Posts by Pascal Monett

Always bet on Javascript

Oh, but I always do. I always bet that there will be some JS somewhere that is just waiting to pounce on my machine and screw it up.

That is why I use NoScript.

Interesting problem

How is it possible for a computer to allocate a room that is already occupied ? It should indeed be a computer problem because I very much doubt that there is any booking system where the clerk can override room status on an occupied room - that way lies madness.

So there clearly is a bug in the system, but what on Earth could it be ? The database is corrupt ? The system got hacked and nobody's noticed yet ?

Anyone got any ideas ?

The task sounds enormous

So, two low-scoring vulns could be combined into one big problem. Sure, theoretically, but how do you evaluate just how many low-scoring things can be combined and in what way, before you can rate all of them properly ?

Security is always in hindsight. We know to look out for privilege escalation issues because some hacker one day taught us that it worked. We have a body of knowledge today that is certainly impressive, and it will be one hell of a task to knit all that knowledge together to create a proper rating system, but there is no such thing as automating the risk evaluation - it has to be analyzed by a human. Humans don't know everything, and are rather bad at taking into account hundreds of parameters at once.

It is obvious the CVSS is not very valuable, but crafting a good replacement is going to be a massive headache. And yet, it should definitely be done. Good luck with that, then.

"Intel [..] would not intentionally mislead,"

Funny you should say that, given how many times you've already been nailed to the post for misleading reporting on performance. So either you employ incompetent people to draw up your reports, or you don't do enough reviewing before publishing, or . . you're marketing efforts are a bit too zealous (yeah, let's put it that way).

This kind of behavior is quite common in the industry, just look at the continual skirmishing between NVidia and AMD on the graphics side of things. AMD is always being forced to defend the performance of its processors in all domains, because AMD is a worthy contender and we need AMD to keep everyone else in line.

IT is the one domain where the numbers should not lie. Thanks to AMD for their continual efforts to keep it that way.

"statistically speaking, he is unlikely to end up behind bars"

Maybe, but he's also unlikely to ever work in IT again in a professional capacity. It's time for a career change - whether he wants to or not.

"implemented corrective actions"

In other words, the whistle-blower was right, and he was right to blow the whistle.

That is what happens when cost and schedule get top priority over security. I hope that not too many people risk dying because of some zealous beancounter.

"your data for what"

These days, it would seem that the ability to post inane tweets, a picture of your meal or some other equally useless thing is quite enough to validate the usage of people's data.

The only reason we're having this discussion is because people don't actually care what they are being used for on the Internet. There appears to be a general approach of "I can do whatever I want, there are no consequences and I will use anything that is free without thinking".

As long as the majority think that way, companies will be able to get away with a lot. That is why GDPR is likely the best thing to happen to the Internet in general. Only the fines will keep companies in line.

"get in on the ground floor of what she claimed would be the next Bitcoin"

But it is the next Bitcoin : a refined Bitcoin, without all the hassle of having to manage tokens and deal with exchanges.

No, this is just pure "gimme the dough and shove off".

Ah, yet another joy of IoT

All the wonderful things that come with "smart" now also include "the provider can shut it down without your consent". Just like all those defunct music services where you thought you buying music tracks, remember ?

Man that really encourages me to dash off and purchase all that smartness.

I don't understand the diagram

The heliosphere is based on solar wind, so why isn't the heliosphere centered around the Sun ? Looking at the diagram, I see a very exaggerated version of Earth's magnetic field. I know the Sun is moving around the center of our galaxy, but surely the heliosphere encounters the pressure of the interstellar medium in all directions, no ?

So why the gigantically-disproportioned tail ?

Ah, the joy of Smart

It seems that, in their rush to provide yet another way to monitor consumer behavior for no benefit to consumers, all these "smart" thingamabobs are opening yet another Pandora's box worth of trouble.

The Internet appears to still be in its Wild West period. Maybe, in a few decades and after many, many lawsuits, companies will finally be capable of design products that do not shit on their their customers without them having a clue.

Maybe.

Oh for God's sake

Bezos's Amazon is a company, and it has it's .com address already. What are we supposed to do, have a .ibm, a .apple and a .whateverthefuckelse as well ?

Companies are on .com, end of.

Yes, I know that will bruise the ego of those multi-billionaires, but there should be some things that money cannot buy.

"users and camgirls' email addresses, IP addresses, chat logs, and more"

With a data trove like that, no payment data was needed. Miscreants will exploit that to extract payment via blackmail.

One can only hope that the people using the sites were using a throwaway mail account, but the odds of that are likely rather low.

So, Adobe publishes your personal details and that is not sensitive data ?

Why hasn't GDPR been shoved in its face to educate it a bit yet ? There's massive potential for a stonking big fine there, I would think.

"DeepMind reckons the whole effort is worth it"

Sure, if I was paid to make a computer play StarCraft II, I would also think it's worth it.

So, what domain do we have in real life that could possibly benefit from this experience ? What domain has constantly changing variables that require the intuition of experience in order to not get blinding by the sheer amount of data and cut to the right solution in as short a time as possible ?

Maybe Wall Street trading, or eventually weather forecasting, but we already have massive computers that handle that (albeit not always very well). Anything else that we humans can do happens at human speed and we're better equipped to handle it than a 3K core cloud computer.

"the FBI has a larger database of over 640 million faces"

640 million ? That's almost as much as the entire North and South American continents !

Are there that many terrorists on US soil ? Why are they not apprehended more quickly ? I mean, if 1 in every 2 people are terrorists, either you need to drastically expand your prison infrastructure, or your political base.

Honestly, am I supposed to believe that there are over 200 million terrorists on this planet ? Where does the FBI get that data from ?

"testament to a new Capita"

We'll see how long that sentence can stand.

Capita certainly needs a turnaround, just be sure to not do a 360° by mistake.

"simple but elegant"

And it will still take up to 3 years to get it to the consumer.

And after that, it will take another few years before Apple, Samsung and Huawei avoid having their models burst into flames while recharging.

So, in ten years time, we'll finally have batteries we can recharge in just five minutes - from cars, to phones, to rechargeable AAs.

Looking forward to it then.

"strongly encrypted platforms are often used by pedophile rings, drug kingpins and terrorists"

There we go again. Since some bad people use encryption, nobody else should be able to.

Well I have some similar information for you : guns are often used by drug kingpins and terrorists in the course of their criminal activity.

Funnily enough, there is no call to limit the availability of guns.

We need a merry-go-round icon.