"why else would a company with _this_ level of management incompetence buy a 4 hour replacement?"
Erm... you're kind of answering your own question there :)
891 posts • joined 6 Mar 2017
"Managers get a pass when someone goes rogue, but not when they ignore an ongoing problem with a critical process."
Well, yes agreed, but also, say a manager asks sysadmin for full audit of network including providing backup configs and passwords, the manager is still dependent on the sysadmin's honesty and competence, either of which could be lacking. How would the manager even notice if anything related to this particular switch was missing, given that it was literally months before anyone even noticed the switch was there?
"if you chose to wander into "us" vs "them" territory, just a humble reminder that tally is not in your favor now"
Here's the problem... now it's Islamic terrorism, before that it was the nationalist separatists (IRA, ETA), before that it was the left/communist anarchists (Brigate Rosse / Baader Meinhof). Intermingled with all that are the racist / nationalists of all stripes... and one of the first justifications these morons come up with was "But they started / did worse etc". Supposed grownups still mentally stuck at age 6.
Forget about tallies. They're just excuses used by nasty people to justify their nasty actions (Besides the fact that no-one "keeping score" actually does so properly / objectively anyway).
"the Prime Minister stated that the government would be bound by the decision, and Parliament raised no objection to this."
The prime minister can say what he/she wants, its all hot air unless billed and voted for. Parliamentary approval has to be affirmative, it cannot be assumed.
One of the issues is that is so difficult nowadays to keep systems safe and private. Just off the top of my head - antivirus / antimalware, ad blocker, 'privacy' browser and search engine, secure email, VPN...
It's a lot to keep on top of even for an IT pro let alone for a layperson. And many of the vendors I've tried have multiple seperate products that they keep trying to cross-sell / push on you and / or highlight 'threats' that can be solved by said product upgrades.
I currently use a combination of Proton Mail / VPN, Brave (on mobile) and Firefox + Adblock (desktop), Duckduckgo search and malwarebytes... I wish there were a cleaner / simpler combination of effective tools. Suggestions?
"Our experiments revealed that the packets carrying the encrypted type-1 and type-2 JSON files can be distinguished from other packets by their SSL record lengths which are visible even from encrypted traffic,"
So surely it's easy to defeat by enforcing a standard packet size for encrypted packets, stuffing with dummy bits if required? Sure it reduces network efficiency but that shouldn't be a major problem.
I'm not sure exactly how encryption on video streaming works, but one thing that might happen is that if the user is sending binary choice JSON files, and each user session uses the same encryption key, then would identical JSON source data result in identical encrypted packets that could be identified? Or is teh encryption a bit more clever than that?
"I'd have made the script generate a list. Source files, and final destination filename. I literally wouldn't have a command in the script capable of inflicting damage. But I'd still test it only on a sacrificial test user first anyway. And I'd have a little arrow to correctly indicate source-> destination. And I'd only name the variables things like source and destination so I knew.... etc etc"
All well and good. Thing is, this is what you would have done had you been assigned the task now. I doubt that it's the same things you would have done as an 18-year-old.
For sure if it was me let loose on that system at 18, I doubt it would have been recoverable!
"forums that are NOT Facebook nor Twitter nor Youtube already exist. And the (alleged) perpetrator of the mosque shooting was a regular user of one of those forums. "
However I presume that those forums do not have hundreds of millions of eyeballs on them. Also forums by their very nature are 'pull' rather than 'push' as is the case on facebook etc
"Now to really piss some of you off, what if just 10% of those people in the church had guns?"
People making this comment have seen too many 'Die Hard' movies. Most likely any civilian drawing a gun in the presence of a heavily-armed, well-trained assailant is just making themselves a target to be taken out quicker.
I reckon that in real life the actual possibility of having in the crowd a real ex-special forces elite commando, with a loaded gun in their holster and a chip on their shoulders, is slim to none.
Got to give credit to The Register for one of the best articles I've seen on this terrible subject.
"whose name isn't worth publishing"
"To be clear, while he was heavily influenced by white nationalism in the West, this murderous racist knew exactly what he was doing when he pulled the trigger: there is no room for any absolution on his part."
"manifesto is itself indicative of the broken online culture of nihilistic offensiveness, outrage, and scattergun ideologies that has grown up around social media and lapped up by subnormal losers"
These are the type of straight-talking no-bullshit, and yet without the excessive Daily-Mail-Type hyperbole, that I would liked to have seen in the national press
"Now that there's evidence to ground them, safety first."
2 identical planes crashing in identical ways within a couple of months of each other is surely enough evidence to have grounded them immediately.
"A grounding of all planes of that model would disrupt airline schedules, and so I think they wanted to avoid that happening."
Yeah, let's not mind the possibility of a plane crash as long as we don't disrupt airline schedules. Way to order your priorities!
"Quality control is slipping in the mountain state."
Rather the opposite I would say - publishing the source code and allowing independent researchers to test is is an excellent part of testing, and (if I understood the article correctly), this particular evoting system had not yet been used for official votes
On you with this one. People can be compromised (see the latest US election absentee ballot fraud that was picked up in... North Carolina, was it??), but there are enough systems in place around manual / analogue elections that it probably can be caught and almost definitely can be recounted. It would also happen more probably on a local level with less impact on large results, which also means it could be more easy t spot as a statistical anomaly in a local district that is far different from surroundings and/or past votes and/or forecasts and polls.
If e-voting is compromised, then it can be compromised on a massive scale, and also in such a way that it looks evenly distributed in a way that could resist being caught out by statistical analysis. With full e-voting there is never any way of being sure of the result.
If you want to get a fast vote count, use a hybrid model:
- voting machine is completely standalone and needs just an electricity connection
- modified hardware / OS that does not have any wifi, bluetooth or other wireless hardware, no network port, whole TCP/IP stack removed from the OS. The only I/O is USB ports for keyboard, mouse, data download.
- machines are assembled / configured / updated at secure site at manufacturers, and are based off an imaged SSD with OS and software already preinstalled. Voting data goes on a seperate SSD. SSDs allow no-ventilation running so box can be completely locked and sealed. Setup is ordered by local voting entities and configured / set up at the factory. It should not be possible to do any setup, updates, configurations etc away from the secure area at the factory. For good measure, secure area is completely open plan with a viewing window that is publically accessible without restriction.
- There is a single hardware on/off/reset button that is in a seperate panel, locked, with keys kept be local voting officials at polling station. the panel also includes space to refill ballot papers. Ballot papers should be already in sheets so it's as simple to load as a photocopier, not on a roll that is more fiddly.
- There is a box for physical ballot results that is transparent and sealed, with keys NOT available to local officials at polling station, only to state or federal voting officials. panel for USB access is also locked and sealed with availability only for state / federal officials, not local ones.
- Voting process - voter is IDed* and gets to the booth. Choices are on screen, if there are multiple ballots, each gets it's own screen, voting choices clearly presented etc. Votes, presses OK, gets a paper readout printed out which has human-readable voting record plus QR code with equivalent data. Voter can read that vote is correct, scan QR code (and e-vote is only recorded at this point), and slip vote into ballot box.
- Ballot stations have double the amount of machines needed in case of failure. In case of complete failure, manual ballots and traditional ballot boxes are available.
- e-votes are downloaded at central state / federal location at stations with no outside comms access, and open-plan with public visibility. Random audits are done that (a) verify that QR code vote matches human-readable printout and (b) manually tally whole boxes and compare results to e-vote count.
- Any anomaly is always resolved by counting paper ballots.
- All original voting machines and any computers used for tally should be stored only for as long as result is certified plus any legal challenges are resolved. Then all hard disks are electronically wiped, physically destroyed and disposed of securely. Paper records are held for statutory period after which they are also destroyed.
It's still not going to save paper - deal with it. It's still not going to be cheap - if proper democracy is expensive that's worth it. It still might not be 100% accurate or secure - any other safeguards might be suggested / added. It still might not get 100% accurate results - voters aka users CAN be morons - deal with it. It WILL give a much quicker tally, which is great. It will also potentially give a much more detailed picture of voting patterns which could be dangerous, which is why it's so important to destroy / wipe all data after.
*how to make sure all eligible voters can vote, and prevent multiple voting, is a whole other huge issue
Not a valid comparison. Brexit is just awful policy, if you could sue governments for awful policy most countries would be bankrupt.
In this case Huawei are right that US can't ban specifically their products only, without any more specific reason than "they're Chinese". If NSA etc have proof of pwnage or attempted such, they should demonstrate. Otherwise it's just trumpian hot air
"Feet on the pegs at all times unless stopped!"
Personally (and this might just be my unorthodox style), but if I am on a low-speed curve on an unsure surface I keep my foot either just resting very lightly on the very tip of the peg with no weight on, or off the peg, dangling about a foot or so above the road - ready to push the bike upright if there's a sudden loss of grip. It's saved me a fall a couple of times where a handlebar correction or throttle squeeze wouldn't have. A trick learnt from experience catching an unseen oil patch on a slow-speed turn that landed me on my arse.
At such low speed (most times less than jogging / running speed), a quick push with the foot is not dangerous (or at least on the balance is less dangerous than potentially having a bike fall on it)
But of course, that's very rare circumstance, "Feet on the pegs at all times unless stopped!" is sound advice
"stays fully controllable when the front wheel drops into a ditch.."
I guess it depends how deep the ditch is. From the text it isn't clear at all.
"dropped down into a deep rectangular hole that had been cut in the asphalt" – a trench dug to install Google's pipes – according to his Jackson County court filing, at least"
At that really low speed, any bike should be able to go straight up/down a pavement / sidewalk, around 15cm. At an angle, maybe less, and depends on whether the bottom of the ditch was also asphalt-like surface or, more probably, just loose dirt which could make the front wheel slide irrespective of how deep the 'ditch' was
"...referred to motorcyclists as "organ donors". Not only in general, but the way you see them take un-necessary risks on high-traffic roads"
Unfortunately there are many (I wouldn't say a small minority but definitely a minority) bikers who behave that way. It tends to be those that ride sports / supersports bikes on the road as if they were on the track. Most of the bikers I know (myself included) ride touring / road bikes, taking it pretty easy and enjoying the views.
Personally I am glad of the fact that I only started properly in my 30s as I think if I started in late teens or 20s I would have been in the "organ donors" category. However that category is also enhanced by a large number of car drivers who are unaware of bikes around them.
In this particular instance, curious that the lawsuit occurred so far after the fact, but maybe he had 3 years of medical treatment to bill - not sure if it's possible to sue for damages that also includes future medical bills related to the incident.
"Does this mean a Death Star is now a more distant possibility than before?"
Well, DS is an energy weapon not kinetic. But if the same holds, it means instead of Alderaan being vaporised , it would be shattered into many chunks that eventually will pull back together to reform. Mind you, that's not much comfort to the Alderaanians.
>>> does that count as darth Vader mask? >>>>>
"Why would they divide up employees into small groups if they're trying to get company wide stats?"
Presumably because it pays devs in California more than those in Bangalore, it pays techs working on core revenue-generating teams like Adwords more than first-line support etc etc. Averaging across all of Google makes no sense.
"You are NOT entitled to display adverts on my equipment unless I expressly allow it.
Unless I'm allowed to spraypaint my advert on your living room wall, that is"
Wrong analogy. Your own local content on your pc/ local network can be described as your digital 'living room'. But whenever you're in a browser you're explicitly viewing someone else's content on someone else's server. That's more analogous to walking into someone's shop or office. Sure some shops / offices have ads / promotional stands you are not interested in, and sometimes they are actively in the way and annoying. But you can ignore them, and if that's still not enough, you can inform the owners that they are annoying you, and/or stop going to that shop/website. It's their choice to run ads, most likely because they don't make enough money otherwise because you don't otherwise pay for the services / content you're getting.
Ads are terrible, intrusive etc, and they absolutely should be limited in terms of tracking and personal data gathered. BUT they are the price of otherwise 'free' or very cheap content.
"The primary purpose of the military is not, actually, to kill people. It is to stop people from killing (hurting, stealing from, etc.) you. Note for example, the justification for the US military in the Constitution: "to provide for the common defense"."
Ministry of peace = war
Ministry of plenty = famine
Ministry of love = torture
" ministry of defence " is a figleaf. US certainly wasn't /isn't defending itself in Vietnam, Afghanistan, Iraq, Libya, Yemen etc.
"it is a legal requirement for US companies to collect statistics about the race/ethnicity of their employees"
Yes, it occurred to me that HR might be actually wanting this data so they can positively discriminate towards underrepresented ethnicities in their workforce and thus earn brownie points for 'improving' the mix. And then miss-specified the requirements horribly and passed the actual work through a few layers of outsourcers, ending up in a lazy / clueless dev nabbing a list off an existing Brazilian site.
"...ethnic descriptions used in the Brazilian census ..."
Doesn't really matter where the list came from, nor whether in Brazil 'amarelo' and 'mulatto' are considered offensive*. Even if the dropdown said 'Asian' or 'East Asian' or 'mixed-race' or whatever supposedly inoffensive term they could come up with, it's still highly inappropriate to ask this question. And THAT isn't something a developer just came up with - if it's part of IBM's main US recruitment website you can bet that it's some pretty high-up people in HR who requested and/or approved that.
*I would think that they are offensive regardless
"A success will make Israel the fourth country to have achieved a soft landing on the Moon's surface."
Bit of a quibble here, but since it's a privately funded lander launched by a private company, not the Israeli government, the above statement doesn't quite ring right. What is much more interesting (and a true genuine first) is being the first private-enterprise moon landing, which is a far greater achievement considering that the other 3 previous landers were the world's 3 best-resourced government space agencies .
"Alass none of them end in either an "a", or an, "e" though..."
If one of the criteria is 'related to Jupiter / Zeus' and another is 'ends in e or a', surely that is a pretty definite list to choose from. I mean, I know Roman / Greek gods were legendarily promiscous, but that list is anyway not going to be more than a few dozen names is it?
"Since the US is refusing to actually show why China deserves to be singled out, the only reasonable thing to think is that there isn't a justifiable reason."
OR, there IS a reason that they don't want to make public. For example that the NSA etc haven't managed to compromise any Huawei kit because it is more secure than that from other vendors.
"If everything's encrypted, what's the problem?"
Because a lot can be made out even from the metadata. The one thing that CAN'T be encrypted is the packet headers etc - the network itself knows source, destination, volume and timing of messages, and a lot can be determined from that. For example feed a juicy bit of (mis)information to a known point on the network and note where subsequent messages are directed
"a very large country that thinks it's exceptional and which is currently run by a somewhat haphazard and maladroit administration"
Right now that is an equally apt description of the US, China, Russia and Brazil. I'm not that current with what's happening in India, Indonesia, Nigeria and various other Asian an African large countries but I suspect that the same might apply.
In fact, given the messes variously heard about in the UK (Brexit), France (gilets jaunes), Australia (breaking encryption), various EU countries (right-wing / immigration-related issues) etc etc... is there ANY administration in a first-world country that is NOT "somewhat haphazard and maladroit"?
Scandinavian countries? Switzerland? anyone else?
"So, what's the real issue? Is it just poor security (as the report seems to suggest) or fear of Chinese government backdoors?"
They're looking for Chinese backdoors, but can't find any.
So they're grabbing on to any security flaw they can find to use as an excuse for blacklisting Huawei kit. Of course other vendors might or might not have similair security flaws, and should be getting the same in-depth scrutiny. And of course the REALLY pertinent security question is, are they looking for *American* backdoors in other vendors' kit?
"Advertising - by it's own definition - is unnecessary"
It's unnecessary for the consumer in the sense that if consumer wants something they go get it and if they don't want something they won't. If a consumer wants more specific information or wants to find out options etc, that's what trade magazines/websites and comparison sites are for.
On the other hand, advertising is absolutely necessary for businesses... not only giant businesses with multimillion-dollar ad budgets, but also for small businesses, tradesmen, startups etc. You can't always get by with word of mouth.
"how much of this is money hurled against a wall like so much shit (which, of course, it is), hoping some will stick?
Maybe there are credulous children out there, believing the shabby advertising drivel, but does anyone else even notice this garbage any more?"
quite true... and yet... say you're a small business starting up and want to advertise your product or service, how do you get customers? People blank out ads in newspapers and magazines as much as the online ones... and let's face it, El Reg readership is much more likely to be blocking ads than the general population. Given how expensive print / TV ads are anyway, online per-click ads are still probably a good option.
Sure, maybe you pay for 1000 clicks, 800 of them are fake and from the remaining 200, you get 1 or 2 people who are paying customers. That's still probably worth it from business point of view. Or as I once heard (paraphrasing here) "we know X% of marketing dollars are wasted, but we don't know which ones". In other words, business owners are prepared to pay for online ads even when they know that the vast majority of them are a waste.
Personally I think it's better to go back to a model of targeted advertising based on site-specific content rather than individual targeting. eg advertise sportswear on a sports site, fashion accessories on fashion site, electronics on tech site etc. That provides a minimum of targeting without invasive tracking and privacy issues. And from the consumer side, what is needed is a combination of legal safeguards a la GDPR and technical solutions like 100% of browsers having inbuilt VPN / gateway system that exposes only the absolutely necessary information to the server and/or for anything else keeps changing externally visible identifiers and severely limits cookies so the server can't track users across sites / sessions etc
Biting the hand that feeds IT © 1998–2019