* Posts by Justicesays

606 posts • joined 15 Jun 2010

Page:

Judge: Georgia's e-vote machines are awful – but go ahead and use them

Justicesays

Proportionality

I would propose that the difficulty of "hacking" an election is proportional to the amount of work taken to run it. If your election requires printing out 10's of thousands of ballots, getting everyone in to fill them in manually, then employing 100's of people to count them, it's going to take a determined and well manned (and local) effort to interfere with that system in any significant way.

If your election set up and counting require a few mouse clicks by "Bob" the election official, then I imagine you are also only a few clicks away from massive election fraud.

I cant think of a foolproof way to even put in an "inline" audit trail into electronic voting, as even a mechanical one would rely on the selections on the screen corresponding to the correct audit output, and so could be potentially manipulated on a per-voter basis. esp. if the election required multiple options to be selected on different screens (earlier selections could be used to tell what the later selections are likely to be). Hmm, maybe you could video the whole thing and store it locally and send that in to be compared with the audit trail...of course doing that would probably take more work than using paper ballots in the first place, plus loss of vote privacy.

Once we start letting people vote with their smartphones, then Google can just decide who wins elections.

If you are going to go down that route you could probably just save a lot of time and money by asking Google how an election in any particular area would go , based on all the data they have on everyone, then use that result.

5
0

First it was hashtags – now Amber Rudd gives us Brits knowledge on national ID cards

Justicesays

Perhaps instead

She could spend her time usefully getting the GDPR enforced against all those websites with the cookies and their ridiculous/impossible/non-existent or frankly laughable opt-out systems (like, to opt out of us collecting information, please go to some other website and opt out from there by putting a cookie on your browser for each ad-system, assuming you have cookies stored, java script enabled, and that all the ad providers systems are working at that time...), when in fact they have to be offering opt-in and opt-out is the default and should require you to do nothing.

Never mind the ones tracking everyone everywhere across the internet with their pixels etc. and no sign of any opt in or out options at all.

22
0

Neutron star crash in a galaxy far, far... far away spews 'faster than light' radio signal jets at Earth

Justicesays
WTF?

Re: theory

"What we do tend to do (and get funding for): test only the hypothesis that the observation is somehow wrong. And sometimes get into very dodgy science by proposing - say - a whole new particle to explain it."

So, erm, your complaint is that either they rigorously try to eliminate any source of error with the observation OR that they then attempt to update their theories (by "inventing new particles")?

So I assume your suggestion is that if some observation is seen that doesn't agree with the theory we should redo all the observations we have previously done that did agree just to make sure they still agree?

Pretty sure that probably isn't worthwhile until you are really, really sure the observation that didn't agree with the theory is likely accurate. And then you would be better off trying to replicate that observation (that doesn't agree), and drawing up new theories based on it that make predictions about further observations you can make/test that would disagree with the old theory but agree with your new one.

Once the theory is proven incorrect, then it's definitely going to see some action around finding out where/why it fails, but that isn't going to happen until it's really, really sure it's wrong.

Relativity is constantly being used/tested,( in GPS for instance), which shows it's reliable enough that any issues with it are going to be down to some edge case or on some scale beyond the everyday (tiny/massive distances)

34
1

Won’t patch systems? Never run malware scans? Welcome to the US State Department!

Justicesays

Well, are there any vulnerabilities being exploited for

PC DOS 3.2 ?

Or have they done at least some updates since 1986?

8
0

Fire chief says Verizon throttled department's data in the middle of massive Cali wildfires

Justicesays
Mushroom

Fair use...

"includes a "fair use" clause"

I dunno, maybe critical emergency service usage during a state emergency could be considered a "fair use" regardless of how much over a normal amount it is?

If you asked all the other subscribers whose houses are on fire they would probably agree.

16
1

Google Spectre whizz kicked out of Caesars, blocked from DEF CON over hack 'attack' tweet

Justicesays

Re: Hum

"I doubt anyone at the hotel was monitoring all the guests Twitter accounts,"

Want to bet? (phrasing relevant)

I suspect they have a system with filters like "vegas, break bank, cardsharp, cheat, rig, sure thing, caesars palace" that picks out relevant tweets from all of twitter (you can do this yourself on sites like twitterfall) , flags up relevant tweets, and then checks the name/handle against current and upcoming guests . Wouldn't take much work to add "gun, attack, shoot" etc. to that existing system after the previous shooting.

2
0

Facial recognition tech to be used on Olympians and staff at Tokyo 2020

Justicesays

99.7% eh. Going to suck

For the 32 or so athletes who cant get into the venues...

1
0

The internet's very own Muslim ban continues: DNS overlord insists it can freeze dot-words

Justicesays

Re: Playing with fire

"since they'd all still have to point to ICANN roots for .com, .net, .org and country specific TLDs they'd be the lowest common denominator so that's all anyone would use"

Sound good to me!

12
0

Either my name, my password or my soul is invalid – but which?

Justicesays

Re: Got to watch those password lengths

Similar very recently.

Set a password (randomly generated).

Copy and paste same password into login box - doesn't work?

Read login FAQ :

Passwords cannot contain quotes(")

Then WTF did you

a) let me set one with a "

b) put "must contain a special character such as a symbol" in the listed rules , but not point out that excludes "

Not to mention it implies your back-end is vulnerable to injection, and your covering it up with sticking plasters.

In anther case, putting "#!/bin/bash" as part of a long password worked for the game login, not so good on the website as it was eventually blocked by the websites IPS as a potential injection attack... The password change tool was on the website...

15
0
Justicesays

Re: Barclays for security?

From

https://www.gov.uk/government/organisations/hm-revenue-customs/contact/money-laundering

Report suspicious activity

Call HMRC if you’re an individual who needs to report suspicious activity in relation to money laundering.

Telephone:

0800 595 000

Opening times:

24 hours a day, 7 days a week

9
0

No, seriously, why are you holding your phone like that?

Justicesays
Headmaster

Re: ...why are you holding your phone like that?

"Part of me wants to correct that to "Friends have a lot to answer for", but I recognise that in this case that would be wrong."

The correct correction(?) should be

Friends has a lot to answer for.

9
0

For €10k, Fujitsu will tell you if your blockchain project is a load of bull

Justicesays

Now I just want to register a website a bit like

http://hasthelargehadroncolliderdestroyedtheworldyet.com/

something like

https://ismyblockchainprojectaloadofbullshit.com

But with the opposite answer obvs.

10
0

California lawmakers: We swear on our avocados we'll pass 'strongest net neutrality protections' in America

Justicesays

"This is going to be a fight. The telecoms and cable companies fight hard and they are effective. We have our work cut out for us."

Well, lacking any law to the contrary , the telcos and cable companies can block access to pro-net neutrality websites, redirect customers to websites promoting negative stories about network neutrality supporting politicians, replace all your adverts with adverts for how much better things would be without net-neutrality.

Also bin any emails to your representatives that support net-neutrality of course.

3
0
Justicesays

Re: Another View

"Threatened with a ballot initiative democracy, lawmakers pass a ruinous data-privacy law. act to minimize the damage to their corporate masters while covering their own asses"

FTFY, but pretty sure this is an entirely different story around net neutrality , not privacy.

2
1

NetApp system zips past IBM monolith in all-flash array benchmark scrap

Justicesays

Re: Cheating the numbers?

"I wonder if anyone hasn't "VW-ed" their array"

FTFY

The SPC benchmarks are massively gamed and always have been.

Commercially nonsensical hardware optimized specifically to the benchmark.

Loads of controllers with tiny amounts of disk each to maximise the cache memory available.

Volumes made from just the fastest part of traditional disks , while still quoting the full capacity in the $/GB.

Specialized firmware setups are just the tip of the iceberg.

5
3

IBM wins five-year whole-of-government deal with Australia

Justicesays

"gig that later went very pear-shaped indeed (although the client was to blame)"

I wonder how IBM got that previous contract?

"“The only finding possible is that IBM should not have been appointed” to the contract in the first place in part because of “ethical transgressions” on the part of some of its employees, including “the obligation not to use the State’s confidential [bid and proposal] information” that it had somehow couldn't explain came into its possession from a restricted government database along with the apparent privileged insider information from a government consultant to the project who happened to be a former-IBM employee."

Any former IBM employees involved with this new bid?

8
0

IBM memo to staff: Our CEO Ginni is visiting so please 'act normally!'

Justicesays

Re: Not the CEO

The leeches already firmly attached to Gini's ass are trying to ensure a minimum separation is maintained so no-one else can attach themselves.

8
0

SUSE Linux Enterprise turns 15: Look, Ma! A common code base

Justicesays
Meh

Re: Cultural cloning and diminishing returns

Ancient wise man 1: so, that's counting sorted out then

one, two three, death, five, six ...

Ancient wise man 2: I'm sorry, three, what?

AW1: Death.

AW2: Why is it one two three, then death?

AW1: It's just what we came up with. Of course, probably people will try to avoid having "Death" amounts of things I suppose, maybe a little creepy, but what can you do eh? Anyway.,

Seven, eight, nine, ten, eleven, twelve, thirteen, deathteen, fifteen.

AW2: Erm, deathteen?

AW1: Well, we have to be consistent, otherwise people would get confused. We also have twenty-death, thirty-death and my favourite, deathty-death.

.....

Try to imagine it in a Mitchell and web style.

7
0

Cops: Autonomous Uber driver may have been streaming The Voice before death crash

Justicesays

Re: Simples. Charge both Uber and the driver

"did she have the training and education to be doing this?"

There are people who have roughly the training and skill set to do this job, they are called "Driving instructors". Not hiring someone with equivalent skills means that Uber doesn't give a crap about the effectiveness of the person in the seat, it's just a cost they have to pay to meet the minimum legal requirement.

Their immediate response, drop all blame on driver, and run away to another state.

The problem is that although they should be equally liable (for bad software, lack of supervision, insufficiently skilled employees), they will likely get away with it as the legal status of experimental self driving cars isn't being given sufficient attention.

15
0

Internet engineers tear into United Nations' plan to move us all to IPv6

Justicesays

"address allocation optimization requirements for IPv4 bear no relation to sensible and relevant optimization strategies for IPv6."

https://tools.ietf.org/html/rfc6177#section-2

Hence, this document still recommends giving home sites significantly more than a single /64 , but does not recommend that every home site be given a /48 either.

/64 1 IPv6 subnet 18,446,744,073,709,551,616 IPv6 addresses

Now, I'm not sure how much IoT shit I'm supposed to put in my house, but 4 billion ipv4 internets worth seems like a lot? Maybe they could have increased the lifespan of ipv6 by only giving homes 1 ipv4 internets worth.

If the minimum subnet size is 2^64 , and the complaint is "the routers will fill up if we have millions of routes". how exactly are switches going to cope if you put millions quintillions of hosts on one subnet? It's all just wasted address space at the cost of much longer addresses.

Of course, ipv6 may give you quintillions of routable ip addresses but only has one loopback address.

3
5

'Incomprehensible failure' – Canada's $1bn Phoenix payroll IT fiasco torched by auditors

Justicesays

Irony

Just before I left IBM there was a big push at the management level towards "devops/agile"

So they were all reading this book:

https://www.amazon.com/Phoenix-Project-DevOps-Helping-Business/dp/0988262592

I guess it turns out real life is harder than fiction

1
0

IPv6 growth is slowing and no one knows why. Let's see if El Reg can address what's going on

Justicesays

Re: Unintentional benefits

Maybe the issue isn't "Congestion", but "throttling".

Probably find the reason IPv6 isn't supported is that they can't control the data rate on IPv6, unlike IPv4, due to their software being ipv4 only.

5
0

Make masses carry their mobes, suggests wig in not-at-all-creepy speech

Justicesays

You'll be arrested and fitted with a GPS tracking collar.

And of course if you go more than 1 mile away from the other person your collar is linked to your collar will explode.

That last bit might be from a different dystopian future.

18
0

Javid's in, Rudd's out: UK Home Sec quits over immigration targets scandal

Justicesays

Re: Either a liar or incompent

Yet Gove describes her as "a huge asset - brave, principled, thoughtful, humane, considerate and always thinking of the impact of policy on the vulnerable".

To be fair, Gove is partly right on this point. The first 10 letters.

About up to here:

"a huge ass"

4
0

Turn that bachelor pad into a touch pad: Now you can paint buttons, sensors on your walls

Justicesays

you'll start seeing adverts for hammers, nails and wall mounted artwork.

15
0

Shhh! Don’t tell KillBots the UN’s about to debate which ones to ban

Justicesays
Coat

which "Sarah Conner"

Would find her...

So long as she is executable, and in your current path!

(SPOILER: turns out she wasn't executable after all, someone from the future changed her security)

4
0

Tantalising Tabby's Star teases watchers with big dimming event

Justicesays

They already decoded the message and it says

"Buy alien cola"

They concluded it wasn't sent by intelligent life after all.

8
0

UK.gov: Here's £8.8m to plough into hydrogen-powered car tech

Justicesays

Re: why subsidise private car development with public money

"people must look after themselves first. It is our duty to look after ourselves and then, also, to look after our neighbours."...

And what's wrong with that?

"

Sure sounds like a good excuse to fill your boots at the expense of others.

Nose to the trough politicians agree.

3
4

British Level 4 driverless pods are whizzing along ... er, a London path

Justicesays
Devil

Re: So those kids with back to front hats...

It just runs them over.

Turns out the software thought they were going the other way....due to the hats.

13
0

Fermi famously asked: 'Where is everybody?' Probably dead, says renewed Drake equation

Justicesays

Re: Hiding

Come on, clearly

https://twitter.com/bjornborg

vs

https://twitter.com/bjork

Who is the alien?

You decide...

3
0
Justicesays
Alien

Re: Hiding

What is it with people conflating all the Nordic countries?

It's Björk , and she's Icelandic

5
2

Keep Calm and Carillion: Outsourcers seek image rebrand after UK construction firm crash

Justicesays

It's incalculable because

they don't employ anyone with basic arithmetic skills.

4
0

Former Google X bloke's startup unveils 'self flying' electric air taxi

Justicesays
Black Helicopters

I can see a number of issues

1) I'm sorry, our emergency pilot take over service is experiencing high volumes of calls at the moment. Please hold, your plane is important to us and someone will be with you as soon as possible.

2) Who wants the job of doing nothing for extended periods, then suddenly being thrown into an emergency situation you have no prior knowledge of, and where the live of several people depend on your decisions.

3) Unlike a normal pilot, where if you screw up enough you are generally not in a position to be questioned, if some remote takeover pilot screws up they will always be available for their performance to be critiqued by the CAA/FAA etc. This might put off "real" commercial pilots who could lose their licenses over some bad decision made in 2) above.

4) I prefer to fly in vehicles where the person controlling it also has a high vested interest in the airworthiness, design and safety of the vehicle. i.e. is also in the fragile vehicle, 1000's of feet above the ground.

11
0

Half the world warned 'Chinese space station will fall on you'

Justicesays

Overextended is not "extra success"

"Tiangong-1 was a successful mission, given that it was operational for three years longer than its planned 2013 re-entry date."

I don't call it successful when you leave it up there until you lose control and are unable to do a controlled de-orbit.

13
0

We should pass laws to make Google's life hard! Oh no, sorry, did we say that out loud? asks IBM

Justicesays

Well, lack of responsibility is why these companies are so profitable

Denying all responsibility with a claim that it's "impossible" to moderate, check or otherwise examine the volume of data these companies deal with is how Google etc. are making such profits.

They get all of the benefits (e.g. sales from app store) without any of the responsibility (e,g. not their problem if malware apps get posted, unless they are told about it).

Their business strategy is to make their users/data sources their unpaid moderators/testers etc. on top of selling them out to advertisers ofc.

Uncurated content is the bane of the internet and it's just getting worse, with things like Steam jumping on the bandwagon.

1
1

Woe Canada: Rather than rise from the ashes, IBM-built C$1bn Phoenix payroll system is going down in flames

Justicesays
Devil

Re: Payroll no go

I Blame Morons

4
1

Coinbase, Worldpay, Visa play blame game after dosh vanishes from crypto-fans' pockets

Justicesays

Re: Unfortunately...

Ok, sure , you cannot claim it was an authorized transaction. On the other hand you are entitled to receive the goods and services you pay for. In the UK, at least, the credit card company is jointly liable for providing that good or service, and if you dispute the transaction on the basis that the good or service was not provided, then they either have to prove it was, or return the money. With the small claims court as the backup if they muck you about too much.

This is why ebay like to use PayPal and other prepay wallets, they are not credit providers and thus don't have to pay you back and reverse the payment to ebay when the goods are not delivered or as described.

6
0

Yorkshire cops have begun using on-the-spot fingerprint scanners

Justicesays

Re: Am I missing something?

Automatic cross referencing the fingerprints of anyone questioned by the police against a national scale database of every criminal , illegal immigrant and unsolved crime, on the spot, with no suspicion of the person being questioned of being involved in a particular crime.

What could go wrong?

Lets see, your fingerprint is a false positive match for 40 unsolved burglaries two counties over.

The police arrest you on suspicion of being "light fingered Bob" (police nickname for uncaught criminal).

You can prove where you are for some of the burglaries and have an alibi , but some of them you were alone at home watching telly.

Police report just the ones where you don't have an alibi to the CPS, who are down on their quota for cases this month.

Trial eventually collapses (if you are lucky) without additional evidence being provided.

You get pulled over again later - this time you are light fingered Bob with previous arrest and trial against your record.

repeat ad nauseum.

8
1

Tech giants' payouts go to everyone but affected citizens. US Supremes now urged to sort it out

Justicesays

3. Hold a lottery of all the class members and distribute a larger minimum amount to the winners of that lottery (total/winners).

The cost of organizing the lottery cant be taken against the settlement amount.

9
0

DevOps: Bloody hell, we've got to think about security too! Sigh. Who wants coffee?

Justicesays

Good luck securing your app...

Lets take a couple of examples from the article:

https://www.cvedetails.com/product/19117/Oracle-JRE.html?vendor_id=93

https://www.cvedetails.com/product/128/PHP-PHP.html?vendor_id=74

Oracle JRE, 564 reported vulnerabilities over 8 years, ~6 per month

PHP, 558 reported vulnerabilities over 17 years, ~ 3 per month.

And that's just the main framework , never mind any libraries or other components you might be sticking together.

By the time your release candidate app gets to the tests, it's probably already got at least one (known) security flaw, even if you built it for release weekly. (And obviously loads of undiscovered ones).

This is why 99.97 % of apps are vulnerable when scanned, and are probably shipped with known security flaws.

4
0

The blockchain era is here but big biz, like most folk, hasn't a clue what to do with it

Justicesays

Re: Who?

"but the dispute resolution process could have been streamlined pretty substantially if my bank and the cell provider had a shared database that they both trusted."

Currently the database they both trust is called a clearing house, and it's where your cheque transaction actually happened.

https://en.wikipedia.org/wiki/Cheque_and_Credit_Clearing_Company

in the UK for instance.

The fact your cellphone company is a bunch of incompetent wankers won't change if they use blockchain.

9
0

Intel alerted computer makers to chip flaws on Nov 29 – new claim

Justicesays

And how is the other way looking

"The date of the disclosure to OEMs is likely to raise eyebrows as it happened on the same day Intel chief exec Brian Krzanich sold stocks and shares worth $25m before tax.

Intel has denied any impropriety, saying Krzanich's decision to sell was part of a standard stock sale plan."

Maybe he has some dated, signed , lawyered up stock sale plan to show, made well in advanced.

But can he also prove that he as Intel CEO had no control over the date at which the disclosure was made? Bearing in mind that Intel knew about it for 5-6 months prior to this initial OEM disclosure.

And it seems convenient that these two dates happen to coincide.

46
0

Worst-case Brexit could kill 92,000 science, tech jobs across UK – report

Justicesays

Re: meh

"The leavers are far to busy working to waste time & money pissing around with propaganda showing why they're right. Unlike the remainers, who seem to have nothing better to do than whinge."

You mean the actual Brexit department of the Government, who's entire 1.5 years of "effort" accomplished less than two over-dinner sessions by the PM?

I guess it doesn't help not having any idea what the economic impact any of the decisions being made during the negotiations would have, due to the lack of any studies on various scenarios.

That's the price to pay for pursuing populist policies, inability to make any decisions based on facts or logic, as your mandate doesn't have any basis on those two things.

4
0
Justicesays

Re: meh

"It would be nice to think that they did so, but I have my doubts. Faced with a request from a remainer to come up with a report that show show bad leaving is, for which he is paying them, would you really expect a "well, actually, it won't be so bad" result?"

Well, we just have to compare them with the best case scenario reports created by requests from (and paid for by) brexiteers to get a sense of balance.

Oh, hang on...

I understand the EU has had brexit impact reports published as well, so I guess that just leaves the people in charge of our actual brexit strategy to commission and publish some reports.

Strange that they haven't really, but I guess evidenced based policy has never been particularly popular with the Tories.

14
3

Carphone Warehouse cops £400k fine after hack exposed 3 MEEELLION folks’ data

Justicesays

The issue here is not the plaintext credentials, but credentials being on an internet facing server at all.

Looks like a shitty design decision to just establish a full database connection to the backend with full access to service the front end requests.

Whereas the front end provided authentication should be piped through to the backend to establish a data access session in the context on the front-end user that wants to look up data.

This would limit any data loss specifically to users that logged in during the breached period, as well as giving the opportunity to limit or redact data (like full credit card numbers in stored transactions) when presenting it to the frontend.

1
1

Open-source civil war: Olive branch offered in trademark spat... with live grenade attached

Justicesays

Re: "Freedom"

"It's been long observed that the more people brag about things in the title, the less they reflect the reality of the entity."

United Kingdom (of Great Britain and Northern Island)

Yep, looks like your statement holds true.

3
0

Missed opportunity bingo: IBM's wasted years and the $92bn cash splurge

Justicesays

Re: Big assumption with that theory

The standard IBM acquisition way was to pick pick small targets that they hoped they could massively expand the customer base for by marketing them across all existing IBM clients.

Of course , they would also "bluewash" any incoming products, and often forcibly merge them with some existing (unsuccessful) IBM product in order to minimize their success chances. As well as crushing the spirits of any incoming acquired employees under the weight of IBM process and policy.

32
0

Mozilla's creepy Mr Robot stunt in Firefox flops in touching tribute to TV show's 2nd season

Justicesays

Re: Have to laugh at the outrage

"Studies was not enabled by default "

"I opted out of studies when it appeared last week"

So which was it, not enabled by default, or it was enabled by default and you opted out when it appeared?

https://mail.mozilla.org/pipermail/dev-shield/2017-May/000216.html

Looks like this might have been in planning for some time, had to get it ready in time for Season 2...

0
0

Facebook confesses: Facebook is bad for you

Justicesays
Devil

Hans...Are we the Baddies?

Going for the indirect godwin award but wth.

16
0

Don't shame idiots about their idiotically weak passwords

Justicesays
Devil

"Gameify" it

Your password scored 57 password points today.

You need another 47 points to unlock 12 character passwords *and* two new login images!

29
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018