* Posts by Palpy

521 posts • joined 11 Nov 2014

Page:

The Solar System's oldest minerals reveal the Sun's violent past

Palpy
Silver badge

Re: While we're all being pedantic... And right you are.

The word the writer might have written transmutation instead, I suppose. Irradiated aluminum in nuclear reactors gradually becomes riddled with microscopic helium bubbles, which make it brittle. A previous study examined the 20Ne, 21Ne, 22Ne and 3He isotopes in the Murchison space rock, but in the chondrules and matrix, not the hibinite crystals.

So does science advance, crabwise, groping to separate the signal from the noise at the edges of detection. Good on 'em!

5
0

Trump 'not normal' FCC commish reveals amid Sinclair-Tribune mega-media-merger meltdown

Palpy
Silver badge

Re: Trump 'not normal', but are any elected officials "normal"?

Exhibit A: Senator Ron Wyden, Oregon. You've read about him in El Reg columns.

For my money (and vote), he is what an elected official should be.

30
1

Some of you really don't want Windows 10's April 2018 update on your rigs

Palpy
Silver badge

Truthfully, Microsoft's update borking --

-- is one of the major reasons I moved to Linux.

I remember... on the road, sitting in a public library in a small town with a Vista laptop which, due to a Windows update, could no longer connect to any wireless network. Can't go online to get patches or drivers, can't research the problem.

Never again. I haven't "learned Linux", just figured out how to use it well enough. If the above situation were to happen now with Siduction or Ubuntu, I now know enough to pop in one of the several distros I have on thumb drives, and zing -- I'm online to troubleshoot the main problem.

Personal user case: I have a Win 10 machine now, but it's a grandpa box with no wireless and it never gets connected to the home network. Windows, air-gapped. It runs a few applications, and if I want something -- Paint.net, say -- then I download it onto my Siduction box, scan the download, and sneaker-net it over to the Windows machine.

Obviously that's a specific way of using the system, and if you need a Windows box for online gaming or collaborative development work, then my approach no work so damn good.

But think about getting a thumb-drive Linux (you can purchase a pre-loaded version pretty cheaply if you don't have the time to do it yourself). Think of it as tiny lifeboat which can't be sunk by Microsoft.

28
2

You can take off the shades, squinting Outlook.com users. It has gone dark. Very dark

Palpy
Silver badge
Pint

If you want it. Not for me.

Use cases and aesthetic subjectivity has to be taken as read, here.

That said, dark-theme showed up quite a long time ago as the default in some Linux applications in certain distros, and I (with full-throated aesthetic subjectivity) loathe it. Glad it works so well for some people. Some people love the live-tile stuff in Win 10, too, but to me it's like having brightly-colored cockroaches on my screen, squirming uncontrollably.

However, my involvement with MS Outlook will last, at most, three more days. [cue old-guy laugh] Heh, heh, heh. Beer, because I'm having a retirement party.

22
1

Microsoft Visual Studio Code replumbed for better Python taming

Palpy
Silver badge

Re: Visual Studio 2017, no ISO installer...

I noticed.

I work on an air-gapped system (for ... exactly ... 6 more days before retiring) and for quite some time I depended on some stuff written originally in VB6 and then ported to .net. Fortunately, I ported everything to Python a couple of years ago. Python is easy to install on even an air-gapped Windows system; not so much VS. A few scripts to replace the exe files, and I never looked back.

All that said, my coding skills are trivial compared to those of most commentards. I'll shut up now.

5
3

Crypto gripes, election security, and mandatory cybersec school: Uncle Sam's cyber task force emits todo list for govt

Palpy
Silver badge

"...creating hardware with backdoors..."

Check! Done. Intel considered harmful (pdf).

Of course that's old news, 2015 vintage. And the undercover OS it describes, Intel's Management Engine, is older still. (And it has an analog in AMD, so don't think it's just Intel.)

The bad news: your hardware is not secure and (probably) never will be. The good news: you're too small a fish to get fried by it. So far. Until someone automates a hack for these secret-OS-under-your-OS codebases.

6
0

Microsoft: The Kremlin's hackers are already sniffing, probing around America's 2018 elections

Palpy
Silver badge

Re: Russia and Who else? Talk to the NSA, FBI, et al.

US security agencies involved with international intelligence have unanimously fingered Russia for 2016 election hacks, and to ongoing efforts to disrupt US politics. The article to hand is a footnote, with Microsoft explaining how Russia abuses MS services in phishing attacks.

Parroting Trump ("it could have been anyone") is buying a lie, Yank Lurker. It wasn't just anyone. The NSA fingers Russia. The FBI fingers Russia. The CIA fingers Russia. The Office of the Director of National Intelligence, the oversight agency responsible for coordinating US intelligence... fingers Russia.

The intelligence reports specifically say that the Russian effort was to discredit and denigrate Clinton, and to boost Trump. Here's the public report from the Office of the Director (pdf). The report is very clear: the effort was to defeat Clinton and get Trump elected. The report is also very clear on the Russian actors which ran (and continue to run) the effort.

Don't buy the disinformation from Fox News, Breitbart, and Trump. The data is in the intelligence documents, not in the mouths of Sean Hannity and Tucker Carlson. And the truth has never been associated with anything coming from Trump's mouth. Get facts.

22
7

Trump wants to work with Russia on infosec. Security experts: lol no

Palpy
Silver badge

Re: "...stuttering mass of responses..."

Yes, indeed. But like Pavlov's legendary dogs, Trump responds predictably to certain stimuli. That's why there are patterns in his behavior. Irrational, yes. Random, no.

I really did come up with that twaddle about Russian loans on my own. Just now I read George Will's column in the Washington Post in re Trump's subservience to Putin:

"The most innocent inference is that for decades he [Trump] has depended on an American weakness, susceptibility to the tacky charisma of wealth, which would evaporate when his tax returns revealed that he has always lied about his wealth, too. A more ominous explanation might be that his redundantly demonstrated incompetence as a businessman tumbled him into unsavory financial dependencies on Russians. A still more sinister explanation might be that the Russians have something else, something worse, to keep him compliant."

(George Will is one of the few real conservatives left in the American media. It saddens me to see writers like Mark Thiessen grovelling before the neo-fascist reactionary right as if before a serious political philosophy. But I digress. Sorry.)

Jeff Merkley, US Senator from Oregon, opines that it is not money but sex tapes: "It's the standard strategy of Russia when people visit there who are important, to try to get compromising information on them, to set them up with hookers, to tape everything that goes on in their room. So it's likely that they have that." Reffy

I don't agree, because Trump is notoriously dismissive of his own amoral sexual predation. His record of cheating on all his wives with whatever large-bosomed female took his fancy is well known. Frankly, if a tape of Russian prostitutes pissing on a hotel bed were made public, I imagine that most Trump supporters would say "Yeah! You ROCK, Donald! Make America wet again!" And they'd go home and tell their wives to pee on their pillows.

So I don't think that's why Trump grovels before Putin.

Finally, to all those farther down the thread who note that while Putin shot down civilian air liners, annexed Crimea, allied himself with Assad the Butcher, and had various individuals inside Russian and outside it assassinated, America is not exactly a spotless paragon of virtue: well, duh!

That's not the point. The Point is: work toward a Good Orderly Direction. Discourage bad things; encourage good things. When leaders are fuckwits, take notice. When Pol Pot says "we must purge the weak by killing them all" then take notice, yes? When the Prez of the USA pleasures a tyrant, whether it's a tinpot like Duarte or a cunning megalomaniac like Kim Jong-un or a cold psychopath like Putin, then that Prez is a fuckwit. He deserves as much censure as we can heap upon his nasty head.

That's my say. Tough day at work, but I have 10 working days left until retirement. And my passport is current. If it's Kristalnacht in the USA, I may still make it out. :)

21
0
Palpy
Silver badge

"I don't think Trump is controlled by anybody..."

I. A. Spartacus --

You may be right. Trump is certainly the most highly-placed scatterbrain in the world right now. What comes out of his mouth may indeed be nothing more than verbalization of the shiny-lights cast by his disco-ball mind. He may have shifting hunches, and no coherent strategy whatsoever.

But his obsequious behavior toward Russia seems to be one pattern. His attacks on Western economic and military alliances which oppose Russian influence seem to be another pattern. I'm not sure why he is behaving this way; it seems politically risky and, of course, strategically stupid. To me, unexplained patterns bespeak hidden purposes.

I respectfully disagree with your characterization of Putin as wanting in long-term strategy, though. I think he is very good at playing a long game. He's managed to rotate between premiership and the presidency for 19 years, longer than most Russian top dogs of the post-Stalin era. I think his strategies for destablizing Western governments were long-planned, have been intelligently and flexibly executed, and will be very hard to counter.

As far as money goes, yes -- Trump's lawyers and accountants have shielded his personal fortune from the business reversals of Trump Organization. However, he may fear:

1. Adding another critical financial reversal to his record. "Six bankruptcies -- call that a deal-maker? Call that a successful businessman? Hah!" Those financial failures sting his ego. Look at the way he pretends they were somehow successes.

2. If Putin had the Russian bankers call in such a debt, it would inevitably become public. Revelation that an American President is massively in debt to an enemy of America may actually start turning Trump's supporters against him. It may even make McConnell and the Republican machine repudiate the President. He may fear that more than the losing money.

So maybe I'm seeing shadows, or misinterpreting the patterns which do exist. It's a show worth watching, though! All the clowns are there.

45
2
Palpy
Silver badge
Devil

Tee hee. Trump is to Putin as --

-- cheap hamburger is to a hungry Rottweiler.

Given that "We [the Trump Organization] are seeing a lot of money flowing in from Russia", given that Trump has promised since 2011 to release his tax returns (yes, even before he was a candidate) and has broken all of those promises, given that his "debt-loving" method of real estate dealing has in the past several years given way to a "cash-dealing" method which is unusual in that crowd, I think he has a hidden source of big money. It's Russia.

The autocratic, corrupt, and oligarchic nature of Russian business means that Putin, as top autocrat, can, to a great degree, control the behavior of Russian banks and big-money lenders. If he requires a group of lenders to call in payment on a loan of 500 million, as a "favor" to him, then they will probably do it. Or end up poisoned, imprisoned, or both at once.

And so: Trump did the Helsinki roll-over for Putin because he has to please the Russian gang boss. He attacked NATO for the same reason: he is, under the sheets, pwned by Putin. Why would he say the EU is America's foe? Because he has to show Putin he will cooperate, and deliver whatever he can to aid Putin.

Just guesswork. But if Trump's tax returns were carefully vetted, and all the shell companies and offshore LLCs were unraveled, I'll bet there would be a bunch of threads leading to Russian financial oligarchs. That's Putin's leverage.

And offering Putin "cooperation" with US digital security agencies would be a lovely bit of treason.

95
17

US voting systems (in Oregon) potentially could be hacked (11 years ago) by anybody (in tech support)

Palpy
Silver badge

Urrghgh. You mean...

... my mail-in ballot in 2004 may have been compromised in some way on the county tabulation machine? But nobody knows if that actually happened, or if the Bush over Kerry win was illegitimate because of my vote being hijacked by an as-yet undocumented hack?

WELL!

I vote for Ron Wyden. And Jeff Merkley. And in the House, Peter DeFazio ... I must say, I have called upon DeFazio's office three times when in need of aid, and his staff have responded immediately. This actually made a difference in my personal life. Me, personally, mind you!

The USA was not established as a democracy. In the days of the Founders, only about 6% of the population were allowed to vote -- the white, land-owning males, usually. So it is gratifying to me, an heir of these oligarchic, slave-whipping arseholes, when democracy seems to be coming to the USA.

Trump is a setback. I hope it's temporary. But I have a current passport, and Costa Rica looks sane.

6
1

PayPal, Google ordered to make suspected pirates walk the plank into freezing waters

Palpy
Silver badge

Re: Imagine being refused...

"Imagine being refused health insurance - but when you ask why, the company simply blames its risk assessment algorithm."

I don't have to imagine. When nerve impingement in my lower back started making my legs go numb, my "insurance" management company -- PacificSource, to name names -- denied the neurologist's request for an MRI. I called them. They said, in essence, "We employ an outside firm to evaluate medical necessity; we do not decide to deny coverage for a procedure, they do. We do what they say, and that's that." I asked for a contact number for that firm, and was told it was not possible for me to speak to them. I got a number anyway, and reached a very flustered young man who said, again in essence, "You should not be calling here. There is no line for patients. Please hang up now."

Point being, faceless, semi-secret entities are already denying health care, without patient input or recourse.

My advice: carpet-bomb the provider. Contact everyone from the Better Business Bureau to your representative in Congress, your state governor, insurance regulators, the HR department in your company (if that's who coordinates insurance coverage), and everyone else you can think of. Do it in writing, do it on the phone. I didn't get to the point of posting scathing YouTube videos about PacificSource, because I got coverage for the MRI first.

Oh, and I'm better now. Thanks for asking.

27
0

Kaspersky Lab's move from Russia to Switzerland fails to save it from Dutch oven

Palpy
Silver badge

It's probable that I am too naive to catch the tech here.

Which is to say, I may not actually understand whether the networks and servers physically located in Russia are, in fact, vulnerable to the FSB and, ultimately, Putin. It would seem to my age-addled mind that in a state like Russia -- slipping closer to a totalitarian tyranny than perhaps any time since the death of Stalin -- any infrastructure can fairly easily be co-opted by the State for its own dark purposes.

Yes, it's true that the GCHQ in Britain or the CIA in the US are doing things that are illegal, harmful, and bad. So, I gotta ask: if you were offered a choice between the GCHQ as run in Britain or the FSB as run in Russia, which would you choose? If someone said, you can live under the shadow of the CIA, or you can live under the shadow of the FSB, which would you choose?

Point being, I don't believe it's all the same thing. I don't believe that the Western intelligence agencies, for all their shithead behavior, are as dangerous to "freedom" as the Russian agencies. Whatever "freedom" means to you.

I read this news as Yevgeny Kaspersky's tacit admission that as long as his servers, networks, and codebase are physically inside Russia then they are indeed vulnerable to the whims of the FSB and Putin. And I read it also as a quite courageous assertion that black-box code should have no place in security applications. Who watches the watchmen? If it's unaudited code, the watchman can sell or barter info-scrapings, and no-one is likely to catch him.

Finally: yes, of course audits can be cheated, even if "certified" by external agencies. But it's risky. One slip, one bit of code not properly laundered, and someone yells foul. One disaffected employee, and a whistle gets blown. Much safer to take the Microsoft / Apple tack, and stamp it "Proprietary, no peeking".

So. Kudos to Yevgeny. It's a good business move. But also, it betokens a decent understanding of realpolitik, and perhaps more than a nod toward a philosophy of ethical security software.

IMHO, and caveats may apply.

5
0

How could the Facebook data slurping scandal get worse? Glad you asked

Palpy
Silver badge

On curves, and being behind them.

Those of us who worry about such things have watched malware sophistication keeping ahead of anti-malware measures for a long time now. The development curves pace each other, with the malware programmers just a bit ahead of the anti-malware programmers. (By evolutionary principles, of course: anti-malware, like the immune system, can so far not respond to a threat until it appears.)

Facebook, aka Zucklandia, is rather like a medieval duchy of inbred and diseased courtiers whose sole talent is exploiting the peasants. When a horde of rather savvy and innovative Mongols invades, they have neither the skills nor the weaponry to eradicate the invaders.

They've never done fark-awl about securing Zucklandia against exploitation, and now the shoes are well and firmly on the wrong feet. And, to switch back to the original metaphor, the curve is so far ahead of them they can't even see the rise. Couldn't happen to a more deserving enterprise, IMHO.

36
0

How many ways can a PDF mess up your PC? 47 in this Adobe update alone

Palpy
Silver badge

Mother of chickens.

I mean, I have always hated PDF and Acrobat with irrational rage, but 47 vulns?

And, of course, just today I had to open PDF documents (on my PC and without a condom!) and (attempt) to fill out one of them and submit it to HR. Oh please. I can only hope that the wretched thing gave the creator herpes. What is wrong with an HTML form? Oh, wait, that would take more than a point-and-click mentality to create, so of course they're having none of that!

Better to heave bloated PDF around until everyone on the network is used to opening them without qualm, and then deal with the security breaches as they happen.

Sorry. Always hated Portable Document Fuxery. Always will, and glad of a chance to go off half-crocked about it.

6
0

It's World (Terrible) Password (Advice) Day!

Palpy
Silver badge

Yes, well, if people use many different --

-- methods for passwords, then we are all more secure. Because if crims don't know which method is being used, we are all better off.

Anyway. I have a cloud account (not USA, not MS, not Google, Dropbox, et al) in which resides an encrypted password file and not much else. I can remember the username/password pair for the cloud account, and the encryption key for the file. I cannot, however, remember my (main personal) email password. Damned thing is too long and too random.

I just wiped and reinstalled the OS (Ubuntu Studio) on this old Thinkpad, and I'm traveling. Good thing I can remember just enough to get in to the cloud account, and copy-paste my other, weirdo passwords from the password keeper, eh? Especially for the sites which are established with fake identities and special-purpose email accounts. The details of which my aging brain cannot hold onto either. ("I grow old, I will wear my trousers rolled.")

Anyone's detailed advice about constructing passwords is almost always bad advice for anyone else. If I try to follow one of the methods which others find salubrious -- song lyrics mixed with Roman numerals, every letter corresponding to the Fibonacci sequence replaced with sequential digits of PI, or whatever -- OK, I'll just get confused and lose it all. Wake in a gutter in Sri Lanka with one kidney missing, probably.

Let's all arrive at decently secure but different methods of doing it. "That'll put a spoke in their wheel!"

2
0

Uber breaks self-driving car record: First robo-ride to kill a pedestrian

Palpy
Silver badge

Re: "Clever car?" and aircraft autopilot: and "makes cars safer"

Daniel, I suspect we agree very closely.

I do think there's a good chance that, as you write, software will -- eventually -- make cars as well as airplanes safer.

My only caveat is that, because street-level driving is so much more complex than aeronautical or nautical travel, street-level autopilot needs more proving-out.

I like automation. It rocks the industrial world I work in. But -- eh, well, you already know the but. Maturity. The algorithms must mature. In my rather humble opinion (IMRHO) auto-driving auto-mobiles have not matured yet.

2
0
Palpy
Silver badge

Re: "Clever car?" and aircraft autopilot

I understand your point, but I think there is a very large difference between aircraft autopilot and driving in traffic.

How often do you imagine an aircraft has to evade an object 10 meters ahead? In flight, how often is following distance to another aircraft less than 35 meters? How often does an aircraft need to merge into a stream of other aircraft, or avoid pedestrians? How often does the pilot need to negotiate a banking turn while maintaining +- 1 meter tolerances to avoid a fatal collision with oncoming aircraft?

For perspective, the FAA mandates 1000 vertical feet clearance between aircraft, or 3 miles horizontal clearance.

And how often is highway traffic controlled via radio instructions from a central traffic control tower?

My personal feeling is that driving a car is a very different kettle of eels from piloting an aircraft. (As per the Pythons, a hovercraft full of eels is another matter.)

I work with industrial automation. Millisecond control loops are common. Very fast responses. Very accurate control, in the right circs. (But watch the oscillation, mate, 'cos your actuators may not be that fast. Integrator windup.) However, the challenge lies in programming for those rare events, unexpected perturbations, and unanticipated failure conditions.

A container ship on the open sea may take 6 kilometers and 20 minutes to turn through 90 degrees, but the driver of a Honda Civic has no such latitude when the motorcycle in front of him skids out. (If a porpoise skids out in front of a container ship... well, sorry, Flipper.) An airliner traveling at 500 km/hr is in desperate peril if it comes within 50 meters of anything of substantial mass, but that's following distance on the motorway at 110 km/hr. In plain words, drivers of automobiles face much more tightly constrained and unpredictable conditions.

Again, my personal opinion, as a programmer of rather simpleminded and -- erm -- often inelegant industrial automation routines: programmers of self-driving automobiles face a challenge probably two orders of magnitude greater than programmers of aviation or nautical autopilot devices.

It needs a lot of proving. AI is nice too, but when human lives are at stake, it too needs a lot of proving.

8
0
Palpy
Silver badge

AI is not ready for the road, I think.

When driving, I periodically have to make decisions based on unexpected and unpredictable circumstances. Often these decisions must be made very quickly, and therefore the decision is made intuitively -- using a human brain with something over 40 years of accumulated on-road experience.

I'm not exceptional. Most of you commentards are equally skilled and safe on the road.

Obviously, when automation is handling controls, the human involved will allow his attention to relax. That's a major reason for automation of tasks: to remove the need for a human's continual, concentrated attention. Talking or texting on cell phones while driving is banned in some places for exactly that reason: it impacts driver concentration.

To me, the salient question is not whether the pedestrian or bicyclist was hard to see, or did something unpredictable, or disobeyed the rules of the road. To me, the question is whether a human driver with hands on the wheel, feet on the pedals, and eyes on the road would have saved a life.

10
3

18.04 beta is as good a time as any to see which Ubuntu flavour tickles your Budgie, MATE

Palpy
Silver badge

RE: ...not there yet for the home user...

...Mmmm.

Well, imagine not having to run antivirus software in the background all the time, nor update it, nor wait while an antivirus scan slows your PC to a crawl. Imagine not having to sit and watch the animation while "Windows is configuring your updates" before you can log in. Imagine not having to worry about attachments in a Word or Excel file pwning your system. Imagine reading the latest security scare, coming across the phrase, "installs a malicious Windows dll" and thinking, "Oh, that's all right then, no worries for me." Imagine seeing another story about Win 10 sending user data to Microsoft, and thinking "well, I don't have to figure out how to disable that because it doesn't apply to me."

You're imagining my home Linux box.

For the "general home user" Linux is a very good choice. IMHO, the main reason it's not more widely used is that home users get Windows (or Mac) pre-installed when they buy a machine, and it's what they're used to. Modern Linux distros are neither hard to install nor to use (except for some specialty distros), but plain-vanilla home users almost never change whatever OS is on their machine when they take ownership.

Certainly Windows is needed by most serious gamers, Photoshop and Autocad pros, and a number of other use cases I'm too lazy to list. And, frankly, use cases aside, if you want Windows, just use Windows. No worries.

But really... It's unnecessary to claim that Linux isn't ready for general users. It's just fine.

The Ubuntu team has vitalized a whole branch of the Debian tree. Thanks for that, Mark S. I'll probably go to 18.04 when the finished LTS hits the servers.

4
0

NSA boss: Trump won't pull trigger for Russia election hack retaliation

Palpy
Silver badge

Re: Glenn Greenwald --

-- with regard to the Russian attempt to illegally influence the US election: "Who the fuck cares about that?"

Useful idiot? Obviously. Needs to step back and think a bit, does Glenn Greenwald.

The thing about smart people: they are not always smart about everything. The Snowden revelations: good. Cleverly done. But hatred of the US intelligence agencies -- who detest Snowden and Greenwald -- may well have skewed Greenwald's judgment. Or perhaps it's something else.

But: Putin's useful idiot? Based on the comment quoted? Absolutely.

Et tu, AC?

4
12
Palpy
Silver badge

I see the apologists for --

-- Vladimir Putin's campaign of destabilization are out in force.

Tom Dial: "Arguably, too, we have engaged in far too many acts of (undeclared) war..." etc.

So, Tom, you'd be OK with the Mexican army shelling San Diego? The US shelled Lebanon. Fair's fair, is what you're saying? Or, to put it more personally, since men have engaged in rape, you're OK with getting raped?

Can you say "specious argument", Tom? Sure. I knew you could. You know national defense, not to mention self defense, doesn't work that way.

AC: " They lied through their teeth over WMDs in Iraq..." etc.

Yeah. So the Senate and House testimony from Facebook, Google, and Twitter about the number of Russian accounts and the money spent by Russians on influencing the election in the US is all fabricated? Not to mention the British and French corroboration of the Russian attacks?

As much as I distrust Clowns In Action, the evidence here is much broader and deeper than anything involving the Iraq Attack, or, for that matter, the Gulf of Tonkin incident. Can you say "minimize and distract", AC? Can you say, "Russian useful idiot"?

And not to leave you out, GrumpyOldBloke: "...all without a hint of hard incriminating evidence."

If you can read the indictments, you know you're spouting wet stuff from a bullpizzle. I mean, come on: 13 criminal indictments with no evidence? That seems more of a stretch than size 8 Lycra tights on John Goodman, Grumpy. And anyway, see the above: plenty of third-party evidence here.

There's an odd phrase used sometimes to describe those who aid a foreign nation's attacks against one's own country. It is, I believe, "collaborationism". Can be servile, or ideological; voluntary or involuntary. I would put most of the above posts in the "ideological" column. Trump is in the "involuntary servile" column.

Queue the downvotes from ideologues, Russian stooges, and... well, collaborationalists. Meaning those who wish to cooperate in destroying the (ideally, I admit) free and fair elections in the US. OK, perhaps that should be "further degrading" said elections. But I digress. Queue the downvotes!!

8
27

Symantec ends cheap Norton offer to NRA members

Palpy
Silver badge

Nothing but customers and members.

It's widely done. The AARP or the NRA or the Sierra Club and an airline, a hotel chain, or a provider of software (I feel that Norton anti-virus is practically malware, but never mind) negotiate a mutually beneficial deal: the organization gets to tout special benefits available to its members, and the provider of services gets a certain number of new and repeat customers because the organization members feel they're getting a deal. And they may be, but one which still allows the service provider plenty of profit.

20
0

Ayyy-EYE! Google code 'predicts heart disease' by eyeballing retinas

Palpy
Silver badge

Hmmm, perhaps econo-political diatribes could be avoided...

... for awhile in this case.

This appears to be decent research, and inasmuch as cardiovascular disease is a killer particularly in Western societies, I would be inclined to give the researchers some credit for possibly valuable findings. It's not like they're claiming a Holy Grail, just positing a new diagnostic tool.

"Lily Peng, a doctor and lead researcher on the project said that it was early and they were working with small data sets. In future large data sets could provide deeper insight. One of the problems with this study was that it could look at eye images at 45 degree views and this could miss out vital zones in the retina. Researchers are trying to correct this problem with new versions. Although more research is necessary, the team still calls this a major step towards 'non-invasive' diagnosis and predictor of cardiovascular health." Linky

I would prefer, for once, not to connect every damned thing with the sins of Google, or of Microsoft, or of Apple, or of Canonical, or whatever. Just let the research stand (or fall) on its merits. But that's just me.

6
0

Mueller bombshell: 13 Russian 'troll factory' staffers charged with allegedly meddling in US presidential election

Palpy
Silver badge

Re: You're conflating two things, AC.

1. Fusion GPS was paid for investigative reporting, first by a conservative Republican news source (funded largely by Paul Singer), who did not support the candidacy of Trump. After Trump's primary victory, then a lawyer associated with the Clinton campaign hired the company. Nothing illegal.

2. Fusion GPS is based in Washington, DC. Last I looked, that's part of the United States. Just west of Delaware. Can't miss it, AC. Christopher Steele is a British national, and he was hired by Fusion GPS because of his Russian expertise. It's legal to hire foreigners. Done all the time. Nothing illegal.

3. The founders of Fusion GPS, an American company, decided to release the Trump dossier because they believed it contained material in the American public interest. The FBI had already corroborated some of the material, based on their own investigations, and already had possession of the dossier. No foreign money. Nothing illegal.

And there are no grounds whatsoever for indicting Christopher Steele. You misunderstand both the facts and the law, AC.

4
3
Palpy
Silver badge

Re: Calling for an indictment of Steele is a bit thick, laddy.

Steele was hired to do investigative work and produce a report. Not to canvass for Clinton, not to post fake news stories on YouTube, not to build twitter-bots to tweak US voter sentiment before the election. Steele was hired legally, for a completely legal purpose. Investigate-and-report.

Also, foreign leaders -- eg Vicente Fox, Theresa May, Justin Trudeau -- are obviously free to speak their minds. How could they not be?

Foreigners spending money to campaign for or against US candidates is what's illegal. Think about it: if not for this law, then China could outspend the largest US political contributors and, essentially, buy every US election it cared to. So: it's illegal.

Another bit of misdirection that surfaces in these discussions: Yes, the US has tried to buy or otherwise flip elections in other countries. The US has done much worse than that. But that's not the point: if your country fired artillery shells into Lebanon (as did the US), does that mean that Americans should welcome Mexico firing artillery shells into San Diego? Or that the US military should smile and nod happily as Canada shells Detroit? Don't be an idiot. Of course the US objects to meddling in our political process. So should every country, whatever its own sins.

There are a lot of posts on this thread which muddy the waters in fairly trivial, fairly stupid ways. Most are based on disinformation, misdirection, and outright fallacies. Many are by anonymous cowards; make of that what you may. But Russian efforts to influence the US (and other countries) continues. On this forum? Possibly not, but... eh, if the Russians bother, they probably put the lowest of the lowly among their operatives on the job.

Which would explain the low quality of some of the AC posts, I guess.

4
4
Palpy
Silver badge

Re: Canadian in great jeopardy -- not.

As I understand it, US law forbids foreign entities from financing efforts to sway the US electoral process. That's illegal. So, my friend from the North, one question would be whether you did, in fact, spend significant money in the US trying to subvert the election.

I suspect not. (Buying a MAGA hat doesn't count.)

Also: "The defendants were charged with carrying out a massive fraud against the American government and conspiring to obstruct enforcement of federal laws." My guess is that this stems from use of fraudulent US bank accounts -- Richard Pinedo, for one, has already pleaded guilty to creating bank accounts using fake or stolen identities, and selling the accounts to Russian operatives. (It's possible Mr. Pinedo did not know the buyers were Russians, but ... creating bank accounts using fraudulent identities is illegal, and using fraudulently created bank accounts, as the Russians did, is also illegal. So both Mr. Pinedo and the Russians are, separately, at jeopardy here.)

So, Canadian, did you create fraudulent bank accounts in the US, or use such bank accounts?

I would guess not. You're probably an honest sort, as are most commentards.

I guess the overarching point is: Grand jury indictments are not trivial. This is not Bob Mueller saying "Oooo, it's them ones! Them's what done it!"

Indictments are based on criminal law and a standard of "probable cause", as determined by a jury of 16 to 23 members reviewing the evidence in the case. It's an odd system, I know, and used by relatively few nations. Wikipedia. But an indictment not something tossed off at a whim.

5
1

Crypto-gurus: Which idiots told the FBI that Feds-only backdoors in encryption are possible?

Palpy
Silver badge

Wyden seems like a pretty straight guy.

He's represented Oregon since 1981 in the House, and then since 1996 in the Senate.

I think it's a mistake to tar all politicians with the same dirty brush. Wyden has the luxury of very strong backing in his district, so he doesn't have to prostitute himself to get re-elected. And of course one reason he has strong support is that he has a reasoned and substantive approach to the job of a legislator, and his constituency notices.

All that said, I don't think the fight against backdoored encryption will be successful for very much longer.

22
0

From tomorrow, Google Chrome will block crud ads. Here's how it'll work

Palpy
Silver badge
Stop

Click here for one weird trick to train your brain!

A co-worker found an online news story about the use of dimethylpolysiloxane to stimulate hair growth. The site had a talking head vid at the top, and the news story in text underneath. He kept scrolling up to see the talking head; I kept telling him to scroll down so I could read the story.

His brain is, apparently, trained to want information presented a certain way -- even if it takes 45 seconds for the talking head to chatter through the script, and only 10 seconds to read the more complete and detailed story in text.

So to the point: how are the advertisements training our brains?

I suspect most people (myself included) say "I ignore ads; they have no effect." But I don't think that's the case. We "ignore" a lot of things which, nevertheless, make it into our eyes, ears, and subconscious. IIRC, the author of the book "Doublespeak" quotes a Chinese academic visiting New York more or less thus: "In China, everyone recognizes government propaganda. Everyone knows it is propaganda. But when it is repeated enough, then it begins to seem true anyway. In America, the television advertisements are just like the Chinese propaganda."

Ads are usually made to be attention-grabbing, intrusive, engaging, impossible to ignore. In the industry, that's an "effective" ad. If we see ads on every web page we visit, all the time, how is that training our patterns of perception? Are we being trained to accept that being interrupted and manipulated is normal and OK? Maybe even stimulating? Are we being trained, subconsciously, to automatically take in information that fits propaganda-speak patterns and which is presented in certain ad-format patterns?

I dunno, actually. Human behavior is complicated. But I use ad- and javascript-blockers, and when I duck out from under cover and see the ads... it's just nasty. I don't want that crap in my mind.

7
0

NASA budget shock: Climate studies? GTFO. We're making the Moon great again, says Trump

Palpy
Silver badge

Tee hee!

Coming NOW: "Buy tickets now for Trump Shuttle, destination Trump Towers in SPAAAACE! And tha MOOOON!"

Coming tomorrow: "Oh, sorry, everything went bankrupt after all. Should have guessed -- Trump Airlines and Trump casinos redux."

Coming the day after: "Oh, and so very sorry -- entire USA bankrupt now too. But Trump loves debt, so he did the right thing with debt-based financing of the nation. Yay Trump!"

But more seriously, Congress needs to take a firm hand. Selling off national infrastructure, public lands, serious scientific and technological research, and cashing out the future for a pittance payable now is very bad long-term strategy. Hopefully wiser heads will prevail when it comes to actual legislation.

25
2

A Hughes failure: Flat Earther rocketeer can't get it up yet again

Palpy
Silver badge

AFAIK, the chap was not a flat-Earther --

-- until he found he could get money from them for his steam-powered rocket. Though not very much money.

"Hughes is actually a fairly recent convert to the truth of a flat earth, as he tells a fellow flat-earther in a recent fundraising interview for the project. ... Completely coincidentally, this conversion to horizontal honesty came around early 2016. This just so happened to be about the time Hughes’ previous Kickstarter campaign to raise funds for an Evel Knievel-style rocket flight to space—in which he didn’t say a word about flat earth or conspiracies—raised exactly $310 of his $150,000 goal." Alex McLevy writing for AVClub.

It's cupidity, though that does not rule out stupidity (of a certain flavor).

The crack about stupidity notwithstanding, I would not be able to do what he's done so far. Nor would I want to... especially the "pulled moaning from the wreckage" part: YouToob.

11
0

Twitter breaks bad news to 677,775 twits: You were duped by Russia

Palpy
Silver badge

Re: Namecalling

I am perhaps a bit old-fashioned. I think anytime a man refers to a woman as a b**** or a white refers to a black as a n*****, they deserve disrespect. Happy to oblige. (From his writing style, I infer that cyke1 is a youngish white man. Among other things, "yea" for "yeah" is a common error in that age-group.

How about it, conservative boyos? Can you put an objectively sourced number on "Hillary bots", as we can on Kremlin bots? How about it, Big John? Got data?

12
10
Palpy
Silver badge

Re: "B****" --

Posted like a true white-male supremacist, my friend.

10
26
Palpy
Silver badge

Follow-on to the previous post... sigh.

Some US legislators have called for the release of classified memo alleging FBI bias against the current administration. The relevant bit: "The use of the hashtag #releasethememo increased 315,500 percent in roughly 24 hours on 600 Twitter accounts known or suspected to be under Kremlin influence" according to nonpartisan monitors. Reffy: Reuters.

Russian meddling is not over. It's not even slowed down.

11
17
Palpy
Silver badge

It's a bit of a snicker, really.

Trump clinched the electoral win in 3 states: Michigan, Wisconsin, and Pennsylvania. All told, about 107,000 voters determined the outcome of the election. IIRC, those states had a roughly 5% write-in protest vote. If only 1/5 of the protest vote in those states was turned away from Clinton by Russian Twitter and Facebook posts, and various Russian fake news sites, then --

-- well, Putin succeeded. He turned the US election.

I agree that it was mass stupidity. I agree that people believed lies because of confirmation bias, desire for change even if it destroys the US as a democratic republic, a sense of disenfranchisement, and all of that. The US is deeply dysfunctional.

But to the point of the article: we have seen some of the election-tampering iceberg but not the whole of it. Even when we see the slime on the very bottom, though, I doubt that the US constitution will stand -- because the legislative and judicial branches have shown far too much deference to the executive. That's the royal road to despotism. American democratia, requiesce in pace.

36
19

Cyber-coin crackdown continues: Commission charges couple crypto-currency company chiefs concerning 'conned' customers

Palpy
Silver badge

Uh...

Awesome alliteration amplifies angst, and awes allegedly almighty a**holes?

12
0

Butcher breaks out of own freezer using black pudding

Palpy
Silver badge

Ecky thump?

Lancastrian... I had to Goggle it on the Online.

Uncyc entry

3
0

Everything running smoothly at the plant? *Whips out mobile phone* Wait. Nooo...

Palpy
Silver badge

Re: Trivial? Hmmm.

In my experience, many SCADA and DCS are "trivial" in the sense that programming a self-driving car is "trivial".

For instance, one might need to program X-Y-Z axis motion with millisecond accuracy to control log and saw movement in a sawmill. Or calculate the optimal cuts for the maximum yield from each log as it moves into the line. With safety considerations and failure mitigation built in. And so forth. The problems are not the same as financial analysis or optimizing database I/O, but "trivial" is a matter of opinion.

I will absolutely agree that using OPC or OPC-UA to implement control if you already have a SCADA or DCS in place is nutty. Why write a PID algorithm when any SCADA system includes well-tested, powerful, and usually very flexible PID algorithms already?

6
0
Palpy
Silver badge

Industrial automation tends to be conservative --

-- in the sense that taking down a refinery because you implemented a cool new gee-whiz algorithm causes huge distress. Therefore SCADA and DCS programming tends to move more slowly than, say, innovations like Microsoft's move from 7 to 8 to 8.1 to 10. Let alone the changes from Blaster to WannaCry, or Sircam to Locky. That's part of the reason security appears to be an afterthought in SCADA: changes come slowly, and the security landscape changes fast.

But anyone who uses an Android app from the Google Play store to access an industrial control system needs to be re-assigned to the custodial crew and have his or her phone incinerated.

11
0

How to hack Wi-Fi for fun and imprisonment with crypto-mining inject

Palpy
Silver badge

Mmmm, JavaScript.

JavaScript. So convenient. So available. So ubiquitous. Creamy and smooth, with crunchy bits hidden in the syntax.

Just turn it off.

For those who find the new WebEx version of the NoScript add-on problematic, try an add-on to toggle it on and off with a single click.

Research notes that public toilet seats are actually not primary vectors for disease. Public wifi is a different matter. MitM attacks are well-established. In this case, you can catch a nasty from a public installation.

So publication of this particular hack seems a good thing. It should lift consciousness about the risks. (Once again...) Perhaps a few more people will take note.

11
3

Windows Store nixed Google Chrome 'app' hours after it went live

Palpy
Silver badge

OS wars aside --

-- Windows, Mac, and Android all seem to have trouble with their official app stores. Malware and fakes seem to be common. Apps coded to ask for more permissions than they need to operate add to security risks.

Independently-curated repositories (Debian, Fedora, Slackware, etc) seem to be less bad. The downside is that often these repositories lack the most up-to-date version of a software.

For a long time we had a wild-west array of Win32 software online -- I got burned once downloading paint.net when in a hurry, and got a malware-barnacled version. I suppose the official Windows store is an attempt to mitigate that, but -- like the other official stores -- it appears to come with as many problems as it attempts to solve.

For that reason, I tend to stick with old-style Windows applications, downloaded and Clammed once on a Linux machine, then scanned again on the internet-isolated Windows box before installation there. (As always comes out in these discussions, usage cases vary widely, and it's pointless arguing them; my case happens to not need Windows for anything much, so my lone Win10 machine seldom gets booted. But it's there if I want it.)

5
1

5 reasons why America's Ctrl-Z on net neutrality rules is a GOOD thing

Palpy
Silver badge

Well-thought out and well-researched article.

My best congrats. Excuse me whilst I light a ciggie -- Philip Morris has assured us they cause no harm -- and pop some oxycontin (non-addicting, according to the makers). For after all, corporations always do the right thing, just as you note in your article. Fine work!

You know, back when I was starting out in the WoW (World of Work, not World of Warcraft) some people thought that the abbreviation "inc" stood for "innit for the cash", and that the only business of business was to make money for owners and investors. Who knew that once the Invisible Hand of Capitalism's self-interest had us tight by the nads, we would ... enjoy the squeeze.

Because squeeze they will.

Just as you say, we are going to enjoy it, and smile as the Invisible Hand tightens on our jewels.

Thank you, Ajit Pai, sir! May yours rupture.

95
2

Kaspersky dragged into US govt's trashcan as weaponized blockchain agile devops mulled

Palpy
Silver badge

Re: Sigh... and absolutely right, mate.

Yep. You are absolutely arfin' right. The argument cuts on geopolitical boundaries.

Outside the USA, the same rules apply: why would an Aussie trust McAffee not to send info to the NSA? No reason, mate. If you are outside the confines of the geologically static east coast of NA and the geologically active west coast of NA, then no: do not trust US security software, because it may very well be compromised by NSA.

If you are in USA, would you rather the details of your company's strategic mineral rights are in the purview of Russia or China or US intelligence? Well, duh.

Keep your own secrets, my Aussie commentard. Keep them well, and beware NSA. Beware FSB.

I have no beef with that.

13
1
Palpy
Silver badge

Sigh... it's geographical as well a geopolitical, innit.

Why single out Kaspersky?

Dost thou recall, gentle commentards, the previously-secret hacking tools pulled from the laptop of one Mr. Pho, ostensibly by an automated Kaspersky scan for malware? Did Kaspersky intentionally send the FSB the data?

“'The more likely scenario is that Russian intelligence has some sort of automated monitoring of the traffic that comes back to Kaspersky,' says James Lewis, Cipher Brief expert and a Senior Vice President and Program Director at the Center for Strategic and International Studies (CSIS)."

What about an FSB spy inside Kaspersky?

"...the authoritarian political environment in Russia means that the FSB would not have to go through the subtle process of recruiting insiders within Kaspersky. Rather, what the Kremlin says goes, according to Steve Hall, a former member of the CIA’s Senior Intelligence Service."

“'The FSB would have no need to have a spy inside of Kaspersky,' says Hall. 'Bottom line is that it’s almost unimportant how they’re doing it – what’s important is that the FSB can do whatever they want because Eugene Kaspersky and that entire company is based in Russia and nobody wants the FSB knocking on grandma’s or mom’s door and saying, ‘your son isn’t being as cooperative as we want him to be.’”

"[Former British signals intelligence chief Robert] Hannigan agrees. 'It’s simply inconceivable that a Russian company would say ‘no’ to an approach by the FSB: it would be reckless to refuse,' says the former GCHQ chief. 'So, this is not so much about cyber but about authoritarian state control and corruption.'”

All this is quoted from The Cipher Brief, but the quotes seem pretty common-sensical to me. In pragmatic terms, nobody is picking on Kaspersky because they are Russian; they are picking on them because the environs in which they operate are technically, legally, and politically controlled by an authoritarian regime which is inimical to many Western interests.

Eugene K. may be a helluva a good fella running an excellent technical security company. But he doesn't control his country, and his country has extraordinarily coercive leverage over anyone or anything in its domain. And probably has extraordinary abilities to monitor internet traffic -- meaning that every datum sent to Kaspersky as part of its security service is probably monitored by the FSB.

Simples.

4
12

Intel Management Engine pwned by buffer overflow

Palpy
Silver badge
Devil

Re: Who is behind all this? and government spies...

Mmmm. I'm no expert in the tech involved, but consider the recent leaks of NSA hacking tools.

Next headline: "NSA tools for hacking Intel Management Engine and AMD Platform Security Processor leaked. Laptop with entire codebase gone missing".

Meanwhile, on darknet: "Shadowbrokers offering one time sale on Intel ME and AMD PSP haxxors. You buy, we sell. #shadobrokers is being back in spades."

10
0

US politicos wake up to danger of black-box algorithms shaping all corners of American life

Palpy
Silver badge

Re: Ever consider that those prison sentences are justified?

We're a bit off-topic, but I'm interested.

First, I wish I could stick a graphic in here: I constructed a distribution curve plotting number of countries versus prisoners per 100,000. It is of course a modified bell curve. The US is not just out on the high tail of the bell curve, it is WAY out on the tail -- all by itself it defines an extension of over 10% on the curve. All other countries imprison fewer people. Except, as I mentioned, Seychelles -- which is probably a statistical anomaly, seeing as it does not even have a population of 100,000 people.

Why? Here are two possible assumptions, Charles.

1. The US imprisonment rate makes it the safest country on Earth, by a wide margin. This is patently false.

2. The US population is by far the least law-abiding, most criminal, most debased and anti-social population existing anywhere on Earth.

You may choose Door 2 if you like. But I don't believe it.

Or:

3. The US criminal justice system has become unusually and unnecessarily punitive.

If 3, then causes might include the corporate profits being made by private prison and prison-supply companies (who have lobbying groups to match their profits), political scare tactics used by "law-n'-order" candidates (often underwritten by said lobbying groups), and the desire in some states to remove as many minority citizens from the voting roles as possible (in many states, and all southern states, prisoners are denied the vote).

Personally, I suspect the idea that US prison sentences are justified is not logically supportable, Charles9.

7
0
Palpy
Silver badge

Re: Not just credit scores...prison sentences.

Yes. Since the 1980s the percentage of the US population in prison has grown immensely. The US now imprisons more of its population than any documented nation on Earth, except a tiny island nation off the coast of east Africa, Seychelles.

IIRC, it's mostly down to long sentences mandated by crime-and-punishment matrices. These are the result of state and federal mandatory-sentencing laws, not really the same as the black-box algorithms used in credit scoring and ad targeting.

0
0

Guilty: NSA bloke who took home exploits at the heart of Kaspersky antivirus slurp row

Palpy
Silver badge

Leaks: Mathematically probable.

A conspiracy can be thought of, in a broad sense, as any data-set which is known by a finite number of people, and which these people intend to keep secret from others. The NSA can be thought of as a "conspiracy" keeping certain kinds of knowledge -- its attack-and-compromise codebase, in this case -- secret from others.

However, the more people involved in a conspiracy the more likely it is to fail. From a Plos One paper, lead researcher David Grimes, on the probability that a conspiracy will be exposed:

"The analysis here predicts that even with parameter estimates favourable to conspiratorial leanings that the conspiracies analysed tend rapidly towards collapse. ... For a conspiracy of even only a few thousand actors, intrinsic failure would arise within decades. For hundreds of thousands, such failure would be assured within less than half a decade."

The paper analyzes mostly single-event conspiracies, not the case of a large organization trying to keep a body of ever-changing knowledge secret. But I kinda think a general rule applies: it becomes harder to avoid leaks, whether intentional or accidental, as the number of those with inside knowledge grows. The number of people employed by NSA is classified; it's estimated at 100,000. Surely only a fraction have access to secrets like those revealed in this incident.

But it would seem to me that the upshot is: expect leaks. Plan for them; take it for granted that they will happen.

12
0

SpaceX 'raises' an extra 100 million bucks to get His Muskiness to Mars

Palpy
Silver badge

Re: Consumer Reports scale --

-- A quick Google does not reveal t he details of the scoring system. A deeper one probably would. Here's what CR wrote:

"In rating it, however, we faced a quandary: The Tesla initially scored 103 in the Consumer Reports‘ Ratings system, which by definition doesn’t go past 100. The car set a new benchmark, so we had to make changes to our scoring to account for it. Those changes didn’t affect the scores of other cars."

FWIW.

4
1
Palpy
Silver badge
Pint

I guess, yeah, His Muskiness is kinda --

-- "optimistic" and "enthusiastic" about some things.

But I gotta love a guy that has his company release a Youtube of their own failures. A sense of humor makes life better.

Then again, he makes the quickest production electric car available to the public. The Models S P85D broke Consumer Report's rating system, scoring 103 out of 100. And his rockets work, mostly, and put cool stuff into orbit.

Maybe succeeding at some spectacular things makes a guy kind of optimistic and enthusiastic. Good on 'im.

13
1

Page:

Forums

Biting the hand that feeds IT © 1998–2018