Re: OMG
Sweet!
3108 publicly visible posts • joined 9 Jun 2009
Airbus starts at least with a dynamically stable airframe (which is where all the 737 MAX's problems originate), and as its software has the last say instead of the pilot, redundancy is not seen as an afterthought but as a critical safety component (and, let's be honest, as the only way to get a FAA certification, at least one that's been done properly).
Last but not least, Airbus has decades of experience with software running the show, so by now they have a pretty good handle on where issues can arise and what to do to address them now before it ends up killing people. For Boeing to think they can quickly slap something together to fix a fundamental physical design problem and put that pretty much in charge over the pilot is unforgivable, especially since this was so critical to keep the plane in the air. It also raises MAJOR issues about the certification path for the 737 MAX.
Thanks for that. I was just sent a link to a document written by a pilot who has also an IT background, and it makes, frankly, for horrific reading.
As a matter of fact, I preserved it, just in case Boeing tries to get it offline because it is a sane but wholly damning review of what happened, and why. I quote:
If I have not been clear, so far, let me say it succinctly.Boeing produced a dynamically unstable airframe, the 737 MAX. That is big strike #1.
Boeing then tried to mask the 737’s dynamic instability with a software system, similar to the systems used in dynamically unstable fighter jets (though those jets are fitted with ejection seats). Big strike #2.
Finally, the software system relied on systems known for their propensity to fail (angle of attack indicators) and did not appear to include even rudimentary provisions to cross check the outputs of the angle of attack sensor against other sensors, including the other angle of attack sensor. Big strike #3.
None of the above should have passed any muster. None of the above should have passed the “ok” pencil of the most junior engineering staff, much less a DER.
Go read it. After that, I suspect you won't go near a 737 MAX ever again, even after the patch.
Is it against the law to rent a ddos service and point it at its own command and control servers?
The challenge is verifying is the legitimacy of the resources of a DDoS provider. If they generate that through their own resources you'd be OK, but DDoS waves are typically generated by co-opting other people's resources (websites, IoT, breached machines, routers - as long as it can talk online), and in that case you're funding a criminal enterprise.
Attacking yourself is perfectly OK, but you best accurately document the process of choosing your choice of provider so you can prove due diligence. A legit DDoS provider (if such beast exists) must be able to certify how it generates its traffic and how it ensures it remains focused on legitimate targets, and will also demand a permission form from you for the same reasons.
Silicon Valley has shrugged off all but the bare minimum of responsibility
There is only one SINGLE reason that moderation isn't as affective as it ought to be: the almighty buck. The whole almost frenetic drive to find some form of AI that can filter this is hiding a very simple but brutal truth: only humans can moderate effectively but. they. cost. money.
We can debate about the degree of monitoring and whether this would or would not amount to censorship until the cows come home, but I think we can all agree that zapping this event and similar (and reporting it) would not be a hard decision for anyone to take - how about we start there? Furthermore, it is not as if we are short on case studies where else things have gone wrong so the debate that MUST be had is not going to be uninformed.
However, again not doing anything because it may be difficult or likely make some people angry is IMHO not an option. As is not properly funding it by those who have been reaping vast profits over the years, and they can start with donating the money that was made during the display of these atrocities (or did you really think I forgot about that?).
Yes, slimy shites. If somebody (a friend)has you in their phone contacts and they download the Faecebook app and accept the permissions requests, their contacts and your details are slurped by Faecebook. Some friend they are.
You might want to take into account that most people are utter innocents when it comes to privacy, they're no match for the conniving bastards that will use every psychological trick in the book to con people into giving permission to hand over details they should not share. It starts with roping in kids and establish the habit before they are old enough to judge their actions.
They're not bad friends, they are simply innocents who have their innocence used against them - the basis of every con job ever.
That's why you need to help them understand what FB is doing, in a language they can understand. Accusing people of something they're not even aware of is not going to help - we can (and must) do better.
(I'm repeating a comment I made earlier, just putting it in its own thread).
Google, Facebook, Microsoft, Facebook: they all want access to the one tracker we keep on us: our mobile phone.
Facebook owns WhatsApp, which is pure poison for your contacts: the first thing it does is give your entire address book to numbers to Facebook (it won't even work if you don't allow it to do that) WITHOUT needing to ask their permission.
Facebook asking for your number is thus just insidious camouflage: they most likely already have it. They just don't want you to realise that. I really don't buy it that they have not cross-linked those databases already, after all, there's money in it.
Google, Facebook, Microsoft, Facebook: they all want access to the one tracker we keep on us: our mobile phone.
THAT is why the use of WhatsApp is pure poison for your contacts: the first thing it does is give their numbers to Facebook - it won't even work if you don't allow it to do that.
This is why FB asking for your number is just insidious camouflage: they most likely already have it. They just don't want you to realise that.
if in a few years a cylinder-like object crash lands onto the common and after the top slowly unscrews Opportunity appears and heat-rays everything in sight.
... aaaand we have winner, grin!
For me, that's the Comment of the Week - beautiful segue into War of the Worlds.
Well done (still laughing).
To prevent mistakes, how about keeping your fingers simply out of people's email, Google? Just imagine what a shocking amount of pretence and fake certification efforts that would save.
What? Oh, that eats into your profit? Well, wouldn't it have been simpler to base your revenue on methods that are actually legal in the countries you operate, or am I missing something here?
I'm starting to suspect that Google, Facebook et al will be all standing together against the wall when the revolution comes.
That would be the wall that Trumps is building then? That's about as likely to happen as Google and Facebook's executive team properly facing the music.
Google even have the nerve to suggest you should trust a plugin of theirs if you do not want to be tracked by their analytics.
Let me see, because I don't want my neighbours to hear what's going on in my house I will allow them to install a black box in my living room. Yup, sounds totally legit..
I will consider sharing data with Google, Facebook and all the other grubby e-stalkers (not allow, mind, just think about it) if their executives make all their own personal data available publicly - every last bit of it. "Publicly" because, as far as I'm concerned, that is what your data will be when it gets into the hands of organisations that either buy the laws they want, or see fines merely as the cost of business, not as a hint that what they do ought to change.
As far as I know, an iPhone tracks every incoming call. The Imazing iOS management application for MacOS does more than just versioned, automated backups (although that's what I mostly use it for), it also backs up your call records and makes them accessible.
Call records include everything including FaceTime, so if you look at calls which aborted quickly you'll probably get an idea if you've been hit by this.
Worth a peek IMHO.
I figured I'd summarise the interview and the perspective of each participating country.
No, it is NOT OK. I can understand that, from your point of view, you want to leave the door open but no, it's not OK. If you want to make it OK, regulate it, ensure the regulation is applied and fines are issued to everyone who thinks the rules do not apply to them.
And I would still not be OK with it.
in my case of FB stalking i’ll privilege the IP cross-matching hypothesis
i created a burner FB profile for Tinder. new pix, slightly different name (same age (: ). my phone, a near death wifi-only Android never left home. FB app had never been activated on that phone before. i never surfed anywhere while logged into this FB on my browser. never friended anyone from it.
yet within days i had tons of friend suggestions for people i did know, but barely. somebody’s cousin or mother for example.
Actually, LikedIn shows the exact same behaviour. I created a new profile, pretty much blank. No CV, new contact details, different name, "joined" another company.
It took less than a day before it started to suggest, very focused, to connect to old colleagues.
The problem I have with attributing hacks is there there is a difference between a hacker based in China/US/Ukraine/France/Russia which is who you always find in your typical website 404 log, and a government sanctioned operator/operation..
1 - I am *always* suspicious of casual tagging a whole group or country as it makes for lazy and unnuanced thinking;
2 - how can you tell the difference?
3 - how trustworthy is the claim? Making such claims is also subject to political manipulation.
4 - "bigging up" the alleged hacker may make it appear that the hack would have happened anyway, and from what I have seen so far, that really isn't a feasible excuse for Marriott. There's quite a difference between making a mistake and simply not paying attention at all.
The root cause?
Absolutely .
IMHO it ought to be the basis of any fine: make the fine many, many times more than the expense of doing it properly, of course retrospectively applied and aggregated. It's the only way I can see this become a concern for those taking the decision as it hits them in their pocket.
Further, make security audits mandatory as well as their publication for big organisations after, say, a 3 month period to fix the problems found, with an extra 3 month wait extension only available via a rigorous exception process to filter out the usual excuses.
1. A human employee may not reduce the profits of the Amazon corporation, or through inaction allow profits to be reduced.
2. A human employee must obey the orders give to it by Amazon except where such orders would conflict with the first law.
3. A human employee must protect their own existence as long as such protection does not conflict with the First or Second Laws.
Ooooh, that is a *classic*.
This is one of those moment I regret that I only have one upvote, so I thus nominate this one for Comment of the Week, for sarcasm in the face of adversity.
Well done.
:)
Quite.
I even have a more advanced process in place: we work on it together on a machine. Much quicker. This tends to happen after we spend some time scribbling on paper, the machine version is more for sharing with any third parties who would consider especially my handwriting as a form of encryption :).