* Posts by streaky

1365 posts • joined 5 Jul 2010

Page:

Europol cops lean on phone networks, ISPs to dump CGNAT walls that 'hide' cyber-crooks

streaky
Silver badge

Re: Hiding activity?

Amusing downvote.

I do enjoy the idea that the system isn't built to rectify impossible car journeys though, carry on.

0
0
streaky
Silver badge

Re: Hiding activity?

What's that Skippy? They already do? But the crims ignore the ban?

Pretty readily caught too. Try it yourself, see what happens. No? Exactly.

0
1

Russia tweaks Telegram with tiny fine for decryption denial

streaky
Silver badge

Re: But..

It is not dissimilar to the UK where magistrate courts do not set precedent while a jury one does.

This case would be nowhere near a magistrate in the UK.

0
0
streaky
Silver badge

But..

does seem to entrench the principle that the Federal Security Service of the Russian Federation (FSB) can demand decryption

It also entrenches the principle that the Russian legal system isn't competent. Here's where this takes a turn for the silly:

The governments in most western nations like to talk a good game on crypto, they like to engage in hacking via security services. They like to sabre rattle about backdoors. A case like this wouldn't pass the laugh test in a western court room.

Why? Because western courts acknowledge the difference between choosing not to do something and not being able to do something. It's simply not possible (they could maybe ask Snowden for advice, given how much he trusts it) for telegram to decrypt user messages. Not without being backdoored anyway. It certainly isn't in the realms of possibility to do it retroactively, and that's why it wouldn't get through a court.

And that kids, is why Russia will always be regarded as a banana republic.

7
17

Ex-Autonomy CFO begs court to toss out US fraud allegations

streaky
Silver badge

Never been a better time, we're finding out who our friends and more importantly enemies are.

0
0
streaky
Silver badge

Except..

fails to allege any action taken by Mr Hussain 'in connection with' US-listed securities

I have no love for the way the US nor HP has behaved in this case but it *is* directly affecting a US-listed security. HP's. The allegation is HP were defrauded, I don't really see how that's a defence.

What is a defence is it would appear that HP are full of shit and didn't appear to do effective due-diligence. If anybody should be prosecuted it's HP's former CEO, which is why HP settled their case with shareholders, they know full well who is at fault.

5
0

1,000 jobs on the line at BAE Systems' Lancashire plants – reports

streaky
Silver badge

Re: How to solve Brexit.

The UK is at technical 100% employment, doubt workers such as these will have too many issues finding jobs.

If you want to feel bad for somebody feel bad for the poorly educated populace of the country who can't compete with at and below minimum wage workers imported by a country of business that doesn't want to invest in the native population's education and training nor pay appropriate wages for somebody settled here for the long haul.

Also it clearly has nothing to do with brexit, BAE Systems are firing on all cylinders.

1
0

Foiled again! Brit military minds splash cash on killing satellites with... food wrapping?

streaky
Silver badge

It is remote and flat enough that Musk could land one of his rockets on it.

Not about landing.

UK has no interest in rocketry, once again we're leading the world in aviation technology only this time we won't have to give it away to buy the US into a world war.

The equator argument involves invalid suppositions about what's happening here. We don't need to save fuel because we're not leaving the atmosphere the silly way. By the way you know you can fly to the equator and then burn fuel into space right?

2
2

Sole Equifax security worker at fault for failed patch, says former CEO

streaky
Silver badge

So..

1. Run Nessus

2. ????

3. Profit!!!

This can't possibly be how a fortune 1000 company and one of the world's largest holders of critically private personal information secures data. Where's your fucking red team?

Shit is cultural from the CEO down.

9
1

HPE coughed up source code for Pentagon's IT defenses to ... Russia

streaky
Silver badge

Re: Did I understand this right?

had been deployed in the wild for several years before someone noticed it.

Of course, but it's the wrong argument. The question is security of what's deployed. Who knows what monsters are in closed source code. The reason that HB lasted so long is that it's a difficult one to spot even when you have the source code in front of you.

You can't pick on Heartbleed or nor can you actually pick on Microsoft and say "these are reference examples useful for statistical analysis". I'm not saying Open Source code is more secure, I'm saying it's impossible to determine which is more secure without doing something like who has more unpatched critical exploits against their systems, who's making it hard for sysadmins to get those patches out to their servers. Neither of those things are actual identifiers of underlying code quality though - the key question is if you have a closed source system and a hostile actor sees the code how deep is the doodoo you're swimming in, is it just above your head or not..

0
0
streaky
Silver badge

Re: Did I understand this right?

It's not hard to build a system that can give you sane assurances about this all the way down to the hardware level. That's the joy of reproducible cross compiles. You can take two completely independent systems like say for example a KOMDIV-64 built in Russia with MIPS arch and cross compile to x86_64 binaries on linux, take a core i7 and compile and compare the binaries. If they match then it's impossible to assert that any of the architectures themselves are compromised in respect of compiling things. That's beyond the fact it isn't really worth anybody's time. There's an ongoing cross-compile project with Debian that could disprove (or indeed prove) the assertion accidentally that an arch is compromised in this respect.

The real issue (threat) is compromise of the source itself. Even large open source projects aren't super difficult to infiltrate if you're a competent developer; somebody who had done that could potentially drop something in to a tool chain and maybe nobody spots it. That's the real sideways threat that Heartbleed actually did allude to, but yes you can prove binary sanity throughout a system - by using another system that's built completely independently; even better by using one that's built in a country that's deeply paranoid about the one you're testing.

3
0
streaky
Silver badge

Re: Did I understand this right?

when it comes to security, open source isn't much better

Not entirely sure what you're trying to claim here but you're missing key facts. First heartbleed was Open Source working like it's supposed to. Security researcher discovers flaw by analysing the code. Security researcher notifies the developer, it's patched and fixes are pushed. When that's all sorted a public information campaign takes place to alert sysadmins that there's a critical vulnerability and people shouldn't screw around with it. If people don't patch their systems in that environment that isn't a flaw of the open source model, it's a flaw of sysadminery.

You simply can't do comparative analysis of open source versus closed source, there's no data to know how many new vulnerabilities in closed source systems there would be were a comparable number of researchers were given access to closed source systems code. What we know is people have absolutely no problem finding critical flaws in say the windows code, basically constantly.

12
0
streaky
Silver badge

I don't think that quote really means what's implied by it. We know the the US govt *does* require seeing code, what's not clear is who checks it. It'll be NIST/NSA wombo-combo as a general rule, but they probably don't check certain specific product written under secrecy. Of course arcsight is generic off the shelf technology not written under secret contract - if nobody is checking that specifically they're rather naive about potential for foreign security services infiltration at HPE I'd think.

That said it wouldn't be super difficult, given what it does, to isolate arcsight to the point even if it was back doored it wouldn't matter.

0
0

Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk'

streaky
Silver badge

Re: "An unprivileged local user"

local user -> game over

Not in theory (well away from windows anyway) - although throwing SUID into the mix...

2
1

Hotter than the Sun: JET – Earth’s biggest fusion reactor, in Culham

streaky
Silver badge

Re: scaling up is the answer?

stating that the Tokamak was invented (in Soviet Russia) to bankrupt the West

lul.

If it was anything it'd be Stellarators the other way - it never ceases to amaze me how much new money goes into them despite being debunked as a potential future source of energy at commercial scale. The science of tokamaks is solid, and it's simple (which is the power of tokamaks versus say inertial confinement) even in engineering terms (it's a big vacuum chamber and some magnets at its most complex), what is not solid is getting enough funding into disruptive engineering projects. If there's conspiracy anywhere it's not dropping ITER like it's hot 3-4 years ago. Now the problem is ITER is a giant boat anchor of a project which has left the global fusion community what we call in poker pot committed. It's almost as if so much money has been spent on it that they have to keep spending more money on it and go all in until it's finished. It worked with the LHC and ISS so it must be the solution with ITER. Problem is ITER is being quickly outmoded, and the budget and timeline is getting more insane. It's too big and expensive for its own good and somebody needs to put a stop to it - maybe Trump might be useful for something after all.

0
0
streaky
Silver badge

Re: scaling up is the answer?

seems like "bigger" is better for tokomak, as far as efficiency goes

Nope. It's a function of size/plasma pressure.

Recent engineering dictates smaller is better. Higher pressure, smaller size - cheaper to build. It's actually why ITER's budget is teetering on the edge of death march. There's a couple of projects (in the US and the UK, separately) building these reactors with commercial rather than state funding.

Also high temp superconductors are playing a big role.

0
0

CBS's Showtime caught mining crypto-coins in viewers' web browsers

streaky
Silver badge

Yet another reason to avoid sites that don't work when Javascript is blocked.

If I was a site owner who was using this tech (I actually feel like I was partly responsible for it due to very early experiments with it a bunch of years ago mining bitcoins years before the current incarnations) - it doesn't seem like it would matter if a percentage of your visitors disable js to stop it working. The aim of the game is going to be the percentage of visitors that don't prevent it running doing some work in a small transaction to cover your costs and in return not get obtrusive ads. In the end I considered it ethically sketchy to just throw it at users but it's a choice - publishers could offer people the option to live in an ad-free environment or not have to pay cash to get through a paywall and it could work for everybody. Could.

4
0

Hi Facebook, Google, we think we might tax your ads instead – lots of love, Europe x

streaky
Silver badge

Re: Ouch!

QE is not debt it's devaluation

It's devaluation by debt. One buy's one's own bonds - at a rate of 80 billion euros/month in the ECB's case. Those bonds need offloading. There's are *significant* bond holdings in the ECB of Eurozone state debt. Significant.

0
0
streaky
Silver badge

Re: Ouch!

Off the back of QE. I don't why people like to use these numbers, sure, growth from nothing is a thing.

Turns out if you gets loads of debt you grow. Doesn't affect the ability to service that debt or turn you into an economic powerhouse that people are trying to claim you are. Also seriously wait till the QE stops and the ECB has to offload all those bonds... They have to go somewhere and it'll be onto the market who will baulk at them.

0
0
streaky
Silver badge

Re: Ouch!

Yeah it's a shitshow. Everybody knows it but nobody wants to do anything about it, because solidarity. Except when solidarity means it's going to cost you to fix the eurozone's economy. There are actually people in Europe who think more loans is the fix to Greece et al's problems. It isn't and it's going to go pop worse than it did in 2008 because nobody wants to face reality.

Oh, Greece, is that still going on? Is the basic attitude. Yes it is.

1
0
streaky
Silver badge

Re: Ouch!

Not even the USA, a federation of sovereign states, has a unified tax code. It's kinda ridiculous.

Yes, it does.

I don't think that's right - for example we don't pay VAT on many things that the EU says we should (children's clothes, fresh food, etc)

We would if there wasn't an exemption for rates that haven't been touched since we left the EU. This is where the tampon tax argument comes from. We can't zero rate it because it wasn't when we joined. If we wanted to set a 1% rate on children's clothes we couldn't, it'd have to be the harmonised rate. If we then also wanted to set it back to zero rated we couldn't because of the harmonised rate.

Most of the problems in the European Economy come down to poor tax collection systems

No most of them come down to the fact the value of the Euro is too high for the southern states of the EU so they can't export their wares, and the fact it's too low for states like Germany. So Germany exports its high value wares for relatively speaking cheap and can still get away with decent tax revenues on that. Greece can't export its lower value goods and also generate revenue. Most of the issue is that the economies of Europe are wildly unbalanced and the currency doesn't work for basically anybody on some level. One option would be massive German investment in southern europe but hell will freeze over first. Also yes the US does have exactly this issue, as does the UK - just to a less extreme degree. Harmonising currencies without harmonising tax regimes and economies is stupid, which is precisely why every economist says so.

Though Ireland / Luxemburg / Malta etc would want some compensation for giving up some more of their sovereignty.

They've already given it up, they're in the EU - it's just a question of if/when the Commission will wield that power.

1
1
streaky
Silver badge

Re: Ouch!

Harmonisation of tax rules is effectively handing over full sovereignty. You can no longer spend money on what you want because you cannot choose how much to collect.

It's the only way the single market can function though. As a leave voter if this existed I'd have probably not voted to leave.

It'll never happen but it's the only way to stop companies making sales in one country and booking them as sales in a tax-favourable regime like Luxembourg or Ireland. Right now fairness in Europe is a myth.

Also yeah you can't chose what to collect, you're in the EU. If you can chose your own tax rate and money can flow across borders without question and goods can flow across borders without question what does that say about the EU exactly? That it's built for the express purpose of evading tax payments for any company large enough to take advantage of it - and nobody else. The best part is when those states fail because they're charging effectively no tax every other idiot country has to pick up the tab all over again.

For sure the idea of taxing non-profitable transactions is utterly absurd.

5
1

Microsoft and Facebook's transatlantic cable completed

streaky
Silver badge

Re: It will be interesting to see

It will be interesting to see just how much transatlantic capacity will bypass UK in the coming years.

I see you're trying to make some sort of point. Cable is only cost-effective because of the Bilbao-UK link but hey. Real reason it's there because people are starting to realise that running everything through New York is a flaky plan; most of us knew it about 2 decades ago, only thing that surprises me it took so long to bring online.

What's the good of bypassing the UK when the NSA is a thing. "Avoids five eyes" - find grip. Know what else is in Virginia? The Pentagon, the CIA HQ who knows how many NSA sites. Avoids five eyes; Virginia is five eyes central.

0
0

Want to get around app whitelists by pretending to be Microsoft? Of course you can...

streaky
Silver badge

It's..

a feature!

#wontfix

11
2

NASA Earthonauts emerge from eight-month isolation in simulated Mars visit

streaky
Silver badge

Re: Mars

Difference is between the moon and mars is that it's not so close that there isn't actual immediate danger when something goes wrong (most things that could go wrong short of explosive decompression) like ISS but it's not so far away that if something goes wrong the only point in sending a vehicle for them would be to collect the bodies.

The other thing about the moon v mars is that you'd have to get the radiation issue sorted, in again a relatively controlled environment. When mars is colonised in the same sort of way that antarctica is *then* we can talk about manned mars missions, right now they're a one-way trip.

1
0
streaky
Silver badge

Mars

Did they also irradiate them to mars or bust equivalent dose? Guessing not but it'd be the best way to bring an end to the "lets go to mars" insanity.

'bout we go back to the moon first and get some off-world habitation tech going?

17
3

Grab your popcorn: The first annual Privacy Shield review is go

streaky
Silver badge

Review:

"first annual Privacy Shield review"

It's failed, isn't fit for purpose and doesn't protect EU citizens from anything. Anybody involved in its creation should spend an eternity in the eighth circle of hell. Wouldn't be so bad if everybody didn't know it wasn't worth the paper it was written on before it was written.

Thanks for nothing EU!

6
0

Someone checked and, yup, you can still hijack Gmail, Bitcoin wallets etc via dirty SS7 tricks

streaky
Silver badge

FIDO/U2F.

The list of companies involved in the FIDO alliance who either won't push U2F, offer it or even if they do offer a backdoor through SMS is astounding.

It's basically gross professional negligence at this point, especially if you had a hand in writing the spec.

Getting sick and fed up of this stuff. These are issues we've known about for basically a decade+ at this point.

Paypal, Facebook et al take note, would you please.

7
0

Giant frikkin' British laser turret to start zapping stuff next year

streaky
Silver badge

Re: Innovative, effective and affordable solutions

Innovative, effective and affordable solutions

Obviously you're not looking hard enough or your have impossibly high bar definitions of those words. Storm Shadow was that, SAMPSON is that.. Brimstone.. the list is endless.

Side note something being expensive doesn't mean it isn't affordable, take for example the F-35...

2
0

Apple: Our stores are your 'town square' and a $1,000 iPhone is your 'future'

streaky
Silver badge

Re: Gentlemen.

Invaded by Canuckistan. We all knew this day would come.

8
0

44m UK consumers on Equifax's books. How many pwned? Blighty eagerly awaits spex on the breach

streaky
Silver badge

Re: So much worse than that ...

Yes, isn't it what what. Never mind, another Glenfiddich?

I really hope our civil servants have better taste in whisky than Glenfiddich.

More on topic it's not entirely obvious what they can do. It's down to the ICO to figure out if there should be a prosecution and not really anybody else.

Nobody in the EU you guys all love so much wanted to put a requirement to notify in the EU data protection directives so we don't have one.. If we weren't in the EU we'd have had one years ago.

2
16

Everyone loves programming in Python! You disagree? But it's the fastest growing, says Stack Overflow

streaky
Silver badge
Holmes

Yeah the flaw in logic is extreme, it means you have loads of people turning up asking for help might well be a stunning indictment of the language. It might just well be an indictment of the only way people feel they can get the help they need is to show up and repeatedly ask the same silly questions on SO.

Or it could just be related to popularity of the language or related to the kinds of people using it and the problems people are trying to solve with it. The reality is it doesn't really tell anybody anything.

Nice to see the defensive posts by people who obviously ask a lot of python questions on SO though heh.

2
4

Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone

streaky
Silver badge

Re: Can't even be arsed to use an Equifax cert?

Most people are smart enough to delete those equifax root certs along with those chinese ones and turk trust is probably why.

2
0
streaky
Silver badge

Re: Only

Rule 10b5-1 sets out how this goes for executive share sales

Prisons are full of people who broke rules. Insider trading is difficult when companies work by strict interpretations of those rules, but again, prisons.

Not that I have any clue what happened here but saying insider trading doesn't happen because compliance is *absurd*. It might not be prosecuted successfully because good lawyers and technicalities but it happens, continuously.

8
0

Boffins want machine learning to predict earthquakes

streaky
Silver badge

Re: Randomness

It's not just about accurate equipment, it's about putting the sensors down where energy will be released from. If you can detect the early signs then yes, sure, it should be possible to predict earthquakes.

It's not always that simple though, just looking at the signs we'd be expecting the Yellowstone supervolcano to blow 100 times over the last 30 years.

0
0
streaky
Silver badge

Randomness

They're probably not random but at the same time there probably isn't enough data available to predict them, even roughly. If there was we'd be predicting them already.. There needs to be more data being recorded about stresses in faults at the depths that they occur at, trying to listen for this at 10 miles above probably isn't sensitive enough for most types of quake (plus being sensitive enough for that picks up other fault activity).

I did see that one guy in /r/conspiracy that reckons they're easy to predict via solar flare activity that gave me a chuckle though..

1
0
streaky
Silver badge

Re: Maybe earthquakes are already predictable!

I'm calling the Nobel Committee right now!

1
1

Deputy AG Rosenstein calls for law to require encryption backdoors

streaky
Silver badge

Re: Flogging a Dead Horse?

Yup, send in the throwaway moral panic to go with it. Still no sign of the NSA/GCHQ paper accompanying it for peer review to tell us how it's safe to do it. Probably because the NSA/GCHQ don't think it's actually possible either..

5
0

P≠NP proof fails, Bonn boffin admits

streaky
Silver badge

Number of people shocked/surprised:

0

Yeah exactly.

2
0

US government: We can jail you indefinitely for not decrypting your data

streaky
Silver badge

Re: Does the govnernment even read their own briefs?

Yup, it's pretty clearly not undisputed.

24
0

VW engineer sent to the clink for three years for emissions-busting code

streaky
Silver badge

Re: "I was only following orders"

It is certainly a good excuse in the military.

No it isn't which is why the concept of a "lawful order" has existed for centuries. There's a reason why militaries the world over have their own legal systems that spend half their time picking over the concept of lawful orders.

Hell, the Nuremberg trials are the reference manual on this stuff which is circular to Germans blithely just doing things because they were told to.

5
0
streaky
Silver badge

Re: Did He Have An Option ???

If you are asked to extend the ratio for 2nd gear so you can improve the advertised 0-60 time is that illegal?

Why would it be, that isn't trying to hide the values of legally mandated tests. It should be obviously fraud to anybody involved and thereby you don't do it.

it's not credible to think that the software engineer found guilty in this case wrote software to game the emissions tests without management instructions to do so

Per the Big Short "so now anybody who has a boss can't be held responsible for doing shitty and illegal things? What are you? 4?".

You can't fire people for not doing things that are blatantly fraud - that's when people go public.

Basic logic is in play here, the people who did this were fully aware what they were doing so are easy to prosecute; the people above them its not clear what happened, especially without evidence. If you're really dumb enough to do something illegal for a boss at least get evidence that you were told to do it; it's not a defence but at least you can take them with you.

5
1
streaky
Silver badge

Re: Code of Ethics

develop nuclear weapons or high frequency trading platforms for mortgages but not for "optomising" fuel economy?

2 are legal jobs, one is a fraud perpetuated against the public globally that, by the way, will kill far more people than nuclear weapons ever have.

8
7

Node.js forks again – this time it's a war of words over anti-sex-pest codes of conduct

streaky
Silver badge

Re: "there are downsides to codes of conduct"

As for me, I don't give a crap if someone tries to retaliate [bring it on, I love a good fight! but I'm easily bored, too, so you have to meet high standards]

Yup.

If you're annoying me I'll f**k you off, if you have a valid point I'll look at it. Otherwise go away.

The harassment of this guy for sharing an opinion (that isn't even his directly nor arguably invalid) is so wildly inappropriate beyond belief that the people who have done this must have serious learning difficulties.

0
0
streaky
Silver badge

Re: "there are downsides to codes of conduct"

Dunno about the harassment thing but I make it a point not to contribute to projects with these sorts of guidelines. Adults who aren't sociopaths should be able to resolve any issue that might arise in any project of any size.

The root problem here is the corporatisation of Open Source (my skin crawls just thinking about that concept) and the associated fear of "bad PR". If your project has a cancer, cut it out, you don't need endless lists of rules to remove people who are obviously causing an infection in your org - in fact I'd argue that they slow it down.

Hence why I don't contribute to such projects. It's inevitable that they'll all kill themselves by tying themselves in knots like the BBC does or driving way contributing contributors - if you follow this stuff 80% of the people who care about this enough to make a lot of noise are what I call non-contributing contributors, which is to say they don't write code and don't have any strong links to projects as users - they patrol github trying to make life difficult for the sake of making life difficult - we used to call them trolls; how times have changed. Not to say all of them are but certainly a significant proportion are.

21
3

Elon Musk among 116 AI types calling on UN to nobble robo-weapons before they go all Skynet

streaky
Silver badge

Re: Nice in theory

Don't forget SAMPSON.

My experience is public chatter about UK weapons tech and actual capabilities tend to be miles apart.

I still contend that the issue here is that a UK defence company could play a major part in somebody else's system regardless - at which point it's not likely the UK government would want to ban that activity especially when considering circumstances British forces could be protected by such systems or that the UK might buy into such a thing.

We've finally got smart about buying US weapons tech, I wouldn't expect us to draw a line through this stuff arbitrarily because the Federated States of Micronesia want us to.

0
0
streaky
Silver badge

Re: Geneva Convention?

Pretty sure HARM is not automated

Quick reaction mode arguably is.

I'm sure AARGM is far more capable in this area though, given it can be preprogrammed to hit targets in designated areas when they light up - there's little reason for it not to be totally automated though that's kinda slight speculation given its full capabilities are secret and I've been out the game for years; it's not exactly difficult to interpret what it might be capable of though. You can easily program out "In Harms Way" type incidents when the missile has GPS guidance.

Isn't the Israeli anti missile system basically totally automated?

The argument for automation is the operator can't see all the data the system can in the few seconds they have to react to an incoming hypersonic missile - this is why there's an inevitability to this outside of ICBM defence. At least with non-saturation attacks from ICBMs you get time to react to all the crap that's coming at you so somebody can make a decision.

1
0
streaky
Silver badge

Re: Nice in theory

Do you think that either the UK or France have the political will, the technological prowess, the desperate militaristic ambition, or the considerable sums of money to develop their own AI weapons systems?

I absolutely do believe that. Arguably already have depending on your definition.

British weapons company is the key contractor on the US railgun program you think we don't have technical competence or a need to pick a side when it comes to enforcing such rules? BAE Systems could easily be a contractor in an automated defence network. Easily.

A British HQ'ed company under such a regime could take a US contract to build parts of a system that was "illegal" in those terms and the UK government if it ratified such a treaty could easily be called upon to enforce and/or tell them they're not allowed to make money.

You really think this isn't going to come up because we're not cool or capable in the weapons department. I'd assume most UK defence contractors are working with AI and looking at ways to include it in defensive and offensive weapons platforms to varying degrees.

On top of that I have little doubt the UK itself would be only too pleased to buy into such programs.

1
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017