* Posts by Tom Paine

2255 publicly visible posts • joined 19 Aug 2008

Curioser and curioser: Little Mars rover sniffs out highest ever levels of methane

Tom Paine

"little"?!

You can call Curiosity many things, not sure "little" is very high up the list... yeah that's her on the right

https://edge.slashgear.com/wp-content/uploads/2012/08/nasa_rovers_curiosity-820x420.jpeg

Good old British 'fair play' is the answer to vexed Huawei question, claims security minister

Tom Paine

Controversial, I know, but right this minute I'm a lot more concerned by the "arbitrary, mistaken, corrupt and just lazy actions" of the electorate than the state.

Tom Paine

Bad sportsmanship

"A ruthless minority of people seem to have fporgotten certain good old-fashioned virtues. They just can't stand seeing the other fellow win. If these people would just play the game, they'd get a lot more out of life."

https://www.youtube.com/watch?v=XGge4rj4v_Y (from 1m 30s)

Shut the barn door: UK data watchdog tells MPs mass slurping by firms is a huge risk to privacy

Tom Paine

This has nothing whatsoever to do with Parliamentary privilege. See: https://www.parliament.uk/site-information/glossary/parliamentary-privilege/

Of course MPs taste in grumble will "be secret", just as yours and mine will be -- until they're hacked.

Tom Paine

Had to read this a few times

"Companies routinely derive data from other data, such as determining how often someone calls their mother to calculate their credit-worthiness. [....]"

* blink, blink-blink

Because people who ring their mothers are... broke and borrowing money?? wat??

It's all in the wrist: Your fitness tracker could be as much about data warfare as your welfare

Tom Paine

Betty Boo!

Ah 1990, so much to answer for

After years of listening, we've heard not a single peep out of any aliens, say boffins. You think you can do better? OK, here's 1PB of signals

Tom Paine

Eric Raymond's aphorism fails when asked to prove a negative (like everything else).

Posit: there are no other technological lifeforms capable of transmitting any sort of signal that we could detect with current instruments, or with any instrument conceivable in, say, the next three decades. IF that were the case, how long should we continue searching before concluding the odds of finding anything are now so low as to make further searches unnecessary?

Sad SACK: Linux PCs, servers, gadgets may be crashed by 'Ping of Death' network packets

Tom Paine

Vulnerable systems

all sorts of gear from network or internet-connected TVs, routers, thermostats, light switches, CCTV cameras, and robot vacuum cleaners, to servers, PCs, smart fridges, dialysis machines, car infotainment systems, tractors, construction equipment, and uranium centrifuges, and so on,

power statins and electricity distribution grids...

https://www.nytimes.com/2019/06/17/world/europe/russia-us-cyberwar-grid.html

Those darn users don't know what they're doing (not like us, of course)

Tom Paine

Re: System

There's a reason why "dirty as an office microwave" is an expression.

Hate your IT job? Sick of computers? Good news: An electronics-frying Sun superflare may hit 'in next 100 years'

Tom Paine

Re: Yeah let's frrrryyyyyyy

Yes.

RAMBleed picks up Rowhammer, smashes DRAM until it leaks apps' crypto-keys, passwords, other secrets

Tom Paine

Re: We can't do that...

Apart from email clients, of course. And the Office applications, when you open an attachment or download an office file. And PDF viewers, readers likewise.And, and,...

Tom Paine

They make clear on the site that ECC makes no difference, because they're reading data from adjacent memory, not writing it.

It is with a heavy heart that we must report that your software has bugs and needs patching: Microsoft, Adobe, SAP, Intel emit security fixes

Tom Paine

Re: WTF?

May I gently suggest that a little reading around the history of the disclosure debate over the last 20 years, and some knowledge of Project Zero and of Travis, might be in order before advancing suggestions unsupported by any evidence?

Tom Paine

Re: "they kept a lid on that for a year"

Welcome to ChoppedLiver 2.0

https://www.google.com/amp/s/gizmodo.com/googles-project-zero-team-releases-details-on-high-seve-1833052225/amp

The 90 day deadline (which has nothing to do with anti-trust laws, of course) is the same for every vendor. Release is automatic.

Tom Paine

Re: Why Google?

I'm afraid you are completely mistaken.

The idea Tavis is part of some Google conspiracy to attack Microsoft isn't even wrong.

Here's his response to one such ill-informed criticism (micro-thread):

https://twitter.com/taviso/status/1138499902621667328?s=19

Mystery GPS glitch grounds flights, leaves passengers in the bar

Tom Paine

Re: A Most Plausible XPlaNation ... for Boffins Work.

* nodding thoughfully

Tom Paine

Re: Time

In othe rwords, https://en.wikipedia.org/wiki/Automation#Paradox_of_automation

Bloody awful: Hell-thcare hackers break into databases of 20m medical test biz patients

Tom Paine

Re: You are only looking at the "corporate firewall"

https://www.healthypeople.gov/2020/data-source/national-emergency-medical-services-database , if you too are wondering what an EMS is.

Tom Paine
Thumb Up

Re: Too important to bother?

Take a tip from an old pro: put it in writing. Even a polite email heavily obfuscated with technical jargon that only goes to your line manager is enough. It won't stop you getting fired when something goes pop (because "scapegoat" is second on the list of core duties in security, just below "fig leaf") but it should get you a bit more of a payoff when you draw their attention to the warnings they ignored and ask how they'll sound when they're read out at the employment tribunal.

And now here's Tom on Jupiter with the weather: Thanks, Karen. Still a bit breezy on the Great Red Spot, but it's easing up

Tom Paine

Nice

Really good to see amateurs able to contribute a unique dataset to actual proper real science -- and acknowledgement from the real boffins.

New twist in underworld of alleged code, data theft: Two, er, boffins accused of trying to steal, uh, a river model

Tom Paine

"If the Old River Control Structure Fails: A Catastrophe With Global Impact"

Did you know* - the Mississippi is only prevented from jumping over to another nearby valley that will get it down the last 150 miles to the Gulf in half the time, as well as shutting down the entire lower river cargo traffic -- the route down which an appreciable fraction of the global food supply is transported. Really fascinating articles here (this is one of a series of 3): https://www.wunderground.com/cat6/If-Old-River-Control-Structure-Fails-Catastrophe-Global-Impact

* Me neither til I saw these pieces.

Bad news. Asteroid 1999 KW4 flew by, did not hit Earth killing us all. Good news: Another one, Didymos, is on the way

Tom Paine

Re: Dave Lister, Super Strength Lager, Pool Cue

It's sad to see the blank looks I get from the barstaff when I explain that "I'm not pished... just /nicely/ drunk". Kids today, I dunno...

Tom Paine

Re: Land Dart on it then electric propulsion

It doesn't have to be hot; heat is merely a product of a popular class of reactions for turning a small volume of fuel into a very large volume of exhaust gases, meaning very high pressure, meaning more thrust.

Tom Paine
Joke

31 years - that's all we've got

Assuming, of course, humanity makes it to the 22nd century and there's anyone around who gives a crap.

Magic 8ball says: chances not so good

https://www.livescience.com/65633-climate-change-dooms-humans-by-2050.html

(Don't shoot the messenger, I'm just pointing out this assertion has been made... by "The Breakthrough National Centre for Climate Restoration in Melbourne", who evidently have also hit upon a breakthrough in getting coverage, too. Perhaps some IT vendors could commission them to get more coverage of the latest breakthroughs in network attached storage arrays?

One man went to mow a meadow, hoping Trump would spot giant grass snake under flightpath

Tom Paine

Re: childish

We know he's a nasty racist crooked sex-case being blackmailed by the Russians, so there's not much more serious journalism left to say or do about the visit.

AI systems sieve out catfish from the dating pool in effort to lock away scammers

Tom Paine

Re: Cringe at the ages

Actually, I think you'll find...

The quality of sperm quality decreases with a man's age, increasing the chances of birth defects, developmental problems and other things that make them a poorer choice of breeding partner than a 30-year old man (given modern life expectancies and the relatively high death rate in 20-something males,) That's why, in most cultures, when 30 year old women form couples with 50 year old men, it's generally assumed that other factors must be at work.

See, that's the problem with reductionist biological explanations that fail to take account of culture and societal pressures... they're superfically appealing but unsatisfactory explanations for a surprisingly large amount of human behaviour.

(PS https://boingboing.net/filesroot/201004071446.jpg )

Minecraft's my Nirvana. I found it hard, it's hard to find. Oh well, whatever... Never Mined

Tom Paine

pointing finger vs. moon

...as these toys become tools and the map of the world becomes the world itself.

. French philosophers notwithstandnig, maps will never become the world. If you walk across a crenelated black line* on a map, life goes on as normal. In the real world... not so much. Until you respawn, anyway.

* https://media.geograph.org.uk/files/1ff1de774005f8da13f42943881c655f/NAT_black1.jpg

US Air Force probes targeted malware attack, blames... er, the US Navy? What?

Tom Paine

Really???

the email had "contained hidden computer coding designed to extract the IP address of the Navy Times computer network and to send that information back to a server located in San Diego".

A web bug, as used by every marketing mail ever sent since about 2002? CODE RED! CALL THE PRESIDENT!!

*eyeroll*

Programmers' Question Time: Tiptoe through the tuples

Tom Paine

Fab

Eric Robson is spinning in his offline backup long term tape storage archvie. Stobtastic!

(PS if anyone knows a cure for the North American Lupin Aphid... )

Salesforce? Salesfarce: Cloud giant in multi-hour meltdown after database blunder grants users access to all data

Tom Paine

Re: no consequences

Thsi type of farce has played out in every one of the companies I have worked for in my 30 years : / without exception.

May I politely suggest the possibility that you're picking the wrong employers?

No doubt there are plenty of industries and orgs where senior managers cover up for each other in this sort of situation, but in anywhere of any scale the seething piranha pool of hungry ambitious execs eager to climb a ladder of knives sticking out of other people's backs mean "you're only as good as your last outage". At least two of my past employers ditched senior execs after major outages (Director, Operations and CIO, respectively.) So it does sometimes happen.

It will also depend what sort of impact this event has on the bottom line. If they end up as GDPR test cases and get a huge fine -- or if there's a long-term loss of customer confidence and they start switching to competitors in significant numbers, senior heads could certainly roll.

Salesfarce to Failsforce: Salesforce database blunder outage enters day three as fix falters

Tom Paine
Go

Like a Saleforce into the night...

YouTube "LCD Soundsystem:: Where Are Your Friends Tonight?"

Boeing admits 737 Max sims didn't accurately reproduce what flying without MCAS was like

Tom Paine

Re: ...

Originally "Mongolian clusterfuck"; the derivation's quite interesting, if you like that sort of thing (I happened to look it up a few weeks ago, because -- er -- for work-related reasons. )

Pushed around and kicked around, always a lonely boy: Run Huawei, Google Play, turns away, from Huawei... turns away

Tom Paine

Meh

"....future devices shipped by the world's second largest handset maker will not get access to the latest Android operating system."

So, just like all the other Android devices?

(Don't misunderstand me, I've got a direct-from -vendor (Motorola) Android myself. They used to push Android updates fairly regularly, not it's 6-9 months at best.

Want a good Android smartphone without the $1,000+ price tag? Then buy Google's Pixel 3a

Tom Paine
Pint

Is it any better...

...than my £150 Motorola? Does everything I want (and a load of things I'm not fussed about, eg selfie camera). The only thing missing is manual mode on the camera which doesn't have the f-stop, exposure & ISO sliders, which is a shame but I guess might be because they took it out of Android since my previous phone was manufactured. (??)

Icon purely because $mgmt decreed we should move desks over the weekend, not realising the only way facilities could get that done would involve us packing up at 2pm today, allowing me to "catch up on some document reviews" -- indeed I intend to provide so much feedback on the docs I'll have difficulty walking home *)

Have you always wanted an algorithm that can search like Bing? Well, if you change your mind, one's on GitHub now

Tom Paine

10/10 for the headline

that is all

Age verification biz claims no-payment model for 40% of Brits ahead of July pr0n ban

Tom Paine

" URLs that are too explicit"

Well, the fix is obvious! Simply add age verification to DNS, what could be simpler?

A day in the life of London seen through spam and weak Wi-Fi

Tom Paine

Youngs

As crap free wifi goes, the Youngs chain of hotels and pubs gets bonus ponts for "Security: none". Not even WEP?!

Hate e-scooters? Join the club of the pals of 190 riders in Austin TX who ended up in hospital

Tom Paine

Re: Make helmets mandatory - oh wait, we can't

A broken arm or leg is unlikely to kill you. bump on the head can turn from "I've got a bit of a headache" to "I'm unconscious in a blue-light taxi with a 50/50 chance of death or permanent brain damage resulting from an undiagnosed bleed" really unexpectedly (ie, many hours after the initial trauma.)

Tom Paine

Upvoted your Q, why would anyone downvote an honest and not-unreasonable quesion? Tch, middle-aged men today, I dunno...

If the thing you were doing earlier is 'drop table' commands, ctrl-c, ctrl-v is not your friend

Tom Paine

+1 for a text editor, but can I get a shout out for always starting a line containing potentially dangeous commands with a couple of '#' characters.

One of the grizzled old veteran Unix admins who learned me a lot of what I think I know about it had a slightly annoying (at first) habit that after typing any command into a terminal, it took his hands off the keyboard and read it back through a couple of times before hitting RETURN. Saved a lot more time than it cost in the long run though.

Rocket Lab picks up the pace while SpaceX sends a Dragon to the Space Station

Tom Paine

Re: Before we look forwards, has it been explained why ...

Possibly of interest: https://www.space.com/20317-apollo-moon-rocket-engines-bezos.html

Tom Paine

safety testing and space suits

Very interesting read https://www.tested.com/science/space/530828-spac

Tom Paine

Re: Kudos for mentioning Iron Sky

I really hate to break this to you but the suits being a 40 year old dsign dates them to the early 1980s -- not the 1960s...

Mine's the one with three bob and a packet of Pacers in the pocket.

We regret to inform you the massive asteroid NASA's all excited about probably won't hit Earth

Tom Paine

Re: 1/4 mph

I am not an astrodynamist. However I believe the current thinking is that tidally disrupted objects gradually spread out along the approximate line of the original object's orbit. This is how asteroids and comets give rise to meteor showers. See also Shoemaker-Levy impact at Jupiter.

Tom Paine

Oh no!

What have I got to look forward to now?

Oh dear. Secret Huawei enterprise router snoop 'backdoor' was Telnet service, sighs Vodafone

Tom Paine

Re: "We all want to see hard proof of espionage. This is absolutely not it"

There are a lot more people working in sprawling organisations stuffed with 30 years of accumulated legacy technology than are working in shiny-shiny startups with the latest and greatest post-agile serverless cloud everything.

Tom Paine

Re: "We all want to see hard proof of espionage. This is absolutely not it"

"bugdoors". Heard of them?

Huawei already has plausible deniability, of course, due to their famously terrible software development processes and standards, and apparenlty non-existent pre-release security testing.

Microsoft: Yo dawg, we heard you liked Windows password expiry policies. So we expired your expiry policy

Tom Paine

Re: Actually, even Uncle Sam got a clue now

The mail server specialist, though, got VERY nice pay rises.

Tom Paine

Re: NIST

Yup. Worked on a project to allow any number of arbitrary sequences to be blacklisted -- not just "qwerty" but "1qaz2wsx" and all the permutations along and across a standard 102 key keyboard.

When I pointed out to the PM that the two customers who were insisting on this change operated in dozens territories that used different keyboard layouts he nearly cried. #funtimes

Tom Paine

Re: NIST

Keep it up! This sort of thing is why all us infosec droids make a good steady living cleaning up after users.