* Posts by EricM

165 publicly visible posts • joined 2 Sep 2016

Page:

Elon Musk shows what being Chief Twit is all about across weird weekend

EricM

Re: Seeing Musk acting directly makes me wonder ....

True, that is exactly why I'm kind of surprised he makes Twitter crash and burn in no time himself instead of bringing in someone willing and capable to take on the complexity of managing Twitter in this phase.

But hey, it's not my money burning...

EricM

Seeing Musk acting directly makes me wonder ....

what kind of capabilities he really has besides finding and motivating excellent people to work for him ( he's absolutely fantastic there ) - besides an enormous stubborness and absolute lack of empathy...

Really thinking through a problem the size of Twitter's free speech vs hate speech vs. national regulations does not seem to have played any role in his bid to buy Twitter.

Probably he will have to find other execellent people to solve this for him, too.

Just as he did with Tesla and SpaceX.

'Fully undetectable' Windows backdoor gets detected

EricM
Happy

Fully undetectable = FUD?

nice

77% of security leaders fear we’re in perpetual cyberwar from now on

EricM

No, Business as usual in Cyber Security

The techniques used and the goals of a cyber attack from nation state attackers do not differ from those of simple criminals. The only distinction are their resources and motivation.

They all use pre-existing vulnerabilities in systems/setups to steal data, plant data, plant code, damage systems, etc. Cyber attacks have been a matter of fact for the last 30 years.

Calling it now "Cyber Warfare" does not change a single thing...

And as in the last 30 years there is only one way to stop those attacks or at least make the life of all attackers a lot harder:

Every nation state, every "scurity" agency and every "security" company that collects vulnerabilities to use them for attacking their targets needs to disclose _all_ ther collected attack vectors to the software manufacturers whose products the break into.

Close the vulnerabilities to make everyone safer, or stop calling yourself a "security" agency or a "security" company.

Your AI-generated digital artwork may not be protected by US copyright

EricM

Re: Protecting AI-generated works with copyright is vital

I fully agree, but If you ask a lawyer, the answer might be quite the opposite :)

That is IMHO why this debate should not include lawyers at all: They are not neutral to the issue at hand...

Big Tech silent on data privacy in post-Roe America

EricM

Re: This thread will probably get contentious.

I must admit, contrary to 30 years ago I find it more and more chellenging to separate trolls from people with simply very strange and distorted (IMO) views of reality. Especially when topics are discussed that affect or are affected by a person's belief system.

This starts to include discussions in RL...

Lonestar plans to put datacenters in the Moon's lava tubes

EricM
FAIL

Re: /Equaly simple question.

Yeah, my old failure: I mostly assume people to actually mean what they say ...

:)

EricM

Store your data offsite on multiple continents on earth at 0.01% of the cost of a moon backup...

If a physical catastrophe wipes out backups at multiple datacanters 1000 km apart, chances are we 1) will no longer have the high-end comms technology needed for the restores (or the damned keys to unencrypt them) and 2) will have much more basic problems like finding clean water, food and shelter ...

Additionally some catastrophes like solar storms are much more hazardous in space.

And if it was a kind of super-ransomware that infects backups in multiple DCs, it will probably also hit the moon storage.

I can't see a scenario where moon backups offer sifnificant advantage over traditional ones.

China-linked Twisted Panda caught spying on Russian defense R&D

EricM

I am ...

Thought the Chinese would concentrate this kind of activity to more valuable targets ...

EricM

Right. And both are definitely true.

If only humans were an intelligent species ...

Lawyers say changes to UK data law will make life harder for international businesses

EricM

Re: And nothing much will change for 95% of companies

You seem to imply that Gov.UK will only "ease the burden" of GDPR by removing some of its rules, while otherwise keeping it compatible. In this scenario companies could simply still follow GDPR rules and go about their business as before.

But as I read the announcement, the idea really is to come up with a new, different set of rules, presumably easier, but not necessarily a subset of GDPR rules.

So companies operating in UK and the EU might end up having to comply to 2 different, even potentially conflicting sets of rules in parallel, at higher operational cost.

Conflicts might even lead to a future SchremsX decision against the UK, even further excluding UK companies from EU service business.

Palantir summons specter of nuclear conflict as share price collapses

EricM
WTF?

War is "negotiation" ?

> The war is itself a protracted negotiation with a heavily armed opponent

The "bargaining model" of war ( https://en.wikipedia.org/wiki/Bargaining_model_of_war ) is truly a product from a sick mindset, given what really happens in a war.

That said, this kind of thinking is quite a nice fit for a company like Palantir.

Google's DeepMind says its AI coding bot is 'competitive' with humans

EricM
Thumb Up

Re: Googled the answer?

That probably would mean that an in fact intelligent AI was finally invented.

After all, lazyness IS a sign of intelligence :)

MPs charged with analysing Online Safety Bill say end-to-end encryption should be called out as 'specific risk factor'

EricM

Re: It didn't work when the US tried this in the 90's, when encryption was virtually non-existing.

OK, _that_ point is hard to argue ...

Cheers

EricM

It didn't work when the US tried this in the 90's, when encryption was virtually non-existing.

France gave up on attempts to severly limit encryption in '99.

I doubt it will work if the UK tries this in 2022, when encryption already is everywhere.

Honestly, who assumes british government employees (or whoever manages to intercept the traffic ) wading through customers bank transactions or online shopping records would be acceptable for international customers?

Today banning real encryption means banning business.

Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely used logging utility

EricM

Log4J 1.x _IS_ not vulnerable (to CVE-2021-44228)

No, the OP is correct.

The capability to load anything via ldap-URLs in logging strings was introduced in log4j 2.0.

Consequently, using log4j 1.x perfectly protects against CVE-2021-44228.

But you are correct in that the 1.x versions have other vulnerabilities, namely https://nvd.nist.gov/vuln/detail/CVE-2019-17571, that is, however, externally exploitable under only very specific circumstances and use cases and was known/handled since early 2020.

This drag sail could prevent spacecraft from turning into long-term orbiting junk. We spoke to its inventors ahead of launch

EricM

Could be worth it - was: Re: Fifteen kilograms?!?

Just burning propellant won't cut it.

The propellant must be burned while maintaining correct orientation and at the right time for helping the upper stage de-orbit.

Given that a used upper stage is basically a bunch of slightly torched, empty tanks, valves and pipes, the stage would need additonal thrusters for menneuvering, orientation via gyros or star tracker and additional command systems/ energy storage, etc.

Besides raising complexity considerably, this pretty fast would eat up the 15kg budget without adding much or any fuel to do the actual de-orbit burn...

A 15kg fully passive drag-chute sounds good to me.

KISS... :)

Samsung: We will remotely brick smart TVs looted from our warehouse

EricM
Devil

Re: Hmmm

Whatever the original intention of Samsung - and security threats like hacks aside - a remote kill switch hands over a lot of power over the user/owner of the device to the maufacturer.

For the lifetime of the product.

Once implementing such kill-switches is regarded as accepted behavior, this power can also be used in for example commercial disputes such as conflichts during a lease or rent of the TV.

Or establish restrictions on re-selling used devices.

In everything more complex than a toaster ...

The number of ways this kind of power can be abused is staggering ...

Magna Carta mayhem: Protesters lay siege to Edinburgh Castle, citing obscure Latin text that has never applied in Scotland

EricM

Re: It was a lovely day for a coup

Yeah, which does not mean that the average IQ can not fall in absolute terms while still being called "100" :)

EricM
FAIL

Re: It was a lovely day for a coup

Yep. No cause, lousy timing, bad case of "no, you didn't do your research" ...

Is it the case that my sensivity for shamelessly (often proudly) displayed stupidity and inorance in public has risen in the last, say, 10-15 years or is the average western IQ - not only of young people - really in a free-fall?

A new island has popped up off the coast of Japan thanks to an underwater volcano

EricM
Go

Re: New Tectonics

To be fair, the very idea that things the size of a continent could actully move _must_ have sound ridiculous, given the everyday knowledge of, say, 1950 ...

Sience has gone a longer way than most people (including most people denying science today) are aware of ...

EricM
Happy

They don't need to.

They probably already built a Submarine base there years ago, that can be converted to a normal port now...

:-)

Have you tried turning server cores off and on again? HPE wants to do it for you from GreenLake

EricM

Is this meant to be Oracle-safe?

As Oracle (among others) demads that all "installed" Cores must be licensed, Cores inactived by the scheme would still fit the description.

Other ways of soft-separating Cores from licenses like vCPUs (practically everything short of physical removal) are not accepted by Oracle outside of their own HW.

Legal counselling might need to be required before really calculating any license fees based on that feature.

Intel laid me off for being too old, engineer claims in lawsuit

EricM

Re: Another one?

I agree, if staff is just viewed as expensive and expendable, the older ones also become natural targets as they happen to be more expensive in general.

The point us - I think - the cost of an experienced member of staff can be easily quantified, while his/her contribution to projects ( especially the "been there, done that - and failed, because..." type of contributions ) is hard to quantify.

Additionally there is a fine line between avoiding past mistakes and refusing innovations...

EricM
FAIL

Re: Another one?

No idea if this is better at AMD, but harassing and firing primaryly your most experienced developers - which often happen to be old farts - might be at least a contributing factor in the slow, but steady demise of the entity formerly known as Chipzilla ...

So in fact the cause-effect relationship might be just the other way round: Companies become hostile to aging workforce, probably intended to simply raise the bottom line, and start to fail as direct effect of that actions.

US aviation regulator warns of mid-air collision risk if Garmin TCAS boxes are not updated

EricM

Re: Can I just say that I love the euphemism there...

At busy airports you start most approaches under the assumption that the plane on the runway several miles in front of you - which just also landed or ís preparing for take off - moves itself out of the way well before you actually reach the tarmac.

Sometimes this does not work out in which case the approaching traffic is instructed by the tower to go around.

That is quite a routine process and not necessarily a sign that the tower did not pay attention...

Australian ponders requiring multiple IDs to sign up for social media, plus more crypto-busting backdoors

EricM

Re: But are you implying [...]

Nope, I just think that in 2021 there are ways to prove identity (once we agree that is it necessary to conduct certain business) than handing over social security numbers, passport numbers, credit card numbers, copys/photos of passports or something similar.

Permanently storing information at each and every hotel/phone shop/website/etc. that allows an attacker to fully impersonate me does not seem to be the smartest of ideas ....

EricM

Re: It's the same documents...

Sure, these have been, are and will be breached in the future, too.

Short memory?

https://www.theregister.com/2020/10/30/marriott_starwood_hack_fine_just_18_4bn/

However, there are not that many corporations able to lose 500mill IDs in one go, so most incidents get somewhat less publicity ...

Over a decade on, and millions in legal fees, Supreme Court rules for Google over Oracle in Java API legal war

EricM
Thumb Down

Nope, things didn't change

Your description of Oracle licensing mechanics is still fully correct in 2021.

Sadly, the catastrophic impact with Apophis asteroid isn't going to happen in 2068

EricM
Alien

Re: Dear/Darn scientists

No problem.

Just deploy an impactor that will change Apophis's vector by just some single digit m/s by 2025.

Least impact energy will be needed near Aphelion.

Over the following 4 years this minimal correction will deliver the needed delta-V to hit a target of your choosing in 2029...

If you need more time to ramp up sales, change the target time to a different close fly-by further in the future.

Google's ex-boss tells the US it's time to take the gloves off on autonomous weapons

EricM

Why build those, too? We do need a way to effectively kill them...

There is currently no plausible scenario where large groups of autonomous robots are marching against each other on a field or so.

Would investing in anti-autonomous waepon technology not be the wiser move?

Develop sensor-decieving technology making humans desappear from sensors, make locating autonomous waepons easier, deploy personal EMPs and other weapons that selectively kill automated gear.

Not quite as cool as a fighting robot, but probably way more effective in battle ...

Oracle sweetens Java SE subscriptions with a spoonful of free ‘GraalVM’ runtime said to significantly speed Java

EricM

Re: This is Oracle.

Couldn't have said it better. Technology is usually not what makes or breaks use of Oracle Tech in the enterprise. Licenses, a worst-case mindeset when counting CPUs, cores, memory and users - and of course Lawyers are ...

IBM cloud tries to subvert subscriptions with pricing plan that stretches some discounts

EricM

This kind of makes the financial motivation of moving to the cloud moot

Brick and Mortar Infrastructure : You pay flat, even for underused servers/services.

Cloud: you pay only what you need.

Cloud "committed use" : You pay flat, even for underused servers/services.

OK, you shed the responsibility to run the IT, employ non-core techies, etc.

But many of the financial arguments pro-cloud do no lkonger apply to this model.

Oculus owners told not only to get Facebook accounts, purchases will be wiped if they ever leave social network

EricM

Tying unrelated goods/services together ...

... to excert control ovver customers and/or hurt the competition?

IANAL and all, but this just sounds like the perfect application for antitrust law...

We won't leave you hanging any longer: Tool strips freeze-inducing bugs from Java bytecode while in production

EricM
WTF?

What has happened to deterministic behavior?

In which type of "production" system is it desireable to have a program carrying on after some kind of corruption/hang was fixed based on statistical data?

A hanging program at least stops making stupid things. A statistically "fixed" program may do basically anything ,,,

This cure might be worse than the desease.

Call me old-fashioned, but I prefer my programs to behave deterministically.

If that means failing at a certain event, so be it ...

Software AG hit with ransomware: Crooks leak staffers' passports, want millions for stolen files

EricM

Re: All made possible by Bitcoins...

Which is true, but e-currencies drastiliy reduce the risk for the attacker while scaling perfectly.

There's a point to the OP's argument...

EricM

Re: One word: Darwin

"Won't that just motivate hackers who aren't in it for the money, like state-sponsored hackers?"

These type of hackers are typically motivted independant from monetary rewards, but based on a tactical or strategic decision by a government.

So cutting the monetary reward would not eliminate the overall threat, it would just reduce the number of attackers.

I do not see any additional motivation for state sponsored hackers by outlawing ransom payments.

EricM

One word: Darwin

Especially because of exactly this argument, which is very understandable given the economic position of a victim, ransom payments need to be forbidden by law.

If this means bancruptcies, OK, let Darwin take its toll.

By continuing to willingly incentivize predators while keeping targets softer than necessary we will create more predators feeding on a soft population until the economic system of cyber-insurances becomes unbearably expensive - which will also lead to bancruptcies.

By terminating the soft victims early, the more hardened targets will survive and form a more hardened population while at the same time cutting the incentive for the predators to close to zero.

Will be cheaper from a society's position.

Britain should have binned Huawei 5G kit years ago to cuddle up with Trump, says Parliamentary committee

EricM

While I fully agree that this should theoretically not be a valid reason, based on the isolated international situation the UK has brought itself into with an unregulated Brexit upcoming, cozying up to literally anyone/anything it can find may well be a practically very valid reason for political decisions ...

Expect more of this kind of "decision making" in the near future...

What was that slogan again? "Take back control"? Well ...

Woman dies after hospital is unable to treat her during crippling ransomware infection, cops launch probe

EricM

patch everything as soon as you can?

As a general rule: Sure.

But you also must consider that patching can break things, too.

Additioanlly and ironincally in security-relevant areas like hospitals, patching is additionally slowed down by the necessary certifications a patch has to retrieve, before it can be rolled out.

Factual security and on-paper security might differ substantially in especially those areas that need it most...

Oracle customers clamor for its hardware. Yup, hardware. It can't build Exadata fast enough

EricM
Alert

If it currently looks attractive, that's because Oracle still has competition to fight...

Judging from their database sales-tactics, once enough customers are properly locked in, this might change slighty...

Amazon spies on staff, fires them by text for not hitting secretive targets, workers 'feel forced to work through pain, injuries' – report

EricM

Re: Yeah, do not feed it - or jour own job will look like this, soon

I realize now my remark can easily be misunderstood ...

What I menat was that the abuse of workers makes Amaozon quite fit against their competition who treats workers more fairly - if customers continue to shop at amazon.

Then Amazon and companies acting as ruthless as Amazon will take over the market in the long term.

So sooner or later most jobs will be like the jobs described in this article - if customers continue to shop at amazon.

So basically they shouldn't.

EricM

Yeah, do not feed it - or jour own job will look like this, soon

Survival of the fittest, remember?

Breaching China's Great Firewall is hard. Pushing packets faster than 1Mbps once through is the Boss Fight

EricM

Re: So even in China simple commercial greed does more harm ...

sure, that's why I used "so-called" before and "\"" around the word communism....

EricM

So even in China simple commercial greed does more harm ...

than their so-called "communism" and contol-madness combined.

Interesting ...

So long, Top Gun... AI software waxes US F-16 pilot's tail 5-0 during virtual dogfight drills

EricM

There are differences between a simulation and reality

Not necessarily

While an AI can undoubtly pull G's up to the frame's limits and has faster per-se reaction speed it also will have to deal with real-world, unclear and contradictionary radar, microwave and optical sensor inputs to keep its situational awareness in an environment where electronic countermeasures are actively used and expected to evolve fast.

That awareness is currently delivered by the simulation for free.

So all this simulation currently shows is that the AI can play an elaborated videogame better than a human.

I'm not sure how this would translate into a real-world battle, where the AI "pilots" , their capabilities, tactics and reactions are known to the adversary.

Trump administration reportedly offers Oracle cheap end to $400m wage discrimination case

EricM

Oracle "Big Data Management" to fight Covid-19? Don't think so ...

I bet it is instead used for free by the Trump team to optimally influence that part of the republican voter base that is still locked in the alterate FOX universe.

Because who cares about a pandemic when there are elections to win?

Once considered lost, ESA and NASA's SOHO came back from the brink of death to work even better than it did before

EricM

Re: A fitting tribute to intelligence and sheer dogged determination

> The problem is that politics involves people

Yep, I need to agree :)

> and they are generally not too happy if you try to force on them an upload sequence that makes them operate in a different fashion.

Oh, but that exists. It's called "convincing" people ... And even engineers have to do that a lot.

> Hardware is a lot more biddable than meatware.

I'm not so sure about that point. Looking at the state of politics, conspiracy theories and the like, it seems rather easy to convince at least some people of very weird things.

If I upload code to hardware it at least has to be syntactically and logically correct :)

EricM

Re: A fitting tribute to intelligence and sheer dogged determination

> they get results when everyone else thinks it's the end of the line.

Second that.

However, I often wonder if engineering mindsets could also reshape other areas, where rationality and the will and capability to make things work (instead of the opposite) often appears to be in short supply.

Politics comes to mind, national and international, where engineers are strongls underrepresented.

Wrangling control somewhat away from manager types, economists and lawyers might prove worthwile also down here ...

Then again, I understand every engineer that fails to find enthusiasm for politics at the current state of affairs ...

UK intel committee on Russia: Social media firms should remove state disinformation. What was that, MI5? ████████?

EricM

Re: If you acknowledge Russian operations supporting UK separatism - what's the consequence?

> Turned out in our favour? Hardly...

No it did not turn out in favour of the IK, that remark was written from the perspective of the current UK PM, respectively from his party, who advocated for Brexit.

So now the same party that profited from the Russian efforts would need to investigate ist ...

> The best defence against Russian aggression is a united Europe,

I fully agree.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER