* Posts by Nigel 11

3152 posts • joined 10 Jun 2009

Feds spank Asus with 20-year audit probe for router security blunder

Nigel 11
Silver badge

Re: Free Markets

You don't get automatic security updates because with a router they are likely to require you to reboot or at the very least to drop existing connections. So you are likely to want to schedule the update yourself. Or you can install your own automation. The market at present is Linux-capable enthusiasts and maybe a few businesses.

If they ever start selling a router with an OpenWRT derivative (or similar) to the general computer-using public, they might decide it's better to ship the thing with an auto-updater that installs security-critical updates immediately, and others overnight around 4am. The few for whom these defaults were wrong would be able to change them -- or indeed, to load some other open router distribution altogether.

0
0
Nigel 11
Silver badge

Linux can and does do the job well if you have fiber or cable broadband, and load (say) openWRT into your router box. Unfortunately AFAIK there are no currently marketed routers with ADSL modem ports for which open-source drivers exist. So if you are using ADSL you have to use proprietary router software.

Perhaps the FTC could be persuaded that this is an anti-competitive conspiracy? Or does the conspiracy include the NSA or the FBI?

0
0
Nigel 11
Silver badge

I mean, for a new router, you have to have default admin/password to allow the user to get going...

Rubbish. You install a random default password and print that on a label stuck to the bottom of the router (personally I think the top would be better, and also a duplicate label stuck to the setup guide).

2
0
Nigel 11
Silver badge

Asus, according to the company website, was named after the greek Mythological Pegasus creature, but dropped the "peg" to show up more prominently in the alphabetical listings.

I think I still prefer the version I have heard, that it once was "asUS" with creative typography to try to hoodwink USA customers into thinking it was a US product. Not quite as blatant as "made in Usa", Usa being a town in Japan which changed its name for commercial advantage.

0
0
Nigel 11
Silver badge

Re: Free Markets

Given time Asus will go out of business and the problem will be solved free market style

I can't help thinking that "free market" is about as far removed from this case as one could imagine. Could it have happened to Netgear (who have also shipped some incredibly insecure crap)? Hint. Netgear is a US company. Asus is not.

Personally I think there s no hope until routers go fully open and run Linux (for example, OpenWRT) so that security updates happen in a timely manner and keeping one's router up to date does not depend on any hardware manufacturer continuing to actively support hardware which it no longer sells and which it would much rather you replaced with newer hardware. Sadly, at present I do not think there is a single router on the market with an ADSL port that has an open source driver available.

1
0

Meet Barra's baby: Xiaomi arrives with a splash

Nigel 11
Silver badge

Re: Nice looking phone.

I did read your post. As long as Xiaomi are actively marketing this model of phone everything will be great. My jaundiced opinion concerns afterwards, and is not specific to Xiaomi.

Xiaomi will at some future date launch a new model and cease manufacturing this one. Where are the cast iron legally binding promises about software support and security updates 1,3,5,10 years after this happens? (And promises concerning the battery life, since it's not replaceable? )

If there are any such, please let us know. Any such really will set them apart from the crowd.

Of course they may go bust or get taken over by Microsoft, which is even worse for future security updates.

Maybe I'm unusual in not wanting to throw away a perfectly good piece of hardware because the manufacturer has deemed it obsolete and stopped maintaining the software, or because the manufacturer no longer exists, or because the battery cannot be replaced. Also in not thinking "new shiny" == "good" and in not being happy to throw out everything I have learned about the apps and UI on my old phone and having to learn all over again on my new one. I run Linux on an "obsolete" (but plenty fast enough) PC at home, and would like to run Linux on a phone if a sufficient ecology of linux-able phone hardware and linux-phone distributions ever arises. Until then, next phone will be all-Google, as the least bad option.

0
0
Nigel 11
Silver badge

Re: Nice looking phone.

If I need a new phone next week it will be a Google Nexus. I am completely fed up with apps that I don't want and cannot get rid of, and of depending on a vendor who no longer makes my particular model of phone for its security updates. They have no incentive to produce updates in a timely manner, if at all. Worse, they have a positive incentive not to. Make the phone as obsolete as possible as soon as possible so the muggles buy another new one. Glueing the battery into the phone and hoping(*) it fails a few months after the warranty runs out is another form of the same.

Some time in the hopefully near future I may switch to a phone that runs Cyanogen or some other truly open OS so I'm not dependant on any single company for updates. Then I might even be able to keep the exact same familiar UI after my obsolete phone finally breaks.

Sorry, Xiaomi. It looks very pretty but I suspect you want me to throw it away as soon as the warranty has run out. Once bitten and all that ....

(*) or engineering it to fail? How can we tell?

0
0

Linux lads lambast sorry state of Skype service

Nigel 11
Silver badge

Short term gain, long term lose

Now Microsoft has completely cut off Linux Skype, the open source community will be forced to write an easy to install Windows client for an open equivalent.

So Microsoft will repeat the Internet Explorer history. A short-term gain, during which time some businesses do it the Microsoft way and just ignore the growing number of customers who can't or won't run IE to access their IE-only web service. Then Mozilla and Safari and Chrome and the growing realisation that they are losing customers and being slagged off by those potential customers. Ending with Microsoft being handicapped by having to support open WWW standards properly while still maintaining backward compatibility with ancient MS server-side proprietary rubbish that's still embedded in "mission-critical" intranet stuff.

Those who fail to remember their history are doomed to re-live it. Prediction: a decade from now Skype will be dying out.

9
1

Gosh, what a huge shock. Ofcom shies away from BT Openreach split, calls for reform

Nigel 11
Silver badge

USO?

Why no Universal Service Obligation recommendation?

Some time in the last century a telephone went from a luxury to an essential. Around that time the Post Office, as it was then, was placed under an obligation to connect a telephone for anyone who wanted one, anywhere in the UK, for the same flat rate everywhere.

Broadband (say 8Mbps) has gone from a luxury to an essential. So why not extend the telephone obligation to specify a network connection capable of supporting broadband at a speed of no less than 8Mbps, anywhere in the UK?

Sure, it'll cost. Everyone else will be subsidizing the remotest locations. But that probably translates more into a reduction in the rate at which prices fall, rather than any rises.

Market forces will never accomplish this. It will never be in the interests of anyone to provide broadband to the last <5% if doing so incurs a competitive disadvantage recruiting or retaining the other >95% of customers. So they'll be stuck forever with 56K modems or impossibly expensive high latency satellite broadband.

Sigh. (Counting myself lucky: 8Mbps when it's dry, 3Mbps when its raining, fiber coming "soon")

21
0

Google human-like robot brushes off beating by puny human – this is how Skynet starts

Nigel 11
Silver badge

I bet the built in battery pack lasts about 5 minutes max.

But I also bet programming it to plug itself into a mains socket would be trivial compared to what they've done already.

1
0

Don't take a Leaf out of this book: Nissan electric car app has ZERO authentication

Nigel 11
Silver badge
Coat

Re: VIN is on the front window in Europe

Insecurity by transparency?

6
0

'I bet Russian hackers weren't expecting their target to suck so epically hard as this'

Nigel 11
Silver badge

Re: endianness @#define

Intel i32, x64_64 is little-endian. So were PDP11 and VAX. Not "wrong"-endian.

I know it's an issue like the Lilliputians' eggs, but little-endian is surely the logical way. Put a 64-bit integer at X. Load the byte from X+1. You have the bits representing 2**8 up to 2**15 of that integer (8 being the number of bits in a byte). Extending this, you can search an allocation bitmap, define a bit address as 8 times the byte offset of the located bit plus the bit offset within the byte, and go straight to an identified logical block in some storage device at a logical block address matching the logical bit address ( = 8 times byte offset plus bit offset within byte). VAX could do that in one beautiful instruction (back when people still sometimes coded in assembly language)

Having less-significant bits at higher byte addresses is illogical. If only we wrote right-to-left like some other cultures do, or if pre-computer mathematical convention was to put the least significant digit of an integer first so we'd carry left-to-right just as we write left-to-right, there would be nobody arguing for big-endian, and probably no big-endian hardware at all.

3
0
Nigel 11
Silver badge

Re: Almost

Seriously, it would have been interesting to know how it was almost exploited.

All you really need to know is here

0
0
Nigel 11
Silver badge

Re: OmegaIsNull

The programmer has chosen to redefine the concept of null to also include non null variables with no value yet assigned, or with a value of a single space.

Under the (unlikely) assumption that the code does precisely what is required, then its worst feature by far is its name. Call it OmegaIsNullish or OmegaIsEmpty or even YukkyTest. Badly chosen names are one of my pet hates, especially when they've found their way into widely-used libraries or systems from where it's impossible ever to evict them. "select" to wait for IO completion, I ask you!

Also, comments matter as much as code. Again if the comment said "is Nullish (null or empty string or space)" ...

But I actually think this is a prize specimen from a person who can't code. There are people who are tone deaf, people who are number blind, and people who can't code. They imitate the forms like any good cargo cultist does, and simply cannot understand that they should find a different employment before somebody fires them (or murders them).

1
0

Plane food sees pilot grounded by explosive undercarriage

Nigel 11
Silver badge

Re: "aircraft fumes"

There's no definitive evidence for this

I thought it was well-documented that engine faults have led to dangerously contaminated cabin air, leading to flight crew donning oxygen masks and making emergency landings. ISTR that what pilots are concerned about (without definitive evidence) is that lifetime exposure to low "normal, safe" levels of these chemicals might be dangerously cumulative. They are organophosphates, an overall nasty group of chemicals.

12
0
Nigel 11
Silver badge

Re: Is there anyone on board that can fly a plane?

ISTR reading that if you have landed a big jet a good few times in a flight sim you are likely to be able to land one for real (wiith assistance from the control tower) if it ever becomes necessary. There are cases of non-pilots being talked down successfully even without any sim experience.

However, I am surprised that they don't give cabin staff a few hours in the real flight training simulator and a refresher every couple of years. Or do they (and impose secrecy for PR reasons)?

7
3

ESA's Sentinel satellite to ride converted ICBM

Nigel 11
Silver badge

Re: What does happen when an ICBM launch fails?

I would imagine that there's some way to disarm the bombs and make them fail safe, but is there really any way to do that when the main rocket motor fails and the whole kit and caboodle comes hurtling down towards Earth closely followed by 77 tonnes of rocket fuel?

Fortunately detonating an implosion-type plutonium warhead requires a cascade of extremely-precisely timed electrical signals to specialized detonators. Hopefully the master input for that cascade cannot be generated by stuff getting trashed during any sort of accident. Detonation of the conventional explosives by fire and (so we are told) attempts to detonate by someone who has stolen a nuke but does not know the appropriate coded inputs, will at worst cause a nuclear "fizzle" similar to a good few tonnes of TNT and a serious radioactive contamination problem. As soon as the warhead assembly is mechanically bent even slightly out of shape there is no way it will implode symmetrically enough to go nuclear.

So nothing to worry about, other than why the launch button had been pressed at all, and how many people get to breathe in particles of finely-pulverized plutonium dust if WW3 is not under way.

0
1

This Android Trojan steals banking creds and wipes your phone

Nigel 11
Silver badge

Re: Why would it erase your phone?

And I'm not sure why they would want to do that [erase your phone]

Destroy the evidence after they've bled you dry? Or just before, so your bank's security team cannot contact you to find out whether it was really you buying the £5000 TV?

0
0
Nigel 11
Silver badge

Re: Darwin is calling

one could read the text and think that one could be infected just by receiving/opening an mms.

Is that "completely impossible" or "not yet"?

I'm sticking to using my desktop along with a completely non-networked code-generating gizmo that my bank sent me. Also to shopping only with credit cards, where the legal onus is on the credit provider to prove that it was I who spent the money, in a court of law if I insist that I did not.

1
0

Putin's internet guru says 'nyet' to Windows, 'da' to desktop Linux

Nigel 11
Silver badge

With their own snooping software that phones the Kremlin, not Redmond...

So you are a small British manufacturing something exportable that involves a few minor trade secrets. Who would you prefer to be grabbing all your data?

1. The USA

2. Uk.gov

3. Russia

4. China

5. Brazil (but you'll have to learn Portuguese first)

6. Most of the above.

8
0
Nigel 11
Silver badge

Re: Putix?

The Russian government is doing this so it can spy on itself ...

This is Russia you are talking about. The country which historically has been more institutionally paranoid than any other, not always without justification.

But yes, their primary motivation will be to stop Redmond and the USA government from spying on the Russian government. It's obviously become too hard for them to work out what Windows is up to, for them to continue using it as a channel for dis-informing Washington.

17
0

LIGO boffins set to reveal grav-wave corker

Nigel 11
Silver badge

Re: Is it a test?

with a range of... what?... a couple dozen light years?

No. Thousands of light years. Possibly tens of thousands. An ordinary supernova is dangerous if it happens within a few tens of light-years. A GRB emits considerably more energy into a tightly collimated beam. Either might explain certain puzzling mass extinction events in Earth's geological history.

I wasn't serious about aiming one.

0
0
Nigel 11
Silver badge

Re: How many events ?

Thanks for that link. Five percent of the mass of the system converted to gravitational radiation in the last five minutes. Detectable ... up to 500 |million lightyears away. Wow. Seriously wow.

0
0
Nigel 11
Silver badge

Re: How many events ?

If there are two black holes gradually(?) orbiting in towards each other then both detectors will be picking up a synchronized sinusoidal perturbation with a phase shift between them introduced by the speed of gravity (assumed to be the same as the speed of light) and the motion of the Earth. Further, since the orbiting black holes are losing energy by gravitational radiation, the period of the gravity wave and its intensity will both gradually be increasing, on top of the modulations caused by the motions of the Earth.

Surely it's too much to hope for that they have observed the actual merger event? Really good test of GR and black hole theory, if they have.

2
0
Nigel 11
Silver badge

Re: a geodesic past the media

It's not something they actually want to keep secret. They just don't want to be misreported, so they talk only to other scientists who hopefully know better than to get themselves misquoted by the popular media. Witness the gradual popular-media "discovery" of the Higgs boson. First "hints of", then "possible", "probable",... which actually mapped reasonably well onto the number of sigmas' worth of data they'd acquired.

This rumour sounds like the news might be more instantly definite but I'm happy to wait until Thursday.

0
0
Nigel 11
Silver badge

Re: Is it a test?

I assume something like two black holes merging or a black hole swallowing a neutron star is going to leave some obvious evidence in the gamma or Xray spectrum

I'm not sure you can count on that. This is two black holes. The two black holes will have been orbiting each other for a long, long time, gradually approaching each other as they lose energy by gravitational radiation. I think that they may have hoovered up almost all matter surrounding them a long time ago. Since both objects are already black holes, even the actual merger event won't emit anything except gravitational radiation (on the basic principle that nothing can get out of an event horizon).

It's a totally different story if there's a neutron star being torn apart by a black hole. That's the sort of event that you want to observe from a very, very long way away. E = mc^2 and something approaching a sun's worth of mass would be converted into energy and emitted as concentrated beams up the axis of rotation over a rather short span of time. The ultimate death ray.

4
0

Dumping chapter and verse on someone's private life online may be outlawed in Utah

Nigel 11
Silver badge

Re: Dox

... hoax pizzas. That is just being a jerk

Actually it is being a criminal. The principal victim is the honest pizza business.

5
0
Nigel 11
Silver badge

Re: Whats the bet

The first use of this proposed law, will be by a legislator whose work email, address and phone number is published by some random activist calling for everyone to demand an explanation from the relevant congress-critter.

I'm not an USAian nor a lawyer, but one might hope this would be thrown out as unconstitutional.

What I'd hope is targetted, is the sort of cyber-harassment that has in the past driven some people to commit suicide. Is the word "repeated" really not in this legislation somewhere? Is there really no intention to distinguish between a one-off disclosure and repeated disclosures after a doxxer/stalker has been told to stop?

0
0

Canonical reckons Android phone-makers will switch to Ubuntu

Nigel 11
Silver badge

Re: On what merit will they be trying to convice the users ?

How about simply being able to buy a phone and reload it with an entirely open-source ecosystem? No manufacturer-supplied "Apps" that you can't uninstall. And a reasonable chance that it's not spying on you in undocumented ways, because you can read the source, or rely on someone else having done so.

The bloatware that my Samsung came with annoys me - duplication of Google ware mostly, but it won't uninstall (and it keeps making noises that I can't easily identify to turn off). A Google Nexus is a nice phone, but I'd rather not have to trust Google so much.

So yes, if/when Ubuntu phones are both price- and feature-competitive with Android ones, I'll probably choose Ubuntu.

9
1

It killed Safe Harbor. Will Europe's highest court now kill off hyperlinks?

Nigel 11
Silver badge

Re: An awful lot of books - or their content - are copyright

So, if I send a message that there is a juicy picture of page 125 of a slightly obscure book, and maybe where that book may be found, am I infringing copyright?

No, firstly because a physical book was presumably published with consent and someone paid for it.

OK, let's say where an unauthorized reprint of that book may be found. It's not obviously violating copyright - it's not a crude photocopy. The copyright owner contacts the person with this illegal book, he shreds it, and you are informed by the copyright owner that it wasn't a permitted copy and how to tell the difference in future. You then alter the document you published to tell people where to find another unauthorized copy, this time in the full knowledge that it is unauthorized. And repeat. And repeat.

I think that's a fair analogy to this case.

3
0
Nigel 11
Silver badge

This case asks whether or not you can link to something that wasn't published, or was published without the permission of the copyright holder.

Especially if you persist, after the copyright holder has made you aware beyond any reasonable doubt that the material is being made available without its consent.

Methinks there's an analogy to be made with stalking. A stalker doesn't directly break the law, but his (or her) actions which would be legal if randomly distributed across the population become illegal when persistently targeted at a single individual after being told to stop.

Stalking is intended to terrorize, and is therefore illegal. Publishing repeatedly updated links to copyright-violating servers elsewhere is intended to assist others to commit a form of theft. Legal? Seems a sensible thing for a court to consider. I hope that they get it right and restrict their judgement to this specific case rather than wreaking wider havoc with the internet.

2
1

Leak – UN says Assange detention 'unlawful'

Nigel 11
Silver badge

Re: We make our own prisons

I still do not understand why Sweden hasn't come out and guaranteed (governmentally, to Ecuador) that Assange will not be extradited anywhere outside Sweden and -- if cleared or after punishment served in Sweden -- would be free to travel from Sweden to Ecuador. At that point the Ecuadorian Embassy could ask him to leave, the UK police could send him to Sweden, Swedish law could take its course, and a huge amount of fuss and expense would have been saved. If he was scared that the UK might send him to the USA rather than Sweden, then a similar guarantee could be issued by our government that he would not be extradited anywhere except to Sweden.

In the meantime he has a little of my sympathy. I don't think that the USA should be allowed to lock him up and throw away the key, which is probably what the US government would do if they ever get their hands on him. His actions don't make a lot of sense if all he has to worry about is jail in Sweden. That's probably little more unpleasant than confinement in a small embassy in London.

13
6

BT blames 'faulty router' for mega outage. Did they try turning it off and on again?

Nigel 11
Silver badge

Rural broadband

There's only one answer for rural broadband, and it's independant of the future of BT Openreach.

Some time during the last century a telephone line went from being a luxury to an essential, and the Post Office (as it then was) was placed under a universal service obligation. Which inevitably made telephone lines slightly more expensive for everyone in towns and cities.

Around now, a broadband service of at least 4Mbps (I'd say 8Mbps) has gone from being a luxury to an essential, and OpenReach needs to be placed under a universal service obligation. And yes, it means that everyone's fixed line rental will have to go up a bit.

Until they are under a USO it is simple economics that they will concentrate on the 90% of the profit that comes most easily (ie folks in towns and cities) and pay lip-service only to providing folks living a long way away from an exchange with anything but the least good service that they can get away with.

6
2

When customers try to be programmers: 'I want this CHANGED TO A ZERO ASAP'

Nigel 11
Silver badge
Flame

Re: Customer always right?

Why edit it? Just quote it in full.

That might have had him looking for a scapegoat, and you might have been it. In general, do not try to put out a fire with petrol.

7
0
Nigel 11
Silver badge

Re: a week and 2 engineers

Do we now have an explanation of the bag with 59 sachets of salt and one crisp?

(I've twice found a solid chocolate Kit-kat. I don't regard that as any cause for complaint).

8
0
Nigel 11
Silver badge

Customer always right?

Surely in the first example there was a moral obligation to all other stakeholders in the company. An edited version of the comment (minus the "idiots" "fools" "morons" ad-hominem bits) should have been made available. "The full code contains this cautionary comment ... please confirm, in writing, that you nevertheless require the change which is so strongly cautioned against to be made".

Maybe the moron would have had second thoughts. And maybe you should even have tipped off his CFO, though you'd probably have needed to go up to board level of your own company to get that approved, and doing it without approval would take a lot of balls.

7
0

Safe Harbor ripped and replaced with Privacy Shield in last-minute US-Europe deal

Nigel 11
Silver badge

Neville Chamberlain

I might say that's unfair because the USA is not a fascist dictatorship.

For some reason the word "Yet" keeps surfacing.

5
0

Europe wants end to anonymous Bitcoin transactions

Nigel 11
Silver badge

Re: Numpties

You forgot to add that our own government inhabits the other wing of the same lunatic asylum as most of the commish.

In a nutshell, that's why I'm going to find the IN/OUT decision quite a challenge.

2
0

I love you. I will kill you! I want to make love to you: The evolution of AI in pop culture

Nigel 11
Silver badge

Self-awareness

We don't know an awful lot about self-awareness or how it can arise. In fact I'm not sure that we actually know anything. How do you prove to me that you are self-aware rather than just programmed to assert that you are? Or even, how do I know that I am self-aware rather than just something else's dream? The ancient Greeks and Shakespeare understood this. Occam's Razor is the only way out that I know.

Two good SFnal treatments of awareness arising unexpectedly: Greg Bear Queen of Angels and Charles Stross Rule 34.

0
0
Nigel 11
Silver badge

Re: Big Blue

And Vernor Vinge comprehensively outclassed the Berserkers with the Blight. That truly is a nightmare vision (and A Fire upon the Deep is a truly great book).

0
0
Nigel 11
Silver badge

Machines do not "make decisions" and are not likely to do so in the foreseeable future. They just follow a pre-programmed algorithm - albeit one that may be pretty complex.

Which differs from a human brain taking a decision how precisely?

A machine makes a decision when it operates with internally generated code or huge internally generated continuously modified weighting tables on equally huge internally generated tables of data, heuristically pruned to fit in available memory. It becomes impossible for a human to understand why any particular instance arrives at a particular point A or not-A. Potentially this, even if we can dump a Terabyte of internal state at the precise moment that the decision was taken.

When you are running and are tripped by something you didn't see, you'll try to regain your balance. Can you tell us the details of your last success, or what you would do next time to avoid your fall, or even whether falling was avoidable? Yet clearly we do learn to run. Young kids fall over a lot more than adults. And if/when we advance from building intrinsically stable wheeled and tracked vehicles to bipedal "mechas", I have little doubt that the same will be true of their control systems.

0
0
Nigel 11
Silver badge

Does the machine choose the greater good - or avoid a direct action that would deliberately kill the man on the spur?

A dilemma which the logic in self-driving cars will have to incorporate, unless we choose to refuse to incorporate any concept of "the greater good" which is itself a decision. Will it be explicit (programmer playing god, here's the algorithm which decides whether you live or die)? Or implicit (the AI has programmed goals and code that evolves in time as it processes more events, and we really don't know in advance what it will do faced with a choice between two different crashes).

I once found myself in a meta- version of this dilemma. Thanks to my own inattention, I was hurtling towards a give-way sign much too fast to stop and realized I might have to decide between a collision with another vehicle or going off-road into trees. I never got to take the decision, because the fates or whatever decreed that there was no other vehicle crossing my path.

0
0
Nigel 11
Silver badge

Re: "what it is that makes us human when computers and machines can educate themselves"

There was a computer program that "discovered" prime numbers all by itself.

It was not really AI. It was a goal-seeking algorithm that could apply the rules of symbolic algrebra. It had the axioms of arithmetic hard-coded, and its goal was to prove hypotheses with high values of interestingness, where interestingness was a heuristic based on the relation of a hypothesis to other hypotheses and theorems and their interestingnesses (ie, if we can prove this, then we get that and that and that ... )

ISTR it got as far as inventing and trying to prove Goldbach's conjecture (every even number greater than two can be expressed as the sum of two prime numbers). It failed to prove it, which is not very surprising ... the best human mathematicians of the last 250 years or so haven't been able to prove it either!

There's also the proof of the four-colour theorem which is too complex for any human unassisted by a computer to comprehend. So it it proved, and if so what is it proved by?

0
0

Little warning: Deleting the wrong files may brick your Linux PC

Nigel 11
Silver badge

Re: This is like BIOS flashing by Unix commands

I'm almost certain that if you can trash UEFI and brick your motherboard running as root on LInux, then you can trash UEFI and brick your motherboard running as Administrator on Windows. It may be harder to do it accidentally (though I doubt if that's by design, more probably by happenstance). Linux should take steps in the same direction of making accidents harder, like making the --one-file-system option a default for rm.

Any blame needs to be placed squarely with the implementors of UEFI on the offending hardware. Possibly also with whoever specified UEFI if it does not explicitly state that a missing or corrupt UEFI filesystem or any or all missing UEFI variables must be recoverable errors from an end user's perspective.

2
0
Nigel 11
Silver badge

Re: This is like BIOS flashing by Unix commands

So that you can 'safely' run rm -rf /

rm --one-file-system -rf / # safe, for certain values of safe ...

this will remove all files in your root filesystem, which is probably your operating system installation, hopefully not your /home files, and certainly not anything in sysfs.

Personaly I think --one-file-system should be the default, especially if you are running as root, with a --really-do-recurse-into-all-filesystems option for the suicidally inclined.

2
0
Nigel 11
Silver badge

Re: So, exactly...

EFI is part of the BIOS. It is intended to be accessed as a filesystem. It's therefore bad design if corrupting that filesystem results in the Motherboard being bricked, rather than offering a "reset to factory" option.

But rm -rf is not the right way to erase a disk on Linux. Assuming that you are not unduly concerned to erase data beyond the abiliity of a three-letter-agency to recover it (*), then the right tools are

boot something like SystemRescueCD off a standalone CD or USB stick

DISK=/dev/sda # or whatever

smartctl -i $DISK # double-check you are about to nuke the right device

dd if=/dev/zero of=/dev/$DISK bs=4M; sync #write all sectors to zero

This also forces relocation of any bad blocks at a time when that will cause absolutely no harm, and lets you then use smartctl -A to see whether pre-emptive replacement of the disk might be wise. If you are in a hurry add count=10 to wipe only the partition table and anything lurking at the top of the first partition.

(*) if you are worried about the three-letter agency the recipe is remove disk, drill several holes in its HDA, smash its electronics with a hammer, and immerse the disk in acid. Coca-Cola is probably an adequate substitute for hydrochloric acid or ferric chloride. Easy to obtain and no bothersome H&S forms needed. Solid-state disks probably require incineration though applying a Dremmel coarse grinding tool to all the big chips might suffice.

4
0

Lawyers cast fishing nets in class-action Seagate seas

Nigel 11
Silver badge

AFAIK every disk drive vendor has shipped some models that are lemons in its time. It is inevitable. Every drive in production is in effect a prototype. By the time any particular model of drive has a five-year track record of acceptable reliability, it is obsolescent and no longer manufactured. The manufacturers do do accelerated ageing tests, but they cannot catch all failure modes or guard against batches of faulty components from their suppliers.

If you are populating a RAID with mirrored pairs, the absolute worst thing you can do is buy two identical drives. One Seagate and one WD is a better bet than two WD even if you can prove that the WD has five times the MTBF of the Seagate (which you can't, see above). That is because if one drive fails because of a batch of faulty components, the others from the same batch won't be far behind. The one from a different manufacturer is least likely to contain components from the same faulty batch.

Airlines know better than to service both engines on a twinjet at the same time. (It's also forbidden by air safety rules, for the same very good reason).

6
0
Nigel 11
Silver badge

Mirrored hard drives, in a quality NAS box, with a UPS and alerting set up and tested, with a last-resort backup at a physically different location, is reasonably reliable. The details matter.

Would you go skydiving without checking every last detail of your parachute, at least twice?

1
0
Nigel 11
Silver badge

Re: Numpty is as numpty does

The other thing you see is people who think that because the NAS box has twin redundant disk drives, there are two backups.

They really should make small NAS boxes with software that activates a red light and an irritatingly loud beeper when one of the drives fails. Because many people think they'll be magically informed when a drive fails, even if they've never told either the NAS box or the warranty-registration form their e-mail address, mobile number, etc.

Not that some of the cheaper ones would generate an alert even if you had.

4
0

UK govt right to outsource everything 15 years ago – civil service boss

Nigel 11
Silver badge

Re: Do they think we're daft?

Until someone developing a billion-item million-transaction-per-second system for HMRC gets paid the same as someone developing such a thing for Tesco, there will be a flow of people from HMRC to Tesco.

And follow this chain of thought.

HMG outsources to $ORG. $ORG needs some more staff. So it advertises with a salary sufficient to cause a flow of staff from Tesco to $ORG. $ORG then bills HMG for their services. Plus a profit margin. Plus administrative overheads.

And HMG now has to employ a contract manager to keep track of whether things are going OK. And a lawyer, when they aren't.

And this is supposed to save money??

I wonder how many of the people responsible for the outsourcing are now working for $ORG?

5
0

Forums