* Posts by h4rm0ny

4560 publicly visible posts • joined 26 Jul 2008

UK spies: You know how we said bulk device hacking would be used sparingly? Well, things have 'evolved'...

h4rm0ny

And yet at the time, there were those saying this wouldn't happen.

There are always those saying these things wont happen. And by the time it does, they're busy saying something else wont happen and that everybody knew the other thing would and why are you still talking about it?

When new powers are introduced, unless penalties are for misuse of those powers are introduced at the same time, they will always be abused.

Microsoft polishes up Chromium as EdgeHTML peers into the abyss

h4rm0ny

I disagree. Browsers should adhere to standards and not enhance without changing the standard first. Enhancing standards has always been caustic to the web and is how we end up with nonsense like sites that only work with specific browsers.

So basically you hate Chrome with its myriad of non standard HTML and CSS extentions, and like Edge which has been far stricter about sticking to actual agreed standards. Right? Right?

h4rm0ny

Edge is my primary browser. It's fast, reliable and has a nice, clean minimal interface. It has an Adblocker I can install if I wish (I try to avoid that because I want sites to earn money) and the ability to turn off auto-play for videos (I use that because fuck auto-playing and audible ads).

It's got an excellent level of standards compliance and its existence is an important part of the marketplace. I fervently hope this is a false rumour and it is not going to become a thin skin on top of Chrome.

Huawei CFO poutine cuffs by Canadian cops after allegedly busting sanctions on Iran

h4rm0ny

Re: Canadians as puppets

The whole anti-Huawei campaign seems to be commercially motivated

Evidence for this is twofold. One is the clear and obvious financial motive to do so. If you can use your government to shut down your opposition, you do. ("You" in this case being a giant corporation).

Secondly, if they had examples of Huawai equipment containing backdoors, etc. then the simplest thing by far would be to publish them. Yet we've only heard people SAY "you can't trust them", never shown. Now to some extent there's an issue of protecting your sources but once you know something, retroactive proof by other methods is trivial. The fact that we haven't heard anything specific is damning.

h4rm0ny
Black Helicopters

Re: Should we be worried?

It could also be internal power plays in US politics. Trump's been aggressively pushing for trade re-balancing between the USA and China. China basically stalled until after the mid-terms to see how well the Democrats managed to pull the rug out from under him. The outcome of that was kind of "a bit, not enough" so now talks between the two nations are progressing again. What better way to sabotage that if you're an opponent of Trump (and he has many both outside the party, within the party and in - yes, I'm using the term - the Deep State (e.g. senior FBI)), than to have a senior Chinese financial executive arrested. It's easy enough to arrange, it doesn't even have to lead to a prosecution. It just has to cause public insult to the Chinese and make it look like Trump has "backed down" when she is released. It's a win-win for his opponents. Cui bono? Not Trump.

There's a tendency by some to think Trump is in total control and responsible for actions like this. In fact, I think he's riding the tiger right now with a LOT of domestic and powerful opposition.

China doesn't need to nick western tech when Google is giving it away

h4rm0ny

It was never theirs to give away.

Android was built on Open Source software. For the most part, Google couldn't make it theirs. However, that didn't stop them doing everything in their power to lock it down and shut out other people, all the while touting how Not Evil they were and using Open Source as a marketing point.

Google engineers have given a lot back. But in other ways the company itself as pulled some VERY sneaky moves to lock out others from Android. The following is a very good read on the subject.

https://arstechnica.com/gadgets/2018/07/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary/

Groundhog Day comes early as Intel Display Drivers give Windows 10 the silent treatment

h4rm0ny

Re: Win10 telemetry had one job. And it failed.

It's hard to blame MS for trying to force updates on non-Enterprise users. The overlap between those who would disable automatic updates and those who would complain about something not working on their systems is pretty much a 1-to-1.

If you want to have managed updates, that's really an enterprise thing.

Azure, Office 365 go super-secure: Multi-factor auth borked in Europe, Asia, USA

h4rm0ny

Re: I'm glad I'm a dinosaur...

The fact that I'm old-fashioned and non-collaborative, and regularly make locally-saved working versions of documents means I'm actually able to get on with things today, instead of scratching around and asking "well, what do I do now?!"

I did some work for a company where the (lone) Sysadmin managed to bork our entire network and consequently almost nobody could work. The director of the company came round and told people they should go home if they couldn't work and that they wouldn't be being paid for the lost time.

"I have local copies of my files," I promptly said and carried on typing. Others were a little more honest and left.

The company is no longer there, incidentally.

Microsoft Surface kicks dust in face of Apple iPad Pro in Q3

h4rm0ny

Re: Like a Ferrari than only runs on 20 Octane gas

"This is a shame, it looked like they were getting back on track after Win8"

I wouldn't read too much into their post. It's the sort of post that makes me question if they actually use Windows with any frequency. I run both GNU/Linux and Windows 10. Windows 10 has given me very little trouble.

h4rm0ny

Recently I visited the Microsoft Store on 5th Avenue and 53rd street in New York City, USA, and at least two salespersons indicated that the Huawei Mate Notebook is their best seller, even over the Surface Pro. Shows how reality can be harsh for Microsofties

What's harsh about it? Microsoft is a software company. They created the Surface device because they were tired of the race to the bottom by hardware vendors meaning Windows devices were always second place Macs in the public eye. The Surface was created as a standards setter for the rest of the industry. It's making money for Microsoft, no doubt. But it's real victory is that it created a market for decent quality Windows hardware. If that's sold by themselves, Huawei, Dell or someone else, MS still win.

h4rm0ny
Facepalm

Look, GNU/Linux is great and all that. And you're entirely entitled to speak for yourself on whether or not it makes a difference to you buying one. But the idea that they'd sell twice as many if you could install GNU/Linux is patently a load of crap.

Besides, GNU/Linux is included with Windows 10 these days. Just enable it like I have.

Bloke fined £460 after his drone screwed up police chopper search for missing woman

h4rm0ny

His explanation was that he saw police lights over the A47 and flew the drone over there in first-person view (FPV) mode, controlling it from his iPad, thinking there may have been a road accident

Any sympathy I might have had for this person vanished at the above. Someone who gets cheap thrills out of the rest of us' tragedies has got off lightly, imo. Hope he's learned his less.

Yikes. UK military looking into building 'fully autonomous' killer drone tech – report

h4rm0ny

Re: 'fully autonomous'

A machine, and the running threreof, is info-rich and entropy poor. It cannot, and will not, "take over" until it is capable of running it's entire supply chain.

Or until it learns to point guns at the humans who can give it what needs...

h4rm0ny

Re: MoD insists there will always be a human at the wheel

I'm therefore unable to see why this will "encourage and lower the threshold for the use of lethal force".

Three reasons:

1/ You can do it with minimal personal risk. A drone can kill without the user having to go anywhere dangerous. So a large scale shift to drone warfare entails increased use of lethal force. There are a lot of people who've been assassinated by drone strike in the Middle East who wouldn't have been if soldiers, planes or helicopters had to actually be sent there.

2/ Dispersion of responsibility. Some pulls a trigger that's an action on their part. Someone orders another person to kill someone, that's an action on their part. Declare an area "off-limits" or an "active area" and set some drones to patrol it, then it's suddenly the victim's fault when a drone acting within its parameters kills them. I speak in terms of how much deflection you can now throw in the press and courts, of course - not reality.

3/ A machine will kill anyone whereas a soldier may hesitate. Want to engage in actions on your own soil? Want to have a way to kill people without the soldier suffering PTSD over what they were made to do?

If you want to massacre hundreds of people, you traditionally needed hundreds of psychopaths. Missiles and ever longer-ranged fire reduced that. And with AI killing machines, you'll only need one psychopath. With a button.

h4rm0ny

Re: MoD insists there will always be a human at the wheel

On the contrary. They will do their best to spread out responsibility as widely as possible so that in the event of killing the wrong person (which is inevitable) it will be "an unfortunate outcome" rather than "Joe's fault." If there's an event that the public are really, really, really outraged about, and if everyone who is outraged isn't already shadowbanned, then they'll find some poor schmuck to throw to the wolves as a last resort.

Western Digital: And when I pull the covers off, behold as NAND becomes virtual DRAM

h4rm0ny

Well that's a great idea. Is it easy?

Brit boffins build 'quantum compass'... say goodbye to those old GPS gizmos, possibly

h4rm0ny

unless you were intending to shoot first.

Less of a problem than you might hope. The USA has been pursuing a policy of Nuclear Primacy for some years now. Nuclear Primacy is the capability to first strike so hard there cannot be an effective response. Long, but good, article on this:

https://www.foreignaffairs.com/articles/united-states/2006-03-01/rise-us-nuclear-primacy

h4rm0ny

Re: It's not a compass.

It's how you get a heading underground if you wanted to eg. dig a tunnel to France.

Why couldn't you use a regular compass to get a heading underground?

h4rm0ny

Re: It's not a compass.

Additionally, the threat of disrupting or hacking GPS that this addresses isn't just a theoretical one. This is how the Iranians captured a US drone some years ago. They flew another plane over the top of it and broadcast fake GPS signals to it causing it to think it was somewhere else and land.

Bruce Schneier: You want real IoT security? Have Uncle Sam start putting boots to asses

h4rm0ny

The easy way to avoid the problems with new TVs is to simply never connect them to your network. Then issues like security are nonfactors.

I considered that, but as alluded to in my post, that doesn't always work so well. I tried a Samsung 4K TV and every time I powered it on it would go through this registration rigmarole. You can say later, but not "no". I actually returned the TV because of all the "smart" functionality. I just didn't want the hassle and I didn't trust it.

Or, even better, don't buy a TV at all -- buy a large monitor instead and connect it to a media system.

That's not a bad idea, but a monitor of equivalent size is absurdly expensive and they tend not to have good viewing angles because they're designed for one person. I've considered a projector, though.

h4rm0ny

Re: 6 years (and counting) for a fridge

"@h4rm0ny is lucky, my £600 one lasted 3 before getting a leak and discharging the coolant. I was quoted £300 for a re-gas with no guarantee it would even work. It's now in landfill."

Name, shame and one-star review them, then. I'd like to know who to avoid next time I buy a fridge.

h4rm0ny

On the contrary, goods where large improvements have ceased, can and do have lifespans much more than ten years. My TV is a 1080p and ten years old. New technologies like HDR mean an upgrade would have some value, but it's not enough for me to have done so. My cooker is around twenty years old. My fridge is only six years old but there's nothing a new fridge would have that would make me want to replace it. What do all these things have that sets them apart from computers, tablets, et al? The technology has reached the point where you buy for reliability and long-term value rather than new features.

Which is WHY I haven't bought a new TV. Because any new TV that would actually be an upgrade is now saddled with cameras, microphones, an OS (usually based on that famously secure platform Android) and my faith in it still working, being secure and compatible with everything else a decade from now is in the low %. Ditto for any fridge with WiFi or heating system that insists on running from an app on my phone. They may be secure today. They wont be five years from now (let alone ten),

Bruce Schneier is quite correct (as he always seems to be). We have a time-bomb of crappy security waiting for us. I'm personally going to make my TV, Fridge, Cooker, Heating System last the next ten years as well. Hopefully by then I'll be able to buy a TV that doesn't flash "Create your account" messages every time I turn it on until I give Samsung permissions to access it.

h4rm0ny

Re: America always waits for class action suits

Do you really think IT security policies would be better under Hillary? I mean, ignoring them is kind of what she's famous for!

That amazing Microsoft software quality, part 97: Windows Phone update kills Outlook, Calendar

h4rm0ny

So that's what happened. I noticed I couldn't open Calendar on my phone - it starts to open and then just shuts down.

I really like the Windows Phone OS. I'm pissed off with Microsoft for dropping it. They may not have had as much initial success with it as they liked but it is a solid OS and ceding the market entirely to Google and Apple is a huge mistake. I've stuck with it since because I like it, but I'm going to have to get an Android phone soon just because nobody writes software for WP anymore.

Premiere Pro bug ate my videos! Bloke sues Adobe after greedy 'clean cache' wipes files

h4rm0ny

Re: Biz math

But if all that's on premises, you can still lose it all to theft or fire. At the very least you want it in a good fire safe. But then you're taking it out, doing your backups, putting it back in every day. And you know you're going to stick to that.

I would consider backing up to the cloud. And perhaps using something like <a href="https://www.boxcryptor.com/en/>Boxcryptor</a> for confidentiality if you choose.

HSBC now stands for Hapless Security, Became Compromised: Thousands of customer files snatched by crims

h4rm0ny
Unhappy

Re: it wont do the hackers any good...

What on Earth are they doing in a web app that means it wont run on GNU/Linux?

h4rm0ny

Re: regular password changes...

Without the token, they won't be able to steal any money, but they can still look.

And that's quite sufficient to cause a lot of problems. I complained to HSBC when they suddenly reduced their security and got one of the most patronising brush-offs I've ever had. I suggested they make the downgraded security ("which our customers love for its convenience, please install our mobile phone app") optional, but not a chance.

h4rm0ny

Voice authentication.

HSBC is the bank that decided Two-Factor Authentication was too much hassle for its customers and now only requires their dongle for things like setting up payments. You can login, view all sorts of financial information without it. They also, and this is the one that really gets me, are really pushing hard on voice authentication. Convince the machine you sound enough like the target and in you go!

If Shadow Home Sec Diane Abbott can be reeled in by phishers, truly no one is safe

h4rm0ny

"While fraudsters traditionally prey on the gullible and feeble-minded, their wicked ways have ensnared British Labour MP Diane Abbott."

What you did there, I see it! :D :D

But really, where do we rank this? Worse than her "Chaiman Mao did more good than bad" idiocy, her inability to perform a <= operation on numbers greater than a thousand? Honestly, she is not fit to be in charge of anything.

Macs to Linux fans: Stop right there, Penguinista scum, that's not macOS. Go on, git outta here

h4rm0ny

Re: "secure" boot is *EVIL*

Users can unlock it.

At least if it's Windows where, as the article states, a physically present user must be able to disable it to get Windows certification. That's been the case since the start. Secure Boot is a very valuable security feature.

It's Apple's version that's the problem.

Lucky, lucky, Westminster residents: Who better to look after your housing benefits than Capita?

h4rm0ny

Links.

If you're going to link to other people's articles as part of your own, can you at least make them publicly accessible ones rather than behind an FT paywall?

And whether you like JRM or not, I'm fairly sure he doesn't decide where he lives based on a £500p/a cost saving.

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

h4rm0ny

it's a bit like buying a dodgy toaster from argos. if it fails - your first port of call is Argos, not the toaster manufacturer.

If we absolutely must argue by analogy (which is usually just a way of moving away from the actual facts) then lets make your analogy better. In this case, Argos sold you a kitchen. You brought your own toaster and plugged it in yourself.

h4rm0ny

@FrogsAndChips Re: manage-bde.exe -status

You're using Windows own in-built encryption. The line "Encryption Method" will be whatever is reported by the disk if it's using that. And whilst the disk could say "AES 256" it would almost certainly more likely say something like "SAMSUNG blah blah blah blah".

h4rm0ny

Re: "Because MS was just blindly trusting them all, they have to take some of the blame."

It would be interesting to know if MS was testing and vetting SSD encryption from various vendors before approving BitLocker to utilise it, or whether they were just allowing any device that stated that it supported hardware encryption to go ahead. If it's the former, their testing clearly could have been better. If it's the latter, it's a major risk if Bitlocker is allowing untested and potentially insecure hardware encryption to take the place of its own encryption capabilities.

Microsoft could well have tested this and still not found the problem, because the problem isn't with the encryption itself but an exploit on the attached password system. Nothing to do with AES. And these things have been out in the wild for a long time before this vulnerability has emerged and used by far more than just Microsoft. Microsoft is not everybody's parent. If someone plugs in hardware that later turns out to have a vulnerability, MS are not going to tell you at the time you can't use it.

h4rm0ny

Re: This explains it

Ahh, so that's why sometimes they have 2 people bashing at the same keyboard, to increase the typing speed.

Always a favourite: https://www.youtube.com/watch?v=u8qgehH3kEQ

h4rm0ny

Re: Perhaps its just as well

So I've ended up with bitlocker using SW encryption. I suspect there are ways around that too, but the customer who's paying the bill insists on bitlocker on the PC.

Well if you know any you should contact Microsoft for a hefty bounty. Bitlocker is very good. The only way "around it" that I know of is if you store a copy of your keys with Microsoft for disaster recovery, which is optional. Basically, if you want to guard against thieves and competitors, it's fine. If you want to guard against the FBI or CIA, keep the keys local (or don't keep a backup at all!).

h4rm0ny

Re: Really?

You turn on full disk encryption in your corporate standard enterprise grade Windows operating system and it actually doesn't bother but just trusts the unknown crappy made in China hardware encryption.

Just the same as it trusts your TPM module or the security certificates you've installed. Because that's normal. BitLocker DOES allow you to CHOOSE whether or not to use the drive's own on-board encryption. Which uses the same standard algorithms that others use so seems reasonable. If it defaults to using them well, they offer lower energy usage and a smaller performance hit. You can't really blame Microsoft for believing the hardware does what it is supposed to.

Also, Samsung are Korean and their SSDs are generally considered to be industry leaders by most reviewers. Not exactly "crappy Chinese hardware" as you call it.

If anyone wants to quickly check whether their system is using their drives own hardware encryption, run "manage-bde.exe -status" from the command line as administrator. It should say for the encryption method if it's using the drive's.

Which scientist should be on the new £50 note? El Reg weighs in – and you should vote, too

h4rm0ny

Write In Option:

Charles Babbage AND Ada Lovelace.

30 spies dead after Iran cracked CIA comms network with, er, Google search – new claim

h4rm0ny

Re: Hmmmm, 2008, 2010 and 2012

>>"Did he actually ever change anything for the better?"

Well, he managed to spend around $10bn on an healthcare website which didn't work, so he made things better for somebody.

h4rm0ny

Re: Kim Philby

>>In other news.. is it just me or does American foreign policy seem recently like it was borrowed from episodes of Futurama?

Well Trump hasn't:

1/ Funded ISIS and Al-Nusra as Obama did (proven and admitted before you click downvote).

2/ Campaigned for and achieved the bombing and destruction of Libya as Hilary Clinton did (see above).

3/ Is actually willing to engage in dialogue with Russia.

4/ Has managed to bring North and South Korea to the negotiating table for the first time in forever. (credited to Trump by many, including SK's Foreign Minister).

So to answer the question? Honestly, US Foreign policy is a step up from where it was, imo.

Cray's pre-exascale Shasta supercomputer gets energy research boffins hot under collar

h4rm0ny

Major win for AMD

To get such a major and efficiency and performance critical project swapping to use AMD's Epyc line (essentially the Pro version of Threadripper) is a big PR boost for AMD. A project like this really knows what they're doing so if they think AMD is the way to go, they undoubtedly are right.

US Republicans bash UK for tech tax plan

h4rm0ny

China trade wars.

We'll likely see trade negotiations between China and the USA suddenly start moving again before the month is out. They're waiting for the results of the mid-terms. If the Republicans do well then China will shrug and start making some concessions because Trump's not going anywhere. If the Democrats surge then China will push harder because Trump will be politically very insecure. Either way, the deadlock is in large part because China is waiting for 6th of November to see how strong a hand Trump has to play.

Top AI conference NIPS won't change its name amid growing protest over 'bad taste' acronym

h4rm0ny

Re: It was a fair vote!

I call Crap Analogy time. Big difference between being eaten and not thinking a simple acronym is denigrating you. If it spelled out the N-word or something, sure - because that's extreme and looks contrived. But this is not.

Other way your analogy is bad is that the chicken in this case (political feminists) is pretending to speak for women as a whole. But most women are far smarter than to be offended by this. All chickens don't want to be eaten. Most women do not identify as feminists. Not in the modern sense.

h4rm0ny
Flame

Re: TWTAs

On the contrary, I think less of anyone who needs the name to be changed because "NIPS" upsets them. These people are over-sensitive ideologues just looking to be offended. They lose the respect I would give them by default through their behaviour. Ditto for those Californian politicians who have tried to get the terms "master" and "slave" removed frim computer terminology and feminist campaigner Adria Richards getting two developers fired because she overheard them making a joke about 'dongles'.

Some people you don't kowtow to. You tell them to grow up and stop trying to invent sexism and racism where there isn't any. Give them power and they'll just move on to policing the next piece of language. Fuck 'em.

UK.gov to press ahead with online smut checks (but expects £10m in legals in year 1)

h4rm0ny

unless things like VPN's and the like are banned in the name of protecting the children.

Shhhh! Don't give away stage two!

EDIT: Seriously, that really is stage two. First, make porn illegal under the right circumstances (i.e. without verification of identity - the only way you can check someone's age). Then say "people are still able to access porn illegally. How can we stop this?" It's not that I'm pro-porn (though it's people's right if they wish). It's that I'm anti- Government having the tools to destroy privacy.

h4rm0ny

It will achieve one thing. It will push those seeking soft porn and normal porn to rub shoulders with those trading in the more hard corn and violent porn.

Sync your teeth into power browser Vivaldi's largest update so far

h4rm0ny

Re: Tiled tabs are useful here

Are you a Mad Scientist? 'Cause you sound like a Mad Scientist.

Fortnite 'fesses up: New female character's jiggly bits 'unintended' and 'embarrassing'

h4rm0ny

Re: True, that's why it's *not* realistic

She looks like an Old West character. If the objection were about what's "competitive" they'd have critiqued the large rucksack and cookware, don't you think? Not a lot of sports bras in the Old West.

As to adding bouncing genitals to male characters and having male characters be naked and at full mast, you're being absurdly over the top in trying to criticize this.

h4rm0ny

Re: Rumor has it

Some of us very much. :(

h4rm0ny

Re: ... for various meanings of 'realistic'...

Disagreement is with your last line stating it was dumb to have non-rigid breasts and possibly with the implication that there's something immature about enjoying a sexually attractive character. I think that's the source of your downvotes.