Re: Surely the washing instructions
You aren't supposed to dry clean hamsters.
1239 posts • joined 3 Jul 2007
Ooh, that should be an El Reg tshirt! "Stay calm and copy con program.com".
"Root Windows for the greater good!"
"Now, we could be wrong, but banks usually keep quite a lot of cash on hand, right?"
Well, it's all kept in a safe. The new banks actually use armored dispensers for the cash, so the customer takes a receipt to the dispenser, which then doles it out.
So of course they guy took the hand sanitizer, because it had more value than the paperclips and pens lying about.
"Those watching the video stream of the cargo ship docking with the International Space Station (ISS) were treated to the sight of the spacecraft seeming to go off course as it approached the outpost."
Don't worry, that software bug is totally correctable.
But are you sure that it's even a hypothesis? A hypothesis is a scientific wild-assed guess that is dressed up to produce a paper for a grant. A theory is a hypothesis dressed up for more grant money.
I'm not sure that anyone has ever had a hypothesis about angels that has resulted in a grant to study them.
Since PC networks consisted of sneakernet back in well-spent youth, the closest we got to distributed disturbance was when I was in Army signal school. The barracks had a 70V speaker system wired in every room. Well, somebody had the "bright" idea of hooking up their car stereo up to it, and playing (badly) a bit of Jimi Hendrix. Of course, I and my fellow barracks rats decided that we had to do better, so my rather decent amp was hooked up. Yes, with full fidelity, out came The Hitchhiker's Guide to the Galaxy radio show, the last episode featuring the Man in the Shack.
We were never caught, and I regret nothing!
(Yes, on Monday our sergeant gave us a collective verbal drubbing, and told us never do it again.)
It's a worthwhile endeavor if you think it is. Really, people learn all kinds of languages. It's a different perspective on how to do things. I learned Rust using the online tutorials, then I went and implemented N-Queens solution and a more complex dining philosophers solution. Do I use Rust at work? No, but I would like to do so. I think it's a decent language, although the lifetimes stuff can be a PITA.
Learn it, use it, and implement something. Have some fun!
The ARM TrustZone is a joke, and it's a rather bad one. If Samsung has implemented their cryptography properly, and if the firmware and OS use it properly, then it goes a long way towards eliminating a lot of threats. Positive identification of a phone really isn't that big of a deal. The big deal is to keep malevolent code from running on the device.
The one thing I couldn't understand about Windows was why didn't they design in so many good ideas from Unix land? After all, they had Xenix. Apparently they ignored Xenix completely during the development of all of the Windows incarnations. "kill -9" should have a song written about it.
Let's see, according to the title, that would mean Multics.
While IBM did have support for TCP and web servers on their mainframes, it was always just insanely expensive. That gave Sun an edge, but that edge was lost when Linux got good enough to do the job. Now it's pretty much all derived from System 7, and an open source reimplementation of System 7. Makes one wonder what it would be like if AT&T had either clamped down from the get-go and never let System 7 out the door, or never paid any attention to K&R's efforts at all.
The microphone is doing the conversion of sound waves to electrical signals, not the browser. It would be best to limit the microphone in Android or iOS, not mess with a spec. While there isn't a snowflake's chance of building a ski slope in hell of it happening, it's a better chance than changing a spec or API.
We've all known for years that power supplies can squeak. Not news. And of course you'll have to be using SSDs intead of HDDs, and make sure that the fans always run at max because you don't want data exfiltrated through RPM changes.
At some point, we just can't have nice things out in public. Just the way it is nowadays.
No, really? After all, this isn't a vulnerability, and it's not a bug. It's a global feature that just everybody on the planet wants! Yes, everybody wants to play music to a speaker that they can't possibly hear.
Really, the speaker should have some kind of control to revoke who accesses the thing. Maybe a factory reset will do the trick. Use the button activated by a sledgehammer.
"What happens when a highly advanced extraterrestrial civilization visits Earth?" Thaler told El Reg.
If they actually bother to visit, they'll just nicely wipe us out and preserve the rest of the planet for their own exploitation. We're just not that amusing.
The question is, who trained the AI? Betcha it was Thaler and partners. Thus, it was their efforts that went into the creation of what the AI generated.
Now, the real question is, who owns the invention when the AI was trained on the summation of English literature, and then the AI churns out an invention and files a patent? The AI needs to do everything on its own, and then when the patent office rejects the application, the AI can sue the patent office.
Based on the current state of what AIs actually produce, that isn't going to happen for a very, very long time.
When one is writing simple code, then simple solutions are easy. I doubt these features would have been useful for either of my post-tutorial projects, which involved threading. Getting help with lifetimes would be nice, but I have my doubts about advanced Rust and "helpful" IDEs.
But that's the environment I've been using with Rust, just not with gcc and make.
I have used Rust a bit, and I've found that I can get a mutex lockup using their standard library. Really, sometimes a mutex doesn't release when it's supposed to. I've had no problems with the parking_lot mutex, though.
The language is tricky, and the "helpful" error messages can very quickly lead a person astray. The checking up front is great, and there's other good concepts.
YouTube has a lot of automatic moderation. How effective is it, really? That depends. Say your video has a randomly generated background. Well, the bots can flag your video just because someone else put up a randomly generated background before you. And you lose revenue until a human gets off their but and presses a button. Your video uses content within the law of copyright and DMCA, but you can get flagged regardless of that.
There are no good options.
Ok, so the US just might be vulnerable to encryption being cracked by quantum computing. Maybe. If there is usable quantum computing...
The thing is, the really sensitive government stuff is protected by encryption that is not public. The problem is one for the rest of us out here, who are actually far more vulnerable to a chair and rubber hoses than encryption being broken by quantum computers. And because some mainframe back there is running COBOL, doesn't mean that it has information that is sensitive enough to warrant the expense of being cracked using a quantum computer.
Current encryption is far more vulnerable to math and GPU attacks than the alleged eventual arrival of quantum computers.
"We'll see how long it takes before someone breaks and smacks one of the buggers with a crowbar. "
"When cometh the day we lowly ones, Through quiet reflection, and great dedication Master the art of karate, Lo, we shall rise up, And then we'll make the bugger's eyes water."
But why is this news? All along "AI" has been pattern matching, and has always been shown to be pattern matching. I remember early demonstrations of AI telling the difference between headshots of men and women, and then being confused when given headshots of the Beatles.
The real question is, can we use pattern matching to reliably navigate a multi-ton object without human intervention? Sure, if the object is on rails, and isn't subject to major random interference.
However even a positive pressure air system ventilator that's kitbashed together, and works acceptably, can help a less serious case and can be the difference between recovering at home and ending up in hospital.
Hey, I'm set! If I get sick, all I need to do is run a hose from my case fans to a mask, and game until cured or dead!
A roll a week? How?? I'd have had to have eaten a mess of things that would run through my gut like the 24 Hours of Lemons race to do that. Of course, I don't work from home. Ok, now that my employer has screamed "OMG it's a pandemic! Watch out for these symptoms!" (None of which would catch even one zombie, mind you) that I'm here at home with a new defacto mouse and keyboard farm.
Seriously, at roll lasts a minimum of two weeks, usually three.
The attack of the 4-byte file
The entire attack on a target network starts with a tiny command line module that sends a TCP request to an external command / control server, the command consisting of only four bytes of text [!]. This command brings in a so-called “dropper”, which then places the subsequent trojan in disguise.
This is just sooooooooo bogus! They make it sound like it only takes four bytes to hack a server, and it's done with a request. What were they expecting, a treatise on nihilism?
The attack starts because somebody in their network has said compiled code on their computer. The code from Kaspersky looks like something done as a demo of the attack, not the attack code itself.
Many years ago, a programmer made the point that firewalls should be able to whitelist only connections to known services, not just any old thing out there. Since 13277 is off in the weeds, disallowing outbound requests on that port would stop the problem.
So what's to stop your IdiOT from still sending all that wonderful data back to the mother server for integration into the silicon all-mind for the purpose of optimizing advertising to change your mind about which toilet paper to buy?
(Hint: just steal your toilet paper from work. They have plenty.)
Clue: When logging in as user 'anonymous' and your email as your password, the security of the data is rather irrelevant.
And when we wanted to do business securely, we used a physical thing called "cash". When we wanted to send confidential data, we encrypted it first, and/or sent it on a physical medium through registered mail.
Grasshopper, when you can snaffle the data transferred by punch cards in the TEMPEST room, etc., etc.
The Nordic dongle is simply a NFC CPU dev kit. This is not a solution I would recommend, and you could substitute just about any CPU on a USB key here. I could probably take the project and dump it on that Linux-on-a-business-card kit without too much difficulty. Good excuse to buy a SMT oven, though.
I do recommend the Microchip ATECC608A and ilk dev kits, though. I wrote a Python interface for their AT88CK590 dev kit, it wasn't that hard. The chips are good.
Yeah, side-channel attacks are a PITA. The company I work for runs tests for that on our chips, and has revved the prototype designs a couple of times to thwart that. All of the crypto operations look exactly the same.
OK, clue time here: the private key is generated inside the hardware itself. There is no external generation of the private key. You send the chip a command, it performs the command, and it keeps the results of the command inside it. Then you perform cryptographic operations with that value for external use. There are a few really good crypto chips that do that.
Some chips do, indeed, require a programming step with external data. And some HSMs don't have a lot going on inside them other than running Linux with everything floating around in plain text while the device is in operation.
For simply doing things like 2FA, etc., there's at least two I2C chips that fit that bill. Otherwise, you're running everything in an OS of one flavor or another.
Biting the hand that feeds IT © 1998–2020