Posts by c1ue 320 publicly visible posts • joined 10 Nov 2015
Nice: a "secure" app which clearly has put zero thought into security.
plaintext sender and receiver addresses?
The crypto sigs is a bit more understandable - running those packages on low end cell phones is trickier than an iPhone only crowd.
Nonetheless, the pattern seems much more Zoom than Signal.
It would be nice if some of Ms. DiResta's other initiatives (and potential conflicts of interest) were more clear.
Among them:
1) Part of a cyber security company: New Knowledge name changed to Yonder. Past or still present?
2) Multiple online mentions of her doing research into the Internet Research Agency - self licking cone action going on here?
3) Director at Data for Democracy. Incredibly intrusive web site. How is it funded? Freedom House/BBG action?
Perhaps this was covered in Ms. DiResta's talk, but failure to differentiate between pure profit motive/attention trolling vs. nation state actors and motivations is a serious oversight. It has been documented since 2016 that there is a world of people out there who don't even speak English well, but understand internet attention/advertising economics well enough to pull outrageous memes from fringe sites to provoke anger and attention and to then monetize via advertising. See the Wired article about the Macedonian Fake News Complex.
And most importantly: it is the Western, for profit social media companies and their algorithms which underpin this activity.
It is their algorithms which are choosing for "high emotion" = "high divisiveness"/"high anger".
How incredibly convenient to blame negative social media outcomes on Russia - as opposed to the people and institutions without which this type of activity is literally impossible.
Backups work in theory.
In reality: the cyber criminals are actively going after backups: hardware, cloud, you name it.
Also in reality: if you have any significant number of endpoints, restore from hardware or cloud - even if not-corrupted - is immensely time consuming and often bandwidth limited. As is the reality that data/work *will* be lost as a tradeoff between backup corruption vulnerability, bandwidth impact on corporate network and windows of data loss vulnerability.
The point which your experience should inform is that moderation can not be fairly accomplished through small teams and opaque means.
The benefit of transparency and public scrutiny is that the overall picture is much easier to assemble and make fair than the outcome of the views of a handful of moderators and AI devs.
It isn’t clear to me that FB, Goog and Tw are deliberately discriminative at the top level, but their hiring practices can accomplish the same outcome. If you hire nothing but libera moderators and coders, you’re going to get liberal moderation and filtering policies.
I don’t doubt there are people working in the Buffet and Gates foundations to do good.
But it is also transparently clear that a charitable foundation is the best way to make a huge fortune live forever. The 5% spend rate is easily matched or exceeded by hoard growth rates, particularly with heavily paid managers, and the tax free nature doesn’t hurt either. See: Rockefeller
Sim swapping isn't about tools - it is identifying the mobile telco provider and phone number that a target uses, then getting the telco to "recover" the phone number into a new sim.
This can be via social engineering the telco or just finding and paying off an employee with appropriate capability like a local store manager.
Multiple somebodies hosed up that transaction. On the sell-side, it is understandable: the ubiquity of ARM in mobile conveys the impression of monopoly market presence. However, the value of ARM is primarily that it is cheaper and easier to buy than to build your own.
The "market dominance" is a function of realistic pricing; higher pricing tilts the equation to build your own or use another.
The comments here that I've seen are missing the point.
This act is just like the Trump tax act removing the federal income tax deductions for state taxes etc: it is 100% aimed at those which don't vote for him.
The universities are 99% against Trump: the staff, the management and the students altogether. Why shouldn't Trump target the single largest external source of funding for these institutions? The anti-immigrant thing is purely a bonus.
Are you a lawyer?
You're presenting legal arguments, but it is far from clear you actually are qualified or experienced.
Proof of intent is not absolutely required - that's what Means, Motive and Opportunity is for.
As owner of the site and script, you automatically have Means.
Changing the script after the linking: unless you were particularly sneaky about it, the discovery process will show that you were, in fact, aware of who was linking. This can range from Chrome logs to the linker's logs. This constitutes Opportunity.
And the fact that a cryptominer script was inserted = personal gain = Motive.
IANAL but I do a lot of work involving cyber criminal forensics...
The researchers probably tried to do things the hard way.
The easy way would be to pre-calculate a spoof plane at a specific distance and just hard code that delta onto the signal.
As for encryption: we all know how to make signals more secure. However, the TCAS hardware simply isn't capable of it.
And retrofitting would require all of the planes: commercial, private, new, old to be refitted.
Sadly, while I admire Wyden - the reality is that his liberal views are much more shared by the big tech companies (and their management and employees) than views held by those on the conservative side.
And so it is quite convenient to say that everything is fine.
Perhaps Mr. Wyden can comment on what the remedy ought to be - should this tech persecution be real - because this is why Trump et al are pushing for 203 repeal.
In theory, any satellite can be used for positioning.
In reality, unlikely. Among the issues:
1) Positioning systems all require at least 1 ground station connect. There is more than enough variable atmospheric interference that it has to be accounted for.
2) Power requirements are fairly significant. While the signal at Earth surface isn't strong, the satellite is broadcasting over a very wide area (line of sight Earth coverage). The GPS block 3 satellites are 2 tons in oribit and have 1.9 kilowatt in solar capacity with comparable storage.
3) Ledger info - you can't just throw up a positioning satellite, the users have to have a lexicon to find and handshake to its very weak radio signal.
A microsatellite system that is constantly repositioning, relaunching etc just doesn't seem like a good fit for the above, even if the power requirements are reduced because of closer proximity to the ground - because that closer proximity also makes the ground station atmospheric compensation extremely difficult.
As if Uber and Lyft don't have enough challenges to become (or maybe will never become) viable businesses.
Nor am I the least bit sympathetic.
The medallion system is not perfect by any means, but it was created specifically to address conditions of fair pricing to consumers balanced against fair pay for drivers. The primary outcome of the "gig" economy in pickup transportation is the end-around made around existing regulations since these companies have yet to demonstrate that they achieve even the tiniest amount of increased income for drivers or efficiency for operations. In fact, data I've been following is clearly showing that ride share should be *more* expensive than taxi because of the drive-to-pickup time.
And given that ride-share companies are losing 35 cents on the dollar, their present slight discount vs. taxis is transparently a false economy - one which their present status at billions of dollars of revenue make clear that increased scale won't change.
The subset of Tesla fanbois is pretty interesting: they're all trying to redirect by saying humans cause accidents too/more accidents.
Except that the problem isn't humans causing accidents - it is Teslas on Autopilot causing accidents where a human would not have.
Isn't the whole point of autonomous driving that it is better? And therefore numerous and public examples of the opposite are a serious problem?
Scheier on Security for details, but a summary would be:
1) Apps can't tell if genuine contact was made or not (i.e. a wall between people)
2) Apps can't work if a person doesn't have a functioning smartphone
3) Even Singapore was only able to get 20% adoption rate
In the former case - are you going to quarantine 2 weeks based on this shoddy confidence level?
In the latter case - the app cannot provide any measure of security regarding exposure.
In the middle case - if even Singapore can't get more than 1 in 5 residents to install - why would anywhere else in the world, expect better? Except of course China...
So why bother at all?
I guess the real question is what will this ongoing coronavirus situation impact class relations going forward.
The salaried PMCs (professional, managerial classes) are the least affected: they're still getting paid and they can afford to order everything from Amazon.
However, the people who are paid poorly have just had their noses shoved into the fact that even their crappy jobs aren't reliable for the little money they do get.
The ones who have work: grocery, food delivery, etc get the bonus of playing the coronavirus lottery.
The many who don't...
Deaths are the only hard statistic - and they are the numerator.
The denominator is unknown except that it is higher than the known confirmed cases.
However, what really matters is that the novel coronavirus has a dramatically different mortality rate depending on your age.
Over 60 - really not good.
Under 10 - basically 0 chance of death.
10 to 50 - under 1%
The author did a decent job but didn't think it through.
I worked at AMD just before the Y2K era: the reason AMD had a brief resurgence was that Intel took a generation to ramp towards power efficiency - which AMD ignored and kept focusing on raw compute. The resulting faster AMD processor didn't matter though, because Intel just sliced the cost of top line processors knowing that AMD couldn't churn out enough product in its one fab to significantly change market share.
How does this matter regarding RISC-V? The issue is modern process complexity. The architecture is an important step, but arguably less important than the ability to transform theoretical performance - compute and power/heat efficiency - into reality. While AMD's fabless approach has removed the single fab bottleneck from 20 years ago, the barrier to being able to put in the engineers, test chips and know how to derive product is reinforced by modern $10M+ mask costs.
There will never be more than a handful of startups that can afford even a single tapeout, much less the stream needed to validate a top-end processor.
Or in other words, RISC-V is interesting but has zero chance of turning back, or even slowing down, the ongoing maturation of the processor industry.
I note that world trade is significantly suffering due to fear/precaution over nCOV/novel coronavirus - both in terms of supply chains breaking from China production interruptus and from fear of contagion affecting freighter (from China) docking. As evidence - there appears to be a container shortage in the US.
As a shipping company, Maersk is certainly going to be affected.
Is this Maidenhead move a cost cutting just in that group, or part of an overall change?
Not at all clear to me why this article was written.
If we're going to talk about 8 bit CPUs like the ZX Spectrum - modern systems can perform software emulation to replace legacy DOS, Windows and Mac. All you then need is a copy of the software and some form of pipe to pull the data out of the legacy box.
I'd think the real problem lies with Big Iron systems that fundamentally don't work like x86 architectures, i.e. the PowerPC AS400 systems.
While you can software emulate PowerPC, the emulation cannot replace the hot swap, highly parallel and other architectural features of AS400 OS+PowerPC systems - and it isn't entirely clear to me that an FPGA could easily do the same either. This is disregarding potential copyright/patent issues IBM may have.
The timeline and details, to me, implies a physical server or desktop.
But the question then is: why would super secret stuff be on a single physical server or desktop, as opposed to a centrally managed cloud device?
This matters because the evidence talked about all appears to be endpoint - there is hardly any, if any, network data.
Whatever superuser access the defendent may or may not have had - surely he didn't have the ability to access and modify network logs?
I understand what you're saying, but in this case - the gold medal is accompanied by gold.
Not so much the Kaggle gold, but the extra work and pay that the #1 position yields.
So it isn't necessarily an ego thing as Pleskov says as it more likely is a financial thing:
Kaggle Grandmaster, hire me!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
