Re: A reminder to...
Never use an email *address* that's tied to your broadband provider. You *can* move email *services* in the way that you can move phone numbers.
FTFY
8137 publicly visible posts • joined 14 Jun 2007
OK, so let's say I trust MS. When it goes titsup and *my* business grinds to a halt, what's the incentive for *their* business to pull out all the stops and work triple overtime until I am in business again? Because unless my pain is their loss, they have a legal duty (to their shareholders) to ignore me.
*That*, Mr Vice President of Bullshit and Pontification, is why only a complete idiot would *trust* Microsoft.
Walk away from Apple's market share. It's not *that* great and if enough people did it then Apple might get the message. It's not like we're asking them to scupper their own product line. Making their compulsory browser better behaved surely benefits Apple as well as HTML5 fans.
"Given that security tends to add complexity and cost to technology products, the chance that companies will adopt the FDA's cybersecurity guidelines fully can be considered to be extremely low. "
Not so sure about that. The potential losses in the resulting court case could offset the savings by several orders of magnitude.
The likelihood of such a case depends on the nature of the vulnerability. For example, if it is a failure to authenticate the sender, then it could happen almost any time two users are in the same room and one of them needs to inject. If it is poor authentication, then it is only a matter of time before garbled commands to one unit happen to be valid commands to another and (again) this "attack" will be "tried" whenever you get gatherings of users.
Malicious exploitation is a different set of risks altogether. It is far more likely to succeed and the resulting death will look like suicide. Are there any potential users of these devices who have enemies (or relatives) evil enough to give that a go? Sadly human nature is not all fluffy kittens, so I suspect the answer to that is a firm "Yes".
"If the car is not capable of real autonomous driving it should not be advertised as such. "
'Tis somewhat depressing that it seems to have required a rule change to make this point. Still, surely *everyone* knows by now that all verifiable claims made in adverts turn out to be verifiably false, don't they?
Purely as an observation, Cambridge UK occasionally mentions how many Nobel laureates they have and a fair proportion of those were born abroad, so if the US wants to claim these three then the UK can hardly object.
It probably ought to be credited to the institution(s) that supported them when they did most of the work.
To me at least, the job description implies that delivering and testing updates is considered a separate function from developing the software in the first place. Why is the Windows Update manager responsible for anything other than the correct functioning of the WU software that delivers patches? Why are the products not responsible for the quality of the patches and WU is treated merely as a handy delivery mechanism?
If https://en.wikipedia.org/wiki/High-voltage_direct_current is a reliable source, those HVDC lines will need as much R&D as the modular nukes. The present generation are only point-to-point and still limited in capacity compared to the grid as a whole. On the other hand, they might actually get the funding since the technology is as applicable to household windmills as it is to mini-nukes.
Sound advice for anyone who is annoyed by such pedantry is just to use the word "arthropod" instead. (Crustaceans aren't insects either and there are plenty of those that I wouldn't want to find in my nosh either.) In extremis, try "invertebrate". That will annoy a few purists but it will include slugs, which are yet another thing that I don't want in my lunch.
Nobody else wants just a clerical function. However, there are plenty of people (and ICANN are a good example) who would be happy to do the job if they were allowed to add money-making or power-weilding extras.
It is because we want it to remain a clerical function that we should keep it away from the private sector (who want to make money) or certain governments (who want to weild power). The USG is hardly perfect, but it can usually be relied upon to do bugger all when bugger all is exactly what is required.
"When Ubuntu started supporting USB3, the drivers weren't back-ported to the LTS releases, and neither was the Unity interface crap, so why should Microsoft do things any differently?"
Because Ubuntu will product a new LTS release within a year or two and won't charge you for it when it arrives. Unless you are bursting for USB3 support (and LTS fans probably aren't) you can just wait. Even if you are bursting, it is possible to upgrade your kernel to one that does USB3 without dragging the applications up to the bleeding edge. (Imagine that, Microsoft, upgrading to the Win10 kernel but keeping the user-space portion unchanged from the one you trust rather than being forced to hoover up a truck-load of fresh bugs. What silly ideas these penguinistas have!)
The sorts of apps that are listed on "some software listing site" are generally (exclusively?) freebies. (That's "free, whether the original author had that in mind or not".) Such things *might* have a champion who is willing to repackage them for the Store and sign for them (I presume everything in the Store has to be signed) but since there is no money involved I would doubt it.
On the other hand, MS are now offering a way to foist malware (if you can get it past the censors) onto the entire Desktop-Windows-using community via a "trusted" platform. The cost to the developer of meeting Store requirements is probably much less than a really nice piece of malware might make in return, so the incentive is there.
Obviously, the harder MS make it to push malware into the Store, the more likely that they make it harder for small ISVs to get their stuff on, too. Those champions I mentioned in my first paragraph may have their work cut out even if they exist.
In urban areas, a post-code might well identify a group of addresses that mostly within 30 yards or so of each other. Combine that with your entirely human tendency to remember the occasions when it was (by chance) scarily accurate and I don't think you have anything to worry about.
Of course, if this is happening to you and you live in sparsely populated country, you may have a point.
"I can't see how this could work securely unless the banking app could access my contacts."
In Android, it is possible to ask permission on a case-by-case basis, so the app could be blocked by default and ask for permission only when you actually try to use the service that requires the information.
That would, of course, encourage customers to think about security. Perhaps some banks reckon it is more profitable to scare away the security-conscious customers in favour of those who just do as they are told.
Also, even if there *were* reasons why your bank might be interested in your contacts, it is a clear violation of the principle of least privilege for the banking *app* to be interested.
So, with the banking app having clearly indicated that it was, at best, badly implemented and, at worst, downright malicious, the banking app gets told where to get off.
I think Pokemon Go demonstrates that GPS and mapping are now (almost?) at the point where the real world can be used as a stage. I also know that you're not alone in being uncomfortable with "eyes moving but balance organs static" and AR games are presumably mostly immune to that problem. What I can't imagine is *quite how awesome* it would have been if all those games we played at primary school had been enhanced with a head-up display.
I assume that various groups are already working on these, so the parents of the next generation will spend as much time trying to get the kids to come in as the previous generation spent trying to get them to go out.
I think the gist of it is that someone with a Nobel to their name (and who therefore presumably knows how thin the ice is this far out) reckons they have identifed a system which *in its lowest energy state* is in some sense "in motion". This is apparently a novelty. Furthermore, a group financed by Microsoft is now going to try and create that system to see if the wacky idea is true.
My wifi router has a power supply brick rated at 12V and 1A. I presume the unit itself doesn't actually draw that much power. That's about 1kWh (about 10p?) every three days or so. If you've really optimised your home energy use so that this is a meaningful saving, then I'm impressed. Treat yourself to a pint to celebrate, every few months or so.
If it is an NTLM hack then Microsoft fixed it years ago. NTLM isn't enabled by default anymore and corporate users should have disabled it back in 2000 or so when NTLMv2 turned up.
Funny how Linux supporting (optionally) ancient hardware and protocols is a sign of how great FOSS is, whereas Windows doing the same is a sign of why closed source is evil.
"outside the IT security box"
I agree, but is this really, still, considered outside the box? I thought this was common knowledge before I was born? Almost everyone inside an organisation is paid less than the value of the information that they have access to and in most cases there are enough of them with access that you'd never be able to prove it in court unless you caught them red-handed.
@Nick: The ID is, as you suspect, mandatory for some device classes and not for others. Windows implements both per-port and per-ID recognition of devices, falling back on the former only if the device turns out to have no ID.
A question for the hardware people out there: What's the cost of ensuring that your mass-produced devices all have unique IDs (or even "statistically very likely to be unique" ones)?
I don't think the logged-in user (presumably you mean one of the possibly several users logged in at the console) is the one running any of the code involved, so I don't think their rights would ever be relevant.
I would hope, however, that blocking unknown USB devices (if practised) would be effective.
"Why has Hanff changed his tune from 2008 after the Phorm trials when he was busy proclaiming that consent from both sender and recipient was needed to make any interception legal?"
Perhaps because blocking is different from snooping. In the latter case, either sender or recipient may be unaware that there is anything going on.
Er, no. *You* get real. Try and imagine that you are one of the several-nines-percent of the population who can't implement blocking by firing up emacs and hacking a few scripts on their router.
Just because something is arguably legal in some ountry or other does not mean that I don't want to block it, the bottleneck between my ISP and my CP equipment is the logical place to do the blocking, and the professional IT staff at my ISP are the logical people to give the job to.
The IWF watchlist might be covered by (a) but there's lots of perfectly legal 18+ material that non-techy parents might prefer to be filtered out by someone with a clue. Likewise, ad-blocking might be covered by (b) but any ISP offering the option would have to argue that out in court against people with very deep pockets.
Someone further up had the idea of offering better routers to consumers and then claiming that the filtering was being done at the consumer premises. Yes, but that still places the burden on the end-user to maintain the filtering ruleset because the ISP can't make it a point-and-click option without getting sued for offering filtering as a service.
It would be much easier to have an option (d) allowing ISPs to offer filtering packages to customers.
"What if my ISP / Mobile provider offers an optional service (and by default switched off), say at £0.01 cost, to do my blocking for me?"
My reading of the article is that they've thought of that and ruled it out. They seem quite careful to emphasise that the consumer can do it even if the ISP can't, and then they list three exceptions to the rule that ISPs can't, none of which are the option you describe.
So I think the article (and Mr Hanff) have it right and the rules really, really need a paragraph (d) saying it is OK if the customer specifically requests it.
And like many other commentards, I reckon I probably *could* implement it myself if I had the time and energy, but I'd rather pay someone else to think it all out and maintain it and then flick the switch for my line. (Your mileage may vary. It depends on your ISP.)
What furor? I don't see anyone who is actually involved in propogating high-precision measuring equipment who is arguing against the desirability of this. Sure, if you buy a ruler at the newsagent then it probably wasn't calibrated by counting wavelengths of anything, but it was almost certainly calibrated against something that was itself calibrated against ... [repeat no more than a few times] ... exactly that.
And those clever engineers building moon rockets would almost certainly have wanted a fairly precise ruler to build the parts for their air-tight capsules, or those engines that burn 5 tons of kerosine per second and only stay solid because they have five tons of coolant (kerosine, as it happens, because they had some handy) flowing past on a one-way trip.
The half-terabyte of raw data looks like a very unlikely pre-requisite. The average punter would have to max out their allowance for several months to exchange that much. Is the attack still feasible for (say) 100 times less raw data, which would seem to me to be a more reasonable amount to pull over in a single session. (Even that, of course, is 100 times more data than might appear in a truly interesting SSL session, such as a visit to a bank.)
Or am I thinking of the wrong target here?