* Posts by EricM

149 posts • joined 2 Sep 2016

Page:

This drag sail could prevent spacecraft from turning into long-term orbiting junk. We spoke to its inventors ahead of launch

EricM

Could be worth it - was: Re: Fifteen kilograms?!?

Just burning propellant won't cut it.

The propellant must be burned while maintaining correct orientation and at the right time for helping the upper stage de-orbit.

Given that a used upper stage is basically a bunch of slightly torched, empty tanks, valves and pipes, the stage would need additonal thrusters for menneuvering, orientation via gyros or star tracker and additional command systems/ energy storage, etc.

Besides raising complexity considerably, this pretty fast would eat up the 15kg budget without adding much or any fuel to do the actual de-orbit burn...

A 15kg fully passive drag-chute sounds good to me.

KISS... :)

Samsung: We will remotely brick smart TVs looted from our warehouse

EricM
Devil

Re: Hmmm

Whatever the original intention of Samsung - and security threats like hacks aside - a remote kill switch hands over a lot of power over the user/owner of the device to the maufacturer.

For the lifetime of the product.

Once implementing such kill-switches is regarded as accepted behavior, this power can also be used in for example commercial disputes such as conflichts during a lease or rent of the TV.

Or establish restrictions on re-selling used devices.

In everything more complex than a toaster ...

The number of ways this kind of power can be abused is staggering ...

Magna Carta mayhem: Protesters lay siege to Edinburgh Castle, citing obscure Latin text that has never applied in Scotland

EricM

Re: It was a lovely day for a coup

Yeah, which does not mean that the average IQ can not fall in absolute terms while still being called "100" :)

EricM
FAIL

Re: It was a lovely day for a coup

Yep. No cause, lousy timing, bad case of "no, you didn't do your research" ...

Is it the case that my sensivity for shamelessly (often proudly) displayed stupidity and inorance in public has risen in the last, say, 10-15 years or is the average western IQ - not only of young people - really in a free-fall?

A new island has popped up off the coast of Japan thanks to an underwater volcano

EricM
Go

Re: New Tectonics

To be fair, the very idea that things the size of a continent could actully move _must_ have sound ridiculous, given the everyday knowledge of, say, 1950 ...

Sience has gone a longer way than most people (including most people denying science today) are aware of ...

EricM
Happy

They don't need to.

They probably already built a Submarine base there years ago, that can be converted to a normal port now...

:-)

Have you tried turning server cores off and on again? HPE wants to do it for you from GreenLake

EricM

Is this meant to be Oracle-safe?

As Oracle (among others) demads that all "installed" Cores must be licensed, Cores inactived by the scheme would still fit the description.

Other ways of soft-separating Cores from licenses like vCPUs (practically everything short of physical removal) are not accepted by Oracle outside of their own HW.

Legal counselling might need to be required before really calculating any license fees based on that feature.

Intel laid me off for being too old, engineer claims in lawsuit

EricM

Re: Another one?

I agree, if staff is just viewed as expensive and expendable, the older ones also become natural targets as they happen to be more expensive in general.

The point us - I think - the cost of an experienced member of staff can be easily quantified, while his/her contribution to projects ( especially the "been there, done that - and failed, because..." type of contributions ) is hard to quantify.

Additionally there is a fine line between avoiding past mistakes and refusing innovations...

EricM
FAIL

Re: Another one?

No idea if this is better at AMD, but harassing and firing primaryly your most experienced developers - which often happen to be old farts - might be at least a contributing factor in the slow, but steady demise of the entity formerly known as Chipzilla ...

So in fact the cause-effect relationship might be just the other way round: Companies become hostile to aging workforce, probably intended to simply raise the bottom line, and start to fail as direct effect of that actions.

US aviation regulator warns of mid-air collision risk if Garmin TCAS boxes are not updated

EricM

Re: Can I just say that I love the euphemism there...

At busy airports you start most approaches under the assumption that the plane on the runway several miles in front of you - which just also landed or ís preparing for take off - moves itself out of the way well before you actually reach the tarmac.

Sometimes this does not work out in which case the approaching traffic is instructed by the tower to go around.

That is quite a routine process and not necessarily a sign that the tower did not pay attention...

Australian ponders requiring multiple IDs to sign up for social media, plus more crypto-busting backdoors

EricM

Re: But are you implying [...]

Nope, I just think that in 2021 there are ways to prove identity (once we agree that is it necessary to conduct certain business) than handing over social security numbers, passport numbers, credit card numbers, copys/photos of passports or something similar.

Permanently storing information at each and every hotel/phone shop/website/etc. that allows an attacker to fully impersonate me does not seem to be the smartest of ideas ....

EricM

Re: It's the same documents...

Sure, these have been, are and will be breached in the future, too.

Short memory?

https://www.theregister.com/2020/10/30/marriott_starwood_hack_fine_just_18_4bn/

However, there are not that many corporations able to lose 500mill IDs in one go, so most incidents get somewhat less publicity ...

Over a decade on, and millions in legal fees, Supreme Court rules for Google over Oracle in Java API legal war

EricM
Thumb Down

Nope, things didn't change

Your description of Oracle licensing mechanics is still fully correct in 2021.

Sadly, the catastrophic impact with Apophis asteroid isn't going to happen in 2068

EricM
Alien

Re: Dear/Darn scientists

No problem.

Just deploy an impactor that will change Apophis's vector by just some single digit m/s by 2025.

Least impact energy will be needed near Aphelion.

Over the following 4 years this minimal correction will deliver the needed delta-V to hit a target of your choosing in 2029...

If you need more time to ramp up sales, change the target time to a different close fly-by further in the future.

Google's ex-boss tells the US it's time to take the gloves off on autonomous weapons

EricM

Why build those, too? We do need a way to effectively kill them...

There is currently no plausible scenario where large groups of autonomous robots are marching against each other on a field or so.

Would investing in anti-autonomous waepon technology not be the wiser move?

Develop sensor-decieving technology making humans desappear from sensors, make locating autonomous waepons easier, deploy personal EMPs and other weapons that selectively kill automated gear.

Not quite as cool as a fighting robot, but probably way more effective in battle ...

Oracle sweetens Java SE subscriptions with a spoonful of free ‘GraalVM’ runtime said to significantly speed Java

EricM

Re: This is Oracle.

Couldn't have said it better. Technology is usually not what makes or breaks use of Oracle Tech in the enterprise. Licenses, a worst-case mindeset when counting CPUs, cores, memory and users - and of course Lawyers are ...

IBM cloud tries to subvert subscriptions with pricing plan that stretches some discounts

EricM

This kind of makes the financial motivation of moving to the cloud moot

Brick and Mortar Infrastructure : You pay flat, even for underused servers/services.

Cloud: you pay only what you need.

Cloud "committed use" : You pay flat, even for underused servers/services.

OK, you shed the responsibility to run the IT, employ non-core techies, etc.

But many of the financial arguments pro-cloud do no lkonger apply to this model.

Oculus owners told not only to get Facebook accounts, purchases will be wiped if they ever leave social network

EricM

Tying unrelated goods/services together ...

... to excert control ovver customers and/or hurt the competition?

IANAL and all, but this just sounds like the perfect application for antitrust law...

We won't leave you hanging any longer: Tool strips freeze-inducing bugs from Java bytecode while in production

EricM
WTF?

What has happened to deterministic behavior?

In which type of "production" system is it desireable to have a program carrying on after some kind of corruption/hang was fixed based on statistical data?

A hanging program at least stops making stupid things. A statistically "fixed" program may do basically anything ,,,

This cure might be worse than the desease.

Call me old-fashioned, but I prefer my programs to behave deterministically.

If that means failing at a certain event, so be it ...

Software AG hit with ransomware: Crooks leak staffers' passports, want millions for stolen files

EricM

Re: All made possible by Bitcoins...

Which is true, but e-currencies drastiliy reduce the risk for the attacker while scaling perfectly.

There's a point to the OP's argument...

EricM

Re: One word: Darwin

"Won't that just motivate hackers who aren't in it for the money, like state-sponsored hackers?"

These type of hackers are typically motivted independant from monetary rewards, but based on a tactical or strategic decision by a government.

So cutting the monetary reward would not eliminate the overall threat, it would just reduce the number of attackers.

I do not see any additional motivation for state sponsored hackers by outlawing ransom payments.

EricM

One word: Darwin

Especially because of exactly this argument, which is very understandable given the economic position of a victim, ransom payments need to be forbidden by law.

If this means bancruptcies, OK, let Darwin take its toll.

By continuing to willingly incentivize predators while keeping targets softer than necessary we will create more predators feeding on a soft population until the economic system of cyber-insurances becomes unbearably expensive - which will also lead to bancruptcies.

By terminating the soft victims early, the more hardened targets will survive and form a more hardened population while at the same time cutting the incentive for the predators to close to zero.

Will be cheaper from a society's position.

Britain should have binned Huawei 5G kit years ago to cuddle up with Trump, says Parliamentary committee

EricM

While I fully agree that this should theoretically not be a valid reason, based on the isolated international situation the UK has brought itself into with an unregulated Brexit upcoming, cozying up to literally anyone/anything it can find may well be a practically very valid reason for political decisions ...

Expect more of this kind of "decision making" in the near future...

What was that slogan again? "Take back control"? Well ...

Woman dies after hospital is unable to treat her during crippling ransomware infection, cops launch probe

EricM

patch everything as soon as you can?

As a general rule: Sure.

But you also must consider that patching can break things, too.

Additioanlly and ironincally in security-relevant areas like hospitals, patching is additionally slowed down by the necessary certifications a patch has to retrieve, before it can be rolled out.

Factual security and on-paper security might differ substantially in especially those areas that need it most...

Oracle customers clamor for its hardware. Yup, hardware. It can't build Exadata fast enough

EricM
Alert

If it currently looks attractive, that's because Oracle still has competition to fight...

Judging from their database sales-tactics, once enough customers are properly locked in, this might change slighty...

Amazon spies on staff, fires them by text for not hitting secretive targets, workers 'feel forced to work through pain, injuries' – report

EricM

Re: Yeah, do not feed it - or jour own job will look like this, soon

I realize now my remark can easily be misunderstood ...

What I menat was that the abuse of workers makes Amaozon quite fit against their competition who treats workers more fairly - if customers continue to shop at amazon.

Then Amazon and companies acting as ruthless as Amazon will take over the market in the long term.

So sooner or later most jobs will be like the jobs described in this article - if customers continue to shop at amazon.

So basically they shouldn't.

EricM

Yeah, do not feed it - or jour own job will look like this, soon

Survival of the fittest, remember?

Breaching China's Great Firewall is hard. Pushing packets faster than 1Mbps once through is the Boss Fight

EricM

Re: So even in China simple commercial greed does more harm ...

sure, that's why I used "so-called" before and "\"" around the word communism....

EricM

So even in China simple commercial greed does more harm ...

than their so-called "communism" and contol-madness combined.

Interesting ...

So long, Top Gun... AI software waxes US F-16 pilot's tail 5-0 during virtual dogfight drills

EricM

There are differences between a simulation and reality

Not necessarily

While an AI can undoubtly pull G's up to the frame's limits and has faster per-se reaction speed it also will have to deal with real-world, unclear and contradictionary radar, microwave and optical sensor inputs to keep its situational awareness in an environment where electronic countermeasures are actively used and expected to evolve fast.

That awareness is currently delivered by the simulation for free.

So all this simulation currently shows is that the AI can play an elaborated videogame better than a human.

I'm not sure how this would translate into a real-world battle, where the AI "pilots" , their capabilities, tactics and reactions are known to the adversary.

Trump administration reportedly offers Oracle cheap end to $400m wage discrimination case

EricM

Oracle "Big Data Management" to fight Covid-19? Don't think so ...

I bet it is instead used for free by the Trump team to optimally influence that part of the republican voter base that is still locked in the alterate FOX universe.

Because who cares about a pandemic when there are elections to win?

Once considered lost, ESA and NASA's SOHO came back from the brink of death to work even better than it did before

EricM

Re: A fitting tribute to intelligence and sheer dogged determination

> The problem is that politics involves people

Yep, I need to agree :)

> and they are generally not too happy if you try to force on them an upload sequence that makes them operate in a different fashion.

Oh, but that exists. It's called "convincing" people ... And even engineers have to do that a lot.

> Hardware is a lot more biddable than meatware.

I'm not so sure about that point. Looking at the state of politics, conspiracy theories and the like, it seems rather easy to convince at least some people of very weird things.

If I upload code to hardware it at least has to be syntactically and logically correct :)

EricM

Re: A fitting tribute to intelligence and sheer dogged determination

> they get results when everyone else thinks it's the end of the line.

Second that.

However, I often wonder if engineering mindsets could also reshape other areas, where rationality and the will and capability to make things work (instead of the opposite) often appears to be in short supply.

Politics comes to mind, national and international, where engineers are strongls underrepresented.

Wrangling control somewhat away from manager types, economists and lawyers might prove worthwile also down here ...

Then again, I understand every engineer that fails to find enthusiasm for politics at the current state of affairs ...

UK intel committee on Russia: Social media firms should remove state disinformation. What was that, MI5? ████████?

EricM

Re: If you acknowledge Russian operations supporting UK separatism - what's the consequence?

> Turned out in our favour? Hardly...

No it did not turn out in favour of the IK, that remark was written from the perspective of the current UK PM, respectively from his party, who advocated for Brexit.

So now the same party that profited from the Russian efforts would need to investigate ist ...

> The best defence against Russian aggression is a united Europe,

I fully agree.

EricM

If you acknowledge Russian operations supporting UK separatism - what's the consequence?

What can the government do? Go back to the people and declare THE major vote of the past years (which even turned out in your favor) to be invalid because the vote was influenced by Russia to an uncertain degree?

Even though part of the electorate is still convinced that the arguments pushed by Russian bots are "true" and some of your own politicians including the PM heavily bought into these arguments?

Sounds like a receipe for major disaster.

Europe ( includeing the UK) needs to find an defensive and an offensive way to deal with this foreign influence and minimize its impact - even though this influence plays into the cards of some politicians.

Otherwise Russia continues to play divide and conquer on a global scale unmitigated.

The best way I see for the UK would be to minimize damage by making Brexit as soft as necessary as to not weaken combined UK and EU's economical and military capabilities more than absolutely necessary.

Hard Brexit only will reward Russia for its efforts.

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

EricM

Is there any advantage left by using commercial certs?

Or can all commercial websites now just migrate to let's encrypt?

Maze ransomware gang threatens to publish sensitive stolen data after US aerospace biz sensibly refuses to pay

EricM

Re: An sensible response, indeed

Agree, however, determining physical locations is very hard in most instances of an electronic attack.

And even if you succeed, SEALs blowing up a coworking space in downtown SF or SAS in an east London neighborhood might not be seen as an adequate reaction by some ...

EricM
Thumb Up

An sensible response, indeed

That's exactly the way to put these crooks out of business.

Paying ransom makes the problem worse for everyone.

The point of containers is they aren't VMs, yet Microsoft licenses SQL Server in containers as if they were VMs

EricM

Yeah, smells like "embrace, extend, ..." of Oracle's bullshit VM policies...

... but I do not expect the usually following "extinguish" in this case, though ...

As Brit cyber-spies drop 'whitelist' and 'blacklist', tech boss says: If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother

EricM

Oh, so the GCHQ has "customers" ...

That might explain a lot ...

Why should the UK pensions watchdog be able to spy on your internet activities? Same reason as the Environment Agency and many more

EricM

This is a textbook example on why to avoid "slippery slope" regulations at all cost

Once the UK agreed to create mass snooping capabilities for use against terrorists, these capabilites created demand in all other departments of government.

You _can_ better assess, direct and punish a population in a number of ways without any privacy laws in the way plus full suveillance. Most citizens of former Eastern Germany know that well from experience...

After all, only a citizen, that is observerd 24/7 is a) a secure citizen and b) a citizen _constantly_confirmed_ to be abiding the law.

While China was doing it openly to supress, in the UK it happened under the disguise (and maybe even intent) to fight terrorism. However, the result, as you will experience, is mostly identical.

Hopefully your example will at least spare some other countries the same fate as they have the opportunuty to learn by example.

I wish you good luck since reversing this situation and prying surveillance powers back from government agencies all over the place will be much more difficult than preventing it happening in the first place...

Ransomware scumbags leak Boeing, Lockheed Martin, SpaceX documents after contractor refuses to pay

EricM

Re: You are not really familiar with computer security, are you?

Sure you do that - you block all known attack vectors to access the data.

Until someone comes up with a new idea or - as is likely in this case - someone turns an authorized user's computer into a trojan horse that effectively steals the documents.

For encryption at rest:

Many people think that's a silver bullet, however, if continous accessability of the information is part of the requirement (which is true in most cases) you need to distribute the password/private key in some form to the point of access, otherwise even the authorized end user cannot read and work with the data. That's why I tend to view most implementations of encryption at rest somewhat as snake oil. The just make it somewhat harder to extract cleartext data.

Same problem with air-gapping systems.

In this case you need to bring every user of the data behind the air gap. Which excludes such a solution from most real-world scenarios.

Especially in complex distributed development, where optimized sharing of documentation/information is regarded as key to mission success..

EricM

Re: You are not really familiar with computer security, are you?

> That is part of what I'm talking about - is it a fundamental truth that invisible doors and papier maché walls will exist? If so, why?

Neccesarily. Whatever you need to do in computer security, securing Websites, Web-Apps or simply securing documents inside a company, you need to work with existing (and continually changing) hardware, firmware, drivers, operating systems, network protocol implementations, firewalls, management solutions, etc.

Every component you work with is updated regularly (if you do it right). This means a) known bugs a closed, b) new features are added and c) new bugs are introduced, every single one a potential new door.

On all architecture levels mentioned above - simultanously.

> too much reliance on "somebody else".

Yes, every application you create/run/maintain today sits on a ton of other software you cannot control.

OK, you _could_ try to create a for example document management solution based on your own Hardrware, firmware, drivers OS, own network stack, own firewall code and finally own application.

But you'd need to invest thousands (millions?) of man-years to create and test tons of new new code.

And with an overwhelming probablitity your own code will have many more bugs than the stuff already on the market that has been tested in in thousands of installationson.

So, yeah, relying on somebody else is a problem, but having to code everything up from bare matal yourself would pose a worse problem in terms of security, let alone feasability.

EricM

Re: You are not really familiar with computer security, are you?

> Now imagine the liability if you used that place to store hugely valuable stuff. You would have done your due diligence on the building before using it, and not taken someone else's word for its security. To do otherwise would find you liable for civil and possibly criminal action.

Accept criminal liability for security in a world where invisible doors exist and you cannot tell concrete and cardboard apart?

I'd get a new job immediately, since no amount of due diligence will make sure I have not overlooked one of the invilible doors. Or that no new door will pop up due to changes made by somebody else tomorrow.

EricM

You are not really familiar with computer security, are you?

As a virtual real world example :

Try to secure a building. You use Perimeter controls, fences, secure doors, alarms, etc. Not hard, right?

Now try to imagine to secure a building where fences have holes you cannot see. Where walls have doors you cannot see. Some walls that used to exist forever are gone the next day. Some walls only look like walls when in reality they are just props from a film set. Where people that you cannot control are working on structural changes and who routinely refuse to tell you what they did. Where alarms notice some trespassers while ignoring others. Where you learn one day that while you thought you had the only keys to the building, the company who made the doors was handing out every key to every door they ever made to anyone who asked...

Good luck with that...

Astroboffin gets magnets stuck up his schnozz trying and failing to invent anti-face-touching coronavirus gizmo

EricM

At least he tried to DO something meaningful ...

Contrary to people writing sarcastic comments here ...

Theranos vampire lives on: Owner of failed blood-testing biz's patents sues maker of actual COVID-19-testing kit

EricM

0.00 as "reasonable compensation" for suing patent lawyers in this situation is too generous...

On an emotional level I'd like to see the the pitchfork- based responses above implemented, but that's a bit too much 18th century style ...

But what about some 100hrs of community service to make up for the crap they cause?

Don't be fooled, experts warn, America's anti-child-abuse EARN IT Act could burn encryption to the ground

EricM

Problem: Math does not know if you are crook or cop.

Stopping E2E encryption of Whatsapp and Apple - Then what? Criminals/child predators moving to other services, of course. So what will be the next steps?

Will Telcos be forced to provide crackable in-transit encryption (like a backdoored https) in order to "earn" or keep their exemptions?

Will Hosting providers be forced to only provide crackable at-rest encryption in order to earn or keep their exemptions?

As the "law" would just authorize basically *anything* a comission comes up with, this could become a very slippery slope...

Math laws cannot be selectively enforced for citizens and waived for police. Every encryption that becomes crackable/backdoored for police will also become crackable for criminals.

So software and services of US origin will become insecure in a very basic sense of the word.

As a consequence, once this really becomes law, we will probably see the downfall of the great US software empire, as only the EU and Asia will be able to construct secure products.

Campaigners cry foul play as Oracle funds conservative lobby group supporting its court case against Google

EricM

Re: Who expects honesty and decency from Oracle ?

""Who expects honesty and decency from Google" I would also have agreed."

Agree, and I must say I'm not into this topic for Google. or for honesty and decency for that matter.

But if Oracle wins this case, the whole software industry which, since its inception, always was based on the fact that APIs are not copyrightable, will suffer heavily under lawsuit after lawsuit.

EricM

"They go after many respected think tanks and call them 'Google shills' while themselves getting money directly from Oracle"

Well, after all, accusing the other side of what you are guilty doing, is, in fact, an as widely used strategy as is buying support from groups that are portrayed as being neutral and interested in "public wellbeing".

A classic comms strategy, albeit dishonest and opportunistic ...

10/10 on the Oracle scale, I' say .

Let's hope the judges see through this ...

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021