Re: Encryption will only work as intended until everybody is using it all the time
" @Whitter Stenography is your friend.
Shorthand? Do you perhaps mean "steganography"? "
That never worked. The dinosaur broke the pencil.
825 publicly visible posts • joined 19 Apr 2015
There needs to be a secure protocol for what we now do with email, including checking origins. Gov'ts don't like this because it means that communications will be private.
I had a funny thought about whitelist implementation. Instead of on/off, your security software will give you a probabilistic choice. For example, say you want to install Microsoft Word (which comes with the old-fashioned baggage of Word macro viruses, ETC.). Instead of saying "No", the security software would say "Pay me $5" (which might be the average cost of defending the vulnerabilities). This is not just "funny", but it might have good effects on app writers to reduce or eliminate the vulns in their opera. "That's not a $5 bill, it's just a jpeg of a mall statue!"
Finally, would a setup much like Virtual computing improve security for computers that access the internet? You have a nice powerful computer, but you expose to the world only a known good configuration, a sandbox if you like. During coffee break, the system compares with the known good configuration, shuttles away anything that's been changed, restores the known good configuration, and after automated examination of the shuttled stuff, makes available the non-executable portions, maybe not at the same terminal. The known good configuration and the software which manages the sessions would be in "ROM", perhaps even literally. Loss of the "cache" would be annoying, but might improve work habits. Readers who are old enough or who travel may remember there was such a thing as an "Internet Cafe", which evolved to use a similar schema between customers. In my own town we have Internet at the Library, run on a similar basis. Too crude, too obvious, too cold? For most of the people I help, the ability "seamlessly" to go back to a known good configuration would solve most of their computer problems. Yesterday, one of them was typing a reply in gmail and apparently in trying to type the character "+" (which is Shift-+=) her finger slipped and she accidentally typed Ctrl-Shift-+=, which is a command to gmail to increase the font size. gmail is mostly OK with vertical scrolling, but not so good with horizontal scrolling and the interface soon became impossible because she couldn't read what she was typing. It required a house call. OK, maybe turning off gmail keyboard shortcuts would solve this particular problem. And maybe being able to go back to a known good config would not help in this case because the font size is stored in google's cloud rather than on the user computer. But you get the drift.
In 1979 I was about to buy a first-ever computer, for the office-home. The two finalists were both from North-Eastern Ohio, curiously a "silicon valley" that wasn't, eh? The Ohio Scientific machine had a dealer, whom we visited in a nearby city. Either machine would have the power to do what we wanted. The Ohio Scientific dealer touted his brand's extra facility, which was, with the help of add-ons, to control lights going on and off in the office-home. For security and convenience. The demo went on for over an hour (remember, in 1979 a computer with 48K of RAM could cost $us5,000). Afterwards, my colleague and I disagreed about the value of the office-home automation facilities. I thought it had zero value; she thought it had negative value! Yet here we are almost four decades later and the smart home stuff is ubiquitous and sometimes imposed upon us, instead of toasters that just work.
We went instead with the more standardized (for the day) option, a 64K RAM S-100 Z80 system running CP/M 2 with dual 8" double-sided, double density (1.2 MB) floppy drives. That's right, no hard drive or solid state memory. Ohio Scientific (OSI), with its proprietary system, fell off my radar after a while. Which makes sense in light of their wikipedia entry. If OSI had touted the smart home to electricity utility execs (i.e., people spending other people's money) instead of to end-users, would their founders have become early billionaires? Would I have become even crankier?
Firmware over the air. Electric "smart meters". Either the firmware is fixed, and therefore forever hackable by all exploits. Or the firmware can be upgraded over the air, in which case somebody can reverse-engineer the upgrading process and install JoungSploder TM firmware. Or the utility company will send out a million little men with a screwdriver and a box full of ROMs. Ha ha.
What do those government and corporate data centres use to store our personal information that they've slurped? When capabilities don't advance as quickly as I thought they might, I always imagine that google or NSA has ordered an entire production run of The Latest Thing.
Are they really marketing a device that claims to be able to rewrite itself 37.5 times in a year? Sounds ideal for slurping, not for database management. Or am I misunderstanding the jargon, or is my eyesight bad?
"Chrome uses undocumented Android API's"
Just like MS and Windows. The security risk was a good reason never to use MS applications when running Windows, and sounds like a good reason to use another browser (e.g., FF or Opera/Chromium) in Android.
Tabs, windows, history, bookmarks, export/import, cache, sessions, refresh, previous page, first page, last page, cloud bookmarks ... they're all facets of the same thing. I can't help but hope that one day we'll have a user-friendly interface that encompasses all of these concepts in a customizable but by default more straightforward way. Here's a tiny f'rinstance. Some sites don't have favicons, or historically they didn't have favicons. There was a FF extension that would help with favicons, but only in the Bookmarks list. The same favicons would not appear in the tab bar because of the way FF was organized. This went on for years. Not sure if it is still the case, but while it was a ffactor, it was eFFing annoying.
So it's 70 seconds, regardless of the key-depressed-repeat-rate and the key-depressed-repeat-delay?
Standing back, this looks like another way to say buffer overrun. I'm not even sure why that was ever a thing. It's like you dimension an array to 100, but if a process contrives to ask for record 110, it's not a computer room anymore, it's a computer shroom. Before you press the down arrow, I'm not criticizing linux, but I might be criticizing (certain implementations of) a programming language.
I thought that dirty code was stolen code, as in the code whose functionality you need to replicate using "clean room" methods. So what is "dirty code" in this context? Code written to standards that are no longer fashionable?
I wrote a program suite in CB-80 to run in CP/M. When the time came to recompile this for CB-86 and DOS, my successor was pleasantly surprised, he needed to change only a couple of lines out of thousands. When "the competition" decided to advance to a new platform, they were down for about nine months. Was my code "cleaner"? No, we were lucky.
I foresee a return to a role for offline computers running obsolete OSes, pared down to a tiny number of applications, little or no security, communicating if necessary by sneakernet. There will be a place for the networked, secure, up-to-date computer, as a place to test USB sticks for malware before those sticks join the sneakernet. The machine the institution or company dumpsters today, you might wish tomorrow to have rescued. Those isolated machines will require their own localized backup strategies. With multi-TB self-powered 2.5" USB drives cheaply available, the strategy need not impress the Nobel Committee.
Fred (and Geoffrey) Hoyle (of Steady State Cosmology fame) in 1973 wrote a novel The Inferno about the effects on earth-life of what seemed to be a Nova rather too close for comfort. This is the book where the Astronomers and the Physicists get together in a room at an Observatory in Australia, figuring out how close this thing need be to fry us, the Astronomers start talking about kiloparsecs, and the Physicists look back blankly. "What the devil is a parsec?" Too funny. Then pages of equations...
My first computer, in 1979, was a Quasar Data Products-100. In those days a Quasar was the most powerful known source of radiation in the Universe, though I guess now that would be a Samsungsar. Sic transit lumina.
400 million accounts? I wonder how many of those are "managment" accounts. I don't mean "staff" accounts, I guess I mean "database management" accounts. For example, to convince male clients that there are sufficient female clients. And how many are some guy setting separate accounts with every gender / gender orientation / age / hair colour^H^H^H^H^H^Horientation he can think of, to generate the max number of "hits".
For decades (and yes, it's made me decadent) I've toyed with the thought that anti-matter experiences anti-gravity in relation to matter. That would make gravity some little bit symmetrical with charge. Like charges repel; opposite charges attract. In gravity, like matter attracts; opposite matter, well, in this scenario, repels. I also wondered if anti-grav would make redundant all that dark matter / dark energy stuff they keep droning on about. If they're using laser beams (rather than the Scales of Justice) to measure mass, perhaps my anti-grav idea still has a few months of plausibility left in the can.
Does that mean anybody could step in and take over? In other words, is the work they've done now free software? For goose, for gander, same sauce is?
As to Firefox itself, I still use it, but maybe I should be glad that I don't ask much of it. Also use Vivaldi and Opera. Have never used MSIE, except in extremis. Gradually became disenchanted with Google Chrome and erased it from all my machines. Yes, I know that Vivaldi and Opera are based on the Chromium engine.
As to Firefox, a couple of years ago I noted that the author of the best Firefox extensions I ever encountered, quit Mozilla code writing stone cold. It had something to do with the bureaucracy surrounding each new FF release, and ~qualifying~ your extension to work on it. So yes, I have an old install of Firefox in reserve, just as I have Opera 12.17 for its "create follower tab" feature, thereafter discontinued.
With that title he could get done for five crimes: supporting terrorism; reverting the course of justice; using a non-SI unit; using a foreign language; using sounds that don't exist in French (where we write 'sh', they would write 'ch' to make the same sound). Godwin's Law: it's a brick house, just the same.
The skit would have a board member say: "I don't want to lose fass". That's an understandable mispronunciation of "I don't want to lose face" for somebody whose main knowledge of English is through the written word. O Patent Office. The possible humour lies in the confusion with: "You bloody well *should* want to lose farce", as well as "loose fascist". It should end in a fass plant.
The type of conversation with error rate greater than 10%--family-based--must be among the more difficult ones to interpret. First, there would be no attempt on the part of the speakers to mask any local accents or dialects. Second, they could be speaking in code. For example, when a person says "uh-huh", are they clearing their throat, or is it a meaningful contribution to the discourse, a token for a paragraph's worth of words? Third, they can refer to people by name, or by nickname, or by relationship or by creative insult. The only conversation that I think could be more challenging, would be between teenage friends.
Some years ago I heard a CBC radio interview of a newspaper reporter who developed an RSI through typing, presumably at a computer terminal. So he switched the text recognition software, best that money could buy at the time, one would assume (he was working for a top newspaper) but before long developed a vocal RSI, even more debilitating, because the software would not understand him unless he stopped briefly between each word. He took part in the interview only with some difficulty.
A final thought-sac: if they released very good OCR or speech recognition software, punters would reach a stage where they'd rarely be inspired to buy the next version or upgrade. It's a bit like Windows, where they're forever taking "one step forward, two steps back" to make your current User Experience on a par with Windows 2000 (taking into account that faster CPUs and gargantuan RAM should have improved your experience). At this point, one might well ask "so what's the excuse of [alternative family of OSes]?", but I'll put it in a more positive way, that I'm hoping they blow MS Windows out of the water on every level, before long.
Bottom line, if I include "AI Programmer" or "AI Systems Analyst" in a CV, they'll regard it as a Good Thing, the fools. "AI Technician" maybe not so much, unless it's a farm job. Funny thing, though, the extraction and massaging of wordy data from text, which is the programming I did for a couple of decades, seems to pass as AI. AI, no lie.
"I do know one thing and that NO, repeat NO IoT device will ever be connected up in my home." In some jurisdictions, an electric "Smart Meter" is mandatory. Although one hopes that the electric utilities which own these meters will be more security-conscious, they still have the same IoT weaknesses mentioned in other comments. And the possibilities to wreck mischief go far beyond DDOS.
Take the name of a candidate, transliterate it to Russian, then back to English: Tramp. It is impossible to pronounce the name of the other candidate in Russian. If you put the stress where it belongs, on the first syllable, that degrades the sound of the unstressed vowel. So CLIN-tan is about as close as you'll get.
"We watched the Presidential Debates with much mirth. Comrade Ivan Nikolaevich proposed that each time we laughed, the sinner should propose a toast to one of the 50 glorious States. By the time we got to Ouaioming, Ivan Nikolaevich himself was completely plastered. We were finished the 50 States, but the debate was still going. Suddenly, Boris Andreevich said "Puerto Rico!". By the time we were truly finished toasting, there were 257 glorious States, including our beloved Rodina."
Surely state-employed hackers are assembling arsenals (one arsenal per state) of "smart meter" exploits to deploy should things ever get "hot". You might imagine that these exploits would be "up to" cutting off your service, but where electricity and natural gas are concerned, exploits can be far more deleterious than that. I'm glad to see that payment is integrated into the function of some smart meters. Perhaps this will attract the attention of private or commercial hackers for present-day exploits. This will have two benefits: it will allow Utilities a practice-ground to see how to defend against everyday threats (the threats from states are likely to be more powerful because a: they have more resources; and b: their arsenals will include exploits where they aren't afraid of getting caught); and the rest of us may begin to ask why our utility conduits are labelled "Blow Me (Up)".
From the numbers, as many US adults were victims of the hack as were not victims. It seems more that the "class" of the action is the average citizen. It would make more sense if the government settled on behalf of all citizens for $1 (or more) per citizen, precluding all other US class actions, but not individual claims. And take $1 off everybody's tax bill. Ha. Ha. Ha ha.
"My current printer, a Postscript Lexmark C543dn ..."
Same printer here. I had tremendous problems getting it to print from XP on the LAN. The 100 MB printer package from Lexmark is pretty much useless. Even before XP was deep-sixed by MS, my reliable way to print anything was to take the job on a USB stick from the computer which is 3 feet from the printer, move it to a Win 7 machine 30 feet away, print (wirelessly on the LAN), then go fetch. I suppose it's OT to note that I had better networking under Win95 than I have currently under Windows.
the international name of a country might be based upon its name in French. For example, Netherlands = Low Countries = Pays-Bas. See where I'm going? Then your Paycheck is in the Mali !
Oh well, countries are bound to be a joke, or almost one, in some other language. For example, if you tried to take a derivation for Canada in Spanish, the closest you could get would be Aca Nada = Nothing There. Perhaps that's what inspired the "Quelques arpents de neige" remark. Or perhaps the other way around.
It seems to me that, because Chechnya, and because it's still early days in the monde post- Czech Republic, that English-speakers choose Czechland. If other languages go different ways, no big deal. After all, Németországi Szövetségi Köztársaság is still with us, even though its name is dissimilar in so many languages.
IANAL BIPOOTI, but intent. Admittedly intent also looks double-standardly if examined. Company putting code on your computer to harvest your private data: OK; you putting code on their computer to research their private data: crime. You accepted their software, albeit presented under pretences. They accepted your phishing email. Hmm, not much difference! Here the intent was to prevent misuse of the company's IP. But isn't there a caption for criminal negligence, reckless behaviour?
Too serious. Time for a singsong. After me, please:
"Fake fake fake
fake fake fake
fake BIPOOTI" (to the tune of "Shake Your Booty", for anyone under 50).
'they paid the $$$ because the potential value found on the phone was worth more.'
We need an acronym for that. May I suggest SWSSNSS
Sure wuz some 'spensive naked sleb shots
being what we dream they found-but-will-never-tell-us.
That's pronounced 'Swiss Niss'.
Ha ha. In long ago more innocent days, I got a call from an HSBC rep who suggested a better pigeon hole (still within HSBC of course) for some dosh. After a lot of discussion (she needed to convince me!), I agreed. Then she asked for whatever the security was at the time. "But you called me!" So the call and discussion turned out to be pointless. Hmm, maybe HSBC could corporately sponsor the TV quiz game, Pointless.
E-mail is "broken" and "insecure", so cloud outages may not be a bad thing if they remind us that there may be better alternatives. If I phone or e-mail for help, usually what I'd rather be doing is secure web-chatting. For example. I prefer Ctrl-A, Ctrl-C, Ctrl-V to "Do you have a pen and paper handy?"