* Posts by Paul Hovnanian

1327 posts • joined 16 Mar 2008


Woman dies after hospital is unable to treat her during crippling ransomware infection, cops launch probe

Paul Hovnanian Silver badge

Re: Why?

An ER should be able to provide some level of treatment for a patient without having medical records or even an identity. If they have severe allergies, one hopes that they might have something like a Medic Alert bracelet listing them. Assuming that allergies to drugs the may never have taken before would even be on record anyway.

Chinese database details 2.4 million influential people, their kids, addresses, and how to press their buttons

Paul Hovnanian Silver badge

Re: Good old propaganda

Maybe not propaganda.

"enabling overseas influence operations"

Could be that they spot someone's predilection for gazing at underage teens twerking on TikTok and threaten to out them to their employers and/or community.

Desperately seeking regolith: NASA seeks proposals for collecting Moon dirt

Paul Hovnanian Silver badge

My dog ...

... will help

UK Home Office seeks suppliers: £25m up for grabs to build database to keep track of crimelords' ill-gotten gains

Paul Hovnanian Silver badge

Well at least ...

... you folks are keeping track of it. Over here, when they bust criminals, the sheriff ends up with a new pickup truck.

Forget your space-age IT security systems. It might just take a $1m bribe and a willing employee to be pwned

Paul Hovnanian Silver badge

Re: Just curious...

In the USA, only the police are allowed to profit from the proceeds of criminal activity.

Paul Hovnanian Silver badge

Re: So you skipped the article?

"Strictly speaking, the mark went to his bosses"

That's not always a good idea. Sometimes the boss has already been paid off and has supplied your name as a scapegoat should that infected USB stick be discovered.

Paul Hovnanian Silver badge

Re: Well the FSB ain't what it used to be

"Once upon a time, the KGB would have first gotten dirt on the prospect"

But sometimes that backfires.

Google wants to listen in to whatever you get up to in hotel rooms

Paul Hovnanian Silver badge

The thing that comes to mind ...

... is the scene in Inside Man where the bank robbers figured that the police had bugged them and were playing a recording of Enver Hoxha's political speeches. Figuring that it would take the police some time to round up an Albanian translator.

A bridge too far: Passengers on Sydney's new ferries would get 'their heads knocked off' on upper deck, say politicos

Paul Hovnanian Silver badge

Re: Close the upper deck

"close the upper deck"

This is the solution

I've been on a few river cruises in Germany where the boat would not clear bridges without lowering all the upper deck hardware. Including the wheelhouse. All passengers were cleared from the deck and the nav lighting masts and radar were hinged.

Physical locks are less hackable than digital locks, right? Maybe not: Boffins break in with a microphone

Paul Hovnanian Silver badge

Re: LockPickingLawyer

"AR-15 Lock Defeated With LEGO Astronaut!"

There ought to be a law! Ban LEGO Astronauts now!

Slippery slope argument: They'll come for your Playmobil next.

You there. Person, corp, state. Doesn't matter. You better not shoot down or hack a drone. That's our job – US govt

Paul Hovnanian Silver badge

Re: Hypocritical

What the dogs don't finish we feed to the pigs.

We've heard some made-up stories but this is ridiculous: Microsoft Flight Simulator, Bing erect huge skyscraper out of bad data

Paul Hovnanian Silver badge

Is it ...

... in an approach pattern? It could be true that everything in Australia is trying to kill you.

Pretty wild that a malicious mailto: link might attach your secret keys and files from your PC to an outgoing message

Paul Hovnanian Silver badge

Re: Lets see ...

Oops. Somehow, I read that threat the other way around.

Nevertheless, my mailer won't attach something unless the specified file's extension is listed in its mime types. If the file type isn't listed, I've got to zip or gzip it manually.

Paul Hovnanian Silver badge

Lets see ...

My web page has a mailto link. But the web server that hands out that link runs as a relatively untrusted user on my machine*. And all of the private keys, security tokens and other detritus needed to support encryption/decryption/certificate signing reside outside of the scope of its permissions. How is it going to get hold of anything interesting?

*Actually, my web page is hosted on a completely different machine in a data center in a city far, far away from my e-mail clients. My MX record doesn't point to anything more interesting than a system that knows where to forward my stuff.

Someone please have mercy on this poorly Ubuntu parking machine that has been force-fed maudlin autotuned tripe

Paul Hovnanian Silver badge

Trevor Daniel?

Not Rick Astley? In a loop.

America's largest radio telescope blind after falling cable slashes 100-foot gash in reflector dish

Paul Hovnanian Silver badge

I blame ...

.... Luke Skywalker. That dish made the Earth look too much like a death star.

NASA to stop using names like 'Eskimo Nebula' and 're-examine' what it calls cosmic objects

Paul Hovnanian Silver badge

White dwarf

I guess we'll just have to toss that one.

Geneticists throw hands in the air, change gene naming rules to finally stop Microsoft Excel eating their data

Paul Hovnanian Silver badge

Logically ...

... the Excel import wizard tries to make sense of the data in each cell and select (or suggest) an appropriate format. However, data in one column tends to be of the same type (or supertype in an object world). Failing that, it should be 'Text' (a binary blob or whatever the top level class is). I'm not sure what heuristics were used for the conversion. If row 1, column 5 reads 'DEC1' then a reasonable assumption is that this is a date. However if row 2, column 5 is 'BRCA2' then the date decision should be backtracked. My guess is that the spreadsheet type selection is either per cell or based on the first row (or several). This seems to be far too simplistic and a poor assumption on the part of the import wizard writer.

Paul Hovnanian Silver badge

"Realistically, biologists aren't going to change."

'Evolve' is the appropriate term.

US voting hardware maker's shock discovery: Security improves when you actually work with the community

Paul Hovnanian Silver badge

Re: or...

"pencil, big clear plastic box..."

You have to get the voters to the pencil and big clear plastic box. This is a major problem in very rural voting districts on this side of the pond. In other parts of the world*, getting people past the various partisan citizens militias standing guard outside polling places is a problem.

Vote by mail has been proposed. It's actually a pretty secure system once all the bugs have been hammered out. Tampering with it doesn't scale well for national elections. But for local districts, fraud has occurred. Particularly one of the features often added to vote by mail: The volunteer ballot collection. A local GOP election win was invalidated for exactly this reason. The volunteers were picking up ballots and either revising or throwing out ballots from know Democrat leaning voters. And now that vote by mail is a hot topic again, volunteer ballot collection is a 'feature' that now the Democrats are pushing. They either forgot the last controversy. Or they think it's now their turn to fiddle with the results.

*Our dear mayor tried to invoke scenes of 'Federal troops invoking martial law and standing guard around polling places' come our November election day. No doubt all for the sound bite on a national radio show intended to trigger fear and doubt in the voting process. Because we have no polling places in our state (each state defines its own processes) and she damned well knows that. It's 100% vote by mail. But perhaps others don't know this.

USA decides to cleanse local networks of anything Chinese under new five-point national data security plan

Paul Hovnanian Silver badge

This should be fun

After ripping out all the Chinese bits of my networking and comms gear, I went to search for replacements. It turns out that even my string and tin cans are Chinese.

US drugstore chain installed anti-shoplifter facial-recognition cameras in 200 locations – for eight years

Paul Hovnanian Silver badge

Re: "an alert would be sent to security staff who could then confront the suspected thief"

'Simple -- see notice posted prominently near the entrance "We reserve the right to refuse service to anyone".'

That's a bit of a gray area. Just try refusing service to a member of a 'protected' class. Just because someone sells the neat little signs doesn't give them the force of law.

And then there's my favorite fast food joint that has a little sign reading "We reserve the right to serve refuse to anyone".

Paul Hovnanian Silver badge

Casinos ...

... already do this. And have for quite some time. If you are a card counter or other kind of cheat, they will show you to the door pretty quickly if they catch you on the premises again.

I get that's it's a different kind of market. People don't have to play blackjack. They do need prescriptions filled. If they just toss people out, that's a problem. But if an ex-shoplifter gets followed around the store by security, well that's part of the cost of a prior shoplifting conviction.

NSA warns that mobile device location services constantly compromise snoops and soldiers

Paul Hovnanian Silver badge

"This is why all electronic devices are to be left at home, not in reception or the car park, etc,"

Cars are electronic devices in their own right. I'm not going to pry the telematics module out of my brand new Tesla. And for all you people who purchased older cars on contracts: odds are that the dealer has installed a GPS tracker so the repo guy can tow it when you miss a payment.

Sick of AI engines scraping your pics for facial recognition? Here's a way to Fawkes them right up

Paul Hovnanian Silver badge

"I would like to run this on the photos I submit for my passport and driving license"

Not sure if that's a good idea. How much time do you want to spend pulled out of a boarding line while security puzzles over why their system says 'Denied'?

When I want authentication, I want the facial recog to work. When I'm out and about in town, I want to wear something that messes with the match so they don't spot me in a crowd.

VMware to stop describing hardware as ‘male’ and ‘female’ in new terminology guide

Paul Hovnanian Silver badge

Does this mean ...

... they will be bringing back the Boy George connector?

We've heard of littering but this is ridiculous: Asteroid dumps up to 50 quadrillion kg of space dirt on Earth, Moon

Paul Hovnanian Silver badge

Fly tipping

... on a grand scale. Did anyone get their license plate number?

Twitter Qracks down on QAnon and its Qooky Qonspiracies

Paul Hovnanian Silver badge

Twitter ...

"... happily hosts adult entertainers and their video content."

And I happily watch it. Don't go throwing the baby out with the bathwater.

NASA delays James Webb Space Telescope launch date by at least seven months

Paul Hovnanian Silver badge

Re: Obligatory XKCD

"new measurements indicated that it was actually accelerating."

Dark energy causing the acceleration of expansion. If they don't get the JWST launched pretty soon, most of the universe will have moved beyond the boundaries of the observable universe. And there will be nothing left for it to look at.

Paul Hovnanian Silver badge

Those responsible for sacking the people who have just been sacked have been sacked.

€13bn wings its way back to Apple after Euro court rules Irish tax deal wasn't 'state aid'

Paul Hovnanian Silver badge

Re: Good

"I think you’ll find that most governments have decided"

In a democracy, which Ireland is, it comes down to the people deciding this. The Irish government (and ultimately the people) decided that they didn't want this money.

"The only question here is whether or not Ireland was following the rules over how much they decided that Apple owed them."

Again, they are a democracy. And it's their rules. And they were perfectly happy NOT taking the money.

Paul Hovnanian Silver badge

Re: Good

"Your "private property" only exists because there is a government to insure that I don't take yours and make it mine."

No. That's why my AR-15 exists.

For hundreds (a few thousand?) years, the government was only able to provide security for the nobility. If you made it inside the castle courtyard when the bandits arrived, you were OK. Outside the walls, you were pretty much on your own. Same holds true today. When the barbarians approach, the police are nowhere to be found. You get on your roof with a rifle.

Paul Hovnanian Silver badge

Re: Good

Road can (and often are) financed through user fees. Vehicle license fees and fuel taxes. It may only take an office staff of a few hundred people to handle all of Apple's business in Dublin. They earn incomes and pay taxes. It's not like they are hauling truckloads of cash over Irish roads, so the wear and tear won't be higher.

Paul Hovnanian Silver badge

No sweetheart deals were involved. Anyone who opens an office in Ireland can get the same. And many others besides Apple do.

Paul Hovnanian Silver badge

Re: Apple said the case was not about "how much tax we pay, but where we are required to pay it."

Why not? Essentially you traded support for purchase price. Seeing as how Apple hardware isn't too bad. And software support can be had by Googling the problem and fixing it yourself, the only down side would be having to bin a few broken iPads rather than getting Apple support. And if replacements can be replaced cheaply through the same source, better still.

Also, not having to deal with the Genius Bar might be seen as a benefit.

Rust code in Linux kernel looks more likely as language team lead promises support

Paul Hovnanian Silver badge

Re: Is there a reason we need YAPL?

"The problem is these languages cannot protect any abstractions you create."

But can Rust do so? The problem with C/C++ library encapsulation is that the lib developers cannot account for every possible corner use case. So some strange ones may slip through. But until someone can actually deliver on the promise of 100% compiler test coverage (which may be one of those NP-hard problems that computer scientists are always going on about), the bug has just been moved from the library to the compiler. I can code around library bugs. Doing so around compiler bugs may prove to be more difficult. Pretty soon your kernel is a bunch of in-line low level C or assembly wrapped in Rust.

Microsoft to pull support for PHP: Version 8? Exterminate, more like...

Paul Hovnanian Silver badge

Re: What???

One thing I noticed years ago with IIS is that it frequently starts itself on Windows boxes. Quietly, without warning the administrator. And then there it sits, facing the Internet (or Intranet in corporate networks), waiting for someone to count it as a web server or probe your system for ports left open.

Back when I worked for Boeing, we were hit rather hard by the Code Red virus. And a big part of its propagation was facilitated by people with systems (in some cases even laptops running NT) who clicked an 'administrate my system' button. Which started IIS and presented a web based administration tool. But then never shuts IIS down when they were finished. It continued to run, often unpatched for vulnerabilities, because the systems were not used for web services and the admins saw no need to keep IIS up to date. Tragedy ensued. But at least IIS climbed the popularity charts.

Paul Hovnanian Silver badge

Exterminate! Exterminate!

Sounds about like Microsoft,

CEO of motherboard maker MSI dies after plunging from headquarters' seventh-floor

Paul Hovnanian Silver badge

"a real person has died"

Yes. And that's sad.

But at the risk of showing my heartless, engineering-based side, someone should be performing a root cause analysis. Was it health problems? Psychological? Work pressure? Political? A loose balustrade? It would also be sad to let a life go to waste without learning from the example. Recognizing others suffering from the some problems and making changes to help prevent such a thing from happening again.

NASA trusted 'traditional' Boeing to program its Starliner without close supervision... It failed to dock due to bugs

Paul Hovnanian Silver badge

Re: Sounds typical

"plus its 5 hrs from DC to Seattle"

2 hrs from DC to Florida. Please. Seattle had nothing to do with this.

Maybe Chicago.

Linux kernel coders propose inclusive terminology coding guidelines, note: 'Arguments about why people should not be offended do not scale'

Paul Hovnanian Silver badge

They can ...

... pry the man pages out of my cold, dead fingers.

Beware the fresh Windows XP install: Failure awaits you all with nasty, big, pointy teeth

Paul Hovnanian Silver badge

Distribution switch cabinet

We had a substation (115 kV to 12kV) go down coincident with a fire in a 12 kV switch cabinet down the road a ways. The linemen inspecting the wreckage located the remains of two very well done rats. Theory was that rats could jump onto and off of the bare bus bars with no problems. But when one saw his buddy passing by on an adjacent phase, they decided to touch noses. The resulting arc conducted enough current (and the individual circuit breakers were mis-coordinated) so that the high side fuses blew first and took out several square miles of power downtown.

After huffing and puffing for years, US senators unveil law to blow the encryption house down with police backdoors

Paul Hovnanian Silver badge

"In theory they could make non-USGov approved encryption software illegal"

So they have an apparently random bit stream. What is it and (assuming its a cryptogram) how was it encrypted? Is it on the approved list or not? And who has the keys? A smart operator could be exchanging poetry with an associate overseas. By the time the government has found the service provider/key escrow agent (necessary components of a 'legal' back doored system) they have made enough noise to alert the user that this channel has been compromised. And all they got was some prose about a man from Nantucket.

If enough people send messages back and forth with legal but non-TLA friendly interfaces, law enforcement will expend enough resources and make enough noise to render their intelligence gathering efforts useless. Microsoft (and its ilk) have built law enforcement APIs into their systems that, following the (electronic) delivery of a warrant, will provide instantaneous access to the requested message decryptions. Not so much for that mom and pop ISP that I use. Where Old Joe will have to rummage through a box of backup tapes in his shed to recover what has been requested.

US Department of Defense releases list of firms allegedly linked to the Chinese Army. Surprise surprise, Huawei makes an appearance

Paul Hovnanian Silver badge

Re: The Reg might note however


As opposed to a kekistocracy?

Huawei going to predict the future? Nope, say company leaders when asked about Joe Biden winning US election

Paul Hovnanian Silver badge

Best bet...

... is to watch Biden's pick for VP very closely. That's who is going to end up running the show.

Paul Hovnanian Silver badge

Re: Biden hardly gets a mention here in the UK

"If I was Biden's campaign manager I'd tell him to just say and do as little as possible"

That's what the (left leaning) mainstream media is doing as well. Biden walks up to the podium and starts a sentence. Then the network cuts over to a commentator to summarize his speech. So we won't have to watch him start to ramble.

Paul Hovnanian Silver badge

Re: Biden hardly gets a mention here in the UK

We can write in Bernie.

The girl with the dragnet tattoo: How a TV news clip, Insta snaps, a glimpse of a tat and a T-shirt sold on Etsy led FBI to alleged cop car arsonist

Paul Hovnanian Silver badge

Re: Police cars rest easier

"What I'm wondering is why the three letter agencies can't use investigation techniques like this to find terrorists"

I'm afraid that our law enforcement agencies just aren't equipped to do those sorts of analysis on an ongoing basis.

845GB of racy dating app records exposed to entire internet via leaky AWS buckets

Paul Hovnanian Silver badge

Re: "vpnMentor suspects the nine services share a common developer"

Stack Overflow copypasta strikes again.

After IBM axed its face-recog tech, the rest of the dominoes fell like a house of cards: Amazon and now Microsoft. Checkmate

Paul Hovnanian Silver badge

Re: Re:FR for the 'Chelsea Flower Show'

"it would give the largely white priveleged middle and upper class attendees a taste of what it's like to be under oppressive and intrusive surveillance."

Not so much. I may be wrong, but I doubt many attendees at the Chelsea Flower show will even notice its use. I may be showing my bias, but I doubt there are that many on the police BOLO (be on look out) lists at that event.

On this side of the pond, in spite of local and state restrictions on FR and ANPR, its the fed's TLAs that use it quite a bit. But in most cases, they don't trigger immediate apprehensions of suspects by either local or federal agencies. It's more for intelligence gathering. So those subject to the surveillance may never know.



Biting the hand that feeds IT © 1998–2020