* Posts by Mark 65

3432 publicly visible posts • joined 11 Jun 2009

Blighty: If EU won't let us play at Galileo, we're going home and taking encryption tech with us

Mark 65

Re: Hypocrites

The bit that always got me about the Brexit vote was the remain campaign thought that voting against it was a vote to stay in the EU under the current circumstances, as is, ad infinitum (not sure what all of the leave camp though, wide and varied no doubt). Unfortunately this deal was never really on the table. Given the current direction of the EU - closer union, EU army, new members must adopt the Euro etc - it is quite clear that the status quo was never on the table as far as the EU was concerned and eventually there would have to be a reckoning. The UK's position would have gotten ever weaker with the majority no longer willing to be stalled by vetos from a single "not really in" member. To ignore that and think you could keep your current sweet deal is just wilful ignorance.

Mark 65

Re: Chokes with laughter

@AC:

...I still won't support Brexit as the freedoms I'm losing are worth much more to me than money.

So move to fucking Europe and quit whining, nobody is stopping you.

Fancy that, Fancy Bear: LoJack anti-laptop theft tool caught phoning home to the Kremlin

Mark 65

Read conference materials? I'd be incredibly surprised if they didn't have people writing the materials and making presentations as "researchers" etc.

Mark 65

Nah, pretty sure Kanye is just a dick.

Mark 65

Re: Worrisome? Yes. Surprising? Not really.

What is more worrisome to me is that the method of persistence is modification of the BIOS/firmware. I understand why it is done, but that would want to be some pretty well quality assured, controlled and secure software to be allowed to do that. I'm also guess a firmware flash by a competent thief nullifies this anyway.

It's World (Terrible) Password (Advice) Day!

Mark 65

Missing the point

Maybe I'm missing something with password policies I've encountered online. If a user's password is stored as a salted bcrypt hash, which is presumably then of a fixed length, why do some policies then specifiy 10-18 characters in length? I've witnessed this a number of times and unless it is an arbitrary limit based upon computational resources to repeatedly hash something what point does such a low maximum length serve - I understand the minimum length requirement? I have other accounts where I've used random 30 characters and those sites don't care and just accept them.

Can someone in the know explain this phenomenon?

Shocker: Cambridge Analytica scandal touch-paper Aleksandr Kogan tapped Twitter data too

Mark 65

Re: Email Address

That's the whole point about Big Data. It isn't about better relationships with customers etc it has always been about Big Snooping. Collect as many different data sets as possible and then link and analyse. Not that the work isn't interesting but it is certainly creepy. What a lot of people don't realise is that these data sets all end up in one place. They think data from company X and company Y never meets because they belong to rival chains but X & Y will both monetise their grandmothers for a dollar or two. Data brokers - now there's a thing.

Just think...Tweet history, followers and following, Facebook posts, likes and network graph, shopping history, electoral role data, LinkedIn or recruitment agency data etc. There is a shit-tonne of information out there to be analysed.

Mark 65

These people are likely posting pictures straight from their phones or from an app on their phones in which case all bets are off. Always thought there should be a setting, much like Lightroom uses on exporting pictures, to strip metadata before sending.

Windows USB-stick-of-death, router bugs resurrected, and more

Mark 65

Re: I am surprised at TP-LINK being vulnerable

I think the best direction these days is to look at dd-wrt, open-wrt, tomato, gargoyle etc; decide which one you like; then look at the list of compatible hardware and choose your router from there. Vendor updates seem few and far between and only for the latest models. A decent router can last for many years - as I have little need for AC wireless my 802.11a/b/n router is still just as useful today as it was when I bought it 7 years ago - so it makes sense to go with open firmware and get timely openssl updates.

nbn™ CEO blames copper for performance problems

Mark 65

Mandated Telstra dealings

that the use of Telstra copper was a political, not an economic, mandate

Funny that, as of 28/8/2009 the Government's Future Fund (you know, the one that holds the money to cover their superannuation liabilities) held over 1.3bn Telstra shares according to this

statement from the fund itself (10+% of the company)

http://www.futurefund.gov.au/news-room/2016/11/11/media-release---future-fund-sells-34-per-cent-of-its-telstra-holding

I doubt they've made any large sales since as they normally state so.

That's a nice incentive to juice your pension pot. Before anyone dares state "but if they didn't cover it in the fund it would come out of taxation" - it just did. The fuckers.

Cutting custody snaps too costly for cash-strapped cops – UK.gov

Mark 65

Re: Too difficult?

She argued that trying to clean up the central database to remove images relating to people without charges might not be worth the time and money, especially as the cops would have to cough up themselves.

Reading that I thought "Is that the best you can come up with?". We need to keep all this illegally retained but nevertheless really handy for facial recognition data because...too hard, much cost, not worth it.

Yahoo! webmail! hacker! faces! nearly! eight! years! in! the! cooler!

Mark 65

Baratov's team, meanwhile, contends this was his first run-in with the law and he was in his teens for much of the alleged activity

"The Extenuating circumstances in the instant matter are plentiful. This is Mr Baratov’s first arrest. Additionally, Mr Baratov was under the age of 22 during the majority of the time that he hacked email accounts," they argue [PDF].

To these two points I would respond:

1. First run-in with the law simply translates to first time caught breaking it

2. Who gives a shit? He was an adult and the age of criminal responsibility is substantially lower.

There is no perceived IT generation gap: Young people really are thick

Mark 65

Re: That takes me back

For anyone over the age of 40, these doughnuts look just like the crumbly bleached dog turds you’d see decorating every pavement curb corner.

White moulder.

No way, RSA! Security conference's mobile app embarrassingly insecure

Mark 65

Re: Which is more embarrassing?

More embarassing?

RSA has maintained that it didn't take the NSA's money to bork its own products.

How about them feeling incompetence is the better option for a security outfit?

Apple's magical quality engineering strikes again: You may want to hold off that macOS High Sierra update...

Mark 65

Re: countless issues

High Sierra is looking like Apple’s Windows ME. From what I have read on here and other sites it has been a monumental hubris filled fuck up from start to finish. Even though he could be “you’re holding it wrong” arrogant, I do not believe shit like this would have been tolerated in the latter part of Jobs’ reign.

Apple may be cash rich but it seems like there are some serious problems emerging - is the quality control a reflection of a cultural malaise?

ISO blocks NSA's latest IoT encryption systems amid murky tales of backdoors and bullying

Mark 65

Re: Why does each IoT device need strong encryption?

There’s clearly two categories of IoT device here, medical implants and everything else. For the latter the OP makes a valid point. For health implants I’d argue they need to be very short range and engineered entirely different from a convenience widget.

Mark 65

Re: "Leaving the Standards Authority with no choice but to"

Word’s document format isn’t really a lingering concern for most although it is likely a security hazard.

Mark 65

Re: NSA helped Microsoft "secure" Windows Vista

I have always wondered how “if they have physical access the game is over” and “secure cloud services” can live together. If you don’t control the hardware, the firmware, the virtualisation layer etc how secure can it really be, especially in a post spectre/meltdown world?

Chinese web giant finds Windows zero-day, stays schtum on specifics

Mark 65

Price to be paid

Microsoft would far prefer that users stopped using Internet Explorer and adopted its Edge browser instead. Some users are proving stubborn, though: according to Net Market Share, IE still has a rusted-on 12 per cent of the browser market.

That's the price you have to pay for stepping away from the W3C standards and implementing the shit that is/was IE6 that countless organisations are now dependent upon due to legacy author-gone-bust applications using some of its various quirks.

Karma.

UK spy agency warns Brit telcos to flee from ZTE gear

Mark 65

Re: Semantics

Surely it should say "Oop North"

Mark 65

Re: "excellent prices"

So that went well...

Certainly did for the little shit's bank balance.

Mark 65

Re: Irony Abounds

Am i the only one that see the irony in the 5 eyes, on one hand bleating about the security issues with Chinese gear and with the other demanding back-doors into all gear?

Whilst I understand your sentiment, would you rather they did nothing and we perhaps got royally owned due to use of the kit? They'd be absolutely slated for not pointing out the issues. Spying on your own people is shitty and used to be supposedly illegal but spying on foreigners and protecting our own comms. is their primary reason for existence.

France wants you to put lights and beacons on your drone

Mark 65

Not so sure

Though registration of all drones weighing more than 250 grams will certainly happen over here

A law requiring it may certainly happen but I very much doubt compliance "certainly" will. Heck, there are some that still drive with no MoT or insurance so it's unlikely to be complied with. More likely will be its convenient use by the police to then search, fingerprint, DNA swab you etc.

UK health service boss in the guts of WannaCry outbreak warns of more nasty code infections

Mark 65

Re: they will not learn...

Taylor said NHS Digital has developed a much more comprehensive disaster recovery plan since the WannaCry attack before embarking on a rigorous, ongoing testing regime. "The thing we’ve done since that is test, and test, and test again... when [anything] does happen, we’ll be in a much better position.”

and the point he's clearly missing is that the whole endeavour was preventable - prevention being better than a cure. Whilst it's essential to have a good well tested back-to-normal-ops plan, patching your shit would be better. Not using legacy operating systems where avoidable would be good and perhaps going for something like a Wyse terminal connecting to server sessions may be advisable (again, where appropriate).

They're back! 'Feds only' encryption backdoors prepped in US by Dems

Mark 65

Re: Simple, just call: 36-24-36

Moneytalks.

Mark 65

Into a coma would be nice.

Mark 65

Re: There is God given right to privacy

Next time anyone says that line I'm going to ask them if they approve of the methods used by the Stasi in East Germany during the cold war.

To which the honest answer should be yes seeing as how, information wise, we are way beyond their wettest dreams already. The general public posting everything on Facebook has been a great help. Imagine going back in time and telling the head of the Stasi that in 40+ years time you wouldn't need lots of spies or torture as the public would just offer up their thoughts, opinions, relationships etc for free in a giant cesspool of searchable data because they actually believe your catchphrase (and that of every despotic regime) of "nothing to hide, nothing to fear".

Who'd have thought re-education would simply involve lowering standards of education and letting nature take its course?

Mark 65

Re: We need a name for this, and I'll throw one out there:

Implemented using the all new Unicorn Chip.

Mark 65

Re: Criminal Defence

Considering the US is the country in which an accomplice burglar was convicted of murder and sentenced to 95 years after a police officer shot the other burglar dead when they were trying to escape.

The US has been the undeniable leader of the worst judicial system on the planet that masquerades as being fair or just for quite some time and by quite some margin. Countries with similar systems are often just accused of being openly corrupt rather than "the land of the free" - who says they don't understand irony?

Mark 65

Re: Political mindset extrapolation

Being smart isn't a prerequisite to being elected. Being a greasy rent-seeking parasite seems to be though.

Mark 65

...maybe you will be motivated to only store them on a device you've bothered to look through the firmware for?

Yeah, because leading phone models never get pen-tested by independents who actually have a clue what they're looking at do they? If things like the Intel/AMD design faults get discovered I'm pretty sure ant firmware or, more importantly, hardware ones will. And that is the point, your firmware may be open but what about the hardware underneath?

Mind the gap: Men paid 18.6% more than women in Blighty tech sector

Mark 65

@jabuzz: Not true. In the financial services sector you sign an exemption form. "Why would you do that?" - they won't be employing you otherwise.

AWS baits cloud hooks with DeepLens machine learning camera

Mark 65

There's a good reason for developers delve into AI disciplines: Companies are looking to hire AI experts. As with security, high-level talent is scarce.

As usual, companies want the latest and greatest at minimal cost. Although high-level talent may be rare, no training will be offered as self-starters are cheaper in the wage race to the bottom. This will end with people who don't know what they're doing pointing "deep learning" at every possible problem 'cos AI and swearing results they don't comprehend - obtained through a methodology they don't understand and most likely is inapplicable to the task in the first place - are gospel.

Already seeing it where I work. Apparently every problem ever can be solved though "Machine Learning". Jesus wept. The problem I want solving is "why their parents procreated".

EUROCONTROL outage causes flight delays across Europe

Mark 65

So some fuckwit was able to connect test code to the prod database or thereabouts? Unbelievable. Zero segregation of networks. That reliability to date is clearly through luck not planning.

Why a merged Apple OS is one mash-up too far

Mark 65

Re: OS !== UX && OS !== CPU

Isn't this where Microsoft was going with Continuum on Windows Phone? Plug it in and you get a Windows PC.

The thought of the registry being on my phone, ewwwwwwwwwwwwwww!

Mark 65

Re: Chip shortages...

Unless they're building their own foundry, chip shortages will still be a problem as it is down to capacity of your outsourced production. Storage and RAM are normally the bottlenecks rather than the processor.

Students: Duh, of course we're blowing our loan bucks on crypto coins

Mark 65

Re: What has become of students!

Well, they have a good chance of getting fucked...albeit financially. That will then likely lead to consumption of alcohol to drown sorrows. Fait accompli.

Mark 65

Re: Investing?

I'd also question the use of the term "investing". "Punting" perhaps, "gambling" maybe, but not "investing".

Uber self-driving car death riddle: Was LIDAR blind spot to blame?

Mark 65

Re: "...a [Lidar] blind spot low to the ground all around the car."

The question is: did the bike and pedestrian reflect laser light?

My question is more "what the fuck was the supervising meat-sack doing whilst this 'testing' was going on?". I'd have though that in any such test the human in the vehicle is still ultimately in charge else why be there at all? Not sure whether it was media bias and selective edits or not but the video I saw of the inside of the vehicle showed them paying zero attention to the road ahead when the accident occurred. Not really how a supervised test is really supposed to work.

What's silent but violent and costs $250m? Yes, it's Lockheed Martin's super-quiet, supersonic X-plane for NASA

Mark 65

I remember when I stayed a my Gran's house as a kid I used to go outside around 5-6pm (vaguely from memory) to watch Concord fly over. Never tired of hearing the noise and seeing something so different to all the other aircraft.

Billion-dollar investor tells Facebook: Just Zuck off, already!

Mark 65

Re: Its Not Just Videos That Aren't DELETED

If you ever had an account, they can still track and follow you

No more or less so than if you don't have an account, and not as much as if your browser is permanently logged in to Facebook.

Europe dumps 300,000 UK-owned .EU domains into the Brexit bin

Mark 65

Re: EURid

Can't beat a bit of petty-minded spite though can you.

Why you shouldn't trust a stranger's VPN: Plenty leak your IP addresses

Mark 65

Re: IPv6

Mine merely shows my VPN endpoint so all is well - advantage of using router based VPN. The fucks the ISP and the local council off. The nation state actors will likely be able to correlate / aggregate from various site access timings.

Mark 65

Re: disabling WebRTC

I'd amend that to be "don't use a VPN provider for doing something untrustworthy". If all you're doing is hiding metadata from your ISP and forcing your Govt to get a warrant rather than having the local dogshit warden read your emails then all is well. If you're a dissident or need better protection then I'm afraid you need better spycraft.

Intel outside: Apple 'prepping' non-Chipzilla Macs by 2020 (stop us if you're having deja vu)

Mark 65

Re: This doesn't surprise me

@Aitor 1: Macbook Air battery life with Macbook Pro 13" performance? To be honest, with the iPad Pro that end of the product line seems a little cramped. Perhaps it is an upward creep to the Macbook Pro line as they feel they are constantly waiting around for a performance/power kicker from Intel? That would give more synergy (MBA-ism, sorry) between the iPad Pro line and the next portable item up, leaving the real meat of performance in a (hopefully) revamped Mac Pro which would (presumably) remain Xeon.

iMac and Mac Pro to be Xeon, all else Apple ARM? Given where the bulk of sales sits it kind of makes sense to be master of desired characteristics in the volume segment and just buy in at the server-grade end from Intel/AMD.

Mark 65

Re: "cheaper than Intel"

Economies of scale are the vendor's profits not your saved costs. Sure, they pass on a little for bulk orders but, just like cloud providers, those economies add to their profits not your savings - there's a reason Bezos is loaded and it ain't his altruistic generosity.

Mark 65

Re: This doesn't surprise me

I don't really see any evidence or logical reason why they would remove macOS either. It would essentially completely kill their Mac business as iOS is absolutely not a competent replacement for a proper desktop OS. I would drop Macs like a stone if that were to happen and never look back.

Unfortunately given the history and current direction of Apple that doesn't mean they wouldn't jump off of this particular cliff in the name of short-termism. The MBAs are piloting the ship at present and seem to be disappearing up their own arses. More engineering and less form over function now desperately required.

Their so-called modular Mac Pro replacement could be the make or break for the future of the Mac desktop and OSX in general. iMac Pro may have power but it has shit heat characteristics with poor upgrade-ability and part replacement capability. It's been 5 years and counting - it best be f'cking good.

Mark 65

Re: The only fly in the ointment...

All the native OSX stuff is an update upgrade from the App store or recompile away.

FTFY.

Mark 65

Re: Why?

Existing machines won't stop working, nor will their CPUs change the instruction sets they use.

+1 for subscription software? Just kidding, you've more than paid for the update.

Apple, if you want to win in education, look at what sucks about iPads

Mark 65

I think that iPads work great in education for older kids who have their own personal one and use it to cart around text books and to take notes etc - more something for the private school than the state one. Same for University where you may want the texts, the multimedia, the touch/pen interaction, the battery life and the low weight. For me the typical state school use should revolve more around a computer lab with machines that run off of network images like an internet cafe such that the machines are ready to go at the start of each lesson and pretty much guaranteed to work. Storage can be quota'd on a network.

I've always felt the "hand out the shared iPads" mentality smacked of convenience over outright practicality. Just because the kids have them at home doesn't mean they are fit for purpose in the classroom, especially once cost and budgets are considered.