* Posts by sitta_europea

1064 publicly visible posts • joined 29 May 2016

Page:

Soviet probe from 1972 set to return to Earth ... in May 2025

sitta_europea Silver badge

Re: The anti-lottery

"I have a new comparison when discussing the idiotic idea of playing the lottery ..."

At work, years ago, the usual chaotic effort to pick the week's lottery numbers was in progress.

The idea was a different person would choose the numbers each week.

For some unknown reason that week they asked me to choose the numbers.

Not knowing much about the lottery, but more than most about numbers, I wrote down

1234567

on the sheet of paper and handed it over.

"Well they're not going to win!"

"I know", I said, "but it's obvious they're not going to win and they have the same chance as any other numbers you might choose".

The sales manager was flabberghasted. "Do you really believe that?", he said.

"I don't have to believe it. I can prove it." I said.

Nevertheless they wouldn't use my numbers and they never asked me again.

Generative AI makes fraud fluent – from phishing lures to fake lovers

sitta_europea Silver badge

Re: Ask a weird question

I ask them what colour knickers they're wearing.

British govt agents step in as Harrods becomes third mega retailer under cyberattack

sitta_europea Silver badge

"I know, let's have a system where everyone on the planet can connect whatever they like to everything else on the planet, and use it to move money about and stuff like that.

We can bolt some security on later if it turns out that we need to."

How far would I get with that pitch at your average financial organization?

But it's seems to be what most of us have done.

It's insane.

sitta_europea Silver badge

"...Richard Horne ... said the ongoing saga should serve as a wake-up call to all ..."

If they still need waking up after all these years there's really no fucking hope for them at all.

Ex-CISA chief decries cuts as Trump demands loyalty above all else

sitta_europea Silver badge

"...driven by an expectation of perfect loyalty..."

There are so many parallels now with 1930s Germany it's just scary.

Watch out for any Linux malware sneakily evading syscall-watching antivirus

sitta_europea Silver badge

https://www.phoronix.com/news/Linux-6.6-sysctl-IO_uring

Enterprise tech dominates zero-day exploits with no signs of slowdown

sitta_europea Silver badge

""Security and network tools and devices are designed to connect widespread systems and devices with high permissions required to manage the products and their services, making them..."

Making them something of a contradiction in terms.

From 112K to 4M folks' data – HR biz attack goes from bad to mega bad

sitta_europea Silver badge

"It took a 1 year+ probe, plenty of client calls for VeriSource to understand just how much of a yikes it has on its hands"

It took a 1 year+ probe, plenty of client calls for VeriSource to admit just how much of a yikes it has on its hands

FTFY.

Hubble Space Telescope is still producing science at 35

sitta_europea Silver badge

Re: All costs are off

[... "Starship" is probably the only space vehicle that could carry enough equipment and astronauts to do such a mission ... and it is obviously several years away from being able to safely perform it. ...]

Well if we start the planning now, maybe we'll be ready about the same time as Starship.

Not that I'm necessarily convinced that the company which builds Starship will survive many more failed demonstrations of orbital capability.

Emergency patch for potential SAP zero-day that could grant full system control

sitta_europea Silver badge

"...With the evolution towards an omni-channel and personalised customer experience, a more effective digital and technology infrastructure is a critical enabling step and progress to date has been slower than planned. With new leadership soon to be in place, we expect to accelerate change and increase investment in core technology infrastructure, including an upgrade in SAP starting this year...."

[https://corporate.marksandspencer.com/media/press-releases/marks-and-spencer-group-plc-full-year-results-52-weeks-ended-30-march-2024]

Ransomware crims hammering UK more than ever as British techies complain the board just doesn't get it

sitta_europea Silver badge

From the report:

"Sole traders and public-sector organisations are outside the scope of the survey. In addition, businesses with no IT capacity or online presence were deemed ineligible. "

Hmmmm.

European Gaia mapping satellite is retired but proves very tough to kill

sitta_europea Silver badge

"...Pretty decent agreement between theory and observation..."

You lost me. Exactly which number agrees with which other number?

Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat

sitta_europea Silver badge

Last I heard, five children were killed in the strike on the apartment building which was destroyed in an operation which apparently targeted a single individual.

I don't know how many others were killed, but it appears that the destroyed building wasn't even the home of the target, but that of his girlfriend.

Am I the only one who finds himself appalled by the cavalier attitude of almost all of the participants of the Signal chat to the loss of innocent lives?

sitta_europea Silver badge

Re: They're already

"... Along with most other history that didn't occur, until it occurred in the US!"

Using 'history' and 'the US' in the same sentence is kinda asking for it.

Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish

sitta_europea Silver badge

Re: Better email apps?

Originally it was Pine, but now it's been somewhat upgraded and it's called Alpine.

https://en.wikipedia.org/wiki/Pine_(email_client)

https://en.wikipedia.org/wiki/Alpine_(email_client)

I've been using it since about 1995.

AdTech CEO whose products detected fraud jailed for financial fraud

sitta_europea Silver badge

Some serious proofreading problems in this article.

Cloudflare's bot bouncer blocks weirdo browsers

sitta_europea Silver badge

If I see a page with "cloudflare" anywhere on it I know I need to close the tab.

Amazon-backed X-energy bags $700M more for itty-bitty nuke reactors that don't exist yet

sitta_europea Silver badge

Re: SMRs in Canada

"... It was graphite moderator fires which caused the Windscale and Chernobyl accidents, not fuel melt downs. ..."

Nope.

Sure, the graphite caught fire at Windscale (which is now called Sellafield, but it's the same place). But that wasn't the cause of the accident, it was a symptom.

Rather than catching fire, much of the graphite at Chernobyl was propelled through the roof by the steam explosion - which again was a symptom, not a cause.

In both cases the cause was negligence. In the case of Chernobyl, the level of negligence was absolutely astounding.

US accuses Canadian math prodigy of $65M crypto scheme

sitta_europea Silver badge

Re: The Geeks

He needs a Geek Interpreter.

Sweden seizes cargo ship after another undersea cable hit in suspected sabotage

sitta_europea Silver badge

"Is anyone here waiting to ask for the return of their ship? Please take a ticket from the machine and form an orderly queue outside the empty office over there in the corner."

Google takes action after coder reports 'most sophisticated attack I've ever seen'

sitta_europea Silver badge

I always say that if they think it's really so important they should write it down on paper, stick the paper in an envelope, and lick a postage stamp.

It never fails.

Microsoft eggheads say AI can never be made secure – after testing Redmond's own products

sitta_europea Silver badge

That explains it.

" ... their capabilities must be thoroughly understood to implement effective defenses."

Silk Road's Dread Pirate Roberts walks free as Trump pardons dark web kingpin

sitta_europea Silver badge

Re: Why Now?

"...only due to the 'support' his campaign was given?"

I have no doubt. Doesn't Trump still owe over eighty million dollars to somebody that he sexually assaulted? He has to pay it somehow.

sitta_europea Silver badge

"...prolonged and often cruel incarceration rarely produces better people."

If the sentence was life plus 40 years without parole, I doubt that producing a better person was top of the agenda.

"... I do wonder if the miscreant was named, say, Raul "Pirata Temido Roberto" Uvalde instead of Ross "Dread Pirate Roberts" Ulbricht whether we'd be having this conversation at all."

You make a fair point.

China claims major fusion advance and record after 17-minute Tokamak run

sitta_europea Silver badge

"... There is no point in generating vast amounts of power if up to 10% of it is lost just moving around ..."

Oh, come on, that's lost in the noise.

Typically solar panels throw away 80% of the incident energy, and thermal power stations throw away 60% of the heat, before the electricity that they generate even reaches the grid.

sitta_europea Silver badge

Quoting the article:

"... Here on Earth, creating hot plasma requires so much energy that Tokamaks didn’t verifiably make more energy than they consumed until a 2023 experiment at Lawrence Livermore National Laboratory in the USA. ..."

Except that in the linked document the experiment described was inertial confinement in a pellet of fuel illuminated by lasers, which does not even remotely resemble a tokamak.

sitta_europea Silver badge

Quoting the article:

"... gases that are heated to high temperatures and subjected to enormous pressure ..."

The pressure record seems to stand at about two atmospheres, so I'm not so sure about the 'enormous' bit:

https://en.wikipedia.org/wiki/Fusion_power#Records

How to leave the submarine cable cutters all at sea – go Swedish

sitta_europea Silver badge

Re: U-235, shorely?

Well, if you're going to be picky, it isn't plutonium 238 which is made by 'breeding' from uranium (bombarding uranium 238 with neutrons in a breeder reactor) but plutonium 239.

Pu238 is what you get by bombarding U238 with deuterons, not neutrons, and it's no use at all for weapons.

Deuterons are in relatively short supply in the two breeder reactors that I know of because they're cooled by liquid soldium. Both are in Russia.

Pu238 decays by alpha emission and it's used in thermoelectric generators. In fact its decay heat is so big that it will melt itself if you aren't careful.

https://en.wikipedia.org/wiki/Plutonium#Isotopes_and_nucleosynthesis

Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day

sitta_europea Silver badge

Re: rsync has two weaknesses

"The primary drawback, imo, is ..."

You're starting to sound like a programmer. There must be a thousand ways to improve it, most of which will at the very least add numerous unwanted issues which will take years to iron out.

It Works Fine For Me, and like the vast majority of users I have absolutely no need for it to be improved.

If it ain't broke, don't fix it.

When somebody found it was broke, it got fixed.

The vulnerability finding/reporting/fixing process worked here in textbook fashion, and I'd like to tip my hat to all involved.

Look for the label: White House rolls out 'Cyber Trust Mark' for smart devices

sitta_europea Silver badge

I'm surprised nobody's asked how long it will take the Chinese manufacturers to forge these marks.

They've been forging CE marks for decades.

Encryption backdoor debate 'done and dusted,' former White House tech advisor says

sitta_europea Silver badge

Is all this talk about end to end encryption actually relevant?

As I understand it most of the noise is because the Chinese were listening to plain old voice-over-IP calls -- which were never going to be encrypted in the first place.

Boffins carve up C so code can be converted to Rust

sitta_europea Silver badge

Re: “Minimal adjustments”

And if they can automate those adjustments, why can't that automation be incorporated directly into the C compiler?

That way not only would you eliminate the memory safety issues of C, you'd eliminate RUST too.

I'd call that win-win.

Apple offers to settle 'snooping Siri' lawsuit for an utterly incredible $95M

sitta_europea Silver badge

We need to protect ourselves from disease, so we all (well most of us - there are a few notable, and for the most part rabid, exceptions) take precautions to avoid the obvious risks of getting infections.

If you have responsible parents, this is the sort of thing which you learn from an early age. Like washing, not putting your hands in fire, looking both ways before crossing the road, and not getting into a vehicle if invited to do so by an unknown adult. These things can be difficult to explain, they can take time to learn, and we still make mistakes.

It seems to me that as a race we now need to develop a new set of childhood-learned behaviour, to protect ourselves from big tech.

I *think* I'm doing it already, but because I didn't learn it as a child it isn't second nature so I'm never really sure that I haven't missed something.

Anyway the first thing on the list should probably be how to switch the danged things off. I personally take the battery out. If you can't take the battery out, I won't have it in the house.

Then we'll get onto not believing anything you read on an electronic device without several different ways of confirmation that it's real. For example much more than ninety percent of what I see in emails is outright lies. A busty blond called Alina wants to send me more photos of herself? There's a box of money at the airport waiting for me to collect it? I won something? Yeah, right.

US Treasury Department outs the blast radius of BeyondTrust's key leak

sitta_europea Silver badge

Re: Printed code books

I put them under my keyboard so they're always handy.

Boffins ponder paltry brain data rate of 10 bits per second

sitta_europea Silver badge

Maybe the typing was more accurate than the thinking.

More telcos confirm China Salt Typhoon security breaches as White House weighs in

sitta_europea Silver badge

[quote]

"We detect no activity by nation-state actors in our networks at this time," an AT&T spokesperson said. ...

[\quote]

Unimpressed.

Presumably they also detected no activity by nation-state actors (nor indeed by anyone else) in their networks earlier in the year. While it was happening.

It's only a matter of time before LLMs jump start supply-chain attacks

sitta_europea Silver badge

Re: Full circle

"... Now, if the prose is too perfect, then we're getting to the stage where it is put in the dodgy category. ..."

Came here to say the same thing.

Lately I've been seeing obvious scams which are very well written.

So well written, in fact, that they immediately make me suspicious because they're way over the top for any email.

In any case I only know four or five people who would be capable of writing so well.

Not one of them sports long blond hair and a 40DD bra.

What do ransomware and Jesus have in common? A birth month and an unwillingness to die

sitta_europea Silver badge

Quoting the article:

"... It's a shame Popp died when he did..."

On the contrary, I'd have said that it's a shame he didn't die sixteen years earlier.

Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish

sitta_europea Silver badge

I see dozens of these in the filter logs every day.

The word "docusign" and several mis-spellings of it - in any email automatically trigger the spam processing here.

Eurocops take down 'secure' criminal chat system known as Matrix

sitta_europea Silver badge

Re: Server-based Solution......

"... ....is that really the best way? Why not: Have an encrypted client-based solution? ... and ... Just use email as transport ..."

If it involves computers it's, er, inevitable that it's going to get broke somehow.

If it were me risking perhaps spending the rest of my life in prison I don't think I'd confide in *anything* electronic. I'd probably use a one-time pad, and the postal service, and very great care.

But it makes a lot more sense to use all that creativity legally.

A policeman friend of mine said that half the crooks he's nabbed would have made a fortune if they'd just used their inventiveness for legal pursuits.

SpaceX claims another Starship success, but fumbles the catch

sitta_europea Silver badge

When I tried to bring a banana back into the country it was confiscated at the airport by a man with a dog and a gun.

coat->get()++;

Sweden's 'Doomsday Prep for Dummies' guide hits mailboxes today

sitta_europea Silver badge

Re: The UK, under that nice Mr Starmer, has this sussed

I kinda like the idea that anybody who says we should go to war should be taken out behind the bike sheds and eviscerated.

NIST trains AI to hear the 'oh crap' moment before batteries explode

sitta_europea Silver badge

Re: Or a break-wire sensor on the valve

"... The random power banks that people buy from china are not going to add a speaker to give a warning. ..."

I suppose preventing the random Chinese cr@p getting into the supply chain in the first place isn't an option?

Rust haters, unite! Fil-C aims to Make C Great Again

sitta_europea Silver badge

Re: 1.5x slower....

"... bigger ..."

I just looked at the Zortech compiler that I've been using for around thirty-five years.

The entire compiler suite (C,C++,linker) is about half a megabyte -- 'make' is just under 24kBytes.

I wrote a replacement for malloc() to prevent any follies of that kind, put guard bytes around every array and verify them on every access.

Haven't seen a crash in decades. It *will* compile with gcc and run under Linux but I don't trust it yet because the application handles real money for real people.

I downloaded the Fil-C compressed archive. 372.6 megabytes.

Sorry, too rich for my blood. I deleted it.

sitta_europea Silver badge

Re: 1.5x slower....

"... (remember Transputers?) ..."

Remember them? I still have some.

SpaceX Starship moved to launchpad for 6th flight test

sitta_europea Silver badge

"... Since SpaceX has already performed a static fire, launch preparations should consist of little more than checkouts, filling the tanks with fuel, and lighting the engines. ..."

Thank you, the engineering correspondent of Better Homes and Gardens.

China's Volt Typhoon crew and its botnet surge back with a vengeance

sitta_europea Silver badge

Re: unusual (secure) SMTP activity in the last month or two

"I've been seeing unusual (secure) SMTP activity from some specific IP address ranges. They connect as if to relay mail via the secure SMTP port and simply try to log in..."

It's not exactly unusual. The current count of IPs blocked here for this reason is 5196. Happy to publish them if anyone asks.

Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

sitta_europea Silver badge

"... Yan Zhu said ..."

This browser is no longer supported. Please switch to a supported browser...

Public sector cyber break-ins: Our money, our lives, our right to know

sitta_europea Silver badge

Re: I completely agree

"... I do care that my government-mandated identity is protected and properly cared for."

Yeah, #metoo [*].

But while we have nitwits in government who can't be bothered to read what they spout [**]

8<--------------------------------------------------------------------------------------------

"The security requirements include addressing cyber security risks

through proposing to implement the standard ETSI EN 303 645 ..."

8<--------------------------------------------------------------------------------------------

and are willing to ignore the wishes of people who, when asked for permission to publish their highly personal data on the Internet, refused it [****]:

8<--------------------------------------------------------------------------------------------

"... Care Minister Stephen Kinnock defended the move, saying the

government was "absolutely committed" to protecting patient data.

He said safeguards providing a "cast iron guarantee" on security

would be set out in a new bill that will be put before Parliament

to push ahead with the move."

8<--------------------------------------------------------------------------------------------

then I guess we're screwed.

[*] Did I get that right?

[**] https://assets.publishing.service.gov.uk/media/6659f0147b792ffff71a8601/smart-secure-electricity-systems-2024-energy-smart-appliances-consultation.pdf [***]

[***] Despite the fact that in April 2024 when this document was published I warned them that EN303645 isn't even remotely adequate, it is still published at

https://www.gov.uk/government/consultations/delivering-a-smart-and-secure-electricity-system-implementation

[****] https://www.bbc.co.uk/news/articles/cz7j73vx9v3o

LottieFiles supply chain attack exposes users to malicious crypto wallet drainer

sitta_europea Silver badge

"... npmjs package manager. ... websites ... configured to use the latest version ..."

Tell me I'm dreaming.

Page: