adequate?

"Blame is the right response here." It's a valid response. I just don't see how it improves things for the future.

I used to work with a large financial services company that was known for blaming people (and firing them.) It made the staff wonderfully careful, right up the point where things began to break. At that critical point, the clever folks ran like hell, leaving the less gifted people, junior staff, and contractors to solve the problem while dealing with managers on a witch-hunt. It was in nobody's interest to understand the real causes of a problem (either you were safe, or already fired.)

2
4
jtaylor

While I understand the anger, I'm not sure it does any good to assign blame for this.

I am not familiar with 123-reg, but they sound like a low-cost operation. As long as they were transparent about what they sold, and delivered what was sold, they're an honest business. Backups aren't free -- if they were, then every customer would have their own backups anyway, right? Yes, they screwed up and should fix their mistake, but mistakes do happen, and it's not clear that this was more than a very unfortunate mistake.

Likewise, customers often don't understand the relevant differences between different products. I see this a lot in consulting. Someone can hire a larger firm for a lower hourly rate to do the same work. If that's all you see, the choice is pretty simple. Even if they have a comparison list of the differences in what they're buying, that's usually in some form that makes sense to the seller, not the customer. I don't like to pay extra for "magic beans" either.

Yes, this sucks. Yes, it makes 123-reg look unreliable. Yes, it makes some of their customers look naïve. Learn how to prevent this in the future. That responsibility falls on all parties, not just 123-reg.

Oh, and I do plan to use this as an example of what can go wrong when you don't understand a product.

0
4

Web backup biz Monster Cloud monstered after monster price hike

jtaylor

Re: Livedrive

Ah! Monster Cloud's decision makes more sense in that context.

Such a price increase (upon contract renewal) would normally be a very brave thing: you'll burn shedloads of goodwill and risk being uncompetitive, so you're relying on your competition to become similarly unappealing.

Here, it seems like Monster Cloud simply panicked. If they're obviously breaching contract (and perhaps threatening to deny access to property, I don't know how this is seen under UK law), that is a direct line to Trading Standards and probably not a few civil court cases. That's not a course you choose unless your business model already collapsed.

Before I signed up with CrashPlan, I asked what my exit options were. For a fee, they'll put all my data onto a hard drive and ship it to me. Several years on, I couldn't be happier with CrashPlan, but then I read a story like this and remember my ticket out.

I wish the best to all: customers, employees, and investors.

1
0

Cunning scam: Mobe app stalks victims then emails booby-trapped bogus speeding tickets

jtaylor

Not a bad idea

I'll be "That Person" who suggests it might benefit drivers to have law enforcement tracking us, with the right transparency.

First, I think that many traffic laws are not enforced. Some of those would probably be impossible to enforce (in an honest way. There are, of course, speed traps and the like.) A tool that catches literally all infractions would force traffic laws and traffic behavior to meet. We would probably see rationalization in both.

Second, traffic laws are not enforced consistently. It's not always the fastest driver who gets pulled over for speeding, nor the most reckless driver who gets pulled over for doing something stupid. Some argue there are other factors at work, like personal appearance (race, dress, gender), type of car, neighborhood, and whether the officer had Wheaties that morning. If there's a full-scale surveillance of driving behavior, defendants could ask "why was I cited for a violation when your data shows that I was driving at typical traffic speeds, while other drivers were grossly exceeding the norm?" "Your department prosecutes dark-skinned drivers at a much higher rate than light-skinned drivers. Please provide data to show you are applying the law fairly."

This reminds me of when the US adopted a 55mph speed limit. Protesters drove down the highways across all lanes, at precisely the speed limit, destroying traffic flows.

5
4

Google publishes list of Certificate Authorities it doesn't trust

jtaylor

Re: Since users too often click through those warnings.

My home router uses a self-signed SSL certificate. I think Dell DRAC (lights-out module) does too.

4
0

Adobe will track you across all your devices with new co-op project

jtaylor

Something useful?

Well, I'm sure Adobe executives will listen to this echo chamber and realize the error of their ways....

I'd love to see a site which lists each of these tracking programs with links to their policies and how to opt-out. Even better would be a service that lets people declare their wish to opt-out of all such tracking methods, and then regularly notifies each such scheme (including any new ones that appear) that these users opt-out of that tracking.

I couldn't begin to figure out the business plan for such a service, other than "non-profit" with "donated legal assistance."

5
0

PC World's cloudy backup failed when exposed to ransomware

jtaylor

Re: No! No! No!

Well said.

I describe it as not a "backup system" but a "deferred restore system."

I chose my car insurer not because they are so good at taking my payments, but because their service is great when I have a problem.

4
0

Your unpatchable, insecure Android mobe will feel right at home in the Internet of Stuff era

jtaylor

Re: Android only?

If your Lumia 635 runs an unpatched Android kernel as part of Windows 8.1, then you have a problem.

7
0

Lights out for Space Vehicle Number 23: UK smacked when US sat threw GPS out of whack

jtaylor

Re: Want to scare yourself?

I used to manage private Stratum 1 NTP servers. They did indeed use GPS as Stratum 0.

Proper NTP (as opposed to, say, Simple NTP) corrects for clock differences by accelerating or decelerating the local clock to gradually bring it back into harmony with the reference time.

I'm not sure that even El Reg's blind suicidal harbor pilot would notice a few ms drift over 12 hours.

I have an interesting story about NTP. Suppose you have redundant pairs of NTP servers, and hosts are configured to use both, in case one is offline. Now suppose that one of your NTP servers doesn't go offline, but just throws a wobbly and gets "stuck" at the wrong time. Many NTP clients (at least, those running the standard ISC code) will exit if the difference between local clock and the reference clock is too implausibly great. In this hypothetical case, there would be just a minor hiccup on your (redundant) NTP infrastructure with no downstream effects...until that threshold is reached, at which point thousands of systems would start to unrecoverably fail their NTP clients as they randomly hit the wobbly NTP server. Sometimes redundancy introduces new and exciting failure modes!

8
0

PDF redaction is hard, NSW Medical Council finds out - the hard way

jtaylor

Process failure

This can't be the first time that this medical council has had to redact names when publishing medical information. They should have a standard process for doing so -- including tools and review before publication.

As already noted, this is a schoolboy error, not a malicious act. Either the people assigned to publish this information were not trained, were not provided correct tools, or were not following a process.

Plus ça change, plus c'est la même chose.

14
1

Windows' authentication 'flaw' exposed in detail

jtaylor

Re: Well, Ain't that dandy!

Article: "Security researcher @dfirblog has discovered what he calls a devastating flaw in Windows' Kerberos authentication system."

oldcoder: "Who knew? Practically everyone that actually worked with Kerberos. Kerberos was never intended to be an authorization service."

That's untrue, but oldcoder played the "everyone knows this" card and then switched terminology, so I'm going to explain.

First, this exploit is with authentication. Kerberos tickets are used to authenticate. The Kerberos Ticket Granting Ticket (tgt) is a function of the Kerberos Authentication Server. Authentication means "are you really that person you claim to be?" Authorization means "is this person allowed to do X?" Just because I can authenticate that I'm a city resident, that does not necessarily authorize me to park my car in the middle of City Hall.

Second, Kerberos manages both Authentication and Authorization. You can authenticate as a valid user in that realm. You can request authorization on a certain client computer (maybe to login over ssh, or to sudo). These are all handled by the KDC.

Explanation of Authentication, Authorization, and Auditing (AAA) https://www.pingidentity.com/en/resources/articles/authentication-authorization-audit-logging-account-management.html

Kerberos overview: http://www.kerberos.org/software/tutorial.html

35
0

VTech's Android tablet for kids 'hopelessly insecure'

jtaylor

Re: Why bother with security

Innotabs include a "180 degree rotating camera and video recorder" and some apps like VTech Kid Connect let you "Send text and voice messages, animated stickers, drawings, photos and more to your child from your iPhone® to their InnoTab®"

I can imagine why some people might not want to leak personal videos and contact information for family and trusted adults. Also, what happens if someone uses the stored account data to log on to sites as the original child?

http://www.vtechkids.com/brands/brand_view/innotab3

https://itunes.apple.com/us/app/vtech-kid-connect/id675014559

0
0

Fujitsu CTO: Analysts might think we're 'crazy', but OpenStack here we come

jtaylor

Re: FWIW

I'm also curious about these scalability limitations. The hardware can scale horizontally very well, although I'm not sure about the controller node. Most of the performance problems I've heard about can be traced back to decisions at that specific site: for example, ceph isn't the fastest storage option.

Anyway, it's exciting to read how many companies are getting into OpenStack!

0
0

Nest defends web CCTV Cam amid unstoppable 24/7 surveillance fears

jtaylor

Re: Yet more unsubstantiated clickbait

It doesn't mean much whether the the device is observed to be constantly "transmitting video when switched off." Maybe it transmits only a heartbeat. Maybe it records to some internal storage. Maybe it listens passively for a command, then starts transmitting video without lighting the LED. All we know is that the camera is active when it's supposed to be inactive. That's a real concern.

9
5

Self-driving vehicles might be autonomous but insurance pay-outs probably won't be

jtaylor

Mark Twain

This reminds me of what Mark Twain wrote about the effect of the Pilots' Benevolent Association on riverboat operations. http://www.gutenberg.org/files/245/245-h/245-h.htm#linkc15

Basically, a small group of riverboat pilots agreed to cooperate with each other, and only each other. Once this Association grew and their service came to be in demand, their cooperation gave them a powerful edge on safe riverboat operations. When an Association pilot stopped in port, he would get the latest news of river conditions ahead; much better information than independent pilots could get. After a while, insurance companies noticed that claims were lower with Association pilots, and they set their rates accordingly. Those insurance rates compelled operators to use Association pilots rather than the independents.

I could imagine a time when some percentage of motor vehicles are "Certified Safe-Driving Vehicles." They communicate with other such vehicles about road conditions (vehicle speeds, visibility and weather, data from anti-lock brakes, obstructions, and any avoidance maneuvers) to prepare for potential emergency situations. Manufacturers demonstrate that such vehicles are much less likely to collide with obstructions, to dent other Certified vehicles, to have single-car accidents, and such. Insurance then starts to factor this into their risk matrices and thus their pricing. Insurers agree to no-fault any collisions between such vehicles. As the percent of Certified vehicles increases, insurance rates put progressively more pressure on drivers to use these Certified vehicles.

This depressing idea allows for automation at any level. It's all just a risk calculation, and therefore a price decision by the driver.

1
0

Volkswagen Australia says 77,000 local diesels need software fix

jtaylor

The solution?

This mess is becoming really interesting.

Now we have multiple governments, which each regulate emissions, whom VW must satisfy when they bring these vehicles into compliance. Will VW use the same solution for all vehicles, or will the (presumably software) change vary by regulator?

Any fix will probably lower combustion temperatures and enrich the fuel/air mixture. This would not only lower fuel efficiency, but could also raise other emissions. If the exhaust system is carefully designed to the original requirements, that could require secondary changes to the vehicle too. Tightly-coupled systems and all that....

Here's a nice explanation of how Nitrogen oxides are created by exhaust. http://www.smogtips.com/failed-high-no-nitrous-oxide.cfm

More specifically, Nitrogen Dioxide (NO2) is what regulators are concerned about (at least the US EPA). That's generated at high combustion temperatures, but also with a lean fuel/air mixture (more Oxygen from the air, less Nitrogen from the fuel). https://www.dieselnet.com/tech/emi_gas.php

2
0

Microsoft throws crypto foes an untouchable elliptic curveball

jtaylor

Re: Lovely marketing

Hmm, let me see. Microsoft Research. Funded by Microsoft. Windows. Made by Microsoft, shoved down the throat of many through misinformation, monopoly abuse and pretty much every trick in the same book that Google is now using, which generates the money to do that research.

Someone famously said that conspiracy theorists are skeptics who lack critical thinking skills.

Microsoft did all the right things here, and we can all benefit. The source code is published (under a very permissive Open Source licence) for review and improvement by independent security experts -- and even by Internet trolls.

1
1

Fed-up sysadmins beg Microsoft to improve pisspoor Windows 10 update notes

jtaylor

Disconnect between MS and IT depts

The story I read here is about a gap between what Microsoft delivers and what IT departments must deliver.

If an organization finds a particular problem, they have to find a way to continue operating until the problem can be solved. This is true in Sales, in Design, in Production, in IT....

For example, if users become unable to properly preview documents before printing them, that's a problem. IT has to respond. Maybe we say "if you are using X software, please save the file to PDF and view in PDF reader to preview it. We're sorry for the trouble, and we'll tell you when this is fixed."

In the past, we could look through patch notes and get an idea when the vendor fixed the bug. When the vendor doesn't say what they fixed, it's much harder for IT to know whether or when to promise users that specific problems were fixed.

In other words, IT still has to answer to the organization, regardless of what support they get from the vendor. In this case, it seems that Microsoft has decided to hang IT staff out to dry.

Microsoft has chosen not to respond to conspiracy fears about Windows 10. Maybe conspiracy theorists are not their target market. We'll see how much pain this causes medium-to-large organizations, and how Microsoft responds to that pain.

5
0

Spotify climbs down on new terms and conditions

jtaylor

Not just social information

As written, if you agree to Spotify's new contract, you give permission for Spotify to "collect information stored on your mobile device, such as [but not exclusively]...."

https://www.spotify.com/us/legal/privacy-policy/?version=1.0.0-GB

"3.3 Information Stored on Your Mobile Device

With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files."

That's rather more broad than just contacts. "Media files" could be...any file (they don't say which media). They also chose the open-ended "such as" instead of a bounded phrase like "possibly including." "With your permission?" This is a contract. None of it is binding without your permission. Or as they put it "If you don't agree with the terms of this Privacy Policy, then please don't use the Service."

Okay, but what can they do with the data they might snaffle off your device? "YOU EXPRESSLY AUTHORISE SPOTIFY TO USE AND SHARE WITH OTHER COMPANIES IN THE SPOTIFY GROUP, AS WELL AS CERTAIN TRUSTED BUSINESS PARTNERS AND SERVICE PROVIDERS...." Also to law enforcement, to protect Spotify, for academic use, for information about the service, or as an asset to be sold. (Section 5.2.5)

That's pretty much whatever they want, then.

Spotify can finally tell us what songs are most popular during Uber's Rides Of Glory http://rideofglory.blogspot.com/

7
0

Firefox to speed up dev cycle, go multi-process, rip and replace UI – soon

jtaylor

Release Cycle vs Workflow

I use Firefox for many hours a day. To me, it's a tool. And a tool has a workflow.

If Mozilla wants to be agile and release variegated updates every few minutes or whatever, that's fine. I'm just a user. I don't look at the code and I don't care.

However, I do care about my workflow. I care that I can open a new tab without stopping to think how to do that. I care that I can switch to "that tab over there" without having to figure out what the key combination is this week. I care that I can think "gee, didn't I bookmark that?" and before the thought is complete, I already clicked to raise the bookmark menu and my mouse is over the search box.

I hope that Mozilla's idea of "agile" is about their code and not about my workflow.

6
0

Misfortune Cookie crumbles router security: '12 MILLION+' in hijack risk

jtaylor

Re: ZoneAlarm advert?

An embedded device doesn't need to do deep packet inspection, it just needs to only respond to what it's supposed to handle and to safely reject everything else...the application should correctly parse it and throw out anything that doesn't make sense.

Certainly. I agree with everything you say. Sadly, many potentially vulnerable devices are no longer supported. We can't look to CheckPoint to solve that. That's all I mean.

0
0
jtaylor

Re: ZoneAlarm advert?

"So how do I install ZoneAlarm PRO on all the non-PC devices on my LAN?"

Good point. Personal computers are not the only networked devices. I suppose that tablets and phones are just about as vulnerable at other untrusted locations as they are on your home LAN, so that horse is already long gone. There are also appliances like surveillance cameras.

To be fair, I don't know how many embedded devices have the hardware to do deep packet inspection. My Drobo doesn't. And it would probably murder battery life on a mobile. CheckPoint can't fix that.

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017