Posts by Pascal Monett

Great news for me

I am very pleased to learn that there is some kind of intelligent discussion on the matter. Whatever the results and however long it takes, a proper solution starts there.

Good to know that participation was of apparently good level, that means that the results will hold up to scrutiny and "startup-level" bollocks will have a harder time inserting itself into the scheme.

The road to public security is long and hard, and we've just set foot on the path. I look forward to the progress reports on this crucial matter.

It's a bit disappointing

Very interesting read, but it is slightly disappointing to learn that actually getting into "secure" areas involves things as simple as not having a responsible answer his phone.

In my mind, if I do not get confirmation of something from a known authority, you can leave and come do your audit at a later date when I have been notified.

Everything that happens after that point is just icing on the fail cake. If the guy who knew nothing about the "audit" did his job and did not let anyone past him, the mission would not have gathered any useful information.

Once in, it is vastly easier to gather data because, by definition, if you're in it's because you've been allowed in so you're authorized and people are naturally going to be helpful.

"if watch-makers can crack productivity, they're in with a show"

The fact that they haven't up to now tells me that there probably isn't anything left to crack at this time.

Before smartphones, the only use for a watch was giving the time. Today, we have a vast communication network available, for sure, but a watch can't have a vast screen and most certainly cannot have loads of CPU because you're wearing it on your skin, so no scorching flesh thank you very much.

Limited in power and display surface, watchmakers have done the only things that are likely to ever be done : transform a watch into a multi-function detector of various things that are simple to detect, and use a smartphone to gather and manipulate results with the smartphone's immensely superior CPU power.

If anything is added to the (short) list of watch functionality, it will likely derive from some new technology that has not been invented yet which will benefit from that format. Until then, I don't see that anything will change.

"the statement has had virtually no impact some six months after its announcement"

Not surprising. In the current social climate, companies must appear to be doing something about security.

This is something, therefor they are doing it - especially since the competition is doing it.

The fact that the technology is insecure and deprecated is less important than the polish it gives to the company's image. In time, when another equally-useable tech is developed, there will undoubtedly be a move toward that new tech, but this is Good Enough For Now - from the company's point of view..

And so it starts

This is just a "hey buddy" call. It's obvious that these VCs look at the President Elect, see a billionaire, and imagine him razing all those pesky rules that prevent them from becoming trillionaires overnight.

There will be more of this, every time served with an excuse to make people think it is "for the good of the American worker", even though the only "worker" they're thinking about is themselves.

In the linked PDF, there's no less than 3 paragraphs on how to reform immigration rules to allow more skilled labor in. A passing mention to illegal immigration is made to confuse the readers into thinking the argument is valid. America's immigration rules have always been about limiting immigration to skilled labor only. There is no need to "Encourage talented immigrants to build or work at American startups", they're beating their heads at the door already.

I sincerely hope that this disastrous election will not result in the complete destruction of the legal framework that has been 200 years in the making. Unfortunately the bull is in the china shop now, so hope is all that remains.

Just digging deeper here

This whole article filled with buzzwords and dripping with false solicitude is just explaining how Big Business is pushing for the next step : having a truly global view of our spending habits.

For now, Business is limited to a per-shop knowledge base, they want to go global. Of course, it is entirely for our sake (cough).

So, in future, look for not needing to sign up to a loyalty scheme anymore, it will come automatically integrated with your VISA or Master Card.

I'll bet Big Business is already frothing at the mouth with the idea of all that sweet, sweet marketing and profiling data it is going to get its hands on.

Because you know it's going to happen.

"[..] has no way to learn how well it has been protected from attackers.”

Another nail driving the coffin of IoT security in the minds of the masses. Enough of this, and we just might get the message through to the companies responsible for this mess.

Of course, one response to the problem would be a Board of Certification, judging IoT products and giving a rating, including security concerns. That, however, would probably end up as useful as MPA ratings and just as ignored.

Official ratings on computer games or films do not have for consequence the possible loss of one's identity to a hacker. Bad or nonexistent security in an IoT thingy does and, as these bloody are invading the vehicular aspect of our lives, danger to life and limb is looming.

That needs legislation and enforcement, not just certifications.

IoT security should literally be open source, it's the only way to be sure.

Why do Defense networks insist on being accessible via Internet ?

The need for security being what it is, I think that any Secure Defense network should only be accessible via dialup.

Speeds today are quite reasonable and should be adequate, and having to phone in to a defense server means that you are eminently traceable, virtually eliminating any outsider attempt because of the very real risk of the door being beaten down in minutes and your ass being hauled off for a possibly very long time.

In addition, you could seal off international calls, thus ensuring only people physically in your country could attempt the call, therefor ensuring that your police forces are fully capable of putting down any spurious attempts.

It would indeed have to be one hell of a state actor to attempt anything at that level without insider knowledge.

So why does super-important defense information keep being under threat from any pimply-faced miscreant with an Ethernet port ?

"Toys frame our capacity to dream about the future"

When I was a kid, I played with Lego. As I grew up, I often found myself lacking enough blocks of a given type to complete my projects properly, but I made do with what I had.

Nowadays, I fool around in Minecraft, and the number of blocks is no longer an issue. I introduced my nephew to the game, and it's all he wants to do any more. His constructions are that of the 9-year-old he is, but he is building stuff and that is what is important (in my view).

I do believe I have an active imagination, but VR is a miss for me. I cannot see the advantage of having to move one's head to move the field of view when you're still virtually tied to the chair in front of the PC. Moving the mouse seems a lot easier, and I'm used to that.

On the other hand, the day VR is a full-body suit encased in a sphere where you actually experience walking around endlessly (or frantically running from enemies) because you don't move in the sphere, then yes, I can totally see the interest of the VR and I will be right there, waiting for my next exercise session with my heart beating with anticipation. That kind of VR system will undoubtedly transform geeks and computer nerds into the spitting image of muscular Greek statues, with hormones, better than any gym room could possibly hope to.

So, for the good of couch-potatoes everywhere, please bring on the VR Sphere. It's a question of national health, after all.

$3500 for having found a risk of that magnitude ?

Risk that MS was entirely responsible for due to shoddy security implementation ?

For shame, Microsoft. He should get ten times that to start with, because if a blackhat had found that out and used it, the damage to your reputation would have been orders of magnitude higher.

"take advantage of the physical properties of the connected equipment"

Too often do we forget what it is we actually use, so deep is the habit of just considering what it does.

This is truly what is called thinking out of the box. Kudos to the team that put this experiment together.

I have no idea what the impact could be though. Granted, there is some pretty intelligent scum out there, and the NSA must be paying great attention, but I can't see that this is going to be a risk to the general public. Your run-of-the-mill scammer is not going to waste time setting up an entire software chain and phone-home capability just to hear traffic, crowds or people burping and farting.