Posts by Pascal Monett

The task sounds enormous

So, two low-scoring vulns could be combined into one big problem. Sure, theoretically, but how do you evaluate just how many low-scoring things can be combined and in what way, before you can rate all of them properly ?

Security is always in hindsight. We know to look out for privilege escalation issues because some hacker one day taught us that it worked. We have a body of knowledge today that is certainly impressive, and it will be one hell of a task to knit all that knowledge together to create a proper rating system, but there is no such thing as automating the risk evaluation - it has to be analyzed by a human. Humans don't know everything, and are rather bad at taking into account hundreds of parameters at once.

It is obvious the CVSS is not very valuable, but crafting a good replacement is going to be a massive headache. And yet, it should definitely be done. Good luck with that, then.

"Intel [..] would not intentionally mislead,"

Funny you should say that, given how many times you've already been nailed to the post for misleading reporting on performance. So either you employ incompetent people to draw up your reports, or you don't do enough reviewing before publishing, or . . you're marketing efforts are a bit too zealous (yeah, let's put it that way).

This kind of behavior is quite common in the industry, just look at the continual skirmishing between NVidia and AMD on the graphics side of things. AMD is always being forced to defend the performance of its processors in all domains, because AMD is a worthy contender and we need AMD to keep everyone else in line.

IT is the one domain where the numbers should not lie. Thanks to AMD for their continual efforts to keep it that way.

"statistically speaking, he is unlikely to end up behind bars"

Maybe, but he's also unlikely to ever work in IT again in a professional capacity. It's time for a career change - whether he wants to or not.

"implemented corrective actions"

In other words, the whistle-blower was right, and he was right to blow the whistle.

That is what happens when cost and schedule get top priority over security. I hope that not too many people risk dying because of some zealous beancounter.

"your data for what"

These days, it would seem that the ability to post inane tweets, a picture of your meal or some other equally useless thing is quite enough to validate the usage of people's data.

The only reason we're having this discussion is because people don't actually care what they are being used for on the Internet. There appears to be a general approach of "I can do whatever I want, there are no consequences and I will use anything that is free without thinking".

As long as the majority think that way, companies will be able to get away with a lot. That is why GDPR is likely the best thing to happen to the Internet in general. Only the fines will keep companies in line.

"get in on the ground floor of what she claimed would be the next Bitcoin"

But it is the next Bitcoin : a refined Bitcoin, without all the hassle of having to manage tokens and deal with exchanges.

No, this is just pure "gimme the dough and shove off".

Ah, yet another joy of IoT

All the wonderful things that come with "smart" now also include "the provider can shut it down without your consent". Just like all those defunct music services where you thought you buying music tracks, remember ?

Man that really encourages me to dash off and purchase all that smartness.

I don't understand the diagram

The heliosphere is based on solar wind, so why isn't the heliosphere centered around the Sun ? Looking at the diagram, I see a very exaggerated version of Earth's magnetic field. I know the Sun is moving around the center of our galaxy, but surely the heliosphere encounters the pressure of the interstellar medium in all directions, no ?

So why the gigantically-disproportioned tail ?

Ah, the joy of Smart

It seems that, in their rush to provide yet another way to monitor consumer behavior for no benefit to consumers, all these "smart" thingamabobs are opening yet another Pandora's box worth of trouble.

The Internet appears to still be in its Wild West period. Maybe, in a few decades and after many, many lawsuits, companies will finally be capable of design products that do not shit on their their customers without them having a clue.

Maybe.

Oh for God's sake

Bezos's Amazon is a company, and it has it's .com address already. What are we supposed to do, have a .ibm, a .apple and a .whateverthefuckelse as well ?

Companies are on .com, end of.

Yes, I know that will bruise the ego of those multi-billionaires, but there should be some things that money cannot buy.

"users and camgirls' email addresses, IP addresses, chat logs, and more"

With a data trove like that, no payment data was needed. Miscreants will exploit that to extract payment via blackmail.

One can only hope that the people using the sites were using a throwaway mail account, but the odds of that are likely rather low.

So, Adobe publishes your personal details and that is not sensitive data ?

Why hasn't GDPR been shoved in its face to educate it a bit yet ? There's massive potential for a stonking big fine there, I would think.

"DeepMind reckons the whole effort is worth it"

Sure, if I was paid to make a computer play StarCraft II, I would also think it's worth it.

So, what domain do we have in real life that could possibly benefit from this experience ? What domain has constantly changing variables that require the intuition of experience in order to not get blinding by the sheer amount of data and cut to the right solution in as short a time as possible ?

Maybe Wall Street trading, or eventually weather forecasting, but we already have massive computers that handle that (albeit not always very well). Anything else that we humans can do happens at human speed and we're better equipped to handle it than a 3K core cloud computer.

"the FBI has a larger database of over 640 million faces"

640 million ? That's almost as much as the entire North and South American continents !

Are there that many terrorists on US soil ? Why are they not apprehended more quickly ? I mean, if 1 in every 2 people are terrorists, either you need to drastically expand your prison infrastructure, or your political base.

Honestly, am I supposed to believe that there are over 200 million terrorists on this planet ? Where does the FBI get that data from ?

"testament to a new Capita"

We'll see how long that sentence can stand.

Capita certainly needs a turnaround, just be sure to not do a 360° by mistake.

"simple but elegant"

And it will still take up to 3 years to get it to the consumer.

And after that, it will take another few years before Apple, Samsung and Huawei avoid having their models burst into flames while recharging.

So, in ten years time, we'll finally have batteries we can recharge in just five minutes - from cars, to phones, to rechargeable AAs.

Looking forward to it then.

"strongly encrypted platforms are often used by pedophile rings, drug kingpins and terrorists"

There we go again. Since some bad people use encryption, nobody else should be able to.

Well I have some similar information for you : guns are often used by drug kingpins and terrorists in the course of their criminal activity.

Funnily enough, there is no call to limit the availability of guns.

We need a merry-go-round icon.

They call that smart ?

"Tommy Jeans [..] included chips in some of its products that allow the user to track how frequently they're wearing a particular garment"

That is what we are polluting the environment for now ? A chip that can tell you how many times you wore something, wow. Gobsmacking. How utterly useless.

You want to put intelligence in clothes ? Make chips that can tell if the shirt goes with the pants. Make chips that bleep when garish color combinations are being chosen. Make chips that tell you "Alert : clothes tissue is stretching beyond advisable limits - choose larger size".

That would be smart.

"It makes perfect sense for Microsoft"

Of course it does. Bring everything into Azure, tag on subscription plans and watch the Cloud revenue stream gradually replace the OS one as Windows slowly fades into oblivion (ok, veeryyy slowly).

Microsoft is not full of idiots - just the GUI department is.

"its surface only had two meager craters"

Yeah, well its size is minuscule and it is far, far out there. There's a good chance that most meteorites missed it and went on to hit the Moon - or Jupiter.

Nonetheless, great science !

Secretive companies

I don't get it. You're doing kernel development, not photo-enhancing software, raytracing optimization or advanced Wall Street financial algorithms. You want your kernel to run on all the hardware ? Then publish your test data and get the bugs fixed.

But that will fix your competitor's bugs ? Um, we're talking about Linux. It's free. You're contributing to the community and making all products better. There is no competition here, there's only the product that best suits the customer's needs.

This is definitely the area in which product is judged on merit, not on price. There is no prejudice in publishing all the details of the bugs so that the community can benefit and solve the problem.

This secrecy mindset is legacy from the time when everything was closed source. The world is changing, get with the program.