Posts by Mike 16

Russian vote-hacking, and 2FA

So, the Russians had nothing to do with dodgy "signature fails", false announcement of polling places moving, real moving or closing of polling places with little or no notice, "harvesting" of absentee ballots... Good to know American Ingenuity is still a thing, without help from furriners..

As for 2FA, having it actually work might be nice, but as it is, every time I use one of my alternate computers, or a VPN, or use the (horrendous) gmail web interface _on_ my main computer, I get a panic message from Google about a "new device", even if I had had it for years and used it the day before. It's almost like they will not rest until I give up dealing with their buggy IMAP interface on a non-google device, and just turn on the "snoop everything, all the time" stuff in the webmail and app.

But that "no password reuse" advice is "table stakes" for security. But also consider "Don't invite a vampire (IoT) into your home"

Any chance

that while they are remodeling the Star Chamber, they run across an old copy of Magna Carta in the walls?

Systemic?

So, if a backdoor does not affect _all_ applications on _all_ systems (e.g. has no effect on at least one flashlight app, or doesn't work on an iPhone 3), then it's all good?

Hacks R us

When someone (probably senior, but they'll find an intern to blame) forgets to renew the contract with a "security consultant", you can expect said consultant to go looking for other customers. "Business is Business".

But I totally agree that it is far more likely the contractors were not merely out for monetary rewards for services rendered.

Electing someone who owes us money: Maybe a few hundred million dollars

Sowing chaos in the 'Free World': Priceless!

No loss in model accuracy?

That sounds a lot like the typical advertising "There is no better <x>", which they intend us to read as "This is clearly the best" while those who stayed awake in rhetoric might discern it as "This is not really any worse than the rest of the crap".

I like the analog stuff, though. At last an explanation for occasionally wildly odd AI results. "It works just like your brain", which is so simple/obvious that even Uncle Phil can understand, after a few too many pints.

But X still uses Y!

Brings to mind the days when DEC PDP-10s were considered mainframes, and someone gleefully pointed out that a certain growing non-aerospace Seattle company used one for its business infrastructure, rather than "dogfooding".

The response was a (slightly later) statement from said company that it did not own or operate any such systems. Not mentioned: These functions were now carried out by independent contractors (coincidentally former employees) in leased office space (coincidentally) formerly occupied by the same people and equipment. But _technically_...

(IIRC. Anecdotal, this may not have happened, Don't believe everything you read. Where did I put that lawyer's card?)

Do they promise

A "Happy Ending"?

Our octopod overlords

So, https://en.wikipedia.org/wiki/USA-247 is a not-so-subtle message that (some?) US TLAs are parts in a vast conspiracy having something to do with a certain Abrahamic faith, but also so self-aware they would advertise this themselves?

One difference between gold and crypto-coins

You generally have to pay the people with the spades, or at least a sufficiently nasty and well-armed set of slave-watchers. With crypto-coins, you can often get away with commandeering the resources of others. That's been the key to success for millennia.

Five Nines

OT, but that reminded me of the "pep talk" we recently acqui-hired remnants of a once-promising startup were given on arrival at the (larger head-count than the town I grew up in) megacorp. The speaker was the (insert plausible title translating to "high muckety-muck") of global marketing, and he reassured us that the emphasis will still be on commitment to quality and reliability, promising we would deliver "nine fives". A fellow newly-borged coworker and I looked at each other, agreeing that this lot could probably achieve it.

Mandatory Standards

One must presume that any mandatory standards promulgated by GCHQ (or other five-eyes "security" agencies) will contain NOBUS (Nobody But Us) provisions. Secure from everybody but GCHQ and friends, where some friends are such bastions of freedom and decency as [redacted per security spec]

eVilla?

Is that Cruella's sister?

Jumpers

Here's the thing. While I agree that in an ideal world where computers are managed by knowledgeable technicians with both the skill and the attitude to "do stuff right", any firmware mods (let alone JTAG access) would be controlled by a hardware jumper, preferably one that is either:

A) Verified to be disconnected before the "special mode" it was needed for can be exited back to "normal mode" BIOS/UEFI)

or

B) In such a position in the case that the vulnerable system cannot be buttoned up and slid back into the rack.

That just "doesn't scale". When Spectre/Meltdown or similar are discovered and (at least partially) mitigated, the small business with under 10 servers can do the trudge from one to the next with a "crash cart", and probably has one person who, because they need to be a jack-of-all-trades, has all the needed skills. Now consider even a medium-size outfit (like one of my former employers) who has three or four rows of a dozen or more racks with at least a dozen servers per rack. How many crash-carts do they have? How many adequately skilled IT techs can you cram into each aisle, if you even have them?

One might argue that hardware designers should be more about reliability and security than the current mania for speed and cost, or that software developers should dial back the "Ship it and deal with any problems in the next release, or maybe never, Does never work for you?"

That argument is unlikely to get much consideration from folks who need to keep the lights on in the face of financial and schedule demands. In this universe anyway. "Damage to reputation" doesn't seem to actually happen much anymore. Pretty much all the "victim companies" of massive data breaches are still in business, and no corporate officers are in jail.

Everybody wants quality, damn few want to pay for it.

To be fair

It would be difficult to have the human operator touch "OK" on Curiosity's screen, so "Always accept all updates" was their only possible choice, although I might quibble with the "don't bother even notifying the user" bit.

Or maybe the decline in c ( http://www.talkorigins.org/faqs/c-decay.html ) has messed with the comms gear, but only for "fake science" results like "Mars is definitely over 6000 years old"

Two minds

I agree that incarceration is probably a lose/lose for society, but I can't help wondering if there is more to it.

I can't shake the notion that they will be employed mainly in creating malware for the FBI rather than on chasing other outlaws.

The Abagnale reference is taken, yet you don't typically hire a ninja to trim your topiary, no matter how good he is with a sword. But if you are darn tired of that pesky neighbor, it might make sense.

So how many seconds

of 1080p low-latency gaming does it take to hit the "don't call it a cap" on your "unlimited data" plan and get throttled to 200kbps?

Also, how long before some buffoon walks in front of a bus while using an augmented reality headset that displays it as a coach and four unicorns?

(and as other have mentioned, how long does it take to walk out of your coverage area?)

Meanwhile BMW

is recalling some of their diesel autos:

https://www.reuters.com/article/us-bmw-recall/bmw-recalls-324000-cars-in-europe-after-korean-engine-fires-faz-idUSKBN1KS1ST

I don't know about you, but spontaneous combustion seems a more immediate issue than emissions cheating.

Of course, BMW could always ask this comment to be removed as a "Right to be forgotten".

Not only Russians

Back in the 1960s I read a book from the 50s or earlier about the U.S. Navy's submarine program, including a disturbing story from the early days. A naval inspector noticed a small pit on the pressure hull of a sub under construction. As a bureaucrat, he of course had a paperclip handy, and was astonished to find that the "pit" was a hole, all the way through. Rushing to the shipyard management to report it, he was confidently assured that since the hole was "above the waterline" and would be covered by paint, there was no problem.

Pressure differentials work either way, but construction by the lowest (or best connected) bidder is a constant.

Maybe RS should move

To a city so tech-friendly that they can find a web-designer who doesn't make a hash of the images, or doesn't rely on images rather than text. I can see how some people would consider their "Gender Equality" (or possibly "hook-up sex") icon appropriate for "Quality of life" (at least in Firefox 61.0.2, MacOS Sierra), but I have to believe there is more to quality of life. Little intangibles like not having to cope with inept web-designers.

Have to move to California?

Why? Are there some low bridges or narrow tunnels on the route from Lost Gators to Whereverville?

Or did you mean selling the house _and_ the land?

Help from a broad

Note that all of the president's wives (so far) have been "from abroad". There are some jobs U.S. citizens won't take.

A few Years prior

Yup. There's a reason that an AM radio was hidden in the 1403 printer, to be found by Group Captain Mandrake, in the 1964 film Dr. Strangelove.

Besides "play almost recognizable music via a transistor radio", we had a more practical use:

"Recognize the distinctive tone of the idle loop, to know when it was time to put on the parka and go into the machine room to start the next job"

Fax still with us

As several commenters have noted, an organization that uses a simple Fax machine, or that does not hook up their All-In-One to their network (and why have such a machine?), is relatively safe from this. At least as safe as they are from the scum that spam any known fax machine. Well, as long as that all-in-one honors the user option to _not_ enable WiFi. But again, if you need Fax, get a fax machine, not an all-signing-all-dancing-all-compromised thing that incidentally does Fax.

As for popularity.. My proposal (in 1982) to my then employer to include (at least as an option) a Fax modem in our laptop product was shot down. My argument "for" was simply that pretty much any hotel had a fax machine, and would usually allow customers to use it, so rather than having to pack a printer along with the laptop, small amounts of printing could be done by fax. The argument against was from an in house "expert" on two grounds:

1) He printed a document on a cheap dot-matrix printer and then faxed it. This of course was under sampled in away that looked truly horrible, but that was his goal, and manglement had never heard of Nyquist.

2) "Fax is a niche technology and will never be common"

Westboro Business model

At least two commenters so far are apparently unaware of the actual nature of "Westboro Baptist Church".

The business model is actually quite simple:

1) Found a law firm (mostly family).

2) Declare yourself to be a church (No interaction with any recognizable Baptist congregation needed).

3) Behave as badly as you can while staying one micron inside the law. E.g. shouting offensive crap at the funerals of combat veterans. Someone is sure to have an emotional response.

4) When police break up the resulting kerfuffle, cry "Police Brutality" and sue the city where this occurs.

5) PROFIT!

In other news

Perhaps we should consider other paths to cheaper, more plaint worker, or not:

Robot Orangutan Vs Wild Orangutan Sawing Duel

https://www.youtube.com/watch?v=YFR4a9vcri4

Ultimate goal?

To make the typical bad detective show "Enhance" of photos into "reality" so convincing it can fool a jury.

Like where they take 3x5 pixels from a dirty CCTV camera last serviced in the 1970s and get not just the license-plate number but an estimate of how long since the car was last washed and a list of roads it has traveled since.

Could be a real boon to "parallel construction" unless someone grows a conscience at rats out Ofissah Plod.