Posts by Robert Helpmann??

Re: IoT crazy

Why the hell would I want remote control access for my fridge?

Because of the "Bring Me Beer" button!

Re: CAN you REALLY turn off those features?

The hint would be that the default is to gather everything it can and send it on home (Passwords? Really??) I am most interested to see how businesses and government agencies deal with this particular bit of data-gathering. Oh, wait... that's exactly what is going on here.

Grown out of work done at Google

That would explain the Googler's use of the term "metastasizing." It is refreshing when someone is up front about the fact their employer, past or present, is a cancer.

Re: I don't think he handled this job at all correctly

Before he touched ANYTHING, he should have made 100% certain he had a way to go back to the previous state if he broke something.

I think a step back from that would have been more to the point. This was touched on above, but first he should have made sure the state things were in. Second, he should have come up with several possible courses of action. Third, he should have consulted with management and obtained informed consent before proceeding on to taking any sort of action. Management should have to accept the risk of making changes, especially of this scope and nature. Allowing them to bury their heads and later deny everything when it all goes wrong is never a good strategy. Ultimately, management is responsible and it is a good idea to keep that in mind.

I've cleaned up plenty of messes (both my own and those of others). I have found it to be useful to let those above me know just how bad things really are, especially as it makes me look that much better after it's all sorted. On the other hand, having documented that the boss signed off on something and it turned out badly because of the decisions someone else made rather than something I did has proven helpful on occasion, too.

The only Canadians who matter are those who turn up to vote.

I'm just letting you know out of courtesy that I am stealing that and modifying to fit my own ends. Well said!

Re: People "trained in IT security" are a lot of the problem

I would argue that not enough people being trained in security is a major problem. I don't mean security professionals. I mean every user in the company environment ought to have at least a basic amount of training as to how they are supposed to behave and why and that it should be an integral part of corporate IT culture. In fact, while Trevor might lump this in with his Prevention category, I would argue that it is important enough to rate its own entry. When I evaluate a corporate IT product, I look at what training the company selling the product offers. Why would information security products be different in that regard?

Re: What's wrong with the old fashioned way?

Burn the hydrogen in a slightly tweaked, bog standard combustion engine and avoid the rather excessive cell tax completely.

No! Jet engines all the way! Who has seen the classic 60s Batmobile and not had the visceral longing to own one of those? If widespread use caught on, we would eliminate any problem with tailgating. Also, development of this technology should lead to flying cars, so it must happen. Hydrogen jet powered cars for everyone!¹

The keys are in my pocket.

1 It is election season here in the US so I am running a test of my stump speech with this. Vote now. Vote often. Vote for me.

Re: Kill switch?

Where is the kill switch?

On the battery pack carried by the pathetic meat bag human engineer trailing along behind.

Re: This could be a win

After all; what else is ever going to tempt Android users into even trying a Windows phone?

I just upgraded to a Nexus. While doing a comparison of the various phones my service provider offered, I realized mine only offered a token Windows Phone choice and definitely not the latest and greatest. Many, probably most, people don't look beyond what their service providers offer as part of a bundled plan when shopping for a new phone, so I think "doing a better job working with the vendors" might be part of the answer to your question.

Re: What if they were already here?

Couldn't that also mean that an impactor caused locally available amino acids to fuse into said peptides?

So it's an experiment that failed to disprove a hypothesis, added to the body of available knowledge, and raised more questions as well? Sounds like science. Carry on.

Re: Sign of the times

Not to be outdone, the Russians also have been caught out on social media. Security training is not something that can be done once and then left at that. It requires ongoing efforts and many, many reminders. And even after all of that, there will still be some twit who will allow unaccompanied "tech support" into the server room after giving that unauthorized individual an admin credentialed account and password.

Re: NSAT&T

Why? Because the current "Death Star" motif doesn't get the idea across?

Re: new technology...

...one idea that would also help a bit is a massive mountain-side rail-gun style to allow a proportion of the launch momentum to be delivered from ground-based power.

There are a number of possibilities that have been explored in this regard such as firing a laser at the bottom of the craft to superheat the air beneath it. That's pretty nifty, but my favorite is the space gun which would be capable of literally firing objects into space (much as the name implies). The US Navy has a railgun project that is coming close to being able to do this with small objects, but these are meant to come back down. Still, if the research put into that could be further developed to launch things with a reasonable amount of acceleration (without turning people into paste), we might have a winner.

For purposes of comparison, escape velocity is about 11.2 kps (81 bnps) and the USN railgun will fire projectiles at about 2.5-3.5 kps (18-25 bnps) while the fastest bullet train taps out at around .17 kps (1.2 bnps).

Throw Snow?

Yes, the lawnbot has blades, but the snowbot could throw shit 10 or more meters.

If it is throwing the snow, it isn't properly equipped. If it came in an updated laser-wielding model, I would lay down some cash for that.

Re: VLC

Honestly, if you think a cobbled together media player is somehow a replacement for QuickTime then you simply don't know what QuickTime is.

Let's do a quick side-by-side comparison: QuickTime (OK, you'll have to dig through the linked user manual to get much in the way of specifics, but it's an iProgram, so it's really about the way it makes you feel any way) vs VLC. Yes, there are a few differences, but I'm hardly persuaded that I should drop VLC and join the Cult of Apple on this one.

Troll icon because you really should have.

Re: Oh come on..

Pretty much the same went on when OS/2 went past end-of-life. Banks were responsible in large part for keeping it alive on life support long after IBM wanted to pull the plug. The usual excuse is that they are risk-averse, but to be honest it's more a case of having a huge amount of changes to be made without having the proper resources devoted to the issue. I would look to see them keep Server 2003 alive for another few years and for there to be licensed third party support after (again, as with OS/2). Windows XP is still being supported (MS is still rolling out patches to paying customers) and its official end of life was April 8, 2014. My best guess is that Server 2003 will finally die become undead around 2020.

Re: I can't see an use for this

However, if this modular system is extended to tablet screens, keyboards and more, the possibilities become more interesting.

This! Yes, this! I am sure there were plenty of people who took a look at the Raspberry Pi when it first came out and just didn't get it. The 5 millionth RPi was sold back in February of this year. This will be a niche product by its very nature, but it will give plenty of bright souls a playground in which to enjoy themselves, to create new gadgets, and to find novel solutions to existing problems. I say good luck and please don't stop.

Re: Woah. Thank $DEITY for $REDACTED Freedom of the Press

And very unlike the western democracies...

Nice troll, but it falls a bit flat. For one thing, you can publicly disagree with privately owned news media and not get hauled off to a re-education camp.

A Good Start

We used a garlic bread (with chunks of garlic in it) and initial tasting before setting it aside to chill indicate this will be tasty and hit the spot.

I am not normally a fan of unadorned tomatoes for flavor, but I am going to give this a go. The garlic bread idea looks sound, but I prefer to test the base recipe first and then tweak to fit my tastes. Another possible addition is some fresh basil. Good thing I have some on hand. Perhaps a side-by-side will be in order...

Re: Count or area

One basic consideration when comparing historical data is are are you comparing apples to apples? What instruments were used then compared to now? Do they reliably measure the same thing? Are measurements taken with the same frequency? Are there any other areas in which inconsistencies might skew the data and introduce an artifact? I believe that in the case with the NOAA update many of the the differences were down to measurements by ships in the older data versus measurements by buoys in newer data. More details can be found here. It wouldn't surprise me at all if there were some similar issues with this data set.

Re: Fingers crossed

Assuming this drug works as intended, it will need to be a lifetime therapy in order to be successful. Nicotine addition, like many other forms of addiction, is both physiological and psychological in nature. Stop smoking cold turkey and you feel like crap for a couple of weeks but you will be through the physiological side of quitting after that. The real problem is that smoking is a behavior. It can be displaced by another behavior, but once it is acquired, it will be on the menu for the rest of the addict's life. The joke is that millions of people have quit smoking millions of times and there's the rub: if you put the addict back in the same set of circumstances that were previously associated with smoking, the odds are extremely good that it will happen again.

This potential drug will therefor only be useful in preventing relapse in as much as it prevents the addict from ever experiencing the rewarding sensations given through smoking. In order for that to work, it will always need to be in the person's system.

While I am not saying this would not be worthwhile for people who are affected by this horrible addiction, but I can definitely see that it would be worthwhile from the perspective of drug companies as it would give them a nice steady revenue stream.

Not Copyright Infringement

So how do they deal with other forms of crime involving digital assets? Most money transfers these days do not involve physical assets. Likewise with high frequency trading in various stock markets. Under this ruling, if I hacked into the Nikkei or a local bank and skimmed some virtual assets, it wouldn't be theft, would it? This sounds like the quote was taken out of context given that these sorts of things would presumably already be covered under Japanese law. Perhaps these actions are better covered as fraud. Of course, it is also possible that this ruling might be overturned on appeal.

Re: Picking Nits: TIN versus Tin

Besides it is "nits", not "Nits"

Unless used as part of a title, which it is in this case.

Half a Brain

So I have to actively download it, click on it to install it and then type in my password for it to work...

Yeah, makes me feel safe, too, especially as otherwise reputable software has never been hijacked or forcibly re-purposed by an outside entity. It's a flaw that can be exploited. It should be fixed on all affected machines. Claiming that it is too hard to patch or that it is not that dangerous only makes me question the agenda of the person making the statement as they obviously don't have my best interests at heart.

Up Your Game

Lester, it looks as though you are having a lot of rice-fueled fun. You should get yourself a bamboo rolling mat for your maki rather than that press. They aren't difficult to use and I suspect you will get better results (e.g. link).

Re: Professional expectation

Government logic... yes, we gave you the password and it's one of those areas you manage.. but you aren't supposed to look at anything.

I am not so sure about that. Those who have access to re-enable the ability to write to disk should not also have access to the documents of the nature Mr Glenn was attempting to steal. In environments such as this, administrative duties are supposed to be split between individuals and groups to prevent exactly this sort of thing.

Re: Mobile management is easy to achieve

These are for business, not personal use.

And this is where things go horribly wrong.

IQ Optional

I have to challenge your 50% under 100 claim.

Challenge accepted. Pulling memories from $years ago when I studied this in grad school, the way IQ is defined involves forcing the normative data into a bell curve. By definition, 100 is the median with 50% above and below.

Re: Next year - CarJackBot

Seriously though, can anyone seriously expect benevolent, non-violent AI when humans act like this?

And it's for exactly that reason we need it.

Re: We're gonna need

It's turtles all the way down!^*

*You will have to click through to get the joke.^**

**No, I won't ruin it by explaining it.

Re: Silly admins. Power users don't bother joining domains

why on earth would I want to let the backwards, process driven clods in IT tell me what I can run, or have any access to my system for that matter?

Depending on where you work, the answer might simply be "Because it's not your machine and violation of the acceptable use policy will have you run out the door." In your mind you might be the greatest sysadmin ever, but if you work in a corporate environment you share the risk of any problem you introduce with everyone around you and vice versa. Assuming you in fact are as great as your ego would have us believe, it is unlikely that all of your coworkers are of similar stature, but those "process driven clods in IT" would be forced to let even the janitors to do whatever they wanted in as much as you are allowed. That is typically the way corporate policy works, after all.

As far as you personally are concerned, are you maintaining your machine and software on your own time or are you charging your employers for for it when you are supposed to be doing something else while they are paying an IT group to handle system administration? Sounds like the wild west to me, partner. Yipee-yo-ki-yay... you can fill in the rest.

Re: Draining the swamp or backing the favourite number?

Trouble is, as outsiders we don't have enough insight...

On the contrary, I feel comfortable judging by results. I have a rather nice situation in that I am paid in part to patch Flash at work while enjoying a considerably greater amount of security by doing without on my personal machines.

Self-cooking Bacon

"I couldn't help wondering if this technique could be contrived so as to convince the bacon to cook itself. Fantasy, I know, but a man can dream."

That's called "a wife". Google it sometime :-)

Your wife is made of bacon?!? And she cooks herself? How awesome is that?

Mine's the one with pork laser totin' shark infested pockets.

Re: Why on earth?

The next release is going to be a "warewolf."

"Wily Werewolf" which is just a shade better than "Werewolf's Willy" but nowhere near as cool as "Wascally Wabbit."

Re: Ah, yes!

A sure fire way to make the world safe from... Uh, what exactly? Freedom?

Terrorists! They are still new to the game, so they haven't had time to work in a "think of the children" rationale, but give them time...

Re: The poor advertisers...

As use of this technique does not a a virus make, it might better be labeled as a PUP. Still, you would think that people in the anti-malware market would at least think to warn their customers about high network data usage, especially if the app was not active. This would seem like a simple catch for heuristic analysis, but my guess is that the folks in the anti-malware business are still writing for desktops and have yet to get their heads around the implications of mobile devices.

Re: Rubberhose Cryptanalysis

Security experts may be able to remember a couple dozen different passwords, and claim that's a good security practice, but it is impractical for the average person.

Perhaps that's why password managers are on the list, too, which for personal use is not such a bad idea. I have yet to work anywhere that provided or approved of a password manager for professional use, though.

I would love to see an expanded list of "expert recommended tools," because the top five is certainly not enough. There's nothing on there about mobile apps, which are the de facto way most people interact with the internet these days rather than a browser on their home PC. Also, the recommendation I would make more than the use of any of these is customer/user education. The fact that there is such a big misalignment in professional and lay opinions indicate where efforts in the security community ought to be focused.