Posts by Cuddles 2337 publicly visible posts • joined 3 Nov 2011
"it may be possible to exploit holes in, say, the in-flight entertainment system on the first network to access the adjoining second network where one could abuse the flaws he found in the crew information software to then reach into the adjoining third network."
That doesn't sound like three separate networks, it's a single network with some access controls. The whole point of having a separate network for critical things like avionics is to avoid any possibility of someone on a customer-facing network being able to mess with it. Questioning whether these particular vulnerabilities actually make it possible to hijack the important systems is rather missing the point - it shouldn't be physically possible for any vulnerability to ever do that.
"Even then, a company like PlayStation will throttle it at about 40Mbps, because their servers only have enough bandwidth."
This sort of argument is made over and over again, and I just don't understand why. Even if a single person is unlikely to benefit from peak speeds above a certain level, most households contain more than one person, and often those people might want to do more than one thing. Even if PlayStation cap at 40 Mbps (don't know if that's actually true, certainly Steam doesn't appear to do so and easily saturates my connection), a person waiting for a game to download may well want to watch a video while it's happening, while the three other people in the house are also watching videos, playing games, and wanting some overhead for normal faffing around on the internet. A cap of 40 Mbps on a single activity means you actually want at least 80-100 to be sure that activity doesn't prevent your entire household doing anything else. Sure, you can get by with less, especially if your circumstances are different, but the idea that just because one activity for one person doesn't benefit from higher speeds, no-one could possibly ever want more is just ridiculous.
As for gigabit, that probably is usually overkill right now given the limited opportunities for most people to really use it all. But that's unlikely to remain the case 10 or 20 years from now. We have to install the infrastructure at some point, and given that the alternative is to install FTTC kit that is often barely adequate even today, it would be nuts to just stick with that and not bother installing anything that will actually be useful in the future.
"Any old bluetooth speaker can be used to listen to music"
This is the part that really confuses me about "smart" speakers. They're literally just barely-functional phones glued to mediocre speakers. Forget all the fuss about security, privacy, and so on, I just don't understand why anyone would buy something that fails to replicate what a device in their pocket already does. If you're really that desperate to let the likes of Amazon and Google into your home, a regular speaker can use all of them just by running a different app on your phone instead of locking you to just one, and do all kinds of other things in addition. As far as I can see, the sole selling point for smart speakers is "It's like your phone, but more expensive and much, much shitter". Even if you don't care about privacy at all, that's a pretty weird thing to go for.
"Farmers can easily kill hundreds of people using nothing more than the tools of their trade.
The Bath Township massacre, one of the worst in American history, was committed by a disgruntled farmer who blew up after losing a local election. He used his legally-purchased hunting rifle"
If you're going to try to argue that guns aren't a problem because people can use other legitimate tools to kill people, it probably helps if you don't immediately give an example of someone using a gun to kill people.
"The Democrats are also equally to blame as much as the Republicans. They had 8 years under Bill Clinton and 8 years under Barack Obama to reform"
That's not really true. The president gets the headlines, but the US government has three separate parts - president, senate and house - any one of which can effectively block anything much from getting done. The Democrats have only had 2 years out of the last 26, and 4 out of the last 40, in which they had a majority in all three and would have actually been able to push any major changes through. The Republicans have only had 6 years out of those 40 so they're not really ahead on that count, which goes a long way to explain why so little seems to get done in the US regarding major issues - it's rare for either side to actually have the power to do anything significant.
"Cisco, for its part, says that the VSM products at issue have not been sold since 2014 and the flaw can actually be traced back to the original development of the software by Broadware, a company Cisco assimilated back in 2007."
In response to being accused of not fixing, or notifying customers, a critical flaw between 2008-2011, their response is that the flaw was actually present from 2007-2014. How exactly did anyone think that was going to help their case?
The trouble isn't so much that the media have fixated on a particular look for "hackers", but simply that it's human nature to try to fit people into stereotypes even when no such thing exists. Your typical hacker looks like a person with a computer. Any person of any size, colour, shape, and wearing any kind of clothes, while the computer would usually be anything from the last 10-15 years or so for subjects the general media tends to tackle, although obviously real hackers can also be found getting Doom to run on 1960s oscilloscopes or similar. There simply isn't a meaningful stereotype to have stock pictures of.
But the thing is, that means there are already plenty of stock photos that actually represent hackers - literally any picture of someone using a computer would do the job. If you don't like it when people use pictures of people in hoodies, just use the pictures that don't have people in hoodies. Try to persuade others to do the same if you really feel strongly about it. We don't need some sort of concerted effort to come up with a new stereotype to replace the old one, because it wouldn't be any more useful or accurate. If you want the public to understand what hackers are really like, you need to use pictures of what they are really like. Just do a Google image search for "person with computer" and pick any one of the thousands of images that shows a normal person with a computer - in the first hundred or so results not a single one had a hoody. The problem is not that these pictures don't exist.
"They did call me and that was their point. Every time they phoned I said I was happy with the service I had before they could get into whatever spiel because I assumed it would be to sell me something extra when it was already expensive."
Which still makes it their fault. If they annoy you to the point that you are no longer interested in talking to them, they can't complain if one time it would actually be to your benefit. That is the entire point of the story of the boy who cried "wolf".
"If it started as a square. It ends as a square, and nothing anyone watches fits in a square."
Wait, you don't think it's possible to fold a rectangle? And you think folding a square results in another square? I've seen some pretty weird claims about phones in my time, but that's a pretty impressive failure at primary school geometry right there.
Just as a very simple example, have you never seen a piece of paper? https://en.wikipedia.org/wiki/ISO_216
"The remedy for the A350-941 problem is straightforward according to the AD: install Airbus software updates for a permanent cure, or switch the aeroplane off and on again."
As far as I can tell from this, the issue has been fixed - a patch is available and all airlines need to do is install it. So why is the "turn it off an on again" thing even being mentioned? Surely with a potentially safety critical problem like this, it should be a simple case of grounding all aircraft until the patch has been applied.
Why is this even a thing? If someone commits a crime, they don't get decide what the appropriate punishment for themselves should be. Equifax shouldn't be in a position to propose anything, they should be told exactly what they have to do and then be forced to actually do it.
"This year, Smarty (a Three reseller) and then - ironically later - Three clarified their terms. "Unlimited" now means 1000Gb, tethering absolutely 100% allowed, according to Smarty, for instance. 1000Gb is big enough for the foreseeable future for me, I'd have to do 10 times my normal traffic to hit that. I signed up immediately (again, ironically, moving away from Three themselves who couldn't be bothered to offer me that guarantee at that point!)."
I think you may be confused. "Unlimited" for Three means unlimited, and has done since they started offering it (originally labelled "all you can eat", specifically to distinguish themselves from other providers who called their limited plans unlimited). They state that 1000 GB (not Gb) is the point where they may start suspecting you of commercial use and question whether you should be on a regular consumer contract, but there is no cap and you can happily use more than that if you can somehow manage it. Tethering has also always been allowed in the UK, although they've only recently started allowing it, with data caps, while roaming. I'm also not sure how you managed to think Three couldn't be bothered to guarantee that since, as noted above, it's been one of their big selling points for a long time and they're happy to boast about it at every opportunity.
"Can the clocks get so far off from where they're supposed to be that it can cause an unrecoverable degradation?"
No. While we don't usually think of it in that way, all clocks are simply counters - a pendulum clock counts the number of times the pendulum has swung, a quartz clock counts the number of electrical oscillations in a crystal, an atomic clock counts the number of oscillations in an electromagnetic wave. There's no measure of time actually inherent to any clock, all they do is count how many oscillations have happened since some arbitrary point.
In an everyday clock, that count is tied to some sort of human-readable display, and ideally that display can be adjusted if for some reason it ends up being inaccurate. But with an atomic clock, there isn't generally any display of "time", all it will do is tell you how many counts there have been since it was told to start counting. If you tell it to start counting from zero again, it will simply do so. So there's really no such thing as it's time being off from where it's supposed to be, because it doesn't know anything about time at all. All it's doing is counting oscillations, and no matter how far away from the expected count it might be it will never stop working or somehow become unrecoverable because as far as the clock is concerned such things don't have any meaning.
It's also important to consider that there are essentially two ways for a clock to be wrong - either the starting point is not what was expected, or the oscillations occur at a different rate than expected. The latter is the problem with almost all normal clocks - a pendulum doesn't always swing exactly once per second, so after an hour it may only have counted 3550 swings instead of the 3600 it should have. That can be fixed by just nudging it forward a bit occasionally, ie. resetting the start point. But with an atomic clock, it's essentially impossible for that to be a problem. The oscillations being counted are tied to atomic transitions that only radiate with very specific frequencies. Barring a fundamental change to the laws of physics, either the clock is counting at the correct rate (to within about 1 in 10^-15) or it's not counting at all; it can't slow down or drift around in the way a pendulum clock might. So essentially the only way for an atomic clock to be wrong is if the starting point of the counting is wrong.
Which brings us back to Galileo. Keeping a network of atomic clocks synchronised means making sure they're all told to start counting at the same time. And if that gets screwed up somehow, the clocks could all be functioning perfectly, but be completely useless since if one says "I've counted 10 billion oscillations" and another says "I've counted 100 billion", without knowing when either of them actually started counting it's all entirely meaningless. From the little information we have, it sounds like the problem is something along these lines. The clocks are probably all fine, but the ground station has somehow screwed up the synchronisation so the counts aren't all starting at the same time.
Of course, that's all talking about the actual clocks themselves, there could be all kinds of problems in the electronics and programming surrounding them. But given that there are multiple different systems built by different manufacturers involved, it seems very unlikely that they would all suddenly develop similar faults at the same time despite having worked fine until now. Given what we know of the nature of the issue, it's much more likely to be a problem in the wider network than anything specific to the actual clocks.
"Take SSDs for example. I ordered a 1TB SSD from the US for $89. It'll take a few days longer to arrive (as a friend has to bring it in for me), but that's a worthwhile trade off because in Blighty it's around £129 depending on where you look. Roughly double the price."
Let's see. £1 is about $1.24 at the moment. Plus US prices don't include taxes. That makes $89 about £132. It's actually cheaper in the UK.
"We are, as usual, firmly in the space of "we did it because we technically can" and nobody thought of any other possible consequences."
The bigger problem is that we're actually not, but rather in the space of "we tried to do it because we almost technically can". If Alexa, and similar shit, were actually reliable and only activated when actually told to, they would be much less of an issue. Fully functional, local processing that only transmits interpreted commands and not actual voice data would solve almost all the privacy problems. It's only because they're all utterly incompetent at actually recognising and interpreting speech that they need to constantly record private conversations and save it all for Amazon's employees to listen to later. It's similar to the issues with self-driving cars - the ideal situation with everything working perfectly isn't so bad, it's the half-arsed implementation that doesn't actually work properly that causes problems.
Indeed. As far as I can tell their "solution" is simply "put enough repeaters around the building so that there's always line of sight to something". Exactly as everyone has been saying from the start. Maybe JMA are hoping to be first to the market with a complete system that can be purchased off-the-shelf including the radios, servers, and everything in between?
"The (British) ICO is taking this up on behalf of the EU, though I'm curious about where the fine goes to."
Presumably similar to the breakdown from the BA fine:
https://www.bbc.co.uk/news/business-48905907
"The penalty is divided up between the other European data authorities, while the money that comes to the ICO goes directly to the Treasury."
I haven't seen any information on exactly how the split between countries is decided. Presumably it's on a case-by-case basis depending on how many people were affected in different places.
"As the speed increases, the wheels will rise out of the mud and plane along the surface like a speedboat on water with just a few millimetres of metal connecting car with ground."
It seems we're reaching a point where it's no longer enough to just time the run, but need to check if the vehicle is actually on the ground for the whole thing.
"But where does the overproductin come from? You have to provision for the expected demand and this has been lower than expected across the industry."
A big issue is the future. As DougS' notes, everyone is almost certainly selling more memory than ever before. But production is quantised to a large extent - if you expect demand to increase by 1% each year, you can't build a small factory every year to meet exactly that expected demand. Instead, you build a massive fab that will add 20% to your overall production. And once that starts operating, you're now producing more than there is demand for for at least a couple of years until demand catches back up again.
This is why there's been a consistent pattern of oversupply and low prices, followed by undersupply and high prices. Demand increases more-or-less continuously, but supply can only follow it in sudden jumps - supply falls behind until it's enough to justify the cost a new factory, at which point it leapfrogs demand and has to wait for it to catch up again. As long as demand for chips keeps increasing and fabs remain multi-billion pound investments, there's no real way for that to change.
"The project may be Google's future operating system for all kinds of devices – this actually looks likely – or it may be scrapped and never used in anger."
It's a Google project. There's approximately a 100% chance it will be scrapped within a couple of years regardless of whether it's their future operating system or not. The only question is whether it will be allowed out of perpetual beta status first.
"Why shouldn't they use XP to drive the projector if it's a stand-alone appliance?"
While there are a variety of reasons that could be cited regarding best practice and so on, the most obvious reason they shouldn't is that it might crash in the middle of a performance. It's all very well to claim that an old OS can still do a perfectly good job in certain circumstances, but this article only exists because said OS demonstrably did not do a good job.
"€1m is really nothing but a bad joke compared to what they've raked in."
Which is why GDPR allows much bigger fines. It's understandable that people want to complain about trivial fines that won't achieve anything, but doing so when we've already introduced new laws specifically to correct the problem seems a bit pointless.
"I would like to see this type of thorough analysis performed on other manufacturers and their products."
Indeed. The claim is that Huawei is worse than everyone else, but according to the article here the dataset consisted only of Huawei files. It seems difficult to make a sensible comparison between vendors if you only look at one of them.
Not really sure why this is talking about UI patterns on websites. Every single thing listed here has been employed by shops everywhere for thousands of years. Really the only interesting part of this research is how poorly their automated tools worked - only 11% of shops employ at least one of the methods listed? 91% would be a lot more believable.
Not sure why you think the surrounding space would be 1K. The cosmic microwave background is about 3K, so literally nowhere in the universe is colder than that (at least not without some active mechanism to pump heat around, as is done in some experiments here on Earth). Close to a heat source, such as near a Sun, temperatures are of course much higher. Even Pluto doesn't drop below around 30K, and Uranus is a lot closer to the Sun than that.
"Automatically blocking abusive sites is good, but it would be even better if they didn't rely on Google's definition of what is or isn't abusive."
Exactly. Pretty much the first things on any blocking list should be Google's tracking and advert domains, closely followed by the likes of Facebook, Twitter, etc.. Blocking abusive sites isn't much use if you deliberately omit by far the biggest offenders from the list.
"If youtube (or the porn equivalents) aren't "on demand" I don't know what is.
Technically, how does browsing Youtube differ from iPlayer?"
Technically? Probably not in any significant way. That's not what's important here. As Dan55 quoted above:
"under the editorial responsibility of a media service provider – meaning they control the selection and organisation of the programmes"
iPlayer is a curated service offering only a limited number of selected programs. YouTube, and porn equivalents, allow anyone to upload anything they want with no editorial input. The technical side of delivering the service may be the same, but the service itself is very different as far as regulation is concerned.
"Pretty much any bank in the UK, including ones that are about 300 years old, will let you transfer money to other users via smartphone at zero cost, and the transfer usually takes between 3 to 10 seconds."
Indeed. While the concerns about privacy and Facebook in general are valid, the more important question seems to simply be - what is the point? Facebook wants people to be able to send money to each other without using cash? We've been able to do that in various ways for at least two millennia. Meanwhile in the modern world, cards and bank accounts function perfectly well in actual shops, while any competent bank makes it possible, as noted above, to instantly send money to anyone you want. Exactly what benefits are added to the user forcing them to first buy nonsense Funbucks with some random erratic value before allowing them to do something that's already trivial? And then broadcasting everything they've done to the world in a public format?
"Or do superconducting materials not obey Ohm's Law?"
Superconducting materials don't generally follow Ohm's law. In the steady state, they obey it in a trivial sense by having zero resistance and zero voltage despite having a current flowing. But the current doesn't just start flowing spontaneously, and they must obviously be non-ohmic when you apply a voltage across them, since otherwise you'd have 0 = V/I which can't be the case when both V and I are non-zero.
That said, you are actually correct, it's just that the numbers given in the article aren't actually all related to each other. The paper also gives a value of 0.2A for the leakage current, given by the characteristic resistance and the voltage (as in your point 2)). The DC resistance of the superconductor is exactly zero by definition as current flows along it, but since the magnet is made of coils wound on top of each other with no insulation, some current is able to leak between the windings, and the effective resistance from this effect is what gives the characteristic resistance and is Ohmic in character. So the 245.2A is the current flowing with zero resistance along the wire, while 0.2A is effectively escaping out sideways through a small but finite resistance.
"As it stands, the BBFC cannot fine or discipline providers that fail to protect people's data"
Why would they need to? Data protection is already covered under GDPR. There's absolutely no point giving the BBFC, a body with absolutely no experience in this area, additional powers to cover things that are already covered by other bodies and regulations. Of all the many issues this silliness has, the BBFC's lack of data protection powers is not one of them.
"Surely it's just an illustration of the consequences of hand-feeding a learning machine : it will only learn what the developers provide it. Consequently it will only know what they know (or think is worth knowing) and so be biased towards their culture and level of ignorance of other cultures."
Exactly what I was thinking. Nothing shown here appears to have anything to do with money. Presumably the system would be just as bad at recognising a bar of soap here in the UK, and if anything it's richer middle class types who are more likely to use it instead of pointless disposable bottles. It's simply that the system was developed in one of the richest parts of the world, so it's almost impossible for things it doesn't recognise not to be correlated with lower income. It once again exposes the problem with poorly trained recognition systems that are unable to handle things the developers didn't think of, but it doesn't say anything about Silicon Valley's attitude to poor people.
Of course, it also seems to expose just how terrible these systems are even when supposedly working. In the example shown in the article, only two managed to recognise a bottle of soap, and one of those still thought it was more likely to be a gas tank. They might have been even worse for the Nepali photo, but all except Tencent were completely useless for both photos. Given the point is to recognise the contents of images without human intervention, what this really shows is not that there's bias based on money or culture, but that these systems currently are simply not fit for purpose anywhere.
"Which is easiest - remembering not to place pepper spray on a rock in bright sunlight, or being evacuated by helicopter with a leg broken in three places?"
Being evacuated is easy - you just lie there and let everyone else do the work. Remembering something requires actual effort. The question of which is more painful may have a different answer.
"So, does anyone know a reliable and cheap email only hosting company?"
Depends what you mean by "cheap". A few quid a month gets you Proton Mail, and I assume there are plenty of others at a similar price point. If you want to use your own domain there's a certain minimum of tech-savvyness required, but connecting said domain to an email host doesn't really add anything on top of that. If you're genuinely too poor to afford £50 or so per year, Gmail spam filters are probably not one of your major concerns, but if you're not so badly off it doesn't seem unreasonably expensive. Would everyone suddenly jump ship from the likes of Gmail if the cost was only £30 instead? I doubt it; cost really doesn't seem to be the primary issue, other than in a binary "is it free or not?" sense.
Edit: As a disclaimer, while I do have a ProtonMail account, I don't actually use it for my domain since they're very restrictive on how you can use aliases. They seem decent if you just want basic email services, but might not be much good if you have specific needs.
The difference is that Ferrari is an extremely niche luxury brand, Apple are simply at the higher end of regular consumer commodities. Ferrari make somewhere around 8,000 cars per year. That puts them in a very different market from the likes of Ford, who make close to 1,000 times more. One aims to sell very expensive things to a small number of people, one aims to sell as much as possible to as many people as possible. Comparing the two is just pointless. Ferrari are irrelevant to Apple; a better analogy would be complaining about something like Audi being too expensive compared to a Ford. Which is an entirely fair complaint that many people actually do make, since Audi are very similar to Apple in being decent bits of kit that are frequently bought because of the name rather than a careful analysis of value for money.
"You missed this sentence in the article"
No I didn't. As I said, what the article says and what the paper actually says are not the same. The boffin's exploration of the JavaScript environment reveals the ability to infer the presence of privacy extensions by looking at variables that already exist. This doesn't add any additional ability to fingerprint anything, as Paul Kinsler suggests, because no additional information is added. Saying "This person is using Canvas Defender" does not tell you anything more than "This person is using specific pattern x for these 250 variables". In most cases information is actually lost, since you are reduced to only being able to say the former instead of having individual values for all 250 variables.
"browser privacy extensions may just make matters worse...
And yes, you could disable JavaScript execution"
Seems a bit contradictory here. Browser privacy extensions might make things worse, but they're also perfectly capable of blocking it entirely.
From a scan of the actual paper, there doesn't appear to be any mention at all of privacy extensions making things worse. Most of the extensions they looked at can be detected, and some circumvented at least to some extent, so they may give a false sense of security but don't actually make things worse. In all cases, detection comes down to knowing in advance which properties they modify and inferring their presence from that, so no additional information is actually leaked by using such extensions. In most cases, while it's possible to detect an extension by seeing what properties it's modified, it's not possible to recover the original information so they do achieve something even if it's not as much as users might expect. Only Canvas Defender (can't say I've ever heard of it) appears to be completely useless.
"There is, after all, a zone of, like, 359° around the Sun where we are not."
On the one hand, it's probably somewhat less than 359 since a flare can easily cover more than 1 degree. But on the other hand, the Sun is a sphere (in a vacuum no less, possibly it's really a cow) so you need to think about solid angle - if a flare isn't ejected in the ecliptic plane, it's not going to hit us even if it's dead on target when projected onto a 2D view. Flares tend to occur more in the vicinity of the equator, but not exclusively so.
"a pile of metal five times the size of Hawaii's big island"
This sounds suspiciously like a unit of area, in which case the correct units would either be Wales or square brontosaurus. However, since we're talking about a mass of metal we should be looking at olympic swimming pools, although this adds the complication of whether they mean just the visible part of Hawaii or the entire volume from the sea floor upwards.
"Maybe you should spend some time in China telling them you're a muslim Uyghur....
Try the US if you're non-white, not a *cough* "Christian" *cough*, not rich or even happen to have the same name as someone else on the no-fly list."
More to the point, how is this even relevant. Does the CEO of Huawei personally roam the streets beating Muslims? Does the CEO of Cisco regularly lynch black people? Many countries have issues with human rights to varying extents, but how exactly is that relevant to which company I might want to purchase a router from? If there's evidence a company is clearly and deliberately complicit in abuses that might be a factor in the decision, and of course if there's evidence their equipment might actually be compromised in some way that's very important. But saying "Country A has done bad things, therefore everything produced by Company from Country A is bad" is just meaningless nonsense.
"If those researchers at Princeton really did steal all that data, make it available, and say as much in their research papers, what on earth did they think was going to happen? Did they really think the data owner would be happy in anyway?"
I suspect the issue hinges on the word "steal". Having had a quick look at their website, it appears to be trivial to access, copy and/or download all the models without even having to sign up for the free account they occasionally mention, and in doing so there's no mention at all of any need to pay for it. Indeed, it seems to be entirely presented as a social network-type thing with all the content provided by users - I'm still not entirely sure if Planner5D have actually done anything at all other than providing a platform for people to post their own work. In fact, my guess would be that "4000+ Items" they say are available might be created by them, but the millions of objects and scenes allegedly stolen are overwhelmingly both user-generated and free to view/download.
It's a bit like putting out a bowl of free sweets with a sign saying people are free to take one if they want. If someone comes up and takes the whole bowl, it's difficult to claim that they've actually stolen anything, and a sign doesn't constitute a binding contract. And it gets even trickier if all you do is put the bowl out and ask other people to supply the sweets.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
