Posts by Tom 13

Re: Dear US of A

OPM is the clearing house for every other agency across the country. How else to you manage that other than an external facing network? No, really; how do you do it? Army, Navy, Air Force Marines, Coast Guard National Guard, okay maybe them you can put on secure PCs on the mil net. Dept of Energy? Dept of Commerce (NOAA/weather, FAA)? Dept of Treasury? Dept of Homeland Security? NASA? Dept of State? Dept of Veterans Affairs?

You need immediate access across multiple locations. Maybe you can make the case it shouldn't be on the internet, but even that's problematic. Yes it should have been secured better than it was, but simply not public facing won't meet system requirements.

Re: Just direct employees? Or also contractors' employees?

It's a question OPM is mostly dodging for the moment for the first breach (technically tepid denials), on the second the answer seems to be yes both types of data were compromised. And really, if you're thinking about it from the black hat angle, both databases have value if not necessarily of the same type. If you've got a fed you probably have deep penetration, with a contractor you might get wide penetration.

Re: discovery will lead to questions being asked about the resources being spent

Why? They're two completely independent questions. What you want cut off is about collecting data on potential threats. The OPM breach is about protecting known targets.

Re: almost anyone can walk in and look round any US Gov/Mil computer

No, not the Mil computers, OPM. Trust me on this. My roommate has enough trouble logging into his work computer every day and he's authorized to do so. The secure one? Yeah, that's an even bigger PITA.

The problem is OPM forgot ignored the fact that since those records constitute the underpinnings for the whole security infrastructure, so when collected into a single database it requires one grade above Eyes Only clearance.

Re: they will only correspond by telephone.

Be thankful they do.

The "free security" OPM is offering as a result of the breach? Yeah that's right government is distributing the notification in unsigned email asking those who have been affected to go to a website to register. If you have the temerity to call them, they refer you to their website while keeping you on indefinite hold. Absolutely no chance for fraud there sir, none whatsoever.

Re: Why did the FTC spend your money on this?

In this case it sounds like the guy wound up with tangible assets as a result of the scam. I'm all for the FTC seizing those regardless of whether or not someone besides the scam artist is trying to make the investors whole. Besides which, if he skates, he might try it again.

Re: Councils just get a bundle of data without the expenditure of money, time and effort,

Pointless. A couple months ago a buddy of mine lost two wheels (not tires, wheels) to a road in Philadelphia. There's no way in hell they didn't know that road needs to be repaired. It wasn't a case of trying to avoid some potholes, it was a matter of deciding which potholes offered the best chance at successfully traversing the road.

Re: Unrealistic and dangerous

You're DNC talking points memo doesn't pass an even cursory reality check. DC schools get more money per student than almost anywhere else in the country yet churn out some of the worst illiterates in the country. Despite all that money they regularly hold "Community Service Days" to have volunteers come in to paint the walls then turn around and beg parents for money to buy school books (assuming they even care about school books in the first place). The numbers and stunts are similar in Philadelphia, Detroit, and Chicago.

Until schools do actually get back to teaching the basics (reading, writing, 'rithmetic) nothing else, including attempting to teach coding skills, will matter. And the truth is, you don't need computers to teach those.

Re: this particular embedded system was constrained to 16K of ROM

Even at 16K of ROM, for a file that critical there should still be an existence check, and probably even a sanity check for the values supplied.

Re: I would not store critical configuration data in a config file.

I when I read that statement in the story I interpreted it as:

Because of variations in manufacture and the tight tolerances of the flight, during installation certain bits of information specific to this engine on this plane are set and recorded for use by the system. So the data will be different for each engine.

How other than a"config file" are you going to store that data? Yes you can argue there should be safety mechanisms to prevent it being inadvertently overwritten, but depending on what else you are updating you might already be in a privileged context anyway.

Yes, I think a check at start up was in order, although in this case it should flash a warning and ground the flight, not supply some default that may cause the same sorts of issues later during flight anyway.

Re: Just read the paper

6. Now, since buoys are nominally more accurate let's give them higher weights. This would normally be correct, but it's blatantly inconsistent with the previous adjustment - why did you choose to "correct" the more accurate data?!?

This I'm actually willing to accept for sea surface temperature. Two different types of errors. One is unreliability of data because of missing data and variations in taking readings. The other is a shift in data points for a known cause that always points in the same direction by the same amount.

Case in point. Quite a few years ago I worked for an OEM that made column ovens for Perkin-Elmer (The company I worked for actually owned the patent and licensed them to P-E). Part of the contract involved them doing QC on received ovens. They did the tests and started rejecting sets because the data was inconsistent. Our chief EE sat down with them and reviewed their testing procedure. They were simply putting two thermometers in the oven at different places and taking the temperature. Our method involved placing thermal couples on the entrance and exit points for the column. This turned out to be critical. Their method was fine for a traditional column oven that heated from the outside in. If the temperature in the oven wasn't consistent, you couldn't heat the column. Our column oven heated the fluid by direct thermal transfer on the plate. So the temperature in the oven was not necessarily correlated to the temperature inside the column, but the temperatures at the entrance and exit points were.

It's the rest of the problems that bother me.

Re: What we really need

No, the problem is worse than that. Weather is a chaotic system. That means that before you can say anything meaningful about climate change you need to know whether it is a chaotic system with a convergence, or even any sort of stability.

To know that you need a baseline of data at least a couple tens of thousands of years long, and the closer you get to half a millennium the better.

US weather service data is maybe 150 years total and those numbers hold for most of Europe because the US was settled around the time weather was morphing into meteorology. Even at that the only really reliable data comes from the era of satellites, which cuts those numbers in half. Which means there's nowhere near enough baseline to do anything other than throw the bones and tell a good tale when it comes to climate change. With 65 years of data we've finally gotten to the point where our 10 day forecasts are about 50% better than guessing and our 3 day forecasts are about 90% accurate.

Re: Ross McKitrick? Seriously?

Ross McKitrick's PhD is in the one area that counts for purposes of this paper: handling statistics. Atmospheric chemistry doesn't affect that.

Re: We need to know what is happening

You know what's happening, you just don't want admit it.

Does the research come from someone you personally know? No.

Does the published data raise the specter of CATASTROPHE! Yes.

Does the research urge you to CLICK HERE NOW! to fix this? Yes.

That means it's probably malware/spam and should be deleted post haste.

@craigb

No, that's TEXAS. Here in DC we have to use ROT7 to save money.

@Robert Carnegie

And I seem to recall one of the old arguments in favor of http over https was that with https the browser has to tell the website who you are. With http you might be able to stay anonymous.

Re: US Government who WILL have a genuine secure certificate

BWAH-HA! BWAH-HA-HA! BWAH-HA-HA-HAH! BWAH-HA-HA-HAH-HA! BWAH-HA-HA-HAH-HA-HA! BWAH-HA-HA-HAH-HA-HA-HA-HA-HA!

You so funny! Six years now I be govie contractor. Six years now the first thing I have to do before I take my IT Security Awareness Training is ignore the broken certificate on the website.

BTW: Overheard in the hall today: "Yeah we could get a DOD certificate for free, but most people don't have the root DOD certificates in their browsers." I don't know personally, but since he's the chief sys admin (yes he hates that monkey Windows crap and prefers Linux) I expect he probably knows what he's talking about.

Re: So we cant trust HTTPS then.

You can't trust lead mines. Poison you they will. What you really want is just a deep salt mine.

Re: As long as there has been microphones there has been listening bugs.

One might even claim there were listening bugs before the microphone.

One they like to show off on the tour of the US capital is the spot where John Adams had his desk. The room being an oval, his desk was at one of the foci. His opponents desk just happened to be at the other one. So Adams frequently knew the details of the opposition plan, while he made a point of never having such discussions at his desk.

Re: I'll believe it when I see it.

Nope. If he produces it, that just marks him as a government disinformation agent.

Re: Yes, however, think about all the economic growth it is bringing!

If it's subsidized by the state, that's not economic growth. It's a bubble that's probably only benefiting the corrupt power brokers.

Re: And how is this surprising

More simply, War is the extension of politics when talking fails.

@Yag

Anyone foolish enough to believe the French are allied with him will only learn otherwise when he discovers the knife in his back.

Re: Picture.

You are obviously someone who hasn't looked at any current POS systems. They all come in at least 32-bit color and some seem to prefer 64-bit, especially in fast food joints.

@h4rm0ny

No, that's too direct and could get you in legal trouble. It would be more along the lines of:

"You will be most fortunate to have this man catch a thief for you."

Re: How Much Too Tesla?

The GM comparison is a complete red herring. Anybody following what happened with the car industry knows GM was just the shell company passing the money through to the unions. The unions financed The Big 0's first campaign as well as his second.

Re: at the salary (and bonus?) levels we're talking here

You've clearly never met anyone working at those salary levels. Like a wage slave few of them are rarely more than a paycheck away from having to file bankruptcy. And in any event being fired is never easy, even if you don't NEED the money.

It is entirely possible the position was unnecessary and she should have been let go. But never make light of being fired, especially someone who has spent a long time on the job and who has never had a bad performance review.

@Doctor Syntax

when interest rates are lower savings lose their value.

Savings ALWAYS lose value relative to the rest of the economy. When savings rates were at 7 or 8%, inflation was running 10%+. That's why truly wealthy people have their pocket money in savings accounts and their wealth in bonds, stocks, etc.

What's different now is that at 5.25% (the old savings and loan guarantee before the S&L collapse) people didn't FEEL like they were losing money. At 0% interest (or even 0.75%) people both know and feel it.

Re: Hmm

Except the governments are all telling us the bits that were loaned to prop them up have all been repaid so the money isn't going there. And at this point the regs have all been at the high point for more than 4 years, so that should have equilibrated by now and we ought to be seeing some improvement in the economy and hence the interest rates.

No the problem is more fundamental and Tim names it by missing it here:

Our transmission mechanism, V, may be broken or partially malfunctioning, but we can overcome that simply by flooding the place with M, so as to avoid that fall in PQ.

There's a whole lot more to this MV <--> PQ thing than M, V, P, and Q. Whatever that more is, the artificially inflated housing prices broke it so badly that it isn't translating to inflation. But what's broken so badly is the job market which isn't recovering. There was something of an astute observation on these pages a few days/weeks back: the inflation is real and its there if you know where to look for it. They pointed at luxury goods, I'd point at food prices. The inflation is real, but the numbers used to measure it are being manipulated to make it seem like it isn't. IF we ever do gain traction again in the job market, the Central Banks won't be able to stop the hyperinflation building because they're flooding M because the job market broke V. The instantaneous transmission will just take over.

Any rational person looking at the US economy right now can't have a positive outlook. One of the places the inflation is going is right back into a housing bubble. Most people aren't buying because they can't get the loan (a few are worried they might get stuck when the next shoe drops), but if you look at what is selling (because they have money or access to money) THOSE prices are headed back into pre-collapse territory.

St. Milton was right: don't fuck with the money supply. Keep the money supply growing at the rate at which the economy is really growing (which also means don't fuck with your GDP statistics) and make the politicians solve the problems they create.