* Posts by Allan George Dyer

1605 posts • joined 12 Jun 2009

UK's lords want more details on adult website check plans

Allan George Dyer
Silver badge
Coat

Based on the species of the active participant, isn't it humaniality?

0
0

Phoney McPhoneface: The thrilling tale of ZTE's crowdsourced mobe

Allan George Dyer
Silver badge
Joke

Re: Sticky FRONT

Attach it permanently to the user's head!

Alternatively, just use a nail.

1
0

'Twas Brillo but then Android Things, which watched as Google Weaved its Nest

Allan George Dyer
Silver badge

Re: @ Ian Joyner

Sorry about the long delay - I only looked back at this thread today.

Responding to your responses...

iOS and MacOS are based on Mach, but they aren't microkernels: "However, in OS X, Mach is linked with other kernel components into a single kernel address space. This is primarily for performance" https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html

How this affects their security compared to Linux, I don't know.

Were we restricting the discussion to "how microkernels make IoT secure", or "how to make IoT secure"? My point is that it isn't all about microkernels. Yes, insecurity at a lower level affects all higher levels, but it is also possible to "bolt on" insecurity, To steal an analogy from cryptography, you need strong algorithms and good key lengths, but if your crypto is like a 1 mile stake in the ground - infeasible to get through or over, increasing the key length to make it a 10 mile stake doesn't improve your security - the attackers still go around the stake instead. Securing your IPC messages against an obscure attack doesn't fix a hole elsewhere. As an example of "bolt on" insecurity, SMTP email was a mostly harmless protocol until someone (Microsoft) decided to add a programming language (VBS) to their email client, and have it autorun scripts in messages on preview... then we got Loveletter. All the inherent insecurities of the underlying protocol made no difference to how the catastrophe spread, it was the add-on scripting that made the difference.

How does a precise definition of malware help? I'm saying we can't really have one, but the idea of securing everything from the microkernel depends on it. We can't really have one because the classification depends on intent: format is a useful program, but a trojan with the same function is highly destructive. So, we'll ask the microkernel, "which of these two programs that overwrite the disc should be allowed to run?", perhaps it will refer to a signature: who wrote the program? Then, who do we trust? Has the key been compromised? We're back to dancing on quicksand.

"well most servers (at least ones of any scale) are set up by experts" - Then why do we see news stories like https://www.theregister.co.uk/2016/09/22/yahoo_500m_email_accounts_hacked/ ? I would say that most servers are secured to a cost, and an expert will make a rational choice between meeting an unreasonable constraint and loosing their job.

Spend too much on a secure microkernel, and there's not enough left to identify or fix gaping holes elsewhere.

0
0
Allan George Dyer
Silver badge

Re: @ Ian Joyner

My first reaction to what you said was also "claptrap", but, on reflection, I think it lacks context. You're saying Linux is insecure and unsuited for the challenges in, "the wilds (at the edge) of the Internet"? So what alternatives have seen massive deployment in that area? Perhaps Windows, iOS, OS X? They certainly don't represent a different level of security, so I'm missing your meaning.

I took a look at your previous posts... are you thinking more in terms of formerly-defined systems, with provable behaviour? In that case I have a few criticisms:

i) Even "simple" IoT devices are too complex for easy formal definition

ii) Your concept of "security" is restricted to technical considerations. Security should encompass confidentiality, integrity and availability, and the trade-off between them is determined by the application.

iii) You say that software can come packaged with malware... but how do you define malware? I tend to use the definition, "software that does bad things", but that requires assessment of intent, which is a human quality not amenable to formal definition. Actually, this is the flip side of my point (ii)...

iv) Costs are being driven down, we don't have very controlled servers in locked data centres (and even when we do, someone's fitted an IoT lock, "for efficiency"), tended by perfect experts.

So, take a look around the real world, it is more complicated and messy than a formally-defined microkernel can cope with.

2
0

Mr Angry pays taxman with five wheelbarrows worth of loose change

Allan George Dyer
Silver badge

Re: He'd be shit out of luck in the UK

"novelty 10' plywood cheque" - I recall a news story about a cheque written on a 10' shark, by a fishmonger to the local council, IIRC.

2
0

Boffins turn timid mice into psycho killers – by firing lasers into brains

Allan George Dyer
Silver badge
Joke

If that's a mouse's brain...

Their mice a descended from The Brain! (0:07 in the video)

4
1

The top doc, the FBI, the Geek Squad informant – and the child porn pic that technically wasn't

Allan George Dyer
Silver badge

"where's the rest of the material?"

From the article:

"allegedly found a Mac, an iPhone and a hard drive storing images of underage sex"

Is it credible evidence? Let the jury decide.

1
1

Top cop: Strap Wi-Fi jammers to teen web crims as punishment

Allan George Dyer
Silver badge

I thought the US military were quite fussy in the Vietnam era too... citation: Alice's Restaurant https://www.youtube.com/watch?v=m57gzA2JCcM

3
0

Speeding jet of Siberian liquid hot Magma getting speedier, satellites find

Allan George Dyer
Silver badge
Headmaster

"the Sun is not hidden from us by 3,000 km of rock"

Hah! It's four times that, at night!

8
0

US cops seek Amazon Echo data for murder inquiry

Allan George Dyer
Silver badge
Coat

Re: Interesting...

@pauleverett - would it be smart enough not to call the cops if it hears a TV show, or one of those dinner party murder mystery games?

"Amazon Echo here - Reporting a conspiracy to steal plans for a top secret military project called 'the Death Star'."

3
0

How Rogue One's Imperial stormtroopers SAVED Star Wars and restored order

Allan George Dyer
Silver badge

Re: Two things bothered me

"Now, let the management types of the Empire run the Death Star with no designers and no plans."

I recall from ANH that the Empire completed an analysis and also discovered the weakness, so therefore they still had the plans. Therefore, there was an offsite backup, or DR site, for the archives on Scarif.

I'm guessing that the consultants who completed the analysis made sure they were safely on a shuttle for home before the project team delivered the unfavourable report to top management...

2
0

Support chap's Sonic Screwdriver fixes PC as user fumes in disbelief

Allan George Dyer
Silver badge
Coat

Re: Clothing related malfunction

@Anonymous IV - It's up to us to supply possible endings:

1. and that's how he met my Mum.

5
0

Oi! Linux users! Want some really insecure closed-source software?

Allan George Dyer
Silver badge
Headmaster

Re: Bigger jumps in Version numbers

"Now according to my roman numerals chart, X is 10, and P means Million... so XP = 10,000,000"

No, XP = 999,990 , just like IV = 4

Edit: upvote to druck, I'm late by XV hours.

1
0

Stupid law of the week: South Carolina wants anti-porno chips in PCs that cost $20 to disable

Allan George Dyer
Silver badge
Happy

Magic chip or method...

I'm patenting a thin plastic shim that can rest between the contacts of the power button, in combination with a warning label, "No user serviceable parts inside".

I'll rent them out... I'll only need one per computer shop, and I get paid every time they're removed.

Where's the "bundles of cash" icon?

1
0

Galileo! Galileo! Galileo! Galileo! Galileo fit to go: Europe's GPS-like network switches on

Allan George Dyer
Silver badge
Black Helicopters

Cunning plan...

"Galileo can be blocked for civilian use in an emergency"

1. Wait until every car, lawnmower and bulldozer is self-driving and dependant on Galileo

2. Trigger an emergency

3. Enjoy the chaos...

Am I on the watchlist now?

11
0

Well, well. Auditors say UK govt procurement body hasn't saved your tax cash

Allan George Dyer
Silver badge
Paris Hilton

Re: Economies of scale?

Did he include his PA's time in the pricing?

3
0

'Emoji translator' sought by translations firm

Allan George Dyer
Silver badge

Re: First one

Charing Cross?

0
0

A single typo may have tipped US election Trump's way

Allan George Dyer
Silver badge
Facepalm

legitimate/illegitimate

There is a reason why sailors stopped using larboard/starboard.

Legitimate/Bastard would be a readily-recognisable terminology.

19
0

Men! If you want to win at board games this Christmas, turn off the rock music – scientists

Allan George Dyer
Silver badge
Boffin

"So, that's the procedure I'll be using, do you have any questions?"

Yeah, what's your favourite music?

8
0

Linus Torvalds releases 'biggest ever' Linux 4.9, then saves Christmas

Allan George Dyer
Silver badge

Re: What's wrong with a CLI?

@Flocke Kroes "Although PHB's from the 80's could do something constructive with the command line"

Really? I thought they were too busy asking their secretaries to print their emails. OTOH, their secretaries were probably doing quite a lot from the command line, or using obscure key combinations.

7
0

AI brains take a step closer to understanding speech just like humans

Allan George Dyer
Silver badge

Cultural Differences

"it may provide a new way to translate speech into other languages"

Or, more likely, humorous and deadly anecdotes of mis-translation...

Consider descriptions of a cow being slaughtered in Hindi and Texan.

"My hovercraft is full of eels"

2
0

All aboard the warship that'll make you Sicker

Allan George Dyer
Silver badge

Re: The last "ship" to bear the name HMS Tamar

@SkippyBing - The Tamar government HQ was opened in 2011, it didn't exist in 1997. You're thinking of the former Prince of Wales Building, now the Chinese People's Liberation Army Forces Hong Kong Building: http://gallery.moeding.net/AroundTheWorld/Asia/China/HongKong/Prince_Of_Wales_Building.jpg

which is just next to Tamar:

https://en.wikipedia.org/wiki/Tamar,_Hong_Kong#/media/File:Tamar_Development_View_201308.jpg

which is built on the filled-in ship repair basin. Both were part of HMS Tamar.

The PLA went to the Prince of Wales Building first because all the military sites were transferred to them at the handover. Government House is owned by the civil government, though the first Chief Executive chose not to live there, probably to emphasise the difference from colonial times.

1
0
Allan George Dyer
Silver badge
Headmaster

The last "ship" to bear the name HMS Tamar

Was the shore station and headquarters of the British forces in Hong Kong. Tamar is now the name of the new Government headquarters on the same site.

1
0

Sysadmin told to spend 20+ hours changing user names, for no reason

Allan George Dyer
Silver badge
Joke

"Any naming scheme will end in duplicates, it's unavoidable."

You've obviously never visited Hilbert's Hotel.

3
0

Sigh... 'Hundreds of thousands' of... sigh, web CCTV cams still at risk of... sigh, hijacking

Allan George Dyer
Silver badge

Re: That's all very well...

"If they cannot be fixed, I'm sure that most people with one of these will just junk it."

Why? Even if they see the warning, as long as it's still functioning, many people will just keep using it, completely unaware or uncaring of the DDoS or other nastyness running in the background.

7
0

Sysadmin figures out dating agency worker lied in his profile

Allan George Dyer
Silver badge

Re: Bless....

@Dog11 - "How else to make a front panel with lettering that looks silkscreened?"

Mirror-image print on acetate sheet?

0
0

San Francisco's sinking luxury Millennium Tower: Tilt spotted FROM SPACE

Allan George Dyer
Silver badge
Joke

@MNGrrrl: "Nobody has tried something like this before"

Well, not since Atlantis, you can find the original engineer's report and planning permission buried in soft peat at the local planning office.

3
0
Allan George Dyer
Silver badge

Re: Timber!

@jake - I think we need to know the size of a qualifying earthquake first, we don't want you dropping a feather next to your seismograph and running off with the pot...

4
0

Drops the mic... Hang on, hackers could be listening through my headphones?

Allan George Dyer
Silver badge
Coat

Re: Odd

"Sssh!, not so loudly."

Too late, HAL's already reading your lips on the webcam.

I'll get my spacesuit... with the helmet.

5
0

You want SaaS? Don't bother, darling, your kind can't afford it

Allan George Dyer
Silver badge
Black Helicopters

Re: Wrong way round

Or they changed from the default locale, but it silently resets on every update... or possibly, whenever it feels like it.

17
0

Signal security revealed: A triple-Diffie-Hellman with a double ratchet

Allan George Dyer
Silver badge
Coat

Re: Capture the message post decryption...

... why bother with malware?

Obligatory xkcd

The coat with the heavy object in the pocket, thanks.

0
0

CompSci Prof raises ballot hacking fears over strange pro-Trump voting patterns

Allan George Dyer
Silver badge

Re: Vote Fraud? Are you CRAAAZY?

You've missed the point - it's not the Democrats that are calling "Vote fraud", it's some academic saying, "this looks odd". It's been shown that many of the machines can be hacked, he's asking, were they hacked?

The underlying question is why the USA tolerates insecure voting machines, but Trump it seems is also uninterested in this when the results favour him.

23
2

Deliver-oops! Takeaway pusher's customers burger-ed by hijackers

Allan George Dyer
Silver badge
Paris Hilton

Re: Only just saw proof they are bunch of cowboys

On a bicycle? What happened to his horse?

0
0

User needed 40-minute lesson in turning it off and turning it on again

Allan George Dyer
Silver badge
Trollface

Re: Witless idiots

"Error messages should be short enough and clear enough to be remembered."

Ah - like "PC LOAD LETTER" then?

4
0
Allan George Dyer
Silver badge
Coat

Re: Can you hold down the power button

@Terry 6 - "drivers have no idea how to top-up the jets" either you have some seriously overpowered cars where you are, or you're looking for the word "pilots".

Hoist by your own petard - you did say not to use jargon terms.

2
0

KCL staff offered emotional support, clergy chat to help get over data loss

Allan George Dyer
Silver badge
Joke

A fine tradition...

Nice to see KCL getting back to the vision of their founders, but perhaps a little more emphasis on the other half of their motto is required: Sancte et Sapienter "With Holiness and Wisdom". The backups are certainly holey, but where's the wisdom?

Disclosure: I'm a UCL Grad.

1
0

Britain must send its F-35s to Italy for heavy overhauls, decrees US

Allan George Dyer
Silver badge

Re: And after Brexit...

Not to mention the paperwork for importing/exporting weapons components...

6
1

Computer glitches force US election poll stations to stay open for longer

Allan George Dyer
Silver badge
Mushroom

Re: Election night live...

@Oengus - First comedy channel to hand out nuclear launch codes... watch out for the punch line!

4
0

What a bee-lief! UK's asian hornet outbreak is over ... for now

Allan George Dyer
Silver badge
Coat

If they come from France, do they use tiny guillotines?

11
0

Leaks password, check. Leaks Wi-Fi password, check. Can be spoofed, check. Ding! We have an Internet of S**t winner

Allan George Dyer
Silver badge
Coat

Re: Which is exactly why I build mine out of Raspberries and Bananas

AC, IanRS - you two are a right pear.

3
0

Six on capacitor charges

Allan George Dyer
Silver badge
Coat

Shocking!

9
0

Hm, is that a minefield? Let me just throw my magic bomb-sniffing spinach over there

Allan George Dyer
Silver badge

And Spinach Harvester now outranks Alligator Wrestler on the World's Most Dangerous Jobs list.

5
0

F-35 'sovereign data gateway' will stop US reading pilots' personal data? Yeah right

Allan George Dyer
Silver badge

"automatically orders spare parts"

If that includes printer ink, they might have some really big bills...

3
0

Boffins predict web scams with domain registration data

Allan George Dyer
Silver badge
Paris Hilton

"Scammers also watch out for registrars bulk discounts"

Am I just being terminally dim? Who has a legitimate need for bulk registration of domains?

0
0

Chinese electronics biz recalls webcams at heart of botnet DDoS woes

Allan George Dyer
Silver badge
FAIL

Recalling "some of the products it had sold in the US"

See icon.

More to do with lawsuits than actually solving the problem.

3
0

Is this the worst Blockchain idea you've ever heard?

Allan George Dyer
Silver badge
Coat

Re: Fundamental point of blockchains

Wait - someone trusts the banks and government?

Mine's the one with the tinfoil hat and barter goods in the pocket.

0
0
Allan George Dyer
Silver badge
Coat

Re: An immutable record, you say...

Where can I get their music?

0
0

What will happen when I'm too old to push? (buttons, that is)

Allan George Dyer
Silver badge
Flame

Re: Not being old

"Most are the opposite" - I'm not sure about "most", which leads to the next problem, we've got all these bloody coloured lights, flashing or not flashing (at indeterminate intervals so sometimes you're waiting, trying to decide whether or not it is flashing), trying to TELL US SOMETHING, but I DON'T KNOW WHAT and the sodding things are "labelled" as a raised black plastic icon on a BLACK BACKGROUND that I don't recognise even after I've used an oblique light to highlight the shape.</rant>

I think I'll go and lie down, my charger is signalling in morse that my phone is about to catch fire and my router is flirting with with my air conditioner.

5
0

Today is the 211th anniversary of the Battle of Trafalgar

Allan George Dyer
Silver badge

Re: Image of "Here Nelson Fell 21st Oct 1805" on HMS Warrior

Bloody hell... you say the HMS Warrior crew have stolen the deck from HMS Victory! Keelhaul the blaggards!

(HMS Warrior was only launched in 1860, Nelson never stood on it. It is also iron-hulled and still afloat, not far from HMS Victory's dry dock)

4
0

Forums