Posts by The Mole 490 publicly visible posts • joined 18 Apr 2007
I would say the opposite, it is going to make geocaching more fun as more often the cache will actually be at the published coordinates. Currently it isn't that uncommon for two devices at different times to give readings 15+m or even 100+m (when under trees) difference turning an 'easy' find into an near impossibility
V2V is a great concept in principal but the only secure design is not to trust any of your inputs which defeats much of the point.
Signatures don't prevent spoofed messages as it won't be hard to trick a legitimate unit from sending incorrect messages. e.g. presumably their will be a heavy breaking warning message which will then cause other drivers to react, so remove the unit from a car and then feed it with sensor data telling it that breaks have suddenly been applied.
Definitely agree about identifying what road cars are on and so which messages are relevant. It isn't unusual (in the UK at least) for a minor road to be running right next to a motorway and often GPS doesn't always know which road you are on (even ignoring the fact that gps signal can be spoofed). If someone drives along this road, slam on breaks will that cause all the cars on the motorway to also break?
Of course it will happen because the police and security services will love having every car broadcasting their identify for anyone to sniff. Who needs ANPR and all those pesky rules, this won't be number plate recognition so I'm sure they'll claim the current rules don't apply...
The big selling point of BI is the system efficiency is far far better than the current set of benefits as there are no assessments or fraudulant claims to be made, beyond identifying people who should start receiving it (uk nationals on 16th birthday or whatever rules were selected) and ensuring it stops paying if the person dies (or perhaps leaves the country). Tell the government your bank account details and it gets paid in every month just a normal payroll system. It also allows the simplification of income tax as there is no pressing need for tax-free allowances etc.
The challenge is that a vast amount of government jobs would be lost (e.g. much of the job centre assessment staff etc) so the unions will fight against it, and well meaning people will suggest special cases (such as the disabled etc) who deserve additional payments suddenly recreating much of the complexity. But even then it will still be better than the current system where going to work can cause people to loose more in benefits than they earn in income.
For those of you who haven't memorized the price of the OnePlus3 at Carphone warehouse the Nova is being sold for £349.99 (please include these rather important details in the actual review).
Personally that is far more than I want my mid-range phone to be priced, which is a shame as the size is exactly what my wife is looking for and (rather sensibly) thinks anything large than 5" is bulky, it is a shame the mobile phone companies seem to be generally ignoring this market.
"Professionals already know the law, as they are required to be registered with the CAA before they can make a living out of drone operations. "
I would hazard a guess that there are a lot of professionals who don't know the law and who therefore don't know that they were meant to register with the CAA. The barrier of entry afterall to becoming 'professional' is simply owning a drone with a reasonable camera and placing an advert on the internet. Does anyone know if the CAA or anyone has actually done any research or enforcement against professional drone operators and if they are registered?
Try these definitions and it may make more sense:
alpha: many features missing, those that are there may not be even vaguely complete. There will be massive functionality holes and gaps and loads of bugs.
beta: most important features are present and generally are functionally complete. There will be functionality holes and gaps and many bugs
release-candidate: all features for the release are present and functionally complete. All the in scope functionality will be present and it should all work but there are potentially significant bugs, but we may get lucky and decide the bugs aren't serious enough to block the release.
release: all features for the release are present and functionally complete. All the in scope functionality is present and there were few enough bugs to justify releasing it.
The key thing is that alpha/beta releases may get entire new features, whilst release-candidates should only get bug fixes.
"But machines still lack dexterity, fine motor skills"
No they don't, machines can be made to do any physical task that humans can do, generally faster and more accurately. Humans currently have the advantage in cost, size, and energy density/recharging and adaptability, the first three will definitely disappear and the last is basically what this article is about.
"Same for jobs that require a face like certain retail, hotels, etc because of Uncanny Valley."
Numerous places have already started trialing robots checking in guests etc, people adapt to the new normal removing and children will be trained out of Uncanny Valley as it will just be normal - in the same way talking to a customer agent robot online has become more routine.
My problem with VbV is that is is not at all secure, to reset the password all you need is the victims account details and date of birth - which will be on the driving license of the wallet you've just stolen. I've given up trying to remember my password for it and just reset it every time as it is quicker and easier.
So you are saying your kids have never ever had access to your wallet within which your debit card clearly proclaims your bank details? Or you have never left a bank statement (pay slip etc) on the side between opening the letter and filing it? Presuamably your filing system is inside a locked safe that the kids can't get into? Whilst most kids won't be interested enough to go and find out the details it is extremely hard to prevent them from discovering it if they are so interested. The parenting issue of course would not be running your house like the CIA but educating your children between right and wrong, though if the child thinks they are doing something good and right (getting free money) then mistakes will happen.
Expecting a profit from day one seems a very strange expectation, the majority of the costs involved in running a system will be sunk up front costs - buying hardware, time and effort to make processes, install and setup configuration, automated systems so the clients can create new subdomains themselves etc (ignoring all the costs for performing the bids, getting contracts written, reviewed and signed). The ongoing running costs once this is done are likely to be pretty trivial in comparison (power and on-going maintenance). Unless you charge all of this work up front to the customer (unlikely given that they are outsourcing probably to avoid upfront capex costs) you have to go on a model where early investment is repaid by later revenue.
The rest of the article makes good points though, what is the expected return on investment and how optimistic are the models?
I'm pretty certain that it would be possible to use timing information, command sequences and the like to allow a stick to detect what the platform is that it has been plugged into - it seems to take windows 10+ seconds to initialize a simple keyboard so I'm sure their are timings in their which can be detected.
"It is not trivially easy for a little old lady who wants to put up a couple of pages with pictures of her cats and her grandchildren."
A little old lady will not be setting up her own webserver, she will be using a hosting provider which will do all the work for her. If she is setting up her own web server and and ensuring that it is kept up to date and secure then I'm sure a bit of certificate management isn't beyond her abilities either.
I suspect the infections are on laptops where people have a lot of 'work in progress' documents, 'vital spreadsheets' for their personal reporting needs, or email archives etc, which haven't been put onto a backed up share. Either because the IT department only gives them a small amount of storage(or mailbox), or because trying to work on a document stored on a network drive is slow and infeasible when you need to access it in a customer meeting etc.
I've yet to work at a company which has a good solution for this, and genuinely intrigued if other places really do mandate a policy of 'nothing can be stored on your laptop' or have sensible backup software available that guarantees all essential data can be recovered?
That's not true. For encryption systems where the key is as long as the message (one time pad for instance) there is no way to brute force the encryption and identify the correct message. You may well try an encryption setting and reveal "The FBI is full of idiots", but you will also have another encryption setting which will reveal "The CIA is full of idiots" and another that says "The gov is full of idiots", there is no way of working out which is the true original message. Even when the key is shorter than the message there will still probably be multiple decryptions which may appear to be valid messages, though you can probably discard a large proportion of the decryptions if you know the syntax of the output (e.g. it will be english text).
They key thing to remember is that it is profits which are taxed. If a company has a widget which sells for £1000 but costs £999 to make then they would be charged the same amount of tax as a company which sells a widget for £10 which costs £9 to make. This is probably the right way to do it, why should we penalise companies who need a lot of costly materials to make their products.
The difficult part is determining what the cost of making the widget is, it doesn't just include the time and materials (£3), but other things such as the design and prototyping costs (£3), paying the purchasing department (£1), the marketing effort (£1), the brand development (£1) etc.
Some of this work is done by employees in other countries (working for other subsidiaries), obviously you can't just ignore the cost of the work done by the purchasing department in Switzerland, so "transfer pricing" is used for the UK subsidiary to pay the Swiss subsidiary a 'fare' price for the work they do. If the fair price is £2 not £1 then suddenly no profit is made in the UK and tax is no longer due.
Companies like arranging it so that low tax countries happen to receive a higher 'fare' price than high tax countries, through basing hard to price intangible items such as the brand name 'Starbucks' in those countries. The name obviously has value, and costs associated with developing and maintaining that brand, so some payment is fair, but how much? This is what most of the tax fights are over - what is the fair amount of tax to be paid.
Apple/Ireland went a step further by saying there was a company headquarters and almost all the work done by that company was done by the headquarters (even though it had no staff or premises) and in fact wasn't even located in any country. The Irish government went along with that due to the fact jobs were being created and they'd at least be able to tax the wages, the EU has said this arrangement is clearly bogus and effectively state aid in order to bribe apple to make those jobs.
All in all trying to make it work fairly with big multinational companies is hard - however you frame your tax laws will almost certainly have winners and losers.
My guess is transporting a fully built plane with a 25m wingspan is hard. Far easier to design and manufacture the components in Surrey and then do the final build (bolting it together) in a hanger at Farnborough airport. That or some parts are designed and manufactured in Surrey others are manufactured in Farnborough, or perhaps just sloppy journalism, take your pick.
"Right to 10Mbps" means it will be written into the "universal service obligation". That is in order to get a license the operator (e.g. BT) has to agree to provide a minimum service to anybody who requests it for the same price. Exactly the same as the obligation to provide everybody with a phone line.
So the condition is to offer it for the same price, the obligation also only applies to large national operators allowing smaller firms a chance to compete (probably by piggyback on BT Openreach anyway)
"On the plus side we'll be out of TTIP :)"
You are completely delusional. The UK was one of the greatest cheerleaders of TTIP in Europe, it was the other countries who were trying to put limitations on it. Now we are guaranteed to be subject to it as the US will make it a red line precondition for any trade deals we attempt to have with them.
It amazes me that they have multiple stores in the same (relatively small) town, Southampton is another example. Surely the first thing someone should have done was a bit of rationalization of duplicate stores, surely they can't be making a profit at both (or either?).
To be honest though if I were a supplier I'd just tell them to get lost, I really can't see them lasting much longer anyway - I'm amazed they got through the last recession.
"*Did you know that it's now an offence to create a nuclear explosion?"
Reading the section you quoted that isn't true, under that bit of law you can perfectly legally create a nuclear explosion.. you just have to convince the court it wasn't a weapon 'no officer it was a science experiment that went wrong'...
Ok maybe the man on the street may have problems convincing a judge on that grounds but at least our scientists can actually research nuclear stuff which is an improvement over some other laws..
I agree with you that public transport is better than car ownership when feasible, however all the suggestions you have assume a very urbanised population with people who have sufficient mobility to use public transport effectively.
The fundamental problem with public transport is that it is costly and inconvenient for areas of low population densities. Trains/Trams etc only run on very fixed routes, as soon as you are a few blocks away they quickly become very unattractive to use. Busses are more flexible but their schedules are generally inconvenient outside massive cities, plus the cost of a driver driving round a bus which is empty for much of the day just doesn't stack up unfortunately.
Self driving vehicles have the potential to solve many of these problems, buses and taxies which are computer driven will be cheaper to run, routes can be made much more flexible with call buttons/online booking to get the bus/pool car to reroute and pick you up where you are - particularly in rural areas, cheaper more flexible public transport with pool cars is where I see the future ending up for many people.
"The Crown Prosecution Service (CPS) has also reviewed the evidence and has determined there are no grounds to pursue a criminal prosecution."
I'm no lawyer but surely this behaviour would count as fraud - or do the targets not actually impact anything financially.
Lets hope in the future test calls are explicitly excluded from statistical purposes.
"Deliberately with-holding medical care so that someone dies is murder."
No it isn't, and it is actually pretty routine. Daily doctors make the decision to turn off incubators, to stop doing radiation or chemotherapy, to not perform aggressive (or any) resuscitation on patients, or otherwise stop or not start various types of treatment. All of these are forms of withholding the medical care which may prolong the patients life and without which will generally directly lead to their death. Generally this is justified on lack of any foreseeable quality of life in any form and/or the fact the life is only being kept through artificial methods.
There are also cases where the decision is made but then the incubator is kept running a while longer until a match has been found and prepared for their organs so that they are, um, the freshest possible.
Medical ethics is a complex and complicated landscape with very few clear cut decisions.
I actually had that happen in Hampshire (thin kit was actually a £10) they just printed off a voucher ticket for the remaining value which could be used on another bus. Needing to get home I didn't have much choice in the matter. Though that is better than Coventry buses which don't give change - you had to put your coins down a slip and the bus driver didn't have access - think a note in that would have caused issues.
So I think you are saying we should keep an eye on anybody who is educated (particularly in Chemistry) just in case? Perhaps the solution is to ban education then people won't be able to write the contents of encrypted communication, problem solved?
The article said you don't have to buy an identical lock - you just need the face of the lock looking similarly enough/the right shape to accept the key (easily knocked up from a photo), and then have the cylinder accept any key so locks and unlocks but doesn't actually check the shape of the key.
Surely it depends on how the PINs are stored? If they are in an appropriately secure password vault its no worse than storing other types of password and pretty secure. Similarly if the PINS are sufficiently steganographically hidden (inside a fake contact phone number perhaps) then as long as it isn't obvious the odds of an attacker knowing it is there and guessing the right set of numbers before the card is blocked is pretty secure (I'd be more worried about them resetting your paypal password through access to your email account).
There is also the question of which is better - 1 pin for all n cards you have, or a pin for each card but that leads to issues with remembering them all so you have to record them securely in your phone.
" YouTube generated an average of $0.72 in music royalties per user. In 2014, Spotify generated $20.16 per user: 28 times as much."
I'd hazard a guess here that all of spotify users listen to music, and spend a long time listening to many many different tracks. On the other hand many many of you tube users only use you tube very occasionally and may never watch a video with infringing music (too busy watching badly filmed cat videos). But then comparing apples to oranges to get some meaningless numbers never hurt anybody did it?
The reason for offering higher is it is a bribe to stop people suing for unfair dismissal. With only statuatory payout IBM has to be 100% confident they have clearly followed every letter of the law otherwise they could end up with some rather expensive employment tribunals costing far more.
I'd much prefer to pay a modest amount on the tv license and not see ads than have the BBC descend even further.
As for other TV services, the reason you should pay for the bandwidth to view the adverts (assuming you really are paying per MB) is because that is your (indirect) contribution for paying for the thing you obviously value as being worth more than zero.
As for the BBC comments considering how many devices (smart tvs/STB/consoles/media centers etc) have integrated iplayer into them, anything they do to change how it works has a large chance of breaking those devices and so is a challenging thing to plan and execute. That said simply changing the rules without any enforcement would get a bit more revenue from those honest households who want to follow the letter of the rules.
Who verifies the quality of the paralegals/interns who are given the task to read through 3 million documents? (The expensive lawyers won't be looking at them all). Given how dull and boring many of these documents are I wouldn't be surprised if there is a very high error rate from humans doing the filtering.
My understanding was that there are third party firms who provide hacks to governments (http://www.theregister.co.uk/2013/09/17/nsa_vupen/) and I would therefore be very surprised if these firms haven't developed the techniques that the FBI is looking for - with physical access to the device most things are possible. Given that in this case the FBI would never need to use the contents of the phone in a court of law I see on reason why they wouldn't be able to use these third party companies.
Therefore this looks to be part of a long term strategy and this case is being used to set a precedent as it is an easy sell to the man on the street as being a proportionate action. Once the precedent is set they can start sliding down that slippery slope to their final much less morally defensible objectives.
In short yes.
The CPS guidance here is worth reading: http://www.cps.gov.uk/legal/a_to_c/computer_misuse_act_1990/
Basically if "at least one significant link with the domestic jurisdiction" - so either the hack was performed from the UK, or targeting a computer in the UK would look to be sufficient.
Hacking an online account is no different to any other type of hacking, you are still trying to gain access to computers for which you don't have permission (or are exceeding your permission), in this case computers owned (or operated) by AOL.
"The last thing your script does is turn off the SSH port (or whatever method your OS uses to let you logon) so you can’t log-on to the machine anymore."
There goes any chance of performing diagnostics on that machine then, or presumably copying files off the machine to read logs or extract core dumps etc. Or if you can copy files back and forth the machine is no longer immutable.
Perhaps sysadmins should be employed who can follow procedures and can be trusted to only make manual changes on machines when they have to?
“We did an analysis of hundreds of projects over a multi-year period. The ones that delivered in less than a quarter succeeded about 80 per cent of the time, while the ones that lasted more than a year failed at about the same rate.”
So the simple projects (note no comment about release schedules) are much more likely to succeed than more complex projects. In other news...
The blame is on the firmware designed because when developing firmware you should be coding defensively, you shouldn't assume that all the layers above you behave perfectly and understand the implications of operations they perform. They should have anticipated failure modes where the UEFI data gets corrupted/zeroed/deleted and coded to defend against this (failing back to using defaults).
"Brian Plastow, told The Register that the PND system was "not that great" as it returns only a number of possible image matches which require human assessment, comparison and investigation."
To me that sounds exactly the correct implementation, there will always be margins of error and it should be up to a human to recognise that they should assess and investigate the results properly, not just go with the highest hit and ignore the very similar looking person in position. The fact he thinks that makes it really not that great is worrying - though obviously I've not seen the implementation so it may be made really badly..
Actually with voting there are 4 options:
1. Aye
2. Nay
3. Can't even be bothered to turn up
4. Abstain (The whips will make my life hell if I actually vote against)
There is no division for abstain in parliament, however parliamentary rules do allow you to go into both divisions giving your name to the clark and actually voting Aye and Nay at the same time, thereby actively abstaining (and also having a chance to gossip with MPs from both sides of the house.
You don't know how much they spent on it, nor how well it actually works in reality - remember the options with SIGINT is either ensure the enemy doesn't realise that it exists and so therefore doesn't defend against it, or make the enemy believe it is far better than it really is so they are forced to use less efficient/more costly/less flexible methods.
There's probably also the fact that they deliberately excluded the politicians from the process and so didn't have the goal posts and requirements constantly being moved and changed.
You could also say human counters are valueless as they can make mistakes and be subverted.
In reality they both can have their place. The voting system needs to have a proper secure paper audit trail than can be manually verified by hand. Against an attacker attempting to subvert the election result then polling machines could theoretically be subverted, however an attacker of that kind can also subvert human counters, fake postal votes and generally get their own way, having a paper audit trail (done properly) which can be verified helps protect against this case. Voting machines can however ensure that counts are done quicker (not that I understand the obsession on speed) but also more accurately, if in doubt look at how often paper recounts occour and how often they produce different results even in first past the post. When you have multiple layers of rounds and complicated vote allocation systems these mistakes are far more likely to occur and the odds are a properly tested and vetted machine is more likely to get it correct.
Of course the machines should be properly tested and vetted by independent experts, and at the minimum the test cases and results being freely accessed and reviewed with a mechanism for test cases to be challenged and additional tests to be proposed.
Drones are clearly a stupid idea. Driverless vans/minibuses on the other hand would make sense. Currently a lot of time is spent with posies driving round to pick up other posties to get them to the next part of their route or resupply then with the next bag to deliver. Driverless vehicles could fulfil this post of the role well. Though electric trikes and the like may also work out cheaper and more environmental.
My assumption is that someone was asked to produce a large number so probably took the approach of counting OS versions so that Windows XP, 2k, Vista, 7 and 8 all count as different OSs as do Red Hat 5,6,7 and Centos 5,6,7 and however many other flavours of Linux are deployed.
To be fair when looking at consolidating what you have to support that isn't an unreasonably approach, IT generally only want to support once specific OS release version not any flavour of Linux that a random dev happens to favour.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
