* Posts by Orv

1027 posts • joined 13 Aug 2007

Page:

2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

Orv
Silver badge

Re: Problem-solution dichotomy

Interesting. I'd always assumed these keyless ignitions would cut out once the key was out of range.

Too dangerous. Imagine the consequences of a key fob battery deciding to give up the ghost while someone is passing on a two-lane road, or driving 75 mph with a semi tailgating them.

The usual system is that once you're in gear, the car will keep running until you park it. Once it's off, it won't start again without the fob.

0
0
Orv
Silver badge

Re: Problem-solution dichotomy

It seems to me that a 'two factor' key with a physical key and RFID is likely superior to either non-RFID physical keys or keyless fobs.

No doubt. My car has all three systems. It can be opened with a manual button press, or with a flip-out key. To start, it must sense the fob inside the car (outside won't cut it), and if the battery is dead you put the key in a hidden slot and the RFID chip is read. This is also how you pair new remotes. It seems like a reasonably well thought out, if somewhat over-complex, system.

0
0
Orv
Silver badge

Re: break and enter

My method is to drive cars that aren't worth risking a prison sentence for.

0
0
Orv
Silver badge

Re: How many of these helpful researchers were branded Pedos by Elon Musk?

Based on my experience, the dope-smoking has nothing to do with it. I don't know anyone who gets angrier when they toke up.

0
0
Orv
Silver badge

Re: You don't say...

What worries me is the opportunity for DRM-like mischief. If they ever decide, for example, that they don't want people selling used Teslas instead of trading them in, they can just brick them when the new owner registers.

0
0
Orv
Silver badge

Ditto on my Volt. I actually messed with it one day to see if I could trick it into letting me lock the keys inside; normally it will beep and unlock all four doors if I try. Eventually I succeeded by locking each door manually. (My plan if that didn't work was to try leaving the windows down a crack and chucking the keyfob in through there. Yes, I do debugging, why do you ask?)

0
0
Orv
Silver badge

Re: Problem-solution dichotomy

Whilst sympathising with your complaint, it is worth noting that the security of physical keys is not always what it might be, particularly on cheaper cars or as mechanisms wear.

Certain 1990s Saturns were famous for being able to be started with keys from other Saturns, or in some cases, post office box keys. The locks became very indiscriminate after they wore out, and they wore out fast. Various hilarious media stories about people driving home in the wrong car ensued.

1
0
Orv
Silver badge

Re: Problem-solution dichotomy

Sell it for parts, especially the battery.

And this is probably one of the reasons McLaren is not concerned. McLaren made 3,340 cars last year. You just can't unload something that rare and flashy, whole or as parts, without attracting attention. And no owner of a legit car is going to buy hot parts of unknown provenance, because installing them would tank the value of their own car.

1
0

Linux kernel's Torvalds: 'I am truly sorry' for my 'unprofessional' rants, I need a break to get help

Orv
Silver badge

Never heard of an American Muslim lopping off heads.

Meanwhile the Christian right jokes about killing transgender people in bathrooms.

I know which group I fear more.

1
1
Orv
Silver badge

Re: If only he got so passionate about Linux freezing when it runs out of memory...

I found on systems I managed that turning off memory overcommit helped, but your mileage may vary.

Normally malloc() always succeeds on Linux, whether there's enough memory to handle the request or not. Turning off overcommit causes it to return NULL if there isn't enough memory, as God intended. ;) Most processes don't trap this very well (because malloc() always succeeds, right?) and will crash, but the system will stay up.

3
0
Orv
Silver badge

The culture wars in the US have been cranked up to 11, with LGBTQ people (the ones "rainbow" references usually refer to) having legitimate reasons to fear for their well-being. Being under that stress day and night, checking the headlines to see if your group's going to be the one having their passports yanked next, that makes people edgy.

I don't like that it's come to this either, but I understand it. Some jokes just aren't funny anymore.

3
5
Orv
Silver badge

Re: It's not about the job

"Never trust someone who's nice to you but rude to the waiter."

4
1
Orv
Silver badge

Re: You would have hoped...

My opinion is it's possible to tell someone they wrote bad code without going on to tear them down as a person.

Linus needs to come to terms with the big shadow he casts. Him telling someone "no" now carries more emotional weight than telling them "fuck you" did two decades ago, because he's looked up to. He doesn't need to resort to profanity. He's bigger than that now.

2
2
Orv
Silver badge

Re: Aspergers

Not if you have a diagnosis, that would be illegal in most countries as disability discrimination.

One interesting question that's starting to come up for employers is "if you have an employee with Asperger's that's stalking another employee, which wins, the right to not be fired for a disability or the right to not have a hostile work environment?"

I've faced this issue in my own personal life, with people who make my life difficult by stalking me and my friends but that I know are doing it because of mental illness, not malice. At what point is it OK to close the door?

1
0
Orv
Silver badge

Re: Code reviews are for

Considering that it's been shown (although not necessarily in the kernel) that the same code submitted with a female name is more likely to be rejected than code submitted with a male name, anonymous reviews may not be a terrible idea.

4
0
Orv
Silver badge

Re: @ Doctor Syntax -- Don't let the namby-pambys run the Kernel, Linus!

Yup. Telling someone "no" is what matters. Unloading all his personal angst onto them in the form of profanity may make him feel better, but it's not going to result in better code. "The beatings will continue until morale improves" rarely works as a management strategy.

4
0
Orv
Silver badge

Re: Congratulations

Elon Musk's problem is not that he won't compromise. It's that he won't delegate. Maybe he sees the two things as the same, which is a serious problem. You just can't run a company the size of his companies while micro-managing every detail on the ground; you have to learn to hire smart people and trust them to make the right calls. Otherwise you become a choke point for the whole operation, as Elon is now. While a lot of people saw him pulling all-nighters at the factory as heroic, I saw it as a serious warning sign.

10
0

make all relocate... Linux kernel dev summit shifts to Scotland – to fit Torvald's holiday plans

Orv
Silver badge

Re: Better option anyway.

Yup. Only days before the eruption people were clamoring to be let back into the exclusion zone so they could tend to their property, because it had been weeks and nothing had happened. Part of the problem was inexperience -- geologists knew an eruption was a near certainty, but didn't have a good handle on how soon.

Johnston was actually one of the geologists who believed the eruption was likely to happen laterally instead of upwards, which meant he knew better than anyone that he was putting himself in harm's way. He felt it was necessary to protect others' lives.

These days St. Helens is slowly rebuilding itself with a series of small, dome-building eruptions. One of the theories is that it will continue these until they block off the main vent like a cork, and then pressure will slowly build for the next big eruption.

2
0
Orv
Silver badge

Re: Better option anyway.

There *is* a Vancouver, Washington, but it's really just an inconveniently located suburb of Portland, Oregon. Perhaps most famous for being the location of the US Geological Survey office that David Johnston radioed just before the Mt. St. Helens eruption wiped him off the face of the earth ("Vancouver! Vancouver! This is it!")

6
0

Excuse me, but your website's source code appears to be showing

Orv
Silver badge

What, specifically, is wrong with it?

Mostly it's just complex. Some of that is unavoidable (branching and merging are complicated operations) but it's somewhat obscure in its design, cryptic and counter-intuitive in its command line interface, and demands that you have a complete mental image of how it operates. (Linus had this because he wrote the thing; it's a classic example of software where the UI was designed by someone who already knew how it worked.)

Here's a simplified view of the working model:

http://www.ntu.edu.sg/home/ehchua/programming/howto/images/Git_StorageDataFlow.png

"For beginners" guides are full of diagrams like this:

https://raw.githubusercontent.com/gitforteams/diagrams/master/flowcharts/workflow-undoing-changes.png

If you don't have a full mental model of how all the different storage states interact, and what commands get your code from one to another, you'll get hung up eventually. Stack Exchange is full of questions about this stuff. Most users don't fully understand git and just follow these guides in a cargo-cult sort of way, and that kinda-sorta works, but tends to lead to frustration eventually.

0
0
Orv
Silver badge

Re: Good intentions as paving material...

Nah, some people consider any scan a "hacking attempt," no matter how innocuous.

3
0
Orv
Silver badge

Re: Hah

I wouldn't say 'most'. The really critical stuff -- the business logic behind the app -- is usually server-side.

3
0
Orv
Silver badge

Multiple copies is reasonable, but gets old when you're dealing with multi-gigabyte git repositories. The wait to clone a new copy can be significant, and you can't clone just a sub-repo; it has to be the full wad every time.

When I was working with building dev versions of ChromiumOS I'd start a clone and then go do something else for half an hour or so.

2
0
Orv
Silver badge

I kinda like Mercurial. It's like Git without the cult. It doesn't demand that my brain work exactly like Rev. Torvalds'. And it has an export command. Sadly git seems to have pretty much taken over as far as cloud repos go.

2
1

DraftKings rides to court, asks to unmask 10 DDoS suspects

Orv
Silver badge

Re: “[..] the attack prevented [..] users from actively engaging with the [..] Website,”

In fact, fantasy sports got a specific carve-out in the anti-gambling statutes. It's fascinating really. There's a good write-up (and a video documentary, but that may be geo-blocked) here: https://www.pbs.org/wgbh/frontline/film/fantasy-sports-gamble/

0
0

Congress wants CVE stability, China wants your LinkedIn details, and Adobe wants you to patch Creative Cloud

Orv
Silver badge

Re: “Funding this key cybersecurity program through piecemeal, short-term contracts..."

They now choose to distribute excrement via Twitter, instead.

3
0

Another German state plans switch back from Linux to Windows

Orv
Silver badge

Re: The problem is not Linux itself...

Three years ago, one of the very first "brown envelope decisions" of the newly elected (Tory type) government was to ditch all the perfectly working and home developed inter-ministerial communications and email software to set up (oh, surprise?) Office365 as a replacement.

Sounds suspiciously like preparation for outsourcing IT. You can't outsource effectively if you're not using standard stuff.

0
0
Orv
Silver badge

Re: Lots of companies run Linux including Google

Many companies run Linux...as a server OS. Linux on the desktop is a lot more rare.

0
0

BlackBerry KEY2 LE: Cheaper QWERTY, but not for what's inside

Orv
Silver badge

Is a full touchscreen actually more expensive than a physical keyboard, now? I would have expected it to be cheaper to make it just one big screen. Fewer components, less wiring, less finicky assembly. Am I missing something?

3
1

AI sucks at stopping online trolls spewing toxic comments

Orv
Silver badge

Unfortunately many people are lacking in self-confidence and knowledge of self-worth that they attribute to themselves the worth that is assigned to them from others.

Even people with healthy self-esteem, given a drumbeat of relentlessly negative feedback, can succumb. We're social creatures and evolved to try to adapt to the demands of those around us.

There's also the issue of speech that isn't just hateful, but is actually threatening. I don't think someone's showing a thin skin when they're put off by someone, say, naming where their kid goes to school and suggesting something might happen to them. The line between this and "vanilla" hate speech can be pretty thin and subjective -- e.g., is photoshopping a picture of someone into a gas chamber a threat or 'just' an ordinary comment that should be ignored? What about a post listing someone's address and suggesting they be SWATted?

3
0

C'mon, if you say your device is 'unhackable', you're just asking for it: Bitfi retracts edgy claim

Orv
Silver badge

Nah, 16. Which potentially makes it harder than touchscreen voting machines, which *have* been hacked by 12 year olds.

15
0

No, eight characters, some capital letters and numbers is not a good password policy

Orv
Silver badge

Re: I've always preferred ..

I actually had a user tell me, with a straight face, that they thought their password was safe because it was too obvious for anyone to expect. They'd used "password." Another used their username, but backwards.

1
0
Orv
Silver badge

It means I don't have to remember the dozens of passwords, just one formula.

I used to use that scheme, but realized if someone ever got more than one of my passwords it would be pretty easy to reverse-engineer.

Not to say that's true of yours, but I can't do Blowfish in my head. ;)

1
0
Orv
Silver badge

In my experience, user frustration with password complexity rules often happens because they're told only that a password is too weak, and not *why*. Where I work I've watched users fumble for 30 minutes trying to find a password the system would accept. People for whom English is a second language struggle especially hard.

12
0
Orv
Silver badge

How do you know they've got rubbish passwords ? Do you store them unencrypted, or capture them at the point of entry ?

He said this was a password management system, so presumably these are shared passwords that have to be decryptable to be used.

And yeah, shared passwords are their own issue, but realistically you're not going to give every single employee a separate account with every vendor you work with. It's unmanageable.

5
7

None too chuffed with your A levels? Hey, why not bludgeon the exam boards with GDPR?

Orv
Silver badge

Re: FOI...

Surely requesting access to the profs email from the ex wife could easily be labelled vexatious and therefore not require complying with.

Depends on the state, and even then it's a touchy issue. For obvious reason it's generally considered a bad idea to allow agencies to unilaterally declare that they don't need to answer a particular person's FOIA request.

Another fun example was when Seattle started having police wear bodycams, then had to backtrack on the program when someone filed a FOIA request for every bodycam video they'd recorded. They were required to redact videos to remove innocent parties but didn't have the staffing to handle that much video, so they dropped the bodycam program until a solution could be found. The person freely admitted they only made the request to prove a point.

0
0
Orv
Silver badge

Re: "Please erase all evidence of me and my poor grades..."

Even if it does, I doubt being forgotten means you get to take the exam again.

1
0
Orv
Silver badge

Re: FOI...

In academia the "retaliatory FOIA request" is a real thing. One incident I'm aware of involved a messy divorce where the wife asked for the entire contents of a professor's email box going back several years, via FOIA request. Ostensibly this was to look for evidence of cheating, but a convenient side effect was it created a lot of work for him and made him unpopular with people in the department who had to help him collect and redact all that data, not to mention his coworkers who had all their email chains with him revealed.

It's also a common political weapon, e.g. if you don't like the results a researcher got, make repeated, onerous FOIA requests to use up their funding and force them to abandon their line of work.

On the whole I think FOIA is a good thing, but let's not kid ourselves; it's frequently deployed as a club instead of a lantern.

5
0

Mozilla changes Firefox policy from ‘do not track’ to ‘will not track’

Orv
Silver badge

So I won't be able to read Wired in Firefox anymore? Oh well, it's not like I'm losing anything of value.

1
0

Cobbler feels the shoe-leather: An IP address is still not a human

Orv
Silver badge

Maybe a sequel to Blood Freak?

0
0

AI image recognition systems can be tricked by copying and pasting random objects

Orv
Silver badge

We now see that these classifiers are not learning what a "cat" is, rather they are learning the types of images in which cats appear - in other words: cat in a context. Change the context and it mis-classifies.

This has cropped up dramatically in some instances. For example, scientists training a neural net to recognize skin cancers discovered they had instead trained a ruler detector -- images of cancerous lesions almost always have a ruler for scale.

Google's "deep dream" experiments also showed that a neural net trained to recognize barbells considered the beefy arm attached to them to be part of the object.

The "obvious" solution seems to be that the neural nets need to segment images into distinct objects and then classify the objects. This is not a trivial problem.

Indeed, that's the "general vision problem" that has stumped AI researchers since 1966, one of the great unsolved "hard" problems of computer science.

6
0
Orv
Silver badge

Re: The elephant in the room!

"Never hurry into a situation you don't understand"

Pilots face an especially acute version of this, because when you're flying, you can't pull over and stop until you figure things out. It's easy to get "behind the airplane." The only saving grace is in the air there are fewer things to hit; still, pilots are generally trained to try not to let an airplane take them anywhere their mind didn't get to five minutes earlier.

Mind you, pilots can also get lost on the ground at large airports, with occasionally disastrous results, which prompted one instructor to say, "if you're taxiing and things aren't making sense, set the parking brake until they do." ;)

4
0

Intel rips up microcode security fix license that banned benchmarking

Orv
Silver badge

If you benchmark your workload you may find out HT isn't buying you the performance boost you think it is.

1
0
Orv
Silver badge

Re: Now we can understand

Ten years ago I used to routinely disable HT on servers because on CPU-intensive workloads it almost always resulted in worse performance. Note that in one case the "CPU-intensive workload" was just OpenVPN.

I'm not sure if this was an inherent CPU design problem or the kernel scheduler getting confused. But HT has always been far from a clear win.

0
0

Just how rigged is America's broadband world? A deep dive into one US city reveals all

Orv
Silver badge

Re: in Smellinois

Ah, so you want better service, but you want someone else to pay for it? I can see a snag there...

That was also the argument made for not wiring farms up to the electric grid, before Rural Electrification. Today a lot of rural farms are still served by the power co-ops created under that program. But that was back when the government still did things because they were public goods.

1
0
Orv
Silver badge

Re: When I read articles like this...

For what possible reason would "everybody" need 100 to their home?

Off-site backup, for one. I mean, I'm hoping you're not going to lose everything if your boat sinks?

Also, latency goes up fast on low-bandwidth connections if someone starts downloading or streaming video. If you do anything latency-sensitive (VoIP, gaming, etc.) it becomes noticeable problem fast. It's also a bit awkward when Microsoft's latest patch takes hours to download. Basically, no one needs 100 mbps all the time, but the ability to burst at higher speeds is very useful.

1
0

Face-PALM: US Patent and Trademark Office database down for 5 days and counting

Orv
Silver badge

NOAA's servers are having issues, too, although it's probably unrelated. Specifically, www.aviationweather.gov has been down all day. There is a backup server (bcaws.aviationweather.gov), but it doesn't have all the API endpoints.

At around 0530Z, network access to our web provider went down. As of 2000Z, some web access is available but the data are old (last data still from 05Z). The web pages are still unavailable. We are monitoring the situation. An effort to recover lost data will happen once network access is restored and stable.

0
0

Pentagon 'do not buy' list says нет to Russia, 不要 to Chinese code

Orv
Silver badge

Re: Protectionism vs. security

I would have given them the benefit of the doubt before foreign cars were declared a "national security threat." The term no longer has any meaning.

1
0

FBI boss: We went to the Moon, so why can't we have crypto backdoors? – and more this week

Orv
Silver badge

Re: Question to FBI Boss

Same reason I haven't been to Fargo in 18 years. Went there once, found there wasn't much to see.

5
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018