Re: I was looking
For better obfuscation, use self modifying the code for the exit condition like Mel did.
1610 posts • joined 19 Oct 2007
"Akin to real life, when looking for car keys. If they are on the desk right in front of me, I don't spot them."
Hold some imaginary car keys, insert into an imaginary lock and twist. The real car keys will magically appear. This trick will work for any distinctive tool that you have recently seen without noticing.
Not keeping backups of valuable data.
Expecting a class action lawsuit to do anything other that provide jobs for lawyers.
keyboard: /dev/input/event$(grep -l keyboard /sys/class/input/input*/name | tr -d a-z/)
For those not technical enough to understand, the names of all the input devices (power botton, lid switch, ...) are available in pseudo files. I used grep to find which file is the keyboard and tr to extract the device number so I could generate the file name of the number of the keyboard device (In real life I would use the head command to pick out the first keyboard).
Unix has plenty of tools to fiddle with text files. When the kernel presents information as a text file people with a minimal understanding of technology immediately get a whole tool box full of toys to do whatever they want with that information without having to create one-off applications for every simple task.
Even Windows has (had?) something of the kind. A create a file called PRN in any directory and write some text to it, and it comes out the printer. You can do similar things with CON (the console) and AUX (the serial port). (I have not used Windows this millennium, so I do not know if these security disasters are still alive.)
More likely the link would be with the outsourcing company he had dealings with before. First make the outsourcing deal, then hire KPMG to say it is a good idea to sell it to the boss.
Have Microsoft and Apple recently pointed and their new UK tax bills and said they had to pay much more than Google?
A patch was proposed as a joke get the driver in the Linux kernel sources to match the behaviour of the FTDI driver. That patch was not included, but a patch to detect and use bricked chips was included.
FTDI distribute binary drivers for Linux. If somebody actually uses those drivers and got burned it did not cause headline news on the internet.
The license for the FTDI driver includes a clause saying the user gives permission for the driver to break counterfeit chips. IANAL, so I do not know if it proects them from the computer fraud and abuse act. (Note to Windows users: read the EULA. If it is 5000 pages long, you can be certain 4900 or those pages are there to hide something you will regret later.)
Last time alternative actions FTDI could have taken were proposed that did not take reality into account. FTDI chips keep there USB product ID in a mask ROM. The counterfeits keep them in EEPROM. To spot the difference, you have to command the chip to write to the EEPROM. This does nothing to the genuine chip, but EEPROM can only survive a limited number of erase/write cycles. At this point, you have to decide what to do. You could write FTDI's numbers back again, and after about half a million reboots the EEPROM will not be capable of storing some product IDs. You could leave a predictable number in there, and the device will work with the open source Linux driver. The new plan appears to be to leave a random number behind. What Windows (or Linux) will do next will depend on if the new numbers match a device known to the operating system.
... the difference between PCM and XPoint is the same as the difference between software patent and computer implemented invention.
'I, Robot' (the book) is a collection of short stories. There are more stories in the same setting in 'The Rest of the Robots'. Towards the end, the robots take over - not in an action packed bloody revolution, but so subtly that only about two people notice (IIRC one of them is Dr Susan Calvin). Hollywood make action movies because they are profitable. If you are one of those weirdos who like fiction that gives you something to think about, read a book. I enjoy both types of entertainment, and luckily the film and the short stories are so dissimilar that neither is a spoiler for the other.
'Blade Runner' and 'Do Androids Dream of Electric Sheep' are also massively different. I prefer the film, but the book does explain why Tyrell has an owl.
If you put the seat back 3", can you still put it in to first gear without help from a passenger?
After the above, criticising users for not thinking is a little mean, but after: "Mouse not detected. Click here to change" the word hypocrisy springs to mind. Imagine how much users would laugh at us if someone programmed computers to put the clocks back one hour on the last Sunday in October at 1:00am _local_ time.
There was a time when the BIOS was stored in a chip in a socket. You could pull the chip out, put it in your EEPROM programmer and compare it to a known good image. Back then EEPROMs were so small that you could not hide anything complicated inside them.
These days, you can fit a few operating system kernels into the boot flash chip. Enough space to hide the real contents and present a white-listed image to high level software. The chip is soldered down, so your only real hope of finding out what is actually inside is via JTAG.
If only the CPU had enough on-chip ROM to boot from micro-SD, and did not require over a GB of secret binary blobs to do anything useful.
There is a similar story about the true command. The old version was an empty file. The operating system looked at it, decided it had been told to do nothing and recorded the result as a success. Unfortunately, someone was tasked with adding copyright notices to all the scripts ...
To understand what is going on, you need to know about inodes. inodes contain all sorts of information about a file like size, where it is stored, creation date, permissions, owner and group. The fun thing that an inode does not contain is the file's name. A directory is a list of names and inode numbers. An inode can have multiple names by being referenced from different directory entries. You can create another reference to an inode with the ln command. The rm command removes the directory entry, and reduces the reference count by one. If the reference count reaches zero, the space allocated to the file is returned to the free space list and the inode is marked as unused.
When omxplayer opened the file, the reference count for the inode was incremented. When you rm'ed the file, the reference count remained above zero until omxplayer finished playing the file. This also explains how rm can delete itself, the C library and just about anything else that you thought would cause your computer to crash promptly if you deleted it.
Libre software provides a huge selection of wheels available for free. There is no excuse for re-inventing them. Imagine a couple of logos available for IoT makers:
Logo1 means the device may contain security flaws and spyware which are a real pain for anyone but the manufacturer to correct. Updates might be available from the manufacture until he decides it is time for you to buy a new device.
Logo2 means the device may contain security flaws and spyware which can be corrected by any competent programmer. Updates might be available from any of competent programmers paranoid enough to check the source code.
A couple of decades ago, hunting for a device that deserved Logo2 was hard work, and at best gave you a very limited choice. A decade ago, you could buy routers with openwrt. These days you can buy drones with ArduPilot and children are making their own toys out of raspberry π's. There is still life in Logo1, but a decade from now I think it will be sold to only to governments because no-one else would be that dumb.
The idea of FinFETs has been around long enough for the patents to expire. When process shrinkage made FinFETs worth the effort, Intel called them 3D-transistors. I assume Intel's PCM will get a new TLA so it can be covered with fresh patents.
When I buy the right to listen to some music it makes no difference to the musician what technology I use to listen to that music. The musician has not lost anything, so the correct amount of compensation is 0. That was the government's clearly stated reason for the lack of compensation from the beginning.
Thanks to this ruling, we must now fund a quango to calculate how much each musician deserves and not pay them because the research ate the entire budget to arrive at a long list of zeroes.
Time for Orlowski to demonstrate the value of a compensation scheme. Lets see financial details of the existing compensation organisations: how much they collect and the amount - if any - that reaches musicians directly and not spent on their behalf on tasks like pointless litigation and lobbying for more pork.
There was a plan called Sea Dragon. Unlike most rockets, Sea Dragon was made of thick steal and used simple brute force engineering. The idea was to launch it from the sea, and recover it for re-use after it crashed back into the sea.
If we really want cheap space travel, we should re-invent the NERVA engine.
#! /usr/bin/env python3
from functools import partial
seq_7_10_13_16_19 = map(partial(int.__add__, 4), range(3,18,3))
If your only tool is a hammer, all tasks start to look like nails. Functional techniques are handy tools. Some languages provide a wide selection of tools without straining the syntax. Very often, you do not get a choice about the language. I think it is worth looking at how functional techniques are expressed in the language you are stuck with. If a task can be completed clearly and concisely with functional programming then you should not hammer the screws in.
Intel will not be any good at cheap CPUs until selling a cheap CPU does not replace the sale of an expensive one. That day is clearly coming, but until then, I will be sticking with ARM and MIPS.
They must mean Digital Llama Radio.
Beat me to it, but I was going to go with:
genisoimage -r /embarrassing/secrets/ | wodim dev=/dev/dvdrw speed=1 -
Richard Chirgwin's "sudo cp -R * /dev/DVD" has multiple problems.
If his account does not have access to the current directory, * will expand to *
sudo does not do shell expansion as the target user by default, so cp will be instructed to copy a file or directory called *
If * does not exist, cp will complain.
If * exists and is a file (or * expanded to one name), it will be copied to the /dev directory, and will be called DVD. (These days, /dev is tmpfs, so the file will end up scattered all over the swap partition)
If * exists and is a directory (or * expanded to more than one name), cp will complain that /dev/DVD does not exist.
/dev/dvd is the default DVD-ROM. These days, DVD-ROMs are rare, and /dev/dvd will probably point to the same place as /dev/dvdrw.
I am not sure what copying a file or directory to /dev/dvdrw would actually do. I hope it would cause a meaningful error message, but if not, I have confidence that recovering any data from the DVD would be a really unpleasant task - if possible at all.
I think it is possible to mount a re-writable dvd with a filesystem, and copy files and directories to the moint point. When I read about this (over a decade ago) there was a warning about packet writing being really slow. In real life, you were better off generating an ISO image and asking wodim to transfer it to the DVD as slowly as possible (x1000 speed DVD players and x10000 speed disks were marketing numbers and had to be treated as slightly less reliable that a statement from the home secretary.)
It means that cheap, fire hazard batteries can be sold at almost the price of safe ones if the manufacturer / distributor sticks on a label marked 'UL 1642'.
Petrol catches fire easily and can explode. Easy to fix: replace petrol with wax cubes containing water. Your car can puncture the cubes one at a time to let out the water, then burn the wax in a steam engine. Perfectly safe. If there is an accident that dumps the contents of the fire box onto the fuel, sufficient water will be released to put out the fire. As an added bonus, the fuel weighs so much that the top speed of a car is unlikely to be much above walking pace and that will reduce the number and severity of accidents. The maximum altitude of aircraft would be reduced to a few centimetres (think hovercraft) so aircraft would no longer be able to fall out of the sky.
The big advantage of petrol is that it contains lots of energy with little weight. Over the years, the energy density of batteries has improved to the point that they can be used in situations that used to require petrol. The down side is that such useful batteries require precautions similar to petrol to avoid fires and explosions.
Not just that, glass to the edge of the device, icons arranged in a circle, and the colour black. It is as if they did not know Steve Jobs invented the watch.
If they are aiming for media PC, then they need to compete on price with a Pi. I agree about the lack of ethernet. Things that run on batteries are allowed wifi. Anything chained to a power socket loses nothing and gains sufficient to get an ethernet connection.
To actually use this thing as a computer, it will need a keyboard and mouse. From what I have seen of CEC, it can barely send key presses from the TV's remote to a device made by a different manufacturer. One day, you might be able to buy IRDA mice/keyboards, a TV that forwards IRDA to HEC, a graphics card that presents HEC as a network interface to the OS, and configure the OS to look for a keyboard and mouse on a network interface. In real life, your choices are bluetooth, USB, or 'Keyboard not detected, press F1 to continue' + 'Mouse not detected, click here to change'.
Does anyone have a use case that requires a bigger CPU than a Pi controlled via a TV remote control?
As is: the stick is bigger than an HDMI cable, so if it fits at all, it may block other HDMI ports. Behind the TV may get Wifi reception, but it is a bit far for bluetooth and useless for infrared. The USB port is pretty much restricted to a small, permanently attached memory stick or you end up with another cable tugging the device out of the HDMI port. The weight restrictions mean the undersized heat sink needs a fan.
The only practical way to use this thing is with an HDMI extension cable. If the CPU went in the power supply, all those problems get fixed at once. That just leaves justifying over double the price of a boxed, powered Pi with an SDHC card.
I might just about tolerate a tax, but only if it is for the £250M. The politicians that vote for this useless rubbish should be made jointly and separately liable for the shortfall, and for damages and compensation to every terrorist's victim when an explosion was not prevented by excessive spying.
My old 1GB laptop had more than enough memory, but got retired when I could no longer get replacements for all the worn out parts. The new one has minimum RAM: 2GB. Two thirds of it simply buffers some of the contents of a ridiculously fast SSD. I have to replace the desktop today. A Pi 2 only has 1GB, so I might end up using over half the RAM quite often.
The first RAM upgrade I did involved pushing 16x 16Kbit chips into all the empty sockets. I think there has been plenty of progress.
Flash devices need more internal capacity than the number printed on the outside. They need a map of logical to physical sectors that has to be stored somewhere. They need to keep track of how often each block has been erased. Some sectors do not work on new chips and some will fail while in service so there have to be spares. Finally, the ware levelling algorithm can make better choices if it has lots of unused sectors to choose from. I have found devices where the capacity of the chips add up to 50% more than the advertised capacity.
There used to be a problem with second hand chips. Old devices were recycled leading to new devices that started with a large number of bad sectors, and those that did work had already gone through a large number of erase cycles. Under provisioning is still popular. The device will work fine if you only use a quarter or perhaps a half of the nominal capacity.
A full format that writes zeroes to all the sectors not used for filesystem metadata will identify many under provisioned drives. Some of the more cunning drives will try to identify the file system, and forget the contents of unallocated sectors to increase the pool of available blocks (or to hide under provisioning).
If 90% of your drives survive a full format then you have found a supplier who works hard to detect and demand money back for under provisioned drives before they reach customers (or you picked a file system type supported by some excellent firmware).
Using dd like 1980s_coder is close to a good answer. Drive firmware is likely to avoid storing duplicate data, so half a sector might store all the zeroes, and a few more would map lots of logical sectors to that compressed sector. For a while, some of your illegal porn and bombing plans will be stored on blocks scheduled for erasure, and the firmware will get around to that in due course.
I would love to use the trim command. The latest versions of the SATA, SDHC and USB command sets all include trim or an equivalent. SATA support is common and it even works on some devices (modern Linux kernels have blacklists and whitelists). A few USB devices claim to support trim. I have yet to come across a USB enclosure that forwards trim commands to a drive.
I like to write a sequence of random numbers to a new drive, and try to read them back. That spots under provisioning. Two or three complete drive writes of random numbers will probably erase my terrorist plans. One day deleting a file could result in trim commands that are promptly and reliably obeyed, but for the next decade, the only secure erasure strategy I have real confidence in is fire.
CVE counts have been used for manufacturing headlines for well over a decade. Mr Chirgwin did point out that their are many problems with just taking the numbers without thinking, and points out some of the reasons why. As alien overlords appear to stop reading after a few sentences, I'll slip in a disclaimer about selecting a conclusion first and arrange the figures to match for the following flame bait:
Windows YYYY Server gets worse with each release: 2003 has 23 CVEs, 2008 has 149 and 2012 has 155.
Windows 8.1 comes with Internet Explorer, and MS Office is typcally installed for a total of 422 CVEs, putting it top of the list.
Last time I saw figures like these, a number was quoted for Linux by adding CVEs for each distribution. Ubuntu+Debian+Opensuse+Fedora is 422CVEs. Add in a few less popular distributions, and Linux becomes top of the list.
If the last one had you giggling, cvedetails have a chart of total vulnerabilities by vendor. Adding CVEs for all the versions of the top 50 MS products together gives 1590 CVEs.
The only frightening thing I can see about the alien overlord is he has not noticed that programmers are well aware of how these numbers are abused. Apparently someone has bought a bunch of
articles adverts that take these numbers seriously. Writers for The Register know that the vast majority of commentards will not be impressed by such rubbish. Even Orlowski didn't try to run with this.
Taken from a quote from Elon Musk about electric car batteries. That was probably an unusual situation, but it was reasonably reliable number found with a minimal internet search.
A few years ago, batteries got about 20% extra capacity per year while the price dropped 20%. These days, the capacity figure is closer to 5% per year. The price reduction is harder to estimate because battery prices are now mixed in with fire bomb prices.
Physics limits battery energy density to about three or four times what you can buy today. Electric motors are about 80 to 90 % efficient, so room temperature super conductors, magnetic bearings and all possible advances in tech only get you another 25% at best. The complete board is 10kg. If we split that 50/50 for batteries and motors, and use magic massless motors, we can double battery weight and get to a theoretical limit of almost an hour in the air.
The big problem with the hover board design is it moves a small area of air very fast. You can get the same thrust for less power if you move a large area of air slower. At a guess, the model jet engines mentioned above use low temperatures to simplify the design, reduce maintenance and use cheap materials. Engines on big aircraft push cold air through the inside of the turbine blades made from high temperature materials so they do not melt. This allows a higher combustion temperature, which improves efficiency, so better power to weight ratio and less fuel used.
If you design a small turbine with similar features to a big aircraft engine and use it to spin a big propeller, you get a
helicopter hover board that can fly for hours with existing tech. (Also requires a pilot's licence, regular maintenance and a really big bank balance).
The specs we have for the electric product are 10kg board, 80kg passenger and 200kgf of thrust. I will assume that the average thrust is 90kgf, but that it is distributed unevenly among the fans to keep the board from flipping over.
The jet proposal has 8x 52lbf of thrust for a maximum of 189.1 kgf. If we assume the same 90/200 ratio to keep control, the mass of board + passenger must be reduced to 85.1kg. The jet engines require 25oz/minute of fuel each at full power. Scaling that by 90/200 because the engines are not set to full power all the time, six minutes of hovering time uses 16.34kg of fuel. Lets call that 8.17kg because the fuel tank starts full and ends empty. The engines are 2.51kg each. If we allow 0.34kg to provide a surface to stand on, and hold the engines and fuel tank together then we are down to 57kg for the passenger.
To match the electric product's 80kg passenger, we need 12 jet engines weighing 30.1kg and costing $51,540. Also 23kg (7.5 US gallons) of jet A1 1-K aviation fuel per 6 minutes of hovering. As well as burning a hole in your wallet, the jet's exhaust is 750°C, so it will burn your house down if you ride it indoors.
Every time I have dismantled a disk, it has been held together with screws (I have not tried one full of helium yet). There are plenty of processes making and populating PCBs that could leave a smell, but none of them are unique to a hard disk controller card. My first hard disk (320MB was big in those days - full height 5¼") had a packed PCB that was the full size of the device. These days, the disk is a quarter the area, and the PCB is even smaller.
Patents have already been granted for some medical procedures.
Will these ships become operational before they are scrapped?
Secure boot throws away any hope of security. Old style BIOS is sufficiently small and stupid that it cannot do much more than read and execute a boot sector. Secure boot is huge. The chances are that the copy you have is based source code released by Intel, with whatever additions the manufacturer's government insisted on plus two huge binary blobs from Intel big enough to hide something that can man-in-the-middle an ethernet port and provide remote exfiltration invisible from inside the computer.
Bit locker keys can be read by an external device via a 1394 or thunderbolt DMA channel. If all else fails, reset the machine and boot from an external device. The keys can often be found in memory left over from the previous boot.
Securing a computer against physical access by a rich and determined attacker is really difficult. Grub's password feature is only a significant barrier if you have covered all the other bases.
Some cases have intrusion detection switches. I can wire that to the erase CMOS nvram pin. Now I can close the case, configure the BIOS to boot, but only allow changes to the boot order with a password. Next up, enable grub's password feature so the boot options can only be changed with a password. Now encrypt the server's secret key and store the password for it in CMOS nvram.
The server's certificate is now more difficult to get at if the attacker has physical access. There are two more things you need to sort out: all USB ports should be disconnected (and wired to the mains). Also, add an X-ray detector and use it to trigger some thermite. (The police will first attempt access with a USB device, then take an X-ray to cut into the box without triggering the intrusion detection switch).
Now to actually use that grub password, you need a USB to PS2 converter inside the box, and use a bulkhead mounting PS2 connector to get the signals out.
... with a backspace key?
The whole idea of an embedded system is that it works without the assistance of a user. If grub is set to require a password on boot then after every power cut, some poor techie is going to have to trudge out to darkest nowhere, dismantle the box and solder in a keyboard before typing a password.
While we are looking at the past, why did the jury require Samsung to pay damages for a phone that according to that same jury did not infringe?
The fun thing with Dyson patents is to look at some history. A century or so ago, vortex separation was used in coal mines. Over three decades ago vortex separation was used in bus exhausts to reduce particulate emissions. There was a vortex separator at a sawmill where I worked long before Dyson invented the vacuum cleaner. Like everyone else involved in technology, I do not look at patents because they are obfuscated, obvious, describe antiquated tech badly and looking at a patent means triple damages for wilful infringement (and expensive nuisance litigation if you do something similar but non-infringing). So without looking at Dyson's patents:
Flywheel energy storage has been around for decades. The big advantage is the rapid discharge time, so to obvious uses are things like throwing aircraft off a carrier or powering a data centre for the few seconds between a power cut and the generators starting. There was a big step up in capacity per kilogram when people switched to composite materials. In 2004, NASA built one that could store 16kJ/kg. For comparison, super capacitors store 36kJ/kg, Lithium ion battery: 1800kJ/kg. Ham and cheese sandwich: 10130kJ/kg. The popular energy storage for a Mars rocket is Methane+Liquid oxygen which you can make from Mars's atmosphere if you bring a nuclear reactor and your own hydrogen. The resulting energy density compares well to a ham and cheese sandwich, so over 600 times better than a flywheel storage device built with an astronomical budget; eg: launch costs per kilo swamp the costs of expensive materials and expensive manufacturing processes.
If you are going to try flywheel storage for a Mars landing, the time to charge up your propeller is after you have slowed down enough that the propeller will not get vaporised by friction with the atmosphere, but while you still have enough speed and altitude for autorotation.
If Dyson were involved in space travel, I expect he would patent what other people are doing now and sue them when they start to make a profit.
There is a wide range of police training. This is not the link I was looking for. The one I wanted was much clearer. For example, the link I could find says thirteen officers get shot but does not say if that includes the 8 that shot themselves, or how many of those 8 were accidental shootings. At first sight, it looks like the police shot more suspects than bystanders but the link I wanted split the 24 dog shootings into suspects and bystanders. I do remember that according to the statistics the safest thing for the bystanders to do was to reach for a concealed weapon and look threatening - if the police aimed for you, they were more likely to hit someone else. The safest thing for the actual suspect to do was to stand next to a dog. Innocent dogs caught more gunfire than suspects.
Many police forces train their officers until they pass a test, then practice stops for lack of time and money. As a result, gun nuts who practice regularly are often better shots than an average policeman. I am all in favour proficiency tests for people who want to own dangerous tools. 'Police level training' is not a clear standard, and in some states it is dangerously poor.