Re: Digital technology is too efficient for elections
There are ample opportunities to manipulate "analog" elections:
Pre-stuffiing ballot boxes
Letting ballot boxes with too much "wrong" votes disappear
Gerrymandering
Voter exclusion
Posts by wimton@yahoo.com
50 publicly visible posts • joined 22 Jun 2022
Swiss e-voting pilot can't count 2,048 ballots after USB keys fail to decrypt them
Marketing 'genius' destroyed a printer by trying to fix a paper jam
Tuesday 27th January 2026 18:10 GMT
My wife worked at the engineering department of a big oil company where they had one of these solid wax printers.
One day, a user complained about smearing and wrong colours.
To ensure that the wax blocks were inserted in the proper shaft, they all had a different shape: round, square, triangular, etc.
It turned out, that one of the highly qualified mechanical engineers had jammed the blocks in the wrong shafts, a task that can usually be done properly by a 3 year old.
She swore that she would never set a foot on the company's oil platforms ever!
London boroughs limping back online months after cyberattack
You'll never guess what the most common passwords are. Oh, wait, yes you will
Techie found an error message so rude the CEO of IBM apologized for it
UK police caught slacking off by jamming their keyboards while working from home
Hardware inspector fired for spotting an error he wasn't trained to find
Monday 29th September 2025 06:50 GMT
Not allowed to read your own report.
I worked for an agency that evaluated cryptograpic products.
As the computer guy, I was asked to look at the implementation details of a product, and lo and behold, I found the classical "reuse of the keystream" mistake.
I neatly reported this, but afterward I had no access to the report because I did not have the clearance to know about cryptographic weaknesses.
I started losing my digital privacy in 1974, aged 11
Call center staffers explain to researchers how their AI assistants aren't very helpful
90-second Newark blackout exposes parlous state of US air traffic control
New SSL/TLS certs to each live no longer than 47 days by 2029
2 in 5 techies quit over inflexible workplace policies
Tuesday 25th March 2025 23:03 GMT
Ofiice time
I fled the office before the pandemic.
Trying to concentrate in an open plan office, with 4 people around you loudly speaking on the telephone is futile. I learned the full medical history of several co-workers and their family. To add to the distraction, the adjacent building was demolished in a noisy way.
But, I think in person contacts are very useful.
With new projects we tried to get the team together physically at least once, and everybody found this a real benefit.
Discussing poorly specified difficult problems with all the participants in one room with some white-boards worked much better than an online meeting.
In my experience, on average one day a week in the office was enough.
Google begs owners of crippled Chromecasts not to hit factory reset
Wednesday 12th March 2025 17:09 GMT
Re: The two achilles of current encryption
A company can set up its own PKI without problems, but to have the root certificate included by default in the common browsers, the PKI must conform to the rules of the "CA Browser forum", which requires short lived certificates.
I set up own PKIs at my previous employer. Some of the products are IoT gateways, and paying 100 £ for a server certificate with a very limited life time is an absolute no-no.
Previously, I tried to use commercial CAs, but my RfP: "I want to buy a million sever certificates for less than 1£ each" led nowhere.Only one CA understood the question, and offered that we could run an issuing CA unter their root CA (with the appropriate security audits and licence fees).
Tuesday 11th March 2025 09:36 GMT
Availability
Some professional IoT devices are delivered with certificates that never expire.
The customer would be very upset if he loses the connection to his process controllers or smart meters because he forgot to renew the certificates.
More adventurous users still can replace the certificates with something short lived.
Pornhub lockdown and fact-free Zuckbots – welcome to 2025
Put your usernames and passwords in your will, advises Japan's government
Data is the new uranium – incredibly powerful and amazingly dangerous
Thursday 21st November 2024 18:55 GMT
Re: Data is worthless
Long time ago, I had a manager that required extremely detailed project breakdown reports.
I knew that this data was not used afterwards, so I wrote a spreadsheet generation these randomly, with the total amount of hours spent and the weight of the individual items.
Everybody loved it, but the manager was a bit miffed when I told the story at my goodbye party.
Huawei's farewell to Android isn't a marketing move, it's chess
Tuesday 29th October 2024 13:35 GMT
Re: Time to slow down and think...
Because the apps become more bloated and resource hungry every year. I had to upgrade my 4 year old phone because beyond the Google suite there was only space left for about 20 apps. The Revolut app was already struggling and there was no space left for updates.
Cards Against Humanity campaigns to encourage voting, expose personal data abuse
Now Dell salespeople must be onsite five days a week
Green recycling goals? Pending EU directive could hammer used mobile market
Starlink's new satellites emit 30x more radio interference than before, drowning cosmic signals
Friday 20th September 2024 08:18 GMT
Re: How come there's no regulation?
FCC Spectrum Enforcement Division:
<qoute>Investigates and resolves unlicensed operation/operating without a license or outside the scope of a license (generally non-broadcast spectrum issues).</quote>
Other regulators like BAKOM in Germany have the power to seize or shutdown misbehaving equipment (and issue substation fines).
CISA boss: Makers of insecure software must stop enabling today's cyber villains
Friday 20th September 2024 08:04 GMT
Re: Easy to say
There have been security standards for software since the 1990s, and these are regularly updated and expanded. For example Common Criteria and all its derivatives.
Also, security was added to other standards such as ISA-IEC62443 for industrial control.
And there is a whole raft of industry specific standards, such as PCI (payment), HIPAA (healthcare)
Torvalds weighs in on 'nasty' Rust vs C for Linux debate
Bargain-hunting boss saw his bonus go up in a puff of self-inflicted smoke
Tuesday 27th August 2024 08:47 GMT
The company I worked for used data aquisition system where half of the components used 110 volts and the other half 230 volts. Inside the rack, there were usually a few leads with C13 connectors floating around.
One day, I installed a new disk drive, and after powering up, I thought the fan was quite noisy. 10 seconds later, the capacitors on the primary side of the powere supply exploded with a loud bang.
Fortunately, the capacitor casing had burst on the foreseen weak point (no ribbons of wet aluminium foil flying around).
After everything had cooled down I sealed the capacitors with hot melt glue and the PSU worked fine (with the correct input voltage) till I received a replacement.
Firefox's Mozilla follows Google in losing trust in Entrust's TLS certificates
Sunday 4th August 2024 09:46 GMT
Re: a spelling mistake a forgot reference..... validity of CABF ?
The reasoning might be: if your prodedures do not work well enough for format errors, why would we assume that they would work for security errors?
The list of complaints is the handling of a dozen or so format errors over several years.
Google cuts ties with Entrust in Chrome over trust issues
Truck-to-truck worm could infect – and disrupt – entire US commercial fleet
Raspberry Pi Pico cracks BitLocker in under a minute
Thursday 8th February 2024 09:59 GMT
Re: A brilliant testament to analysis
There are methods of securing the communication to a secure device. One of them is the PACE key agreement protocol. One of the uses is in electronic passports, where an attacker can listen to the wireless communication. A more exotic application is between the security module and the processor in German smart meter gateways.
Chinese Coathanger malware hung out to dry by Dutch defense department
Double trouble for Fortinet as it issues critical FortiSIEM vulns
Guess the company: Takes your DNA, blames you when criminals steal it, can’t spot a cyberattack for 5 months
UK water giant admits attackers broke into system as gang holds it to ransom
Wednesday 24th January 2024 23:18 GMT
I would not consider this as an attack on a utility.
An IT system that was used by the water works was attacked, but this is not different from an attack on the IT system of a supermarket or a garage.
Very few of such attacks impacted the distribution of services (exceptions: Stuxnet, Dark Energy and a few more).
The attack on the "Capital" pipeline: the petrol kept flowing (technically), but if you cannot bill for it, there is a serious busines problem.
DPD chatbot blasts courier company, swears, and dabbles in awful poetry
National Grid latest UK org to zap Chinese kit from critical infrastructure
Cloud engineer wreaks havoc on bank network after getting fired
Wednesday 13th December 2023 09:42 GMT
The company laptop was not well secured either. I worked for a big financial organisation. The firewall rules would not permit access to porn (and lots of other things), the whole PC was full of corporate spyware, and USB ports were disabled. Often difficult to get work done, but the organisation never has been in the news for IT mishaps.
Resilience is overrated when it's not advertised
Monday 21st August 2023 09:09 GMT
More fail over lore.
A military lab was surrounded by a moat. For resilience, it was powered by 2 electricity cables, crossing the moat at different locations, with automatic failover.
One day the moat had to be dredged out. The dredger cut one of the cables, the failover worked perfectly and nobody noticed. The dredger processed its work, till it also cut the second cable....
Typo watch: 'Millions of emails' for US military sent to .ml addresses in error
Google toys with internet air-gap for some staff PCs
UK smart meter rollout years late and less than two thirds complete
Friday 16th June 2023 12:50 GMT
A smart meter can give a consumer immediate and detailed information about his consumption. This enables him to adjust this by switching things off "I did not know that was using so much" or moving consumption to cheaper hours. That is where the 5%reduction comes from. After a few months of optimizing the new consumption stays the same.
Biting the hand that feeds IT
