* Posts by Adrian 4

2288 publicly visible posts • joined 18 Jul 2009

Windows 10's defences are pretty robust these days, so of course folk are trying to break them

Adrian 4

Re: "Win10 supposed to bring higher-level security"

Bob, I feel your pain.

But it's self-inflicted. Whatever the convenience for you of using some windows app, can it really be worth the hassle ? Just find another way and give it up. you kow it makes sense.

Then we can all enjoy your perspective without the computer-induced rage.

Anon man suing Google wants crim conviction to be forgotten

Adrian 4

Google

I'm not terribly impressed by Google's argument either. If they use the same name in a bunch of places they should have a responsibility to redirect contacts appropriately, not expect the litigant to understand their arcane responsibility-dodging company structure.

Adrian 4

blogsite

What is this site ? 'Squaremilenews' sounds like it ought to have some sort of financial information but it actually seems to be full of the prurient clickbait beloved by the Daily Wail.

I don't have much time for finance types especially if they want to conceal previous misdeeds from prospective clients. But squaremilenews doesn't seem like something I'd want to defend either.

US government upends critical spying case with new denial

Adrian 4

Roper: So now you'd give the Devil benefit of law!

More: Yes. What would you do? Cut a great road through the law to get after the Devil?

Roper: I'd cut down every law in England to do that!

More: Oh? And when the last law was down, and the Devil turned round on you — where would you hide, Roper, the laws all being flat? This country's planted thick with laws from coast to coast — man's laws, not God's — and if you cut them down — and you're just the man to do it — d'you really think you could stand upright in the winds that would blow then? Yes, I'd give the Devil benefit of law, for my own safety's sake.

Boffins are building an open-source secure enclave on RISC-V

Adrian 4

Re: That's hard

I don't believe we want hardware peripheral 'standards'. The PC is not a good example to follow : it is a hideous repository of bodges and legacy inclusions in an attempt to keep it vaguely compatible with a 40 year old design and a poorly-documented 'industry-standard' evolution.

Yes, there are applications where a fixed and documented set of hardware is useful. But it's domain-specific and should not influence architectural decisions.

A more reasonable approach is to support some well-known interfaces (such as USB, PCIe etc) with an implementation that makes sense for the processor architecture. This then allows software drivers to be portable between systems with a relatively low-level bus interface.

But binary compatibility at the peripheral level ? No thanks.

Spies still super upset they can't get at your encrypted comms data

Adrian 4

A 'new math' that makes current crypto irrelevant is quite likely to come along. But it won't solve anything, because it will also provide a new math for _doing_ crypto and the pattern will repeat.

Governments have some great minds in their employment. If a solution that fits their needs can be created, they'd be among the people who would find it. So let them propose an actual solution with peer-reviewed mechanisms rather than pretending it's the industry's problem. Then they've got a realistic argument.

Adrian 4

Re: No way.

And if the good guys turned out to be corrupt, what chance the current ones ? We knew they were corrupt when they went in.

Fourth 'Fappening' celeb nude snap thief treated to 8 months in the clink

Adrian 4

Re: Gymnophobia:

That 'the greeks had a word for it'.

No, eight characters, some capital letters and numbers is not a good password policy

Adrian 4

Sure, but that assumes you have hashes for all the passwords you want to check. It will work for stupidly obvious ones like 'password' but not for a large enough set to be useful. Which is why password crackers start with a dictionary and modify it in increasingly complex ways.

I'm kind of puzzled by the downvotes actually. People are welcome to their opinion, but I didn't expect to get such a consistent level of disapproval for basically asserting that passwords shouldn't be stored in an accessible form.

Can someone explain what was so offensive ?

Adrian 4

Re: Dictionaries

How about running a few password crackers against the login and disabling any accounts that fall to it ? Then the people who pick good passwords get to keep them and the people who pick poor passwords have to come cap in hand to IT and ask for a new one.

Adrian 4

How do you know they've got rubbish passwords ? Do you store them unencrypted, or capture them at the point of entry ? If so, I don't think the password quality is the biggest security problem.

Perhaps you try a dictionary attack against them - but that's only likely to get the ones you already know to be common, like 'password'. It's not going to catch 'password<random number> for any but a handful of not-very-random numbers.

Adrian 4

A password policy that's unusable by the users can't be considered 'proper'. It's a failure.

UK getting ready to go it alone on Galileo

Adrian 4

Re: UK has the resources

'Do you realize that the UK existed and was very successful a long time before the EEC/EU?'

Yes, but that was in the Victorian era (and the succeeding years when we traded off our past). It isn't considered polite to rule and asset-strip third-world countries any more, but the civil service hasn't quite caught on to the new ways of doing things yet. Give them another 500 years and we'll be able to do it with globalisation instead, just like the americans.

As porn site pounds hard on piracy laws, Cox pulls out prematurely

Adrian 4

Who cares ?

It seems as though a bunch of rights agents and telecoms operating companies - both industries that make nothing themselves but sell access to other people''s work - are fighting over a share of cake.

It's hard to give a toss, really.

OMG! Battle looms over WTF! trademarks

Adrian 4

I'm surprised to find that the Hull company appears to be independent. Hull is notable as the home of Reckitt and Coleman (now Reckitt BencKiser), surely the sworn enemies of P&G.

Keep yer plastic, says analyst: eSIMs aren't all they're cracked up to be

Adrian 4

Maybe the mobile operators need a better business model ?

One that aims to share infrastructure rather than duplicating it.

Winner, Winner, prison dinner: Five years in the clink for NSA leaker

Adrian 4

She didn't do wrong. She broke the law.

They're not the same thing.

It liiives! Sorta. Gentle azure glow of Windows XP clocked in Tesco's self-checkouts, no less

Adrian 4

No, I think it's an honest mistake. They went shopping for a POS operating system and obviously Windows was the first thing that came to mind. That's the trouble with acronyms - they tend to result in hash collisions.

Security MadLibs: Your IoT electrical outlet can now pwn your smart TV

Adrian 4

Re: Low Impact - Really?

Yes.

But only if they're even more poorly designed than the leaky wifi power switch.

Adrian 4

Re: So long Grandma, thanks for all the fish

an .. automatic defibrillator ?

That's an interesting idea. I think there's probably a law against it though. Internet-connected or not.

TLS developers should ditch 'pseudo constant time' crypto processing

Adrian 4

Re: Obviously, their code 'Review and Approval' processes need some work...

Formal verification shows the code to be mathematically correct. That's not the same as 'having no out-of-band signature'.

Microsoft takes another whack at killing off Windows Phone 8.x

Adrian 4

Re: Why would you buy a phone from Microsoft ever again?

"Do they honestly expect us to buy the ever-rumoured Surface Phones at this point, when evidence points to them getting bored and killing the platform 18 months later? "

Of course. It's what they've done with countless other technologies and been successful. Define new platform/api/infrastructure, get developers on board, ditch it for something else, rinse and repeat.

The amazing thing is that everyone keeps falling for it. It reminds me of Johnson's comment on second marriage : 'a triumph of hope over experience'.

(To be fair, I could make a similar criticism of google and various linux developers. The software industry thrives on fixing things that aren't broken, and failing to fix things that are).

Facebook flat-out 'lies' about how many people can see its ads – lawsuit

Adrian 4

Why would anyone care about thieves defrauding thieves ?

https://www.youtube.com/watch?v=RbAAVLcMzr4

'Oh sh..' – the moment an infosec bod realized he was tracking a cop car's movements by its leaky cellular gateway

Adrian 4

I have a cradlepoint (cradlepoint.com) device that's a mobile router with a gps receiver. it can conveniently fail-over from ethernet to wifi to 4G for the upstream connection. So yes, a hotspot.

Meet the LPWAN clan: The Internet of Things' low power contenders

Adrian 4

Re: VHS and Betamax

Zware and zigbee are short-range technologies like bluetooth and wifi - they're suitable for home use with a local gateway. These other options work at much longer range - 10km is mentioned for sigfox. This makes them suitable for small remote sensors like water level (flood warning), etc.

Certainly, home sensors could use short-range technologies and probably will. But there's a large class of devices that want low power, low data rate and long distance to the gateway.

Julia 0.7 arrives but let's call it 1.0: Data science code language hits milestone on birthday

Adrian 4

0.7

And what's wrong with calling it 1.0 ? A major version number change usually implies some sort of milestone, not a decimal increment. How would you ensure there are exactly 10 minor increments between major increments ? Add bugs until you'd done enough releases ?

At least their numbering doesn't go 3, 3.1, 3.11, 95, 98, 2000, ME, XP, Vista, 7, 8, 8.1, 10.

Talk about left Field: Apple lures back Tesla engineering guru

Adrian 4

Re: Tesla has plenty of problems...

He's only been at Tesla since May. Most of his knowledge was gained at Apple, and presumably that same regulation stopped him sharing it with Tesla.

Google Spectre whizz kicked out of Caesars, blocked from DEF CON over hack 'attack' tweet

Adrian 4

Re: It's to be hoped that the conference organizers vote with their dollars...

No. Harrogate's classy.

And it has a great attraction for defcon attendees : https://en.wikipedia.org/wiki/RAF_Fylingdales

Phased out: IT architect plugs hole in clean-freak admin's wiring design

Adrian 4

Bank on it: It's either legal to port-scan someone without consent or it's not, fumes researcher

Adrian 4

If the client side javascript can scan localhost, I guess that NAT firewall isn't too much use against browser-based attacks.

Oi, clickbait cop bot, jam this in your neural net: Hot new AI threatens to DESTROY web journos

Adrian 4

Re: Easy source.

'Shocking'

Game over for Google: Fortnite snubs Play Store, keeps its 30%, sparks security fears

Adrian 4

Re: No brainer

30% is pretty cheap compared with a typical retail distribution channel.

Make Facebook, Twitter, Google et al liable for daft garbage netizens post online – US Senator

Adrian 4

Re: Hmmm

"I never understood how FB and friends got away with it."

They can afford more effective (I hesitate to use the word 'better') lawyers.

Sysadmin trained his offshore replacements, sat back, watched ex-employer's world burn

Adrian 4

Re: Timing is everything

"I did - from a company that produced RTOS'es, later aquired by Intel. I was the EU network and Solaris admin and worked with my counterpart in California to keep things running."

Sounds like Windriver.

Nah, it won't install: The return of the ad-blocker-blocker

Adrian 4

Re: I'm seriously thinking about charging Coca Cola rent.

'McDonalds seems to have been very successful in conditioning people to whistle their irritating little signature tune at random times of the day. I'm sure they don't even realise they are doing it.'

One of the popular mobile phone manufacturers has a ringtone (or possibly SMS notification) that sounds a lot like the McDonalds jingle.

Google unwraps its gateway drug: Edge TPU chips for IoT AI code

Adrian 4

But

but, Motorola had a TPU 20 years ago !

http://collaboration.cmc.ec.gc.ca/science/rpn/biblio/ddj/Website/articles/DDJ/1996/9612/9612f/9612f.htm

Oh boy: MPs prepare to probe UK.gov's digital prowess and tech savvy

Adrian 4

@Kubla Cant

"Since their latest effort is to arbitrarily apply IR35 to as many public-sector jobs as possible, the struggle is likely to continue."

That's just a money-laundering operation. By increasing tax on contractors they force up the prices departments pay and then recover it in tax. This allows the recycling of funds that were supposedly ring-fenced into general taxation.

If you're serious about securing IoT gadgets, may as well start here

Adrian 4

iot mark

There's also an effort to create a certification marking to show IOT devices have been designed with proper consideration of security and interopability.

https://iotmark.wordpress.com/

Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch

Adrian 4

Re: Bbbbbut we're told the Russians are the boogie men....

We have always been at war with Eurasia.

Let us commence the two-minute hate of Emmanuel Goldstein / Osama bin Laden / Vladimir Putin

It serves the government well to have enemies for the people to hate. It doesn't much matter who they are, as long as they're not the government.

Fix this faxing hell! NHS told to stop hanging onto archaic tech

Adrian 4

Re: UK Intellectual Property Office - Sorry can you FAX that

I suppose an image-transmitting IM service is completely beyond the bounds of possibility, so fax will always have to be on standby ?

Adrian 4

Re: Sometimes, Paper is just more valuable

"We've all worked with people who will email after every conversation or phone call to "confirm" what has been said"

And very welcome they are too. Though they could probably save time and dispense with the conversation. I'd much rather search my inbox than my memory.

Adrian 4

Re: @ wolfetone

@HmmmYes

If only that were true.

AI threatens yet more jobs – now, lab rats: Animal testing could be on the way out, thanks to machine learning

Adrian 4

Sounds completely useless.

Isn't the point of testing to find out if there are effects that aren't expected from the theory ? If the computer models were perfect, there wouldn't be a need for testing at all. So relying on a knowledge base - even one with trendy words attached - isn't going to do even half a job.

Ransomware is so 2017, it's all cryptomining now among the script kiddies

Adrian 4

cross-platform

"Check Point further noted an increase in the number of malware variants targeting multiple platforms (mobile, cloud, desktop etc)."

But no details of how that's done or how one might guard against it, unfortunately.

Fresh cup of WTF with lunch? TeamViewer's big in Twitter's domination-as-a-service scene

Adrian 4

Re: To do the same for free...

"You accessed your FaceBook account from your work computer ?"

You still have a facebook account ? WTF ?

Git365. Git for Teams. Quatermass and the Git Pit. GitHub simply won't do now Microsoft has it

Adrian 4

Re: Trolling for comments

@JDX They sure buggered it up, though. Repeatedly.

Schneier warns of 'perfect storm': Tech is becoming autonomous, and security is garbage

Adrian 4

Re: ahum, dumb fucks ?

We don't have Caution: HOT on coffee cups because of dumb fucks. We have it because of lawyers.

Any idiot knows - or hopes - their coffee is hot. But if it says so on the cup, there's less chance that when they accidentally spill it on their lap that they'll be able blame the vendor.

It's not information. It's arse-covering. But yes, Americans.

What's all the C Plus Fuss? Bjarne Stroustrup warns of dangerous future plans for his C++

Adrian 4

Re: Disagree....

C++ still isn't good enough for embedded systems (unless you mean phones, which are more like a pc on a stick than their embedded roots)

Sir, you've been using Kaspersky Lab antivirus. Please come with us, sir

Adrian 4

Sales feature

Kaspersky is doing it wrong.

Banned by the agency best known for planting spyware and illegally accessing their own employers (federal and public) data ? Must be good ! Buy it !

Indiegogo lawyer asks ZX Spectrum reboot firm: Where's the cash?

Adrian 4

Re: Optimists

It got spent on some other lawyers ?