Posts by Adam Foxton 817 publicly visible posts • joined 16 Nov 2007
Just because you can't see the need doesn't mean there isn't one.
In MS Office post-2003, Macros already need their own format that explicitly does contain a macro. So any normal DOCX is, by definition, not macro-enabled. Anything else should be treated with suspicion and can be easily automatically recognised and flagged as a potential attack vector.
This seems like the best solution, covering not just your use-case but also the rest of the world.
It doesn't need to phone home. Just verify itself against a key, or a dongle, or a number scribbled on the installation media. Some unique method of identifying individual installations.
If they'd deliberately and knowingly re-used license keys that would have been a completely different scenario to them copying software that had consensually been de-protected by the owner.
That will quickly be detected and removed. It's like the people saying SSH and VPNs are a solution. Last time I went to China for work both of those were unavailable.
This was a proper commercial VPN between a business-y hotel, from a room occupied by someone with a business visa, and a corporate network. It couldn't have been mistaken for someone wanting to watch porn, or some snotty youth wanting to get get banned Netflix.
If you think you've got a simple solution to this, you're wrong. When the Firewall team's necks are on the line for missing leaks, they get very good very quickly.
Oh, absolutely. The Free Market lot are absolutely the ones calling for Government intervention.
They might CLAIM to be fans of the free market, but have a look at all the Government market manipulation that they already enjoy and you can see that they're really not all that into it. This is Corporatism, not Capitalism.
You missed important points.
Yes, it is technically possible to vote securely. Obviously.
But now figure out how to vote securely, knowing that the voter is an actual voter, and giving that voter the ability to audit both their vote being recorded correctly and counted. And it has to be simple enough that old Mrs Miggins down the road can grasp it.
Now make that system absolutely anonymous, so there's no way someone can make a list of which votes were cast by which voters. And, if the vote is incorrectly recorded, allow it to be updated- again secretly.
Anything short of an auditable secret ballot is going to be screwed with.
This is just the sort of change Linux needs. Good forward-thinking changes. Maybe HTML formatting could be brought into the Terminal too, and format-sensitivity so programs know bold arguments are to be taken extra seriously.
I can't wait for them to release a Kernel written in something more advanced, like Java. Come on Linus, get all that hardware-specific rubbish out of the kernel!
If the 'smarts' are held in the Cloud, the device on it's own shouldnt be considered 'smart'.
Interfaces should be documented, 'intelligence' should be built into smart devices.
They may connect to Cloud services (securely, privately) to provide a richer experience. But the core functionality that makes them 'smart' should be accessible with no internet.
Blaming and jailing the bosses means people in those positions take these problems seriously.
Fining doesnt work as they dont pay the fine. Firing doesnt work as they can quickly get a new job. Jail time for gross negligence, with a condition that it's not considered 'spent' for 10 years after the event, is something that's indelibly on their record.
Give protection to whistleblowers and try to protect people from false allegations or set-ups. Maybe have punishments increase as a function of time the system has been open and time between them being informed and acting on it.
But they need to get this right every single time. These systems should be installed only where they are so critically necessary, so well regulated and so well tested that teams of people will properly put their necks on the line to create and install them.
SEVERAL people should go to prison over this.
A couple of Heads of local government, a local chief of police, whoever's in charge of the ANPR system, and whoever approved this contract without taking proper care towards privacy. And also whoever in 3M/Neology who didnt require top-end security as a default for this sort of installation.
Make ANPR politically and commercially impossible to install or maintain unless it is safe and secure.
After all, if the other implementers of this technology have done everything right they have nothing to fear. That's the line they like, isnt it?
GPS does a lot more than navigate idiots through fields and off cliffs.
It's also used to synchronise timing devices, a key part of things like mobile phones, ST2110 video devices, and even some sensors for underwater use.
Rely on GPS for all that and if the Americans wanted to they could throw those systems out of whack, degrading until they failed.
Other Commentards: What other uses can you think of for GPS?
They're already seeing how much this is costing them.
So the FAA now has to keep turning the financial screws. Increase liability if/when things fail in the real world. Mandatory, in-depth FAA testing on every single aircraft.
Make screw-ups cost a fortune. Make the accountants hand control back to Engineering, and make it clear that's the aim.
And then, when Boeing get the MAX in the air, announce that the rest of the industry is going to face the same scrutiny in, say, 12 months with massive fines for undeclared problems.
Regarding the Software industry, are there any actually respected certifications for safety-critical software engineering?
@Rupert
So the number on the side of the bus wasn't really a Brexit pledge.
And the 'easiest trade deal ever' was something concocted by Remain or otherwise not truely what was meant.
All that stuff May and her predecessors did to try and keep some sort of trade deal was undemocratic, and the support she got for this from the Brexit side was imagined.
And yet you say this was all discussed multiple times during the referendum. What exactly was it you discussed? And how long do we have until that fails and you recast it as a Remainer plot?
(Update: >580k for Do Not prorogue, about 370 for Do. Not 370k, just 370)
If he'd have been properly invested in this but of prickishness he'd have handed the FBI the USB Killer and told them "yes, there's a video of me doing it on this stick..."
*bang*
"Ah, no, it's on my phone."
All this punishment could almost be worth it if you had persuaded the FBI to zap their own machines...
Create a legal system that makes sense, one that can be flowcharted and is based on a few founding principles.
You know, rather than having a legal system so complex it needs an artificially intelligent supercomputer to figure out if your actions were or were not criminal.
You're solving the wrong problem, people!
@iamanidiot
Absolutely disagree. Breakers should be labelled with which machine(s) they power, and ideally machines labelled with appropriate breakers too.
At the very least have a map.
Having to know "okay, so it's the second breaker down for the first machine's primary PSU (excluding the red one for the UPS) and fifteenth up on that other switchboard for the secondary PSU, ah, no, wait, fifteenth /single phase/ one" is a recipe for disaster.
I spend a fortune paying for food- maybe I should run away without paying the bill? If I shot down a few aircraft the buggers would soon learn to not fly so low over my house at unsociable hours.
Driving through pedestrians and cyclists would greatly shorten my morning commute.
But these things are illegal. So if I did them I'd be prosecuted. Why is no-one being prosecuted for not only breaking the law but then saying "okay, we'll keep breaking the law until we can be bothered to not break it"? That's the attitude expected not even of a one-off offender but of a career criminal, and is absolutely not appropriate for the Justice system.
Surely the ability to access the files is irrelevant, it should be about the ability to access the files /legally/. Just because I'm an employee of a company doesn't mean I can look at any file (e.g. network admins being capable of accessing HR files but not being permitted to do so).
Microsoft US (one company) accessing Microsoft Ireland (another company)'s computer network specifically for the purposes of bringing customer data out of the EU- and then specifically so as to avoid having to follow established (and not that onerous for legitimate needs) EU procedures- would surely be illegal.
Indeed, should the very existence of this case not mean that Microsoft Ireland has to restrict access to their US counterparts? This is a blatant attempt to gain unauthorised entry to a computer system, and allowing this would make MS-Ireland criminals in their local jurisdictions as they would be exposing /all/ of their customer's data to the US. It should be treated as any other outside entity attempting to gain access.
Even if some theoretical weakness remained in the system, "You should exploit this weakness, and also you're not allowed to fix this weakness" is a seriously different argument to "the file is there and easily accessible, go get it"
No, what's broken is the idea of using a single communications channel that you have absolutely no control over to handle your PR. This is why PR is more normally handled by services like a news agency or press conference where a multitude of outlets get to know what you tell them.
Twitter's absolutely within their rights- and indeed responsibilities in many localities- to remove accounts without their registered user's permission.
It's not YOUR account. It's /their/ network and /their/ account, which you use with /their/ permission. People seem to forget that.
Excel has a built-in interface for querying external databases. If the data was exposed sensibly- like the STL mentioned above- it would allow people to filter the data they need out of the whole dataset and work on it from there. Not everyone will need or want every field or all 11 million records!
When you only have a small hammer, filter out any inappropriately large nails.
Just install a bunch of cameras with motion trackers to see what's happening from the top the of the walls up. Any motion across the wall is either illicit or a bird.
The drone isn't even the issue, it's the items being delivered that are the problem. So you don't even need to stop the drone, or prevent a throw-over- you just need to have a system look to see if anything breaks the perimeter and if the intruder falls to the ground or leaves anything. If it just overflies the prison without doing anything then it's not an immediate issue (and could be halted with a directional jammer / net gun / interceptor drone). You can then identify where the payload landed and identify / collect / isolate it.
This way there's no reliance on criminals not circumventing geofencing attempts, and it covers throw-overs too. Occasionally you'll get a false positive from a seagull dropping a pizza.
What the hell is it doing on public roads?
I understand, highway driving is- for the most part- simple. Especially for trucks. Maintain a constant speed in the left-hand lane (or right-hand lane for some odd bits of the world). Don't leave your lane, slow down if you're going to hit anything.
But in those circumstances a human's pretty safe too. It's only (mainly) when they've been lulled into a false sense of security and then things change that there are problems. So designing in this false sense of security seems to me to be a mistake. It HAS to be able to cope with a deer crossing the road, or an unexpected icy / oily patch or a tyre blowing out. If it can't cope with any eventuality you could reasonably throw at it, it shouldn't be allowed on any roads without the course being closed to public traffic.
AC, when Run-Flats came out the manufacturers just beefed up their Stingers. Stuff like Magnum Spike at least claims to be effective against run-flats, too.
http://www.magnumspike.co.uk/product-comparisons.html
So... yeah, they can already disable any car they can get in front of, and relatively quickly and safely at that.
Nice simple solution. Cars need tyres to drive on, right? So why don't we get something like a board with nails in it to burst the miscreant's tyres? They'd lose control of the car and have to pull over or crash- or at least slow down.
Wait, what do you mean they have those already? Good news, everyone. The Met already have the possibility of disabling/hobbling almost any tyre-using vehicle. Problem solved, cash saved.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
