Posts by The Mole 490 publicly visible posts • joined 18 Apr 2007
Agreed, Career Climbers might be the better name, staying in a job for an average of 5 years isn't the way to optimise career progression.
They seem to be missing some other really obvious categories, the Mentat for instance, introvert engineer who work hard when left in peace to get on with their highly complex work.
You missed out the fact it is going to require batteries, that will need charging.
Solvable perhaps by having them as coin unlockable trolleys, with it doubling up as the power cable so you literally daisy chain them to charge? Though if they do become popular lost trolleys would provide some very interesting parts for electronic projects..
I was more wondering how it is compatible with the statement "They introduced weaknesses into the five porky patients' hearts,". Perhaps stabbing the pigs in the heart* happened before the operation - but that surely is worse than doing it whilst under aneasthetic.
Corresponding numbers for a human surgeon would be interesting.
I'm assuming in the other 4 cases the robot reached some sort of dead end and the human took over?
* OK I'm sure they'd try putting it in a more medical way and perhaps it wasn't quite literally like that..
You don't need to go on, but I'm not actually sure what your point is.
Open source doesn't automatically mean better security. I think everybody agrees there. But it does lend itself to more opportunities for review, and for highly popular/mission critical projects they are more likely to get review.
Closed source has all the same problems as open source, except that there is no opportunity for outside people to look at the code and do security audits. Most firms don't have people suitably qualified to do reviews and play mere lip service to secure coding and security - enough to tick whatever boxes they face.
I also think that code in public view is more likely (but not guaranteed) to be of better quality than closed source code purely because the developers know that everybody (including their next employer) can look at it and psychologically this makes you work better than in a closed source business where your manager is urging you to fix the bug asap. A massive generalisation and there will be plenty of exceptions (some firms do have rigorous code review, some people are just perfectionists etc) but as a trend I think it is probably true.
Why does it need to? What is actually broken if the small team of volunteers are working? You do get issues if one of the key developer suddenly leaves/dies etc but actually that isn't much different to commercial orgs doing the work either (company goes bust, bean counters cancel project, people leave and don't get replaced).
I'd second it is definitely worth a visit, they've also got some really well presented science exhibits that were a delight to see. The NT have done a real good job at blending both a historic house that is great in its own right, with a really interesting story about history and science.
Machine image may or may not be hard (depends if the drivers for your old hardware are actually available).
Next step is of course deploying that image. Depending on age, security and networking policies I wouldn't be surprised if (for at least some places) that involves taking a usb stick and plugging it into each individual device one by one in every single store all over the country. Logistically challenging at the very least.
In British English that does appear to be a beanie, I thought a skull cap was one of those dressing up props that make you look bald? No idea what a stocking cap is either. Though that might just be an indication of my lack of fashion knowledge and not a real critique on the differences between US and UK english.
When I saw the headline I was expecting some sort of simple bluetooth hijacking type attack - not good but not a massive security issue. This on the other hand is a level of incompetence that goes far beyond that. To expose all that details on a public API is just crazy, and plain inefficient (no limits, really?). I hate to think what other issues the site also has (SQL injection). I wonder if they are covered by GDPR and have notified the authorities of the data breach already?
So there is a malicious app running on your machine with the ability to send arbitrary to its home.
That means the home can track the user based on the public ip address the request is coming from, in many countries this will be enough to locate to a city or closer (dependent on network structure). In fact if that app sometimes have permissions they can get the information and map wifi information to public ip as well.
Without permissions the only additional information that could be useful I can see is more precise location information inferred from the wifi network name (you are on starbucks wifi or in the library). DNS server name probably doesn't tell much useful, mac address gives information about the device, but I believe an app can get that much easier through the standard apis. As people have mentioned if you've got a malicious app on the device the end user probably has given permissions anyway.
I imagine that Macular degeneration may be their next project, which is likely to be quicker and easier now they have proved the technology and get it licensed. And (assuming camera settings are compatible) I'm sure they will be able to roll it out as an upgrade to existing users to also detect other conditions at the same time (the incremental processing cost is likely to be insignificant you imagine). But each new condition will require additional FDA approval which is expensive and time consuming.
Perhaps you should lift the tin foil hat a bit and read the entire paragraph. "The first biz to release an AI-based device that can detect the disease – and was approved by the US Food and Drug Administration (FDA) in April – is less well-known, however." That is, those two big companies aren't involved in this invention, that just also happen to be doing research in the area.
As other people have mentioned the site has been unstable for a while, random maintenance pages, stock check not working on the main part of the site (even though ordering apparently shows the stock). There are also issues in the store where they will tell you items are in stock, and when you get to the warehouse they don't have them, but that may just be a dodgy order system that doesn't prevent double sales..
More interestingly the reporting of judgement implies that they are responsible for responding to data access requests:
"First, that the company should retain sufficient data to enable it to respond to any data subject access requests which had been made before the disposal of the data and, second, that the liquidators should retain sufficient data to enable them to deal with any claims that may be made in the liquidation."
So the liquidating company don't become the data controllers, they are merely the agents of the company they are liquidating. However as the agents they've got to comply with the rules and that includes ensuring the data controller within the company responds to subject access requests - and presumably appointing a new agent to act as the data controller if they have gone and made the original one redundant.
It appears they already are. Go to the website, when the cookies popup comes up select to only have minimum number of cookies and click "I accept". The message that comes up is:
"We are processing your request, this could take up to a few minutes to process."
And they aren't lying there is a microsoft style* progress bar and it really does take minutes as it talks to all their analytics hosts to update your preferences!
*That is gets to 99% and then just sits there for ages.
You think it would but it doesn't, apparently it's those who 'come of age' near or after the millennium ("a person reaching young adulthood in the early 21st century." according to google).
This means that those born in the early 80's are counted at millennial - which I personally take great offence at being born in the early 80s and not wanting to be associated with them. I do remember the BBC micro so perhaps that is the better definition?
If you follow T Mobiles playbook you don't even need to trademark all the combinations, just a sufficient number of them to be able to claim 'similarity' with any other colours - 256 colours would probably be sufficient according to MS Paint 'basic' colour selection.
Though I may just trademark black, Red, yellow and cyan, as colours either in solid or as dots and claim all other printed logos are infringing as overlayed trademarked images..
Easy, most people are too lazy to actually read the documentation.
Its a bit more justifiable when you know it is documented somewhere but not which particular document set you have to look in.
And yes documentation (and some test teams) are often the people who get the biggest picture of how a complex system/application works. Most other people are too low level (concentrating on one particular component), or too high level (understand the architecture but not implementation details).
History repeats.
When NDS was absorbed into Cisco they gave out mini usb picture frames as a welcome gift to all the employees. A few days later they asked for them all back as the plug sockets were a fire hazard (cheap chinese boards with no real insulation in them). They promised us that they would be replaced but that never happened.
At least Permira get to keep the other $4 billion with this returned, though the remains of NDS may be a bit scorched from the yearly employee layoffs.
If you don't use SNI then the server has to return the default certificate, which if the server is fronting 2000 different domains will almost certainly not be the certificate you are needing.
SNI is the thing that lets the server knows what certificate to return in order to establish the connection.
Normally a standard web server would then tie the hostname in the SNI certificate to the website being served (Host in the http header). In this case the server is actually a proxy fetching content from back-end servers, the same code is serving all websites, looking at the host header and then grabbing the real content from the real origin server. Being the same code running for all websites is how the mismatch could be 'abused'.
You can already get NVME SSD drives that are RAM DIMM sticks. The ones I've been presented about actually encrypt the content in hardware as well.
Linux already has some support for this depending what you want to do.
They can be mounted either as volatile RAM sticks (actually persistent, but if you reboot it forgets the previous encryption key, effectively wiping it), or be exposed as a disk that is persistent across reboots (a persistent ram-disks so to speak).
The biggest question is what the write endurance is. Current SSDs biggest limitation is the fact the cells stop working over so many writes, where as with RAM applications assume they can write an infinite amount of time. A naive global replacement of NVRAM with nvme storage would soon cause the nvme cells to be worn out. Hopefully this technology could be a complete replacement.
Even then there is a useful distinction between persistent and non-persistent storage of content. Linkers may modify the in-memory image of the application to insert references etc as appropriate, these shouldn't be written onto the persistent copy of the application as they may not be valid the next time it starts.
An os and applications designed for persistent memory would be an interesting evolution, potentially it would allow 'instant' on machines as the state would automatically be preserved at power off (assuming all components support it).
"When it became clear that the government could not afford to pay a fair price, the Government of France instead set out to expropriate the france.com domain name."
I don't know if it is a bad translation but this makes no sense. For a company the size of France it can always 'afford' to pay a fair price - in the worst case it prints the money/adds it to the national debt. Of course politically it might not want to, or there may be a disagreement of what a fair price was ("The government offered to pay a 'fair' price but it was rejected") but even then after seizing it they should have paid compensation.
Because a domain name registration isn't a a company.
Registration and accounts need to be given to companies house primarily so people can make significant financial decisions based on that knowledge (giving credit, paying up front) in b2b type relationship. It isn't typically intended for end consumers as typically consumers don't use it. For doing business with websites you don't need the whois information. it is already the law that companies must display their contact details and registration on the website. For the remaining websites then this is no different to interacting with market traders, Jo Bloggs at a car boot sale or that guy in the pub, they don't need to register at companies house and there is no reason why you should know where they live. Also note companies house doesn't require direct contact information, typically it will be to a registered office at a law firm or office space.
I assume it is just an extension of the already existing parking assist technology, as a car is driving round the carpark it detects empty spaces and communicates this to other nearby cars - it doesn't matter what is blocking the space and whether that is a smart car, dumb car or shopping trolley.
Fun may be had by either sending spoof messages sending cars driving round randomly (they will check that the space is still empty when they get there) or by painting random sets of parallel lines on the road and watching cars think they are real parking spaces.
If there is no space in this car park presumably the car will just drive to the next car park (or keep circling like meat drivers, or just park in the lane and mover whenever it is blocking another car) though what happens if it runs out of juice on the journey is an interesting corner case.
Yes. Either the technology has moved on to none EM based transmissions (which may not even exist on earth). Or one can assume the EM technology would be made more and more efficient, either due to energy budget constraints, or minimising interference between a large multitude of devices. It seems to me (not an expert) inconceivable to consider that within 10,000 years (or even 1000) that the civilisation won't have reached a stage where the EM radiation is so low power to make it impossible for us to detect as a coherent signal out of the background noise. Perhaps there will be concentrated beams of higher power EM from longer distance communications (e.g. to probes/other planets) that we could detect, but not a sphere of signals.
From the ICO report
"Criminal penalties are imposed by the courts and not the ICO. Direct Choice had paid off £40,500 of its previous civil fine. The ICO has recently been informed that the company has applied to go into liquidation and will be working with the Insolvency Service on recovering the outstanding balance."
Not sure anybody is going to see this as a deterrent though if the punishment is so low - though that may be that they chose to use the lowest possible court who can't impose significant fines.
Because in a world of mostly automated cars the vast majority of the accidents will be judged the fault of the manual driver (remember the data will be logged to prove this). The cost of insuring the automated car will be lower (as they should be safer due to less driver errror) and many of the current low risk (high profit) drivers will switch to automated cars. Therefore the manual cars will be more complex/specialised for the insurance industry, probably be driven by people who are higher risk takers (they've rejected the safer option), and are more prepared to pay for the privilege (they obviously love driving enough to value it higher).
At first the difference may not be substantial - except due to subsidies from the automated car manufacturers to pursuade people to buy the car, in fact I wouldn't be surprised if they offered to self insure them for free/part of the rental cost. Over time the number of manual drivers will decrease (why pay expensive driving lesson fees) which means the size of the pool decreases meaning higher overheads and more conservative pricing models.
Agreed, my experience is the skills of a 'median' developer are rather mediocre and are unlikely generally to be able to find any bugs eligible for bug bounties. On the other hand the median skills of a bug bounty hunter who has successfully managed to claim at least one bug bounty (let alone be able to make a living out of it) are likely to be at least 2.7 times better, if not more...
It also depends on what access the ssh into the shell gives you. If the only users have system level access (not necessarily root but perhaps same user that all the appliance apps run at) then at that point you've lost. As you and others say meltdown/Spectre is irrelevant as they already have all the access they need. The additional risk of Meltdown is negligible and the cost in terms of performance is high.
Why? The delivery driver works for the restaurant he should be no less trusted than any other member of the take-away. Considering how busy most take-aways are I'd much rather the driver had my number to directly call me then than to spend 20 mins trying to get through to the restaurant to ask which house is mind, for them to call me, then call the driver back and give a garbled message. If you don't trust the driver then you probably shouldn't trust any of the restaurant staff and not give them your number at all.
The problem is that this is hard, very hard.
Take for example of only including the first half of the postcode, that's pretty anonymous, unless of course you have multiple postcodes (home and work, home and holiday home) at which point you will start getting unique or near unique combinations - particularly when you start adding year of birth in.
In isolation that data set may not be a problem, but combined with another one (land register maybe or just knowledge from facebook/friends) you can start to identify some classes of people.
With those people you may then be able to de-anonymize your health provider location (presumably it is a consistent mapping otherwise it is useless), at which point you can then start to identify more people.
Your main point is correct though, unless it has been successfully aggregated and combined much of data should just not be passed.
No difference in data transfer speeds, the SD caddy is purely cabling making the pins of the micro SD card bigger, no additional electronics involved. Now finding the micro card, finding the caddy, putting them together putting in camera, taking photos, taking out micro card on the third attempt, dropping it, finding it again and putting in laptop is likely to take much more time.
Probably better just to give up and just stick a USB cable in the side of the camera.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
