Posts by Pascal Monett

"If [..] a different person standing in front of the computer screen, the PC will not operate."

Careful there. In professional or even private environments, someone coming over to see what's on your screen for whatever reason is very common. If the scanner can't cope with two hearts in the same vicinity, things will get ugly quickly. Not to mention that sometimes the helpdesk guy just has to sit in the chair and do stuff. I hope the scanner will be up to that as well.

And if it can, then the burglar doesn't care about the scanner - he can just tie the victim up, drag him to the PC and then do whatever he wants.

This tech may be fine to control access to physical areas, but I'm not convinced PC access is the right area to apply it.

The lessons will be costly in money and lives

I can understand that medical equipment was not created with security in mind. Who in their right mind would want to hack a pacemaker ?

The problem is that there are many people who are not in their right mind, for whatever reason. So now we're going to have to add security to our medical environment and we're going to have to do it right, because when you're having a heart attack the last thing you want is the doctor having mistyped his password wrong for the third time and locking his account.

"Sigfox's proprietary protocol"

Cue the argument of "security through obscurity" . . .

That said, it seems to me that SigFox's security is mainly based on firewalls and VPNs. It's all very nice to say that you don't use IP, if you use VPNs, you're still riding the same bus for part of the trip.

There are two things in this article that bug me. One is this invitation to hackers on the subject of IoT (lack of) security. Asking for trouble, in my opinion. The other, more serious, is what is going to be the impact of this so-called non-IP proprietary protocol on the regular IP traffic that is happening alongside ? Is there going to be interference, or worse, outright clashing ? I hope that these things have been considered with great attention.

And if they have, then the argument about not using IP is even weaker.

On the other hand, anything that improves IoT security is welcome in my book : it'll shave off that many more botnets that trouble the world.

Doesn't mean I'll buy any of that shite though.

This is exactly why I don't like the Cloud

An engineer had made a storage space and put confidential data in it without bothering to secure the vault. Was it company-mandated ? Apparently not.

It is simply beyond me that anyone can consider storing data that is considered critical (like the client list, invoicing history, etc) or confidential (access passwords of any kind) on a server that you do not control.

That is obviously not an issue to many people though, including people who 1) should know better and 2) have the required technical level to do things right, yet visibly still don't.

And it's going to get worse before it gets better.

"They looked for the password on the CD . . ."

Dear God. Look, I understand that it was a Friday evening but come on, if you send a password-protected file and the password in the same package, it really totally defeats the purpose of the password.

The last time I had to send protected data I arranged with the recipient to send said data via email, and the password via SMS. Might not be a perfect solution, but it fits the purpose. I'm sure most people would do the same.

Of course, the password I chose was a tad more complex - which means that, had the data been sent by me, this story would have ended quite differently.

Well, points for making it work I guess

Kudos to the guy for making the tool work as he wishes. Must have required quite a bit of persistence, not to mention time tinkering and thinking of how to go about shutting up a program specifically made to blabber continuously.

"the 30 minutes a year the database won't work will be planned downtime"

So there is to be no unplanned downtime, in other words, he is promising perfection.

This is IT, we all know that there will be glitches and unplanned downtime, if only because of some fat-fingered bungling at a critical point.

But of course, he's just the marketing mouthpiece. Marketing has never been there to be realistic.

"reducing support, in the name of a better-looking balance sheet"

In a perfect world, customers should then reduce their custom in the name of finding better support elsewhere.

Of course, this is an imperfect world and switching supplier is not always that easy, so it looks like wait times are going to get longer.

“It’s good internal PR for not a lot of money"

Well if it's that cheap, make it a raise then. Might be even more "good internal PR".

Good decision

I applaud two things here : first, that a provider doesn't just blindly bend over without caring when a change in terms happens and second, that someone actually puts in the work when conditions are deemed unsatisfactory instead of just shrugging and listening to the beancounters.

That said, I have no idea what the consequences can actually bem but given that we're talking about Facebook, my gut reaction would be to not trust them. Then again, I wouldn't have used React in the first place.

"They have shown an eagerness to meddle in elections"

This article clearly demonstrates that the US is no stranger to meddling in other people's elections. It is actually an impressively comprehensive rundown of election meddling, and the US figures prominently in the list.

Kettle, pot, you know the rest.

Yes !

Anything that nails Uber executives to the wall is a good thing in my book.

I hope they are made to squirm in court like the scum they are.

"a design defect that causes the battery life to diminish"

Um, not defending Apple by any stretch, but I do believe that battery life tends to diminish with or without design defects.

As such, pretending there is a design defect is going to be an uphill battle.

But hey, I wish them all the luck. It's about time Apple's lies got caught.

“channel members from both sides can … upload files”

Sounds more like a primitive DropBox to me.

Use Sync instead - it's encrypted and Sync.com doesn't have the key so the NSA and pals can go screw themselves.

"you need a good project manager"

Also one that has the clout and the balls to say NO and stick to his guns.

I've said it before in these very forums, the best project I have ever worked on was one where the PM would send the meeting agenda beforehand, with the points that were to be discussed. Every time, the approved specifications for the project were included.

At the meetings, anything that was outside the scope of the meeting was pushed to the end of the discussion. Any change request concerning functionality that was not in the specs was penciled in for V1.1 - aka A Later Date. Anything else was seriously questioned before being included and the specs updated.

The fact that said PM was also head of IT made saying NO a lot easier.

The project was delivered on scope, on budget and on time.

Best project of my life.

"what you're signing up for is a service relationship"

And I do not like service relationships in a product that is legally MINE.

Update my car when I bring it to the garage for its yearly check-up: The rest of the time, keep your grubby digital mitts out of my private life.

"assuming a machine in the group is already pwned"

So the walls are already breached. This is just one possible bit of mayhem that will follow.

Well, if the walls are breached and a machine is pwned, I think there are much more serious threats to worry about. But hey, good on Microsoft for finding yet another way to be a nuisance.

"download: yes or no’?"

Not over the Internet, no. No way. Not in a million years.

I do hope this download functionality means from a secure site to a local, secure server, then control and validation of the package and then distribution to the planes via sneakernet.

The last thing you want for multi-million dollar jets is to let them open to man-in-the-middle attacks and all the other joys of Internet insecurity. The only way to be sure that these very expensive tools are not vulnerable is to not have them link up.

Period.