Re: Stop mirroring the media
While I don't think Trump has done more than any other president, he has definitely accomplished more than any other president since Reagan. Especially for the common workers in the USA.
Alexandr? Is that you?
2113 posts • joined 31 May 2011
While I don't think Trump has done more than any other president, he has definitely accomplished more than any other president since Reagan. Especially for the common workers in the USA.
Alexandr? Is that you?
...the extra security doesn't hurt and just may avoid letting a previously clean address out into the wild.
If instead of treating security as a optional bolt-on component it was the default for applications to secure as much as they reasonably could, the world would be a better place. How much effort is it to send encrypted information instead of clear text? How much trouble would that save if encryption was the default?
Yes, that caught my attention, too. What he said was essentially there is no point in punishing someone who gets caught in the act. I am a little unclear on the legal justification for that, but I think it is pretty much "because".
The Bourne Codecracker?
My feeling is that Ruth Bourne is more bad-ass than her fictitious namesake. She has my admiration for the work she and her cohort accomplished.
What caught my attention was the amount of time real world training actually takes. Unless the same AI can power multiple robots, these systems will have to learn at exactly the same rate we meatbags have to, or even more slowly. Other machine learning scenarios involve many hours of trial and error or guided learning done in parallel. That does not seem to have been the case in this example. There is also the possibility of direct transfer of learning as the technology progresses.Once one system has learned a skill, it can be given to similar systems without their having to go through the same learning process.
“I would not consider this to be a final solution to the mystery of the moons' origin, ...." It’s difficult to replicate the surface of the Moon’s in a laboratory, ....
Martian moons: where auto-correct isn't.
Obviously a gun is involved in every mass shooting - otherwise it wouldn't be called a shooting.
Yeah, because if cameras are involved, it's just a photo shoot; if lots medicinal shots are being given, it's a mass vaccination; if it's many shots being poured, it's a bar crawl; if rockets are being shot into the air, it's a pyrotechnics display and if it's simply a bunch of idiots shooting off their mouths, it's politics.
I'd open source the little horrors.
Yes, but what would you do if you start finding Notepad open on your computer every night with just a single line showing?
----> "Feed me, Seymour!"
For most retail establishments, security guard = loss prevention employee. In all cases, the loss prevention aspect comes first. If you want to identify one of these plain-clothes store detective types, get a few friends to go to a store with you, grab a random assortment of merchandise and wander toward the exit chanting "Shrinkage! Shrinkage!"
Everything was just peachy, then it went pear shaped and now it's just the pits.
Sorry! It was just there! ...which is likely to be this guy's defense, too.
Like finding a trout in your milk.
You've had that happen too? Good to know I'm not alone after all.
The kind of data held by universities (student records/intellectual property) is a valuable commodity for cyber criminals, so it is crucial that the security and education sectors work together to protect it.
It might also be that schools have notoriously bad security practices and IT staff more underpaid than in other sectors, possibly not having any dedicated to security. Many educators are uninterested in working with security because it "gets in their way". I wouldn't expect this to change any time soon.
We need to hold people accountable but if you make penalties for even slight infractions truly Draconian, people just won't report problems.
If we follow the original spirit of the term "Draconian", compliance will be achieved relatively quickly by the survivors. While your point about the harshness of the penalty needing to fit the infraction, it does help to take a cue from Draco and make sure that expected behavior is stated explicitly and prominently so there is no possible defense of ignorance. Training always needs to come first and only after should it be followed by enforcement.
Gone are the days when the only IT kit our staff used was phones, printers, scanners, desktop PCs, and servers that were bought, configured, installed, and maintained by our IT team.
If you can get your organization to accept that just these items are to be handled by IT staff, you're ahead of the game. Mostly, this article says that there should be the same standards put in place for the new stuff as the old. This might end up being a curse for many locations as they don't have the older tech under control yet, much less have bandwidth for the new.
OK, throw me a bone here. I went through this post and removed all lower case letters and it still doesn't make sense. Anagram solvers simply buckled under the load. What could I be missing?
Well that's pretty obvious....
Yeah, because there's all this stuff that couldn't be added into the existing command line interface and run from batch files. We definitely needed a new interface and it really needed to be completely object-oriented. What will they do next? Change the OS GUI? Replace MS Office menus with something completely different that requires everyone to relearn the product from scratch? Change the OS GUI again? The mind boggles!
Your concerns seem at odds with reality. In as much as there is a way to handle security in any realm, it is hard to argue that it is worse online than IRL. While it is worth calling out companies, applications and web sites that get it wrong, the fact that there is scrutiny on them is more than you get out of physical access to money these days. Ever hear of card skimmers? Hacking ATMs? Perhaps you ought to just hide your money under your mattress or may switch entirely back to barter until the monetary Wild West is sorted.
McAfee True Key is not an AV product. At no point in the article is one mentioned directly. The only indirect reference to one might be the bit that says "...any other McAfee signed binary can be used to exploit the vulnerability as long as the binary depends on a DLL outside the list of known DLLs."
I'm a bit hazy on why one would want to drive off with a Tesla. What, exactly, does one plan to do with it?
Sell it for parts, especially the battery. Given the speed at which Tesla doesn't provide service or replacement parts, the various bits you can pull out of a functioning car are going to be worth more than the car itself and have a lot lower chance of getting potential thieves caught.
My tea cosy is far superior. It protects my head from frost, Check! mind control rays Noted!* and physical damage, due to being padded. Good! Plus I can use it to keep my tea warm. All at the same time? Impressive!
* Someone will be there to chat shortly.
Shoot me now. Please, someone.
With my IoT wireless connected smart gun?
Well, you can do the VLAN/firewall stuff.... But Joe & Jane Public?
This! This is the heart of the problem with IoT. If only there were an easy to set up and use management system to secure and control all a home's IoT crap... Wouldn't take much technical expertise with a touch of scare tactic marketing to get a business up and running.
The standards body said using encryption to enforce access control provides better security than software-based solutions, and a given data set can be protected by one encryption attribute, making it efficient.
Security of any type that depends on just one thing is less secure by design that having multiple layers of defense. The statement above implies that access control should be done away with in favor of using encryption-based schemes. I don't know if this is taken out of context or what, but it doesn't strike me as more than replacing one set of issues and vulnerabilities with another with additional spin up time to learn and apply the replacement system thrown in (because every new technology is rolled out without a hitch and works just as intended when finally in place).
If this can function in conjunction with existing security schema, it's probably a good thing. If not, I wouldn't want to be the one implementing it.
VLC has the same problem - I just want a big pause/play button.
Try the space bar - it's the biggest button on the keyboard!
Am I missing the point about banning Pro Iranian?
I think yes. As stated, the bans result not from the content so much as the combination of content and the attempt to cover up its origins. My understanding is that if an individual or group posts their political views, that's fine as long as they are transparent as to who they are. If, on the other hand, they establish a series of fake accounts to create the impression that the account holders are someone else and then post those same political views the accounts would fall afoul of this new set of rules.
This is not to say that FB don't have their own political agenda to push or that we should have confidence in what is posted on that platform or in FB's ability to actually be effective in this, but they are giving it a stab.
I'm of the opinion, that if you start to feed penguins with Mad Sheep, then the penguins are at a greater risk of contracting the diseases that they had so far been immune to.
In this case, it's more a matter of feeding the penguins to the mad sheep. I am more concerned with this opening up new exploits to the Windows systems it runs on than the other way around.
An overzealous Apple fanboy ... plead guilty ... after he allegedly cracked the Cupertino giant's systems ....
I think we have moved on from allegedly to admittedly.
Inches? Miles? Might I suggest you have a look here
I was aware of the page, but it would not run properly on my work machine. This theoretical stack of cards would soar into the skies a whopping 403 Brontosaurus lengths. Just picture 403 of these late Jurassic giants end to end and then imagine them floating snout to tail tip straight up* and you will be rewarded with a dubiously accurate image of this posited assemblage.
* You might want to imagine a sturdy umbrella or similar protection (see icon) because at least one of the beasts is going to go and from that height... well, let's leave it there.
I wonder what that equates to in terms of height of a stack of punch cards....
Wonder no more! A punch card can hold about 80 characters or 10 bytes. This means 500MB would take about 5e7 cards. There are about 143 cards to the inch. Stacking them in a continuous column climbs up 349,650 inches or around five and a half miles. YMMV (literally) depending on data storage format on the cards, rounding errors and other assumptions made above, and the amount of caffeine consumed immediately prior to digging this up.
Is El Reg uncommon in being a technology news site which is pretty uniformly pessimistic about technology? And is that conservatism, cynicism or realism?
A little of Column A. A little of Column B.
spelt - past and past participle of spell
Depends on which side of pond you live. If you use "spelt" as such, then "gotten" probably grates on your nerves.
The security of our customers is our top priority...
Nope. This is merely the mantra that corporate droids repeat over and over in hopes that they will be believed. Publicly demonstrating that you wish to discourage research into any of your security products indicates the opposite of it being important to you. If you are actively undermining something, you cannot accurately claim to be supporting it too.
Even if you did want to move black hat where would you send it to?
Any number of small, island nations would love to host, would be affordable and already have the kind of environment that would make for a good fit due to their banking sector. Not naming any names, just throwing that out there.
Once I got to the point where the name of the app was given (Voatz), my mind just shut off. Seriously? This is what we are trusting with our democracy?
Our tipster suggested the move is part of a Machiavellian plan to encourage its top workers to leave in order to reduce redundancy payments [Ed: shouldn't Symantec be encouraging its top performers to stay?
From a beancounter point of view, no difference - a worker is a worker is a worker. They're interchangeable, you see. Besides, there will be plenty of time to train up the new crop once the profitability boost of this round of non-firings wears off.
Mine's the one with a buzzword-laden copy of my resume in the pocket.
I always found the term African-American a bit weird to begin with, it's not like the white americans are referred to as "European-American" or "Caucasian-American" after all.
While I agree with the sentiment, I've heard both and more. Actually, I find the concept of race a bit weird. It's arbitrary and applied inconsistently. At best, it is a shortcut to assessing cultural affinity. At worst... let's not get into that. Perhaps one day we will have the additional classification of Android-American added to the list. That will come with a bit of a culture shift but not, I would guess, without the bigotry traditionally directed toward any new class or group.
...a deeper drill-down into the age, gender, race, geographical location and probably many other attributes of the people who responded: either positively or negatively would be illuminating.
From the paper:
"To that end, we sampled public commentary on three online videos – depicting Bina48, Nadine, and Yangyang – available via YouTube."
It is not possible to gather that data based on comments posted to YouTube, but the study authors address this and other issues in the "Limitations & Avenues for Future Research" section of the paper which notes that it is simply meant to be the start to a broader line of research. I thought it was a well written piece of work, for what it is worth. It even includes links to the videos in case you would like to check them out yourself.
I've worked volunteer security at an annual convention for a number of years (I have odd hobbies) and have had to deal with a number of situations at least one of which have ended up on YouTube. Deescalation has worked in all cases I have been involved with... so far. We have a paid police presence if that doesn't work.
There will always be people in any group who push the limits for one reason or another. If you say this is a hard limit, they will see how close they can come to the line without going over it - because they didn't break any rules, they feel they haven't done anything wrong even though they had malicious intent. I do not have any compunction about ejecting someone of this nature. This sort of things is covered in our stated rules, too. One year, we even had a slogan up that said the number one rule was "Don't be a Dick". Of course there was one guy who had to test that and showed up dressed as a giant penis...
...it's a C4 commercial break
It's 2 milliseconds long... It's a blipvert! Don't decode that signal!
...ICANN (subsequently): Jeez, what a horrible mess. Who could have imagined that new gTLDs would create problems? Why did no one warn us of this?
You left off the part where ICANN go on to repeat the same mistakes over and over again because really, why should they care?
My swingometer that gauges whether the government does things more out of malice or incompetence oscillates daily...
Never ascribe to malice what incompetence will adequately explain. There might be malice mixed in, but it's incompetence that gets the job done.
This is not new behavior and it is not the whole process. The US government has long taken a prescriptive approach in terms of approving software. There are a variety of lists in fact, from the level this article addresses to the various departments and agencies that make up the government. Each entity reviews each piece of software (including the specific version of each) and creates an approved list that can be used on their systems. At least this is what they are supposed to do - YMMV. This new directive can be best viewed as an additional filter among several already in place.
More telling to me is the statement from the article concerning China and Russia trying to "invest" in American (and I am sure other countries') software companies. There may be perfectly legitimate reasons for making these acquisitions through shell companies and using other methods to obfuscate involvement but that does not mean that the US military should assume the activity is benign.
The simplest explanation is that since the focus is on catching crims, the training data was mostly or completely composed of mugshots. This is based on the high false-positive rate that matches the incarceration rate in the US. Nothing like building in a self-perpetuating bias.
I am quite sure I don't understand all of this, but perhaps someone could fill me in. A Spectre gadget as it is not particularly well-defined in the article or at least I was a bit thrown off. It isn't one of the gadgets in the "billions of computers, gadgets, and gizmos at some degree of risk". Does it amount to any code in any remote API that can be abused to exfiltrate data using this method? If so, I would think that identifying them might be accomplished by defining normal, expected calls on each API and monitoring for any that fall outside that set, essentially what most whitelisting apps do during tuning. Easier said than done, I am sure, but perhaps a way to catch things that code review might miss.
Small business networks will be the most vulnerable, not least because the boss will just buy and connect this crap without talking to their (external) IT people.
You say most, but I work in an understaffed enterprise environment (the default setting for enterprise environments). I am in the midst of implementing a set of network inventory tools and am uncovering so much stuff that no-one at the home office was aware much less managed, tracked or configured. Despite having implemented a variety of security restrictions on our wired and wireless networks, our local admins put all sorts of stuff on our networks because someone at their site went out and bought it. Same deal for software. The best thing about the situation is that I just have to turn the data over to someone else to take action. I do not believe my situation is in any way unique.
Two reasons I can think for all these IoT devices. First, it's a fad and manufacturers are afraid that if they don't include the latest and greatest, they won't be able to move their wares even if they implement it in much the same way as slapping a different color paint on it all. In fact, it wouldn't surprise me if we some day soon have IoT paint.
Second, the idea that all this stuff can provide a real, automated household is an interesting and compelling dream. The problem is that there is no way to hold it all together without building it yourself. Most people want to get in their cars, turn the key and go. What they don't want to do is have to build it from scraps and spend all their time maintaining it. We haven't got a Henry Ford of IoT yet. We don't even have a Karl Benz.
Install Windows 2000 and try to complete a relatively complex task whilst timing it. For example renaming a small music collection. Now try the same task with Windows 10 or Gnome 3 / KDE.
All about the same. Used command line and not some newfangled GUI thing.
...there is someone at El Reg whose entire job is just to come up with the worst puns ever. That person needs to be taken out behind the pub and slapped...
You do whatever you want, but I'll buy them a round or two for the same reason. Maybe between us we will make that person happy.
The IAU definition of planet works fine for purposes of of some scientific fields but not for others and that is its weakness. It is of an ad hoc nature and lacks general utility. Much better would be to pare down the definition to something along the lines of "a planet is a non-stellar object orbiting a stellar object" and then work on classification of the different types of planets much in the way that stellar objects have been.
Even more telling, there is no IAU definition of moon.
Maybe 500 words. If you can't put together a well discussed argument then stick to shouting in the road.
With 140 words, give or take, you can put together a sonnet. Then again, the internet has thoroughly disproved the infinite monkey theorem, so that really doesn't offer much hope... Perhaps a platform that forces people to post in verse might be worth a shot just the same.
Biting the hand that feeds IT © 1998–2018