Posts by EricM 165 publicly visible posts • joined 2 Sep 2016
True, that is exactly why I'm kind of surprised he makes Twitter crash and burn in no time himself instead of bringing in someone willing and capable to take on the complexity of managing Twitter in this phase.
But hey, it's not my money burning...
what kind of capabilities he really has besides finding and motivating excellent people to work for him ( he's absolutely fantastic there ) - besides an enormous stubborness and absolute lack of empathy...
Really thinking through a problem the size of Twitter's free speech vs hate speech vs. national regulations does not seem to have played any role in his bid to buy Twitter.
Probably he will have to find other execellent people to solve this for him, too.
Just as he did with Tesla and SpaceX.
The techniques used and the goals of a cyber attack from nation state attackers do not differ from those of simple criminals. The only distinction are their resources and motivation.
They all use pre-existing vulnerabilities in systems/setups to steal data, plant data, plant code, damage systems, etc. Cyber attacks have been a matter of fact for the last 30 years.
Calling it now "Cyber Warfare" does not change a single thing...
And as in the last 30 years there is only one way to stop those attacks or at least make the life of all attackers a lot harder:
Every nation state, every "scurity" agency and every "security" company that collects vulnerabilities to use them for attacking their targets needs to disclose _all_ ther collected attack vectors to the software manufacturers whose products the break into.
Close the vulnerabilities to make everyone safer, or stop calling yourself a "security" agency or a "security" company.
I must admit, contrary to 30 years ago I find it more and more chellenging to separate trolls from people with simply very strange and distorted (IMO) views of reality. Especially when topics are discussed that affect or are affected by a person's belief system.
This starts to include discussions in RL...
If a physical catastrophe wipes out backups at multiple datacanters 1000 km apart, chances are we 1) will no longer have the high-end comms technology needed for the restores (or the damned keys to unencrypt them) and 2) will have much more basic problems like finding clean water, food and shelter ...
Additionally some catastrophes like solar storms are much more hazardous in space.
And if it was a kind of super-ransomware that infects backups in multiple DCs, it will probably also hit the moon storage.
I can't see a scenario where moon backups offer sifnificant advantage over traditional ones.
You seem to imply that Gov.UK will only "ease the burden" of GDPR by removing some of its rules, while otherwise keeping it compatible. In this scenario companies could simply still follow GDPR rules and go about their business as before.
But as I read the announcement, the idea really is to come up with a new, different set of rules, presumably easier, but not necessarily a subset of GDPR rules.
So companies operating in UK and the EU might end up having to comply to 2 different, even potentially conflicting sets of rules in parallel, at higher operational cost.
Conflicts might even lead to a future SchremsX decision against the UK, even further excluding UK companies from EU service business.
> The war is itself a protracted negotiation with a heavily armed opponent
The "bargaining model" of war ( https://en.wikipedia.org/wiki/Bargaining_model_of_war ) is truly a product from a sick mindset, given what really happens in a war.
That said, this kind of thinking is quite a nice fit for a company like Palantir.
France gave up on attempts to severly limit encryption in '99.
I doubt it will work if the UK tries this in 2022, when encryption already is everywhere.
Honestly, who assumes british government employees (or whoever manages to intercept the traffic ) wading through customers bank transactions or online shopping records would be acceptable for international customers?
Today banning real encryption means banning business.
No, the OP is correct.
The capability to load anything via ldap-URLs in logging strings was introduced in log4j 2.0.
Consequently, using log4j 1.x perfectly protects against CVE-2021-44228.
But you are correct in that the 1.x versions have other vulnerabilities, namely https://nvd.nist.gov/vuln/detail/CVE-2019-17571, that is, however, externally exploitable under only very specific circumstances and use cases and was known/handled since early 2020.
Just burning propellant won't cut it.
The propellant must be burned while maintaining correct orientation and at the right time for helping the upper stage de-orbit.
Given that a used upper stage is basically a bunch of slightly torched, empty tanks, valves and pipes, the stage would need additonal thrusters for menneuvering, orientation via gyros or star tracker and additional command systems/ energy storage, etc.
Besides raising complexity considerably, this pretty fast would eat up the 15kg budget without adding much or any fuel to do the actual de-orbit burn...
A 15kg fully passive drag-chute sounds good to me.
KISS... :)
Whatever the original intention of Samsung - and security threats like hacks aside - a remote kill switch hands over a lot of power over the user/owner of the device to the maufacturer.
For the lifetime of the product.
Once implementing such kill-switches is regarded as accepted behavior, this power can also be used in for example commercial disputes such as conflichts during a lease or rent of the TV.
Or establish restrictions on re-selling used devices.
In everything more complex than a toaster ...
The number of ways this kind of power can be abused is staggering ...
Yep. No cause, lousy timing, bad case of "no, you didn't do your research" ...
Is it the case that my sensivity for shamelessly (often proudly) displayed stupidity and inorance in public has risen in the last, say, 10-15 years or is the average western IQ - not only of young people - really in a free-fall?
As Oracle (among others) demads that all "installed" Cores must be licensed, Cores inactived by the scheme would still fit the description.
Other ways of soft-separating Cores from licenses like vCPUs (practically everything short of physical removal) are not accepted by Oracle outside of their own HW.
Legal counselling might need to be required before really calculating any license fees based on that feature.
I agree, if staff is just viewed as expensive and expendable, the older ones also become natural targets as they happen to be more expensive in general.
The point us - I think - the cost of an experienced member of staff can be easily quantified, while his/her contribution to projects ( especially the "been there, done that - and failed, because..." type of contributions ) is hard to quantify.
Additionally there is a fine line between avoiding past mistakes and refusing innovations...
No idea if this is better at AMD, but harassing and firing primaryly your most experienced developers - which often happen to be old farts - might be at least a contributing factor in the slow, but steady demise of the entity formerly known as Chipzilla ...
So in fact the cause-effect relationship might be just the other way round: Companies become hostile to aging workforce, probably intended to simply raise the bottom line, and start to fail as direct effect of that actions.
At busy airports you start most approaches under the assumption that the plane on the runway several miles in front of you - which just also landed or ís preparing for take off - moves itself out of the way well before you actually reach the tarmac.
Sometimes this does not work out in which case the approaching traffic is instructed by the tower to go around.
That is quite a routine process and not necessarily a sign that the tower did not pay attention...
Nope, I just think that in 2021 there are ways to prove identity (once we agree that is it necessary to conduct certain business) than handing over social security numbers, passport numbers, credit card numbers, copys/photos of passports or something similar.
Permanently storing information at each and every hotel/phone shop/website/etc. that allows an attacker to fully impersonate me does not seem to be the smartest of ideas ....
Sure, these have been, are and will be breached in the future, too.
Short memory?
https://www.theregister.com/2020/10/30/marriott_starwood_hack_fine_just_18_4bn/
However, there are not that many corporations able to lose 500mill IDs in one go, so most incidents get somewhat less publicity ...
No problem.
Just deploy an impactor that will change Apophis's vector by just some single digit m/s by 2025.
Least impact energy will be needed near Aphelion.
Over the following 4 years this minimal correction will deliver the needed delta-V to hit a target of your choosing in 2029...
If you need more time to ramp up sales, change the target time to a different close fly-by further in the future.
There is currently no plausible scenario where large groups of autonomous robots are marching against each other on a field or so.
Would investing in anti-autonomous waepon technology not be the wiser move?
Develop sensor-decieving technology making humans desappear from sensors, make locating autonomous waepons easier, deploy personal EMPs and other weapons that selectively kill automated gear.
Not quite as cool as a fighting robot, but probably way more effective in battle ...
Brick and Mortar Infrastructure : You pay flat, even for underused servers/services.
Cloud: you pay only what you need.
Cloud "committed use" : You pay flat, even for underused servers/services.
OK, you shed the responsibility to run the IT, employ non-core techies, etc.
But many of the financial arguments pro-cloud do no lkonger apply to this model.
In which type of "production" system is it desireable to have a program carrying on after some kind of corruption/hang was fixed based on statistical data?
A hanging program at least stops making stupid things. A statistically "fixed" program may do basically anything ,,,
This cure might be worse than the desease.
Call me old-fashioned, but I prefer my programs to behave deterministically.
If that means failing at a certain event, so be it ...
"Won't that just motivate hackers who aren't in it for the money, like state-sponsored hackers?"
These type of hackers are typically motivted independant from monetary rewards, but based on a tactical or strategic decision by a government.
So cutting the monetary reward would not eliminate the overall threat, it would just reduce the number of attackers.
I do not see any additional motivation for state sponsored hackers by outlawing ransom payments.
Especially because of exactly this argument, which is very understandable given the economic position of a victim, ransom payments need to be forbidden by law.
If this means bancruptcies, OK, let Darwin take its toll.
By continuing to willingly incentivize predators while keeping targets softer than necessary we will create more predators feeding on a soft population until the economic system of cyber-insurances becomes unbearably expensive - which will also lead to bancruptcies.
By terminating the soft victims early, the more hardened targets will survive and form a more hardened population while at the same time cutting the incentive for the predators to close to zero.
Will be cheaper from a society's position.
While I fully agree that this should theoretically not be a valid reason, based on the isolated international situation the UK has brought itself into with an unregulated Brexit upcoming, cozying up to literally anyone/anything it can find may well be a practically very valid reason for political decisions ...
Expect more of this kind of "decision making" in the near future...
What was that slogan again? "Take back control"? Well ...
As a general rule: Sure.
But you also must consider that patching can break things, too.
Additioanlly and ironincally in security-relevant areas like hospitals, patching is additionally slowed down by the necessary certifications a patch has to retrieve, before it can be rolled out.
Factual security and on-paper security might differ substantially in especially those areas that need it most...
I realize now my remark can easily be misunderstood ...
What I menat was that the abuse of workers makes Amaozon quite fit against their competition who treats workers more fairly - if customers continue to shop at amazon.
Then Amazon and companies acting as ruthless as Amazon will take over the market in the long term.
So sooner or later most jobs will be like the jobs described in this article - if customers continue to shop at amazon.
So basically they shouldn't.
Not necessarily
While an AI can undoubtly pull G's up to the frame's limits and has faster per-se reaction speed it also will have to deal with real-world, unclear and contradictionary radar, microwave and optical sensor inputs to keep its situational awareness in an environment where electronic countermeasures are actively used and expected to evolve fast.
That awareness is currently delivered by the simulation for free.
So all this simulation currently shows is that the AI can play an elaborated videogame better than a human.
I'm not sure how this would translate into a real-world battle, where the AI "pilots" , their capabilities, tactics and reactions are known to the adversary.
I bet it is instead used for free by the Trump team to optimally influence that part of the republican voter base that is still locked in the alterate FOX universe.
Because who cares about a pandemic when there are elections to win?
> The problem is that politics involves people
Yep, I need to agree :)
> and they are generally not too happy if you try to force on them an upload sequence that makes them operate in a different fashion.
Oh, but that exists. It's called "convincing" people ... And even engineers have to do that a lot.
> Hardware is a lot more biddable than meatware.
I'm not so sure about that point. Looking at the state of politics, conspiracy theories and the like, it seems rather easy to convince at least some people of very weird things.
If I upload code to hardware it at least has to be syntactically and logically correct :)
> they get results when everyone else thinks it's the end of the line.
Second that.
However, I often wonder if engineering mindsets could also reshape other areas, where rationality and the will and capability to make things work (instead of the opposite) often appears to be in short supply.
Politics comes to mind, national and international, where engineers are strongls underrepresented.
Wrangling control somewhat away from manager types, economists and lawyers might prove worthwile also down here ...
Then again, I understand every engineer that fails to find enthusiasm for politics at the current state of affairs ...
> Turned out in our favour? Hardly...
No it did not turn out in favour of the IK, that remark was written from the perspective of the current UK PM, respectively from his party, who advocated for Brexit.
So now the same party that profited from the Russian efforts would need to investigate ist ...
> The best defence against Russian aggression is a united Europe,
I fully agree.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2022
