* Posts by c1ue

283 posts • joined 10 Nov 2015


Amazon staffers took bribes, manipulated marketplace, leaked data including search algorithms – DoJ claims


The only question I have is who cracked? It seems pretty clear that a member of the gang gave up the rest of them.

Strap in for the wild ride that is invest.com: A failed legal battle, millions of dollars on the line... and that Yo! app


What a sordid tale of a scam artist. And I don't mean the guy who lost the lawsuit...

Who cares what Apple's about to announce? It owes us a macOS x86 virtual appliance for non-Mac computers


The OP is ignorant.

PowerPC systems still underlie many of the core capabilities in big companies because of its hot swap capability. VMs exist in this case but still cannot replicate the hot swap nor can they replace the big iron original basis.

However, the lack of MacOS VMs is 100% Apple patent trolling.

MacOS is a flavor of Linux - there is absolutely nothing preventing virtualization besides Apple's lawyers.

Worried about bootkits, rootkits, UEFI nasties? Have you tried turning on Secure Boot, asks the No Sh*! Agency


Turning on Secure Boot also makes it a lot more complicated for offline backups.

So - would you prefer defending against the largely mythical nation state attacker (if you are not in the defense industry/intel agency/government official space) or improving business continuity interruption protection against the very virulent ransomware gangs?

AI in the enterprise: Get ready for a whole new era of smart software fueled by mountains upon mountains of data


It is turtles all the way down.

The reality is that AI is still somebody's algorithm - only justified with mountains of data.

The thing is - data in the real world is messy, ugly and generally unusable. Real world data encompasses limitations in sampling, errors in measurement, biases in focus, architectural limitations in model, and on and on.

Until there is actual intelligence - i.e. independent reasoning combined with intuition and reinforced with scientific method, "AI" is pure marketing garbage albeit very useful for killing jobs for people.

Smash-and-grabbed: Chinese AI academic cuffed by Feds after 'binning hard drive' amid software leak probe


Re: Too dumb ...

Yes and no.

People destroying (or at least attempting to destroy) HDs isn't unusual.

People taking out the storage platters and electronics - that's unusual.

Sounds like the black helicopters have come for us. Oh, just another swarm of FAA-approved Amazon delivery drones


I can't say for the less dense areas, but a UPS driver in a major city will have 200+ packages for their route every day.

Just how much money is saved by having each package loaded into a drone and said drone sent on its way?

Just how likely is it that said drones will not collide with buildings, utility wires, other drones, birds, kites, trees and what not?

For rural areas: much longer distances are involved. Sure, the drones can fly "as the crow flies" - but then again maps and survey quality deteriorate in direct inverse proportion to density even as distance traveled increases.

I suspect the operational reality of drone delivery is just not worthwhile - particularly with $5000 geolocation/sensing packages required.

And then there's GPS jammers/spoofers. Why bother with porch pirating when your loot can come to you?

As promised, Apple will now entertain suggestions from the hoi polloi on how it should run its App Store


Re: A larger share ?

Utter bollocks.

I looked at Apple 2015 earnings: the app store revenues exceed the costs for the entire company: store and employees, developers, manufacturing management, salaries for everyone in the company, etc.

The Apple App store is a profit center at 30%, pure and simple.

Visa offers a "free" product at 2.x% of revenue, so it isn't the financial aspect.

It is ludicrous to say that what Apple charges has anything to do with the costs of providing "free" product or the cost of vetting apps etc.

Furthermore, it is the apps plus email, texts etc which is why people buy iPhones repeatedly - so in fact the app developers are a key factor Apple's core product repeat sales: the software is the razor while the hardware phones are the blades.

Amazon spies on staff, fires them by text for not hitting secretive targets, workers 'feel forced to work through pain, injuries' – report


Re: Dystopian Nightmares Inc.

You might ask the same question of why would anyone drive for Uber/Lyft, deliver for DoorDash/Grubhub, etc?

Because there aren't better choices and because there is very expensive marketing.

Uber lied vociferously over what drivers get paid - the $80,000 annual income they were pushing in the early years was later shown to be completely made up.

Amazon: they offer "high" minimum wages, but people don't realize just how debilitating those jobs are. Nor are they jobs which can be handled for very long - injuries and lack of benefits are both later consequences.

Ultimately, these jobs exist because of the hollowing out of employment opportunities in the Western countries: manufacturing to China, services jobs to India, etc. have led to a dearth of opportunity for those who aren't sufficiently middle tier (software devs and managers) to the billionaire overlords.

Global heatmap of cheater density says Brazil is the worst at video games, but there's no data on China


Interesting but not so useful if gold farming isn’t taken into account

North Korean hackers pwned cryptocurrency sysadmin with GDPR-themed LinkedIn lure, says F-Secure


It isn't clear that just "disabling" macros would do the trick.

The interoperability of MS Office between its different sub-areas (Powerpoint, Excel, browser etc) via AJAX is never going to be secure - since AJAX enables delivery via Javascript libraries.

Impersonating users of 'protest' app Bridgefy was as simple as sniffing Bluetooth handshakes for identifiers


Nice: a "secure" app which clearly has put zero thought into security.

plaintext sender and receiver addresses?

The crypto sigs is a bit more understandable - running those packages on low end cell phones is trickier than an iPhone only crowd.

Nonetheless, the pattern seems much more Zoom than Signal.

When it comes to hacking societies, Russia remains the master at sowing discord and disinformation online


It would be nice if some of Ms. DiResta's other initiatives (and potential conflicts of interest) were more clear.

Among them:

1) Part of a cyber security company: New Knowledge name changed to Yonder. Past or still present?

2) Multiple online mentions of her doing research into the Internet Research Agency - self licking cone action going on here?

3) Director at Data for Democracy. Incredibly intrusive web site. How is it funded? Freedom House/BBG action?

Perhaps this was covered in Ms. DiResta's talk, but failure to differentiate between pure profit motive/attention trolling vs. nation state actors and motivations is a serious oversight. It has been documented since 2016 that there is a world of people out there who don't even speak English well, but understand internet attention/advertising economics well enough to pull outrageous memes from fringe sites to provoke anger and attention and to then monetize via advertising. See the Wired article about the Macedonian Fake News Complex.

And most importantly: it is the Western, for profit social media companies and their algorithms which underpin this activity.

It is their algorithms which are choosing for "high emotion" = "high divisiveness"/"high anger".

How incredibly convenient to blame negative social media outcomes on Russia - as opposed to the people and institutions without which this type of activity is literally impossible.

Think carefully about cyber insurance, says NCSC. But don't worry about buying off ransomware crooks


Re: Just waiting to see how long before...

Backups work in theory.

In reality: the cyber criminals are actively going after backups: hardware, cloud, you name it.

Also in reality: if you have any significant number of endpoints, restore from hardware or cloud - even if not-corrupted - is immensely time consuming and often bandwidth limited. As is the reality that data/work *will* be lost as a tradeoff between backup corruption vulnerability, bandwidth impact on corporate network and windows of data loss vulnerability.

With the US election coming up, when better to petition regulators for a controversial way to chill online speech?


Re: senility vs narcissism

You might want to make it more clear who you are referring to, since the OP mentioned dementia...


Re: About Time

The point which your experience should inform is that moderation can not be fairly accomplished through small teams and opaque means.

The benefit of transparency and public scrutiny is that the overall picture is much easier to assemble and make fair than the outcome of the views of a handful of moderators and AI devs.

It isn’t clear to me that FB, Goog and Tw are deliberately discriminative at the top level, but their hiring practices can accomplish the same outcome. If you hire nothing but libera moderators and coders, you’re going to get liberal moderation and filtering policies.


Re: About Time

I would be totally fine with ending Fox News if CNN and MSDNC were also ended.

As it is, it is Alien vs Predator: No Matter Who Wins, We Lose

Bill Gates debunks 'coronavirus vaccine is my 5G mind control microchip implant' conspiracy theory


I don’t doubt there are people working in the Buffet and Gates foundations to do good.

But it is also transparently clear that a charitable foundation is the best way to make a huge fortune live forever. The 5% spend rate is easily matched or exceeded by hoard growth rates, particularly with heavily paid managers, and the tax free nature doesn’t hurt either. See: Rockefeller

Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters


Admin scammer

Or maybe the admin account was cracked...

Twitter hackers busted 2FA to access accounts and then reset user passwords


Re: SIM Swapping

Sim swapping isn't about tools - it is identifying the mobile telco provider and phone number that a target uses, then getting the telco to "recover" the phone number into a new sim.

This can be via social engineering the telco or just finding and paying off an employee with appropriate capability like a local store manager.

Motorbike ride-share app CEO taken to pieces in grisly New York dismemberment


Re: Who dunnit?

My first thought was that he took investment money from the wrong person.

SoftBank: Oi, we paid $32bn for you, when are you going to strong-Arm some more money out of your customers?


Re: SoftBank bought a goose that lays golden eggs...

Multiple somebodies hosed up that transaction. On the sell-side, it is understandable: the ubiquity of ARM in mobile conveys the impression of monopoly market presence. However, the value of ARM is primarily that it is cheaper and easier to buy than to build your own.

The "market dominance" is a function of realistic pricing; higher pricing tilts the equation to build your own or use another.

Trump's bright idea of kicking out foreign students unless unis resume in-person classes stuns tech, science world


The comments here that I've seen are missing the point.

This act is just like the Trump tax act removing the federal income tax deductions for state taxes etc: it is 100% aimed at those which don't vote for him.

The universities are 99% against Trump: the staff, the management and the students altogether. Why shouldn't Trump target the single largest external source of funding for these institutions? The anti-immigrant thing is purely a bonus.

Barclays Bank appeared to be using the Wayback Machine as a 'CDN' for some Javascript


Re: Liability

Are you a lawyer?

You're presenting legal arguments, but it is far from clear you actually are qualified or experienced.

Proof of intent is not absolutely required - that's what Means, Motive and Opportunity is for.

As owner of the site and script, you automatically have Means.

Changing the script after the linking: unless you were particularly sneaky about it, the discovery process will show that you were, in fact, aware of who was linking. This can range from Chrome logs to the linker's logs. This constitutes Opportunity.

And the fact that a cryptominer script was inserted = personal gain = Motive.

IANAL but I do a lot of work involving cyber criminal forensics...

You wait ages for a mid-air collision spoofing attack and along come two at once: More boffins take a crack at hoodwinking TCAS


The researchers probably tried to do things the hard way.

The easy way would be to pre-calculate a spoof plane at a specific distance and just hard code that delta onto the signal.

As for encryption: we all know how to make signals more secure. However, the TCAS hardware simply isn't capable of it.

And retrofitting would require all of the planes: commercial, private, new, old to be refitted.

California Attorney General asks judge to force Lyft and Uber to classify drivers as employees – or else


Ride share PR/agitprop has really gone downhill lately.

I especially like the continued rehashing of right-wing narratives created back when they were trying to break down the unionized cab drivers - now rehashed as liberal tech company nonsense.

Section 230 authors despair of Trump, Barr, Biden, US Congress’ aggressive ignorance of critical tech law


Re: Smaller, less intrusive government?

Sadly, while I admire Wyden - the reality is that his liberal views are much more shared by the big tech companies (and their management and employees) than views held by those on the conservative side.

And so it is quite convenient to say that everything is fine.

Perhaps Mr. Wyden can comment on what the remedy ought to be - should this tech persecution be real - because this is why Trump et al are pushing for 203 repeal.

Wired: China's Beidou satnav system, 35th bird in orbit. Tired: America's GPS. Expired: Britain's dreams of its own


Re: And next: commercial positioning

In theory, any satellite can be used for positioning.

In reality, unlikely. Among the issues:

1) Positioning systems all require at least 1 ground station connect. There is more than enough variable atmospheric interference that it has to be accounted for.

2) Power requirements are fairly significant. While the signal at Earth surface isn't strong, the satellite is broadcasting over a very wide area (line of sight Earth coverage). The GPS block 3 satellites are 2 tons in oribit and have 1.9 kilowatt in solar capacity with comparable storage.

3) Ledger info - you can't just throw up a positioning satellite, the users have to have a lexicon to find and handshake to its very weak radio signal.

A microsatellite system that is constantly repositioning, relaunching etc just doesn't seem like a good fit for the above, even if the power requirements are reduced because of closer proximity to the ground - because that closer proximity also makes the ground station atmospheric compensation extremely difficult.

Ex-CEO of fintech biz Wirecard arrested over missing money: Vanished €1.9bn may not have existed in the first place


Every single big company fraud was performed in the presence of big company auditors: Worldcom and Enron being the most notable. Only once has a big company auditor paid for its failure: Arthur Anderson.

Ex-eBay security execs among six charged with harassing, threatening bloggers who dared criticize web tat souk


Indeed, how extremely unprofessional. Not that Ebay is a shining example of a company to begin with...

California bigwigs rule Uber, Lyft dial-a-ride drivers are employees, not contractors


As if Uber and Lyft don't have enough challenges to become (or maybe will never become) viable businesses.

Nor am I the least bit sympathetic.

The medallion system is not perfect by any means, but it was created specifically to address conditions of fair pricing to consumers balanced against fair pay for drivers. The primary outcome of the "gig" economy in pickup transportation is the end-around made around existing regulations since these companies have yet to demonstrate that they achieve even the tiniest amount of increased income for drivers or efficiency for operations. In fact, data I've been following is clearly showing that ride share should be *more* expensive than taxi because of the drive-to-pickup time.

And given that ride-share companies are losing 35 cents on the dollar, their present slight discount vs. taxis is transparently a false economy - one which their present status at billions of dollars of revenue make clear that increased scale won't change.

Anatomy of a business email scam: FBI dossier details how fraudster pocketed $500k+ by redirecting payments


This guy was not the first team. No use of mules, no cutouts. Great he was caught - not indicative of the state of the criminal.

But very indicative of the state of security on the victim side - which is to say, none.

Hoverbikes, Hyperloops and sub-orbital hijinks: Yes, the '3rd, 4th and 5th Dimensions of Travel' are coming soon


Re: Nothing so simple

Indeed - just how much traction will hyperloop retain after the first passengers die of asphyxiation due to their vehicle springing a leak?

Watch an oblivious Tesla Model 3 smash into an overturned truck on a highway 'while under Autopilot'


The subset of Tesla fanbois is pretty interesting: they're all trying to redirect by saying humans cause accidents too/more accidents.

Except that the problem isn't humans causing accidents - it is Teslas on Autopilot causing accidents where a human would not have.

Isn't the whole point of autonomous driving that it is better? And therefore numerous and public examples of the opposite are a serious problem?

Fancy some post-weekend reading? How's this for a potboiler: The source code for UK, Australia's coronavirus contact-tracing apps


Schneier posted a thorough takedown of contact tracing apps

Scheier on Security for details, but a summary would be:

1) Apps can't tell if genuine contact was made or not (i.e. a wall between people)

2) Apps can't work if a person doesn't have a functioning smartphone

3) Even Singapore was only able to get 20% adoption rate

In the former case - are you going to quarantine 2 weeks based on this shoddy confidence level?

In the latter case - the app cannot provide any measure of security regarding exposure.

In the middle case - if even Singapore can't get more than 1 in 5 residents to install - why would anywhere else in the world, expect better? Except of course China...

So why bother at all?

'A' is for ad money oddly gone missing: Probe finds middlemen siphon off half of online advertising spend


Re: No surprise, but what to do about it?

Yes and no. More appropriate would be 3+3=3 - representing the part lost to fraud...

Uber trials fixed-price hourly rentals for visits to the butcher, the baker and the candlestick-maker


Re: The urban transport solution for coronavirus and afterwards

So what about driver protection?

And passenger protection if drivers get sick?

Because surely 1 hour of continuous exposure is safe.

Free users become losers as AI startup with AWS bills to pay pursues viral opportunity


Seems like a doomed business model.

If it succeeds, Zoom copies it.

All your jobs are belong to us... Amazon is hiring 75,000 people but if you want US home groceries, tough luck


I guess the real question is what will this ongoing coronavirus situation impact class relations going forward.

The salaried PMCs (professional, managerial classes) are the least affected: they're still getting paid and they can afford to order everything from Amazon.

However, the people who are paid poorly have just had their noses shoved into the fact that even their crappy jobs aren't reliable for the little money they do get.

The ones who have work: grocery, food delivery, etc get the bonus of playing the coronavirus lottery.

The many who don't...

Minister slams 5G coronavirus conspiracy theories as 'dangerous nonsense' after phone towers torched in UK


As opposed to say, National Inquirer type newspapers, social media etc?

Hey, China. Maybe you should have held your hackers off for a bit while COVID-19 ravaged the planet. Just a suggestion


Given China has been locked down since January 23 - what else do they have to do? /sarc

Don't believe the hype: Today's AI unlikely to best actual doctors at diagnosing patients from medical scans


This shouldn't be surprising.

The deployment of political campaign style PR into pushing startup memes was deployed to perfection by Uber, and that hasn't gone un-noticed.

Self-driving truck boss: 'Supervised machine learning doesn’t live up to the hype. It isn’t C-3PO, it’s sophisticated pattern matching'


Re: Tesla exists

The main benefit of Tesla's "AI" is that it is mostly killing Tesla drivers.

Not us innocent human pedestrians, bicyclists and other drivers.


Re: Finally, a proper description of what the media dubs "AI" actually is

Robot drivers are subject to all manner of attacks which human drivers aren't bothered by including

data poisoning and spoofing.

How will actuaries react to that?

Forget James Bond's super-gadgets, this chap spied for China using SD card dead drops. Now he's behind bars


Re: Money-laundering?

Incorrect. There are 2 levels of reporting - the $10K is a hard requirement but banks are supposed to report anything $2K up to $10K at the bank's discretion. I'd be shocked if this didn't happen frequently since it is mostly automated.

Resellers facing 'months' of delays for orders to be fulfilled. IT gathers dust on docks as coronavirus-stricken China goes back to work


Re: Just an FYI

Deaths are the only hard statistic - and they are the numerator.

The denominator is unknown except that it is higher than the known confirmed cases.

However, what really matters is that the novel coronavirus has a dramatically different mortality rate depending on your age.

Over 60 - really not good.

Under 10 - basically 0 chance of death.

10 to 50 - under 1%

Chips that pass in the night: How risky is RISC-V to Arm, Intel and the others? Very


Admirable effort but didn't think it through

The author did a decent job but didn't think it through.

I worked at AMD just before the Y2K era: the reason AMD had a brief resurgence was that Intel took a generation to ramp towards power efficiency - which AMD ignored and kept focusing on raw compute. The resulting faster AMD processor didn't matter though, because Intel just sliced the cost of top line processors knowing that AMD couldn't churn out enough product in its one fab to significantly change market share.

How does this matter regarding RISC-V? The issue is modern process complexity. The architecture is an important step, but arguably less important than the ability to transform theoretical performance - compute and power/heat efficiency - into reality. While AMD's fabless approach has removed the single fab bottleneck from 20 years ago, the barrier to being able to put in the engineers, test chips and know how to derive product is reinforced by modern $10M+ mask costs.

There will never be more than a handful of startups that can afford even a single tapeout, much less the stream needed to validate a top-end processor.

Or in other words, RISC-V is interesting but has zero chance of turning back, or even slowing down, the ongoing maturation of the processor industry.

Coronavirus conference cancellations continue: Google and Microsoft axe WSL and Cloud Next


I attended RSA - it didn't look empty at all.

The cancelled conferences are going to hit the SF economy pretty significantly.

Maersk prepares to lay off the Maidenhead staffers who rescued it from NotPetya super-pwnage


Is this just Maidenhead, or a more general Maersk budget cutting?

I note that world trade is significantly suffering due to fear/precaution over nCOV/novel coronavirus - both in terms of supply chains breaking from China production interruptus and from fear of contagion affecting freighter (from China) docking. As evidence - there appears to be a container shortage in the US.

As a shipping company, Maersk is certainly going to be affected.

Is this Maidenhead move a cost cutting just in that group, or part of an overall change?

It's only a game: Lara Croft won't save enterprise tech – but Jet Set Willy could


AS400 by any other name

Not at all clear to me why this article was written.

If we're going to talk about 8 bit CPUs like the ZX Spectrum - modern systems can perform software emulation to replace legacy DOS, Windows and Mac. All you then need is a copy of the software and some form of pipe to pull the data out of the legacy box.

I'd think the real problem lies with Big Iron systems that fundamentally don't work like x86 architectures, i.e. the PowerPC AS400 systems.

While you can software emulate PowerPC, the emulation cannot replace the hot swap, highly parallel and other architectural features of AS400 OS+PowerPC systems - and it isn't entirely clear to me that an FPGA could easily do the same either. This is disregarding potential copyright/patent issues IBM may have.



Biting the hand that feeds IT © 1998–2020