Posts by Pascal Monett 18239 publicly visible posts • joined 10 Apr 2007
"Voatz also disputed claims its systems are vulnerable and untested"
But of course it would say that. I reckon we'll be reading about just how secure it is shortly after the upcoming election.
"Before going into the pilot, Voatz submitted the smartphone voting app to an independent security firm for review"
Oh really ? Which one ? And what was the verdict ? It's all very nice to hear these things, but if the company was available at securityreviewsforyou@gmail.com, then excuse me if I'd prefer a more reliable name.
"Voatz is not particularly open about how its system works under the hood"
A time-tested hallmark of quality in this domain, to be sure.
Security by obscurity, again. That works IRL, but not where computing is concerned. The only people who believe otherwise are the ones not competent enough to understand the true situation. Not telling people how your system works just means you're a hack who can't do things properly and you don't want people to know how shoddy your system really is.
A truly secure voting process is like encryption : you can know everything about how it works without having any means to subvert the system other than brute force - which is very time-consuming for little reward.
And blockchain ? Really ? With all the stuff I've already outlined it seems we have a Security Bingo winner. This will only end in tears.
And how exactly is that possible if the interface does not allow for it ?
Shouldn't there be a warning, a popup with a message, and a limitation of the scheduling abilities ?
Because if Microsoft's team can determine in post that that was the problem, then it's not the customer's fault. You open a platform to anyone and anyone will come in, I'd have thought that Microsoft would know this by now. So the onus is on Microsoft to ensure that Joe Anybody cannot put himself in a bad situation in the first place.
And having helpdesk people blaming the client to his face is never a good point, even if it is true.
If you are given authority to demand answers from a government agency without any means of coercition, it would seem that not answering your demands has become standard operating procedure.
If the investigative commission had any teeth, or balls as the case may be, then the response to such appalling lack of response should be :
"Fine, your continuous refusal to answer my questions is your prerogative, apparently. But I must say that, if you cannot convince me before <date> that American citizens are not being unlawfully spied upon, then I will conclude they are and that your Agency is in violation of the Consitution and I will have you all rounded up and put in prison. Your move."
I personally feel that AMD has suffered being in the red for far to long. I want it back in the black and staying there. AMD has historically been able to achieve world-firsts, and has consistently demonstrated inventiveness and reactivity.
Who knows what it could do if it had the financial reserves Intel has ?
"... believe the highly reflective body is actually a pool of liquid water saturated with salty sediments"
There's a patch 1.5km under the surface that has reflective properties similar to a body of salty water. Yet, the conclusion is affirmative : there is liquid water on Mars.
I know we all want there to be, but shouldn't a scientist call it a "positive indication", or a "reassuring probability", instead of a definite ? Is there really no other possibility ?
They fail at an alarming rate on Earth as well. In the last five years, I've known of two people who's SSD just crashed and died. I would have to track the last fifteen years to find someone who's HDD died without a warning.
Okay, maybe that's not so alarming after all, but still.
My view is simple : you are at work, it is normal that you be monitored and filtered. Even if you are God's gift to programming.
Full disclosure : I may be a developer, but I am also a consultant. That means that I develop on client site (which include banks), and that means that I have to be extra careful when I have Internet access to not click on a link that is possibly not work-related, because customer.
As far as the level of competence obviously required for all these points, yes. It is certain that claiming IoT owners need to "figure out the protocols" obviously means "you know what a protocol is and you can figure it out". That eliminates Joe Public right there.
Unfortunately, homes is where IoT is going to wreak havoc. It's Joe Public who wants his IoT door lock, his IoT lights with loudspeakers and fancy colors, and all the rest of that shite.
And understanding protocols, to say nothing of "sorting out security" (snort), is most definitely not in Joe Public's ability to comprehend, let alone take responsibility for.
This article's only merit is that it clearly outlines that IoT is not for the public.
But that's where it is going to be sold.
Absolutely logical. The malware works in CPU time, the defendants work in administrative human time.
The humans don't have a chance if measures are not already in place and ready to go.
Actually, active measures and surveillance need to be in place if malware is to be stopped.
So basically we're going to have a decade or more of these shenanigans before a proper anti-propagation network tool is made available and succeeds in stopping cold these kinds of intrusions.
If the board is ready to pay for it, which they will be after the first intrusion, of course.
I'm glad to know that you have the technical knowledge to handle your home network in all aspects. You do realize that you are part of the one-in-a-million club, don't you ?
I know just enough about networks to ensure that I can connect my home computers to my NAS, keep a firewalled router to access the Internet, and have all connected PCs, laptops and tablets be able to print on the shared printer. Oh, and ensure that my wife can access the WiFi when she's somehow unconfigured her phone again.
I'm pretty sure that there are a lot of people who don't even know what I know. They are the mass for which a solution must be found, because the blight that is IoT is only going to get worse. Any step towards a solution is a good one in my book.
It's not
""Level One takes these allegations very seriously and is diligently working to conduct a full investigation of the nature, extent and ramifications of this alleged data exposure,”
but more likely :
"Level One takes these allegations very seriously and is diligently working to create a lot of professional-sounding noise and pantomime to cover the issue up, brush it under the rug and get its incompetence forgotten as soon as possible,”
I know sysadmins are always harassed by new rush jobs, but the professionals I know are not going to drop anything concerning security just to get the boss his access to YouPr0n - not until the security stuff is finished. Normally, they wouldn't even put something online until the security has been properly configured.
"discretion to release information without a warrant, if it “reasonably believes that the use or disclosure is reasonably necessary”"
If the disclosure is reasonably necessary from a judiciary point of view, then there will be a warrant. If there is no warrant, then it is not warranted to disclose the information and I refuse to consider that the ADHA has that authority under any grounds.
That said, I don't live in Australia, but still, if I did, I wouldn't be happy about the situation.
Okay, I don't like the idea that the protocol is stuffed, but frankly I don't see how someone could take advantage of it for long. When I start my car and my phone pairs with it, I'm not staying there, so the miscreant would have to follow me and stay in range.
I'm putting this in the forget it folder.
After all, one meter is 1000mm, so . . .
That said, the custom when using the mm measure is to deal with a few of them, unless you're in the construction business when practically everything is measured in mm, even if there's 250 of them. Looks like the comms business is using the same approach.
I followed that link, and found exactly what I expected : a nice, touchy-feely, heartfelt list of things goody-two-shoes Google promises to do and not do with AI. Nice to see they have found the light.
But I'm sure they did it with the best of intentions.
I think you are assigning way too much power to the disruptors.
Paper ballots are traceable. The results are sent electronically are, these days, are most likely encrypted. Even if not, when the results are published, they are also controlled. Any error is called out and corrected.
Whatever attack can be set up on data transmission cannot survive a proper error correction procedure.
You need to remember that there are countries using paper ballots. You don't hear much about their vote count being called in question, now do you ? There's a good reason for that.
As for phoning electors and spreading misinformation, hackers (Russian or otherwise) are not going to do something that so obviously points to them. Remember that it took a state agency investigation to find the hacker's traces. With phone calls, it'd take a quick check at the phone company to get proof.
It's my PC. I paid for the hardware.
If Microsoft wants to control my hardware, then it should give me a PC. If it's their hardware, then I accept their control over it.
But as long as I'm the one footing the bill, I expect to be able to use it as I intend without anyone or anything watching over my shoulder.
Well our solar system started in a similar manner.
If some planetoid hadn't slammed into Earth, we wouldn't have the Moon.
And in the early days of our Solar System, everything was being bombarded by asteroids.
So pretty exciting times back then. Things have largely calmed down now, after a few billion years.
We should check back on this star in a billion years or two, to see how the situation evolves.
This is the first article I read about statistical analysis machines (ie pseudo-"AI") that does not crow to high heavens the incredible benefits that AI will bring to the proceedings as if all issues are already solved, as is usually the case.
The article actually states "It all hinges on human expertise to tweak the algorithms behind it and the AI is only as good as its trained to be." - that is a first.
There is no better validation for the usefullness of The Cloud (TM) than making oodles of money out of it.
Despite its failures, despite the security issues, The Cloud is milking it, ensuring that people will use it and companies will want their share of the pie.
So The Cloud is here to stay.
Humbug.
"..it's pointless geting infeasibly rich, then looking back on your life and all the shoulders you've ground into the dust in order to get there, only to give it all away at the end"
Um, I would think that solving a deadly disease problem is something that a minimum-wage worker would have a bit of trouble doing.
So, what do you think he should have done ? Build a Coliseum and reinstate gladiator fights ?
I just love it when any government spouts nonsense to cover up some embarassing failure, but when a "democratic" government does it "for the good of the People", masking why a project paid for by The People's taxes failed abysmally, it has that special "you just continue paying your taxes and watching football, we know what we're doing" tang.
If it's paid for with public money, the Public that paid for it has the right to know the why and how. The only thing you're really saying is that someone should be losing his pension over a monumental cock-up.
And we can't have that, now can we ?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
