* Posts by James Ashton

98 posts • joined 10 Nov 2008

Page:

Texas cops sue Tesla claiming 'systematic fraud' in Autopilot after Model X ploughed into two parked police cars

James Ashton

Re: Yes it is Tesla's fault

That's even besides calling their systems "Autopilot" and "Full self driving" when they are neither.

I don't have a problem with "autopilot"; it provides a similar level of automation to the autopilots in aircraft. Calling it "full self driving" would be a problem ... but they don't sell that, so it's not relevant in this case.

The day has a 'y' in it, so Virgin Galactic has announced another delay

James Ashton

the requirement to maximise profit

SpaceX is not a public company so maximising profit is much less of an issue for it.

After quietly switching to slower NAND in an NVMe SSD, Western Digital promises to be a bit louder next time

James Ashton
FAIL

switching up their firmware and electronics

Who are they kidding? The product's specs are now substantially worse. They must be forbidden from doing this to products without at least changing the model number, not just the spec sheet. As it is now, customers have no way of knowing what specs they're getting when they buy an SN550: don't even think of buying one unless it's cheap and the lower specs meet your needs and expectations.

Engineers work to open Boeing Starliner's valves as schedule pressures mount

James Ashton

The SRBs have a time limit

there is every chance that the next flight of the Calamity Capsule could slip toward the end of the year, or even into 2022.

But the solid rocket boosters are only good for 12 months after their five segments have been stacked together. After that they're supposed to destack, re-inspect and restack them. Lots more dollars to blow there if there's a long delay.

Australian court rules an AI can be considered an inventor on patent filings

James Ashton
Facepalm

Judges just rule based on the law

"Australian intellectual property lawyer Mark Summerfield has strongly criticised Justice Beach's decision on grounds that it could produce junk patents."

Whether or not the decision produces junk patents can't be a concern for the judge unless the law says so... which it apparently doesn't. The thing to do here is not to criticise the decision but to lobby the government for a change in the law.

Kaseya’s VSA SaaS restart fails, service restoration delayed by at least ten hours

James Ashton
FAIL

Almost no customers have their firewalls locked down

“For almost all customers, this change will be transparent,” the 10PM advisory states. “However if, and only if, you have whitelisted your Kaseya VSA server in your firewall(s), you will need to update the IP whitelist.”

Really? If there was one external service that you should lock down with your firewall then VSA would be it. But almost nobody is apparently and then we wonder why IT security isn't what it should be. People get a firewall and feel safe ... even if they haven't really configured it at all.

James Webb Space Telescope runs one last dress rehearsal for its massive golden mirrors before heading to launchpad

James Ashton

SpaceX is planning to take hordes of people to Mars. If they can do that, making it to the Earth-Sun L2 point and back to refill the liquid helium is a short trip. I'm not thinking Falcon 9 here but Starship. ("Not the local bulk cruisers mind you, I'm talking about the big Corellian ships now.") Obviously NASA didn't consider anything like this capability would exist in the foreseeable future (especially given that James Webb was supposed to launch in 2007) but hopefully they're wrong and Starship works.

James Ashton

The Hubble and the James Webb have about the same ability to resolve details. The James Webb is much larger, but it also uses much longer wavelengths of light (infra red) which cancels out that advantage as far as resolution is concerned. Obviously the James Webb is better than Hubble in many ways ... but resolving details is not one of them.

Let's wait until it works before commenting on the engineering. There are just so many ways for it to fail. I can see SpaceX offering to run a repair or replenishment mission.

GPS jamming around Cyprus gives our air traffic controllers a headache, says Eurocontrol

James Ashton
Mushroom

Re: The blocker needs a present

Anti-radiation missiles would be a possible answer. See the AGM-88 for example. They're designed mostly with air-defence radars in mind but I'm sure you use the same principle on GPS jammers, though their signal strength is probably much lower.

No fair! Space Launch System gets cool stickers even though monster rocket failed test

James Ashton
FAIL

SRB Shelf Life?

Don't they have to scrap the SLS solid rocket boosters if they're not used within 12 months after being put together? And for some unfathomable reason they put them together before the failed test. They certainly know how to make their screw-ups cost money.

Police drone plunged 70ft into pond after operator mashed pop-up that was actually the emergency cut-out button

James Ashton
FAIL

Touch screen emergency shut off?

This is a terrible user interface design. Anything as serious as an emergency kill switch needs to be a real, physical switch under a guard mechanism. The cost of such an addition would be a small fraction of the total hardware cost for one of these units.

SE's baaaack: Apple flings out iPhone SE 2020, priced at £419

James Ashton

Re: IP76

What about liquid water?

What happens when the maintainer of a JS library downloaded 26m times a week goes to prison for killing someone with a motorbike? Core-js just found out

James Ashton

Like ReiserFS

Hans Reiser went down for actual murder but still ReiserFS struggled on for quite a while. It’s still not quite dead.

Check Point chap: Small firms don't invest in infosec then hope they won't get hacked. Spoiler alert: They get hacked

James Ashton

Paying for Infosec is a Competitive Disadvantage

For a small business you can get away without infosec for, on average, a long time before it bites you. If you pay for it when your competitors aren't then you won't be as competitive as they are. Maybe the rise and rise of ransomware will have at least one up-side: disastrous compromises will become so common that, finally, most people will take infosec seriously.

Brits may still be struck by Lightning, but EU lawmakers vote for bloc-wide common charging rules

James Ashton

Re: Standards

Standards: battle insigna or tribal totems.

And then there were two: HMS Prince of Wales joins Royal Navy

James Ashton
Mushroom

Re: Carrier/No Carrier

The Royal Navy definitely did destroy some German tanks though. A WWI-vintage destroyer tied up Boulogne evacuating troops in May 1940 used 4.7" guns very effectively on tanks advancing on the quay.

WebAssembly gets nod from W3C and, most likely, an embrace from cryptojackers online

James Ashton

Re: I will not use this

Please don’t confuse the internet with the World Wide Web.

James Ashton

More secure than Java how?

Please Mozilla, make this an opt-in feature per site. Last time I wanted to try a Java applet on an ancient site I had to fire up IE because Java is apparently so bad that Firefox absolutely refused to run it. What makes them think web assembly will be any safer? Remember how secure Java was touted as being in the beginning, but the applet vulnerabilities just kept rolling in until it was worse than Flash.

Conspiracy loons claim victory in Brighton and Hove as council rejects plans to build 5G masts

James Ashton

20-metre towers? I thought 5G implied many small transceivers rather than the big towers used by previous generations. Like 5G was going to be small antennas bolted to every tenth power pole. Part of its advantage is supposed to be that each cell is very small and so only has to serve a small number of customers. I can understand people being unhappy about the need for new 20-metre towers on the basis of visual clutter, especially if there are going to be many of them.

Chemists bitten by Python scripts: How different OSes produced different results during test number-crunching

James Ashton

Re: Fixing the symptom…

I bet if they’d run it on a PowerPC based architecture they’d get different results again; different FPU, probably different arithmetic shortcuts

This is an OS issue, not a processor issue, and it's around the way filenames are sorted by default and nothing to do with floating point maths.

Mozilla says Firefox won't defang ad blockers – unlike a certain ad-giant browser

James Ashton

Google stops paying Mozilla in 3, 2, 1, ....

It's going to be very tempting for Google to try to kill off Firefox. At some point they'll decide that the search referrals they're paying for from the <5% browsing share Firefox has is worth less than the advertising losses due to ad blockers. The interesting thing will be to see whether Google's API changes dent the usage of Chrome due to its ad blocking becoming less effective. Ad blocker usage is well over 10% according to some stats and I'm sure Mozilla would love to grab some of those people if they abandon Chrome.

When it comes to DNS over HTTPS, it's privacy in excess, frets UK child exploitation watchdog

James Ashton

Re: How is this any different

Therefore however the IP address is obtained (DNS, local hosts file) then the TCP/IP packet will have the IP in it as the destination, and the encapsulated HTTP packet will have a, literally, "Host:" header in it that contains the hostname (as opposed to IP address) in it.

If you type "http://1.2.3.4/" into your browser as Pascal suggests then it's going to send "host: 1.2.3.4". Anything else would break web sites that want to allow access to different content by IP number. The browser's not going to do a reverse DNS lookup and, even if it did, that would ruin the privacy that Pascal was trying to achieve. He didn't mention editing the hosts file; he just said "type in the IP address". Be aware that some browsers—at least Chrome—do their own DNS thing and mostly ignore the hosts file.

James Ashton

Re: How is this any different

Your plan will almost never work. Let us count the ways ...

* Many web sites share an IP number amongst more than one web site, e.g., example.com and example.co.uk could be different sites both served by a server at 1.2.3.4. If you access the server using its number it won't know which site you want.

* Especially since we're talking privacy here, the sites will use HTTPS, requiring a cert for the address visited. The server will have a cert for the various DNS names it hosts but almost never will it have a cert for its IP number. So accesses using your technique will be totally insecure and vulnerable to interception and rewriting.

* Even if there was only a single web site on an IP number, the server will want to appear on the web as a single site. Not only does this simplify configuration and management, it avoids diluting the site's web presence across what search engines consider different sites. So requests to example.co.uk, www.example.co.uk and 1.2.3.4 will all be instantly directed to the site's preferred domain. This will cause a DNS lookup even if you typed 1.2.3.4.

* It can actually be difficult to configure web servers to respond identically to queries that use different names. Even if the server allows you to access content without redirection at both example.co.uk and 1.2.3.4, the content you see will often vary.

Tractors, not phones, will (maybe) get America a right-to-repair law at this rate: Bernie slams 'truly insane' situation

James Ashton

Re: Clarity needed here

The problem is that the tractor detects that you’ve installed a new part and refuses to run at all until it’s blessed using equipment only possessed by authorised repair staff. It’s similar to ink jet printers refusing to use third-party cartridges because they lack some proprietary chip that marks them as authentic.

FYI: Yeah, the cops can force your finger onto a suspect's iPhone to see if it unlocks, says judge

James Ashton

Re: Forced password entry not possible

Yes, they can jail you indefinitely, but they still can't force you to enter your password. That was my point. Jail doesn't force you to comply; it's merely coercion.

James Ashton

Forced password entry not possible

the state's higher court unanimously decided that there wasn't a difference and the cops could force a suspected pimp to unlock his phone by typing in the passcode

I can see how cops could physically force someone to swipe their fingerprints, though a determined suspect could make this quite difficult, with a serious risk of damaging the device. But there’s no way to force someone to enter a password, whatever a court may rule. You can coerce them with threats of fines and imprisonment, but you can’t actually compel compliance. That’s an advantage passwords have over biometrics.

Party pooper Microsoft pulls plug on Party Cluster

James Ashton

Re: users required a Facebook login or GitHub account to join the party

What's the betting there was a kick-back between Microsoft and Facebook?

Cache of the Titans: Let's take a closer look at Google's own two-factor security keys

James Ashton

Recovery

is a pain for non-corporate use. You really need to buy two or three keys to deal with one being lost, stolen or failing. It's better for companies but I'm sure they're still not looking forward to their staff being forced to physically visit the helpdesk instead of just resetting their passwords over the phone. Of course, all those over-the-phone resets are a major attack vector which they should be closing anyway. Security costs money!

Galileo, here we go again. My my, the Brits are gonna miss EU

James Ashton

Re: Fgs

Are you expecting us to be at war with the USA any time soon?

The issue is not being at war with the US but being at war with someone with whom the US doesn't want you to be at war. Remember the Suez Crisis or, more recently, if the US was feeling more pro-Argentina and less pro-UK than in the 80s. Having Galileo means there's one less rug the US can threaten to pull out from under the EU in the future.

Amazon can't or won't collect sales tax in Australia

James Ashton

I dont really understand your objection.

Yes, the GST is great, etc., etc. What we're complaining about here is that Amazon appears to be refusing to collect Australian GST on the huge range of products in their overseas stores; instead, they're outright refusing to ship these to Australian customers. We can't get them even if we were willing to pay the extra ten per cent or, indeed, for any price through Amazon. It seems that Amazon is trying to aggravate Australian customers to spite our federal government.

Still, I'm not completely sure that the gloom and doom is all justified. The wording suggests that at least some of the products from international stores will be available via the Australian Amazon site somehow.

Time to ditch the front door key? Nest's new wireless smart lock is surprisingly convenient

James Ashton

Re: Bluetooth

In 99.9% of cases something usually needs to be put down in order to open the door by the handle

Lever handles for the win. Then you can use your elbow or your shopping to open the door.

Virgin spaceplane makes maiden rocket-powered flight

James Ashton

Re: SpaceShipTwo is great, less overhyped than SpaceX

No, SpaceShips One and Two are overhyped. Assuming equal mass, the energy required to reach orbit is more than forty (40) times greater than the energy required to reach an altitude of 100km. They're not playing in the same league.

Patch LOSE-day: Microsoft secures servers of the world. By disconnecting them

James Ashton

Re: Oh dear

> Very poor practice to rely on static IPs

Except in many cases ... and the DHCP server would commonly be one of those.

Sneaky satellite launch raises risk of Gravity-style space collision

James Ashton
FAIL

"have the DoD destroy them with some air-to-space missiles"

Exploding anti-satellite missiles would be a *much* more serious source of space junk than a few tiny satellites.

US state legal supremos show lots of love for proposed CLOUD Act (a law to snoop on citizens' info stored abroad)

James Ashton
Big Brother

Re: Wow.... just... wow!

"You host anything, with a US based company, regardless of where the physical iron sits, Uncle Sam can Go Shoulder deep into your data and pull anything out he wants."

Bad news for you: it's not limited to US-based companies. Say you're a UK university with a small presence in the US for the purposes of purchasing, marketing, etc. What's to stop the US subpoenaing data held on a UK campus? You probably don't want to end up in a situation where university employees can't travel to the US.

Getty load of this: Google to kill off 'View image' button in search

James Ashton

Re: Bad bargaining

"Copyright infringement is a crime. It isn't stealing, but it is still criminal."

Nope. It varies by jurisdiction but commonly you have to be profiting from your copyright infringement for it to be a criminal act. Using a Getty image for your school assignment isn't going to result in any criminal penalty, even if you use the high resolution versions.

$14bn tax hit, Surface Pro screens keep dying – but it's not all good news at Microsoft

James Ashton

Re: But...

"Microsoft's agreement of purchase prevents class action law suit."

That might fly in the US: there are precedents there for software at least. I don't that kind of clause is going to be effective to many other jurisdictions though, especially for hardware.

What a Hancock-up: MP's social network app is a privacy disaster

James Ashton

"May" bad for privacy.

' "May" being a word that European data privacy watchdogs have strongly discouraged companies using'

"May" also being a name they probably feel strongly about as well.

SpaceX delivers classified 'Zuma' payload into orbit

James Ashton

Rumours of ZUMA Failure

There are now multiple conflicting rumours of ZUMA failure, all vague and unverified due to ZUMA's secret nature. Was it SpaceX's fault? Are the rumours misdirection aimed at obscuring ZUMA's real nature and continued existence?

UK security chief: How 'bout a tax for tech firms that are 'uncooperative' on terror content?

James Ashton
Thumb Down

Just Like Cars

This is just like how they tax car companies for the costs of all the traffic cops. And, linking with the terror angle, I propose they up these special taxes on car companies now that the government has to pay for all those new bollards to stop terrorists mowing down pedestrians.

Boffins craft perfect 'head generator' to beat facial recognition

James Ashton
Big Brother

Great for Passport Photos

I wonder how long it will be before the government makes it illegal to use a tool like this on your passport photos. They probably think it is already but catching people at it and successfully prosecuting them is going to be challenging.

DNS resolver 9.9.9.9 will check requests against IBM threat database

James Ashton
Big Brother

'Quad9 won't “store, correlate, or otherwise leverage” personal information.'

And if the above is a lie our legal recourse is what? It's a free service so no contract exists. And I assume it's legal for police in the UK to lie to encourage people to incriminate themselves, the same as elsewhere in the world. I think there's going to be a large overlap between the likely users of such a service and the tinfoil hat brigade who won't be touching it with a barge pole.

DJI bug bounty NDA is 'not signable', say irate infosec researchers

James Ashton

Re: Why not post a copy of the NDA?

How do you know the NDA isn't itself protected by copyright, or have you seen it, in which case, why not post a copy? There's a good chance that DJI only sends out the NDA to people who apply and there's nothing to stop them controlling distribution using copyright law.

If your websites use WordPress, put down that coffee and upgrade to 4.8.3. Thank us later

James Ashton

Re: It's better than Windows

The 4.7.7 update is just exactly the same patch as the 4.8.3 patch. WordPress appears to apply security patches to older versions going back a long way, which is nice. Updating from a 4.7 to a 4.8 release is not necessary for security reasons and will probably change the way your site looks, or even break it if you use customisations or plug-ins.

Best practice would be to have a test site to try any upgrade first, before upgrading your production site. I usually just risk it and allow auto-updates for patches that only increment the third part of the version number but changes in the second number are too dangerous to skip testing if your site is commercial.

Call the doctor! WDC's new 14TB spinner has shingled write scheme

James Ashton

Re: What I'm stuck on is how data can overlap! Crazytown!!

The heads can read a narrow track but only write a broad track. So the writing partly overlaps within a "zone". Reading is as before but, if you want to write a track, you have to write all the overlapping tracks.

Obviously, don't use these in a write-intensive and/or random-IO environment. They're ideal for things like steaming video where it's almost all read-only, and the writes are huge files, i.e., mostly sequential.

Commonwealth Bank: Buggy software made us miss money laundering

James Ashton
FAIL

Mistakes = Liability

I'm pretty sure that if the bank made a mistake whereby it lost $1T of funds it would be on the hook and the old "computer error" defence would not stop them being bankrupted. Also, I'd be very surprised if AUSTRAC needs to demonstrate criminal intent to nail the bank; incompetence alone should be enough.

Disney mulls Mickey Mouse magic material to thwart pirates' 3D scans

James Ashton

Photocopier Déjà Vu

Remember when they had stuff they really didn't want you to photocopy they'd print it in black on red or something? Because colour copiers and even scanners were not generally available. This 3D printing DRM seems about as stupid as that. It may annoy a few people at home trying to make a copy or two for their own use. It will have zero impact on the serious counterfeiters who know what they're doing and who will trivially work around this.

More to the point, as far as I can see the wide availability of cheap photocopiers has still not killed off the printing industry; ebooks are having more of an impact. The nearest equivalent for toys I can think of is VR headsets so maybe Disney should be concentrating on VR games featuring their characters. Kingdom Hearts III VR anyone?

UK surveillance law raises concerns security researchers could be 'deputised' by the state

James Ashton

Re: I see your warrant, GCHQ,

"Anti-slavery legislation might trum [sic] warrant. It could be an interesting situation."

Anti-slavery legislation is just legislation, open to being overridden by subsequent legislation. We're not talking about the US where they have an anti-slavery clause in their constitution which will trump (with a small "t") any legislation.

James Ashton
Big Brother

Re: Warrant Canaries

"I expect to see a lot of researchers putting up warrant canaries if this ever happens."

This is not a problem for the government. Australia has already outlawed warrant canaries for some situations. If your legal system allows the government to outlaw revealing the existence of warrants then outlawing the revealing of the non-existence of warrants is but a short step.

"And what happens if they are asked a direct question about vulnerabilities? Are they legally required to lie? Even knowing that people will suffer loss due to their false reassurance?"

You don't have to lie; "I can't answer that for legal reasons" would probably be a legal response. If further asked what those legal reasons were then "I can't answer that for legal reasons" is, again, going to get the job done. It's going to convey much the same kind of impression as the phrase "helping the police with their enquiries".

Dell BIOS update borks PCs

James Ashton
FAIL

Ding Dong Dell

Seems more apt than usual at this time.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021