Re: Patching speed is probably the issue
>Really, why can't the core OS and libraries be auto-patched for security as most Linux distos do?
Because [technical reasons].
6984 posts • joined 21 Jul 2010
>Really, why can't the core OS and libraries be auto-patched for security as most Linux distos do?
Because [technical reasons].
HELLO! I'M BRIAN BLESSED!
I too had to fix a CNC machine - every so often, but not always, the machine would engage its brakes (by design it locks itself rigid if it loses contact with the stand alone XP PC it shipped with, for safety reasons) and though it would resume the tool path would have been knocked off kilter. The cables were innocent this occasion. I swapped out its Pentium 4 CPU for a faster Pentium 4 HT*, and the problem never came back. Faith restored, we could leave it on a 30 hour job and go to the pub.
In all likelihood, the original CPU would have been up to the job, were it not for Windows XP sometimes deciding to do something you haven't asked it to do, thus momentarily distracting the CPU from the one thing we asked of it.
*I happened to have this CPU lying around ever since the pick donutty thing on its previous motherboard turned brown.
Then there's WOMBAT - Waste Of Money Brains and Time
I remember a magazine in the nineties had a frebie on the cover: a mouseball-sized textured sphere with a hexagonal shaft.
Yep, it was actually a tool for cleaning the gunk off the rollers inside mice with a power drill.
Urgh, the horror of mechanical mice!
Well, the good thing is that even not knowing the a coiled wire thingy was, I could see that it wasn't where it was supposed to be! Hmmm, the groove in this lump of solder matches the wire that comes off this strangely free thing....
Similarly, one of the pink donut things on a motherboard of mine was brown and dirty looking, unlike its friends. Diagnosis was the motherboard was, and I do believe this is a technical term, fucked.
I do. But last time I thought an audio 3.5mm > phono cable was playing up, I spent ages trying to 'fix' it. No joy. I took the input panel off the back of the speaker and discovered that the coiled wire thingy had fallen off the crossover PCB. Dollop of polyurethane and a resoldered contact and the whole set up was right as rain.
Yeah, thats some very saddening news from Nice.
For sure, one can imagine automated or semi automated trucks in five years time that are incapable of running people over - but then, if someone was determined enough, they might be able to disable those systems.
Alternatively, would the police in the future be able to remotely stop any human-driven vehicle? (though of course last night's tragedy occurred too quickly for such measures)
>You're correct, the Jeep wasn't self-driving so the only options were limited to 'keep it running' or 'make it stop'.
>>Are you really sure you want to add 'steer into oncoming traffic', 'drive off a cliff' or 'head for the nearest crackhouse so we can rob you blind' to the list of choices?
If a hacker had full control of all the modules in a modern, human-driven car, the brake modules could be used to cause a catastrophic accident, since each wheel can be controlled independently.
>They're right to be concerned, but this isn't a self driving issue...
As acknowledged in the last two paragraphs of the first page:
The security issues applicable to cars arise from their connectivity rather than whether or not they are self-driving, according to some experts.
"I think the security issues come from not air gapping the car rather than the degree of autonomy," independent technologist and entrepreneur Ken Tindell told El Reg.
Of course many of the components of self driving cars have been in place for ages - such as 'stability control' braking systems that apply different braking to different wheels if the vehicle feels it is about to tip over (if I remember the driver's manual to our Transit van correctly - it's not a particularly modern Transit, either).
And still some stuff you can't customise on Android, or at least there are little niggles that can't be cured, any more than you can 'customise' an iPhone to use the FM radio functionality built into its Qualcomm modem.
When listening to Google Play or Spotify on Android, adjusting the volume from the handset results in some unpleasant 'plop' noises, even if playing through a Chromecast Audio device. Why would anyone want their music interrupted by this loud beeping? Strangely, this irritating behaviour doesn't occur in the BBC iPlayer Radio app. It just seems strange that Google have pushed Google Play music, developed and sold Chromecast hardware - yet haven't removed this rough edge, something that would be trivial for them to do yet impossible for a user to fix.
Because I don't have banking apps, Amazon accounts etc on my Android phone, I rate performance over security. I therefore don't install updates as soon as they arrive, but instead wait a month and see how other users have reported adverse effects of the update, such as greater power draw or slower performance. That was before I broke the screen on my flagship Sony, tho.
Now I'm using a 'good enough' (i.e not irritating) Huaweii that I bought half price for £45... and should I drop it or loose it in six month's time, there will be no tears. In two years time, £50 should get me a very capable phone, or £100 a very good one. Therefore it doesn't make sense to me spending £400 on a flagship spec phone just so that it be 'future proof'.
Yeah, but like many phones it's an assembly of bits from Qualcomm, Sony and Samsung (SoC, camera, screen). Who has actually glued them together matters less (in this context) than the understanding you have with the vendor, Google.
Huaweii don't sell a phone under their own name that resembles the Nexus 6P, as was the case with some earlier Nexii and LG, and also they are fond of putting their own skin on Android.
...and diagrams here:
There have been firearms on board the ISS, for dealing with bears or wolves. Not there have been wolves and bears on the ISS (though a gorilla has been spotted: https://www.youtube.com/watch?v=IFc1XWEkhpM )
A combination shot gun / pistol was included in the Soyuz capsule's emergency survival kit, should the ground recovery team not reach the cosmonauts before a hungry carnivore.
I'd be tempted to print the medical info, affix it to the helmet, then cover the info with a sticker bearing the Medic Alert symbol (snakey stick in red).
Care to be given to making sure that the sticker is easy to peel off, whilst at the same secure against wind.
Thought to be given to abrasion resistance.
Here's hoping you never need it.
Similarly, quite a few tickets for gigs and festivals use QR codes... they are often emailed as PDFs, and can either be printed out, or presented to the door staff on the screen of my phone. The door/gate staff will either use some dedicated stock control hardware or a bog-standard mobile phone to scan my QR code.
I've even been in a queue for a gig when our party has realised we're a ticket short, and my mate has bought one online on his phone before we reached the gate.
It strikes me that the system is cheaper to administrate than sending out hologram-embossed pieces of card.
>Swiss laws don't have any holding the USA.
They don't need to.
As long as Riffle only requires software (which in hardcopy is protected as free speech) and not specialist hardware (a 'munition'), there is nothing stopping the code escaping the US. Since part of the dev team is in Switzerland, one can make a fair assumption that the code is already out of the US.
>I hope they are developing this outside the clutches of the US Government
Second paragraph, first line: :)
Dubbed Riffle, the system was developed by MIT and the École Polytechnique Fédérale de Lausanne in Switzerland.
>so that the US Government can't classify it as a munition and ban its export without a license.
That's been circumvented before, by publishing code in a book, a la Phil Zimmerman's PGP:
The claimed principle was simple: export of munitions—guns, bombs, planes, and software—was (and remains) restricted; but the export of books is protected by the First Amendment. The question was never tested in court with respect to PGP. In cases addressing other encryption software, however, two federal appeals courts have established the rule that cryptographic software source code is speech protected by the First Amendment
>WinTrolls vote-flame logical post!
And yet so few Penguins have supported you... could it be because they think you're a pillock too? There is nothing logical about choosing to be complacent.
For sure, if in doubt, keep it simple. And you can add redunacy to your regime by having a few external drives on rotation.
However, it does require downtime, and user interaction. These aren't deal-breakers for many users, but some people will want an automated backup solution - every hour, perhaps.
Speaking as someone who has been called upon to fix friend's PCs, I sometime think it would be nice if every consumer PC sold came with external HDDs and an image back up system by default. :)
- Backups would benefit if a different OS to the user's machine was used. The chance of a single piece of ransomeware being able to encrypt say a Windows workstation and a Linux server at the same time is less than being able to encrypt either system.
- A router with OpenWRT can be configured so that the backup machine is only accessible at certain times of the day or week, to conincide with scheduled backups. This means that the user's machine, including any nasties, can't access the backups. This obviously will never be as secure as physically unplugging the back up server, but removing the responsibility of plugging / unplugging from the user might be worth it. The router could be configured so that server A is accessible on Monday, server B on Tues etc.
Stuff that just works isn't called 'technology' - it's just called 'stuff'.
I think there's a misunderstanding over terms here, and I don't want to blame anyone. LeeE is right that many products are made by assembling (adding) component parts. However, a huge number of parts are made using subtractive (wasting) processes, as you point out. :)
Anyway, let's quit now before we get too deep into the merits of casting, forging and machining metal parts, and respective impacts upon grain structure and mechanical properties!
>A quick look around my home revealed just two items that were made by subtractive processes,
Um, what are you wearing, LeeE? (Oh er!) Most clothing is made by cutting shapes from a woven rectangular sheet.
Okay, I think I see the root of this misunderstanding (not your fault) - yes, most products are made by adding parts together, but many, many component parts are made by removing material - including some parts from all of the examples you listed.
Subtractive processes include stamping shapes out of sheet metal (often combined with bending the metal in the same operation). Think of the metal chassis in old desktop PCs, car panels, cutlery, metal bowls, the tops of disposable cigarette lighters, coins, that sort of thing.
Then we have a lot of subtractive processing of wood, for furniture - of which there will probably be a fair bit in your house. Turning, routing, milling, sanding, drilling, planing etc.
I'd be hesitant to hazard a guess of percentage use of subtractive, moulded, additive processes used in everyday objects around us. If you were to say that most products that pass through our houses in the course of a year are moulded (food containers and other packaging) I'd say yes, that's plausible.
Really though, 'Additive Manufacturing' is really just a convenient umbrella term for a range of process, because 'Rapid Prototyping' and '3D Printing' are often too narrow or inaccurate.
I've never seen any nanotechnology either... if only they could scale it up to the size of a cat, I'd have a better chance of spotting it!
I stumbled across a medical report the other week which I at first thought had been written by sci-fi scribe William Gibson - but it's actually real:
Here we report an accidental retinal burn with a femtosecond laser during laser-induced plasma formation in a process of nanoparticle production. - http://www.scielo.br/pdf/abo/v76n5/15.pdf
Of course nano particles are widely used in chemistry, medicine and engineering - they can just be very, very fine powders. As for nanoscale structures, TSMC and Intel are knocking on the gate (groan) of mass produced 10 mn transistors. 'Quantum dots' are already mass produced, and used in phone and TV displays.
Renishaw have been involved in two bicycle designs, one being a complete 3D printed frame - the idea being that the material is exactly where it is wanted for strength/weight.
The second design is one where merely the lugs are 3D printed, into which carbon fibre tubes are placed. This means that each frame can be made tailored to an individual customer in CAD (differing angles in the lugs to support different lengths of tubes). Since the geometry of the lugs can be complex, they interface with the inside of the CF tube as well as the outside.
Renishaw is the only company to have its logo visible in an Apple promotional video for quite some time - at 4:58 in the official iPhone 5 video, you can see a a ruby-tipped CMM probe. https://www.youtube.com/watch?v=PBfPS8vwTzE
It's not only Foxconn that use Renishaw, but Samsung and darn near everyone in the precision electronics and aerospace sectors use Renishaw kit.
Not bad for a still privately owned company that grew out of a garage in the SW of England! You might have seen the owner's house in the last series of Sherlock (though he doesn't live there). It's occasionally opened to the public to raise money for charity, well worth a visit - and possibly a Geek's Guide to Britain article?)
That's matrix is spot on! Only today I was thinking about the opinions on Reg forums whenever a new product or category is mentioned, and yet again XKCD has nailed it.
No joke - it would be fun* to run an analysis on past Reg comments, and see whose past predictions have proven to be been closer the mark.
<tongue in cheek> I confidently predict that in five years time, automatic semantic text analysis will be such that the task will be as easy as uttering "OkCorSiriAlexiHAL, tell me which Reg commentards have shown themselves to be crap at predicting future product success?" </tongue in cheek>
*for a given value of fun. Roughly equivalent to doing a quick crossword, perhaps.
On a slight tangent from this topic, the source code for the Apollo computer has been uploaded to Github.
# "IT WILL BE PROVED TO THY FACE THAT THOU HAST MEN ABOUT THEE THAT
# USUALLY TALK OF A NOUN AND A VERB, AND SUCH ABOMINABLE WORDS AS NO
# CHRISTIAN EAR CAN ENDURE TO HEAR."
The Apollo display and keyboard used two digit verb and noun codes for user input.
>They train and individual in the Army to become a cold blooded serial killer, and then set him free on a gun friendly state and expect that nothing wrong is going to happen.
It is not likely to be the training that damaged this man's decision making processes. There is, however, a lot of evidence of people's thinking being damage by concussion, and by the psychological experience of constantly being on alert in a war zone.
I don't know enough about this individual's past, nor do I have any expertise, to state that it was his military service that caused him to act the way that he did. However, the statistics concerning former service personal - rates of suicide, prison, depression etc - are frightening.
>deployment of drones to "save" American solider deployments has exploded since 2009. This is the go-to solution for the Obama Administration.
Well that and 'Private Security Contractors' ( a euphemism for mercenaries). If any private contractors are killed, they don't show up in the statistics of dead US service personal.
>This is more than likely going to give bad guys stupid ideas about sending their own robots and bombs....
I'm sure that bad guys have already had the idea, and indeed some US police forces have, in the last year, conducted exercises in dealing with hypothetical drone-based terrorist situations.
>how is it that a police force has ready access to an anti-personnel explosive device?
An anti-personnel explosive device could be a shaped-charge that SWAT teams use for breaching walls or doors - explosives don't distinguish between flesh and brick.
'Water disruptors' are commonly used for bomb disposal - the shaped charge results in a jet of water that destroys a bomb before it can explode:
>So the Dallas Police are just another violent street gang, who take revenge, not a professional force charged with keeping the peace in society?
The Dallas Police are nothing more or less than a collection of human beings, some of whom in the circumstances would have been scared, nervous, angry etc, despite their collective training and experience. I don't know enough about the circumstances to make a judgement on their tactical decisions.
>Has no-one developed a weapon system where you can calibrate the range and hit someone in body armour hard enough to knock them down without killing them?
I've idly thought along the same lines in the wake of past school shootings - or rather, in the wake of some people calling for teachers to be armed. Is there some non-lethal system of taking a gunman down, or a system of containing them, or rendering their weapon unusable - like a massive electromagnet? I haven't thought of anything plausible, but then I'm not a weapons designer.
Sadly though, most research into non-lethal weapons have been focused on crowd control, gassess, nets, gloopy foams, noise, microwaves etc Curiously, tear-gas is used because it was originally developed as a tactical warfare weapon, but the Geneva Convention on chemical weapons banned it for that use. The manufactures therefore pitched it as a civilian crowd-control agent instead.
They have already conducted tests on the ground.
>don't the ISS all use off-the-shelf laptops?
They do use off the shelf laptops running Linux, around seven of them, but they only act as terminals for the ISS's Command and Control computers.
Less critical work, stock control, email, note taking etc, is also done on standard laptops, but they are not connected to the critical C&C systems.
Judging by the photographs, the laptops are, at least in the American sections, ThinkPads.
> no computer is safe when it comes to remote comms.
You can use an insecure phone to securely send short messages, if you have first, by hand, transcribed the padded plaintext through a one-time pad. If you wish to automate the use of the one-time pad using a discrete device, the processing required is so simple that the hardware and software required could be audited.
This would work fine, if only the content of the messages and not the meta-data is of use to your adversaries.
People have worked out various mechanisms for Time Release Encryption, but the issue is trusting the required 3rd party server.
Such a 3rd party server would have to be honest, and also in existence x years into the future.
If anyoine knows of work done to sidestep those issues, I'd love to hear them.
(The idea came to my attention when I thought of the uncaptured oral history available from people of a generation that don't blog. Whimsically, I thought of placing microphones in a pub, with everybody knowing that recordings couldn't be listened to for 100 years. )
The concept has been around for decades, so sci-fi authors have had plenty of time to use the idea! :) Indeed, Dawkins talks about the information half life in living bacteria in his book The Blind Watchmaker. Obviously this is a different situation, because he was taking into the account of the bacteria's error-correction mechanisms over millions of generations.
As for inactive DNA, studies conduction on bird bones at ambient temperatures (i.e not in a frozen vault) in New Zealand suggest that the inforamtion half-life as being around 500 years.
>The world, if not the entire Universe, is chock-a-block full of viruses. Apparently all created 'by accident'.
No, not 'by accident', but by a series of accidents interspersed by selection. Or rather, the natural selection of randomly occurring mutations.
If one were to merely transcribe a cat video into DNA, there would be no process of selection, no realisation of biological traits that could be tested against a selection pressure.
Of course, it is possible that transcribing an encrypted file into DNA would result in a virus, in the same way that it possible for a monkey at a typewriter to tap out the works of Vonnegut. Possible yes, but very unlikely. With 'very unlikely' being an extreme understatement.
Hehe, I made a comment which is text book Darwin, and I'm a creationist!
Not sure if serious.
You'd need the code for a real virus to start with, and some clue as to how to make it more dangerous.
If you think that a real, dangerous virus can be created by accident as a by-product of data storage, then you are not the person with that clue.
>no sneaking round the back and adding more libraries.
It was the AlphaGo computer which created its own libraries. That was kind of the point.
Nobody was claiming it was Skynet, but it was an advance on what went before.
No, no more than using X-rays to study anatomy is part of any physicist's 'campaign' to prove that life is based on high energy EMR.
And in any case, Jim Al-Khalili's position isn't as strident as you suggest. See this review of one of his books here on New Scientist:
Yep, there will always be froth bat the edge of the rising tide of knowledge and the dry land of the unknown.
It was curious that the article made no mention of the way that researchers are financed, and the pressure on them to chase grants and get their names on as many paper as possible. Oh well.
Same here - I've kept abreast of pop science for the last couple of decades and this 'fad' against which the author is railing is largely new to me.
I found it a little unfocused, as well. There was talk of 'luvvies' (a word coined by Stephen Fry to describe thespians, and used in that sense by Private Eye) in the article, but not of actors. Still, if you want both actors and neuroscience being talked about by someone with insight and humanity, Oliver Sacks talks, amongst other things, what he learnt from the actor Robin Williams: http://www.abc.net.au/radionational/programs/scienceshow/celebrating-oliver-sacks/6741096
(to avoid confusion, note that the interviewer is called Robyn Williams, a science journalist).
Botanical illustrations at the time were akin to diagrams - each plant represented in a similar way for ease of comparison. It can be hard, even with to day's cameras, to arrange a botanical subject in a consistent way.
And that is before we think about the issue of colour reproduction.
We've lost a couple of good 'uns in the last year, Oliver Sacks and Umberto Ecco.
http://www.abc.net.au/radionational/programs/scienceshow/celebrating-oliver-sacks/6741096 (MP3 and transcript)
What both have in common are sharp minds and human compassion, Sacks a celebrated physician and professor of neurology, and Ecco a philosopher, historian and novelist.
Are there any hard numbers to show that mysticism has risen in recent years? I see inherent issues with attempting to quantify it - if you are relying on people self-reporting, then could it be that it is their vocabulary and not their behaviour that has changed.
As for mindfulness - some of the most active, effectual people I know practice mindfulness with discipline. I also know a fair few people who both a bit New-Agey and a bit useless.
Also, no justification was given for the assumption that people's behaviour is a reaction to how they perceive their relation to the organs of power, when it could be that it is their immediate environment that more strongly influences them. I find it plausible that people's perception of power does influence them, but it is also plausible that for many people it is intertwined with other issues, such as what their future job prospects might be. The idea that mysticism is a response to fighting in vain to change The System is also put forward by Adam Curtis in The Century of the Self. (Has anyone here heard anything of him lately? There's been nothing about him on the internet since the release of Bitter Lake, save for an appearance at a film festival. )
>With the publication of the report Private Eye will have to look for a new joke.
I'm holding the latest issue in my hand, fresh through the letterbox today: it would seem the Conservative and Labour parties are doing the best to keep the Eye supplied with material.
Cartoon: A man reading two headlines, Brexit Chaos, and Chilcot Published: "The whole thing was based on deliberate inaccuracies with no thought whatsoever for the aftermath"
Also, a Lookalike Special: Emperor Palpatine / Theresa May, Penfold / Micheal Gove, Angela Eagle / Brienne of Tarth
>Insects have opiates, ie they feel pain.
And we only know that because people have experimented on wasps.
To all those deploring the researcher as a sadist, it was her research in 2002 that showed that wasps are capable of recognising individual wasps from their facial markings. Heck, she's probably harmed fewer wasps than many a rural boy with a petrol can and a free afternoon, and she's done so to expand our understanding of social insects, and understanding we can put to the benefit of wasps should we choose to.
Comparing her to a character from Iain Banks' first novel isn't helpful.
Wasps in the UK are generally useful for pest control, and not usually aggressive (if one takes an interest in your cider, waft it away instead of swatting at it).
Biting the hand that feeds IT © 1998–2017