Posts by Robert Helpmann??

Re: In the jungle

My experience with Google products in government contracting is that they are capable of meeting the contract requirements on a technical level, but they are completely unusable in implementation. We were forced to use Google Office products in place of MS Office on one contract I had the misadventure to work and it was painful on a number of levels. I do not know about cloud services as it is outside my area of expertise, but that has certainly colored my view of all things coming out of the Chocolate Factory.

Re: Possible? Yes. Probable? No.

And that will still rely on the end users keeping their phone secure, not just anti-malware, but physically secure, with a proper unlock passcode\pattern.

Exactly! Running voting through an app introduces at least one more point of failure. This is the opposite of securing things.

Re: One born every minute

Still we shouldn't victim blame.

... or grammar use, apparently.

Re: Federally protected

Fortunately, swans don't come in flocks.

Quite right. They come in bevies and wedges.

Re: Grand Jury...

By the way, some sites I read suggest that once you are selected/accepted as a member of the Grand Jury, you could be in court a couple of days a week for up to two years! Is that (a) true and if so, (b) nationally or only in some states?

Grand juries are used at various levels of the US justice system (federal, state, county, municipality). The one on which I served was at the county level. We came in one day each month for three months. We only considered felonies unless there were misdemeanors also associated with a given case. I cannot speak to other jurisdictions' rules, but I am sure there is variation among them. I should also mention that the proceedings were nothing like I have seen depicted in popular media, but that is probably not a surprise to most.

Re: Brilliant job that Woman!

I will be very happy when these "first women", first black", first trans" news stories go away...because they are common and unremarkable.

Yeah, I would be happier if these were more along the lines of "first alien" and "first contact".

Re: BoatyMcBoatFacepalm

...just how hard WOULD it be for AWS containers to be made 'secure' by default, so that the devs would really have to balls it up to leave them open.

They pretty much are. It takes someone opening them up for this sort of thing to happen. It's more a case of the devs being too lazy or incompetent to provide access properly, instead opting for the Allow-Any approach to security because of ease. The open access also may have been meant as a temporary measure for while the containers were being set up but someone forgot to close the intentionally opened hole.

Re: Just curious

..."it is possible that some of these IP addresses may have ties to state-sponsored actors.”

Ya think? It's also conceivable that a little forethought would have led to a design that didn't allow this.

... they insist on shuffling all the shelves...

Why not order online for delivery or curbside pickup? Because they labor under the idea that making you traipse through the store will wear you down to the point where you will purchase things you never intended?

Re: Good

bom·bas·tic

/ˌbämˈbastik/ adjective

high-sounding but with little meaning; inflated.

Needs to work on the high-sounding portion of the rant to achieve the stated effect. I give it a 6 out of a possible 10.

Re: I realise this ship has sailed...

I see what you did there. Keep it up and you will be exiled to Cyberia.

Re: Runs outside the browser

I would even go so far posit Cross Platform = Greater Attack Surface.

Caveat: It's Monday and I am dealing with a worse-than-normal event today, so this may be coloring my outlook a bit.

Re: 'an "unauthenticated" attendee'

As the AC noted, language changes. The admittedly few lexicographers I have spoken with take a descriptive rather than prescriptive approach to language. As far as the word of the moment, the first use of "attendee" predates most folks' time on this Earth (first recorded ca. 1935), so it seems a bit late to protest.

It tends to be operated where you have plenty of hydro power because you need to run the plant 24/7 - it really doesn't like cooling down. So, where is the power coming from? Not much available water on the Moon.

Seems that using a molten salt reactor could be used both to refine the products and to generate power. It would still need some water, but it could still function pretty much as a closed system.

Re: Who's going to bet..m

I can't tell if "nations of the Amazon desert" is a brainfart on your part...

You might try looking at the HTML for the post. It clearly has <SARCASM> tags.

Re: Wool

I've been wearing them for over a decade as well.

Maybe time to take them off and wash.

Mine has an integrated gas mask.

Can't say it sounds good for anything I use a keyboard for. This probably means our desktop support people will be by any moment now to prise my grasp from my full-bodied desktop keyboard to replace it with so much light and air.

Re: No more iPhones, check.

...they don't have the passwords, just the hashes, if they are doing it right.

On a practical level, these two are equivalent for the resources a government can throw at the issue. An entity with that level of resources should be able to create rainbow tables for all service providers. Happily (as long as you are not part of one of those entities), this is not the way it works. Hashes are stored locally and different user accounts have different salt applied, which increases the number of combinations needed to be taken into account for rainbow tables to work. They can theoretically still work, but don't provide much benefit.

REF: https://packetlife.net/blog/2008/jul/09/a-bit-more-detail-on-ios-password-hashes/

Re: frustrating genius

Now which is the only story he wrote himself that it's suggest the characters are not humans?

Pretty sure he wrote "Blind Alley” and The Gods Themselves. I think there were others, but that's what a quick search yielded.

Re: idiot

I know that the internet is populated by raving paranoids, but 99 times out of 100 there actually isn't an evil corporate plot as the reason for XYZ.

Exactly. Never attribute to malice that which is adequately explained by stupidity.

- Hanlon's razor

Re: social media data hoovering is an obvious security risk

GnuTzu, you've hit the nail on the head. This is not unique to mobile devices by any stretch. There are lists of approved applications allowed in all USDoD environments (and for other US government agencies) with all others being banned by default. The reporting on this has pretty much missed this both here and in other outlets. Same for users who confuse their government issued devices with personal property or try to pull rank to get what they want because. As long as there are restrictions, there will be people who think they do not apply to them.

Re: There have only been three Star Wars movies...

...although the CGI'd Tarkin and Leia aren't as good as many seem to think.

I thought the brief appearance of Leia strayed deep into the uncanny valley and didn't make it out intact. Tarkin was... better.

Re: Staff who wipe machines

If permitted by the company policy, there's no real issue with that.

This goes to the heart of the question. What is the company policy in cases such as this?

Re: The Dark Overlord Face

...we know he's going to jail.

He's already in jail. He's going to prison.

Re: Just wonderful

if the wrong person's data was exposed the board could end up being taken out and shot.

What's Mandarin for "Pour encourager les autres"?

Re: Production control systems were built before the internet

I assume you are thinking of crosstalk. That's unlikely to be significant enough to be exploitable on a couple of km of separate twisted-pair cables carrying similar digital signals. Even if it is, any "hacking" would require data to be *pushed* from one cable to another, which is not possible even if the crosstalk is ridiculously high.

Yes, I was referring to crosstalk. Yes, it is exploitable and yes I meant only in the sense of a pull. However, there are other means to push commands to an isolated network and having access to a relatively fast and reliable way to pull info makes that aspect much easier if only by dint of having a means to perform footprinting. If you know what to target on the closed network, it makes it that much easier to put something together that will do the job once you gain access.

Well, unplugging from the Internet is just about the most absolute* defense you can have.

Except they've already found out that isn't entirely effective. The article alluded to Stuxnet which was developed specifically to get around such situations.

^{*Are there degrees of absolute? If so, how are they graded and what are the penultimate and antepenultimate defenses available? What would be more absolute than isolation? Immolation?}

£45k. Not bad!

The Senior IT auditor position - the security person - has the same salary and work schedule as the social media staffer, but with the requirement for a CISSP or equivalent. I get that this is a prestige position, but I can also see why there might be a vacancy.

Re: Why on earth

I'm colourblind, and I ...

Thanks for the explanation!

No, I have nothing to add, just appreciate learning a different perspective on the world.

Re: It Is With Such Baubles That Men Are Led.

You can make fun, until it makes sense.

Now THAT truly is a foregone conclusion. As you rightly imply, this reorganization does not make sense and is worthy of mockery. Why go through all the hassle and expense of doing something of this nature when it has no point in the foreseeable future? This move is purely about ego (speaking of tautology) and adds no value to ... well... anything worthwhile.

Re: Alexa?

Just shouting through the letter box could get the door unlocked.

Speak, friend, and enter?

Re: Quick maths

You could easily do that by downloading a Linux ISO over torrent and then forgetting about it and seeding for the rest of the month.

I don't believe so. The story was about the amount of data downloaded and not the amount uploaded. You would still generate quite a bit of traffic, but in the opposite direction of what's indicated here.

Re: We are the dead

I wonder if you'll be able to watch videos of Tiananmen square...

I had a conversation with a younger (mid-30s) coworker about the subject. He had never heard of it. The reason it came up was I was there immediately prior and was talking with someone who was a student there at the time, comparing notes. Our education system has failed us massively if this sort of thing is simply ignored.

Re: Caption seems inaccurate, based on the expression

"look at me I'm a Narwhal"

There can be only one response to that:

https://www.youtube.com/watch?v=GcYVCvBq0FY

Icon, because.

Re: Kudos pour le JCC reference.

Hadn't heard that before, despite it actually having been made within my lifetime. Have an up-vote for that. Thanks!

Re: Apple tried to warn you, several times

If you choose to install obvious malware, it's entirely your own fault when it turns out to be malware.

So the people who created the malware and got the gullible unwashed masses to install said malware are not to blame for their actions? How does that work? Blame the victim much?

Re: So....

"...OR LOSE YOUR JOB YOU MUPPET!!".

Sometimes I wonder if Kermit the Frog would do a better job than some folks I have had the misfortune of working with, so fair comment on a number of levels.

Re: Refined OS or chocolate teapot?

I am currently on W10 since my old laptop transcended to brick status... I'm waiting for a service pack I have to pay for, that will be Linux time.

GF just moved in and asked me to look at her laptop because it wasn't working well. She said there was a problem with its wireless card not being able to connect to the wifi. It had.... Vista! It's long, long past time for Linux on that system.

Re: So jealous

...some contractors in key congressional districts get to pocket most of that money...

Saying something is working "as it's supposed to" is not the same thing as "as intended". The system may be working the way the people who designed it intended, but that is definitely not the way it is supposed to be.

Re: Domain names are case insensitive?

ｅｎｖｉａｂｌｅ is very difrent from enviable

Oddly enough, Chrome views them as the same when I search for them on the page while other applications do not. That looks like a bad implementation to me and makes me wonder if it is open to abuse. Unicode strikes again!

Re: I'd watch that

but you'd have to take out the cyber-truck. That's reserved for the Back to the Future remake.

I'm glad I'm not the only one who looked at Tesla's new toy and thought, "My God! It's a reincarnated DeLorean!"

"The result was that things were not to the lander's liking at the start of the final phase of descent and Vikram went splat hard-landed lithobraked within 500 metres of the planned site."

FTFY.

Mine has a dogeared copy of the Haynes Repair Manual for Firefly-class ships in the pocket.