Posts by Robert Helpmann?? 2583 publicly visible posts • joined 31 May 2011
Well, you can do the VLAN/firewall stuff.... But Joe & Jane Public?
This! This is the heart of the problem with IoT. If only there were an easy to set up and use management system to secure and control all a home's IoT crap... Wouldn't take much technical expertise with a touch of scare tactic marketing to get a business up and running.
The standards body said using encryption to enforce access control provides better security than software-based solutions, and a given data set can be protected by one encryption attribute, making it efficient.
Security of any type that depends on just one thing is less secure by design that having multiple layers of defense. The statement above implies that access control should be done away with in favor of using encryption-based schemes. I don't know if this is taken out of context or what, but it doesn't strike me as more than replacing one set of issues and vulnerabilities with another with additional spin up time to learn and apply the replacement system thrown in (because every new technology is rolled out without a hitch and works just as intended when finally in place).
If this can function in conjunction with existing security schema, it's probably a good thing. If not, I wouldn't want to be the one implementing it.
Am I missing the point about banning Pro Iranian?
I think yes. As stated, the bans result not from the content so much as the combination of content and the attempt to cover up its origins. My understanding is that if an individual or group posts their political views, that's fine as long as they are transparent as to who they are. If, on the other hand, they establish a series of fake accounts to create the impression that the account holders are someone else and then post those same political views the accounts would fall afoul of this new set of rules.
This is not to say that FB don't have their own political agenda to push or that we should have confidence in what is posted on that platform or in FB's ability to actually be effective in this, but they are giving it a stab.
I'm of the opinion, that if you start to feed penguins with Mad Sheep, then the penguins are at a greater risk of contracting the diseases that they had so far been immune to.
In this case, it's more a matter of feeding the penguins to the mad sheep. I am more concerned with this opening up new exploits to the Windows systems it runs on than the other way around.
Inches? Miles? Might I suggest you have a look here
I was aware of the page, but it would not run properly on my work machine. This theoretical stack of cards would soar into the skies a whopping 403 Brontosaurus lengths. Just picture 403 of these late Jurassic giants end to end and then imagine them floating snout to tail tip straight up* and you will be rewarded with a dubiously accurate image of this posited assemblage.
* You might want to imagine a sturdy umbrella or similar protection (see icon) because at least one of the beasts is going to go and from that height... well, let's leave it there.
I wonder what that equates to in terms of height of a stack of punch cards....
Wonder no more! A punch card can hold about 80 characters or 10 bytes. This means 500MB would take about 5e7 cards. There are about 143 cards to the inch. Stacking them in a continuous column climbs up 349,650 inches or around five and a half miles. YMMV (literally) depending on data storage format on the cards, rounding errors and other assumptions made above, and the amount of caffeine consumed immediately prior to digging this up.
The security of our customers is our top priority...
Nope. This is merely the mantra that corporate droids repeat over and over in hopes that they will be believed. Publicly demonstrating that you wish to discourage research into any of your security products indicates the opposite of it being important to you. If you are actively undermining something, you cannot accurately claim to be supporting it too.
Even if you did want to move black hat where would you send it to?
Any number of small, island nations would love to host, would be affordable and already have the kind of environment that would make for a good fit due to their banking sector. Not naming any names, just throwing that out there.
Our tipster suggested the move is part of a Machiavellian plan to encourage its top workers to leave in order to reduce redundancy payments [Ed: shouldn't Symantec be encouraging its top performers to stay?
From a beancounter point of view, no difference - a worker is a worker is a worker. They're interchangeable, you see. Besides, there will be plenty of time to train up the new crop once the profitability boost of this round of non-firings wears off.
Mine's the one with a buzzword-laden copy of my resume in the pocket.
I always found the term African-American a bit weird to begin with, it's not like the white americans are referred to as "European-American" or "Caucasian-American" after all.
While I agree with the sentiment, I've heard both and more. Actually, I find the concept of race a bit weird. It's arbitrary and applied inconsistently. At best, it is a shortcut to assessing cultural affinity. At worst... let's not get into that. Perhaps one day we will have the additional classification of Android-American added to the list. That will come with a bit of a culture shift but not, I would guess, without the bigotry traditionally directed toward any new class or group.
...a deeper drill-down into the age, gender, race, geographical location and probably many other attributes of the people who responded: either positively or negatively would be illuminating.
From the paper:
"To that end, we sampled public commentary on three online videos – depicting Bina48, Nadine, and Yangyang – available via YouTube."
It is not possible to gather that data based on comments posted to YouTube, but the study authors address this and other issues in the "Limitations & Avenues for Future Research" section of the paper which notes that it is simply meant to be the start to a broader line of research. I thought it was a well written piece of work, for what it is worth. It even includes links to the videos in case you would like to check them out yourself.
I've worked volunteer security at an annual convention for a number of years (I have odd hobbies) and have had to deal with a number of situations at least one of which have ended up on YouTube. Deescalation has worked in all cases I have been involved with... so far. We have a paid police presence if that doesn't work.
There will always be people in any group who push the limits for one reason or another. If you say this is a hard limit, they will see how close they can come to the line without going over it - because they didn't break any rules, they feel they haven't done anything wrong even though they had malicious intent. I do not have any compunction about ejecting someone of this nature. This sort of things is covered in our stated rules, too. One year, we even had a slogan up that said the number one rule was "Don't be a Dick". Of course there was one guy who had to test that and showed up dressed as a giant penis...
...ICANN (subsequently): Jeez, what a horrible mess. Who could have imagined that new gTLDs would create problems? Why did no one warn us of this?
You left off the part where ICANN go on to repeat the same mistakes over and over again because really, why should they care?
My swingometer that gauges whether the government does things more out of malice or incompetence oscillates daily...
Never ascribe to malice what incompetence will adequately explain. There might be malice mixed in, but it's incompetence that gets the job done.
This is not new behavior and it is not the whole process. The US government has long taken a prescriptive approach in terms of approving software. There are a variety of lists in fact, from the level this article addresses to the various departments and agencies that make up the government. Each entity reviews each piece of software (including the specific version of each) and creates an approved list that can be used on their systems. At least this is what they are supposed to do - YMMV. This new directive can be best viewed as an additional filter among several already in place.
More telling to me is the statement from the article concerning China and Russia trying to "invest" in American (and I am sure other countries') software companies. There may be perfectly legitimate reasons for making these acquisitions through shell companies and using other methods to obfuscate involvement but that does not mean that the US military should assume the activity is benign.
The simplest explanation is that since the focus is on catching crims, the training data was mostly or completely composed of mugshots. This is based on the high false-positive rate that matches the incarceration rate in the US. Nothing like building in a self-perpetuating bias.
I am quite sure I don't understand all of this, but perhaps someone could fill me in. A Spectre gadget as it is not particularly well-defined in the article or at least I was a bit thrown off. It isn't one of the gadgets in the "billions of computers, gadgets, and gizmos at some degree of risk". Does it amount to any code in any remote API that can be abused to exfiltrate data using this method? If so, I would think that identifying them might be accomplished by defining normal, expected calls on each API and monitoring for any that fall outside that set, essentially what most whitelisting apps do during tuning. Easier said than done, I am sure, but perhaps a way to catch things that code review might miss.
Small business networks will be the most vulnerable, not least because the boss will just buy and connect this crap without talking to their (external) IT people.
You say most, but I work in an understaffed enterprise environment (the default setting for enterprise environments). I am in the midst of implementing a set of network inventory tools and am uncovering so much stuff that no-one at the home office was aware much less managed, tracked or configured. Despite having implemented a variety of security restrictions on our wired and wireless networks, our local admins put all sorts of stuff on our networks because someone at their site went out and bought it. Same deal for software. The best thing about the situation is that I just have to turn the data over to someone else to take action. I do not believe my situation is in any way unique.
Two reasons I can think for all these IoT devices. First, it's a fad and manufacturers are afraid that if they don't include the latest and greatest, they won't be able to move their wares even if they implement it in much the same way as slapping a different color paint on it all. In fact, it wouldn't surprise me if we some day soon have IoT paint.
Second, the idea that all this stuff can provide a real, automated household is an interesting and compelling dream. The problem is that there is no way to hold it all together without building it yourself. Most people want to get in their cars, turn the key and go. What they don't want to do is have to build it from scraps and spend all their time maintaining it. We haven't got a Henry Ford of IoT yet. We don't even have a Karl Benz.
...there is someone at El Reg whose entire job is just to come up with the worst puns ever. That person needs to be taken out behind the pub and slapped...
You do whatever you want, but I'll buy them a round or two for the same reason. Maybe between us we will make that person happy.
The IAU definition of planet works fine for purposes of of some scientific fields but not for others and that is its weakness. It is of an ad hoc nature and lacks general utility. Much better would be to pare down the definition to something along the lines of "a planet is a non-stellar object orbiting a stellar object" and then work on classification of the different types of planets much in the way that stellar objects have been.
Even more telling, there is no IAU definition of moon.
Maybe 500 words. If you can't put together a well discussed argument then stick to shouting in the road.
With 140 words, give or take, you can put together a sonnet. Then again, the internet has thoroughly disproved the infinite monkey theorem, so that really doesn't offer much hope... Perhaps a platform that forces people to post in verse might be worth a shot just the same.
People who worked on the Manhattan Project back in the 1940, doing things in a hurry without modern Elf and Safety rules got Pu in cuts and grazes, inhaled and ingested Pu particles etc. and they were mostly OK decades later.
The US government has a long history of saying everything is fine concerning health issues (https://www.ncbi.nlm.nih.gov/pubmed/9314220) and decades later admitting it was slightly less so (https://www.nytimes.com/2000/01/29/us/us-acknowledges-radiation-killed-weapons-workers.html). The examples happen to be pertinent to the subject at hand, but are definitely not isolated.
The article left out some arguably important information. How many hackers earned a piece of that $11.7m pie? How many folks are able to make a living from this kind of work? How many are just earning a little extra on the side? It's certainly good news that this bit of the economy is growing, but is it made up of a bunch of part-timers or well-paid workers? We have a good idea of who the customers are but not of the providers.
Which workers were winning welcome wages?
Usually when you see a story like this, it is in reaction to something having gone wrong. Massive changes were put into place post-Snowden. Similarly, others were implemented after different breaches and attempted breaches occurred. The DoD does not have a great record when it comes to proactively addressing threats of this nature, so it makes me wonder what happened and how much of it will we find out about.
"Because you think that Apple, Google, Microsoft and Uber are paying their fair share of tax ?"
Actually no, the law says they are.
Seems to me you two are talking past each other. There is a consistent difference between legal and fair and this is just one example among many. But don't be deluded for one moment into thinking that if corporations that currently employ these very well known legal loopholes to dodge taxes were suddenly forced or enticed to pay their "fair share" that the money would go anywhere near school systems. It would go straight to the interests of the politicians who are currently protecting their corporate buddies.
Look how the tobacco settlement played out in the US. It was sold to the public as restitution for past wrongs to be applied to victims past, present and future but most of the money went to the general fund. The on-shoring taxes is not even being played as anything other than a way to bring money into the US as a whole, but it really means it will go to those better connected than others. I lay odds that a significant portion would be returned in one way or another to those being "taxed" in such a fashion.
On the one hand even our modern advances only highlight just how stupendously amazing the natural world is... On the other, one can argue that our endeavours have been going on for just under 100 years...
And on the gripping hand, maybe we have been using the wrong tools to go about this. This seems to be a bit like using a claw hammer as a screw driver. While it may eventually get the job done, it's not really intended for that use. I hate to throw out buzzwords, but since the calculations for this sort of work go up exponentially as the simulations become more complex, wouldn't leasing some quantum computing time make sense for this kind of work? Isn't this the sort of scenario quantum computing is being pitched for?
Shouldn't that be "shot", past tense?
Possibly both. Language doesn't work well with these time scales. What is being observed today took place long in the past, but at the core of the quasar is a black hole that is still in existence today. If there is any gas around for it to play with, then it probably is still blowing plasma like there's no tomorrow... but maybe it took up knitting instead. It is getting quite up there in age after all.
Simply blocking ports 445, 137 and 138 using a firewall would help.
Help, maybe, but that should be done anyway for your network perimeter and doesn't do much good for local network use given what those ports are used for. Once this thing gets past the hard outer shell of a network, it will be able to feast on the soft parts unimpeded. As the implementation allows it to spread to air-gapped systems (per the article), I wouldn't think concentrating on perimeter security is going to do too much good.
I think you can only say that if a) you don't know anything about communism and/or b) you don't know anything about the Sermon on the Mount.
Passing familiarity with Anabaptist thinking (e.g. Bruderhof communities) would indicate there are others who would disagree with you on this point.
...all today’s best buzzwords - quantum, blockchain and AI.
What, there's no IoT, digital detox, microservice or serverless architecture, something/everything/anything as a service (XaaS), dark data, self-service analytics? For that much money, I would expect IBM to go really, really big. Three buzzwords is hardly enough to get out of bed for.
What is the point, really, of reading a book to improve your chances of winning, when the only thing you get from winning is satisfaction and kudos and money?
This is a serious question. It seems to be rife in gaming, as far as I can tell - people play for a while and as soon as they get stuck, they buy a book or pay for lessons. Call me old-fashioned, but it seems to take the point away from the whole thing.
The oldest books on Chess predate the modern form by several hundred years. Some of the oldest surviving examples of dice are weighted. People have always sought to have a competitive advantage over others. What is perceived as fair depends to a large degree on culture, it would seem, but that it will happen is a given, the motivations are many and how it should be handled is a question as old as human nature.
Odd for Verizon to update a phone *twice* in it's lifetime.
I know what you mean. In fact, the reason I switched to a Google phone was because Verizon never updated anything other than how much we were charged. Unfortunately, while Google may roll out patches on a regular basis, they have left some arguably serious issues untouched for almost as long as Verizon. I have an old phone or two to play with. I might have to experiment with a roll-your-own solution.
It's almost impossible to buy goods or services these days without being harried to provide feedback... I'm sure this is just the tip of an iceberg.
Every time you are asked for your information in response to making a purchase or visiting a web site, say "It's just the tip!" to generate an accurate mental image of what is going on.
This is everything that is wrong with big companies. Treating the CEO like they are a god.
I don't know about treating CEOs as if they were gods, but I finally got to watch The Death of Stalin last weekend and for some reason this memo reminded me of that.
The safe option would be to shoot a single warning shot ...at an upward angle. ... [with] no risk of injury to innocent passers by.
This is not true and is bad advice on a number of levels. First, what goes up comes down just as hard. While the bullet might lose a little momentum from hitting the door and also from being deformed from the impact, to say there is no risk of injury is incorrect. Once the gun is discharged, there is risk in any populated area.
Second, there was already a warning, several actually, which the attacker chose to ignore. Wasting ammunition in a situation where it will be needed imminently and endangering other people (see first point) for the equivalent of shouting "I really. really mean it" doesn't sound like a particularly good approach.
Third, don't pull the trigger unless you intend to do the damage. If you are in a situation of this nature, don't play around. Do what is needed and be done with it.
Finally, training is one thing, the real world is something else again. It's not like a video game where you can just keep playing until you get it right. She was facing a literal threat to her life and to her child and at the same time had to know the consequences of discharging her weapon were going to be high. Many, many people who have been put in emergency situations fail spectacularly the first time. She did not.
Mañana translates into English as "not today". Google already have that down. When I read the bit about "We’ve identified a fix for the issue ... and it will be automatically rolled out over the next 6 hours," my first thought was how they had identified the fix to an issue that made Pixel 2 XL phones unusable as phones and waited about 6 months before pushing it out (look up Pixel 2 proximity sensor for background). How do you translate "6 hours" into Spanish for similar impact?
How do you do the 180-degrees word flip?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
