Re: Burn the fuckers.
That is like stating that Johnson was responsible for the party in 10 Downing Street. Geez. He just lived there.
334 posts • joined 20 Apr 2019
Partnerships are a reality. Collaborations are a reality. Two companies may need to work together on projects, account payments, approvals, etc. Many times a company will create separate groups: employees who deal with IBM and, separately, employees who deal with MSFT. It is normal for these employees to collaborate with their customers and vendors on a very close basis.
The best examples are employees of audit companies, which by the very nature of their tasks, can't be the audited company's employees.
After looking at the Decentralized finance apps for over a year, I have come to the conclusion that the code is about as buggy as any other application code.
Moreover, being decentralized is a boon to hackers.
Security practices don’t exist.
Reporting issues come back with: prove to that a bug can be exploited. The better approach is to ensure each block is secure and consistent.
The thing is that making this much money gets into the programmers head and they think they are Supermen.
I work with insurance companies (not for) on security issues and, to tell the truth, they are not the bad guys. They are the people who are behind lots of the features like proximity sensors, lane assist/drift sensors, etc. They have number-crunchers who find patterns and force car companies to change their ways.
For example, their lawyers must already be talking to Honda, telling them that they will not absorb the cost of any theft. And Honda may quietly cover the cost.
I do see state-sponsored attacks by Russia being attempted.
I also think Biden is giving a heads-up to the industry folks.
OTOH, what we don't know are the tools that NSA will use to block the attacks. In the industry, the going mantra is: state-sponsored cyber-attacks require the NSA to step in.
Putin never realized that democracies look splintered and slow but on the whole are much more powerful than dictatorships. He just handed the West the keys to Russia. They are going to grind him down and destroy the Russian army and the economy once and for all.
Most processor vendors do provide the tools. Android also comes with the tools. Time and again I have seen engineers neuter the systems as it is too hard to wrap their heads around the system. I see fixed keys all the time.
The additional problem is that Samsung is also the processor vendor.
This territorial fight is so useless given that the wealth of nations and people are tied to bits in ether. Earlier you conquered because you wanted land, slaves to till the the soils, and gold to fight more battles. Now, you don't need any of the 3.
Or am I being naive? That we humans are destined to kill each other ...
Given that there are all these anti-corruption laws that companies like ours have to comply with, I am surprised at the amount of corruption that the politicians engage in. They live in palaces, have private planes, etc.
I wonder where they are hiding their money ... probably somewhere around here as prime silicon valley property or other instruments.
Maybe the VPN interception will be a good thing? Maybe make the IP addresses public?
The last report said90% of engineering was in China. The other 10 % could be support engineers.
Privacy is not a concern in China.
So all those businesses talking to each other over zoom?
Guess what. Just the meta information of who is talking to whom at what frequency and time is good enough.
Remember that we pay MS for the Windows licenses. Then we pay for the IT staff to ensure that the updates don't break the other applications. Then we pay for the IT staff to update all the systems. Meanwhile, we spend an appreciable part of our IT budget on AV systems, Patch Management, all kinds of network protections, etc.
Just so that we can run Word, Excel, Outlook and PowerPoint. Not that these applications are any more secure. And we pay for them too.
What a scam. And we are responsible for our ignorance.
I remember a a presentation by MS Senior VP their Mountain View buildings around 2003-2004 where they touted how many fixes they put out and the effort they were putting into securing their systems. One gentleman politely asked the SVP if Microsoft was going to pay for all the costs required to update systems. The SVP's answer was, "Why should we?" Which either meant that he did not understand the gentleman's question or that he really didn't care about the downstream costs of Windows.
Thanks!!! For CJK, I remember that unification created more "political problems", not technical problems, I believe. It has been 25 years since I worked on it (when it was first introduced) so thanks for the clarification and the updates. I am behind times. Have to look up why they added Vietnamese to the set...
The thing is, Unicode was created to prevent this thing from occurring: characters that look the same should encode to the same value irrespective of the language. This philosophy created real problems for CJK character from Japan and China getting encoded to the same values.
The German paratroopers also penetrated fort Eben-Emael (sp?). Which was disconcerting for the French and the Belgians because the Germans turned around and used it to control everything the fort was supposed to. For the wrong side.
Without zero trust and the current shift from perimeter based architecture to a mesh system, I can’t even imagine any justification for ftp.
FTP depends on everyone else doing the right thing.
You would generally use a file transfer system as part of a tool chain that is used in a process. Starting with a fundamentally unsecured system that can be readily exploited is fairly difficult to fix when security just happens to be required.
Make everything zero-trust. That way you avoid one system failure to become the Maginot line failure.
Simple examples: power distribution systems used FTP and FTP like protocols and then they suddenly became distributed. You can't even change the password because it was appropriate security 50 years ago. Router boxes are another example.
I wonder where FTP would be appropriate vs. SFTP. Just opening up the port is grounds for dismissal. I see small devices use it for firmware upgrade. Unsigned firmware upgrade on the top of it.
If Intel can't get their systems secure just for a simple OS, how can we trust that they do their entire computation on your behalf, including a large set of services, in a secure manner?
Frankly, the concept is interesting but the devil is in the details. Moreover, it is just not possible for Intel to execute anything securely. Their bean counters will be pushing for higher speeds and will run over their security people.
I think I have come across only one instance where shielded cables were used. Otherwise it is all twisted pairs. For shielding to work properly, you have to ground it. The plastic RJ-45 connectors are not grounds.
And yes, I do make my own cables to length and have for more than 20 years. You need special connectors to help ground the shield, if present.
Microsoft is back to where it was 20 years ago; arrogant and too big to change.
So they have NO need to change. Organizations change only when they face pain. Organizations feel pain only when management feels pain. The pain has to be personal; they have to lose their jobs.
I still remember programming to Windows, Outlook, and exchange API's which crashed at random intervals. There is even a library called Outlook Redemption to help you write somewhat decent software.
Yup. I expect the following:
1. Whataboutism as a distraction: Well the NSA and the GCHQ does it
2. Attacking the countries for putting out the message without addressing their concerns (they are ganging up on China but without mentioning that it is China that is attacking them)
3. Denying that even happens, ignoring the recent revelations
4. Stating that the Chinese government is actually far better than the others.
The Chinese companies are hellbent on spying on their customers. Xiaomi can even censor your content. Most of the countries are getting overrun by Chinese products which have been deliberately designed to track and, at least one case, control people's communications.
https://www.theregister.com/2021/09/22/xiaomi_phone_handset_censorship_lithuania/
Zoom tracks meta information about who is talking to whom. They would like to know if company A and B are talking to each other and is the traffic going up or down. It can help with business decisions, competitive analysis, etc.
It can tell if a dissident is talking to someone or not.
Length, frequency, speech analysis, etc. will all help them control the entire world.
With Xiaomi having been caught censoring content on phones, we know what the world is going to look like: 1984.
https://www.nksc.lt/doc/en/analysis/2021-08-23_5G-CN-analysis_env3.pdf
Biting the hand that feeds IT © 1998–2022