* Posts by Justicesays

581 posts • joined 15 Jun 2010

Page:

Shhh! Don’t tell KillBots the UN’s about to debate which ones to ban

Justicesays
Coat

which "Sarah Conner"

Would find her...

So long as she is executable, and in your current path!

(SPOILER: turns out she wasn't executable after all, someone from the future changed her security)

4
0

Tantalising Tabby's Star teases watchers with big dimming event

Justicesays

They already decoded the message and it says

"Buy alien cola"

They concluded it wasn't sent by intelligent life after all.

7
0

UK.gov: Here's £8.8m to plough into hydrogen-powered car tech

Justicesays

Re: why subsidise private car development with public money

"people must look after themselves first. It is our duty to look after ourselves and then, also, to look after our neighbours."...

And what's wrong with that?

"

Sure sounds like a good excuse to fill your boots at the expense of others.

Nose to the trough politicians agree.

3
4

British Level 4 driverless pods are whizzing along ... er, a London path

Justicesays
Devil

Re: So those kids with back to front hats...

It just runs them over.

Turns out the software thought they were going the other way....due to the hats.

13
0

Fermi famously asked: 'Where is everybody?' Probably dead, says renewed Drake equation

Justicesays

Re: Hiding

Come on, clearly

https://twitter.com/bjornborg

vs

https://twitter.com/bjork

Who is the alien?

You decide...

3
0
Justicesays
Alien

Re: Hiding

What is it with people conflating all the Nordic countries?

It's Björk , and she's Icelandic

5
2

Keep Calm and Carillion: Outsourcers seek image rebrand after UK construction firm crash

Justicesays

It's incalculable because

they don't employ anyone with basic arithmetic skills.

4
0

Former Google X bloke's startup unveils 'self flying' electric air taxi

Justicesays
Black Helicopters

I can see a number of issues

1) I'm sorry, our emergency pilot take over service is experiencing high volumes of calls at the moment. Please hold, your plane is important to us and someone will be with you as soon as possible.

2) Who wants the job of doing nothing for extended periods, then suddenly being thrown into an emergency situation you have no prior knowledge of, and where the live of several people depend on your decisions.

3) Unlike a normal pilot, where if you screw up enough you are generally not in a position to be questioned, if some remote takeover pilot screws up they will always be available for their performance to be critiqued by the CAA/FAA etc. This might put off "real" commercial pilots who could lose their licenses over some bad decision made in 2) above.

4) I prefer to fly in vehicles where the person controlling it also has a high vested interest in the airworthiness, design and safety of the vehicle. i.e. is also in the fragile vehicle, 1000's of feet above the ground.

11
0

Half the world warned 'Chinese space station will fall on you'

Justicesays

Overextended is not "extra success"

"Tiangong-1 was a successful mission, given that it was operational for three years longer than its planned 2013 re-entry date."

I don't call it successful when you leave it up there until you lose control and are unable to do a controlled de-orbit.

13
0

We should pass laws to make Google's life hard! Oh no, sorry, did we say that out loud? asks IBM

Justicesays

Well, lack of responsibility is why these companies are so profitable

Denying all responsibility with a claim that it's "impossible" to moderate, check or otherwise examine the volume of data these companies deal with is how Google etc. are making such profits.

They get all of the benefits (e.g. sales from app store) without any of the responsibility (e,g. not their problem if malware apps get posted, unless they are told about it).

Their business strategy is to make their users/data sources their unpaid moderators/testers etc. on top of selling them out to advertisers ofc.

Uncurated content is the bane of the internet and it's just getting worse, with things like Steam jumping on the bandwagon.

1
1

Woe Canada: Rather than rise from the ashes, IBM-built C$1bn Phoenix payroll system is going down in flames

Justicesays
Devil

Re: Payroll no go

I Blame Morons

4
1

Coinbase, Worldpay, Visa play blame game after dosh vanishes from crypto-fans' pockets

Justicesays

Re: Unfortunately...

Ok, sure , you cannot claim it was an authorized transaction. On the other hand you are entitled to receive the goods and services you pay for. In the UK, at least, the credit card company is jointly liable for providing that good or service, and if you dispute the transaction on the basis that the good or service was not provided, then they either have to prove it was, or return the money. With the small claims court as the backup if they muck you about too much.

This is why ebay like to use PayPal and other prepay wallets, they are not credit providers and thus don't have to pay you back and reverse the payment to ebay when the goods are not delivered or as described.

6
0

Yorkshire cops have begun using on-the-spot fingerprint scanners

Justicesays

Re: Am I missing something?

Automatic cross referencing the fingerprints of anyone questioned by the police against a national scale database of every criminal , illegal immigrant and unsolved crime, on the spot, with no suspicion of the person being questioned of being involved in a particular crime.

What could go wrong?

Lets see, your fingerprint is a false positive match for 40 unsolved burglaries two counties over.

The police arrest you on suspicion of being "light fingered Bob" (police nickname for uncaught criminal).

You can prove where you are for some of the burglaries and have an alibi , but some of them you were alone at home watching telly.

Police report just the ones where you don't have an alibi to the CPS, who are down on their quota for cases this month.

Trial eventually collapses (if you are lucky) without additional evidence being provided.

You get pulled over again later - this time you are light fingered Bob with previous arrest and trial against your record.

repeat ad nauseum.

8
1

Tech giants' payouts go to everyone but affected citizens. US Supremes now urged to sort it out

Justicesays

3. Hold a lottery of all the class members and distribute a larger minimum amount to the winners of that lottery (total/winners).

The cost of organizing the lottery cant be taken against the settlement amount.

9
0

DevOps: Bloody hell, we've got to think about security too! Sigh. Who wants coffee?

Justicesays

Good luck securing your app...

Lets take a couple of examples from the article:

https://www.cvedetails.com/product/19117/Oracle-JRE.html?vendor_id=93

https://www.cvedetails.com/product/128/PHP-PHP.html?vendor_id=74

Oracle JRE, 564 reported vulnerabilities over 8 years, ~6 per month

PHP, 558 reported vulnerabilities over 17 years, ~ 3 per month.

And that's just the main framework , never mind any libraries or other components you might be sticking together.

By the time your release candidate app gets to the tests, it's probably already got at least one (known) security flaw, even if you built it for release weekly. (And obviously loads of undiscovered ones).

This is why 99.97 % of apps are vulnerable when scanned, and are probably shipped with known security flaws.

4
0

The blockchain era is here but big biz, like most folk, hasn't a clue what to do with it

Justicesays

Re: Who?

"but the dispute resolution process could have been streamlined pretty substantially if my bank and the cell provider had a shared database that they both trusted."

Currently the database they both trust is called a clearing house, and it's where your cheque transaction actually happened.

https://en.wikipedia.org/wiki/Cheque_and_Credit_Clearing_Company

in the UK for instance.

The fact your cellphone company is a bunch of incompetent wankers won't change if they use blockchain.

9
0

Intel alerted computer makers to chip flaws on Nov 29 – new claim

Justicesays

And how is the other way looking

"The date of the disclosure to OEMs is likely to raise eyebrows as it happened on the same day Intel chief exec Brian Krzanich sold stocks and shares worth $25m before tax.

Intel has denied any impropriety, saying Krzanich's decision to sell was part of a standard stock sale plan."

Maybe he has some dated, signed , lawyered up stock sale plan to show, made well in advanced.

But can he also prove that he as Intel CEO had no control over the date at which the disclosure was made? Bearing in mind that Intel knew about it for 5-6 months prior to this initial OEM disclosure.

And it seems convenient that these two dates happen to coincide.

46
0

Worst-case Brexit could kill 92,000 science, tech jobs across UK – report

Justicesays

Re: meh

"The leavers are far to busy working to waste time & money pissing around with propaganda showing why they're right. Unlike the remainers, who seem to have nothing better to do than whinge."

You mean the actual Brexit department of the Government, who's entire 1.5 years of "effort" accomplished less than two over-dinner sessions by the PM?

I guess it doesn't help not having any idea what the economic impact any of the decisions being made during the negotiations would have, due to the lack of any studies on various scenarios.

That's the price to pay for pursuing populist policies, inability to make any decisions based on facts or logic, as your mandate doesn't have any basis on those two things.

3
0
Justicesays

Re: meh

"It would be nice to think that they did so, but I have my doubts. Faced with a request from a remainer to come up with a report that show show bad leaving is, for which he is paying them, would you really expect a "well, actually, it won't be so bad" result?"

Well, we just have to compare them with the best case scenario reports created by requests from (and paid for by) brexiteers to get a sense of balance.

Oh, hang on...

I understand the EU has had brexit impact reports published as well, so I guess that just leaves the people in charge of our actual brexit strategy to commission and publish some reports.

Strange that they haven't really, but I guess evidenced based policy has never been particularly popular with the Tories.

14
3

Carphone Warehouse cops £400k fine after hack exposed 3 MEEELLION folks’ data

Justicesays

The issue here is not the plaintext credentials, but credentials being on an internet facing server at all.

Looks like a shitty design decision to just establish a full database connection to the backend with full access to service the front end requests.

Whereas the front end provided authentication should be piped through to the backend to establish a data access session in the context on the front-end user that wants to look up data.

This would limit any data loss specifically to users that logged in during the breached period, as well as giving the opportunity to limit or redact data (like full credit card numbers in stored transactions) when presenting it to the frontend.

1
1

Open-source civil war: Olive branch offered in trademark spat... with live grenade attached

Justicesays

Re: "Freedom"

"It's been long observed that the more people brag about things in the title, the less they reflect the reality of the entity."

United Kingdom (of Great Britain and Northern Island)

Yep, looks like your statement holds true.

3
0

Missed opportunity bingo: IBM's wasted years and the $92bn cash splurge

Justicesays

Re: Big assumption with that theory

The standard IBM acquisition way was to pick pick small targets that they hoped they could massively expand the customer base for by marketing them across all existing IBM clients.

Of course , they would also "bluewash" any incoming products, and often forcibly merge them with some existing (unsuccessful) IBM product in order to minimize their success chances. As well as crushing the spirits of any incoming acquired employees under the weight of IBM process and policy.

31
0

Mozilla's creepy Mr Robot stunt in Firefox flops in touching tribute to TV show's 2nd season

Justicesays

Re: Have to laugh at the outrage

"Studies was not enabled by default "

"I opted out of studies when it appeared last week"

So which was it, not enabled by default, or it was enabled by default and you opted out when it appeared?

https://mail.mozilla.org/pipermail/dev-shield/2017-May/000216.html

Looks like this might have been in planning for some time, had to get it ready in time for Season 2...

0
0

Facebook confesses: Facebook is bad for you

Justicesays
Devil

Hans...Are we the Baddies?

Going for the indirect godwin award but wth.

16
0

Don't shame idiots about their idiotically weak passwords

Justicesays
Devil

"Gameify" it

Your password scored 57 password points today.

You need another 47 points to unlock 12 character passwords *and* two new login images!

29
0

Linus Torvalds on security: 'Do no harm, don't break users'

Justicesays

Re: fairly sensible explanation ...

>It's nonsense. The argument is "that's broken and exploitable, so leave it like that until both things are fixed."

Ok, so hypothetically, the person who is upgrading discovers, upon upgrading , that their stuff no longer works in some way.

do they:

a) go, oh well, must have been insecure, lets try and fix forward while everything is down.

b) Roll back the upgrade immediately (and delay updates to production if they discovered this in test).

99.999% of people will do b).

Thus not only that one bug that was "fixed" will still be present, so will loads of other bugs that the upgrade would have fixed. If you are very unlucky, the impact of the failed upgrade will include some kind of risk exception so that the software is not updated again (at least until the failed upgrade is investigated, the root cause discovered and the upgrade retested/rescheduled).

Making security fixes not break everything is pretty important, because if they do, people will not install them in a timely fashion

69
0

Car tax evasion has soared since paper discs scrapped

Justicesays

Moving house...

Is one of the issues here.

Previously you would move house, see that your tax disc was about to expire, then realize you had to update your vehicle registration document with the new address in order to get a new tax disc sent.

Now it's the wrong way around, if you move house, your tax reminder is sent to your old address, and you have no reminder that the tax is due. Not surprising that people miss it, and I expect getting fines/tickets to people is also more problematic as addresses are less likely to be up-to-date.

9
1

Those IT gadget freebies you picked up this year? They make AWFUL Christmas presents

Justicesays

Re: Cheap-ass freebies.

Obviously Prayer Fans

0
0

Robocall crackdown, choked Lifelines, and pole-climbing: Your new FCC rules roundup

Justicesays

Just wondering

What were the "twice as many" old regulations he got rid of to allow these new ones to be created?

3
0

Boss put chocolate cake on aircon controller, to stop people using it

Justicesays

Re: Ah yes, the AirCon adjustments

Something like this I guess

https://www.youtube.com/watch?v=T2Y7oo3iB40

0
1

NSA bloke used backdoored MS Office key-gen, exposed secret exploits – Kaspersky

Justicesays

Re: Oooooh, really?!?!?

Pretty much all the anti-virus vendors do this now, unless you untick the option.

Microsoft also like copies of any files that crash any of their software, along with the memory dumps. Microsoft Security essentials has a "send file samples automatically when further analysis is required" setting for instance. It's probably ticked by default.

Obviously the archive would have been full of virus code, so presumably of interest to an anti-virus vendor.

In any case this is pretty much entirely the NSA's fault. You have to wonder how someone can take *all of your hacking tools* home with them and drops them on their personal computer. You would think a tool kit full of zero days would be a pretty valuable asset and you would ration this stuff out rather than handing it out like candy. And of course the motives of the unnamed NSA operative (who cant even afford an office license apparently) might well be pretty shady.

69
0

Humble civil servant: Name public electric car chargers after me

Justicesays

Obviously it's government-ese. so hard to say, but reading the act it looks like

If it's insured, then the insurer is liable.

If it's not insured, then the owner is liable (unless it's excluded from needing insurance due to being in some government vehicles category, like military vehicles I guess.).

The owner or insurance company is not liable if someone (who isn't the owner) switched the vehicle to "autonomous mode" inappropriately . In that case that person is liable (unless they are a minor/diminished responsibility etc. then blame the parents/legal guardian).

If the manufacture is at fault due to making a faulty vehicle/software, they can still be liable/negligent/sued/arrested, but by the insurer / owner /police, not by the victim(s) of the accident.

It's not clear if the government can just not pay anything in the case of an automated government vehicle running someone down. It seems that way as there is no liability assignment in section 2 for that case, so presumably the manufacture gets directly sued by the victim in that case?

There are no mention of changes to the driving license system.

9
0

It's time to rebuild the world for robots

Justicesays

yes

"Does that mean humans are smart and robots are stupid? "

Yes it does.

And we already have autonomous vehicles we redesigned the world around.

The London DLR for example.

Avoid collisions with elevated track for its sole use, uses automated switching of prelaid track to ensure it stays on the route, only has limited , but dedicated, stopping places to ensure it doesn't have to worry about parking etc.

19
0

Magic hash maths: Dedupe does not have to mean high compute. Wait, what?

Justicesays

Re: Hashes and duplicates

"Because of this a dedupe tool has to compare the data blocks when there is a hash match to avoid losing or corrupting data. "

Sadly most methods do not bother doing a actual block comparison.

This is because the math shows the odds of a block collision due to them having the same hash is less likely than the disk being corrupted by multiple simultaneous bit flips that bypass parity/checksum checks.

There is also the fact that dedupe systems are limited in the size of the data set they can dedupe, due to the ever-increasing hash lookup table.

This less computational expensive method might be one that does less exact/expensive hashing and full block comparisons when it gets a possible match.

3
1

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Justicesays

"You can still break it by recovering the key, which is normally too complex to commit to memory, meaning there WILL be a trace."

As it's a one time pad, once you have used it to encrypt or decrypt the message, you would delete (the segment used) using whatever method will make it unrecoverable, along with the plaintext if necessary.

3
0

What does Elon Musk really need? A personal theme tune, of course!

Justicesays

The way things are going it will be released in large glass balls from his orbital space station... Assuming Bond doesn't stop him first.

13
0

Legacy clearout? Not all at once, surely. Keeping tech up to snuff in an SMB

Justicesays
Angel

Consultant inception

"I’m absolutely convinced that not enough SMBs take good advice when making investments in technology. Spend money with consultants to get it right at the beginning, and you’ll save in the long run: and shop around for a consultant because you can get good ones for non-ridiculous money"

So you don't advocate shipping around yourself for technology as you wont understand it enough or do the research, but do shop around for a consultant. Is there a consultant consultant we can consult to pick the right consultant?

9
0

Congress battles Silicon Valley over upcoming US sex trafficking law

Justicesays

Re: Out in the open

Part of the issue is that Backpage apparently go out of their way to assist/advise their advertisers on how to stay anonymous, what terms to use to discreetly advertise their illegal services, steps to take for safe contact with potential customers etc.

Despite this they still have managed to wriggle out of any responsibility for what is happening on their site.

2
0

Ofcom to crack down on telcos' handling of nuisance callers

Justicesays
Unhappy

Do you think that these companies are somehow making phone calls for free?

No, they are billed like anyone else, and somehow that billing information is tracked back well enough to make the charges but it's somehow "impossible" to track them back when it comes to blocking/banning them.

Not sure that relying on the telco's, who make money from these calls, to somehow fix this is going to work, it clearly hasn't so far, the telco's just make money from both sides by charging for nuisance call blocking services and caller ID.

Seems to be a pattern emerging, anti-virus firm distributes virus ridden software then recommends installing anti-virus software to recover.

Company offering ID theft monitoring services leaks ID information, then recommends ID monitoring services to recover.

Telco's enable fake/scan calls, then recommend call blocking services to prevent them.

20
0

Cops' use of biometric images 'gone far beyond custody purposes'

Justicesays

Napolionic

"automatic deletion on proof of innocence."

Great, lets get right on proving that we are not criminals.

How about a campaign for automatic deletion unless proof of a conviction is provided..?

39
0

UK not as keen on mobile wallets as mainland Europe and US

Justicesays

Re: So?

"Do you keep yours in a NFC/RFID blocking wallet? I'll bet you don't.

If you don't then it is vunerable to being scanned and then cloned. ID Theft at it's most basic.

"

Two points.

1) "NFC blocking wallets" don't work unless you earth your wallet. They might mitigate the signal from a regular reader enough to stop it, but a up-powered nfc reader would get through no problem.

2) You cant clone an NFC's secure information store unless you can break public/private key encryption, as that's what the exchange is based on. Cheap door access systems might just use the public element, but payment systems don't (some.might use crap encryption.like that dutch tram company though)

0
3
Justicesays

Re: Trading security for convenience

" there was the POC where someone wandered around a railway station with a bag containing a battery powered card reader and harvested hundreds of pounds in minutes."

The difficult part is actually getting the money out of your merchant account (which you have to have to get the money using card systems in the first place) before the fraud reports shut it down and refund all the cash. Turns out that isn't easy to do , which is why this isn't happening all the time right now...

1
0

Cybersecurity world faces 'chronic shortage' of qualified staff

Justicesays
IT Angle

In my experience

The chronic shortage of qualified staff extends to those currently *in* the roles.

5
0

Science fiction great Brian Aldiss, 92, dies at his Oxford home

Justicesays

Re: The Greats have gone

There are a lot of great authors out there.

The problem when comparing old authors to new ones is that only the most popular books survive to be published 30 years on. That makes it easy to identify old masters, but not so much the current ones.

There is also so much more out there, with smaller publishers/self published books/translations etc.

And more people of course.

Hard to find the jewels in the dross.

but for a start try

Peter F Hamilton (apart from night's dawn, mostly due to the ending).

Charles Stross

Alastair Reynolds

Stephen Baxter (early stuff mostly)

26
1

Russia's answer to Buckminster Fuller has a buttload of CGI and he's not afraid to use it

Justicesays
WTF?

The picture that states "Making use of the roads unused median"

Has two examples of cars in that "unused" space, the brown car in the top right, and the silver car in the bottom right.

People occasionally do need to change lanes, join/leave roundabouts , go across junctions etc.

And I'm sure they would prefer to do that without having to worry about smacking into some mobile pillars.

Or being crushed after a failure of whatever active stabilization these things are using.

7
0

Web-enabled vibrator class action put to bed

Justicesays
Trollface

Re: It's a law enforecement issue

I was not aware in fact. Dangerous to your phone perhaps? unless its one of those waterproof models...

1
0

She's arrived! HMS Queen Lizzie enters Portsmouth Naval Base

Justicesays
Devil

Re: Genuine question

I figured out a solution. We have two problems

1) We bought two ships are barely have enough stuff to run one of them

2) the ships are not long enough normal planes to take off from, and cannot be retrofitted with cat and trap for any reasonable cost (for some reason the contract didn't specify a "reasonable cost" when requiring retrofitting as an option..).

The solution is simple. Just dock the two ships together to provide one, longer runway!

Edit: For reference, the combined length would be 560m,

Specification and Dimensions Eurofighter Typhoon

Service ceiling 18290 m (60,000 ft)

Time to 10600m/Mach 1.5 < 2,5 min

Runway length 500 m (take off under 8 seconds)

24
0

At last, a kosher cryptocurrency: BitCoen

Justicesays

Re: I would prefer a more enlightened option

If you have no Bits I will take them from you, if you have Bits I will give them to you.

It is a BitKōan

2
0
Justicesays
Joke

I would prefer a more enlightened option

BitKōan

16
0

Lauri Love and Gary McKinnon's lawyer, UK supporters rally around Marcus Hutchins

Justicesays
Facepalm

Re: The ignorant run amok

"This should let you know, 98% take a plea deal because they are guilty. Likely of something a lot worse than what the plea is."

Care to show the evidence of this? Oh, there wouldn't be any because a plea deal means the bit where the evidence is shown is skipped.

You cant see any reason why someone would take a plea deal? Like maybe being trapped in a foreign country, unable to work or have a normal life, possibly for years, after which they have to go through an expensive trial , the legal fees for which would bankrupt any normal person, in the hope that "justice" is served.

When just the wait for trial is longer than the plea bargain sentence, people will take it.

Especially as being convicted under the US justice system is starting to appear to be as much evidence as wrongdoing as publicly confessing to attempting to overthrow the North Korean government before being thrown out of the country.

19
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018