* Posts by c1ue

259 posts • joined 10 Nov 2015


You wait ages for a mid-air collision spoofing attack and along come two at once: More boffins take a crack at hoodwinking TCAS


The researchers probably tried to do things the hard way.

The easy way would be to pre-calculate a spoof plane at a specific distance and just hard code that delta onto the signal.

As for encryption: we all know how to make signals more secure. However, the TCAS hardware simply isn't capable of it.

And retrofitting would require all of the planes: commercial, private, new, old to be refitted.

California Attorney General asks judge to force Lyft and Uber to classify drivers as employees – or else


Ride share PR/agitprop has really gone downhill lately.

I especially like the continued rehashing of right-wing narratives created back when they were trying to break down the unionized cab drivers - now rehashed as liberal tech company nonsense.

Section 230 authors despair of Trump, Barr, Biden, US Congress’ aggressive ignorance of critical tech law


Re: Smaller, less intrusive government?

Sadly, while I admire Wyden - the reality is that his liberal views are much more shared by the big tech companies (and their management and employees) than views held by those on the conservative side.

And so it is quite convenient to say that everything is fine.

Perhaps Mr. Wyden can comment on what the remedy ought to be - should this tech persecution be real - because this is why Trump et al are pushing for 203 repeal.

Wired: China's Beidou satnav system, 35th bird in orbit. Tired: America's GPS. Expired: Britain's dreams of its own


Re: And next: commercial positioning

In theory, any satellite can be used for positioning.

In reality, unlikely. Among the issues:

1) Positioning systems all require at least 1 ground station connect. There is more than enough variable atmospheric interference that it has to be accounted for.

2) Power requirements are fairly significant. While the signal at Earth surface isn't strong, the satellite is broadcasting over a very wide area (line of sight Earth coverage). The GPS block 3 satellites are 2 tons in oribit and have 1.9 kilowatt in solar capacity with comparable storage.

3) Ledger info - you can't just throw up a positioning satellite, the users have to have a lexicon to find and handshake to its very weak radio signal.

A microsatellite system that is constantly repositioning, relaunching etc just doesn't seem like a good fit for the above, even if the power requirements are reduced because of closer proximity to the ground - because that closer proximity also makes the ground station atmospheric compensation extremely difficult.

Ex-CEO of fintech biz Wirecard arrested over missing money: Vanished €1.9bn may not have existed in the first place


Every single big company fraud was performed in the presence of big company auditors: Worldcom and Enron being the most notable. Only once has a big company auditor paid for its failure: Arthur Anderson.

Ex-eBay security execs among six charged with harassing, threatening bloggers who dared criticize web tat souk


Indeed, how extremely unprofessional. Not that Ebay is a shining example of a company to begin with...

California bigwigs rule Uber, Lyft dial-a-ride drivers are employees, not contractors


As if Uber and Lyft don't have enough challenges to become (or maybe will never become) viable businesses.

Nor am I the least bit sympathetic.

The medallion system is not perfect by any means, but it was created specifically to address conditions of fair pricing to consumers balanced against fair pay for drivers. The primary outcome of the "gig" economy in pickup transportation is the end-around made around existing regulations since these companies have yet to demonstrate that they achieve even the tiniest amount of increased income for drivers or efficiency for operations. In fact, data I've been following is clearly showing that ride share should be *more* expensive than taxi because of the drive-to-pickup time.

And given that ride-share companies are losing 35 cents on the dollar, their present slight discount vs. taxis is transparently a false economy - one which their present status at billions of dollars of revenue make clear that increased scale won't change.

Anatomy of a business email scam: FBI dossier details how fraudster pocketed $500k+ by redirecting payments


This guy was not the first team. No use of mules, no cutouts. Great he was caught - not indicative of the state of the criminal.

But very indicative of the state of security on the victim side - which is to say, none.

Hoverbikes, Hyperloops and sub-orbital hijinks: Yes, the '3rd, 4th and 5th Dimensions of Travel' are coming soon


Re: Nothing so simple

Indeed - just how much traction will hyperloop retain after the first passengers die of asphyxiation due to their vehicle springing a leak?

Watch an oblivious Tesla Model 3 smash into an overturned truck on a highway 'while under Autopilot'


The subset of Tesla fanbois is pretty interesting: they're all trying to redirect by saying humans cause accidents too/more accidents.

Except that the problem isn't humans causing accidents - it is Teslas on Autopilot causing accidents where a human would not have.

Isn't the whole point of autonomous driving that it is better? And therefore numerous and public examples of the opposite are a serious problem?

Fancy some post-weekend reading? How's this for a potboiler: The source code for UK, Australia's coronavirus contact-tracing apps


Schneier posted a thorough takedown of contact tracing apps

Scheier on Security for details, but a summary would be:

1) Apps can't tell if genuine contact was made or not (i.e. a wall between people)

2) Apps can't work if a person doesn't have a functioning smartphone

3) Even Singapore was only able to get 20% adoption rate

In the former case - are you going to quarantine 2 weeks based on this shoddy confidence level?

In the latter case - the app cannot provide any measure of security regarding exposure.

In the middle case - if even Singapore can't get more than 1 in 5 residents to install - why would anywhere else in the world, expect better? Except of course China...

So why bother at all?

'A' is for ad money oddly gone missing: Probe finds middlemen siphon off half of online advertising spend


Re: No surprise, but what to do about it?

Yes and no. More appropriate would be 3+3=3 - representing the part lost to fraud...

Uber trials fixed-price hourly rentals for visits to the butcher, the baker and the candlestick-maker


Re: The urban transport solution for coronavirus and afterwards

So what about driver protection?

And passenger protection if drivers get sick?

Because surely 1 hour of continuous exposure is safe.

Free users become losers as AI startup with AWS bills to pay pursues viral opportunity


Seems like a doomed business model.

If it succeeds, Zoom copies it.

All your jobs are belong to us... Amazon is hiring 75,000 people but if you want US home groceries, tough luck


I guess the real question is what will this ongoing coronavirus situation impact class relations going forward.

The salaried PMCs (professional, managerial classes) are the least affected: they're still getting paid and they can afford to order everything from Amazon.

However, the people who are paid poorly have just had their noses shoved into the fact that even their crappy jobs aren't reliable for the little money they do get.

The ones who have work: grocery, food delivery, etc get the bonus of playing the coronavirus lottery.

The many who don't...

Minister slams 5G coronavirus conspiracy theories as 'dangerous nonsense' after phone towers torched in UK


As opposed to say, National Inquirer type newspapers, social media etc?

Hey, China. Maybe you should have held your hackers off for a bit while COVID-19 ravaged the planet. Just a suggestion


Given China has been locked down since January 23 - what else do they have to do? /sarc

Don't believe the hype: Today's AI unlikely to best actual doctors at diagnosing patients from medical scans


This shouldn't be surprising.

The deployment of political campaign style PR into pushing startup memes was deployed to perfection by Uber, and that hasn't gone un-noticed.

Self-driving truck boss: 'Supervised machine learning doesn’t live up to the hype. It isn’t C-3PO, it’s sophisticated pattern matching'


Re: Tesla exists

The main benefit of Tesla's "AI" is that it is mostly killing Tesla drivers.

Not us innocent human pedestrians, bicyclists and other drivers.


Re: Finally, a proper description of what the media dubs "AI" actually is

Robot drivers are subject to all manner of attacks which human drivers aren't bothered by including

data poisoning and spoofing.

How will actuaries react to that?

Forget James Bond's super-gadgets, this chap spied for China using SD card dead drops. Now he's behind bars


Re: Money-laundering?

Incorrect. There are 2 levels of reporting - the $10K is a hard requirement but banks are supposed to report anything $2K up to $10K at the bank's discretion. I'd be shocked if this didn't happen frequently since it is mostly automated.

Resellers facing 'months' of delays for orders to be fulfilled. IT gathers dust on docks as coronavirus-stricken China goes back to work


Re: Just an FYI

Deaths are the only hard statistic - and they are the numerator.

The denominator is unknown except that it is higher than the known confirmed cases.

However, what really matters is that the novel coronavirus has a dramatically different mortality rate depending on your age.

Over 60 - really not good.

Under 10 - basically 0 chance of death.

10 to 50 - under 1%

Chips that pass in the night: How risky is RISC-V to Arm, Intel and the others? Very


Admirable effort but didn't think it through

The author did a decent job but didn't think it through.

I worked at AMD just before the Y2K era: the reason AMD had a brief resurgence was that Intel took a generation to ramp towards power efficiency - which AMD ignored and kept focusing on raw compute. The resulting faster AMD processor didn't matter though, because Intel just sliced the cost of top line processors knowing that AMD couldn't churn out enough product in its one fab to significantly change market share.

How does this matter regarding RISC-V? The issue is modern process complexity. The architecture is an important step, but arguably less important than the ability to transform theoretical performance - compute and power/heat efficiency - into reality. While AMD's fabless approach has removed the single fab bottleneck from 20 years ago, the barrier to being able to put in the engineers, test chips and know how to derive product is reinforced by modern $10M+ mask costs.

There will never be more than a handful of startups that can afford even a single tapeout, much less the stream needed to validate a top-end processor.

Or in other words, RISC-V is interesting but has zero chance of turning back, or even slowing down, the ongoing maturation of the processor industry.

Coronavirus conference cancellations continue: Google and Microsoft axe WSL and Cloud Next


I attended RSA - it didn't look empty at all.

The cancelled conferences are going to hit the SF economy pretty significantly.

Maersk prepares to lay off the Maidenhead staffers who rescued it from NotPetya super-pwnage


Is this just Maidenhead, or a more general Maersk budget cutting?

I note that world trade is significantly suffering due to fear/precaution over nCOV/novel coronavirus - both in terms of supply chains breaking from China production interruptus and from fear of contagion affecting freighter (from China) docking. As evidence - there appears to be a container shortage in the US.

As a shipping company, Maersk is certainly going to be affected.

Is this Maidenhead move a cost cutting just in that group, or part of an overall change?

It's only a game: Lara Croft won't save enterprise tech – but Jet Set Willy could


AS400 by any other name

Not at all clear to me why this article was written.

If we're going to talk about 8 bit CPUs like the ZX Spectrum - modern systems can perform software emulation to replace legacy DOS, Windows and Mac. All you then need is a copy of the software and some form of pipe to pull the data out of the legacy box.

I'd think the real problem lies with Big Iron systems that fundamentally don't work like x86 architectures, i.e. the PowerPC AS400 systems.

While you can software emulate PowerPC, the emulation cannot replace the hot swap, highly parallel and other architectural features of AS400 OS+PowerPC systems - and it isn't entirely clear to me that an FPGA could easily do the same either. This is disregarding potential copyright/patent issues IBM may have.

Internet's safe-keepers forced to postpone crucial DNSSEC root key signing ceremony – no, not a hacker attack, but because they can't open a safe


Re: Ironic yes


Astroboffins may have raged at Elon's emissions staining the sky, but all those satellites will be more boon than bother


If balloons are economically feasible, why are satellites?

Again, how about some numbers rather than "ooh its cool".

What's the expected throughput? What's the expected latency? How much will the ground-side connection hardware cost? How will privacy/security be observed?


Very weak article

If the author were really trying to convey value as opposed to sat'splain, the economics of the satellite internet access would have been talked about.

Instead, a very thinly disguised "progress" and TINA "there is no alternative" farrago.

LCD pwn System: How to modulate screen brightness to covertly transmit data from an air-gapped computer... slowly


To be fair, you could do a lot with the combination of frequency modulated data and using G and B pixels.

He’s a pain in the ASCII to everybody. Now please acquit my sysadmin client over these CIA Vault 7 leaking charges


The timeline and details, to me, implies a physical server or desktop.

But the question then is: why would super secret stuff be on a single physical server or desktop, as opposed to a centrally managed cloud device?

This matters because the evidence talked about all appears to be endpoint - there is hardly any, if any, network data.

Whatever superuser access the defendent may or may not have had - surely he didn't have the ability to access and modify network logs?

And now, here's Cli-Mate 9000 with the weather... Pattern-recognizing neural network tries its hand at forecasting


Circular Reasoning

Training an AI on the output of a machine simulation is literally circular reasoning. You get all of the biases, errors and lack of granularity of a model plus the bullshit marketability of AI.

'Cyber security incident' takes its Toll on Aussie delivery giant as box-tracking boxen yanked offline


Sounds like a ransomware attack to me.

Two billion years ago, snowball Earth was defrosted in huge asteroid crash – and it's been downhill ever since


Re: Hmmm

Dust is possible, but I'd look more towards induced volcanic eruptions contributing greenhouse gases.

Wave goodbye: DigitalOcean decimates workforce as co-founder reveals lack of profitability, leadership turmoil


Re: Impressed with the service but........

Not at all surprising.

I've helped LE take down cyber criminal gangs that were using a DO VPS as command and control, even though the operations were in a different continent.

How a Kaggle Grandmaster cheated in $25,000 AI contest with hidden code – and was fired from dream SV job


Re: One of life's losers...

I understand what you're saying, but in this case - the gold medal is accompanied by gold.

Not so much the Kaggle gold, but the extra work and pay that the #1 position yields.

So it isn't necessarily an ego thing as Pleskov says as it more likely is a financial thing:

Kaggle Grandmaster, hire me!

Spanking the pirates of corporate security? Try a Plimsoll


Compulsory bug bounties? How do compulsory bug bounties relate to a decent backup strategy? Looks like a blatant attempt to talk one's own book.

Google and IBM square off in Schrodinger’s catfight over quantum supremacy


A huge question which I see is: ok, the present Google machine has 56 qubits = 2exp56 size solution set.

How do you verify that an algorithm is working correctly over this range of solution set? Existing systems can't seem to do a very good job of testing/quality control - will quantum magically change this situation?

I wonder because once you start going into the 2exp100+ range - this is literally the million monkeys on typewriters for a million years scenario. Makes hash collision really interesting - in cryptography, for example.

Tragedy: CES squeeze forces frequent flier hotshots into economy hell


Re: This is why

Mostly no longer true. Most airlines are awarding frequent flier miles based on spend.


I should note that United frequent fliers are automatically entered into the lists for upgrade. There are upgrade capabilities which guarantee an upgrade if availability is there, but the upgrade generally occurs long before the lists. The lists are also available online at united.com - examination of flights departing many hours from now will shown significant numbers of upgrade list people as soon as they check in.

It isn't that all 183 or whatever passengers were DYKWIA - likely most didn't think it would happen.

This story is based on inaccurate assumptions.

Canada's .ca supremo in hot water after cyber-smut stash allegedly found on his work Mac ‒ and three IT bods fired


Re: Question for the community

To be clear, I think most companies' policies is that any personal data put on a work computer is:

1) No longer subject to personal privacy laws

2) Is not going to be officially supported by the company - i.e. backup, recovery, IT help etc

I don't think I've seen policies that prevent all personal use of the computer - these are impossible to enforce, or at least enforce without being extremely intrusive.

Ultimately, if the issue was that the IT people didn't want to move the data because it was personal under 2), that's one thing. If the issue was objection over the material itself - this seems odd since it shouldn't matter if the material is sexual or just a lot of saved games of Minecraft - particularly since there is no mention of said CEO showing this to anyone.


Question for the community

Having personal data on a work computer is generally against policy, but isn't inherently improper or illegal, right?

My question is this: the people doing the transfers clearly were perusing the data on said executive's computer. Isn't this also against good IT practice as well as potentially against IT policy?

There is likely all manner of sensitive information on a CEO's computer - work as well as anything else. Is it acceptable that an IT person tasked with data transfer is looking at any of it, for any reason? I'm talking not just about personal pics, but work evaluations of other employees, corporate budgets, board level reports, discussions with potential partners, acquirers or acquirees etc.

If this is not proper or acceptable, the reporting of personal pics on said CEO's computer would be like a john complaining to a policeman that the prostitute he solicited ran away with the money without giving sex...

How much cheese does one person need to grate? Mac Pro pricing unveiled


Look on Ebay

There are Mac Pro Tower desktop boxes that are decade plus old but sell for $1000 still.

I recently processed a 2006 era Mac Pro Tower: 10 GB Ram, 500 GB HD - owner said it was bought for US$12K.

So none of this surprises me, if the target market is the graphics/video editor.

PSA: You are now in the timeline where Facebook and pals are torn a new one by, er, Borat star Sacha Baron Cohen


The general points are valid, but the problem is that the specific issues being decried aren't clearly as objective as these spokespeople say they are.

For example, I watched a video of John Stamos talking to at Stanford about the challenges which Facebook has moderating content.

He put up 2 examples, after talking about how some of his investigators are ex-NSA.

The problem with his example is that the display of hate-mongering ads isn't necessarily ideological.

Wired published an article in 2017 (Inside the Macedonian Fake News complex) about a bunch of young people in Macedonia have been publishing exactly such ads - specifically targeting the 2016 election - purely in order to make money. They had very poor English and no ideological agenda - but the economics of online advertising is what drove their activity. Even the content they published was sourced from others; they simply chose what they deemed the most "effective" for clickbait purposes.

So there are at least one Macedonian town's worth of such muckrakers. Why should that be the only one?

Then there's the scale of which "the Russians" are supposed to have done ill. That may well be true, but it is still not clear to me how the $100,000 of spending by the RIA somehow significantly mattered vs. the $1.8 billion spent online - $1.1 billion by the Clinton campaign and $750M by Trump. We're talking literally 0.01% of the spend (vs. Clinton) - an addition of 0.013% to "pro-Trump" ad spend.

Note that Stamos said that the data on spend ($100K, RIA, ads used etc) was all from his team - so he can't claim ignorance as the the provenance of this figure, nor should he be ignorant of just how much revenue Facebook generated as a result of 2016 presidential spending.

Note that overall political spending in 2016 was $10 billion...

Welcome to cultured meat – not pigs reading Proust but a viable alternative to slaughter


This entire vat-grown fad is nonsense

The cost of agar - what is used to grow stuff in petri dishes - was $35-$45 a pound before a shortage hit.

That's the beginning bottom limit of what any "grown" meat is going to cost: the feedstock.

Then there's the economics of growing 200+ pounds of meat per American - half of which is not-poultry = 60 billion plus pounds per year per percent of market share. The washing and refilling of growth containers. The monitoring and harvesting. The transport. The quality control. The extra processing needed for texture.

This entire sector is Theranos level bullshit, except for the tiny sliver that understands it is selling $200 burgers to virtue signaling rich people.

A better comparison is the algae grown replacement for oil that was "hot" not so long ago: where's that gone?

Nowhere, because the scale simply isn't achievable by non-magical means. Even having a variety of algae that could directly spit out oil, the capability to farm enough algae, harvest and process to replace even 1% of oil consumption at even 10x prices vs actual oil is simply utterly impossible.

Rekognition still racist, politicians desperate over deepfakes, and a good reason to go to (some) music festivals


Progress! At least the black athletes are being identified as human, albeit criminal human.

The earlier AI machine eyes were seeing gorillas...

Would you open an email from one Dr Brian Fisher? GP app staff did – and they got phished


Re: Do you use one of these popular passwords?

biometrics is not a great idea. What do you do once that data is stolen? Going to change your DNA?

Tesla has made a profit. Repeat, Tesla has made a profit – $143m in fact


Q3 profitable due to an over $150M decrease in operating expenses vs Q1 or Q2. Plus ongoing $100M+ revenue from regulatory credits, $134M in Q3.

More importantly, their gross margins - even when "profitable" - are 5%-ish. That's worth more stock value?

Welcome to the World Of Tomorrow, where fridges suffer certificate errors. Just like everything else


You're right, but missing the point.

The app is there to spy and collect Big Data on every user.

The interface to the hardware device is the shiny lure...

Who you gonna call? Avaya grabs $500m investment from RingCentral to cut whopping debts


This is confusing to me. RingCentral is doing reasonably well, but this deal seems like they're plowing all their cash and a lot of their stock valuation into Avaya.

I guess it makes sense if RingCentral is basically buying Avaya's customer list, but this looks like a guppy swallowing a whale: RingCentral is giving $500M to Avaya when their annual revenue is $800M. The stock part makes more sense - it is way up,



Biting the hand that feeds IT © 1998–2020