170 posts • joined 4 Jun 2010
What a waste
Doing 'benchmarking' processing, rather than something useful like bitcoin mining, or even factoring RSA moduluses / moduli (?) Oh well, I expect the Americans know what they are doing.
How does this compare with the attack on Ukraine's power suppliers and grid a few years ago?
One advantage of copper ...
... is that the telephone service can (and does) provide power over the connection, so that in the event of a mains power cut, people can still call the emergency services if the phone system is still operating. Okay, so 'everyone' has a mobile phone these days, but it is something that should be considered.
"Back in the day, engineers were real engineers. Computers were real computers."
... and small furry creatures form Alpha-Centauri were *real* small furry creatures from Alpha-Centauri.
(Sorry, couldn't resist.)
Knowing where you are is not the same as not being lost
I worked for a large company in a building next to the M3 motorway in Hampshire, England. We had visitors who would drive there for meetings, and we always told them NOT to use SatNav but to follow the map we sent them. Otherwise they would get the message "You have reached your destination" as they drove past the site on the M3, to much consternation on their part. Frankly it should have been in a Mr. Bean film. It usually took them another half hour to negotiate the minor roads from the next motorway exit, taking directions by phone.
Critical National Infrastructure vulnerability
Another article on the Register indicates that some malware has been designed to be backwards compatible with Windows XP. I wonder what OS those pumps are running? In the UK some years ago, fuel delivery drivers went on strike, and fuel depots were picketed. It was a national emergency and people were running our of petrol. Imagine what would happen if a hostile foreign power decided to stop all the petrol pumps working.
Whatever happened to ...
(I'll get my coat.)
Re: They does
Had you suddenly stopped buying condoms 9 months previously?
Design of systems
According to the good Dr. Levy "We need to design systems that fail in predictable and safe ways. "
Not really a surprise, but some way of actually doing it would be nice. Computer systems with literally millions of lines of code running on processors with literally millions of transistors are virtually impossible to analyse in detail to see how they will fail (and 'prove' in some way that they will fail safely and gracefully).
I wonder whether he'll be telling us all how he thinks it can be done in the next few years.
Re: Tesco - they only know that I do not shop with them, unless they've hacked into the Sainsbury's Nectar Points system, in which case I am undone!
Re: Windows 10 April update is in breach
According to the article:
"We've been enthusiastic supporters of GDPR since it was first proposed in 2012," Brill argued. "It sets a strong standard for privacy and data protection by empowering people to control their personal information."
So, what happens when 10,000 European citizens write to Microsoft withdrawing their consent for use of their personal information to impose Windows 10 automated updates? The GDPR specifically states that consent may be withdrawn at any time. I suspect that MS does not actually have the technical facilities to either process or comply with such a legally binding notification. And I don't think any regulator would deem it acceptable for MS to reply "Then don't connect your PC to the Internet."
Cue the EU seizing 4% of MS's global annual turnover (he said hopefully).
Biometrics: Better than your mother's maiden name. Good luck changing your body if your info is stolen
Problems with biometrics
People get damaged. So if you rely on fingerprints, don't hit your finger with a hammer. (Oh, and whorls indicate higher likelihood of cancer than waves.) Facial recognition? Try not to have an operation on your face (I know from personal experience it is quite painful, but better than having skin cancer on your nose). Iris recognition? Avoid sties or black eyes or any infection causing the eyelid to be permanently shut. Voice recognition? Your state of mental health can be determined from the range of frequencies you use. Hand geometry? there is a correlation between the d2:d4 ratio and sexuality (fancy going to a country where homosexuality is punishable by death or traumatic amputation?)
Biometrics are measurements of the body, and lots of diseases can be diagnosed from the eyes (not just glaucoma, jaundice or cataracts). People get damaged, so there must always be a non-biometric work-around for essential systems. Who are you prepared to trust not only with the measurements of your body, but with all the medical diagnostic and statistical correlations that go with them? (DHS officers, please form an orderly queue ...)
There is also the issue of finding the best routing between the sending and receiving devices. The base station (tower )geographically nearest your handset may be several hops further than a base station a few more metres away. The quicker the message can be sent, the sooner the bandwidth can be released for another message.
The actual study of networking efficiency is quite complicated and considers the speed of switching devices and speed of connections between routing points. (Please send solutions to P = NP?, on a postcard to ... )*
(* Yes, I 'm a nerd, live with it, I have to.)
Re: In Space it is really COLD
How are you going to accelerate a space ship capable of holding over 500 people, their children, and their whole life support systems for 400 years with an outer rock 'skin' 100 metres thick to Solar escape velocity? I appreciate that 10m of solid rock is a lot, but my experience of stone buildings is that they are rather cold, and that stone is quite an effective heat sink.
Though I grant you that it would make an excellent micro-meteorite shield, it would not be very manoeverable in the event of it being pointed at another large rock.
In Space it is really COLD
Even if we could accelerate to, say 1% of c, a spaceship capable of holding a genetically stable population (we'd need at least 500 people of diverse origin to start with, as I recall), keeping it warm enough to sustain life in it's interstellar voyage would require enormous amounts of heat energy. Spacecraft in near sun orbits do not need to keep themselves warm, in fact they need serious cooling, but out beyond Pluto / Kuiper Belt / Oort Cloud in the 3K of interstellar space we would need serious thermal insulation and heating. even if we managed to get Hydrogen fusion technology to work, how much fuel would we need to keep the interior of the ship at a comfy 300K (or thereabouts)? (and remember all that fuel has to be accelerated to 1% of c too.)
The other option is the laser propelled ship, with the laser at the base solar system and the ship using a solar sail. After 300 years, when the base solar system's economics / politics decides they have more pressing needs for all that energy, or someone just has an accident, what then?
And , of course there is the assumption that the next generations would have the intellectual capability to run the thing. And recycling: How will they manage when their touch screens all die through over-use after 98 years? Or other equipment simply wears out?
Sorry to be a doom-monger, but there are so many technically difficult problems to solve with a 'generation ship' traversing interstellar space that it strikes me it will still be fiction for a long time after I'm dead.
DPA Principle 7
states that you as a data controller are required to protect personal information from accidental or unlawful destruction. I humbly suggest that the destruction of the landing cards of the 'Windrush' generation was in breach of principle 7 of the DPA, and therefore unlawful.
(Apologies if I m repeating an earlier post, but I've not actually managed to read them all yet.)
I should probably admit that one of my parents was a refuge from NAZI Germany, so I'm possibly a bit biased when it comes to protecting immigrants' right.
What is a 'scientist'? Is it a sort of Boffin?
(I know, I shouldn't object to the use of new-fangled terminology to describe people, or the evolution of language.)
At last we know what Dilbert's 'TTP' project was all about:
Tools, Techniques, and Procedures.
(From the UK / US advisory on the Russian hacking. I'll get me coat.)
"So long as he sets Appstore up to ask before installing updates."
Sage and sensible advice, Muscleguy, but as I'm no longer my Mum's sysadmin, I am steering as far way from giving my Brother-in-law advice as possible.
I do, of course, love her dearly,* its just that she drives me nuts.
(*Or I just want to inherit, callous, heartless ungrateful child that I am ;o) )
Ah yes, good old Mum, and her Windows PC (the one that the nice Mr Gates insisted was 'upgraded' to Windows 10), and now she cannot find anything on.
She was insistent that I, as the person in the family who actually works in IT (I write Information Assurance Policies for organisations to comply with ISO27001) must be the one to get her computer working again. She got so stressed with the constant updates removing the games she liked to play (various types of 'Patience', she is 85 after all) that it became unbearable. I did tell her that frankly buyer her an iMac would be worth it just to never have to sort out the latest 'updates' for Windows 10 ever again.
So I bought her one.
And even better, my brother in law uses Macs and lives closer, so he is now Sysadmin :o)
I call that a RESULT!
What if ...
he had only downloaded ONE of the documents containing personal information, and done that 'manually' as it were? Then he would have had access to the un-redacted data, but without the use of an automated script.
Cambridge Analytica 'privatised colonising operation', not a 'legitimate business', says whistleblower
But not entirely surprising.
Oh well, at least I can forget about all this mendacity as I enjoy some wholesome and pure entertainment watching the Aussies play South Africa at cricket.
"Methinks it looks more like a weasel"
(Hamlet, Act 4, Scene 2.)
"brilliant brains" at tech companies
"... that they are sure that the "brilliant brains" at tech companies can come up with a solution that will work".
Ahem, there is an agency called the National Security Agency in the USA, and there is a government organisation in the UK called the Government Communications Head Quarters. They both have some pretty 'brilliant brains' when it comes to cryptography (I know, I met Clifford C Cocks* once, and he is quite bright).
Surely the sensible thing for those requiring secure back-doorable cryptography would be to ask their very own boffins?
Oh, hang on, they probably have and didn't like the answers. This is how people get the idea that commercial organisations do things so much better than civil servants.
Of course if someone created a model theory of cryptography, maybe there would be a proof of the impossibility of the request. Do you think I could get a grant to return to the world of academic mathematical logic and research one?
(* CCC was the first inventor of the algorithm now known to the world as RSA, he just wasn't allowed to publish it.)
Re: Why US?
"With climate change research in particular, that's a global ordeal. Why not have a global organization deal with it?"
There is one, it was called the Paris accord or agreement, and Donald trump pulled the USA out of it.
The reason the USA gets so much attention is that it is the largest single state influencing world affairs economically, militarily and through pollution (although the PRC is fast catching up on pollution). Unfortunately the rest of the world has got rather tired at of the USA turning up at some place, claiming it is solving the problem, and leaving an even bigger mess for the rest of us to clear up. It is as much to do with that, as the USA not bothering to engage politically or diplomatically with its supposed allies. Witness the 'yo, Blair' moment at the conference when George W Bush hailed the then UK PM, Tony Blair, and they clearly had no idea what each other was planning on an urgent issue of international politics. Witness the sudden arrogance of the senior USA State Department official, just after 9/11, when being told of the history of Afghanistan, by his senior army advisor he replied "History starts today". So not interested that only Alexander the Great, Genghis Kahn and Babur had ever managed to have any control over Afghanistan as an invading power.
Sorry for the rant, but you did kind of ask. The USA, and in particular its politicians really need to read some history books not written in the USA, rather than acting like they believe that the USA has a divine right to do whatever it likes and the rest of us exist at their discretion.
Why we (actually the USA) really went to the Moon +
JFK had a problem in the early 60's and that was funding for military research to counter the USSR's lead in 'the space race'. The 'Reds' had the first artificial satellite to orbit the Earth, and the first human to orbit and return to Earth safely, demonstrating that the USSR could send an atomic weapon into space and attack anywhere on the planet. The USSR even got an artificial satellite to the Moon first too - its signals were decoded by boffins at the UK's Jodrell Bank.
So JFK did a truly brilliant PR stunt to get the USA population to agree to a tax rise to pay for a supposedly civilian space programme to send a man to the moon, when a lot of the research and benefits would be directly usable for military use, such as spy satellites and ICBMs. And it worked. The PR was wonderful, Boorman, Anders and Lovell got back despite accidentally erasing the memory on the Apollo 8 navigation computer (fortunately they had a sextant to get a fix on their location). The USA became the pre-eminent space technology nation.
Now, return to the Moon to try out the tech for an eventual colony on Mars, and to do some geology (only one of the Apollo astronauts to walk on the Moon was a trained geologist), does seem like a reasonable idea. It is in space with a minimal atmosphere, so has similar issues as Mars, but is close enough for a quick return in the event of a disaster. Just don't cut the increasingly essential Earth observation satellites and programmes to do it.
A while ago there was an idea to check that a train was all in one piece (i.e., that none of the carriages had become disconnected) by having each carriage connected to a tube and have a speaker send a continuous tone, monitored at the locomotive. This would be for freight trains. However, the railways were too noisy for this to work properly.
Plus, I read an article recently about using modified streamed music to send subliminal messages to Alexa or other voice activated devices. This idea seems somewhat fraught with dangers. But then I recall, many years ago getting errant phone calls from fax machines, and listening to them chirping at me trying to establish a connection, so the technology is already mostly/partly there, though there may be a few standards / patents to watch out for.
I thought that holding on to correspondence that was not yours was an offence. Surely keeping it with no intention to do anything with it, when your contract does not include 'storage' of it is theft?
Clinical correspondence is sensitive personal information under the DPA, and will soon be special category data under the GDPR. The ICO should be down on them like the proverbial tonne of bricks.
Mankind's fossil record
Various things may survive a large meteorite impact, such as would kill off most of us, but not actually destroy the planet. (There is a geological layer rich in iridium courtesy of one meteorite, see https://en.wikipedia.org/wiki/Iridium_anomaly .)
Indeed the world's geologists are currently considering what is the best geological marker for the start of the current Anthropocene age. My suggestion is lead in the geological record. When Clare Cameron Patterson ('Pat' to his friends) tried to deduce the age of the earth from the relative abundancies of lead isotopes, he discovered that humans had polluted the entire surface of the word with lead, primarily from the use of tetraethylead in gasoline. Everything you can see, eat, drink, touch etc. that is not over 7000 years old or specially refined is polluted with lead courtesy of us starting to smelt metals 7 millennia ago. The use of unleaded fuels now has helped reduce the amount of pollution, but it is still there.
The other noticeable geological feature would be radioactive elements due to air-burst nuclear weapons in the mid 20th century. Other things which may survive could possibly be cut gemstones, and of course the amount of plastics we are putting into the oceans.
One question, does the orientation indicator for North show the direction of North for the rock when it was found, or in the period when the pawprints were made? Don't want to be too controversial, but there are rumours that the continents might have move a tad in the last 140 million years.
What if ...
... there is a power failure, or your hand is damaged? Then you would need a mechanical buck up system to allow you to use your door. Maybe there is a future in mechanical door locks after all.
(Just like the guy who saw a picture of a stair-case in a history book and patented the idea when all the intelligent lifts went on strike a few centuries hence.
Courtesy of a copy of the Hitch-Hiker's Guide to the Galaxy, which fell through a wormhole in the space-time continuum into my timeline a few decades ago.)
But seriously, when will people realise that biometric identification devices must have non-biometric work-arounds because people get injured and still need whatever the device was providing access to, even though the particular bit of them that gets measured for identification is damaged?
Roads and astroturf
Does the definition include road surfaces and astro turf? (They established that just 0.1 per cent of the UK is designated "continuous urban fabric" – a category assigned to an area if more than 80 per cent of the ground is covered by artificial surfaces.) I assume that artificial surfaces include the fashion for astroturfing over the garden (like some work colleagues have done).
And “Tech people need to tell policy people about the next coming threat.” again
And years ago when we were saying that a 'secure perimeter' was not enough and they should have internal segregation of networks they didn't listen until Melissa and the love bug came along.
And then there were people (myself included) who warned about the vulnerability of essential services like power stations etc. to attack if they were networked, and no-body noticed until Ukraine's power grid collapsed under cyber-attack.
SO the question is - will 'policy people' listen to 'tech people' when we bring up the next big threat that will cost $oodles to fix but cost $squillions if exploited?
(I suspect the answer is 'no'.)
Happy Wineterval, everyone.
Investing in Uber
spudley said "If Softbank knew about the existence of a massive undisclosed hack at Uber, then what on earth made them think that it was a good moment to be investing $10b into them? At the very least, basic due diligence would cause you to wait until it's been disclosed."
Maybe the Uber people just told them a bug had been found and they had paid a bug bounty and fixed it. As any viewer of "Yes, Minister" will have realised there are ways of telling people unpalatable things and putting a gloss on disasters that make them seem quite innocuous.
A pedantic point, I know, but large primes are only used for public key cryptography, or asymmetric cryptography. Most symmetric cryptography uses Feistel Ciphers, which use bitwise operations, as they are less processor intensive. The asymmetric cryptography is generally used for transporting or agreeing the symmetric algorithm's keys, or signing data.
Over the weekend my local Pret a Manger had a power cut and today will only take cash payments due to non-working EFTPOS terminals.
Re: That's a weird orbit
As stars lose mass, their planets presumably have a tendency to wander off into inter-stellar space. So presumably there are quite a few Jupiter sized bodies floating around the galaxy. I seem to recall someone seriously claiming that our own solar system evolved with a fifth gas giant in a much closer orbit to the sun which was then expelled, resulting in the more stable planetary order we have today.
H G Wells did a short story on such an event called "the Star". It's travel through the solar system did not disturb us much, apart from minor re-arrangement of the continents and throwing the Moon into a much wider orbit. Nothing to worry about, really.
Obviously some interstellar joyriders trying out their new star drive.
And then next stop is to crash into the third moon of Jaglom beta. (Looks like a fish, moves like a fish, steers like a cow.)
(With a apologies to Douglas Noel Adams.)
Oz military megahack: When crappy defence contractor cybersecurity 'isn't uncommon', surely alarm bells ring?
... it is not as if Australia was a major military ally and NATO member we have deep defence relations with.
Oh, err, hang on a minute.
S H I T
Suppose that the user has some unsavoury aspects to their life, such as pornography, or that their computer gets confiscated by the Police or HMRC in the course of their investigations. They would access the entire storage on the machine, not just the user / owner's personal data. This could compromise client sensitive data.
Not a fan of BYOD, although I have to say that I wouldn't mind bringing in my own 4K display to run from the company PC, if they came down a bit in price (my eyesight is to what it use to be). Would that count at BYOD?
W T F?
"It recommended "advanced users" edit the Windows registry keys to delete specific registry keys. There's a sharp warning: "Serious problems might occur if you modify the registry incorrectly.""
Really? And what is my 84-year old mother supposed to do? She's convinced that she broke her PC trying to use it offline, due, rather appropriately, to it getting messed up by Microsoft 'updates'. She is not what anyone would describe as an IT expert.
I sense a trip to the Apple store in the near future.
UK non-anonymous voting and re-counts
@Anonymous Coward > "UK voters may notice that the ballot paper has a unique number on it, and the person handing them out in the polling station writes down your electoral registration number on a list of other numbers. That makes me uncomfortable every time I vote. It seems an easy way for votes to be connected to individuals.(*) Perhaps someone more observant (or knowledgeable) could confirm whether my suspicions are correct or I'm being unnecessarily paranoid."
I believe that one of the powers of the Speaker of the House of Commons is the ability to authorise a check on who voted for whom in an election. This would only be in very exceptional circumstances, maybe where there is evidence or suspicion that votes were being procured in illegal ways, such as bribery or coercion.
As Tom Stoppard pointed out, democracy is in the counting of the votes, so a system where everyone can verify the result, rather than relying on an old Widows XP spreadsheet would be good.
The reason why close results were often sent back for a recount is that hand counting ballots rarely obtains the same result twice. In the UK, a re-count would mean that postal ballots would also be counted, as they were generally not included in the first count.
(* this is the most (only) referenced part of my own humble contribution on cryptographic voting schemes, no mention of my proposed scheme, or what one actually wants from a voting scheme, no, just the fact that in the UK votes are no necessarily secret, sigh :o( mutters on and on and on ... )
Re: It's a monster.
Have you seen the Russian rockets that get astronauts and cosmonauts to the ISS? They start on their sides and are raised into the vertical for launch.
Separate tails and twisting
It may be that the aerodynamics means that there is no need for such a large horizontal tail surface, and the central, payload-bearing, wing section may be strong enough to cope with severe twisting in bad weather.
paper trails and vote counting
If a paper trail is produced along with the electronic votes, then it can be used as a sample test of the veracity of the electronic count, as well as for any re-count.
Election observers could have the right to choose which machines' paper trails were collated with the electronic votes they registered. Of course with human counted voting, you rarely get the same numbers twice, and with machine counted voting, you are relying on the machines.
However, in the USA where politicians get to decide on the constituency boundaries (Gerrymander comes from a US politician's name, man who designed the constituency boundaries to ensure he got elected), the electoral system has other equally or even more serious problems.
At least in the UK we have an independent electoral commission, but how effective they are at ensuring fairness, I do not know.
Re: So much for
"Why on all earth does a normal application have stuff running as root?"
No idea. When I was a sysadmin for a cluster of Sun Workstations (tells you how old I am), we had a graphics package call SunAlis. It had to run with root privileges, so once a user had sent something to the printer, only I could stop it, and it had the 'feature' that if a diagram got to over 2Mb in size (it was a long time ago), it crashed and you lost the whole thing.
Deleting it was a relief, and the only time I have, as root, actually typed in "rm - r *.*" and hit 'return'.
Re: Greedy Apple!
No update for my (still in use) iPhone 3GS either. :o(
But then I've not been able to sync it for several years.
All e-mail addreses and phone numbers for the last 5 years???
Well now, some people who work in 'security' have some, how shall I put this, 'interesting' phone numbers and e-mail addresses for work. You know, like when they do work for the government and need secure e-mails for sensitive communications. Wouldn't want the USA government selling or otherwise divulging those to a commercial organisation.
Is there any statement on what the USA DHS can do with the information? I get enough spam already. As the USA has a lamentable history of securing the personal information of its own employees on its own computer systems, it would be interesting to see how much security they are prepared to commit to for visa applications. And as the USA is keen on enhancing its own cyber-warfare capabilities, I presume that permission would have to be sought from the owning authority before divulging the details to a foreign power. Unless, of course, it is only personal e-mail and phone numbers they want, in which case they'll just hack away at their leisure.
"The TTP Project"
"Financial attackers have improved their tactics, techniques and procedures (TTPs) to the point where they have become difficult to detect and, challenging to investigate and remediate."
So THAT is Dilbert's TTP project. I always wondered.
(I'll get my coat.)
So, I got 'diamonds' and 'nitrogen' (a friend told me it is easier to make diamonds in a Nitrogen atmosphere, but then you get Nitrogen embedded in the diamond), and 'lasers'.
The rest was, well, I'll just finish watching Zardoz shall I?
Some things can be done
It s possible to have a form of key escrow which allows for message recovery without key recovery, BUT it is convoluted and expensive.(*)
I have two rather fundamental issues with the idea of deliberate backdoors in the algorithms (in addition to the ones listed by the august and intelligent readers of El Reg., of course):
1 I do not trust every member of the government apparatus not to use my backdoored credentials to impersonate me.
2 I do not trust all future politicians not to sign search warrants for the escrow agencies (something not considered the first time around by the civil servants in the late '80s / early /90s)
(* My paper on this languishes as yet unpublished, but hey ho, maybe it is time to dust it off.)
And fo rhis next trick
He pardons Bernie Madof and makes him head of the SEC.