Posts by Robert Helpmann??

You had me until the bit about "I don't think China is really interested in Taiwan". China is interested in anything that isn't nailed down and quite a bit that is. Not that they are unique in this. Just saying.

Re: Obligatory Reply

I look at the "What do you have to hide?" question in reverse. One of the things a right to privacy ties into is the presumption of innocence as far as the government is concerned. If there is widespread surveillance, then it implies a disregard for this. Also, while this argument is focused on government access to our lives, companies such as Meta profit greatly by eroding the concept of privacy and that we should be concerned with it at all. They have taken the approach of catching users while young and training them up to think that it makes sense to make public their private lives. Government and industry efforts play off each other in this regard and are a blight.

Re: Deflect and play down

As part of that deal, Facebook committed to limiting third-party access to user data.

Unless they get paid for it, in which case profit.

On a personal note, I recently posted to FB for the first time in several years. It was a quick note about a Magritte print I had never seen before. I can only guess at the consternation this caused the algorithms Meta employs to track users. If they can make a profit off that, more power to them.

Re: skills training

No. Just no. Security through obscurity as a valid method has long been debunked, although you do make a good case for it in as much as the meaning of your statements is secure from outside understanding, AMFM.

Re: Google's track record

... if only there were a way how to extricate oneself from Google's tentacles and acceptable forward security of private data...

If only? It takes effort and therein lies the rub. Google makes it easy to access a lot of important services all in one go. Any direct competitors to Google do pretty much the same thing with users' data and any secure, user-oriented services that cover any of Google's suite are very focused on just one or two areas. Few folks are willing to make the effort to secure their digital lives or to go through the hassle of shopping around, but it is possible with effort to avoid Google's trap.

Re: Skid mark

That would seem to be the entire point of the post.

Re: "Remember to keep the Windows open"

WA isn't even in the top 10 for the rainiest states.

The eastern half of the state doesn't get much precipitation because of a few annoying hills blocking clouds getting there, so on average Washington state is not the rainiest, but where most of the people are (along the coast) there's plenty of the wet stuff to be... enjoyed.

Re: Utter Management Stupidity

This is a prime example of the utter stupidity of senior executives in American Corporations and how they are so focused on the immediate cost reductions and not even aware of the long term costs of their actions.

I think you are confusing lack of awareness for lack of concern.

Re: 16 going on 64

Not mean, per se, it's just that such thinking has always been à la mode with management.

Mine has an introductory statistics book in the pocket 68% of the time.

Re: Raising the bar

...Virgin's joy ride sled should be a special case... anyone who has the guts to [climb aboard] deserves some form of recognition.

There is always the Darwin Awards. Maybe create a category for special effort?

*Mine's the one with a dog-eared copy of On the Origin of Species in the pocket.

"We need to build a large taxon collider to find fundamental specification particles and confirm the possibility of a variety of proposed theoretical chimeras."

Somewhere, inevitably, a politician will read these words and funds will be allocated.

Re: Google gargling at its best

Google has history in providing products with marginal functionality targeting business rivals' cash cows. They do not do it to give the users of these products something worthwhile. Rather they seem only to want to screw with their opponents in the tech sector. I can think of no better explanation for any of the Google Workspace products that are similar to the Microsoft Office suite. Microsoft responded with Office 365, so mission accomplished. It looks like this cloud product is there to compete by buzzword. I wonder how Amazon et al will reply.

Re: "more troublesome than real money without any real advantage"

the whole thing with blockchain, and bitcoin (and all it's clones/derivatives/etc.) is that it's using increasing amounts of power and compute for something that is at the end of the day, a thing to barter with.

That was a design choice in that it was intended to prevent there from being an infinite amount of a given currency. What happens when quantum computing matures a bit more and there is essentially an infinitely greater amount of the stuff to be made for the same cost of resources?

Re: Cut one off

And another shall grow in its place.

Read the classics! The solution is to apply fire to the stumps. Just sayin'.

Re: "... easy to overlook..."

...I've encountered physical servers that IT knew nothing about until they were asked for emergency support.

And we all know where this leads to, don't we?

https://www.theregister.com/2021/10/08/bofh_2021_episode_18/

Re: Will he get a job offer?

Upvoted because I agree with the sentiment though not the particulars. I would not consider running a scam to be a good entry into security work. Definitely put him to work, but if he wants to learn the technical side, I don't think that should be done as part of the deal.

Re: 15,000 influencer accounts hijacked

Unfortunately, being famous for being famous is nothing new. I am frankly amazed that it took so long before it became such a widespread business model.

Re: There's still the old problem

When I look at proposals of this sort, or indeed most legislation, the first question I ask is "What could possibly go wrong?" Looking for the worst case scenario is too often revealing of what the actual intent is.

Re: ???

So "Investors" in an NFT exchange that is used b[y] people to make virtual money on virtual things get their virtual wallets emptied.

Yes, three layers of abstraction separate them from reality. Perhaps they will manage to transcend this mortal realm to become virtual beings. We should be so lucky!

Re: Perhaps we could have a version of this for the west as well

I've never understood the reasoning behind making newly graduated doctors work 36-hour shifts...

IIRC, it started because a doctor running a research hospital stayed up for insane hours and expected everyone else to work the same way. After that, it's all economics. Cheap labor, reduced liability and tradition. It is not done the same way in all countries and those that don't do not have worse medical outcomes on average for having relatively sane working hours for their interns.

A student at a school where I worked would take all her projects home with her on floppy over holidays. She would inevitably come to me after class resumed with a corrupt disk asking me for help in retrieving files. I initially thought she was buying some cheap disks but finally asked her about what she did when she got home and what happened to her disk over the break. Turns out she was afraid of losing the thing and stuck it on her fidge with a magnet as soon as she walked through the door so she would know where it was when she got ready to go back to school. She never lost the disk, just the contents.

Educating people, communicating multiple times, giving examples...

Agree with all of the above, but there also needs to be consequences when users inevitably fail to follow guidance. They need to understand that it's not just about listening to a lecture and nodding, but that failing to act right will affect them personally.

Re: And because we know the best way ...

...because its Google doing it, its now really creepy.

It's not Google is using it that makes it creepy, it's how they will use it that does it. They already have a lot of information about their users. I am sure Google will be able to leverage this to embed themselves even more into their lives.

From the article: ...this code could be generated by an app on your phone or emailed to you...

So to get into my Google account, I could have them send the passcode to my Gmail address that I now have to use 2FA to get into? Also, how is this going to work for those of us who are not allowed to use our cell phones at work (yes, this is a thing) but are allowed some reasonable access to personal email and other web resources?

I was wondering how it will work as a VM. At that point, all the hardware is virtualized any way, so you can tell it whatever you want to get it to install.

Icon because I am not a VM person so I might be talking complete BS.

Re: Flat UI fans

We all consider Vista to be a big footgun moment for MS. But... will W11 be an even bigger one?

Maybe, but does it rise sink to the level of Windows ME or Win8? Only time will tell, but I expect it to do so most emphatically.

In Brest I'd recommend a bracing walk along the beach, and perhaps lunch on galettes (savoury crepes) and local cider, or a fresh seafood platter if you're so inclined.

You had me at cidre.

Re: --As-a-service is nothing new

Cost per mile is how taxis charge over here.

But that is not how cars that are not rentals or leases are generally dealt with. XaaS is just a new way of saying you rent something or it is a subscription. When you buy something, the expectation is that you do not have to continue to pay for it to be allowed to use it. You may have to pay taxes or purchase operating supplies or an operator's license, but not continue to pay for the use to the entity you bought it from. This is basically the difference between ownership and not. Being able to tell someone they own something but they have to pay you to use it is a scam.

Re: Looks like this can be disabled

Sounds like a "feature" just like a lot of other bugs are features. Also, making life easier is typically at odds with making life secure. This is just another instance where this is true.

Re: Power socket on the lighting circuit?

It's pretty much standard practice in the US from what I've seen.

And it's annoying as hell! I always felt like this was some do-it-yourselfer's idea of the way to do things, but for some unknowable reason it caught on. Even more annoying is the lack of any indication a particular wall socket is wired in this manner. How to tell what wall switch goes to what thing? Switch them off and on then when some do nothing, run around the room searching for outlets, plug something into them, rinse and repeat. Still can't find the match? Open the wall switch to see if anything is actually connected or call in an electrician because at that point it is probably safer than finding out yourself what else is done badly.

Re: "Why not include critical thinking as well?"

The typical business risk assessment is "I think it's a three" - "that sounds about right".

For a fun experiment illustrating how the population as a whole fails to grasp these concepts, ask any large group of adults how many think they are above average drivers. Except in very rare circumstances, most will assess themselves as above average. People are generally crap at risk assessment and management.

Re: White wine with geese, I presume?

It depends on whether the bird is wild or domestic. For domestic, I would go with something crisp, like a Riesling. For a wild goose, I would go with a Malbec or similar or perhaps something like a Petite Sirah. I suggest including how the bird is cooked and what it is served with in deciding which to choose. Most important, really, is which wine you like, but these are where I would start given the opportunity.

Re: Microsoft! Leave our Linux alone!!!

It's Windows API(s?) allowing the Linux subsystem to access it all willy-nilly which is the problem.

Which begs the question of how to restrict the subsystem while still allowing it to do worthwhile things. The description in the article sounds more like the reason the embedded Linux bit in Windows was being used is that it is an unusual source of any behavior and thus likely to evade detection by existing anti-malware rather than that it does anything special.

Re: Douyin Bug Report #6489: Unforeseen consequences

Steps to reproduce: Continue on path of tightening app restrictions for several years

I would say redirecting all apps to dating sites would have more impact on reproduction, but whatever gets the job done for you.

Re: it does not make much difference to me.

That's not quite the implication, though I can understand how you arrived at that. Spies are gonna spy, but they have to follow rules of engagement. If I understand correctly, all the Americans involved in spying formerly worked for the US government and they had to sign binding documents saying they would continue playing by the rules... which they failed to do and got caught out. The US government has a separate agency for spying on its citizens and want it to have a monopoly on doing so. No different from every other government out there.

Re: It is easy for us to say "don't pay"

Sacking the IT director or the bean counter director who refused to fund good backups does not solve today's problem.

But it goes a long way in preventing tomorrow's. Pour encourager les autres.

Re: The weedy bloke

...this most counterproductive of all Microsoft solutions.

It's a solution to management in much the same way as Holmes' 7% solution was but for admins, it should be disposed of in much the same way as a very low or very high pH solution (or any other toxic mix of garbage).

Re: Childish Actions

No politics, no weapons and no religion. If we can't play together nicely in low earth orbit, we don't deserve to go any further.

I don't know about the rest of you, but the reason I want to go further is to get away from politics, et cetera.

Re: Who still uses extensions in Chrome anyway?

Guess that will make them landfill.

Shirley, you meant e-waste and not landfill. Please recycle responsibly!

Why WPS Office?

I wonder what the impetus was on banning WPS Office?

This is exactly the issue, isn't it? What are the details that led to the decision? It's one thing to say "China bad therefore Chinese apps bad" but at least some of us want to make informed decisions and want a reasonable amount of transparency from our leaders.

how we interface with our mailing list provider

Another business that takes security so seriously that it trains its customers to be phished.

More like another company that takes security so seriously, it farms it out to unspecified third parties. Nothing like increasing the corporate attack surface as a security goal.

Re: Dabsy & Simon

Only if its a bottle of Barbadillo Versos 1891 Amontillado.

Are you saying we cannot tell Amontillado from Sherry, Montresor, er.. , Stiine?

Re: The stupid, the lazy and the first mover

"No, it's from Amazon, that makes it secure".

I wonder if Amazon takes the same approach to vulnerabilities as MS in rating severity on the risk they incur by vulns existing rather than by the potential outcomes to their customers.

Icon: As appropriate to IoT as anything.