Posts by Jason Bloomberg 2912 publicly visible posts • joined 8 Mar 2008
People aren't worried because there is little demonstrated risk. To become a victim of this flaw a criminal would have to capture login or other private details and that is mostly a game of chance; hitting the right 'server' at just the right time.
The perceived reality for most is, "if it does happen, it will probably happen to someone else", and that's how we all manage to sleep soundly at night in the face of a world which is full of everyday risks.
Heartbleed was a big story in the IT community for reasons beyond the risk posed to users.
Data is data. It may be information about you, but you probably cannot claim to own it.
'Ownership' in my experience is usually meant as a euphemism for 'having control over its disclosure and distribution' and that usually indicates a belief one should have such control but very likely one doesn't in reality.
We need to escape this "ownership" term as it is often false as it is traditionally understood. We need some other word or phrase to describe what rights we have./ should have to control how others can disclose or distribute information or data which relates to ourselves.
Will it be the NSA, GCHQ or a script kiddie who fakes being a GP's surgery, logs in and downloads all the data first?
It will probably end up that the government simply gives it away to everyone; through some web portal where you only have to alter the NHS Number in the URL to access anyone's data.
I remember when we were all looking forward to having our own PCs with their own resources and local storage to free us from the mainframe. No more bottlenecks or costly efforts to overcome them. No more struggling to add another user without breaking the camel's back as each new user could simply be given their own PC.
Now try checking out some of the video clips of driving in Russia or, even better, what about this traffic in India. How do you think it will cope with that?!
How would most non-native drivers cope with that? I've seen many British drivers who can't cope well with London traffic.
I suspect the biggest problem for driverless cars will be in being too cautious, which perhaps requires being more reckless, which in turn raises the risk of accidents, and perhaps voids the 'more safe' advantage. Programming 'calculated risk' should be an interesting challenge.
That sounds like loose change in the grand scheme of things. Don't agencies have special project or contingency funds which could be put to good use here?
It seems it would be a great shame to miss something spectacular for sake of short notice because no one had thought to set aside some cash for that possibility. Perhaps some foreign government may be able to step up to the plate if America is short of cash.
Who is - or should be - responsible for identifying potential flaws, checking if they exist, and ensuring they get fixed if they do?
Too often it seems discovery of serious flaws and vulnerabilities is down to individuals who risk breaking the law when it comes to checking their theories, and only fear of an outraged torch and pitchfork wielding mob which gets things fixed.
That's always available as the path of last resort but there must be something better we could have so we aren't dependent upon that. Not sure what that would be though.
The way IPv6 is specified is what has prevented it becoming widely adopted and made customers and providers reluctant to embrace it. It's mostly a choice of one or the other and that's not appealing in a world where most things are IPv4.
We shouldn't forget that an IPv4 internet also has the concept of ports which notionally allows 65,536 devices per IPv4 address. Some of those ports are used for specific things but there should still be enough ports available to satisfy most IoT users without requiring a move to IPv6.
No one in the UK would have to live on £1 of food a day.
Been there, done that and unfortunately so have many others. The cosy ideal of it should or would never happen is not always matched by the cold reality of the real world.
I agree this is mostly about third world poverty but that doesn't mean there isn't some similar suffering closer to home.
It's never so much that one can't live for a £1 a day but that one can't retain the will to live for very long when doing so. I am sure that if we had to most of us could, but I'm sure a supermarket shoplift would be heading towards the top of the 'to do' list. That and a visit to the doctors for some deficiency or problem caused by cheap but unhealthy foodstuffs.
The main problem for anyone on a lean budget is trying to buy variety when small quantities are near impossible to obtain and pricing drops with quantity. It's far easier on £30 a month up-front than when given a £1 a day. That's a typical 'poverty trap' of having to live for the day and not being able to save to make your life more comfortable than it is.
Doing it for charity is a poor simulation of the real deal but it's worth the experience and if it raises money for those who don't have it so good when the week ends all the better. And perhaps consider giving the money one would have spent on food to someone more in need - That's usually quite a shock; how much you did live on against how much is usually spent!
Why is it that when we see the word "exploit" or the phrase "security problems/issues", the article is always about Microsoft.
Looks like we got ourselves another Anonymous Coward Troll -
https://www.google.co.uk/search?q=Why+is+it+that+when+we+see+the+word+%22exploit%22+or+the+phrase+%22security+problems/issues%22,+the+article+is+always+about+Microsoft.+site:forums.theregister.co.uk&biw=800&bih=506
Plain text can be pretty obvious to spot within any memory dump but I am not so sure about binary data. Those saying they can see critical data (keys, certificates, etc) being leaked probably recognise that because it's their data no matter where it appears. I do wonder how easy it is to find meaningful binary data in a random 64K block when you don't know what that data is?
Perhaps; if it's a contest between dickheads and wankers which it increasingly seems to be.
Most people are disenfranchised and have given up on the lot of them save for having it ingrained in us that we really should vote because that makes a democracy and a belief that there is no right to complain if one doesn't.
It has always been a vote for the ones we dislike least and the only way to change things is to have "none of the above" on the ballot paper and for people to vote that way in droves. Only then will it become clear that what we call democracy and government is not fit for purpose. Which is why we will never be allowed that.
I do like the idea of a "Jesus" set but then there's that difficult question of how Commander J marshals the Battle Nuns when they go fight Action Man Giganticus. Do they go with the Pirates in the Space Galleon, ride on the back of Tommy 'Tank' Tortoise, or glide in on Hudl One?
Darned kids and their ridiculous imaginations.
For example, you can create a parody of a Dan Brown book by scribbling on every other page. Artistically, that's a perfectly valid "parody", and there's nothing Dan Brown or his publisher could do to stop it.
Brown and his publisher retain a right to redress infringements of copyright which claim to be legitimate by way of parody when they are not.
Just saying something is parody does not automatically make it so and it would ultimately be for the court to decide whether it is or is not.
Much as I might agree with your sentiments, if it were so patently illegal, so clearly unconstitutional, then it should be a doddle to have it addressed. I shouldn't think the court case would last much more than half a day and the cheapest lawyer you could find would probably suffice. I imagine there would be many queueing up to have Obama and/or NSA banged to rights for free and plenty who would pay to get that if needed.
So why has that not happened? I suspect it's a lot more nuanced than you wish it were.
If there is a genuine claim of sexual harassment and intimidation, then the employee presumably has the avenue of an industrial tribunal, or whatever the US equivalent is and that is where the matter should be taken and be kept.
Not everyone wants compensation for a wrong or sees that as justice done. They may prefer letting people know what they experienced and having the company shamed into change.
Even if seeking compensation it is best to speak out before they place a gagging clause on any compensation arrangement.
There can also be strategic advantages in speaking out and letting the ex-employer sue for defamation and counter-claiming than commencing a case as a claimant.
For every question asked there is an ambiguous answer which can be provided.
I am particularly suspicious of denials which have any paired constructs within them; "We did not spy and infect" would be true if they only spied or infected but not both, equally "We did not spy or infect" would be true if they did both. And both are true if "we" did not do it ourselves but got someone else to do that.
This is just amateur hour fare and there's always "we have no evidence of..." as the catch-all which makes any denial worthless.
Zucks angry not because of the spying, it's because he might lose a bit of cash
More that it's the usual hypocrisy and moral relativism, another case of 'what I do is okay but when others do the same it is not okay'.
When they kill innocent civilians it's abhorrent terrorism. When we kill innocent civilians it's entirely acceptable and justifiable collateral damage.
Both of them, Zuckerberg and Obama, and many more ->
You haven't actually read either story have you? If you'd read the AP story you would know that he has explained the exchange with Newsweek.
I read the El Reg and Newsweek articles, but not the AP article. A conflict in the reports is however evident.
DPSN says the Newsweek article is wrong, but Goodman is standing by it saying there was no confusion about the context. It may be Goodman is right but DPSN did not mean what it appears he was saying. Or DPSN could have gathered his wits and is now trying to rescue himself from what he did say. I have no idea which it is and doubt anyone else does at this time.
According to AP, Nakamoto said that he only heard of the digital cash three weeks ago when his son said he had been contacted by Newsweek.
Yet, according to Newsweek, when questioned on involvement with Bitcoin -
"I am no longer involved in that and I cannot discuss it," he says, dismissing all further queries with a swat of his left hand. "It's been turned over to other people. They are in charge of it now. I no longer have any connection."
This is where public shaming of a company has its place. If he has to go to court I do hope he wins and hope Apple pay the cost.
Of course, it is possible that Apple are right according to law. The moral is to make sure someone you trust does know your usernames, passwords PINs and IDs or knows where they have been hidden, or don't put all your eggs in one basket, keep a backup copy of any data you want others to be able to access.
It seems to me it is now cheaper to invest in robbery than it is to invest in mining and this will continue to be the case until exchanges and other third-party wallet holders get their acts together. I expect we will see a lot more Bitcoin heists coming soon, big grabs and slow trickle thefts.
Tonight's viewing ...
19:00 - 20:00 Total Wipeout
20:00 - 21:00 Don't Tell the Bride
21:00 - 22:00 Festivals, Sex & Suspicious Parents
22:00 - 22:30 Ja'mie: Private School Girl
22:30 - 23:00 Bad Education
23:00 - 23:25 Family Guy
23:25 - 23:45 Family Guy
23:45 - 00:10 American Dad!
00:10 - 01:10 Festivals, Sex & Suspicious Parents
01:10 - 01:35 Ja'mie: Private School Girl
01:35 - 02:05 Pramface
02:05 - 03:05 Hair
03:05 - 03:30 Great Movie Mistakes
03:30 - 04:00 Pramface
There's been some very good stuff but these days it seems to be endless repeats, mundane tat and mostly crap. I'm above their target audience (16-34) so perhaps I just don't get it any more. But then I wasn't in their target audience when I thought it was good. It won't, for me, be much of a loss to see it go if it stays as it is now.
it would immediately make a lot of on the road police communication illegal due to them needing to use a walkie talkie.
Not necessarily. The usual reason for police exceptions is their being specifically trained and able to carry out such tasks that a mere mortal cannot.
Sensible laws will not be purely technical offences but usually have some 'greater good' defence that absolves or mitigates any crime; "Yes, I was using a mobile phone in a car, but to call emergency services to save the lives of others". That's also the grounds against creating purely technical offences in the first place as there are circumstances where absolute illegality would be perverse.
This case would presumably have parallels with "watching a TV" when that TV was acting as a Sat Nav display, where one is illegal the other is not; a question of when a TV ceases to be a TV and removes it from criminalisation.
Seems to me they are well aware that almost anything can become a dangerous projectile and hence the suggestion for securely storing such things; putting them in softer carrying cases or bags and keeping that closed, rather than having them loose and free to become projectiles.
Of course the whole kit and caboodle can come crashing down but that's less likely to happen unless turbulence is particularly bad.
My guess is that Dana is currently blaming everyone but herself
If her father had not breached the agreement and told her then she could not have blabbed on Facebook. It is his problem as much as it would be if he had lent her his credit card and she had run up massive debts.
If he had told her not to do what she did then there is a failing which rests with her, but he still has to man-up as having facilitated that in the first place.
I imagine this is the conclusion the court came to in revoking the award having heard all the arguments that it was not his fault.
I imagine that a great many of us, who were lamenting that we had missed riding the virtual escalator to riches beyond our wildest dreams, are somewhat relieved that, while we may have missed the bubble, we also avoided the inevitable 'pop'.
I think it was the expectation of something like this which had many of us hold our nerves and not jump on board the bandwagon. It's all well and good saying it's no worse than brick and mortar banking, pointing to other bank disasters, but we know deep down it's not really like that at all.
Let's face it - It was about as safe as giving a drug addict your wage packet to go score some gear. All promises and guarantees are as virtual as the currency.
A thief doesn't benefit from a theft that results in a drop in the value of the asset.
They are still better off than they were, and it depends how long they are prepared to sit on their stash and what their expectation of value being restored is.
I am guessing these aren't 'lob a brick through the window' knuckle-dragging thieves so we cannot tell what their strategy is. Perhaps they are simply looking to force short-term value drops to facilitate cheaper investments with higher profits later?
"Only in the USA"
As satisfying as it is to say that; this is what happens when any country creates a law and an activity falls within scope of that law. If gambling is illegal, if betting on an outcome is gambling, then betting on a duck race outcome is gambling and therefore illegal. You can't really blame law enforcement for applying the law they are expected to apply.
It's not "duck racing" which is the problem; it's "betting on the outcome of a duck race" which is, and, by most definitions, that is "gambling". The problem is allowing an activity which some many feel should be legal while preventing that being exploited by those who want to engage in otherwise illegal activities.
Every country probably has laws which makes some acts illegal which many people would say should not be illegal. I recall there were similar problems in the UK where church, social club and other charity raffles fell foul of gambling legislation. I also remember some complaints that tightening up UK gun control adversely affected legitimate gun sports. Then there was that apparent need to be registered and police vetted just to look after next door's kids or drive them to school. I am sure there are many other examples.
medical research has a better history of securely handling data than the rest of the public sector, as the sharing of information is based on the concept of informed consent, something that is hard to get, and even harder to regain when trust is lost.
Very true but informed consent is notably absent in what people are being opted into. Opting out is made as difficult as possible and it simply isn't being explained clearly.
You have done a pretty good job presenting a case for; so why could the government not do an equally good job? The suspicion must be that they deliberately chose not to, do not want to, and that suggests there is something we are not being told, something they don't want us to know, and is a good enough reason alone to be highly suspicious.
Private companies are not routinely going to be given access to this data... the 'Tories' are not planning on selling of the un-anonymised data to their chums in the insurance industry.
I. and I suspect others, would like to see some guarantee of that. Call us untrusting, paranoid, whatever, and that is okay, we are entitled to be. It is for the government to convince us that what you say will be the case.
The best option I can see is to opt out and I would advise everyone to do the same.
Any worry that this may be the wrong option can be set aside by noting that we will be given (or can demand) a right to opt-in later. I cannot see any government saying they will leave those who did not initially sign-up for what they say is good for us languishing in that plight. That would be electoral suicide.
They can have our opt-ins when they have convinced us it is good for us.
3. I received a phone call from the FBI stating that I had perpetrated a federal crime and that if I didn't desist then they would attempt extradition.
I take it you told them to fuck off, and continued using the seal?
I would guess he did what most people would do and complied with the request because it really isn't worth the fight nor grief. Not when you can't trust your own government to protect you and the law they impose is designed not to.
They rule and control through fear and not everyone can afford to stand up against that.
If that is the case then it appears to be "case closed" and it doesn't matter how benign or safe they say their product is. Kaspersky aren't falsely crying wolf if they can actually show the wolf.
https://www.securelist.com/en/analysis/204792325/Absolute_Computrace_Revisited
Don't forget the founders of the Raspberry Pi Foundation also identified a need for better computing, programming and coding skills, and that echoes what any number of businesses have been saying for years.
There is a long history of IT and 'computing' being sold as 'the future' with an acknowledged corresponding need to have people capable of working in that field. That does seem to have turned to doing something about it culminating, in part, in the Year of Code.
It's okay leaving people to join up the dots, but there seems to be a number of dots being left out.
I've never understood why there's this sudden fetish to turn EVERYONE into coders, or where it even came from?
From a government perspective; 'coding' is the next great thing, the guaranteed saviour of Britain and her economy, so what we need to seize that opportunity is more coders.
Simples.
And all of us can see the gravy train which will ride on the back of that.
Anyone remember those old photos with row after row of secretaries bashing away on typewriters? Replace those typists with 'coders' and you probably get a glimpse of what the government's vision is. An infinite number of coders with an infinite number of computers will write the one app which saves the nation. Honest.
In a couple of years time the next fad will come along and the government of the day will be chasing that.
Easy to say, but without knowing what the actual cause(s) of him taking down the game were I don't know how realistic it is.
Nguyen has been reported as saying, what was meant to be a game of fun, became a highly addictive product which was giving him concern and sleepless nights.
I doubt leaving it up and giving its revenue to charity would have satisfied his conscience.
Yes, that's just the sort of applications these things could be used in. No wires, no batteries, simply drop-n-go.
However... most security solutions aren't simply passive until activated. They will normally wake-up occasionally and send status signals to prove they are working, haven't been tampered with, and even just to prove they are still there, haven't been stolen! Most importantly to let the system know, as best as can be done, that it will work as expected when required to.
The last thing anyone wants in a safety or business critical application is something not working when it's needed to work. There is also an issue of guaranteeing delivery; a sensor would normally keep sending an activation in case the receiver does not get it. Not sure how that would work if there's only one activation and no power left for sending a subsequent alert packet.
I would expect most serious safety or business critical systems to be hard-wired, non-wireless, just to overcome the problems wireless and/or battery powering presents. I can see there might be a use in less critical applications such as self-powered TV-style remote controls and similar
The biggest issue perhaps is cost and it's questionable whether they are actually any better than the current range of battery powered but long-life sensors and controllers.
Is there really an IoT market?
A very small one at present but the potential is there. It likely will be a cost sensitive playing field and the competition isn't really Intel and traditional CPU chips but more with cheaper microcontrollers from Atmel, Microchip and the like.
They do seem to have a point; 2.9 billion chips shipped, £95.5 million pre-tax profit, so that's about 3p a chip.
You have to sell a lot of chips to reap the rewards and have to find a lot of new opportunities to keep expanding in a saturated market. And on-going expansion is what the money men seem to favour.
Investment is not solely about how well they have done but how well they will do. There are opportunities for ARM but it remains to be seen if they can offset shortfalls elsewhere. I expect ARM will become favoured again if they can secure the IoT market. ARM is however up against a lot of credible competition in the low-cost chip sector and that's what IoT needs to really take off.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
