ceced - Slashdot User

Comment Re:Finally some IoT cyber security regulations! (Score 1) 66

by ceced on Friday March 19, 2021 @11:45AM (#61175890) Attached to: The US Government Finally Gets Serious About IoT Security

Interesting, thanks. If I had one minor niggle (and yes, I know I can download the table ;-)) it's that the row headings aren't fixed, i.e. they scroll with the table, hence vanish when viewing countries in later columns.

Yep it's how GitHub converts Markdown tables. Very annoying with the horizontal scrolling too.
There's a PNG available and if you have time in hand, you can download the script to generate your own HTML file and augment it.

I will try to fix that and make the HTML available directly on GitHub.

Comment Finally some IoT cyber security regulations! (Score 2) 66

by ceced on Friday March 19, 2021 @08:20AM (#61175274) Attached to: The US Government Finally Gets Serious About IoT Security

Working in this domain since 2014, this is a step in the right direction! The best thing is that this bill targets all IoT systems, and not only consumer IoT.

However, it takes a very customer-centric approach, expecting that IoT manufacturers will follow NIST standards to get access to a huge pile of customers.
The NIST standards are quite good (NIST IR 8228, 8259 and its annexes): they use recognized principles for IoT security: a risk-based approach, secure-by-design principles, a baseline completed by sectorial requirements. But they are difficult to apprehend and I doubt a lot will change since many manufacturers don't sell in the US or only to individual consumers.

Other regulations follow a different approach: they target IoT manufacturers by making security requirements a condition to market access. These regulations usually have presecriptive requirements (no default password and secure update) or mandate the implementation of a standard (usually ETSI EN 303 645, a good complement to NIST standards). This is what Brazil, the UK, California and Oregon are doing.

Another trend comes from labels and certifications to inform customers on what they buy. Most approaches are based on ETSI EN 303 645 (again), probably to avoid seeing "yet another standard". This can be mandatory (UK) or voluntary (EU, Finland, Singapore, Australia).

In conclusion, IoT cyber security regulations are now a reality. I've always been in favor of self-regulation but it doesn't work. Just look at Verkada last week, they had a superadmin password giving access to all their customers' CCTV feeds. Let's hope things change for real this time.

If you are interested by this topic, I published a panorama of IoT cyber security regulations on GitHub: https://github.com/cetome/pano....

A Custom Objectionable Word List Ate My Homework 386

Posted by timothy on Sunday August 28, 2011 @08:31AM from the george-carlin-would-need-a-longer-list dept.

theodp writes "Among the first three schools using Chromebooks for Education is the Merton Community School District, which decided to go Chromebook after the Wisconsin Dept. of Public Instruction (WDPI) issued a news release (created using PDFMaker for Word) announcing that all Wisconsin schools can have access to Google Apps for Education by simply downloading a Google Consent Form (Microsoft Word format, oddly) from the WDPI website, completing & signing it, and submitting it to Google. And to help get the schools going, a separate Wisconsin Google Apps for Education website aims to jumpstart things with weekly webinars, the first of which — Getting started with the Google Apps for Education Control Panel — shows school officials how they can sandbox 'Naughty Students' and filter objectionable content. While Google illustrates how a list of 'custom objectionable words' can be used to flag and/or block students' e-mail with some cute examples — different spellings of 'booger' and a regex to block variants like 'b00g3r' — things get considerably nastier in the real world, as this NSFW custom objectionable word list used by the North Canton City Schools shows."

Comment Re:Funny/interesting addresses (Score 1) 243

by ceced on Wednesday June 08, 2011 @10:22AM (#36374624) Attached to: World IPv6 Day: Most-watched Tech Event Since Y2K

Actually it has "Facebook" (face:b00c), Cisco has "Cisco Dog Food" (c:15c0:d06:f00d), lunk.net.uk has "Boobies" (b00b:1e5) and BBC has "bbc" :)

MIT Finds 'Grand Unified Theory of AI' 301

Posted by CmdrTaco on Wednesday March 31, 2010 @11:57AM from the no-excuse-for-haley-joel-osment dept.

aftab14 writes "'What's brilliant about this (approach) is that it allows you to build a cognitive model in a much more straightforward and transparent way than you could do before,' says Nick Chater, a professor of cognitive and decision sciences at University College London. 'You can imagine all the things that a human knows, and trying to list those would just be an endless task, and it might even be an infinite task. But the magic trick is saying, "No, no, just tell me a few things," and then the brain — or in this case the Church system, hopefully somewhat analogous to the way the mind does it — can churn out, using its probabilistic calculation, all the consequences and inferences. And also, when you give the system new information, it can figure out the consequences of that.'"

Slashdot Top Deals