Posts by Pascal Monett

"the mysterious loss of its magnetosphere"

I thought that the loss of the magnetosphere was linked to the solidification of its core. Earth's core is still moving, Mars' isn't. I thought that was the reason.

Isn't it ?

ICANN needs to be canned

All its personnel, and board, should be fired and replaced by an entirely new group of people who are actually concerned about making the Internet work correctly.

Burning the bridge is not always a solution, I know, but this is no longer an organization working for the community - it is a group of people systematically subverting everything they consider counter to their private interests, and such behavior should be labelled criminal and pursued as such.

The bare minimum is to get ICANN out of California. Ship them to New York or something, where they won't have it so easy in every way.

"needs more work before going into production"

Right, so I'll file that in the same folder as all those marvelous things batteries are supposed to become some time in some as-of-yet-undetermined future.

The future will be great - as soon as it gets here. Don't hold your breath.

"Facial recognition is used to"

provide the NSA with the complete list of people in a given area at a given time, to be plugged into the The Machine at a future time.

So, Person of Interest really was a documentary after all.

The molesting uncle

Twitter is starting to look like a molesting uncle, allowing 140 characters of service provided you accept videos to be automatically thrust down your bandwidth.

I wonder how long it will take for Twitter to decide that you don't get to turn off the auto-run feature because "their customers (ie advertisers) clamored for it".

In any case, I salute the start of Twitter's bold march into oblivion.

Can't wait for it to get there already.

Wait a minute

"The update process runs with system-level access. It unpacks the ZIP file without checking the paths of the files inside, and with full read-write permissions on the device's file system."

Um, is there a "malicious file" that uninstalls all the bloody crap that Samsung throws in on top of the stuff I need ?

Because if that's the case, tell me where to go and I'm there.

"save bandwidth and improve security"

Not to be nasty or anything, but since when does a company care about ads from other companies ?

If an ad-blocker is deployed company-wide, the only logical setting is to block all ads all the time, with exceptions made for sites that detect that and play coy with their data until you allow ads again.

In that case, the decision should be made as to whether that site is important for the company or not. If not, block that site permanently.

What are all these papers good for ?

Not knocking the work, and certainly not the results, but when these guys say that this research will be invaluable for future reference, is that really the case ?

We all know about buffer overflows, yet that door is still open in almost every new malware report. Sometimes they even concern products made by big companies who definitely know better.

This new report is bringing to light some new obscure chain of consequences that constitute a vulnerability. Great news, but who exactly is going to pore over this to understand what is going on and how to avoid it ? Security researchers, not application coders.

When I search for "good programming practice", what I find is stuff that generally concerns code clarity and maintainability, rarely security.

In the best case, there will be a mention of using fgets instead of gets in C, because buffer overflow. But the rest is all about indenting, variable name formatting, function wrapping and commenting. Nothing to do with security.

We need an easy-to-read overview of good security practices that does not just say "check your inputs" but details what to check and how to make sure. Is that available somewhere ?

I wonder how that went through in the meeting

Manager : Um, we're going to need some user data on the survey

Coder : Sure, I can return the IP address, the user name and the account ID

Manager : The name is good, but we'll be needing the account number as well, and the email address

Coder : But I can't hash that data securely on the client side

Manager : no problem, put it in the URL - nobody ever checks that, right ? I never do.

Coder : But that's not secure . .

Manager : We need it yesterday, so get cracking. We'll do security in the next version

"US officials had apparently refused to cooperate with the probe"

Well ain't that a surprise !

No wonder they have no more leads - the path where all the leads point to has a great big NO ENTRY barrier across it.

"hacking into his firm's corporate network was a "silly" move "

Only if you think that demonstrating your level of insecurity to the world is silly.

Personally, I think it was brilliant. They got in, lounged around for weeks, if not months, and then finally got detected. They're probably analyzing activity logs now to find out why they ended up begin caught, so as to "survive" even longer next time.

This is pure gold for everyone. For the hackers, who have taken a magnificent opportunity to see their baby operate in what is supposed to be a very secure environment. For Kaspersky, who had the guts to go public on this and now has reams and reams of data to analyze and further lock down their processes and network. For the public, who once more has proof that nobody is "secure". What they'll do with that knowledge is another matter.

I just love government projects

Especially UK ones.

Because however bad I mess things up, I always have this kind of thing to reassure me that I'm not that bad.

First day launch on the day that people absolutely needed it ? Very bad idea, and this is why. New launches are never cut-and-dried affairs (ask Blizzard, and they know what they're doing), but timing the launch with mandatory registration is just asking for trouble - which they got in spades.

There is just one thing I wonder about : is there anybody in there that learns anything from these snafus ? Seems to me that UK gov is staffed with a load of Charlie Browns. They never succeed at anything, and never get better even though they continually set themselves up for another go.

Brilliant idea

No, really. We're heading straight for an energy crises and they want to find a way to pump yet more energy than we already are to power - in the least possible efficient way - stuff that is patently useless and possibly privacy-invading.

I do hope these jokers are getting a good salary out of the moron paying for this "research".

No records of any kind

I tried to find out how long this Amy had been in charge, but the website of the BPL mentions no date information for anyone - not the President, not the Board members. No timeline of any kind.

So I am a bit torn when I read that she complains about no records being put in place. Nice to complain when stepping down, dear, but what did you do about it when you were in charge ?

Maybe she did do something, or try to do something, but I can find no record of that either.

In final analysis, however, it is the Board that is ultimately remiss in its duties. Not having a catalog of acquisitions is really a disastrous display of not being aware of their responsibilities.

Privacy is apparently like insurance

It would appear that issues of privacy are much like insurance contracts in Joe Public's mind : you never understand how important it is until you need it.

I really would like the general public to be a bit more aware of the possible pitfalls of leaving all the details of your life in the hands of a third party which has next to no legal obligation to even listen to your opinion on the use of that data, but, as in everything IT, it would seem that millions of people will have to be bitten hard before any actual measures will be enforced.

In the meantime, I will be avoiding or blocking any and all source of information-gathering that I possibly can.

"a programme in which we have invested a great deal of time and thought in developing"

The problem does not appear to be the amount of time they put into thinking about the program, but how much they forgot to include in the design specifications in the first place.

Apparently, the notion of Privacy did not manage to be even invited to the discussions.