Winter upgrade boosted 'inverse femtobarns'
Um, is this another way of saying they "reversed the polarity of the neutron flow"?
3335 posts • joined 19 May 2010
So did they prosecute him for saying "I'm an engineer", or for actually working out a better method of controlling traffic-light cameras?
What I'm getting from this is that if an American hobbyist inventor (think Trevor Bayliss) lived in Oregon, he would be prosecuted for his "unlicensed engineering" if he tried to turn a great idea into a commercial product.
Unlicensed thinking, it appears, is frowned upon!
Yes, we have expert systems but they are not much more than advanced logic controllers - if this, do that or nothing.
What is being touted as AI is nothing more than marketing hype to try and get a commercial advantage, or in the case of universities, funding.
Absolutely! It's on a par with calling radio controlled models Robots (as in Robot Wars), there's bugger all autonomous or robotic about them, and there's sod all intelligence at the current level of AI.
Ban all unencrypted traffic, like HTTP or FTP, which are both vulnerable to monitoring and MitM modification
This is nearly as bad as the government's "Ban Encryption" stance. There's no need to ban HTTP or FTP, they are both perfectly good protocols for certain requirements. The problem comes with inappropriate use - for instance HTTP for passing credentials.
And frankly, the use of MITM by criminal elements is wildly exaggerated, it is most unlikely that some "hacker" has managed to get in the middle of anybody's browsing session or FTP connection. Most leaked credentials come from malware on the host, or by compromising a database on a server.
For MITM it is far more likely that your local friendly government, your ISP, or even the company you work for are the culprit (using a web proxy is increasingly common in the workplace).
To help maintainers of Windows Server 2003 computers block almost inevitable attacks under these unfavorable circumstances, we decided to provide them a free solution: a micropatch for CVE-2017-7269, which they can apply on their machines not only without rebooting, but also without even restarting Internet Information Services.
Maybe they could teach Microsoft how they did this, as Microsoft appear to be incapable of writing any update which doesn't require a reboot.
In British English, electrocution is defined as injury or death caused by electric shock, so to a British English speaker, fatal electrocution or lethal electrocution is permissible.
I believe US English defines it as only death caused by electric shock - in which case your pedantry is correct.
If you (or your team) have done this, I'd be really interested to know how you manage this process etc :)
We were put in the position that the client wanted a secure environment with WAF / IPS but was too cheap to pay for it.
So we built a lash up of nginx, naxsi, and fail2ban, with munin to provide some reporting and pretty graphs, as a proxy to our apache servers. HTTPS was decrypted, read, and re-encrypted using the proper certs and ciphers.
It worked surprisingly well, although I wouldn't say it was as effective or as maintainable as a commercial appliance product would have been.
The main problem? Simple: you have to know what the heck you're doing. You need a basic underlying understanding of the encryption process, how to monitor network connections (I've come across too many people who had no clue how to use tcpdump or netcat for example) and interpret the results.
And that seems a bit too much for more "modern" companies, time is also money after all, so they'd rather rely on out-of-the-box ready to use gizmo's like these. Without stopping to think about possible consequences.
I think you have to bear in mind that to achieve PCI-DSS compliance, it is often much easier to use a recognised appliance rather than roll your own monitoring at the server level, most QAs I've come across like to have pretty graphs every month, rather than have to wade through log analysis reports.
I remember being met by a stunned silence when one QA asked how we had implemented IDP for HTTPS traffic, and we told him how we did it with a roll-your-own setup on an Nginx box.
Looking at some of the big names shown in the report, it really is a sorry state of affairs.
Of the 12 appliances tested, only one, from Bluecoat achieves an A rating, and the majority of the others are C or F. The Microsoft one deserves an F--- if such were possible, as it only offers SSLv2 connections, but you expect better from Barracuda, Checkpoint et al.
I shouldn't be surprised though, as we recently had to remove ECDHE ciphers from some of our servers on an e-commerce site, as the WAF didn't support them, thus weakening the whole environment's security.
Solving a problem when there is a problem is better than stopping progress.
There already is a problem with IoT, it just seems not to have reached the threshold where "OMG we'd better do something!", by which time it will be too late.
Trying to retroactively impose regulation when manufacturers are already doing their own thing is not going to work, the framework to regulate the industry needs to be in place early on.
The US Federal Trade Commission is holding off regulating the Internet of Things industry until there is an event which “harms consumers right now”, according to its acting head.
Because it's always better to run round like headless chickens after the event, instead of planning how to deal with it before it happens...
Well, it certainly wasn't the reliability. They break down all the time.
This is just not true, earlier Defenders (and Series Land Rovers ) will go for years without breaking down. The problem is with the more recent electronic bits, but the general mechanicals will go for ever with a bit of maintenance occasionally.
Smart meter billing problems have also been documented in the US.
And in the UK:
From the BBC story...
A spokesperson for the department for business, energy and industrial strategy, said: "Smart meters are a vital upgrade to Britain's energy system."
"The technology will bring an end to estimated billing, and give consumers real-time information about their energy use to enable them to make more efficient energy choices."
Biting the hand that feeds IT © 1998–2019