came to say the same, O365 spams you a new 2 factor auth message almost every ruddy time you try and login, regardless of ticking "yes, bloody leave me alone for 2 weeks". When you work in IT, and use multiple machines, multiple browsers and generally bounce about, it's annoying as hell. Better than getting hacked though, I suppose!
352 posts • joined 11 Jun 2013
Making a car without seat belts is against the law. So is spaffing personal data (finally!).
Making a road that doesn't comply with safety standards is against the law (for example without crash barriers or white lines).
The car makers, in this analogy, are the companies creating the advertisements that fill this advertising space. Not the people spaffing data everywhere contrary to the law. Quiet down and take your medicine.
Six Flags fingerprinted my son without consent, says mom. Y'know, this biometric case has teeth, say state supremes...
Re: "Is this what you wanted to see?"
I have not read the link so apologies for willful ignorance but that just sounds like a one time pad. Otherwise you can't choose your ciphertext, and you certainly can't re-use it, that is fundamental cryptography so it's likely that scheme is broken...
I remember TrueCrypt had something similar with hidden volumes but it all takes space and is detectable if you're looking for it
Ok so you discover a hole in the French infrastructure (which either everyone is allowed to do, or it's a crime unless you're on the list c.f. USA). Do you sell to the French or to [insert popular enemy country name here]?
If everyone is allowed to do it, the odds are better that you get a notification (because your enemies will be looking anyway!)
However it's also more likely that someone from France sells to the enemy.
All in I'd say it's still better to leave this open to all, as if we're not running under the assumption that *most* people are half-way decent then there isn't much point. Time will tell I suppose.
Re: Luddites = Non Sequitur
A) Show me a large multonational not connected to the government of their home country, this backs up Ren that this is an idealogical conflict
C) As are 5 eyes and Iran and everyone else
D) Which country is benevolent to anyone else?! Jeez
E) The idea that a country of 1billion people is incapable of innovation or invention is hilarious
F) This is a concern, but not to do with Huawei. If countries are concerned with China's dominance in technology then they shouldn't let them build critical infrastructure (hello UK government)
IOW A) and F) have some merit, but are probably not relevant to trusting products built by Huawei, at least no more so than trusting US products
Re: Living in a black hole?
Perhaps I was a tad harsh, if it is the same poster then I do not believe I was. I should have left the link, there's about 5 consecutive posts and as far as I am concerned there is enough rubbish in there to discount the lot
Decide for yourself :)
Re: If all you have is a hammer
are you the same AC that was warbling incoherently about the resonant frequency of the universe and how we're all living in a black hole on another forum this week?
These forums are frequented by a significant number of people who know more than you or I do; you appear to know very little beyond GCSE physics, and your explanations are akin to a Childrens TV science program, only less accurate. Please stop. Even if you use "I'm too smart for these guys, I'll let them wallow in their filthy ignorance" as an excuse, just stop.
Re: Class of problems inherent in file transfer, may require MAC enforcement.
It looks like you've already argued against yourself "that only really moves the problem to whether the user interface software is trusted". Yes, if you can't trust application running to do sensible, non dangerous things then you're in trouble.
That is exactly what these CVEs are. "Hey, please grab some bytes from the network card and put them here: /X"
>> "Nah, I'll just write some other files, as determined by the network card byte stream and ignore your command, silly user t(-_-)t"
This is called a software bug, and reduces the trust in the 'user interface' software in question. The more general problem of "how do we write software which we can prove we can trust" is yet to be solved.
What's the fate of our Solar System? Boffins peer into giant crystal ball – ah, no, wait, that's our Sun in 10bn years
Re: Awww bless
I'm not usually convinced by a dictionary quote, so I will bite.
Ads can be an attack surface and therefore they make you vulnerable. Generally as a society we agree that forcing people into vulnerable situations is not ok, and you could argue that the act of forcefully increasing vulnerability is actually harm in itself.
Another argument might be that the app authors intended to serve ads, which take up system resources - thereby depriving the phone user of something. Being deprived of something is harmful, which is why we require consent for things to be taken, and call it theft otherwise.
Re: Alternate theory
Tom 7, mate..... naming something makes you an idiot? Yea.... all those idiots that named the stars, the sun, moon, watched them go around and worked out how to navigate using them - multiple times in multiple cultures.... idiots, shouldn't have bothered. Just ignore it because you don't know what it is absolutely, what a way to move human endeavour onwards. Not.
Re: people were perfectly happy handing over their data to tech giants
that's it, point your finger at the millennials, the brain dead fuckwits etc
it's always someone else's fault
(This one cool trick to scan your ID card has been checked and there is an increase in hot singles in your area!! Click here to find out more)
Re: another iteration
I suspect that the population used for calculating the IQ of politicians would allow them to come out quite favorably; I do not imagine, for example that they would be compared with the comentards here, which I think is likely to be toward the high end when considered c.f. all humans (I have zero evidence to support this opinion, in fact the only comentard I know to be real is myself, so things don't bode well for us)
Re: people were perfectly happy handing over their data to tech giants
well, there are 120million* UK facebook accounts, so clearly literally everyone has provided not just 'their data', but an honest and accurate reflection of it
*this might be a made up number, but without ID cards we can't be sure how many people actually live in the UK so it's our new baseline
It was the icon on Zog's post that tipped me toward interpreting this as an elitist slight. Yep, we all take away different things, and there are more possible interpretations when only text and one icon is available. Having said that, the article was an extreme case where Zog is bang on, there isn't much more to say after 'put the spoon in the food and then in your mouth'...
@Zog, love the troll ;)
I couldn't decide whether to upvote this. While you're right that to understand some topics a prerequisite level of other knowledge is required, that's why we don't all go straight into academic research after learning to speak. But I just can't get past the arrogance of the statement. For most things, you can explain 'in laymans terms' well enough to allow another human to perform the desired task adequately. They don't need to fully *understand* it, just as I don't need to fully understand how the engine in my car works, so long as I can get it to work and understand it's bad if it's on fire...
Communication skills are key in any walk of life, explaining things is a communications skill we should all practice.
Re: Private, not public.
have not downvoted.... but I have two observations:
1) Offence is taken, not given.
2) It is fine to have a moral standpoint, it's fine to be proud of it, but don't wave it about in people's faces or shove it down children's throats.
So, your moral stances are like your dicks, keep them between you and your significant other and everyone will be happy. Representations or written descriptions of your moral standpoints are acceptable, but they might offend some people - in that case however, I doubt you'd give a fuck and you'd still feel justified in conveying the concept.
I agree, even easier as there was no action required.
Hi [Name], We're writing to notify you that your account is among a number which *have* been involved in a security breach. Please log into your account using your normal route to see further information and what steps, if any, to take next. As always, please do not click on links on emails, we will never ask for your details..... blah blah
If a reset is required, deal with it when a log in is attempted, not using an email link. Unfortunately, marketing departments have ensured that 'legitimate' emails are full of full page banners and images, so people are not trained this way.
I didn't downvote, but I agree. You're suffering from selection bias: "I was good when young, I am now 'good' (so far as I know), therefore to get as good as me you need to follow same path I did".
I was rubbish at IT when at GCSE age, I was rubbish at a lot of 'subjects'. My IT course consisted of learning how Mail Merge in MS Word worked. I failed completely because what was the point in that? Much more fun to muck about and play games.
I had discipline problems at that age, was more interested in sport and girls and it wasn't until I finished my GCSE's that I was aware I was academic at all (no family history in that area). I went on to a numerate degree (physics), during which time I learned that computers were actually useful. I am now gainfully employed and as far as I can tell I'm pretty good. I am currently paid to sweep in, fix other people's crap code and have a whole host of opinions on why other people are 'not as good as me'. I am not so arrogant to assume that everyone needs to follow my path, and you can't blame children for their circumstances or interests at that age.
postpone 11 months!? If they've been up there 3 months already, they'll develop serious health problems if they're up there that long. I wouldn't like that decision being made for me - and I assume their families would be non-plussed. What are the downsides to abandoning the ISS aside from a gap in the science data?
Re: ..if you can see it, it's not encrypted
If you're responding to me, that was exactly my point, if you read my posts. People need to see the data to use it - however at this point downloading (that bit) is irrelevant. Controls should be monitoring people are not accessing 1 million records a day.
Re: you almost always need an Admin account
@Anon, My point is that if you can see it, it's not encrypted, so you can't protect it at that point; where you download it to is irrelevant. Homomorphic encryption does not help if your Admin needs to examine the data, it's just intellectual masturbation in most cases.
Re: Oh FFS !!!!!
you almost always need an Admin account to find 'bad'/orphan etc data (unless you're a startup with no legacy data). Splitting the data (by region etc) just means you need more people acting as Admin. Is it better to trust one Admin or many...?
Depends on your threat model, I suppose. If you're complaining about the download capability - then I would just say - you can't stop people photographing the screen, so your procedures shouldn't be about preventing people querying data - they should be about *detecting* that access. Pretty unusual day at the office if half a million records get reviewed by a single human.
you heard that story about a turtle moving half way to it's destination with each step......?
I just meant that it's been pushed back continuously, if it is demonstrably 'working' in 2025 I will be surprised. If I am buying electricity that was generated using a Tokamak in the next 50 years I will be elated
New theory: The space alien origins of vital bio-blueprints for dinosaurs. And cats. And humans. And everything else
I don't think it was explicitly stated, but the article implied that the specific chemical phosphine is not formed by natural processes on Earth. I am not a chemist, but I guess it's not likely for the crust phosphorus to react with 3 Hydrogen atoms due to it being already bonded with other elements.
On the other hand I also have no idea why phosphine is specifically required to get to the amino acidy bits, my GCSE biology has not stuck with me but I thought you can usually get to chemicals through various routes. In conclusion I both disagree and agree with your skepticism.
69% use Biometrics? What? Who are these people and what are they doing that helps secure networks? Does this just mean people accessing email on their iPhones using fingerprint/FaceId?
"69% of respondants have thrown away passwords and instead are just using usernames, encoded as biometric data points"
seriously, I am curious! A fingerprint scanner to allow HTTPS through the corporate firewall......?
Re: Would there be a market...
no, because the code/behaviour would be analysed by your well resourced adversary and the cruft nicely filtered out.
Also it's the wrong solution. The correct solution is to remove the problem (slurp slurp behaviour), but this is a societal issue and unlikely to be easy or fast. Historically, we tend to go down these mental roads every now and again, but inevitably end up back at equilibrium. Hopefully the same is true here and we'll eventually end up in a sensible middle ground.
Digital records won't last forever, but they'll last a lifetime or so - I reckon we'll need a couple of those time periods as a society to recognise the downsides.
Re: I think...
So the job market is swarmed with incompetent managers and the cycle repeats as they find positions elsewhere...
I like the Peter Principle (https://en.wikipedia.org/wiki/Peter_principle). If the project fails, you go back to what you were doing before you were a project manager; if you were brought in as one - you go down a rung or you quit. That way, you push people down to where they are effective.
If people are being effective, you give them pay rises, not promotions (but by all means allow promotions!). If they're out-earning people in similar positions elsewhere, they won't leave.
Tricky to juggle company-wide, I grant you, but I like to think it would be better than the current methods. The other problem is curating a culture that agrees this is a good thing, and doesn't make people feel bad about lacking the required skills. Paid-for training courses?
Re: I have to ask...
I have no doubt that the Oracle DB is riddled with bugs - but the idea that everything else is therefore better is quite childish in my opinion.
This is the same mentality that says malware can't infect Linux systems*......
The alternatives just aren't as valuable to target, or used in such a wide variety of environments. They're probably just as crap in slightly different ways. Actually, I'm feeling generous: probably a little bit less crap as they're probably written by fewer people with a wider knowledge of the overall codebase.
*I am not disparaging Linux, just the idea that it's immune from bugs