240 posts • joined 15 Aug 2008
Can you spell "a day late, and a dollar short"? My wife's credit card was compromised, and only becuase it was American Express was this caught. They have superior (to most credit card operators) fraud detection software, and caught this situation. She didn't lose a cent, and she has a new AMEX card as a result... Thankfully she did not use her debit card, otherwise she would have been out of some serious money!
The OS kernel is closed source
But it is VERY clearly documented. As it is a micro-kernel architecture and all applications and drivers communicate with the kernel via well-defined messages, this is not such a problem. After 30+ years developing QNX applications, I would rather write software for it than just about any OS, though its full support for the GNU compiler suite, POSIX, Eclipse, etc. means that most applications written for Linux/Android will port without much problem. I know, because I do this regularly - most of the time it is a simple recompile issue. FWIW, QNX wrote the CDT plugins for Eclipse, so if you use Eclipse for C/C++ application development, you can thank QNX!
Very good engineering
I have been a QNX developer since 1982 - I have serial number 0004. They have some of the best software engineers it has been my privilege to work with over the past 30+ years. FWIW, in the past I was an OEM of the operating system, and wrote a good bit of the TCP/IP code for the QNX 2.x OS so it could be used by the US Navy. So, it is not surprising to me that they managed this "hack". Kudos QNX!
Most users of this gear will not have any idea why their system has gone snafu, and a knowlegeable hacker will restore the system to a functional state pdq, so the user will likely be oblivious as to why their internet was down for awhile - likely that it was an ISP issue! Still, if the attack was done at an appropriate time (really late at night / early in the morning), then the target may NEVER realize that they were hacked, and only know there was a problem when they try to access the management web interface of the device at some future time. FWIW, I am a senior systems engineer at a major corporation, and have been working with many such devices over many years. I probably access my personal router's management interface once every 3-6 months...
@Eddy Ito: Yeah, the NSA and CIA (and other national TLA's) will have a field day with this! Now, just where did I put my Faraday underwear?
Removing the hard drive doesn't protect from BIOS/Flash memory infections. IE, a virus can be introduced into the computer firmware, and re-infect the system whenever it is booted, and it is virtually impossible (without special tools) to detect. We are seeing more and more of this sort of infection.
Learning, and doing
Different things. Use something like Oracle's Virtual Box to learn about VMs. Assuming you are running LInux or similar, use KVM (Kernel Virtual Machine) for production. I use VirtualBox on my Linux and Windows systems to run other operating system images (R&D or personal use), but if I need to run production systems, KVM is a better (more efficient) option.
Believe but verify!
To paraphrase Ronald Reagan... In any case, I wouldn't trust the US DOJ if they told me the Earth was round unless I got it in writing, certified and notarized, and then I have my doubts and would parse the wording of the document most carefully for caveats and loopholes. IE, never trust a lawyer, especially a government one!
Ah, the dangers of the uneducated that possesses a large vocabulary... sigh.
Yes, they were cheesy...
But they were sooo much fun! RIP Roger.
Another ACA snafu?
I suppose the developers of this web site were the same/associated with the fools who "developed" the Obamacare ACA (Affordable Care Act) web site here in the USofA?
Security and Ethics
I think Marlinspike has some good points; however, I think that Lavabit (Levison) provided a reasonably secure service, and the fact that Levison was willing to shut it down instead of compromising his customers says a lot about him as a person. Yes, his service could have been more secure, such that even with his own keys, the lock could not be picked, but to my mind, that is beside the point of this exercise.
Bringing it back home.
I was born in Oakland, but my family and I lived in Richmond back in the late 1940's until we moved to Nebraska in 1951. I feel for this family - losing a son at such an age is a tragedy. That the police have not found the perpetrators of this crime is a travesty of justice. I agree with the victim's father that the Richmond police should make sure that this case does not go unclosed much longer.
64-bit memory space
With 32-bit systems, this was an insurmountable problem. With 64-bit ones, it is a matter of memory mapping of the GPU memory into the CPU's virtual memory space. In truth, this is not a difficult problem, and the fact that it hasn't happened until now is not a "cudo" to nVidia! Although, I will admit that the issues are more likely business process related than anything else, and those are always more difficult to overcome than the merely technical!! :-)
It's a sales opportunity!
I think that soon Colorado will be the world leader in the sale of Ozium!
So, where did I put my QEMU 6502 emulator? :-)
And who'd of thunk it?
Ironically, my father's sabbatical on Maui also coincided with another solar max period - no wonder the corona photos are so incredibly awesome! I'll have to scan a couple of them and post here for all to marvel. :-)
FWIW, we spent a year in Britain in 1962-1963 while he worked on a Guggenheim fellowship there. I spent the year at Dulwich College (4th form), and got to meet, amongst his many friends in the physics and astronomy universe, people like Fred Hoyle.
Neat, and thanks!
My father was an astro-geo-physicist from the 1950's until his passing in 1991, with a specialization in the solar corona and interplanetary fields. He even presented a paper at the IGY (International Geophysical Year) conference in 1958 in Russia. I have preserved some of his awesome solar corona photos taken during a sabbatical at the Mees solar observatory in the crater atop Mt. Haleakala on Maui (1969-1970). Thanks for the reminder! :-)
Re: The ultrasonics bit sounds like utter cobblers to me.
Never heard of using a speaker as an input device? :-) You need to do some serious review of current audio system technology... Also, who uses the case speaker any longer? Even laptops have cone speakers for the most part, in order to get some sort of dynamic range out of them for audio reproduction. They may be piezo instead of magnetic driven, but that belies the point. An electric pulse/current can drive a piezo device, but causing the vibration of a piezo device from an outside source will generate an electric pulse/current as well. They are superbly bi-directional!
On my workstation at home, the only time the in-case speaker is used is for the diagnostic beeps on start up. All other audio output is via the HD audio chip set on the motherboard which drives a pair of Bose speakers. :-) Nice sounding ones they are, too!
FWIW, I have been doing serious cross-platform coding for 30+ years (including boot-loader and BIOS engineering), and with todays' systems, this sort of attack is a lot easier to accomplish. Not simple, for sure, but not impossible, and I could probably do it by myself in about 6-12 months of 100% effort. Of course, my wife would probably kill me after about 3 months, so it may be a moot point! :-)
Just too possible!
Everything that I have read about this (and it is a considerable amount of stuff) is well within the realm of possibility. This is a respected security researcher, and unless he is playing a REALLY bad Halloween joke on us all (unlikely in my opinion), this is something to be wary of! FWIW, at work I disable my speakers and on-board microphone, and only use a USB headset. That won't completely block this sort of attack, but it will make it more difficult.
Picky, picky, picky... :-) I read it as Supercalifragilistic...
The tech business is NOT the domain for the "comfortable". The only way to succeed or move forward is by conflict/discomfort. Jobs knew this, at least at a cellular level, and that is why he and his teams were such successful innovators. Cook will fail, although the factors of inertia and momentum will carry him though a few more years of "success", albeit declining success, before he drives AAPL into the ground.
BBM Apps stalled
Well, what do you expect when you fire (lay off) all/most of the employees responsible for rolling out the service... :rolleyes:
This operator received appropriate punishment for violating the "Don't make your bosses look bad" regulation... :-(
Patches accompanied by...
These patches are likely coming to you with new NSA and GCHQ mandated backdoors so they can pwn you whenever they think appropriate, as well as any other party that figures out where those doors are... :-( FAIL!
Innovation is still alive
My grandson designs and builds RPVs, both fixed wing and rotary copters, that can be either ground controlled or fully autonomous. He designs (using CAD software on his Linux workstation) and builds all the parts (except the engines) and avionics gear himself - including all of the composite material crafting and mig/tig welding of other parts. He also designs and builds electric bicycles. Not bad for a dyslexic, diabetic 18 yo (actually 20 now, but was doing this at age of 12). When he was 8 he rewired his mom's (my daughter) kitchen radio so it could receive transmissions from his kid walky-talky in the back yard - "Hey mom, can I get a lemonade?"...:-)
So, innovation isn't dead, but we need to do more to encourage and enable these young geniuses, and that means not restricting their imaginations so much as we do now.
Shame on Apple!
This is just such a fundamentally elementary bug that the fact it ended up in OSX and the iPhone product lines is just (to me at least) inconceivable! Truly incompetent! When dealing with buffer sizes/lengths, one NEVER uses signed variables, for just this reason... A true FAIL moment for the Apple software team!
FWIW, I have been writing software for large-scale systems for 30+ years. I am a senior systems engineer for a tier-one hardware/software manufacturer. And I was writing software to support Unicode back in the late 1980's when it was still in the development stages.
I'm sure this will turn out well... NOT! Given these analytic techniques have a propensity for generating false positives, I'm sure the program will be totally successful in pissing off a lot of perfectly legitimate travelers. Remember when something like this put the US President on the "No Fly List" (LOL): http://www.cynicmag.com/feature.aspx?articleid=1144\
No charges have been filed
There are no charges against Assange in Sweden or elsewhere (except maybe in the US). He is only wanted for questioning, and there are many who believe that it is a ploy to get him where he can be extradited or renditioned by the US government.
Heck, that was just how long it took to enable the NSA's Global Google data tap! Try as they might, they still were unable to coordinate the swap of fiber cables from one plug to another all over the world in less time...
As Senator, Obama first said he was against FISA and would vote against it. Yea! Then the vote came up, and naturally... What a hypocrite! I wouldn't believe him if he said that "water is wet"!
And if they in turn merged...
Would it be the "Fruity Chocolate", or the "Chocolaty Fruit" company? Mmmm... either reminds me of a nice chocolate fondue. :-)
"Multibillion-dollar energy giants, rail companies and other corporations should take out insurance policies for damage caused by hackers, a White House official has suggested."
Who will then take a cushy job in the insurance industry when the current President's term finishes...
You can be the inventor, but not owner of a patent. I am listed by the USPTO as sole inventor of a patent for adaptive systems, but Applied Materials is the owner. They get the $$ and I get the credit... That and $5 gets you a nice cuppa at Starbucks! :-)
Final Fairness Hearing?
More like Final Fair-my-ass Hearing...
Re: Something wrong with the model?
Yeah. The banks own us...
The only one missing here
Smith will be joined by David Tennant, John Hurt and Billie Piper to do battle against the Daleks and the shape-shifting Zygons.
is Mary Jane Smith (Liz Sladen) - RIP Liz. We all miss you!
So, if your mobe battery life has gone to crap, check for malware like this... :-)
Compared with LibreOffice 4.1?
How well does it stack up with the lated LO version?
Just how long?
I have to wonder just how long it will take to bypass/hack this software? 10 minutes? 1 hour?
Hey momma, I see a great big tasty fish! Can I eat it?
No dear. You get it's rubber skin stuck in your teeth.
As though Shuttleworth can't afford this out of petty cash! Sorry Mark, but I am NEVER going to use/recommend Ubuntu in the future, simply because you are a troll!
SQL injection is not the issue
The issue is that web application developers are using bad practices that allow such attacks. In fact, eliminating them is trivial. The application vendors are the ones who should be held liable. If the web site owner is responsible, then they should suffer the financial and legal consequences; however, normally there is a commercial software vendor who is responsible.
There are always vampires!
I manage several AWS accounts, with systems that range from micro to "Oh My GOD!". Anyone who subscribes to this sort of "service" (read, pay me to do something you can do for free, or near to it), deserves what they DON'T get... :rolleyes:
So, I pay $0.02 (2 cents) per hour for a micro instance. Need it for a day? That is less than 1/2 US dollar! This guy is charging you HOW MUCH?! Even if you figure in the time to "get up to speed" in configuring a Linux server - let's say you need a week to get it to where you need - that is STILL only 1/2 of what this bone-head is charging you!
In the immortal words - caveat emptor!
Not that I agree with such surveillance...
Ok, 1 in 500 of 29M == 58000. 3% of that == 1740. That's the number of "real" offenders "captured" by the cameras. Not a small number. Does that justify the invasion of our privacy to move about freely? Can they determine which plates are associated with real crimes? Do they care? These are the questions we need to ask.
On the take?
I think it is time that Google hires some very good private investigators to determine who "owns" Almunia. This sort of activity is highly indicative of a possibility of corruption...
Security via obscurity
So, what the politicos are saying is something like "There is nothing to see here. Move on now."... The problem is that when sensitive data is collected, there is a finite probability that it will be maliciously exploited, no matter how "secure" it is stored (and usually it isn't very secure in absolute terms). So, storing so much personal data, no matter where or how, someone is going to get access to it for their own personal exploitation. This is one of the major issues about these data scooping activities that isn't being adequately discussed - it affects ALL of us!
docis (cable) == shared bandwidth - dsl is dedicated
Yes DSL is slower than cable, but DSL connections have dedicated bandwidth (or should), whereas the DOCIS (Data Over Cable Service Interface Specification) based connections provided by cable services use shared bandwidth. IE, with cable, the more active connections to a single DOCIS hub, the slower each is.
So, in the final analysis, DSL is slower, but more reliable regarding bandwidth and cable is faster, but bandwidth may vary significantly, especially during peak hours.
- Bugger the jetpack, where's my 21st-century Psion?
- Windows 8.1 Update 1 spewed online a MONTH early – by Microsoft
- Something for the Weekend, Sir? Why can’t I walk past Maplin without buying stuff I don’t need?
- Review 'Mommy got me an UltraVibe Pleasure 2000 for Xmas!' South Park: Stick of Truth
- The land of Milk and Sammy: Free music app touted by Samsung