Forgot your password?
typodupeerror

Comment: Re:If you can't do, sue! (Score 1) 50

Most of the world knows that security is fleeting, and those that deepend on the law to preserve obscurity is the fleetingness of all. Do they not even consider that citizens of nations that don't give a shit about legal protections are the very people their customers need to be protected against? These companies should be paying rewards to anyone who can defeat their protections, not punishing them.

Aside from pure cultural dysfunction (of the sort that causes even some software companies to threaten the people who do free security testing for them, and even offer them time to fix bugs before releasing the proof of concept), the issue is that HID and friends are closer to locksmiths than to software companies.

RFID (and non-standardized but conceptually similar contactless short range RF fobs and slightly longer range button-cell-powered keyless entry systems) tends to be painfully computationally limited, since the tags need to be cheap and need to work on a tiny power budget. The older ones are even worse, of course, since they had less efficient silicon fabrication options to work with. For the same reason, such devices aren't usually little microcontrollers with flashable software; but mostly or entirely fixed-function implementations of crap proprietary crypto systems. Depending on when the corresponding card readers and access control stuff was installed, and what the customer picked, those parts of the system may also be hard to upgrade without ripping them out and replacing them(and, since this is a physical security issue, the readers are more likely to be embedded in walls/bolted to stuff/otherwise tied down and hardwired, so it won't just be swapping out a bunch of desktops.

Because upgrading in-software/firmware is often difficult or impossible, and upgrading involves ripping out hardware that was supposed to have years of service life, HID and friends really don't want to hear about it. They'd much rather just try to tamp down public awareness of the issue, hope that there are no high-profile breaches of customers capable of suing them, and pretend it isn't a problem until the flawed parts have aged out.

As much as it's a repulsive, dishonest, and definitely-unworthy-of-support-by-the-courts tactic, it must be admitted that plenty of known-broken lock designs continue to more-or-less do their jobs (if attackers are still forcing doors rather than just picking locks, the lock is apparently still effective) for years after their weaknesses become public knowledge, so it is entirely probable that various HID access fobs will quietly age out without any major incidents. No need to threaten the researchers about it, though.

Comment: Re: Most hated character flaw (Score 1) 50

Incidentally, while iced coffee is refreshing and invigorating, you can also get refreshing and relaxing by icing irish coffee. I don't think I've ever seen the option on a menu; but I was pleasantly surprised by the effectiveness of the experiment; and a place that offers irish coffee will usually be willing to put some over ice on request.

Comment: flush with cash (Score 1) 43

by roman_mir (#48192625) Attached to: Rumor: Lenovo In Talks To Buy BlackBerry

The Chinese have so much productive capacity that they managed to accumulate gigantic piles of cash that came from the West and obviously they can't do anything with it except buy Western businesses. This is accelerating as expected as the Chinese are trying to get rid of their foreign cash reserves in exchange for solid assets. Soon enough the equation will balance itself out, when the Chinese have all the productive assets (real capital) and the rest of the world will be supplying cheap labour.

Comment: Re:Ho-lee-crap (Score 1) 250

by MightyYar (#48190657) Attached to: The Largest Ship In the World Is Being Built In Korea

It's probably true, or based on something true. A lot of those old processes were very dependent on the mix of impurities at a certain location... you could only make [sword/knife/dagger] using an ore from [some hill/bluff/valley]. They didn't know that at the time, or if they did they had no idea why.

Comment: Re:Where should I apply? (Score 2) 170

by MightyYar (#48187325) Attached to: Developers, IT Still Racking Up (Mostly) High Salaries

Depending on where you are employed, government jobs also give you a pension that would be worth around $1 million if you had to buy it as an annuity.

I assumed a retirement age of 55 after working for 30 years to get your full pension. I assumed your salary would not increase over time and that the annuity would track cost-of-living. I assumed half-salary upon retirement, for life, with a spousal benefit upon your death. These assumptions are very conservative and probably seriously understate the real value of the pension, especially if it includes a health benefit.

Comment: Re:Ho-lee-crap (Score 1) 250

by MightyYar (#48187127) Attached to: The Largest Ship In the World Is Being Built In Korea

Wow, cool site. Check out the column from 1939, which is the year Germany invaded Poland, to 1945 when the war ended:
Battleships: 15 to 23 (not amazing, but still impressive given their utility to expense ratio)
Carriers: 5 to 99
Cruisers: 36 to 72
Destroyers: 127 to 377
Frigates: 0 to 361
Subs: 58 to 232

And that is while taking losses the whole time!

Comment: Re:Ho-lee-crap (Score 5, Interesting) 250

by MightyYar (#48186325) Attached to: The Largest Ship In the World Is Being Built In Korea

This is exactly right, and is why the US continues to build new nuclear subs at the slowest... possible... rate...

If you are a business, you want your capital returned as soon as possible. If you are a peacetime military, you just want to retain capability in the cheapest possible way. Totally different goals. During WW2, you saw the goals of industry and the military align, and it was kind of breathtaking.

Comment: Re:Eh (Score 1) 190

by fuzzyfuzzyfungus (#48185043) Attached to: The Woman Who Should Have Been the First Female Astronaut
At this point, I'd be tempted to make any would-be astronaut pass the 'n months in standby and hard vacuum before the signal from mission control wakes you up' test, because Our Robot Overlords have gotten considerably better; but it'd be no worse, and possibly better, than the John Glenn launch a few years back.

Comment: Re:That's absurd, aim your hate cannon elsewhere. (Score 3, Interesting) 303

by fuzzyfuzzyfungus (#48183517) Attached to: If You're Connected, Apple Collects Your Data

People love to hate Apple. It's a thing. Also, is there any evidence this data is not anonymised by Apple?

'Anonymised' is mostly a weasel word. It isn't always impossible; but the more interesting the dataset is, the more likely it is that there's a clever re-identification attack with good odds of success. If you are serious about preventing those, you tend to have to nuke the data so hard that they aren't of much interest anymore.

Unless robustly demonstrated to the contrary, it's an essentially worthless claim.

Heuristics are bug ridden by definition. If they didn't have bugs, then they'd be algorithms.

Working...