* Posts by Ken Hagan

5936 posts • joined 14 Jun 2007

Boffins suggest UK needs an 'AI council' but regulation is for squares

Ken Hagan
Gold badge

If we did set up a council, it's first task should be to ban the use of the term AI until at least we have an objective definition of what the "I" actually means and way of measuring it. Only then would it actually be possible to prosecute someone in court for making or using an artificial one improperly.

0
0

WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto

Ken Hagan
Gold badge

Android, and the big names were informed privately a few months ago, so the fix should be available today. Whether it is available for your phone, of course, depends on your hardware vendor (and in some cases also on your ISP).

1
0
Ken Hagan
Gold badge

Re: Why does anyone care about wifi security?

"My router is wide open to all comers. Who cares?"

Whoever pays your broadband bill, I would guess. (Unless they are made of money.) Starbucks are betting that the profit on the coffee far exceeds the cost of the bandwidth you can consume on their connection.

3
0
Ken Hagan
Gold badge

Re: 4 Years ago in a land far far away.

"thus as people upgrade the exploit will disappear."

Such naivety disappeared from the desktop about two decades ago. Yes, the automatic update mechanisms on the average OS do not have a 100% record, but for the average user who can't manage much beyond plugging it in and turning it on, they are almost certainly the only way to ensure that patches are deployed in the field.

It is scandalous that people sell network-connected devices without any automatic update mechanism. With society's increasing dependence on such things, such omissions are almost in the league of "not fit for purpose" under consumer legislation. It wouldn't even be hard, since these devices are all based on stripped-down Linux distros and those all have the facility. Yes, have an off-switch for the power users if you must, but don't just leave it out.

2
0
Ken Hagan
Gold badge

Re: OpenBSD

"silently due to embargo"

I think that is actually "silently despite the embargo" since publishing a patch to FOSS cannot be done without implicitly disclosing that a particular area of code is considered buggy. Therefore, more than one person reckons that OpenBSD kinda broke the embargo and they will therefore be placed on the naughty step for next time.

3
0

WPA2 security in trouble as KRACK Belgian boffins tease key reinstallation bug

Ken Hagan
Gold badge

Yes. And if your client is something that can be plugged into the router with a cable then it (the client) will almost certainly be patched this week.

1
0
Ken Hagan
Gold badge

Re: Should you really care.

"If you are not concerned with QoS then follow the guidance of OpenWireless.org and run a fully open wireless network"

Only two problems with that as far as I can see. Firstly, I'm paying for the traffic. Secondly, Amber Fudd would then blame me for all the porn that passers-by downloaded over my link.

4
0
Ken Hagan
Gold badge

No. There is (now) a rather good summary near the top of this thread. It is fixable in software, so for most OSes you can expect a fix in the next day or two. the vendors were all warned in advance and should have something ready. It also attacks the clients rather than the access point, so your router is not a problem unless you've chained a few together to extend your range.

The biggest problem I can see is that Android (and Linux in general) can be persuaded to use a null encryption key with this attack. That's "drop trousers and bend over" time for *lots* of mobile phones until such time as phone vendors (and any ISPs who might be cock-blocking the update channel) decide that these "existing customers" are worth some attention.

3
0

Sounds painful: Audio code bug lets users, apps get root on Linux

Ken Hagan
Gold badge

Huh?

I realise this is all pre-publication, so the lack of detail isn't surprising, but I'm struggling to understand how this works. If the attacking thread is in the same process as the victim, how can it be a privilege elevation and why wouldn't it just create its own port and then attack that? If, on the other hand, it is in a different process, then presumably ALSA has placed some kind of security mechanism around its ports. (If it hasn't, that's a hideous design error, but presumably it would have been spotted yonks ago.)

4
0

US Congress mulls first 'hack back' revenge law. And yup, you can guess what it'll let people do

Ken Hagan
Gold badge

Re: erm isn't this what law enforcement is for?

It's not even the same as arming children. /That/ would ensure that the children can shoot back at the time of the attack. /This/ law would still require you to collect evidence to prove who did it, check with law enforcement and compare notes, and then retaliate after everyone is dead.

If we assume that the police will respond to convincing evidence that one US citizen has committed a crime against another, on US soil, we can conclude that this new law would provide no new tools for the victims. Indeed, the lack of a response by the police could be the basis of a case by the accused that there was *not* sufficient evidence and that the so-called victim is the actual criminal here.

Totally fucking bonkers.

27
1

I love disruptive computer jargon. It's so very William Burroughs

Ken Hagan
Gold badge

Re: Of course it's pronounced 'Jif'...

Why would anyone want to interchange a giraffe? Is that even legal?

7
0
Ken Hagan
Gold badge

"We tend to stop after a certain number of syllables, but German seems to prefer long words."

I'm not sure that we do (stop). We tend to write the resulting mess as separate words but that's a cosmetic detail. The big exception here is when we are glueing Latin or Greek roots together, in which case we join them up, presumably because the parts aren't recognisable words on their own.

Either way, in the spoken language the stream of sounds is much the same. I imagine that in the mind of a listener these compounds are just as separable (or not) in either language.

3
0

It's Patch Blues-day: Bad October Windows updates trigger BSODs

Ken Hagan
Gold badge

"MS is REALLY getting worse."

Yes. They've been getting worse for a number of years. It's been pointed out to them. At times, they've even accepted it. They haven't been able to change. That's the story here. It will rumble on for another 5-10 years and then it won't matter because MS won't be a significant player in the industry anymore.

I only hope that Bill's managed to philanthropize all his billions before they disappear.

15
1

'We think autonomous coding is a very real thing' – GitHub CEO imagines a future without programmers

Ken Hagan
Gold badge

Re: Aircraft? Never get off the ground...

Aircraft were never a seemingly dumb idea. There are these things called birds.

Autonomous coding, on the other hand, is a seemingly dumb idea because we aren't even sure how people do it, and we *are* people.

2
0

Dear America, best not share that password with your pals. Lots of love, the US Supremes

Ken Hagan
Gold badge

Re: What about those various employers that demand access to social media accounts

It looks like this ruling allows prospective employees to tell would-be employers to eff off. Even better, anyone who goes along with the request is demonstrating that they can't be trusted, so they shouldn't get the job and any employer who *requires* candidates to give up their passwords is now encouraging candidates to breach their contracts with third parties and those third parties (or their lawyers) might well be interested to know that.

0
0
Ken Hagan
Gold badge

Re: Sadly, a decision which needs more clarity

"The manager may have given his permission to his PA but under the COMPANY regulations he had no authority to do that."

I got that part of the post *and* something else that you might not have considered: what if the credentials concerned are for external services. With just about every shopping website (including B2B ones) on the planet badgering us to "create an account so that we can spam you after you give us money", the boss's set of credentials almost certainly includes a few with third parties, not just The Company, so it is more than just an internal disciplinary matter.

0
0
Ken Hagan
Gold badge

Re: What happens if...

"What is the practical difference between letting someone use your password, on the one hand, and logging in and selecting a film and then letting someone else watch it?"

To you, very little. To Netflix, there is an increased risk that the password will be re-used by the other person (perhaps without your knowledge) with the reduced chance of the other person actually buying their own sub. If they (Netflix) are grown up about this, they might consider letting a third party watch a free film is a form of advertising and so it is debatable whether they suffer any financial loss. They are much less likely to treat password-loan as a form of advertising.

1
0
Ken Hagan
Gold badge

Re: What happens if...

"How does this square with the possible existenc of formal documents such as Power of Attorney "

It squares perfectly. If you have Power of Attorney then you would have the authority to act as that person and the T&Cs are overridden. However, the vast majority of cases where "my spouse and I know each other's bank passwords" are not PoA cases and so would be a breach of the bank's conditions.

Look at it the other way. If you lend someone an object and a few weeks later you discover that it has been loaned on to others, are you miffed? You might be, even if the object is undamaged and back in your possession when you requested. There's a breach of trust and a level of risk that you didn't bargain for.

2
0

It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too

Ken Hagan
Gold badge

Re: 2XXX

No way will we need that third X. Microsoft have no new products that look capable of sustaining their historic position within the industry. They've given up on "devices" and they've largely lost on servers. They survive on desktops on the strength of their ability to run programs from a decade or so ago, but the result of *that* is that the current version of Windows is almost crushed under its own weight of back-compat crap.

They aren't dead yet, but in 2025 we may look back at 2017 and say "Yeah, the signs were already there.".

And to the naysayers who point to the cash pile I say just that it is all virtual money and another company (probably not Apple, Google or Amazon, although they are probably big enough) will eventually have a big enough pile of its own to *buy* Microsoft for its IP and promptly shut down the day-to-day operation as an act of mercy.

4
0

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Ken Hagan
Gold badge

Re: Francis Walsingham

So from a two-sentence summary of the case against back-dooring encryption we have now progressed to a two-word summary. (Our friend FW may actually be the only case in history of this sort of thing and the resulting society is a text-book example of what the Founding Fathers didn't want for the US.)

3
0

Blade Runner 2049: Back to the Future – the movies that showed us what's to come

Ken Hagan
Gold badge

Re: Typos

Wee all ready has won to cheque spelling, butt its crap.

6
0

Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold

Ken Hagan
Gold badge

Re: You think that's bad?

Um, no, even *that* has now died. From https://support.microsoft.com/en-gb/help/18581/lifecycle-faq-windows-products ...

"Windows XP Embedded is a modular form of Windows XP, with additional functionality to support the needs of industry devices. It was released separately from Windows XP and provides a separate support lifecycle to address the unique needs of industry devices. Devices running Windows XP Embedded will be supported through 2016."

9
0

Another W3C API exposing users to browser snitching

Ken Hagan
Gold badge

"I wonder if somebody could add this "functionality" to the websites of the conservative party?"

That would depend on whether they have control over anything that the website displays. Then again, if you included such unpleasantness in adverts, you could presumably pollute the browsing history of anyone who doesn't use an ad-blocker.

0
0

Oracle VP: 'We want the next decade to be Java first, Java always'

Ken Hagan
Gold badge

Re: Design-by-committee languages suck

"Somewhat like JavaScript, but I digress."

You don't, actually. Both languages were designed for quick-and-dirty executable content on the client side. Once they had been adopted by the great unwashed of hobbyist programmers and lame educators (because they were free and available everywhere) they started to get used on the server side and for larger projects.

2
1
Ken Hagan
Gold badge

Re: No worries

Well written/designed C or C++ code is faster and more portable.

But well written/designed code is Hard, so it is almost never found in nature.

5
1
Ken Hagan
Gold badge

Re: The next decade...

As far as I can see, the most common security holes over the last decade have been phishing attacks and actual holes-by-design in the matrix of permissions (who gets to write to what). The former is, of course, a particularly pernicious case of the latter, because the end-user generally insists on having far more privilege than they need and then grant that privilege to almost everything they run.

Your advice on portability applies equally to C or C++, languages which have been ported for far more platforms over the years than Java.

RAD in the sense of iterative design requirements gathering makes sense. Applying it later in the process simply makes it easy for management to undermine the assumptions that made earlier design decisions safe. Work out what you want to build and then build it. In that order.

The simple fact is that you can write secure portable code in almost any language. People just don't, and the use of a particular language will not magically change people.

1
0

Linux kernel long term support extended from two to six years

Ken Hagan
Gold badge

Re: "bleeding edge" is overrated

Since this is Android we're talking about, the whole of user-space still lives on the bleeding edge. If phone makers really wanted to support their devices properly, they'd put something like Debian Stable on them and publish enough detail about their dodgy hardware to let someone else write the software.

But the hardware guys are quite happy for you to upgrade your phone every two years. This announcement is about Google's embarrassment that Apple support devices more or less for as long as they last. Whether Big G is actually big enough to push this one through is something we still have to discover. Since even *they* can't extend the life of their own branded kit beyond two years, I won't hold my breath.

16
0

BYOD might be a hipster honeypot but it's rarely worth the extra hassle

Ken Hagan
Gold badge

"I don't know anyone with any relevant experience who thought BYOD was anything other than stupid."

Also, interestingly, nearly everyone *did* have relevant experience because, let's be honest, how many IT staff have not at some point been asked by "the boss" to hook their latest shiny to the company network.

Apparently Gartner are the only people on the planet who didn't know this. Colour me surprised.

15
0

UK third worst in Europe for fibre-to-the-premises – report

Ken Hagan
Gold badge

Re: Help

"a map not too dissimilar to this."

Excellent, ta!

"Makes no difference to me of course, suckiing data down my 200 Mbps VM pipe."

And that is another fair point, since FTTP isn't the only way to get connected and it would be a shame to burn boat-loads of government cash bringing technology to everyone only to find that it is the previous decade's technology and all the money was wasted.

3
0

UK Home Office re-bans cheap call gateways because 'terrorism'

Ken Hagan
Gold badge

Re: VOIP over VPN?

"How are you going to monitor that?"

Well that's rather the point. They can't monitor these COMUG thingies either, but they've banned them so now they don't need to solve that problem.

Just because it is easy to break the law doesn't mean the law is futile. Quite the reverse, in fact. The law becomes the preferred mechanism for enforcement when technical means break down. (Of course, there is also the option of "not trying to enforce" state-sponsored voyeurism, but that option doesn't appear to have occurred to them.)

15
0

Web devs griping about iPhone X notch: You're rendering it wrong

Ken Hagan
Gold badge

"the illuminated surface of the phone no longer forms a rectangle"

It's not just the notch. The corners of the rectangle are rounded (and probably not a very circular rounding for all I know) and presumably Apple will scream to the courts if anyone starts producing another phone the same shape, so the only safe approach for web devs is to work in the central rectangle and just ask for a background colour (or gradient, or clipped image) to fill out the rest of the space.

If *that* isn't done by default, then lots of web-sites are going to look a bit crap and Apple will deserve to get panned. If it is done by default, then I don't see a problem. You shouldn't be depending on a particular part of your background wash being behind a particular part of foreground content.

19
1

Wanna get started with practical AI? Check out this chap's Rubik's Cube solving neural-net code

Ken Hagan
Gold badge

Re: Amazing

"You're saying this as if a human who's never seen the Rubik's Cube before can come across a scrambled cube and, completely unprompted, can figure out the purpose AND solve it. As most things go, even humans need directions."

My memory of the original cube craze is rather dim, but I'm pretty sure that 99% of the population *did* immediately figure out the purpose. Obviously only a far smaller number actually solved it, but *some* did and I see no reason to let the machines have a lower bar.

0
0

You lost your ballpoint pen, Slack? Why's your Linux version unsigned?

Ken Hagan
Gold badge

Re: rpmbuild -ba --sign slack.spec

Really? Is that it?

I've come to expect some pretty slap-dash, corner-cutting gobshite from web-based startups, but if it is that easy to sort out then their failure to do it right in the first place is hideously embarrassing incompetence and their subsequent failure to fix it in August is wilful negligence.

7
0
Ken Hagan
Gold badge
Unhappy

Re: perhaps it would be simpler to implement a this-is-bullshit font

HTML5 has <body>. That's almost the same thing.

If you want finer-grain control, here are some other suggestions:

<span class="bs">

<span class="porn">

<span class="terrrist">

<span class="troll">

2
0

Programming in the Middle Ages: Docker makes a lovely pair of trousers

Ken Hagan
Gold badge

Re: OPC

Er, whoosh?

(In fairness, had I been serious then you would have made excellent points. It is a pity that the numpty who wrote OpcEnum.exe didn't know all this. Last I looked, it was still calling CoInitializeSecurity in a way that is appropriate for DOS-based Windows and which, on NT, actually makes it *harder* to get stuff to work without using DCOMCNFG to drop everyone's trousers.)

0
0
Ken Hagan
Gold badge
Windows

OPC

"and you end up making the Guest account an administrator, and it still doesn't work"

But of course not! The reason it doesn't work is that it requires authentication in both directions. Typically this isn't possible, so you end up getting stripped of identity when calling back. Consequently, you need to make the anonymous logon an administrator. Then it will work ... maybe.

OPC: A data distribution protocol designed by someone to whom actual networks came as a nasty surprise.

6
1

Behold iOS 11, an entirely new computer platform from Apple

Ken Hagan
Gold badge

Is this a step backwards?

The whole point of the iPad product (and its OS) was the bonkers sand-boxing that made it almost impossible for one app to muck about with another. It was a significant impediment to malware and in combination with not letting *users* fiddle at the file-system level it made the iPad pretty safe for Joe User or indeed Joe User's offspring.

If they are now relaxing all that with a proper files app and letting folks use the thing more like a real computer, perhaps that is a retrograde step. Worse, perhaps it is not a big enough retrograde step, since anyone who actually wanted a "proper computer in a tablet format" already has quite a few options that have gone the rest of the way.

10
15

UK Prime Minister calls on internet big beasts to 'auto-takedown' terror pages within 2 HOURS

Ken Hagan
Gold badge

Re: Couldn't she....

I think that was an aberration. Her usual formula is less impressive:

"I am Prime Minister"

"Boris is Foreign Secretary"

"Strong and stable"

8
0
Ken Hagan
Gold badge

Re: How about...

"...to learn some of the basics of computing before making ridiculous demands."

To judge from these demands, she's never even *used* a computer, let alone learned about one.

Still ... that's probably our way out. We simply say that "Yes, it has been done and it is now impossible to upload terrorist content. Obviously there will be a few false positives, why is why the Conservative Party website has been taken down, and a few false negatives, which is what the Daily Mail *would* be ranting about had their website not also been taken down. But apart from those, it's all done and dusted Prime Minister.

25
1

RIP Stanislav Petrov: Russian colonel who saved world from all-out nuclear war

Ken Hagan
Gold badge

Re: Scary times indeed

Curtis Lemay (by then pretty much at the top of the USAF hierarchy) advocated a impromptu ICBM test during the Cuban Missile Crisis, explicitly arguing that it would cause the Russkies to panic and start WW3, which he considered a Good Thing because "better now than later".

3
0

'All-screen display'? But surely every display is all-screen... or is a screen not a display?

Ken Hagan
Gold badge

Re: Why do we need bezels ?

"There would only be the requirement of being bezel-less on 2 edges."

For rectangular (rather than square) screens, you would need two different handed-nesses of screen to tile 4 of them together and if you are going to restrict yourself to foursomes then you might not reckon it was worth the bother.

2
0

Chrome to label FTP sites insecure

Ken Hagan
Gold badge

Re: FFS, stop the nannying

"For a start, FTP is still perfectly fine for downloading public files or documents or images or PDFs."

More generally, both FTP and HTTP are the preferred choice (over their encrypted relatives) for anything that is digitally signed, because the plain-text protocols are amenable to caching whereas the encrypted ones are not.

7
0

Rise Of the Tiny Machines: Boffins cook up autonomous DNA sorting robot

Ken Hagan
Gold badge

Re: Coming for your jobs?

"I would not want to be under 40 now. Your job outlook is bleak and that could be an understatement."

As with just about every generation since the mid 1700s, the younger generation will be employed doing something different from their grandparents. They won't be idle, but they might be more comfortable. Put another way, I'm a little disappointed to be over 40 now. I worry that my children are about to zoom ahead without me.

7
0
Ken Hagan
Gold badge

Re: Astonishing. Sorting without energy.

"If that were true, it would mean that this is a perpetual motion machine!!!"

It wouldn't. This isn't Maxwell's demon. The motive propulsion is coming from thermal motion and is therefore random. No useful work is extracted from the device without energy input.

4
0
Ken Hagan
Gold badge

Re: Astonishing. Sorting without energy.

Nit-picking your title, the article explains that the actual sorting consumes energy. It is just the random walk across the surface that gets by on thermal fluctuations.

1
0

Would you get in a one-man quadcopter air taxi?

Ken Hagan
Gold badge

It's OK folks...

"A network operations centre will monitor these aircraft in case of trouble, we were told."

Serious legal question: if your last words were "Spend every fucking penny of my estate on suing these bastards out of existence!!!!!!", would that be enforceable?

0
0

'Don't Google Google, Googling Google is wrong', says Google

Ken Hagan
Gold badge

Re: OC

"If an intransitive verb is one without a direct object, then "The painting was displayed in the Louvre" surely counts as intransitive? "

I don't think a linguist would agree. That's just a passive construction and the active equivalent is "Unspecified-subject displayed the painting in the Louvre< which has a direct object.

1
0
Ken Hagan
Gold badge

Re: OC

Randy cocks display to hens. I imagine that's what the author must have been thinking.

1
0

Microsoft fixing Windows 10 'stuttering' bugs in Creators Update

Ken Hagan
Gold badge

Re: Fast startup? No thank you

"Turn off Fast Startup and this doesn't happen. Until the next forced update from MS turns it back on again."

I had a machine that borked the 1607->1703 upgrade, several times, until I switched off Fast Startup.

1
0

Forums

Biting the hand that feeds IT © 1998–2017