Has anyone told Volvo?
Posts by Michael Wojcik
12268 publicly visible posts • joined 21 Dec 2007
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- Next →
NASA boffins tackle Nazi alien in space – with the help of Native American tribal elders
I can't see why we should not use a name dating back to ancient Greek writers [continue usual whinge]
No one said "we" couldn't use the name. NASA decided in this case not to ask the IAU to approve the name "Ultima Thule" for this particular bit of rock. So fucking what?
Personally, I suspect they did it just to get a rise out of all the political-correctness-bugbear scaremongers on the Internet.
Just Docker room talk: Container upstart's enterprise wing sold to Mirantis, CEO out, Swarm support faces ax
Re: Argh! What now?
I think that containers will evolve to end up looking a lot like virtual machines. In a few years time, the extra hardware resources required for that won't really be a problem.
Some research suggests that for many workloads, VMs are just as resource-efficient as containers.
Back In The Day, IBM's VM was happily running dozens of virtual OS instances on S/370 systems with fewer resources than a smartphone. VMs can be very lightweight. Mostly the problem is bloated OS instances, and there are techniques such as the "library OS" model which fix that.
Judge shoots down Trump admin's efforts to allow folks to post shoddy 3D printer gun blueprints online
Re: Why a 3D printed gun?
The thing about a 3d printed gun, or indeed any sort of gun, is that it's useless without ammunition.
Nonsense. You can wave it around threateningly, or throw it like they do in the movies, or plant it on someone to get them in trouble, trade it for a sandwich, use it to tenderize meat... The possibilities are endless.
Really, it's loading a gun that reduces the things it can safely be used for. I don't recommend it.
Re: Why a 3D printed gun?
I don't own a gun (but have in the past) and for the foreseeable future, won't own one either. But I understand some folks feel the need for self protection.
I don't currently own any guns myself, but my wife and I have been discussing getting a shotgun. At the Mountain Fastness, rabid skunks, feral dogs, and some other undesirable animals are all occasionally found in the area, and not long ago someone in the neighborhood had a bear rooting though their garbage.
Calling Animal Control is an option, of course; but they could take several hours to respond. A bear rooting through your trashcans may just mean a mess to clean up and some new trashcans. But if the bear decides there's food in your car - well, that doesn't turn out well for you. And sometimes bears break into houses. Happened a couple of years ago to a woman who lived in a cabin on the other side of the mountain. She happened to have a rifle to hand, and shot it dead in her front room. I doubt I'd be so successful, but in an emergency I might be able to discourage a bear with a couple of loads of shot.
Don't trust the Trusted Platform Module – it may leak your VPN server's private key (depending on your configuration)
Was that a hardware TPM, a firmware TPM bundled with the CPU and chipset, or a software emulated TPM? Windows, for example, may claim a "TPM" is present when it's just a software emulation.
In short, it may not be Dell that's doing this, and when they say a model doesn't include a TPM, they may mean it doesn't include a true hardware TPM. That's the only sort of TPM I'd bother using for my own purposes (and, yes, they're useful), so the distinction is relevant.
Re: Boffins
Hey - the folks from Whoopie Tech get to work in beautiful Worcester, Massachusetts. (Municipal motto: "Somewhat nicer than Lowell!")
In all seriousness, I agree that it's always good to see people doing the work. (This sort of thing is pretty fun work, in my book, but that doesn't make it less important.) But I don't know that salaries at Worcester Polytechnicl are "tiny", exactly; online sources differ, but it looks like professors average around $110K, which suggests full professors in particular earn a comfortable salary. Cost of housing around Worcester isn't great but isn't as bad as Boston.
Of course graduate students are basically on subsistence pay, even with assistantships and fellowships, but that's true for all US universities.
Re: Or right if you work for some intelligence agency
You're multiplying entities needlessly. It's difficult to do constant-time big-number arithmetic correctly, and the dangers of timing side attacks for ECC were not well-documented until relatively recently. Thus it's probable that most or all of these attacks are accidental.
While well-resourced actors are likely capable of subverting the TPM development process at various OEMs, and certainly wouldn't have any qualms about doing so, these are odd backdoors to choose. They'd be better off backdooring the CPRNG, which is undetectable if done correctly. (Or putting in backdoored ECC curves, except there are users who know to insist on using standard ones.)
And as long as those actors know existing implementations are flawed, there's no reason for them to intervene and risk discovery.
Don't miss this patch: Bad Intel drivers give hackers a backdoor to the Windows kernel
Microsoft embraces California data privacy law – don't expect Google to follow suit
Uber CEO compares pedestrian death to murder of Saudi journalist, saying all should be forgiven
Hyphens of mass destruction: When a clumsy finger meant the end for hundreds of jobs
Re: SCO Unix
I don't know about that, jake. My wife and daughter are die-hard Mac fans, as were many of the academics I knew back in the day. I'm pretty sure I've heard each of them cussing out the machine once in a while.
Fact is, pretty much any non-trivial tool used often enough will eventually get on the user's nerves, deservedly or not. And fond though I am of UNIX,1 it certainly has its infelicities.
1Though not of MacOS. Whenever someone asks me to help them with something on a Mac, the first thing I do is open Terminal so I can use the OS the way God intended.
Is this paragraph from Trump or an AI bot? You decide, plus buy your own AI for $399
Re: I thought that Donald 'I cheat at Golf' Trump
Actually - and while I am in no way a fan of our Village Idiot in Chief - Trump has appointed quite a few women to significant positions in his administration. He's fired a bunch of them too, of course; but then he's not been reluctant to do that to men either.
In any case, "a poor record on appointing women" is one criticism of the Orange Megalomaniac that probably isn't fair. Appointing competent, reasonable women ... well, again, it's not noticeably worse than his record with men.
If it sounds too good to be true, it most likely is: Nobody can decrypt the Dharma ransomware
Re: Really?
Physical implementations of General Quantum Computing machines have so far been a bit underwhelming. They may remain so for quite a while yet, though it's always possible we'll see significant improvements.
To the best of my knowledge, 21 is the largest integer yet factored1 using an implementation of Shor's algorithm on a true GQC machine with a program to factor arbitrary integers.
There have been larger numbers factored using Shor's and GQC, at least as great as 4088459, but those are integers of special form, where the factors differ by only a few bits.
There have been larger numbers factored using adiabatic quantum computing (AQC), as implemented by e.g. the D-Wave machine; but AQC has limited application and it's not clear that it offers any real advantage over classical computing, at least for most applications. I mean, if you want to predict how your spin glass will anneal, it could be pretty handy, but you're not using it to break someone's ECCDH key.
In any case, none of these demonstrations is about doing a better job of factoring a number than your six-year-old does. It's about showing that these very preliminary GQC and AQC machines can in fact be used to implement certain algorithms, even if only for trivial inputs.
1"factorized"? Ugh.
Yes, and perhaps they've captured a Magic Decryption Fairy.
Many people have looked at Dharma. Even people who can write competent English prose, which apparently is a skill not available at Fast Data Recovery. (What are they doing with the profits from their many successful recovery cases?)
It is much, much more likely that this is simply another iteration of the ransomware middleman scam.
Re: "Negotiating with the ransomware author"
They may be, or be affiliated with, the ransomware author; or they may be an independent third party. Both are viable business models. The former offers greater profit, but requires more work and entails greater risk. The latter has a much lower cost of entry.
What's that, Skippy? A sad-faced Microsoft engineer has arrived with an axe? Skippy?
Re: Visual Studio != Visual Studio Code
I'm not looking at it because I hate IDEs. I've been using IDEs on everything from PCs to mainframes since the 1980s, and I've yet to see one that comes close to the power of a good set of dedicated tools running under a competent shell.
JFTR, I did take a look at VS Code. It's better than Original Formula Visual Studio, but that's a mighty low bar. I didn't care for it.
Congress to FCC: Where’s the damn report on mobile companies selling location data?
Re: He's being enabled
a very "independent" mindset where you only had yourself to rely on
American self-reliance is almost entirely a fantasy. The vast majority of that voting bloc exists only because of Homesteading and Reclamation (or Reclamation's rival vandals, the Army Corps of Engineers), and only enjoys modern conveniences because of other huge Federal projects such as rural electrification, communications subsidies, and Federal highway money. Then there are all the ranchers grazing cattle on Federal lands, the lumber industry using the vast network of roads built by the Forestry Service, and so on.
In some parts of agriculture it's a bit of a wash, since so many Federal subsidies go to big agribusiness rather than the smaller farmers who are often the staunchest Republican supporters. But that doesn't stop those small farmers from taking their subsidy checks, of course.
Robotics mastermind admits: I pushed over my 1-year-old daughter to understand balance
It's valid research
There's a section in his Baby Meets World where Nicholas Day talks to some people who study toddler kinematics, mostly at a lab they've created for that purpose. They set up obstacle courses for toddlers over foam pits and observe the techniques the kids use to get through them. From Day's description it sounds like good fun for all, and it's apparently produced substantial research into how children learn to walk and balance.
Microsoft's phrase of the week was 'tech intensity' and, no, we're not sure what it means either
Re: Tech Intensity is nearly always 1
yet they still get a positive result!?
Not if you have zero adoption.
For that matter, if you regard them as having negative capability and have the right sort of negative trust, then intensity is purely imaginary.
It's also conceivable that "^" is the bitwise exclusive-OR operator, as in C. In that case, the only sensible interpretation of Nadella's equation is that it's an exercise in trivial obfuscation.
Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it?
Re: A lot of pissed-off people
Apparently FlashRouters will sell you a router with DD-WRT already installed. I've never used them myself, and have no idea what the quality of the hardware is.
I've been meaning to get a couple new routers with decent hardware (as far as I can determine from reviews) and put DD-WRT on them. That seems like a reasonable approach for tech folks who can afford the time. But the fact that I haven't gotten to it yet suggests I can't...
What do you get when you allegedly mix Wireshark, a gumshoe child molester, and a court PC? A judge facing hacking charges
Re: Jeez
The problem is that the person she hired subcontracted to a felon who had just allegedly violated the terms of his release. That's what got the police involved in the first place, and that's why the Judicial Qualifications Commission suspended her.
Of course, picking a fight with a DA - even if you're a judge - is problematic. Prosecutors in the US generally have way too much power and too little oversight. Though the same can generally be said of judges (many of whom don't even have legal training).
Re: "Her computer"?
Without help from (someone in) the IT department???
Certainly conceivable. It's not difficult. Parents put spyware on their kids' machines all the time. Abusers do it to spouses and other victims. It's trivial for someone to purchase spyware and get instructions on how to install it. There are plenty of vectors for non-privileged attackers to do so, such as social engineering and hardware keystroke loggers.
Or, if Schrader's suspicions are correct, Porter could have co-opted someone in the IT department. Or someone with the requisite skills to gain unauthorized access in the Gwinnett County Superior Court network, which I bet is not tremendously secure.
But conversely there's plenty of reason to be suspicious of the IT department in this situation, even if you have some reason to believe that they'd be at all useful in finding spyware in the first place.
Re: Nuance
I agree; but in a fight between a judge and a DA, you have to expect that legal weapons, however inappropriate, will be deployed.
It may be worth noting that according to various sources Schrader was suspended specifically for (indirectly) giving a felon access to the court IT system - not for letting someone run Wireshark. As I wrote in another post, I believe her real mistake was in employing Ward, who clearly wasn't sufficiently careful in choosing his subcontractors.
Or if one or more IT staff members were colluding with Porter. Some of the commentators here seem to have a peculiar belief in the trustworthiness, not to mention competence, of the IT staff at the Gwinnett County Superior Court.
Personally, I suspect asking the Gwinnett County IT to look for spyware on a machine is likely an exercise in futility. Just a guess based on my experience with IT departments of other public institutions.
Schrader's real error, in my opinion, was in hiring Ward, who apparently wasn't diligent or wise enough to avoid hiring Kramer. Kramer is the real source of the defendants' troubles here.
Re: Nuance
Even if the network is hub-based and the NICs were in promiscuous mode, I'd consider this a case of overhearing rather than spying. If the court's IT department can't secure their network properly, that's their fault, not the judge's or the investigators'.
Circa 2002, I moved house and got cable Internet service. I was investigating a problem with my work VPN and had done some tcpdump tracing on a machine connected directly to the cable modem. I was talking with a network engineer about some of the traffic I was seeing, and he got all bent out of shape: "You can't look at packets on my network!".
Well, as it happens, I can. If you don't want me to, don't send them to my device, buddy.
Fortunately that cable company went bankrupt and was bought by one that employed adults.
We're almost into the third decade of the 21st century and we're still grading security bugs out of 10 like kids. Why?
Re: The task sounds enormous
It is obvious the CVSS is not very valuable
Rubbish. CVSSv3 serves a number of important purposes:
- It encourages various judges (original researchers, PSRT members, secondary researchers investigating CVEs and patches) to examine vulnerabilities from a variety of angles and consider a number of important aspects.
- It provides a measure of consistency in describing and evaluating a number of critical attributes of vulnerabilities, and a shared and well-defined vocabulary for discussing those attributes.
- It provides a multidimensional rating mechanism that, while necessarily simplified, assists in triage and discussion with non-experts.
- It also constitutes an industry-standard representation of those things, so we can avoid duplication and miscommunication among different organizations.
- It gives us a machine-readable representation, amenable to various sorts of automatic processing.
Frankly, I'm rather dubious about the IT-security credentials of anyone who dismisses CVSS. Standardization is critical for industrial scaling and efficiency.
Re: The logical next step is the two-dimensional risk rating approach
CVSSv3 also incorporates a base, temporal, and environmental score. Most outlets don't do a good job of reporting or explaining those.
While publishing the vector isn't useful for human readers (that's not the intended audience), there's nothing to stop someone from providing a concise text explanation.
CVE-2019-xxxx has a CVSSv3 base score of 10 (over the network, easy to attack, no privilege required, no user interaction required; high risk to confidentiality, integrity, and availability).
Obviously there's still some jargon, or at least terms of art, in that, but you don't have to be an IT security expert to understand it.
You left off the temporal and environmental scores in your example vector, so explaining those in plain language is left as an exercise for the reader.
It's all very well for Rogers to say we need a different scoring system and representation, but CVSSv3 does incorporate a threat model, and considering combinations of vulnerabilities quickly falls foul of combinatorial explosion. While he raises some good points, and while theoretical speculation is useful, it won't get us very far until someone has a concrete proposal. I'd say that CVSSv3 does a good job at the function it's intended to perform; that function is valuable; and interpreting combinations of vulnerabilities under richer threat models is the job of human experts, not a mechanical scoring system.
Beardy biologist's withering takedown of creationism fetches $564,500 at auction
Re: Darwin is still a very naughty boy ...
Yes. Wallace developed a theory of evolution through competition and heritable characteristics very similar to Darwin's, more or less simultaneously, in his work in the Pacific islands. The "Wallace Line" was as good an example as the Galapagos finches.
Re: Darwin is still a very naughty boy ...
It seems to me that there has been a huge row-back on the ideas of the Age of Enlightenment in recent years
I believe more careful study of the history of ideas will show that's merely perception. Modern scientific epistemology has never been broadly popular, and actually is difficult even for its practitioners to sustain. Humans are not evolved to be consistently and thoroughly rational. It's not feasible given the resource constraints and speed of conscious human cognition.
In the so-called Age of Enlightenment, practitioners had the luxury of largely surrounding themselves with like-minded types, and ignoring those who still relied primarily on non-rational thinking. These days we have much more persistent, pervasive, and rhetorically aggressive sources of information, which constantly remind us of the prevalence of superstition.
Radio nerd who sipped NHS pager messages then streamed them via webcam may have committed a crime
Not true for many years it was, and probably still is, illegal to monitor cellular radio transmissions.
Since 1986. That was when it first became illegal to receive any type of wireless transmission in the US.
Importing equipment capable of tuning the cellular bands was illegal
That came later, in 1993, per the same source.
Of course, tu quoque, this does not make the UK situation any better.
Belgian city slurps mobile data to track visitors
Re: She has a sister
I think "just about always" is incorrect. Certainly it rarely does when "between" is used as a preposition to refer to physical space, as in "put it between the table and the chair".
In this case, it's plausible that "between" was being used in its alternate sense of "with the combination of A and B", as in "between you and me", or "between the Ukraine scandal and Guiliani's accidental disclosures, there's plenty to warrant an investigation". In that usage there's no interval implied, but a pair of contributing entities.
Open wide, very wide: Xerox considers buying HP. Yes, the HP that is more than three times its market cap
Re: Only in the business world
even if I had $80000, I don't think my banker would loan me $200000 to buy a $280000 house. Not at my age and not on my salary.
Really? In the US (in the areas where you can find a house for $280000), you'd have banks falling over one another for that mortgage. Assuming you can make the payments, which at around $1220/month are low for most US homebuyers, and better than renting for most markets (by population).
Both of my houses happen to be significantly cheaper than that, but I've cleverly arranged to live in places where good homes are available at far under the national average.
This news article about the full public release of OpenAI's 'dangerous' GPT-2 model was part written by GPT-2
Remember the Uber self-driving car that killed a woman crossing the street? The AI had no clue about jaywalkers
Re: Surely
It'd be miserable riding in such an autonomous vehicle through rural Colorado. Besides the tumbleweeds (which like to spring out from the ditch right in front of you), in the colder weather flocks of small birds will often settle on the edges of the road, presumably for the warmth. They take off as you approach, right into the path of the car. I've accidentally hit a couple over the years despite my best efforts.
Re: Surely
An ML-based classification algorithm might use a static model, or it might be able to update its model. Both designs are possible. I have no idea if Uber's system at the time enabled continuous learning.
In this case, updating its model during this event would very likely not have been useful. Updating its model from prior similar events might have been - that is, the model could have been updated to recognize pedestrians crossing outside marked crosswalks, at least as objects likely to move into the vehicle's path even if not correctly tagged as pedestrians.
In any case, the term "Artificial Intelligence" is sufficiently broadly used to include all sorts of things, the attempts of marketers, sensationalists, and curmudgeons to pin its meaning down notwithstanding. (As always, there are plenty of Reg commenters who insist "AI" means some specific thing, generally not any of the things it's commonly used for. Sorry, kids; you don't own the term.) So there's little point in wondering whether "AI" implies some particular capability.
"Machine Learning" is a bit more specific, but still encompasses a huge range of approaches, architectures, algorithms, and implementations. And this is an extremely active area of research, with thousands of significant new papers every year.
Page:
- ← Prev
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- Next →