Re: So you've missed out the big detail.
You've never seen how the Beltway bandits in Washington work then, have you?
6775 publicly visible posts • joined 27 Nov 2009
I'm glad I'm using a Samsung Galaxy S20+. The Exynos chip means that the Qualcomm problems are not my problems. With the Kyrin chip in my company phone, I'm spared there as well. Although that might be because people are looking for problems in Qualcomm kit and Exynos and Kyrin are (currently) being ignored.
On the good news front, Samsung have already issued the August patches for the S20 line, mine restarted over night after having installed the patches.
That is the real problem. If they can integrate the information into the rest of your profile, that provides a lot of information that can be monetized, for example selling information to health insurance companies etc.
This person does ~3,000 steps a day, has a generally high heart rate and searches a lot for near-by branches of McDonald's and Burger King, searches for Doritos and Nacho Cheese dips and streams hours of video every day from YouTube... If FitBit starts also doing blood pressure, blood oxygen levels etc. That provides a lot of additional pointers. Put in extra information from things like App usage, uses Uber Eats every day, uses an electro-roller (instead of walking or using a push bike) etc. and you have a lot of very "bad" information for the FitBit data slave, sorry, FitBit users.
A lot of the intellectual property is also in those drivers. As long as that IP has to be protected, there isn't a way to open source it.
It is one of the catch-22 situations that causes Linux users so much pain at times. At the end of the day, I just want my system to work stably and optimally, I don't give a flying fig, whether it is 100% open source or 100% closed source or a mixture, as long as it runs and does what I need.
I like the openness of Linux, but at times it is enough to drive one to drink, because of the Kernel devs lack of flexibility and making it harder for users to get a system working optimally. I understand it and I applaud it, while also be extremely frustrated at times - one of the reasons why I use Linux on my servers, but my main desktop is still a Windows machine.
But the way Lemon was trying to sneak this in the backdoor is wrong.
I don't know how the UK DPA has implemented GDPR, but in Germany you need to sign a form saying you have been informed of how the company will be handling your data and that you give them the right to pass on that data to named third parties.
Case in point, my doctor was on holiday yesterday, so I went to his locum. There I had to sign a data protection sheet, that stated that they would store my data and hand it on to my health insurance NPO and my normal doctor. Without that, they couldn't store my data (and therefore I wouldn't be able to have a consultation).
We are starting to use Teams at work. Part of the process is that all employees have to sign a waiver that they have been informed that their name will be stored in our Microsoft cloud as username and firstname, forename, but not other information will be used, and that that information will be visible to other Teams users, including external Teams users who they communicate with.
Without the waiver, they cannot have access to Teams. Several employees won't sign, so they can't use Teams.
Exactly, this is the problem you have when you try and put IoT in goods not designed for that - cars, industrial processes, speakers, white goods etc.
The products are expected to last, probably, a couple of decades and the tech stops working and either makes the product unusable or a security risk after a couple of years.
I'm still using my radio alarm from 1989. It still does its job. Our 2017 smart TV has already lost its "smarts", because Sony stopped delivering security updates last summer, so I removed it from the network as a security risk. Even worse, my daughter and her friend bought a Sony smart TV for Christmas 2018, Sony stopped updates and things, like Amazon Prime and Netflix, actually stopped working in October 2019.
We have both just stuck a FireTV Stick in the back, but that is the last time that I'll buy a smart anything. I'll buy a high-quality, non-smart device and cheap, disposable "smarts" where they are warranted. That way the high quality product will run for a decent lifetime and the smarts can simply be replaced when support stops. I'd rather replace a FireTV Stick ever 3 - 4 years than a smart TV every 18 months!
This has always been a problem with Microsoft and such products, they get released in the USA, and possibly a couple of other English speaking countries. Then their usage is compared to the global usage of their competitors and the products are canned, because they don't get used, even though they have never been globally released.
Zune - US sales low, compared to global iPod sales, product canned.
Band - US sales low, compared to FitBit and Appl Watch global sales, product canned.
Cortana - US English only on limited devices, usage low compared to global Google Assistant and Alexa usage, product canned.
What really stood out with Cortana was that it did get some international release in Windows 10, but iOS and Android were US English only, because they didn't have the back-end server infrastructure to cope with an international roll-out (that was the official excuse 3 years ago). Why would they not use the same back-end for all platforms? And, given that Microsoft has Azure, that is a pretty poor excuse.
At college, a couple of us were sent to a local hospital to help write software on their BBC Micro for the kids department. Those sessions took twice as long as planned, although the software was written in less time that envisaged, because, unbeknown to the college, we were playing Elite when nobody was looking...
As a refugee, who worked for Plessey and GEC, with colleagues who joined us from Marconi, Ferranti and Racal, before we got sold off, yet again... Yep, I agree, the UK has done everything it can to marginalise itself in the world of technology and manufacturing over the last 5 decades or more.
And these are corporate phones, not the employees' private phones.
Our company has a very tight policy on what apps are allowed and they have to be approved by the IT department - in fact, the users don't even get the password for the account used to sign up the phones to the Apple/Google store.
What is wrong with banning software on corporate devices? We have very strict policies.
Our company phones get the approved mail software and a couple of other apps installed, then they are locked down. If we want something like TikTok, we have to install it on our private phones.
Still it has the advantage that we are supposed to leave our phones at work in the evening, or turn them off, when out of hours.
Huawei allegedly has patents on a lot of 5G technology that is ahead of the competition.
They may have started off by ripping off designs from Cisco and co 2 decades ago, but they invest a lot of money in their own R&D these days and are ahead of Ericsson and Nokia in many areas, especially antenna design, AFAIK.
Given that GCHQ has spent at least half a decade pouring over the source code and hasn't found anything, I'm guessing it isn't spyware ridden - or when it is, then it is GCHQ compliant spyware - although they did not a bunch on "normal" security bugs.
Also, it isn't replacing 5G gear, it is removing it from the existing 2G, 3G and 4G as well as the network core.
And, "only half a billion", that is still an extra half a billion that they will have to source from end users. That means higher contract prices going forward, for example.
I'd had access to all the backend source code and had actually listed all the places I could find, where they had unescaped SQL queries, but they just didn't want to listen.
I then tried a few simple things to show them that it was a problem.
In the end, I just decided that a DROP TABLES was the most obvious way of getting my point across. A permanent DOS attack, as it were.
I did some white hat testing back in the early 00's.
"You have a SQL Injection vulnerability in your eShop."
"Not important, it works."
"I could insert orders without payment."
"I don't believe you."
"I could disrupt the site."
"Couldn't happen!"
>clickety<>clickety<
"Hey, where has our site gone?"
"Oh, did I just inject 'DROP DATABASE;'?"
(It was on the test system, but still left the devs a little red faced.)
The Germans and EU have been pushing for this as well. The average household has more chargers than devices, so why do I need a new one, every time I buy a new device? If the device runs permanently off the main, that is another thing.
We have 2 tablets, 2 phones, Kindles, headsets etc. that all need charging "now and then", we have 2 chargers in the kitchen for all of them (one USB-C, one MicroUSB).
Last year, we had a clean out and I threw away about 8 orphaned USB chargers.
I've experienced that. I am the "right sort" of immigrant. I've been out with people of diverse races (East European, Turkish, African and me, a Brit). They were called bloody immigrants, when I pointed out I was also an immigrant, I was told "yeah, but you don't count!"
A lot worse, in fact. The CANBUS was not designed to be attacked from outside and the manufacturers started throwing things like wireless sensors for tyre pressure at it. As long as the ignition is on, the car is vulnerable.
Yes, you have to be in close proximity, but you can still take over the car.
With the extension of diagnostics etc. being shown on the infotainment system, the problem got worse. No security, no firewall between the CANBUS and the "radio" (which should be read-only, but only in theory, if you can hack the infotainment, you can write to the CANBUS).
Some newer cars haven learnt from past mistakes and some now include a rudimentary firewall between the CANBUS and the rest of the car, but not all and it is obviously not retro-fitted to older vehicles.
I'm looking for a nice classic car, no EFI, no onboard computer, just boring old mechanical bits that are easy to repair and replace and can't be hacked - other than with a hacksaw.
Not if you also don't go and delete the original meanings from the dictionary.
I often find words that don't make sense to me in classic literature and I go and double check the word and see that it used to have a different meaning. I like that challenge to what I know, I am always expanding my knowledge.
I agree, up to a point. Blacklists were not racist, when conceived, they were just a death list, hence the colour black. But the term has been corrupted over the years.
The same with Black Hat and White Hat, doesn't that come from B&W Western films, where the hero always wore a white hat and the bad guys always a black hat, so that you could keep track of them in a brawl... Again, nothing to do with racism, just the restrictions placed on early movie making.
When I was a kid, I was a gay child. You can't call a kid gay these days, because its usage has become corrupted.
Language evolves and words get corrupted or hijacked. That is part of life. As long as we don't forget the original meanings and don't "correct history", going back and replacing historical terms that were acceptable at the time with PC versions, because their meaning today has been hijacked.
If the words cause offence today, what is the harm in using different terms in contemporary projects? Yes, those terms will also be corrupted at some point. But, for example., subordinate is very different to slave and has very different connotations, it is not about what has control and what is controlled, slavery is very different.
Try learning a foreign language with it. In German, it isn't any easier: die Legasthenie.
I have mild dyspraxia and dyslexia. A real pain for somebody who spends all day writing. I've taught myself to cope with it in most things and generally have to re-read everything I write 3 - 4 times. One of the things I hate with the Register forums, I'll come back after an hour and find I have written total nonsense, despite re-reading it, but I can't correct it.
This is assuming that a) there is such a thing as Google, when you do this b) you think about looking in /prod/<pid> etc.
In the middle of the night, in a time before Google or other major search engines, you were left to your own devices and what you could remember from reading the f'ing manual.
It depends, if you sell something, you have to record the name of the buyer, for online sales, and that information has to be kept for tax purposes.
There is a big difference between data that has to be collected to run a business and data collected to profile visitors and to sell that data to a third party.
Even if you request deletion of data, there are certain categories where financial, tax,public record or other laws take precedent and that information will not be deleted on request or has to be kept for a certain period, has stricter rules regarding its removal etc. At least under GDPR.