* Posts by Blazde

16 posts • joined 11 Jan 2019

'It's like painting with atoms'... Watch how boffins form armies of simple micron-sized bots from a silicon wafer

Blazde

Re: Nay robot

"A bit of metal that bends irreversibly when you shine a light on it"

I'm struggling to think of anything I'd be less likely to want injected in to my body.

What happens when security devices are insecure? Choose the nuclear option

Blazde

Re: "my GP refused to THINK about things"

Dead you say? Have you ever considered taking a statin?

Blazde

Re: Cocking up personal data

This record merging happened to my mother in Clarks a few years back. An in-store order for shoes got sent out to someone else and chasing them up revealed a mash-up of customer data in their computer and some mild denial from the staff ("are you sure this isn't your address?", "I don't know what to say, we sent the shoes out already").

Anyway, three months of hassle later she did get a free pair of shoes but some mystery woman somewhere out there now knows my mother's shoe size - including the width - which would presumably be a serious GDPR breach if it happened more recently.

Spooky! Solar System's Planet NINE could be discovered in the next NINE years (plus one to six), say astroboffins

Blazde

Re: square-root-of-nine years ago?

Some of the earlier estimates had it as far out as 1200 AU... almost 0.5% of the way to Alpha Centauri.

I remember on the Sky At Night Maggie did a visualisation, scattering a few stones to represent the known planets and the Kuiper belt in a small circle at one end of a long hangar, and then walked for what seemed like about 5 minutes to the other end describing how massive and extremely elliptical planet nine's orbit might be. *Then* she started climbing a dangerous looking platform to demonstrate it's huge inclination.

It all gave a very good sense of why they think it might be a captured planet, and also why it may well not exist.

How do you solve a problem like Galileo? With a strap-on L-band payload, of course!

Blazde

Re: Hirzon angles??

I've got it! Long sticks. GPS/Galileo/BS receivers on long sticks. Sticks are cheap and they could be telescopic to cope with different sized valleys and buildings. Each tank could have one, and each platoon could have two in case the soldier holding the first one got killed or got tired.

Ooh I can really feel the good old fashioned plucky British innovation spirit returning. Hey we could make the sticks from Meccano!

One click and you're out: UK makes it an offence to view terrorist propaganda even once

Blazde

Amazon are fine. Sales aren't prohibited, and they're allowed to stock/handle the material because they have the 'reasonable excuse' of possessing it for sale. There is history to this:

"Waterstones, Amazon and WHSmith all stocked The Anarchist Cookbook despite at least 16 people being convicted over the past ten years for owning copies."

https://www.thesun.co.uk/archives/news/236212/terror-manual-flogged-on-the-high-street/

(I think it could be argued the SAS Survival Handbook is only useful for going on the lam after an act of terror, not in preparing or committing it, but who knows with this vague wording)

Blazde

Re: It's a mad, mad, mad world

Something similar is also part of the new British act:

"creating an offence of entering or remaining in an area outside the United Kingdom that has been designated by the Home Secretary if it is necessary for protecting the public from terrorism"

To be fair, criminalising those caught up in war zones back home is better than leaving them to rot in Guantanamo.

Blazde
Big Brother

"Maybe that is the point. Catch enough people and who knows what might turn up?"

I see it more like:

A) Criminalise a large section of innocent population

B) Once a 'bad guy' is identified and there's a hunch they should be locked up but that hunch can't be proven in court, there is hopefully a charge created by spurious crime A to fall back on

The vast majority who commit A but avoid the gaze of suspicion are fine, and that's fully intended because otherwise the police/CPS/courts/prisons would need vastly more resources to properly enforce it. It's best if the criminalised thing is a bit icky like beheading videos or extreme porn (to name another example) because fewer people will be willing to oppose creation of the law even though they're breaking it, and it's useless unless lots of people are breaking it.

In theory any selectively enforced law gives this kind of pseudo-judicial power to authorities (selective deportation of illegals who've built lives and pay taxes in the US for example), but the tactic seems to work best where digital evidence can be collected cheaply beforehand and used if/when needed later. So I think we can expect an increase in this kind of law.

Intel SGX 'safe' room easily trashed by white-hat hacking marauders: Enclave malware demo'd

Blazde

If the interface between any security domains is well enough constrained then it's secure. The central problem is that if you can gain even a few bits of flexibility over unintended control flow then it's highly likely you can leverage it to usurp the Turing machine in a universal way, and run whatever you like. All the ASLR/stack canary/etc technology complicates the task greatly but raises the theoretical bar hardly at all.

Almost all Turing machines are universal, yet when we create a secure system we're trying to find a (usually very) complex machine which is *not* universal. It's an almost unimaginably impossible task.

Tell NASA to grab the margarita mix – a sextillion-kg salty ring found floating in space

Blazde
Alien

Noting that at no point does the paper rule out the possibility this is an alien fish and chip shop accident.

Boffin suggests Trappist monk approach for Spectre-Meltdown-grade processor flaws, other security holes: Don't say anything public – zip it

Blazde
Pint

Re: "Professor Uht was not available for comment today"

He actually was available, but answered the phone with: "Hallo! The professor is Uht!". So they hung up.

Blazde

Re: So? Responsible Disclosure?

No, he's not arguing for responsible disclosure. He's arguing for security by obscurity. He says it may not make sense for vendors to assign resources to fixing a disclosed vulnerability until it's being actively exploited. In his view there are infinite vulnerabilities and limited resources to fix them, so white-hats are actually making things worse by finding(*) new vulnerabilities.

(*) They don't just find vulnerabilities, he says "white-hatters seek out or *create* weaknesses or vulnerabilities".

Blazde

Science 101

Apart from notifying regular users of what bad actors inevitably learn about earlier, and forcing the hand of lazy vendors, there is a pure science argument here. Publishing research spurs further research. It allows results to be replicated, deeper insights to be gained by others, and the frontier of knowledge progresses wider and faster as a result.

Spectre/Meltdown is as an adequate case study for this because new variants have continued to be discovered, in more chips, and the widespread open research into side-channel attacks (and paging specifically) before discovery meant software fixes had already been developed ahead of time. It meant the flaws were discovered several times semi-independently, as is often the case with these things (and highlights the futility of keeping them secret). The end result will be more comprehensive hardware fixes, in more chips, and more secure design practices in future. That even suits Intel because they're less likely to go through another round of bad publicity several years down the line.

Of course conventional wisdom should be challenged but it's surprising to see a research professor of all people advancing these naive, worn-out closed-science arguments.

(Please think of the information Gus, it just wants to be free)

I studied hard, I trained for years. Yay, now I'm an astronaut in space. Argggh, leukemia!

Blazde

Re: How does this compare?

Indeed. For starters the NK activity drop is not dramatically higher than observed in shift workers (and in subjects in sleep-deprivation studies). Unsurprisingly astronauts on-mission are routinely sleep-deprived too: https://www.thelancet.com/journals/laneur/article/PIIS1474-4422(14)70122-X/fulltext

It sounds like there could be some additional effect but it's strange this new study doesn't mention sleep once in 33 pages.

Build the wall... around your DNS settings, US govt IT staff urged by Homeland Security amid domain hijackings

Blazde

Re: Yeah

Obama won(*) his shutdown, ergo it was the Republicans' fault for delaying the inevitable. As it will be the Democrats fault if they give Trump wall money after all.

(*) So much so he was able to say "nobody is winning", which is what you say when you're so blatantly winning so big you don't even need to tweet about it.

Cyber-insurance shock: Zurich refuses to foot NotPetya ransomware clean-up bill – and claims it's 'an act of war'

Blazde

Re: Oh yeah

All insurance companies have money set aside for future payouts, it's known as the float and investing it - typically in bonds which pay interest - is a key part of a running an insurance outfit. Having said that I'd be surprised if an eventual payment to Mondelez doesn't include some interest-like compensation for lateness so it's unlikely they're motivated by hanging on to it longer except as a means to reduce the principal amount.

Biting the hand that feeds IT © 1998–2019