Posts by Reader2435

> The official announcement of his sentence claimed Brovko was part of a “$100m botnet conspiracy,” though that figure is a little suspect: it was based on details of 200,000 devices and PCs stored on Brovko’s computer gear multiplied by $500, the minimum dollar value required by law for a charge of unauthorized device access.

A *little* suspect!!?? What!!??

Do these lawyers have no shame and no desire to even pretend they are involved in fair system of justice? Brovko was part of a $100 million conspiracy because that's the number we made up. We have to make up that figure to be able to charge him with the offences we want to charge him with. I thought Steven Avery / Wisconsin (a case of truly shocking corruption starting in Wisconsin but ultimately involving the entire US legal system) was an anomaly but perhaps America had entirely moved away from any interest in truth within its justice system.

News just in...

News just in - in a recent report, listed company tells its shareholders 'Don't Panic'. Phew, that's alright then.

Boeing: "The FAA review and process for returning the 737 Max to passenger service are designed to result in a thorough and comprehensive assessment."

Their process 'for returning the 737 Max to passenger service'... I would hope it's a process for 'determining whether the 737 Max is safe to return to passenger service.'

Boeing seem certain that the FAA will pass the 737 Max as fit to fly - I wonder why that would be...

The good ol' U.S. of A - Land of the free, home of the brave.

Or should that be: Land of those whose ancestors were free, home of the not-quite-brave-enough-to-try-changing-their-own-oil.

Artificial Intelligence

The clue's in the name. It's not 'synthetic intelligence' (which might be real but synthesised) but artificial - not real. As my AI tutor explained to us in the early 1990s, AI can be very powerful but its performance degrades sharply at the edge of its problem domain.

In other words, when anomalies arise, AI fails big.

Gregory Travis' recent analysis of Boeing's MCAS system "How the Boeing 737 Max Disaster Looks to a Software Developer" is a very powerful expose of how dangerous AI is in safety systems.

The value of blockchain

There seems to be two values of blockchain:

1) It's made lots of money for those who have been involved in mining. But by that, I do not mean the miners, necessarily, but hardware vendors, exchange operators, etc.

2) It is so complex that it is the perfect snake oil because the complexity makes it impossible for the salesman to be proven wrong... so long as he/she ensures that none of their proffered solutions ever actually gets built!

Swimming against the tide

So people want to fix their own phones, huh? No, they don't. If they did, they would do a quick search on a well-known Internet video site, see how easy most jobs are already... and then do it.

Seriously, replacing the screen or battery on most phones is already do-able for about £20. I've done about 15 fixes for friends and family. Every time I advise them that I provide no warranty - it might work after it's passed through my hands and it might not. Every time the device has been like new after the fix apart from one iPhone 6 which needed a new front-facing camera... which cost £2 off a well-known Internet auction site and was easy to fit.

I suspect that what people want is for it to be cheaper, easier and quicker to get someone else to do it for them. That is the modern way, sadly.

Free speech

"I disapprove of what you say, but I will defend to the death your right to say it" - born 1906, killed circa 2010 by social media.

"... Can anyone fill in the blanks?"

Yeah. Do you think developers at corporations should work for free, in their own time? If not then they are limited to the time (budget) allocated to the project.

Dev: Boss, do you want this error-free? We'd need code reviews and a comprehensive test frameworks, etc.

Boss: How much more would that cost?

Dev: (cost of crap code) * n

Boss: Well, lets' see if we can minimise n, shall we?

Dev: OK, boss.

Why do you think Linux is stealing the OS market? No bosses. The devs do it right.

Useful contribution by Mr Filiol... but I'm sure that safe backdoors could be put into crypto if we just use the right hashtags...

Can I take up my seat in the house of commons now? Or did I prove myself over-qualified by getting his name right?

HMRC web-crash

I had the great misfortune to need to use the HMRC site last week. I've never seen such an absolute train-crash of a website. The form I wanted required login... to get to a public *form*, not any data. The login page forwarded not to the form that the link had promised but to a 403 Access error... for a form!

The complaints form was public but you had to already have a valid complaint reference before you could register a complaint... no, I kid you not!

The online support chat service was staffed by someone who could not (or would not) use any capital letters or punctuation and knew less about their own job than they did about English.

Just incredible. I'm no fan of M$ but if they were allowed to sneak their grubby paws into the till at least we might get a working system out of it...

It's not a Psion without the software

I had the Siena and Revo... and lots of dead machines bought cheap off eBay for fixing them up when the hardware failed. I got quite good at swapping all sorts of bits out when they went duff. The hardware was very good, despite the limited life-expectancy but what made the machines for me was the software - it was feature-packed, supporting all sorts of useful features, especially in the diary and contacts manager, that I have looked for but never seen since in PDAs or smartphones. Even simple things like reverse-lookups - perfectly executed on Psion with a quick hot-key and power options... but very rarely supported on any other devices. So for me the software is the key... and from the article it seems it's the one bit that Gemini is not offering - shame. To me, without the software, the prototype looks like an Android device with a keyboard strapped on... good luck but take a close look at RIM (Blackberry).

Piggy in the middle

I once had the pleasure of being one of the first to use a UK mobile operator's location API for locating handsets. They assured me that they had several other customers happily using the API and I set to work coding against the interface; it was SOAP with a WSDL interface definition. When I ran my client it retrieved the WSDL but always failed to connect to the SOAP server and after a little debugging I found that the server location embedded in the WSDL wasn't valid - it looked like a token rather than a fully-qualified hostname or IP address. I called the operator and they assured me that their other users hadn't had a problem using the API. But it made no sense - how was my SOAP client meant to access a server it didn't have an address for? So I phoned them again, explained again and again they insisted that it was a problem at my end. I knew it wasn't and refused to give up. Eventually they advised me to talk to their supplier in Canada which I did - the supplier said "Yeah, that token is there to allow their system to do load-balancing - it should get replaced with a server address as it's being served out to you. I've been telling them for weeks that it's not set up right but they wont fix it."

I called the operator again and asked them for the address of the SOAP server. I then wrote a proxy that mediated between my client and their system and when it saw the token come back it swapped in the proper address - all good.

I understand their new location API service wasn't very successful... I wonder why...

Scam them back...

Every minute they're on the line to you they're not stealing off someone else.

My favourite trick is to spend a minute or two convincing them that I've fallen for the scam hook line and sinker. Then I go and ring my own doorbell and I tell them "Oh, hang on a minute, there's someone at the door - I'll be back in a minute"

I then put the phone down on the table and walk away. It's amazing how long some of them hang on for!

Drive-by or not drive-by?

From the article's title: "drive-by Wi-Fi security hole"

From the article: "an attacker simply needs to be within Wi-Fi range to silently take over an at-risk Apple or Android device"

Also from the same article: "Published as a standard in 2011 and given Wi-Fi Alliance certification in 2012, TDLS lets devices exchange data as peers, without passing data through an access point, as long as they're both associated with the same access point"

It seems the title and first quote are wrong - an attacker and victim have to be associated with the same access point. It's still a big issue of course... but not for devices on your home network that don't roam (assuming you secure your home net)...