Posts by Pascal Monett

"Intel gave the entertainment giants what they wanted"

And I will not buy that chip on that basis. I am certain they will muck it up, it will be hijacked by hackers, used as a malware insertion point, prevent me from viewing my legitimate content locally, and so on and so forth.

DRM is not only evil, it is inherently stupid because it never considers all the use cases and defaults to "NO" if there is a doubt - meaning people can be cheated from their own content.

My house is my castle. What I do in it is nobody's business but mine, and I will not condone surveillance imposed by anyone, especially not Hollywood & Co.

This DRM malarky never ceases to annoy me to no end. I buy my films, and I have to put up with imposed trailers (that are laughable five years later) and those bloody FBI warnings I shouldn't even see since I BOUGHT THE DAMN DISK.

So I buy my content, thank you very much, and then I rip the hell out of it, put it on my NAS and watch it the way I want to see it.

They can stuff their DRM where the sun don't shine.

Is this really an issue ?

"how many sysadmins have found rogue Wi-Fi access points in the businesses they work for?"

Not comparable issues in my mind. Bringing in a Wi-Fi thingy and hooking it in to the network is easy enough - they're cheap, rather easy to set up and also easy to keep inconspicuous. If the network admin is not whitelisting connected equipment, then anything goes anyway.

Climbing up to the ceiling to replace a light is not inconspicuous, and the hardware is less easy to get (won't stop a determined attacker, though). Obviously, once in place it'll be a devil to notice, but it still falls under whitelist control (if that is in place).

With a minimum of attention, network access shouldn't be possible, which would reduce the attack to DoS-levels - still a nuisance, but not really a security issue.

Cross-Cloud Architecture

Yeah, because I believe without reserve that AWS is going to play nice with Azure.

I do think it needs to happen.

I don't believe that VMware is going to make it happen.

But hey, kudos for trying.

"the company would 'do better'"

Of course they will.

They can't do any worse.

ISP's are the keyholders

They see everything going through their pipes, they can do what they will with it and you have no idea what they are up to, nor much of a recourse if you don't like it.

The least they can do is provide proper network security and functionality, and doing so for the customer means keeping the house in order.

The fact that an Australian ISP has government-issued surveillance equipment is not surprising these days, even if it is a bit disappointing. I'm sure it is just one of the many - although I'd be interested in a per-country comparison of how many ISPs do have such government surveillance on-premise. Maybe that could be one point of a Freedom Index chart ?

He represented himself over the phone ?

Is that some local specialty ? When you're summoned to court, aren't you (or your lawyer) generally supposed to be there ?

Daft as it sounds to me, I note that the general rule of self-representation has been respected (ie you lose). The phoning it in must really have tickled the judge's funny bone (in a "Ah so that's what you think of my court ?" way).

Personally, I wouldn't wait for the guy to "hand over" the relevant papers justifying how much he sold. With behavior like that, I'd send in the plods and have them tear the place apart to bring back every slip of proof they can get. I wouldn't trust that guy not to doctor the evidence (not that he seems smart enough to do it right in the first place).

But maybe that's the thing - the judge is handing him another length of rope, waiting to see just how he'll try to hang himself with it. Hmm, yup, sounds much more satisfactory in the long run.

Baby dolls not dissuasive enough

From the results of the study, it seems the participants went "so that's all it is ?" and went off to have a real one twice as often.

In other words, it was a training simulator that built their confidence that they could deal with it.

Well done, I guess.

In other news : teenagers still hormonally attracted to sex despite puritans' best effort.

Storage in Paris

Nice to know that the data will be stored in a nuclear bunker. Unfortunately, the bunker is in Paris, a city with a history of terrorist attacks and no end of Hollywood destruction.

I would think it would be a better idea to set up a data storage area just about anywhere else. From the extinct volcanoes of Auvergne to the livestock-infested areas of its center, there are many places in France to choose from where a terrorist would have zero chances of being interested in blowing something up, mainly because there's only cows or crops as far as the eye can see. And nobody would think of nuking crops - that's counterproductive.

Of course, most of those places are likely boring as hell because there's naught to do outside of work hours, but we're talking about data safety, not employee entertainment. Put a data center in that kind of area. With all the money put into rehabilitating an underground bunker in Paris, I'm sure you could have built a data center in the Meuse without any more trouble than occasionally having to wait for a cow to move out of the way.

Grasping at water straws

Looks like we're going to have to face it : Mars only has some water at the poles - and not enough to sustain a planet-full of colonists.

That, along with the eternal issue of the thin, non-breathable atmosphere, is going to make a colony on Mars a very difficult endeavor.

"Organizations should put controls and processes in place"

Indeed they should. Most companies of more than 100 employees do, because they have enough money to get an IT department in place that will properly prepare and configure the network to allow for it. Of course, sometimes said big companies will still spectacularly fail (eh, Target ?) and then everybody will point and laugh because everyone knows they had the means, they just didn't put the proper effort into it.

Nonetheless, most companies are less than 50 people, and most of those companies do not have an IT department because not enough budget. Or worse, the CEO thinks it's a good idea to appoint a family member as IT manager because various stupid reasons, so an incompetent twat is in charge, backed by the might of family ties.

Those companies are really at risk, because either the CEO is convinced he knows what to do because he can program an Excel formula, or his nephew knows all because of all those hours on Playstation instead of getting a degree. Either way, the only thing that actually saves them is their obscurity, until the day it doesn't because some PEBCAK downloaded a Locker and ended up encrypting the companies' sole file server (that has no usable backup, because obviously).

In the end, I think it's just Capitalism at work. The healthiest companies survive, those that cannot identify threats and define mitigations fail. Isn't that what Capitalism is all about ?

"Due to missing year-on-year spend figures"

For me, this is proof that the whole canoodle is nothing but a carefully orchestrated smokescreen to enable pork-barrel contracts and personality building.

A government branch simply cannot have "missing" accounting controls. They are ACCOUNTABLE.

The IT spend shambles starts right there. Somebody needs to bring that house back in order, and Brexit is NOT going to help.

Pain is the best teacher

Teaching users to be careful is a never-ending task. You can tell a person a hundred times to back up his data, one day he will still get it wiped and moan that he's lost everything. That, most of the time, is the day people become sensitive to the argument.

Here it is worse. Hospital staff are harassed all day, doing five things at a time and some of those can entail risk for life if done wrong. Asking them to beware of their tools in addition is really hard to do.

The scum that launch these mails should be found and shot for putting lives at risk.

That EFF document is a solid gold reference

I am keeping the URL and saving a copy for offline reference.

I am quite happy that an organization with such clout is finally calling out MS on such shameful shenanigans.

On the other hand, I doubt anything real will come of it. MS is no longer an OS maker, it is an ad pusher. It will do anything to push those ads, including lying and obfuscating settings. Facebook is a splendid reference in that regard.

"[..] some of the security procedures [..] to stop just this sort of attack."

Ah, LinkedIn. What do you expect when security was the last bullet-point of discussion in the last meeting about specifications before coding this "social" monstrosity ? And it was punted to the meeting after beta, to be discussed when you had a product sucking the clueless in.

Security was never your focus, it's the add-on that you have to bolt on to the sides to make it seem worthy. Experience demonstrates that such an attitude fails regularly. And I don't see your new owner making the situation any better.

"stemming from multiple independent senders"

Um, sorry, but how can 4 emails stem from more than 4 "independent senders" ?

It is tiring to see how even the brightest can get pwned by marketspeak. Four emails sent by four different people - is that so hard to say ? Is it really necessary to try to make things sound even more important than they are ?

You've got a brain, you're speaking to people who should have a brain. KISS, people.

Of course, if you're trying to do email security research and use Gmail for that, it's an instant FAIL.