* Posts by Reader2435

21 publicly visible posts • joined 5 Apr 2017

Russian jailed for eight years in the US for writing code that sifted botnet logs for web banking creds for fraudsters

Reader2435

> The official announcement of his sentence claimed Brovko was part of a “$100m botnet conspiracy,” though that figure is a little suspect: it was based on details of 200,000 devices and PCs stored on Brovko’s computer gear multiplied by $500, the minimum dollar value required by law for a charge of unauthorized device access.

A *little* suspect!!?? What!!??

Do these lawyers have no shame and no desire to even pretend they are involved in fair system of justice? Brovko was part of a $100 million conspiracy because that's the number we made up. We have to make up that figure to be able to charge him with the offences we want to charge him with. I thought Steven Avery / Wisconsin (a case of truly shocking corruption starting in Wisconsin but ultimately involving the entire US legal system) was an anomaly but perhaps America had entirely moved away from any interest in truth within its justice system.

Go champion retires after losing to AI, Richard Nixon deepfake gives a different kind of Moon-landing speech...

Reader2435

Re: Poor PR people

He's trying to get a job on Fun With Flags, presented by Sheldon Cooper.

Brexit? HP Inc laughs in the face of Brexit! Hard or soft, PC maker claims it's 'no significant risk'

Reader2435

News just in...

News just in - in a recent report, listed company tells its shareholders 'Don't Panic'. Phew, that's alright then.

You're not Boeing to believe this, but... Another deadly 737 Max control bug found

Reader2435

Boeing: "The FAA review and process for returning the 737 Max to passenger service are designed to result in a thorough and comprehensive assessment."

Their process 'for returning the 737 Max to passenger service'... I would hope it's a process for 'determining whether the 737 Max is safe to return to passenger service.'

Boeing seem certain that the FAA will pass the 737 Max as fit to fly - I wonder why that would be...

Quit worrying about killer robots, they are coming whether you like it or not – and they absolutely will not stop

Reader2435

When the other side has the same type of weapons ready to go...

Tractors, not phones, will (maybe) get America a right-to-repair law at this rate: Bernie slams 'truly insane' situation

Reader2435

The good ol' U.S. of A - Land of the free, home of the brave.

Or should that be: Land of those whose ancestors were free, home of the not-quite-brave-enough-to-try-changing-their-own-oil.

Complex automation won't make fleshbags obsolete, not when the end result is this dumb

Reader2435

Artificial Intelligence

The clue's in the name. It's not 'synthetic intelligence' (which might be real but synthesised) but artificial - not real. As my AI tutor explained to us in the early 1990s, AI can be very powerful but its performance degrades sharply at the edge of its problem domain.

In other words, when anomalies arise, AI fails big.

Gregory Travis' recent analysis of Boeing's MCAS system "How the Boeing 737 Max Disaster Looks to a Software Developer" is a very powerful expose of how dangerous AI is in safety systems.

It only took Oz govt transformation bods 6 months and $700k to report that blockchain ain't worth the effort

Reader2435

The value of blockchain

There seems to be two values of blockchain:

1) It's made lots of money for those who have been involved in mining. But by that, I do not mean the miners, necessarily, but hardware vendors, exchange operators, etc.

2) It is so complex that it is the perfect snake oil because the complexity makes it impossible for the salesman to be proven wrong... so long as he/she ensures that none of their proffered solutions ever actually gets built!

Reader2435

Re: Just 'Unnecessary'? What about 'Wouldn't Work'?

@Jim Mitchell

Well, I guess that is another way of asking the same question I asked in my post - how *can* blockchain be gainfully used without the blockchain being the ledger for something of value (e.g. Bitcoin or any other cryptocurrency) which only has value due to the difficulty in extending the blockchain.

In other words, can either exist without the other?

Can the two be separated and still offer value?

Of course a blockchain can *exist* without Bitcoin... like my wallet exists if I remove all its contents... the difference is that my money doesn't lose all value if removed from my wallet!!!

I'm happy to accept that there may be some other application for blockchain other than currency that derives its value from the extension of the blockchain... I just haven't seen one yet that makes sense. Or would work. By 'work', I mean: deliver the features promised. Again, I would be genuinely happy to have one explained to me! Just one...

Reader2435

Just 'Unnecessary'? What about 'Wouldn't Work'?

Bitcoin works because a) there are many copies of the blockchain around which can be compared to each other and b) it's intentionally very difficult to solve (or corrupt/replace) blocks.

a) only happens because people are incentivised to maintain copies - because there is 'real' (potential) value in their Bitcoin holdings, recorded in that very blockchain.

b) can only be made so difficult and yet folk still crack it because the miners accept that that is exactly where the 'value' (read rarity) of the mined Bitcoin appears from.

In most of these other applications, neither a) nor b) would hold. So the whole darn thing quickly unravels like a chocolate teapot. I would be happy to be proved wrong if anyone can provide a detailed explanation so that I can finally understand how these other applications are supposed to work but as far as I can see, for *most* applications it is not only unnecessary but it wouldn't even provide the features that its proponents claim it can.

Motorola: Oops, phone busted? Grab a spudger and go get 'em, champ

Reader2435

Swimming against the tide

So people want to fix their own phones, huh? No, they don't. If they did, they would do a quick search on a well-known Internet video site, see how easy most jobs are already... and then do it.

Seriously, replacing the screen or battery on most phones is already do-able for about £20. I've done about 15 fixes for friends and family. Every time I advise them that I provide no warranty - it might work after it's passed through my hands and it might not. Every time the device has been like new after the fix apart from one iPhone 6 which needed a new front-facing camera... which cost £2 off a well-known Internet auction site and was easy to fit.

I suspect that what people want is for it to be cheaper, easier and quicker to get someone else to do it for them. That is the modern way, sadly.

'The inmates have taken over the asylum': DNS godfather blasts DNS over HTTPS adoption

Reader2435

Re: Who needs DNS anyway?

"It's not beyond the wit of a young person to use a literal IP address to look at things their parent doesn't like them seeing"

Are you kidding? In my experience, it's beyond the wit of most young people to do anything more technical than click on links in a browser. Having unsuccessfully made significant efforts to interest my kids in the workings of IT, I would be delighted if they started to poke around under the bonnet to bypass my parental controls, especially as they are now at the age where the controls aren't really necessary.

London Mayor calls for social networks and sharing economy to stop harming society

Reader2435

Free speech

"I disapprove of what you say, but I will defend to the death your right to say it" - born 1906, killed circa 2010 by social media.

Ugly, perfect ten-rated bug hits Cisco VPNs

Reader2435

"... Can anyone fill in the blanks?"

Yeah. Do you think developers at corporations should work for free, in their own time? If not then they are limited to the time (budget) allocated to the project.

Dev: Boss, do you want this error-free? We'd need code reviews and a comprehensive test frameworks, etc.

Boss: How much more would that cost?

Dev: (cost of crap code) * n

Boss: Well, lets' see if we can minimise n, shall we?

Dev: OK, boss.

Why do you think Linux is stealing the OS market? No bosses. The devs do it right.

We need to talk about mathematical backdoors in encryption algorithms

Reader2435

Useful contribution by Mr Filiol... but I'm sure that safe backdoors could be put into crypto if we just use the right hashtags...

Can I take up my seat in the house of commons now? Or did I prove myself over-qualified by getting his name right?

Murdoch's Fox empire is set to become a literal Mickey Mouse outfit

Reader2435

Re: A very rich mouse

I wonder what Murdoch will do with the money ?

Probably hoping to do a deal to buy immortality... with whoever can supply it...

New HMRC IT boss to 'recuse' herself over Microsoft decisions

Reader2435

HMRC web-crash

I had the great misfortune to need to use the HMRC site last week. I've never seen such an absolute train-crash of a website. The form I wanted required login... to get to a public *form*, not any data. The login page forwarded not to the form that the link had promised but to a 403 Access error... for a form!

The complaints form was public but you had to already have a valid complaint reference before you could register a complaint... no, I kid you not!

The online support chat service was staffed by someone who could not (or would not) use any capital letters or punctuation and knew less about their own job than they did about English.

Just incredible. I'm no fan of M$ but if they were allowed to sneak their grubby paws into the till at least we might get a working system out of it...

The new, new Psion is getting near production. Here's what it looks like

Reader2435

It's not a Psion without the software

I had the Siena and Revo... and lots of dead machines bought cheap off eBay for fixing them up when the hardware failed. I got quite good at swapping all sorts of bits out when they went duff. The hardware was very good, despite the limited life-expectancy but what made the machines for me was the software - it was feature-packed, supporting all sorts of useful features, especially in the diary and contacts manager, that I have looked for but never seen since in PDAs or smartphones. Even simple things like reverse-lookups - perfectly executed on Psion with a quick hot-key and power options... but very rarely supported on any other devices. So for me the software is the key... and from the article it seems it's the one bit that Gemini is not offering - shame. To me, without the software, the prototype looks like an Android device with a keyboard strapped on... good luck but take a close look at RIM (Blackberry).

Hell desk to user: 'I know you're wrong. I wrote the software. And the protocol it runs on'

Reader2435

Piggy in the middle

I once had the pleasure of being one of the first to use a UK mobile operator's location API for locating handsets. They assured me that they had several other customers happily using the API and I set to work coding against the interface; it was SOAP with a WSDL interface definition. When I ran my client it retrieved the WSDL but always failed to connect to the SOAP server and after a little debugging I found that the server location embedded in the WSDL wasn't valid - it looked like a token rather than a fully-qualified hostname or IP address. I called the operator and they assured me that their other users hadn't had a problem using the API. But it made no sense - how was my SOAP client meant to access a server it didn't have an address for? So I phoned them again, explained again and again they insisted that it was a problem at my end. I knew it wasn't and refused to give up. Eventually they advised me to talk to their supplier in Canada which I did - the supplier said "Yeah, that token is there to allow their system to do load-balancing - it should get replaced with a server address as it's being served out to you. I've been telling them for weeks that it's not set up right but they wont fix it."

I called the operator again and asked them for the address of the SOAP server. I then wrote a proxy that mediated between my client and their system and when it saw the token come back it swapped in the proper address - all good.

I understand their new location API service wasn't very successful... I wonder why...

PC repair chap lets tech support scammer log on to his PC. His Linux PC

Reader2435

Scam them back...

Every minute they're on the line to you they're not stealing off someone else.

My favourite trick is to spend a minute or two convincing them that I've fallen for the scam hook line and sinker. Then I go and ring my own doorbell and I tell them "Oh, hang on a minute, there's someone at the door - I'll be back in a minute"

I then put the phone down on the table and walk away. It's amazing how long some of them hang on for!

Apple fans, Android world scramble to patch Broadcom's nasty drive-by Wi-Fi security hole

Reader2435

Drive-by or not drive-by?

From the article's title: "drive-by Wi-Fi security hole"

From the article: "an attacker simply needs to be within Wi-Fi range to silently take over an at-risk Apple or Android device"

Also from the same article: "Published as a standard in 2011 and given Wi-Fi Alliance certification in 2012, TDLS lets devices exchange data as peers, without passing data through an access point, as long as they're both associated with the same access point"

It seems the title and first quote are wrong - an attacker and victim have to be associated with the same access point. It's still a big issue of course... but not for devices on your home network that don't roam (assuming you secure your home net)...