Maybe that's why one of the astronauts, Bob Behnken, looks like he's bricking it pre-launch?
740 posts • joined 30 Aug 2012
Remember the Uber self-driving car that killed a woman crossing the street? The AI had no clue about jaywalkers
I think the biggest issue is false positives. These systems can detect these objects, and easily avoid them (as long as they have a radar reflection and/or a lidar map). However allowing the vehicle to do that would result in a horrendous ride that could be dangerous to other vehicles. It'd be jumping like a kangaroo at times.
So it tries to risk profile detected objects - similar to how humans do (and we often get it wrong). So if we see a human on the side of the road we look for subtle clues in body language as well as whether they are looking at us to determine whether they are about to cross the road in front of us, or pull out at a junction. Just determining a path is not always enough of a clue as to the risk.
Re: What muppet recorded the keytones ?
They are storing on an insecure public server and you think they might have gone through a proper PCI compliance process.
Interestingly, the fact that they are clearly not PCI compliance should see major fines from their card processing company and possible suspension of their use of Visa/Mastercard for the foreseeable future.
Re: [S3] users have to actively turn off security
They find it a hassle to create an AWS VPN, especially when they are an agency dev and used to working directly on LAN servers, will continue to develop the app once the intial builds have been dropped and the new VPN would need to be transferred (or second one created) for the customer. WHich will then require some configuration of their firewall ... etc..
So you just assign it a public IP, open it to the public and connect to that from the application. Works from Dev, From Test, From customer and from partners (oh and from anyone else who wishes to connect to it without you knowing).
It's just lazy (non)security. Then again it is still possible to find SQL injections floating around, even from major enterprise communication companies. So it's no surprise.
Not true and this is a well known limitation of automatic braking. Fully stationary objects, especially if they aren't recognised as a vehicle don't work very well. If the cones were moving slowly then it would work or if the cones had moved slowly then stopped it would.
Lidar would also have worked in this situation.
However regular AEB from most (all?) will struggle and probably fail here. It is easy for them to be detected and work with stationary objects it's just your car will be driving like a kangaroo for many journeys through town and you'll be constantly rear ended. There AEB only kicks in when it is sure.
Oh that'll be a nice bit of compensation for the customers whose data was taken due to security failings.
Doesn't help with the amount of anguish knowing you are just a moment away from being the victim of identity theft and having to once again change your card details and keep constantly vigilant for unauthorised loan applications. However £378 goes a little way towards easing the pain.
...wait, what was that?
You're saying the people whose data got stolen don't get any of it and the money all goes into the general taxation pot?
Well that sucks.
Re: Do you HAVE to use Oracle?
For huge databases there are also alternatives. however Oracle is legacy - legacy with DBA experience, legacy with applications, legacy in the mindset.
There really aren't that many companies where Oracle is the only fit for their needs, however - if it ain't broke and the fees are still smaller than the GDP of a distant nation then carry on.
Re: Telnet IS a backdoor
From this comment: "Learning things from sources other than Google searches might help..."
From your previous comment: "You know, you would've come across as less ignorant had you searched in Google for..."
You know there is a troll icon that you can use that saves a lot of time and is generally considered good manners to use on this forum when trolling?
Re: Telnet IS a backdoor
"There was. At least I hope there was a password. That's what Huawei said. Because they needed Telnet for troubleshooting and maintenance."
They didn't say that at all. They said, according to the article, "configure and test the network devices". Now this could very easily have been during manufacture as part of the QA with the final sign off, disabling the login or writing out the customer firmware to the device. There doesn't appear to be any suggestion that a login still remained on the device. If you've ever looked at a lot of electronics they have a diagnostic port that is often underneath the cover that is used for the same purpose.
As for your talk about no such thing as a telnet server? What are you on about, in client server computing you define one thing that accepts requests as a server and you connect to it with a client. A machine with ports open to accept an incoming Telnet connection can be referred to as a Telnet Server or Service, the machine you connect to it with can be regarded as the Telnet Client. What tool you use to fire this up or maintain it, or if it calls itself something different on your device is largely irrelevant.
Re: Telnet IS a backdoor
You are completely confusing the word 'backdoor' with 'insecure'. The issue with being able to sniff the traffic is only an issue if the end user decides to use Telnet, and if they are security conscious they wouldn't use it where it is possible to intercept.
Having Telnet does not allow you to sniff the traffic going across the router/switch it just allows you an insecure way of logging in.
You could easily say that if it didn't have password complexity requirements built in it is a 'backdoor' using the same logic. No it isn't it is no less safe a device, it could just be used in an unsafe way.
If there was a hardcoded password on the device that was available to the telnet interface (especially if it could be access remotely) = backdoor.
It's use wan't in 2019 - it was 2011/2012 and many, many switches and routers still included telnet servers (and SNMP v1) at that time.
Re: Just one question
It's not just that it's a replacement market. It's also the fact that the replacements are slowing too.
When there was high innovation (especially when prices were lower) then more people were enticed by the shiny new kit. When older devices still work so well and can run most of the apps available there is less incentive to upgrade. A combination of bundled phone insurance, third party repair shops and screen covers/cases being almost ubiquitous make replacement due to damage less likely also.
Fortune favours the Brave: Privacy browser chap takes gripes over adtech body's website to Irish data watchdog
Ex-Mozilla CTO: US border cops demanded I unlock my phone, laptop at SF airport – and I'm an American citizen
How do you know they don't. There might not have been any commercial secrets of significant classification on there. Maybe he just didn't like the intimidation and the fact that they wanted to go through his private stuff without a warrant. They may also have planted anything they wanted in there once they got access.
He might also just not wanted random stabbed to be rummaging through his holiday snaps, sms, emails etc. Perfectly understandable if you ask me. Why is it any business at all of some random dude to be rummaging through you personal data?
yes, but don't forget the PC would also need to be left logged in and unattended for certain amount of time (I instinctively WinKey + L when I leave my desk).
However I would suggest that you don't need to type into a hex editor blind. You just inject a whole series of commands automatically as a set routing which would have the desired results - just as you notice the target standing up to go to the bathroom and before their PC timeout occurs.
USB4: Based on Thunderbolt 3. Two times the data rate, at 40Gbps. One fewer space. Zero confusing versions
They aren't typing the password in multiple times. They have already stolen the password, it's just that it's in an encrypted form. What they then do is try to find the original password (or even a different password that would give the same result when encrypted!).
They can do this by trying every possible password one by one (against the same encryption method) until the encrypted result matches. So they start by trying 'a' then 'b' then 'c' ...a loong time later.... then 'Abhg75^&%fgtrds'. All these encryption methods cannot simply be reversed. ie. they are one-way so you can't just enter the encrypted (hashed) password and get the original plain text password as the plain text password no longer exists in any form. However some encryption schemes have vulnerabilities in the random number generator or method used that can reduce the number of attempts significantly. They might also demand a minimum of 6 characters so the attacker doesn't need to check for passwords less than 6 chars. However they would normally start by checking a dictionary list that would contain popular passwords, all the passwords from major breaches, all the words in a dictionary, every birth date, peoples names, including multiple capitalisation, swapping letters for common symbols (such as pa$$w0rd) etc.
In then end they may get a match for the password (and - it doesn't always need to be the exact same password, but nowadays it normally is, it just needs to produce the same output when encrypted). They then use this password to log in on their 'first' attempt.
How do they steal your encrypted password? Well either they have access to your PC/Network and have dumped the 'encrypted' password file or more likely they have stolen it from a website or intercepted it when sending it remotely.
First they came for Equifax and we did nothing because America. Now they are coming for back-end systems and we're...
"...it was not aware of anyone selling or misusing the pilfered information"
Well they didn't notice someone breaching their system so the chance of them 'being aware' of anything is slim. It's quite galling when this line is trotted out, as though them being aware makes any difference whatsoever to whether someone is at risk of their information being abused. You can assume that if someone went to the trouble of hacking their systems and gaining some extremely valuable data then it already has been misused and it is likely to be misused further - why wouldn't it.
Lovely website you got there. Would be a shame if we, er, someone were to sink it: Google warns EU link tax will magnify media monetary misery
Thanks for all those data-flow warnings, UK.gov. Now let's talk about your own Brexit prep. Yep, just as we thought
I don't really see what the problem is.
Whether we leave with a 'deal' or not does not impact data as we will still be a 'third country' to the EU. It's only if that deal specifically includes a clause that the EU will, using section 101 of EU Regulation 2016/679. The withdrawal agreement in Article 71 suggests some protections of personal data but does not state that the UK will be found to have equivalent data protections under this agreement. However having fully implemented GDPR then the European Commission could very quickly agree adequacy of data protection whether there is a deal or not - remember the USA is still deemed adequate despite being refer to the courts saying it sin't and obviously doesn't have the same safeguards as the UK.
Therefore accessing of data that is stored in the EU can still be access just by the UK determining that it is holds sufficient data protection when they formalise the Great Repeal Bill.
The issue then comes if the EU determine that they refuse to grant the UK a status that would ensure it is seen a adequate to protect EU data and they also feel that the data sat on the servers in the EU is now EU data due to residency and refuse to allow it to be processed by the UK. However how would they know if that data holds PII without somehow demanding to see that data.
I don't think anyone stopped using US servers when it was found that Safe Harbour was not adequate - I'm not sure why our GDPR protections and the EU GDPR protections would suddenly seem to be invalid and therefore the data storage location immediately relevant?
Trying to log into Office 365 right now? It's a coin flip, says Microsoft: Service goes TITSUP as Azure portal wobbles
Re: And this is what you get
And there in lies the problem. You get geographical separation, however you need to do synchronous replication to ensure consistence, which has issues if you have a distance with even moderate latency as you have to await the ack from the remote site before processing the next bit of data. So you then use a cached synchroniser which keeps the latency down but must be physically separated from the rest of the network, separate power etc. However you also need local redundancy so you don't have to rely on your separate geographical location. So you can end up with three to four parallel systems (possibly each running RAID 10 ) and you storage requirements get quite large.
You also need a third location to ensure you don't get a split brain scenario. To use your second geo location you also need the infrastructure to be able to run from that location - extra internet connection, switch hardware etc. Then you might also need a physical location to use that connects to it. Don't get started about the live testing that you need to do to make sure it all works (and what if it doesn't during that test - all hell breaks loose)
Or you could just host it in the cloud (which has some of its own risks, for sure) - you can see why it can be an attractive option. Don't need to worry about it and your head isn't on the chopping block if it your expensive "bullet-proof" system stops working.
Re: And this is what you get
Hmm, very different from "if you can't afford for it to go down".
There's also still many ways that a system can go down, other than a single or even multiple server outages.
Also a backup will only restore to the a certain recovery point in a certain recovery time. May be fine for your file server but if you are dealing with real-time high volume databases then restoring from backup might be pointless - if that is your 'solution' to a system you can't afford to go down.
Re: re: Too bad they couldn't continue operating as normal with paper records,
I doubt it is all rubbish it is an exercise in risk. You aim to mitigate risk and put procedures in place and analyse the impact. Sometimes pen and paper might suffices. Sometimes it's running a script every hour to create a report of all current orders/customers etc which is save to a different location.
However the idea that every organisation can revert to paper just because some can is a fallacy. Even in some case where they could revert to paper you can get to a stage where that data would need to be reentered into a system before any new data (so the new data also has to be handled manually) can be accepted once it is back up. After a certain period of down time (will vary for all systems and organisations) you can get to a point where the outstanding queue of data becomes too large to be able to re-enter.
I would always look to engineer a fallback to the lowest common denominator, however sometimes it is not possible and you have to accept that if there is a systems failure, you're better off shutting up shop until it is resolved and then re-opening again and hope you don't go bankrupt in the meantime.
Really? Have you tried?
iPhone price cuts are coming, teases Apple CEO. *Bring-bring* Hello, Apple UK? It's El Reg. You free to chat?
Apple: You can't sue us for slowing down your iPhones because you, er, invited us into, uh, your home... we can explain
Six Flags fingerprinted my son without consent, says mom. Y'know, this biometric case has teeth, say state supremes...
Re: Thank you!
"The choices are fingerprints or facial recognition, and privacy advocates will (rightly) protest either."
Err, what? They can do facial recognition without privacy concerns quite easily. It's been done on ID cards for longer than even computers have been processing such data.
Here's how it works - the pass has the holder's photo, the human uses "facial recognition" to check the holder matches the photo on the season pass.
Re: Is there a scammier corporation
I disagree, Whatsapp is a great solution for multi OS mobile communication for groups of people. It's one of the few that has bridged the iOS and Android platforms and allows easy photo sharing, quick chats, group chats, video chats, quick decisions and end-to-end encryption. POTS you can't share photos or easily run a group chat and you risk interrupting someone (rather than reply in their own time). mobile MMS is expensive and groups are harder to set up and maintain (e.g. the group is set up locally by one person not for everyone), e-mail is much better but not a great short communications tool and harder to have a back and forth conversation, can't do a video call, not as good for quick responses, easy to lose the group if someone doesn't hit reply-all. Snail mail - great but limited in ways that are known.
So choose what suits you best but as the OP said using it to collaborate between families is great and I too am annoyed that it is being merged into tohe facebook family. I purposely don't have facebook messenger or facebook app on my phone as it is way too slurpy. Trying to get everyone to switch to another platform (including 70+ year olds) is going to be a pain and there is no obvious contender.