Posts by Pascal Monett

Well then, one down, a hundred thousand to go

They say (in the linked article) they have proven that crime can be without retribution. So it's a lot easier to do crime with the Internet, well duh. Did they actually think that needed to be demonstrated ?

With the Internet, you are all over the world, but there is no world police. You can create and launch processes from your computer but they can execute anywhere in the world. If that process is malicious, it will hurt someone who does not have any other possibility to track you down except call the police - who cannot do anything because the perpetrator can likely not be found.

It would take quite a few experts to track the origin of a malware, and it would require local law enforcement cooperation to get the details that would allow an actual arrest. That is not something that is going to happen for issues that are less than a few thousand dollars, because it would probably cost more than that to bring the criminals to justice.

It's a household name now

The term photoshopped is as common as the notion of googling something. Is there any irony in the fact that the very company who made that happen is now wanting to "keep it real" ?

I think so.

"deepen our global connectivity as we look outwards to new opportunities in Asia"

Shanghai, a city directly governed by the central government.

But, I thought there were "security issues" when dealing with Chinese companies ?

Does this mean that the Shanghai Stock Exchange is immune to requests from Beijing ?

Or does this just mean that, as usual, money talks and politicians can just stay out of the way ?

"We want the UK to be the safest place in the world to be online"

Simple : do not let children go online without supervision. Do your bloody job as a parent, instead of using a screen to do your child's education.

And can someone tell me why, for the love of all that is holy, an age verification scheme is voluntary ? Let's be logical : if there is a law that says that age verification is mandatory, then there should be a mandatory scheme to verify age that is compliant with the law.

Get your ducks in order.

"the industry is sufficiently wedded to VMware technology"

Yes it is, so much so that declaring that VMware is here to stay is not only superfluous, it borders on pandering to the ego of the CEO.

There isn't a single IT department that doesn't use VMs. Heck, even small companies can use it - I know the company I worked for before does, and we were a 3-person shop at the time. Okay, it helped that my associate was a network administrator, but still.

So yeah, VMware has a long and bright future ahead of it. I think we all know that but hey, a successful CEO has the right to stroke himself the right way every now and then, doesn't he ?

"in order to tackle the rise of deepfakes"

Right, because now that politicians have been the subject of such alterations, We Must React.

That private citizens may have had their lives or reputations destroyed by such activity, or may risk that, is just collateral damage to the great march of Capitalism. We can't regulate that.

But touch the politicians and ohh buddy, then you get their attention real quick.

"People watching falsified videos of political leaders could be duped into believing lies"

Yeah, well people watching Fox News are regularly duped into that and I don't see anyone doing anything to stop it.

"conflicts represent the natural order of the open source world"

And apparently you handle them very badly in your own company.

But hey, it's nice to know that you have such an open mind about the other companies that are sprouting up due to your incompetent handling of your staff.

Not that you have much of a choice anyway.

So now IoT can pwn your company

It really seems time to declare a moratorium on this market and freeze sales of all IoT things until the makers can prove that they've understood that they need to think security before thinking product.

It's also time for fusion to become useful, but I'm guessing the latter will happen way before the former.

One silver lining

At least the latest firmware is not subject to this particular threat, apparently.

How to upgrade something that is embedded in a person's body is something else though, and given that I already fear upgrading my motherboard firmware*, I shudder to think of me having one of those things inside me that needs upgrading.

* : somehow I never can bring myself to trust those things - I always fear that, after the update, the board just dies and never starts up again

America : the #1 hypocrite

Its mouth is full of God and Freedom but while you're not looking, it rifles through your wallet, stalks you through your phone and captures everything you say, all while screeching hysterically when anyone else tries to copy it.

Okay, let's admit for half a second that this data slurp was thought of "with the best of intentions". The fact remains that any country buying this airframe is basically giving Uncle Sam the complete overview of its strike capability. Ally or not, there is zero reason to accept this.

Talk of pulling out is pure bunkum though - posturing by someone who wants to look tough to his political base but doesn't have the balls to go through with it. No pity here.

More and more America is looking like your unwanted neighbor. He's a bully, a pervert and he's armed to the teeth. And you can't move out.

"deep integrations"

When I hear those words, my mind immediately translates to "deep fucking of your data".

I am a free user. I only need Dropbox to share a few small files between friends. Those files have absolutely no importance to anyone but us, and anyone who wishes to take a look can have a copy, I don't care.

But if Dropbox starts fucking with me, I'll find another platform in a heartbeat.

Democracy is an eternal uphill battle

We would do well to remember that we are not safe either : complacency is the preferred attitude as far as TLAs are concerned. And if they get caught, they just trot out something about defending the people and mention terrorism, and we go back to sleep.

I wish all the best for the people waking up to the true nature of their government, but we should not forget to remain vigilant ourselves.

"Spammers are abusing the preferential treatment Google affords its own apps"

Ah, the eternal battle between the sword and the shield. Except, in this case, it looks more the damn holding back the lake has sprung a leak. Or it would be, if the damn hadn't been built with a hole in it in the first place.

In any case, the good thing that is going to come out of this is that Google is now going to have to find a way to vet legitimate messages from its own applications instead of just letting them through.

The fight against spam continues.

"We are concerned about such deception and misuse"

Well then don't make it available via a web portal. As long as you're the only ones tinkering with the thing, we should all be rather safe.

"the subcontractor violated mandatory security and privacy protocols outlined in their contract"

And all the subcontractor gets is close monitoring ?

That's the problem with all the stern wording and posturing - if you don't follow through, then you're the one who is ridiculous. And, in this case, Perceptics should be thrown out and there should be a complaint filed for gross negligence against the company, with damages.

But Perceptics cannot be thrown out, because the company has its arm entirely in the US Border and ripping that out would be very, very painful. So I'm guessing the CEO went in to make his apology, probably even groveling as nicely as possible, promising that it would never happen again, and left secure in the knowledge that he will be able to keep milking that particular cow for a long while yet.

Because actually holding oneself to the terms of the contract would mean getting another contractor, spending time training the peons on the platform and enduring the inevitable mistakes before they get up to speed, and all that's just too much of a nuisance, right ?

Well, that was obviously a well-balanced and thoughtful grilling

"Norman Lamb MP, chairman of the Commons select committee, kicked off the proceedings by asking the executive about Huawei's involvement with governments that have records of corruption and human rights abuses"

I look forward to Mr Lamb's grilling of a Google high-level suit with the same approach.

Oh wait, I forgot : Google is a US company, so it's all good.

"two years of credit and identity theft monitoring"

Could somebody please tell me if that is actually of any use ? I have the feeling that it is just a polite band-aid to make you go away and keep quiet.

Good to see that the Free Market is still holding on

This is a case in which I completely applaud capitalism. US citizens have been pawns in the hands of greedy oligarchs for way too long. It is nice to see that The People are waking up and getting back their freedom.

Good on Idaho, but what is better is that the dominoes are now starting to fall and Idaho's example will be repeated elsewhere. I agree that utilities should be under local control in any case, be it city or state. That prevents a good lot of situations where you have to wait for some enormous conglomerate to bother dealing with your problem. It mostly means that you don't have to go that far if you need to go and chew someone's desk out to get things moving.

Just goes to show

You do not have production servers depend on unknown code.

Known code is code you have evaluated, reviewed and tested, and should be stored on a server you control.

When you are notified of an update, you evaluate the necessity of the update, review the new code if the update is necessary for you, and apply it to your test server only if you do intend to use it. There, you test it thoroughly and validate its merging with production code on servers you control.

This form of attack only works because everyone is abandoning their duty of care and just blindly trusting dozens of people they don't know to do things right. That's like hiring a cleaning lady and getting ten people shuffling around your house, doing things that are not necessarily related to cleaning. You'd have to be mad to accept that, but when it's code, you just can't be bothered (I know, might not have the time either - doesn't mean it's a good situation).