* Posts by dgc03052

23 posts • joined 27 May 2014

Dumb bug of the week: Apple's macOS reveals your encrypted drive's password in the hint box

dgc03052

Re: OSX updates

" I'd like a modern robust file system that can transfer thousands of small 10Kb files at the same rate as it can a 10GB video file instead of crawling to a near halt over my 3500MBps NVME storage hardware"

This!

This!

A dozen upvotes for this...

3
0

Boffins take biometric logins to heart, literally: Cardiac radar IDs users to unlock their PCs

dgc03052

Great for poorly timed security lockouts

Ack, we're getting hacked, I'd better...

<Security Alert: Heart rate variance has exceeded limits, console locked>

0
0

Intelligence director pulls national security BS on spying question

dgc03052

Re: Laws

A written set of laws that cover as many bases as possible (as intended) - plus a section that gives an idea of what the law is, and is not, intended to cover in the general sense.

It would be nice to have a written letter of the law, with layman based explanations on intent or examples, and all that. Not that I ever see it happening.

It could be interesting though, image the laws starting to include the usual: "The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119"

4
0

Can GCHQ order techies to work as govt snoops? Experts fear: 'Yes'

dgc03052

Re: Off the leash

"No, that's not how it works. Developers with access to the systems use their own test data and are forbidden to view real data, while developers with access to user data are granted it on a strictly controlled test basis, just like any other telco engineer."

Depends on the specific company. Usually until there is some critical bug, and a bunch of data is replicated for debugging, or the developer does touch the production system.

Not all developers have access, and they might not have regular access to all the data, but plenty of data and access can be leaked, with very little tracing.

1
0

Healthcare dev fined $155 MEEELLION for lying about compliance

dgc03052

Re: What were the users doing?

"create the illusion that the software was able to access large databases"

"lying about the software's ability to transfer records between doctors and audit transfers"

It wasn't able to access databases and wasn't able to transfer records or audit said transfers. It might be possible to fake that in regulatory tests, but how did the people actually using the software not notice it couldn't do any of the things they actually needed it to do?

This was likely to fool certain minimal security testing, like not seeing the patient name or diagnosis in network traffic. Once the test is over, they go back to just storing plain text in the DB, because that is easier. You can fake "transferring" records by just allowing the other user access to the same data, so it would work for users, just you never took the information away from the original person, and it wouldn't actually work across different installations, or to anyone else's system. Or you do brain-dead serialization/deserialization, and worry about transferring it between different software versions later. And real users looking at audit reports, hardly...

There are just so many ways of doing a crappy job that just tick a checkbox, as shown by "agile" in all sorts of places...

0
0

Netgear 'fixes' router by adding phone-home features that record your IP and MAC address

dgc03052

Re: Anyone here actually own one of these?

It looks like they decided they needed to document the analytics.

This probably is region specific, - in the US with V1.0.7.10_1.2.3 listed at the top of the UI, firmware update assistant was showing something about 1.0.7.12, but it looks like there has been another update. New features were shown as New Features and Enhancements:

Supports Dynamic QoS.

Supports Dynamic QoS database update

Bug Fixes:

Fixes for security issues.

Note: Firmware starting 1.0.7.12 will not include Arlo functionality

---

now seems to be referencing 1.0.8.34 for whatever reason - specifically it shows:

Current GUI Language Version: 1.0.7.10_2.1.38.1

New GUI Language Version: 1.0.8.34_2.1.38.1

Current Firmware Version 1.0.7.10

New Firmware Version 1.0.8.34_1.2.15

Release Notes:

1. [New Feature] Supports collection of router analytics data.

2. NOTE:It is strongly recommended that after the firmware is updated to this version, log back in to the router s web GUI and configure the settings for this feature.

2
0

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

dgc03052

Re: Mitigation against ransomware:

May as well add prohibit any internal software development, or workers with even the slightest disability (or just not being a generic cog), since you are going to end up prohibiting them from getting any work done.

Rules like "20. Ban the use of USB devices" lead to policies requiring a doctor's note (and custom computer that doesn't have the USB ports epoxied) to use a trackball or vaguely ergonomic keyboard for carpal tunnel problems.

5
1
dgc03052

Re: Risk Management

The only way to protect yourself is avoid the security nightmare that is Windows. If you only use web, buy a Chromebook. No malware, no key loggers, no constant intrusive updates, no need for antivirus, 2 second boot, it just gets the job done.

While I mostly agree, conexant (etc) drivers with built-in "debug" keyloggers are equally possible in a Chromebook. TLA's have disk drive firmware, and lot's of other vectors available, and more will come out. Avoiding Windows is a good step, but should be considered just one layer of many.

6
1

Sorry, Dave, I can't code that: AI's prejudice problem

dgc03052

Re: Transparency...

It didn't decide to do anything. The input photo is all the data collected about you. The output photo might be a single pixel describing your credit rating. And the filter is the entirety of the program.

One of us isn't getting this, and I don't think it's me!

Sorry, but afraid not. You are indeed missing it. There are no decision trees, or state machines in machine learning / neural nets (in they way you appear to be thinking).

Your retina and brain is comprised of neurons. How do we ask it how you decided you just saw a cat? Big hint, it's not the way you might think. We can slightly describe how it actually happens in terms of layers that look for vertical edges, horizontal edges, motion, image convolutions, and so on. That's all you can get out of machine learning.

Even better comparison - how do you recognize someone's voice? Can you describe an average friends voice well enough so that someone who has never met them will uniquely identify them the first time they hear it? If you magically tracked all the neural activity, you would have worthless information about relative weights of harmonics and frequencies and time delays, but it still results in either recognition, familiarity or not. Even with all the details, it doesn't tell us what voices might be easily misidentified, or who could do a good impression of that person.

3
1

IBM: Remote working is great! ... For everyone except us

dgc03052

Of course, perhaps it is more just a subtle form of protest.

0
0

Today's bonkers bug report: Microsoft Edge can't print numbers

dgc03052

Re: Here we go again, Fan-boism at it's worst...

"Why would you class this as important as the Pentium bug?

It's a bug that prints numbers.... Shouldn't you check numbers when printed?"

So someone should individually check every digit of every number in that spreadsheet / online bank statement / online receipt every time they save to a file?

I'd say this is a lot worse.

Just last month I had saved my annual earnings tax statement (W2 in the US), which is only available online, and what I saw online was completely different from what I saved for backup and printed (different issue, stupid special font problem, lots of "?"'s instead of real numbers printing from any other machine).

I couldn't file online without making up a number for an empty field, and if I tried to file that paper it would have been rejected. If it hadn't been such a large screw-up, but just a couple of digits it could have been a huge hassle. So many things wrong in that sequence, but anyway.

3
0

Chap 'fixes' Microsoft's Windows 7 and 8 update block on new CPUs

dgc03052

Re: I asume if you run Windows in a VM

Looks like I might have mis-remembered where I did this, or at least I don't find the reference for VirtualBox at the moment, but https://communities.vmware.com/thread/394665 shows cpu id masking in VMware...

I think I ran into this trying to run an older Mac image on a new (non-Mac) machine, required some hacking, but nothing major.

0
0
dgc03052

Re: I asume if you run Windows in a VM

Not zero concern, but it is easy enough to solve.

For example, a Virtualbox 64 bit client I have shows the Xeon host cpu type, but you can override that the configuration files. YMMV depending on the Hypervisor.

2
0

Large Hadron Collider turns up five new particles

dgc03052

Re: Puzzled, as usual

E = M C ^^2, remember?

Big bang (little b, the non-universe starting kind) in a small place, get almost anything out that adds up to the right total....

1
0

Two million recordings of families imperiled by cloud-connected toys' crappy MongoDB

dgc03052

Re: Incompetence

"Why did they make no attempt to fix the situation the first, second or third times?"

Your imagination just isn't up to the level of incompetence out in the field. They probably have something hard coded into the bears or apps that are out in the field... We just haven't heard about it because it doesn't happen with every access, just something like initial setup or reset (and seriously, why spend more time investigating their level of security).

0
0

Machine-learning boffins 'summon demons' in AI to find exploitable bugs

dgc03052

Welcome to the grand illusion

Current ML seems to be at the biological equivalent level of retinas, perhaps with a couple of neurons above.

Now think about all the optical illusions that we can be tricked with, and how hard it is to discover some of them - every new instance of ML is going to have it's own set of illusions/false outputs. They may get better and better, but every one of them is going to have it's blind spots and ways to be fooled.

And that isn't counting any of the basic coding, memory, etc., bugs, that can crash things, rather than "just" provide the wrong output. They may be incredibly useful, or even better than a human, but they will never be perfect.

1
0

GDS shouting matches so severe team takes to talking by hand signals

dgc03052

The Vulture..

Nice hat and scarf in the background, too.

1
0

Retired Philae lander slouches on Comet 67P

dgc03052

Big flashlight, anyone?

All right, so who's got a really big flashlight with a real narrow focus, that can track a spinning comet? Give it a jump start by lighting up it's solar panels...

0
0

Call the Cable Guy: Wireless just won't cut it

dgc03052

Re: 57 Drops in my home

I ran coax cable, coax ethernet, and phone drops, but also ran conduit (with string running to make pulling easier), so it is all happy with cat 5e after a simple upgrade.

0
0

Go phish your own staff: Dev builds open-source fool-testing tool

dgc03052

Re: Oh my fscking gawd/ess ...

"Corporations STILL allow numpties who have zero clue about Internet[0] security un-fettered access to the corporate email system? The mind absolutely boggles ..."

Yes, some corporations are still primarily composed of people. Some bright at certain things, and not so bright at other things.. Ok, and some really, really not so bright...

6
0

Your taxes at work: Three hours driving to turn on politician's PC

dgc03052

Trip across the pond

I got flown from the states to Germany to check the version number of video card firmware, and install the update. Back in the day when 1280x1024 was high end CAD workstations...

That was after a couple days of back and forth making "sure" they already had it.

Of course, I had another trip where my largest suitcase contained a server, padded with some clothes, so I could run tests.

0
0

Cisco boss Chambers: It's our fault H-1B visa shakeup is struggling

dgc03052

OR: We want more YOUNG, low paid workers tied to a company,

I fully agree with "The cynical among us suggest foreigners are more than willing to work in the US on lower wages than citizens will accept, cutting Americans out of jobs and saving bosses a pretty penny."

They could also stop getting rid of anyone who starts to get older, more expensive, or unwilling to work insane hours. The cult of the young Brogrammer a-la Facebook is so prevalent that people publish ACM articles that directly state that Developers: "Just like competitive athletes, they simply burn out by the time they reach their mid-30s.". http://cacm.acm.org/magazines/2014/12/180776-the-responsive-enterprise (presumably requires membership, also found in the December 2014 (Vol. 57, No. 12)/The Responsive Enterprise: Embracing the Hacker Way).

Instead of "Give me your tired, your poor, Your huddled masses yearning to breathe free...", it is Let me trap your STEM graduates for a decade. and then go back for someone fresh.

2
0

Tech that we want (but they never seem to give us)

dgc03052

CoGeneration

Move heat in a reasonable way, and generate electricity from it in the end. I can't stand paying for air conditioning dumping heat to the hot outside, while at the same time paying to heat cold water coming in the water line. Or if I have to pay to heat the home, at least generate electricity first. Nothing for the consumer is compatible with anything else, and efficiency standards are always for standalone operation.

2
0

Forums

Biting the hand that feeds IT © 1998–2017