555 posts • joined 19 Dec 2012
Keep LibreOffice even if you move to MSFT [Was: MS Office? Faster?]
I used to write complex documents (detailed specifications, tables, figures, lots of cross-referencing, etc.). For the purpose of "interoperability with others" it was in Word. Change tracking, rejecting/accepting modifications, comments by others, etc.
Documents became fatter and fatter every day. Many, many megabytes. I learnt a little trick. From time to time I opened the current fatty in LibreOffice, made a tiny change (e.g., added a space somewhere or corrected a typo), and saved...
SHHHHRRRRRRIIIINNNKKK! All the extra fat is instantly gone.
I suspected at the time (but never really checked) that all the multiple changes, whether accepted or rejected, all the deleted comments, etc., etc., were made invisible but still kept by Word in the file, while LibreOffice figured out that invisible stuff was no longer needed and silently dropped it on the first save.
Did they disclose what "deep service" they really work for?
"DeepService implements a gated recurrent unit (GRU)" - oh...
Bootnote 1: "identifying individuals remains an unsolved problem in mobile computing" - that's a relief...
Bootnote 2: Swype left...
Suppose a safety-related update becomes available while my autonomous car is on level -4 in an underground parking under a high-rise building. The car will not know there is an update until it actually sees the light of day. At what point is it supposed to become immobile to apply the patch? When it is blocking the exit from the parking? When it is out in a busy city street with no empty parking space in sight? When it is doing 70mph on a carriageway?
A critical mechanical failure would immobilize a non-autonomous car, but that's a failure, not a software update, importance as the latter may be.
I'd think of warning the owner/custodian/occupant (and maybe insurer) that there is an essential update and give the responsible party a reasonable grace period to install it. Beyond that grace period, however, rules change.
It is essential that the grace period should start after the car becomes aware of the update, i.e., the car is started and there is an indicator of the dashboard, etc. Otherwise, the car may be out of range - e.g., in an underground parking garage - while the owner is on a month-long vacation abroad.
Re: Searching for old messages in different apps = nightmare
Ironically, my solution to this was not adding the address to the friend's entry in the contact list on my phone the first time they sent it to me. Care to elaborate why?
Dumb bug of the week: Outlook staples your encrypted emails to, er, plaintext copies when sending messages
I suppose mostly because there is no need to "exploit" if the plain text is helpfully sent along, eh?
Wait, this makes MSFT's statement technically correct, doesn't it?
...why do NSA and GCHQ have such big budgets?
Re: Scott Adams is ahead of us again...
Or Isaac Asimov's 1951 "Satisfaction Guaranteed" story...
The story seems unfinished. Did the hero get the girl in the end?
So the study tracks...
...people who leave WiFi on while on the tube and not all the commuters. How representative is this sample? How clueful in general are those people? How attentive are they to the signage/patterns/whatever might help them shave a couple of minutes from their daily commute? Would disabling WiFi be more beneficial than investing in better signage?
NB: tracking Oyster cards means tracking regular commuters, not occasional visitors, tourists, and such, so that is also biased.
Actually, I wonder if the "WiFi-on" populations has a disproportionally large fraction of foreigners who do not have mobile data plans and are happy for any free WiFi between sights? [Not a Londoner and my WiFi is usually off, so I don't even know if you can register on the TfL WiFi with a foreign mobile number.]
Re: One thing I always failed to understand....
I believe iOS does a pretty good job of MAC address randomisation when not associated, Android is generally very poor.
Re: Hold on, if I read this right
read Brook's "Mythical man-month" and see what he says about the "second-system effect"
Let's not cherry-pick famous quotes.
Among the things Brooks actually says about "second systems" is
"The management question, therefore, is not whether to build a pilot system and throw it away. You will do that. […] Hence plan to throw one away; you will, anyhow.
I am fairly sure this is what was alluded to by "develop it twice".
What you have in mind is, I guess,
"The general tendency is to over-design the second system, using all the ideas and frills that were cautiously sidetracked on the first one. The result, as Ovid says, is a 'big pile.'"
This is also famous, but hardly applies to the topic at hand (it may apply to specialized NYPD app development - I don't know).
The quote that comes to my mind, however, is
"[An architect] knows he doesn’t know what he’s doing, so he does it carefully and with great restraint."
This applies, according to Brooks, to the first system. In the case of NYPD's "first system" knowledge of what one does not know was conspicuously absent while all care and restraint was, apparently, thrown to the wind because the phones were FREE.
How can they know the hash value of a file unless they have access to it's decrypted content?
Maybe they did decrypt the drives and do have the unencrypted files, but
a) do not want to admit it (because top secret);
b) are afraid that without disclosure of the exact (top secret) procedure defence will accuse them of fabricating the data ("Your Honor, the prosecution claim these are the drives' contents, but they have not shown how exactly they arrived at this conclusion...");
c) think 'the old razzle dazzle' should be enough (because think of the children) to avoid disclosure of capabilities;
d) hope that 'the hashes match' will become a useful precedent on record - better than 'here are the decrypted files - look at this filth'.
Re: Horse bolting....
You can use firstname.lastname@example.org
Unfortunately, in my experience the vast majority of sites I needed something from badly enough to even consider registering did not allow '+' in email addresses. Who cares if it's technically legal - the sites have their own regular expressions to check against.
Yes, it may be a selection bias. Maybe the vast majority of website do allow '+', but I wouldn't consider registering with them in the first place... Point is, '+' does not really help me...
Re: Denounce them all
"Let's hear the same for the activities of the Russian FSB, the Chinese agencies, the Iranians, ..."
Isn't it the whole point of this "denunciation" - preventing the NSA/FBI/etc. from becoming too similar to their Russian, Chinese, Iranian counterparts and, even more importantly, preventing our societies, on both sides of the Atlantic and elsewhere, from becoming equally totalitarian?
Re: IoT - where the S really is for Security
@2+2=5: It can't be on the inside because the problem is the keypad doesn't work and the Airbnb tenant doesn't have a physical key.
I assume the tenants would call the owner who does have a physical key to get inside. Or even to partially dismantle the lock with a set of physical tools to get to the reset switch.
Have you ever watched a hotel employee opening a room safe left locked by a previous guest?
A part of the UK?
I thought Wales was a big part of Wikipedia?
Dial SEC for clarification
"Chipzilla turned in another strong second quarter FY2017"
How many second quarters are there in Intel's FY2017?
Laws of automotive robotics
Anything safety-related or traffic-congestion-related or road-condition-related does not require vehicle identification beyond the vehicle type (I am a motorcycle, a family sedan, a van, an ambulance, a lorry, a double-decker bus, or an 18-wheeler). Anything that requires identification of the vehicle and/or driver and/or passenger is about surveillance, for some purpose. The purpose may be "national security", "war on terror", "law enforcement", "adjusting insurance premia", "targeted advertising", or anything in between, but whatever it is it will not benefit the driver/road user.
Obviously, different vehicles in the same area may need to be distinguished, lest someone or something mixes up 2 different lorries. This, however, can be achieved with temporary IDs that can be generated on the fly and cannot be tied to license plates, ownership, mobile phone numbers, etc.
Now, can we make "A robotic car shall not divulge its identity" one of the basic "laws of automotive robotics"?
Re: Himself? Herself?
I may be old-fashioned, but isn't the convention to call the ships of one's nation (UK in this case) "she" and the ships of other nations "it"? "She is a beauty" about "Prince of Wales", but "It is a big and ugly chunk of metal" when talking of "Gerald Ford"? On this side of the pond, that is...
Re: Secure Chats
What you can't hide - and what spooky agencies should be using - is the metadata. What account you spoke to. When. For how long. How large a message.
I suppose you can do something about that, too, with a provider's assistance. What if the recipient of the message you sent id encrypted between the sender and the provider with a session key, the sender of the message is encrypted between the provider and the sender with another session key, a random delay is introduced between storing and forwarding to thwart correlation analysis, messages are padded to hide the real size, and messages and keys are deleted by the provider upon delivery, with no logs kept?
That will leave MITM in real time (fake certs, etc.) as the only feasible - metadata only if the sender and the recipient exchange keys and encrypt the contents themselves - attack vector, and mass slurping of stored comms (data or metadata) will become impossible.
What also will become impossible is for the provider to monetize their customers' data and metadata, so such a service will have to be paid for. Ah...
I do not know if there is a provider that offers such a service.
dangerously disruptive to pre-awards-ceremony red carpet interviewers
That's nothing! How about the actual awards ceremonies? Just imagine Warren Beatty getting a sponsored-AI-assisted second chance at the next Oscars! Just to eliminate a repeat of a human error, you see...
Writing comprehension or clickbait?
"Move over, Stuxnet" implies that this Industroyer is more awesome. However, "the most sophisticated [malware - TFMR] to hit industrial control systems since Stuxnet" actually means that Stuxnet is still the king. Please decide?
Poor choice of words
"...to prohibit us from becoming the next NSA regime...
I suspect this may not be scary enough for many. I think "to prohibit us from becoming the next KGB regime" is way more appropriate. There is still a difference between the two TLAs, and not just in technological prowess, but it's a slippery slope and I think everybody should have a clear vision of the ultimate goal.
The author states that statistics are simple and are misunderstood by many. And the same article, subtitled "Use and abuse of figures", states that a probability of 4.3% is "small" and thus the hypothetical enterprise can confidently conclude that its new product appeals to women more than to men. How unfortunate...
This is quite typical, actually: anything that can be stated with a confidence level of more than 95% - "2 sigma" in statistical parlance, meaning more than two standard deviations (of a normal distribution) from the mean - is deemed "significant".
Well, here is some really simple intuition. Let's say the hypothetical company from the article intends to make the same observation daily. How often can it expect to see a difference between men and women of more than 2 standard deviations under the "null hypothesis" that the product is equally attractive to both sexes? What do those 4.3% really mean? Well, if the stores are closed on Sundays then you would expect to see such an outcome (or an even larger difference) about once in 4 weeks (a bit more frequently, statistically speaking). If the product sells 7 days a week then it's closer to once in 3 weeks (4.3% = 1/23.26). The probability that it happened on the first day they made the count does not look so small when you phrase it like that. If you make not daily but hourly observations you will see deviations larger than 2 sigma every day.
No one in sciences regards a 2 sigma result as significant. For a confident statement one needs 5-6 sigma. If our hypothetical company make daily observations they will see a 3 sigma outlier about once a year, a 4 sigma outlier twice in a lifetime. Such outliers simply do happen by chance.
And all that depends on the unmentioned assumption that your deviations from expectation are normally distributed, which is often a good assumption for systems in equilibrium in natural sciences but not where human activity is concerned. A normal distribution falls off very sharply indeed (exponentially) so outliers are rare. Random variables related to human activity, including economics, often have wider, sometimes power-law distributions, and the chi2 p-values will significantly overestimate the confidence.
Funnily, it is in the natural sciences like physics where 2 sigma results are not considered significant. In non-scientific fields (including medicine, in my experience) 95% confidence is deemed significant almost universally and experiments and surveys are often specifically designed with 95% in mind.
Re: pet food
The area around Solingen is still pretty big on all kinds of horse-based foodstuff
Or visit Parma. The variety of horse meat products and the number of stores selling it is quite impressive.
Re: Why Israel didn't ban electronic devices on flights to Tel Aviv?
if the check-in desk person has taken dislike to you and have marked you for extra screening?
That would cause you grievance in any airport and with any airline today.
We neither have the financial resources, nor the people to crew the level of security they deploy.
I actually think that most (Western?) countries have the people who could be trained and deployed for the purpose, with adequate pay so the "right" people will apply and stay. And financial resources can be made available. This would, however, be in the way of the drive to lower the costs. There are no meals on flights nowadays, and even soft drinks are not free (hopefully water still is, most of the time), all in the name of the "bottom line". Paying for real security seems a non-starter under the circumstances.
The Israelis take security seriously, and bear the costs. I don't see why others can't, but for the lack of will.
Re: "simply because El Al"
Does El Al have specific detection equipment in any airport from which planes flies to Israel, and vet anybody in those airports?
As far as I understand, they do. Everybody vets - passenger information is vetted through multiple agencies by all airlines, that's how those no-flight lists also work. But I've flown El Al and they have their own security personnel in every airport in which they operate and they start screening you before checkin (i.e., way before general airport security). They also never let your luggage out of sight between checkin and the hold. I suppose all that puts a brake on cutting costs...
Re: Why Israel didn't ban electronic devices on flights to Tel Aviv?
If Israeli agencies are so worried about the risk of an exploding laptop, why didn't they ban them on flights to Israel?
Israeli security rather famously look for a bomber first, for a bomb second. Makes things scalable. Everybody else does the scalability (a.k.a. "profiling") bit, too, event as they try to pretend they don't (hint: "you have been randomly selected for additional screening" is anything but random), but there is a difference between highly educated and trained personnel with security background following well thought through procedures and techniques and minimum wage TSA drones following a "security for dummies" instruction book.
Re: seriously? -- !
@Palpy: The US military uses hardened Red Hat ... precisely because it neither wants nor needs the systems used by a receptionist in the Dept. of Flog and Scrum running on a warship.
Uhm... Not so sure about that... Checked both links - this one is from the same source but dated later than the one you posted...
To be fair, the article mentions that 'Part of the Navy's strategy was forming a group designated the "Microsoft Eradication Team."' Chuckle... Nuke them from orbit...
I despise the security theatre...
...as much as anyone (possibly more), and I am definitely not looking for any excuses for it, but I can't help at least trying to figure out what genuine logic could possibly lead someone to introduce this rule, especially given the arguments (some stated in the article) that a bomb/fire in the luggage hold may actually be more dangerous, etc.
The only hypothesis I can come up with is as follows. Under the assumption that a laptop bomb must be small and not very powerful, and maybe with some extra esoteric knowledge of what such a bomb can and cannot do, is it possible that someone has estimated that the risk of a small explosion / potential fire in the hold is lower than the risk of structural damage caused by a similar explosion in a window seat?
Maybe someone here who knows more about it than I do can comment? If that hypothesis can be refuted then my suspicion that it is just a ploy similar to $5 bottles of water past security checks will be 100% confirmed. What ploy? I don't know. Aren't insurance companies salivating over all the premium payments they'll get when they offer coverage for checked-in electronics? Just a thought in my nasty suspicious mind...
Can it trigger some kind of Streisand effect?
If indeed Comey was fired to derail the Russia/election probe, is there a possibility that the investigation may actually intensify as a result? Reactance triggered, etc.?
If it happens then there may still be hope for the US of A - just as a side effect.
Gartner are behind the times...
...at least where IT is concerned. Each time I call the ISP's tech support line I am pretty sure there is ELIZA on the other end, even though the stated names differ.
"wearable device to be fitted to cattle"
The only use case that fits?
Re: Everything wrong with capitalism in one article
INTC issued a forecast. The market expected them to beat the forecast, and that expectation was reflected in the stock price. INTC has been rising for the past couple of weeks for sure. When the actual results were announced and the market expectations were not realized the stock price dropped.
Some people made a bet too many and lost - bought a bit too high, no one is willing to buy INTC at those prices once new information became available. Not absurd at all.
[Disclaimer: the following is from memory, from the times when I had a markets-related job. I have not tried to find historical data on the 'net today.]
As a more extreme example, back in the late 90ies INTC announced a rather significant increase in sales, etc. However, the market had expected even better performance and INTC prices had been pumped up before the announcement. As a result, something like $91B was wiped off INTC price in a day. To put the matter in perspective, at the time that number was higher than all the market capitalization of all listed American companies except 29 biggest ones[*].
[*] Anyone who finds this absurd should look at the current list of companies by market cap. The first 5 are Apple, Alphabet, Microsoft, Amazon, Facebook, with ~$8.2T between them. Only one of those existed in any significant bulk back in the 90ies. Times change - sigh...
Re: Not to put too fine a point on it...
"Our counting systems were invented in Bablyon..."
Really? We switched to base-60 and I haven't noticed till now?
Our counting system was actually invented by Indians, i.e., in the Commonwealth for all practical purposes... A few centuries before Islam came about, actually. So perfectly consistent with values, way of life, etc.
"They can quite agree whether they should be made illegal or simply removed from the mathematics curriculum. Or whether they exist. Except 2. That one exists."
All this can be easily solved with binary numbers, actually. Just outlaw the least significant bit.
Microsoft and Google
I have read the judge's decision and while I feel that some details are not spelled out in it I am guessing that the point is that there are substantial differences between the Microsoft and Google cases.
Apparently (it is quoted in the decision) when one signs up with Microsoft one states one's location and all the data are "segmented into regions", i.e., stored in the data centers in the same region as the customer. This was the central issue when the US demanded data that was never stored in the US by design.
It is not clear to me what the "responsive data" were in the Google case, but I am guessing that the customers were American (or at least located in the US) and the fact that the data were stored elsewhere was merely incidental and not a consequence of intentional segmentation.
It is also not entirely clear to me what information was in fact covered by the warrant. The order mentions "subscriber information" (this, apparently, includes various metadata, search history, location - I can see how this might be treated differently from, say, email contents). Arguably, Google possess this information in their main business location in CA, even if the record is in fact stored in another country (again, for purely technical reasons).
IANAL, and as I said, not all the details are clear. However, I certainly can see the judge may have a point.
Isn't he the same guy...
...who was one of the original sponsors of the PATRIOT Act? So, this might just be that rare case where one should attribute his voting pattern to malice rather than stupidity.
The cost of security
Did I read it right? You really can make your IoT more secure by paying £6/mo less? Or will the bloody oven become inoperable without the mobile connection?
Re: Not even half-baked security
s/developers/product managers/ ?
Cowardly Microsoft buries critical Hyper-V, WordPad, Office, Outlook, etc security patches in normal fixes
OK, this begs a genuine question. You are an IT guy at some company that is a lot more serious than a mom-and-pop candy shop. You have a lot of laptops, and a significant number of servers. You need to deal with MSFT, and you also have software from other vendors running here and there. All of these issue updates from time to time, MSFT may be somewhat more organized than others as far as update schedules go.
Would you go over the list of patches (maybe de-obfuscated by El Reg or someone else) and test these patches individually in some sort of staging area to verify that they don't break anything AMD-based, ATI-based, Hyper-V-based, an odd installed DLL, or a non-default configuration setting that you pushed everywhere for unrelated reasons? Will you test and apply the critical stuff first and deal with less important updates later (but still test them)? Or, presented with such a mess, just apply the whole update on staging machines, check for any black smoke, and roll it out to every box in the organization as one big lump? Especially if the software/updates may affect the system boot, user logins, operation, security, etc.?
Inquiring minds want to know. One reason for the curiosity is that we provide software and updates, and we want to make our customers' admins' lives as easy as possible. Not only by having no (all right, as few as possible) bugs in the first place but also by integrating into the customers' procedures smoothly even when there are no bugs. My experience and inclinations do not necessarily tell me what others do.
What say you, commentards?
Re: Chicken and egg
To be fair, that's what the study - and the article - point out, too: correlation is not causation.
Put down your coffee and admire the sheer amount of data Windows 10 Creators Update will slurp from your PC
Re: Fighting back?
Anybody reading the Reg should be able to configure their router to block the telemetry servers, surely?
This will only work until you take your laptop out of the safety of your house.
Does not compute...
Either the reporter is confused (not just El Reg, but Reuters, too), or the Court is. I definitely am.
On the one hand, the warrants demand that Facebook does not "tell users the warrants existed".
On the other hand, "challenging warrants is none of Facebook’s business – that’s up to the targets of the warrants."
Someone took the "Pictures or it didn't happen" meme a bit too far... eh... deep...
Re: Cars built by an OEM
Happens now. E.g., Magna builds cars for BMW:
@regregular: "Tesla got 'em bad, in many markets the vehicle is ridiculously successful, much to the surprise of the industry".
Not so sure about this. TSLA is steadily in the red financially, bleeding money year after year which, for me, counts more towards the reality of being "ridiculously successful" than the coolness factor of a niche product. Tesla are nowhere close to having an iPhone class product. BMW sold ~2.4M cars last year with ~EUR7B after tax profits, on ~EUR94B revenue. Tesla produced ~84K cars last year (delivered ~76K), with revenue of ~USD7B and ~USD675M losses. I do not see BMW, let alone the automotive industry as a whole, shaking in their boots because of Tesla's "ridiculous success" yet. [All the numbers come from the official financial statements that are easy to find on the 'net.]
Not everybody seems to be ecstatic about the product, either. Negative consumer opinions about Model S and Model X quality issues on delivery abound, too. It is not clear to me whether those issues are systemic or anecdotal. To be fair (and anecdotal), a friend had horrible experience with is new BMW 5 series a few years back - BMW had to replace the car.
I also have my doubts regarding, say, MobilEye valuation: is a company that produces a minor and non-unique optional feature that amounts to a sensor rather than a complete functional component of any future autonomous vehicle really worth ~30% of the market cap of BMW (or Ford, or GM)? Maybe BMW have a reason to be skeptical (should I say, realistic?) about such a Silicon Valley approach to the field?
And apart from Tesla, no other frequently mentioned player - Google, Uber, now Intel - seems to think of making their own vehicles. Rather, they'll want their technology to be adopted by the incumbents, who, by the way, understand the inherent responsibilities and liabilities far better than the overly optimistic Silicon Valley geeks. So I, for one, expect the BMWs of the world to remain in the driver's seat and to keep their badges on the hoods of those autonomous cars.
So, what overflows?
The usual reason for this is a 32 bit counter of milliseconds overflowing, but that happens after 49 days and 17 hours, approximately.
I still remember when someone managed to run Windows for 50 days without a reboot for the first time...
Now, it would seem to me that Cisco have learnt that lesson and use a 64 bit counter. Unfortunately, they also decided to count picoseconds...
$ echo '2^64/18446400/10^12' | bc -l
Re: Being on a placement myself...
Not met one who hasn't given the Dog-like confused head tilt when told to put the kettle on.
What do you expect from a poor intern? One needs to configure the kettle's IPv6 address (or DHCP), set up creds to connect to the network, make sure the NAC allows it, the firewall lets the kettle report to the Mothership-in-the-Cloud on a custom port... It's all IoT these days, you know, and the intern is not a competent IT professional yet...
It's up to you to train him in these essentials.