Posts by T. F. M. Reader

Movie stuff

The story seems unfinished. Did the hero get the girl in the end?

So the study tracks...

...people who leave WiFi on while on the tube and not all the commuters. How representative is this sample? How clueful in general are those people? How attentive are they to the signage/patterns/whatever might help them shave a couple of minutes from their daily commute? Would disabling WiFi be more beneficial than investing in better signage?

NB: tracking Oyster cards means tracking regular commuters, not occasional visitors, tourists, and such, so that is also biased.

Actually, I wonder if the "WiFi-on" populations has a disproportionally large fraction of foreigners who do not have mobile data plans and are happy for any free WiFi between sights? [Not a Londoner and my WiFi is usually off, so I don't even know if you can register on the TfL WiFi with a foreign mobile number.]

A part of the UK?

I thought Wales was a big part of Wikipedia?

Another RFC worth mentioning,

still surprisingly relevant but almost completely unknown by today's youth, is RFC1855.

From 1995. Ah, memories...

Dial SEC for clarification

"Chipzilla turned in another strong second quarter FY2017"

How many second quarters are there in Intel's FY2017?

Laws of automotive robotics

Anything safety-related or traffic-congestion-related or road-condition-related does not require vehicle identification beyond the vehicle type (I am a motorcycle, a family sedan, a van, an ambulance, a lorry, a double-decker bus, or an 18-wheeler). Anything that requires identification of the vehicle and/or driver and/or passenger is about surveillance, for some purpose. The purpose may be "national security", "war on terror", "law enforcement", "adjusting insurance premia", "targeted advertising", or anything in between, but whatever it is it will not benefit the driver/road user.

Obviously, different vehicles in the same area may need to be distinguished, lest someone or something mixes up 2 different lorries. This, however, can be achieved with temporary IDs that can be generated on the fly and cannot be tied to license plates, ownership, mobile phone numbers, etc.

Now, can we make "A robotic car shall not divulge its identity" one of the basic "laws of automotive robotics"?

Pre-Awards???

dangerously disruptive to pre-awards-ceremony red carpet interviewers

That's nothing! How about the actual awards ceremonies? Just imagine Warren Beatty getting a sponsored-AI-assisted second chance at the next Oscars! Just to eliminate a repeat of a human error, you see...

Writing comprehension or clickbait?

"Move over, Stuxnet" implies that this Industroyer is more awesome. However, "the most sophisticated [malware - TFMR] to hit industrial control systems since Stuxnet" actually means that Stuxnet is still the king. Please decide?

Poor choice of words

"...to prohibit us from becoming the next NSA regime...

I suspect this may not be scary enough for many. I think "to prohibit us from becoming the next KGB regime" is way more appropriate. There is still a difference between the two TLAs, and not just in technological prowess, but it's a slippery slope and I think everybody should have a clear vision of the ultimate goal.

2 sigma

The author states that statistics are simple and are misunderstood by many. And the same article, subtitled "Use and abuse of figures", states that a probability of 4.3% is "small" and thus the hypothetical enterprise can confidently conclude that its new product appeals to women more than to men. How unfortunate...

This is quite typical, actually: anything that can be stated with a confidence level of more than 95% - "2 sigma" in statistical parlance, meaning more than two standard deviations (of a normal distribution) from the mean - is deemed "significant".

Well, here is some really simple intuition. Let's say the hypothetical company from the article intends to make the same observation daily. How often can it expect to see a difference between men and women of more than 2 standard deviations under the "null hypothesis" that the product is equally attractive to both sexes? What do those 4.3% really mean? Well, if the stores are closed on Sundays then you would expect to see such an outcome (or an even larger difference) about once in 4 weeks (a bit more frequently, statistically speaking). If the product sells 7 days a week then it's closer to once in 3 weeks (4.3% = 1/23.26). The probability that it happened on the first day they made the count does not look so small when you phrase it like that. If you make not daily but hourly observations you will see deviations larger than 2 sigma every day.

No one in sciences regards a 2 sigma result as significant. For a confident statement one needs 5-6 sigma. If our hypothetical company make daily observations they will see a 3 sigma outlier about once a year, a 4 sigma outlier twice in a lifetime. Such outliers simply do happen by chance.

And all that depends on the unmentioned assumption that your deviations from expectation are normally distributed, which is often a good assumption for systems in equilibrium in natural sciences but not where human activity is concerned. A normal distribution falls off very sharply indeed (exponentially) so outliers are rare. Random variables related to human activity, including economics, often have wider, sometimes power-law distributions, and the chi2 p-values will significantly overestimate the confidence.

Funnily, it is in the natural sciences like physics where 2 sigma results are not considered significant. In non-scientific fields (including medicine, in my experience) 95% confidence is deemed significant almost universally and experiments and surveys are often specifically designed with 95% in mind.

Sigh...

I despise the security theatre...

...as much as anyone (possibly more), and I am definitely not looking for any excuses for it, but I can't help at least trying to figure out what genuine logic could possibly lead someone to introduce this rule, especially given the arguments (some stated in the article) that a bomb/fire in the luggage hold may actually be more dangerous, etc.

The only hypothesis I can come up with is as follows. Under the assumption that a laptop bomb must be small and not very powerful, and maybe with some extra esoteric knowledge of what such a bomb can and cannot do, is it possible that someone has estimated that the risk of a small explosion / potential fire in the hold is lower than the risk of structural damage caused by a similar explosion in a window seat?

Maybe someone here who knows more about it than I do can comment? If that hypothesis can be refuted then my suspicion that it is just a ploy similar to $5 bottles of water past security checks will be 100% confirmed. What ploy? I don't know. Aren't insurance companies salivating over all the premium payments they'll get when they offer coverage for checked-in electronics? Just a thought in my nasty suspicious mind...

Can it trigger some kind of Streisand effect?

If indeed Comey was fired to derail the Russia/election probe, is there a possibility that the investigation may actually intensify as a result? Reactance triggered, etc.?

If it happens then there may still be hope for the US of A - just as a side effect.

Gartner are behind the times...

...at least where IT is concerned. Each time I call the ISP's tech support line I am pretty sure there is ELIZA on the other end, even though the stated names differ.

"wearable device to be fitted to cattle"

The only use case that fits?

Microsoft and Google

I have read the judge's decision and while I feel that some details are not spelled out in it I am guessing that the point is that there are substantial differences between the Microsoft and Google cases.

Apparently (it is quoted in the decision) when one signs up with Microsoft one states one's location and all the data are "segmented into regions", i.e., stored in the data centers in the same region as the customer. This was the central issue when the US demanded data that was never stored in the US by design.

It is not clear to me what the "responsive data" were in the Google case, but I am guessing that the customers were American (or at least located in the US) and the fact that the data were stored elsewhere was merely incidental and not a consequence of intentional segmentation.

It is also not entirely clear to me what information was in fact covered by the warrant. The order mentions "subscriber information" (this, apparently, includes various metadata, search history, location - I can see how this might be treated differently from, say, email contents). Arguably, Google possess this information in their main business location in CA, even if the record is in fact stored in another country (again, for purely technical reasons).

IANAL, and as I said, not all the details are clear. However, I certainly can see the judge may have a point.

Isn't he the same guy...

...who was one of the original sponsors of the PATRIOT Act? So, this might just be that rare case where one should attribute his voting pattern to malice rather than stupidity.

The cost of security

Did I read it right? You really can make your IoT more secure by paying £6/mo less? Or will the bloody oven become inoperable without the mobile connection?

Proper procedure?

OK, this begs a genuine question. You are an IT guy at some company that is a lot more serious than a mom-and-pop candy shop. You have a lot of laptops, and a significant number of servers. You need to deal with MSFT, and you also have software from other vendors running here and there. All of these issue updates from time to time, MSFT may be somewhat more organized than others as far as update schedules go.

Would you go over the list of patches (maybe de-obfuscated by El Reg or someone else) and test these patches individually in some sort of staging area to verify that they don't break anything AMD-based, ATI-based, Hyper-V-based, an odd installed DLL, or a non-default configuration setting that you pushed everywhere for unrelated reasons? Will you test and apply the critical stuff first and deal with less important updates later (but still test them)? Or, presented with such a mess, just apply the whole update on staging machines, check for any black smoke, and roll it out to every box in the organization as one big lump? Especially if the software/updates may affect the system boot, user logins, operation, security, etc.?

Inquiring minds want to know. One reason for the curiosity is that we provide software and updates, and we want to make our customers' admins' lives as easy as possible. Not only by having no (all right, as few as possible) bugs in the first place but also by integrating into the customers' procedures smoothly even when there are no bugs. My experience and inclinations do not necessarily tell me what others do.

What say you, commentards?

Does not compute...

Either the reporter is confused (not just El Reg, but Reuters, too), or the Court is. I definitely am.

On the one hand, the warrants demand that Facebook does not "tell users the warrants existed".

On the other hand, "challenging warrants is none of Facebook’s business – that’s up to the targets of the warrants."

Huh?

Reg-inspired?

Someone took the "Pictures or it didn't happen" meme a bit too far... eh... deep...

So, what overflows?

The usual reason for this is a 32 bit counter of milliseconds overflowing, but that happens after 49 days and 17 hours, approximately.

I still remember when someone managed to run Windows for 50 days without a reboot for the first time...

Now, it would seem to me that Cisco have learnt that lesson and use a 64 bit counter. Unfortunately, they also decided to count picoseconds...

$ echo '2^64/18446400/10^12' | bc -l

1.00001865262108333420

Predicted long ago

"The best argument against democracy is a five minute conversation with an average voter." - Winston Churchill.

Never say "never" on Facebook

The heuristics (mentioned in other reports) the Admiral's algorithm would use look rather dubious to me. For instance, people who use words "never" or "always" would be regarded as overconfident and would get higher quotes, while people who prefer "maybe" would be regarded as cautious and thus safer drivers.

So, if you are cautious, or just care about your car insurance premium, never say "never" on FB, and in general always watch what you post. Uh-oh, did my premium just go up? Or is the algo smart enough to analyse the context? Somehow I doubt it is...

Will AI be able to sue other AI or humans for infringement?

Why does this sound to me more dangerous than SkyNet?

Curious

I have not installed Pokemon Go, nor am I curious enough to try. One aspect does pique my curiousity though. My understanding is that when one starts playing both the phone's camera and GPS are switched on. I am curious whether anyone technically knowledgeable has checked whether the phone sends large amounts of data anywhere.

Given that, as far as I understand, players can be lured to "interesting" places by a third party there seem to be interesting possibilities...

Just curious...