Feeds

* Posts by Richard 12

1556 posts • joined 16 Jun 2009

Review: Philips Hue network enabled multicolour lightbulbs

Richard 12
Silver badge

20-30 seconds!?

So, rather useless and actually completely obsolete before even launched.

We aim for 1/40th sec and usually get 1/30th. Have done for decades.

We also have wireless and battery-less light switches for the last couple of years - fancy a sticky-back light switch?

0
1

Relax, Hollywood, ARM's got your back: New chip 'thwarts' video pirates

Richard 12
Silver badge
FAIL

Re: "ARM's TrustZone" - abuse of ENGLISH!

What they've done is offer a way a device manufacturer can ensure that no application running on the ARM core of the same device can read back the output of the framebuffer. Quite how this can usefully stop an application popping it back into normal mode to read the framebuffer is unknown, given that users want nice transitions between 'play video' and 'not play video' and quite like having GUI elements like Play, Pause, Quit etc.

But this feature isn't for the users. It's for devices that are genuinely frightened of the user.

However, any given implementation of this feature may be flawed, and the output of the physical IC remains (and always must remain) available - both LVDS and LCD-RGB will forever remain unencrypted (so getting the image is easy if you pop the lid) and both HDMI and DisplayPort are crackable, if not cracked already.

Fundamentally, the reason DRM as a concept cannot possibly work is because Bob, Eve and Mallory are all the same person.

For the same reason, the overall effect is to only annoy legitimate users and damage reputations, because it prevents the legitimate user from watching the content they've paid for - both when it works and when it breaks down.

In this case, if any issue (eg minor bug in playback app) causes the 'secure' GPU to get stuck in takeover mode, your device is a brick.

0
1

Motorola shows off tattoo and swallowable password hardware

Richard 12
Silver badge

Identi-Eze

Well done Motorola, you just re-invented it except worse!

This way you need multiple spares because they only last two weeks or two days.

So when somebody steals the spares, you're stuffed.

0
1

Microsoft's Windows 8.1 secrets REVEALED ... sort of

Richard 12
Silver badge

Re: "unified search results from your apps, files, SkyDrive, actions you can take, and the web"

More to the point, didn't they hear what happened when somebody else did that?

The most annoying annoying thing about any search function is when it returns too many results, so anything that gives you more results is only going to be more annoying.

Stand by for "Word" to become the most-clicked term on Bing...

1
1

Who did Apple LIE TO: Australia or America?

Richard 12
Silver badge

Re: Both right?

This isn't (really) about high street price, it's transfer price.

The Aus subsidiary doesn't make widgets, it buys them from another company in the group for an inter-company "transfer price", and then sells the widgets at a street price.

The profits are then worked out by "street minus transfer". By adjusting both transfer price and street price, a multinational company can move the bulk of the taxable profit into the country of their choice while still having huge margins.

If the transfer price is unreasonably high, the taxable profit will be unreasonably low and taxes have probably been evaded. If they are reasonable, then taxes are merely avoided.

This is what Starbucks did in the UK with the beans - they had to buy them from a foreign Starbucks subsidiary at a surprisingly high price. (They weren't actually convicted of anything though)

7
1
Richard 12
Silver badge

However, they did lie

It doesnt really matter how important a detail it is, but whether through incompetence or malice, they have given two governmental legal inquiries contradictory answers.

Worse, in both cases they gave an answer likely to be accepted by the questioner as reducing their liability, which implies the truth is probably neither of them.

14
2

Windows 8.1 Start button SPOTTED in the wild

Richard 12
Silver badge

Re: The start screen can't be managed

I did not know that.

Weird how the more I learn about TIFKAM, the crazier it gets.

So it genuinely isn't as bad as I first thought - it's much worse!

8
1
Richard 12
Silver badge

Well done, you missed the point

It was never just about the icon - though removing it was fundamentally stupid.

It's the "MS needs the entire screen" attitude, first seen in Office 2007.

No, starting an application does not require the full screen, except when the screen is very small or far away - phone/tablet and TV.

Neither of those apply in a desktop situation.

Who's taking the fall for you this time, Ballmer?

22
2

Tea, Earl Grey, hot! NASA blows $125k on Star Trek 3D FOOD PRINTER

Richard 12
Silver badge

Re: Printing in kale

Pass me a 14B.

0
1

Experts: Network security deteriorating, privacy a lost cause

Richard 12
Silver badge

Re: political will

Smart meters do more than that.

They allow different billing rates at different times.

- So a miscreant can raise (or lower) your bill, by moving those times around. Perhaps make the Economy period from 1:00am to 1:05am?

Many allow customers to be remotely disconnected.

- Cutting a significant proportion of a single substation's load instantaneously could easily destroy the remaining customers' equipment due to overvoltage, and may even damage the substation. This has occasionally happened when a JCB has an accident, covered by the excavation insurance. Who pays for your new TV if it's killed by smart meter hacking?

- Imagine what would happen if 10% of a region's demand were suddenly cut off without warning? What if it was more than that?

Given that all potential miscreants will be provided with their very own example of the equipment to play with...

2
2

Reports: New Xbox could DOOM second-hand games market

Richard 12
Silver badge

Re: Xbox modding / rechipping, Gamer Profile hacking...

Renting...

Are you absolutely sure that's going to be possible?

Because how is "I rent game for a week and return it, then you rent game" any different to "I buy game play for a week then give it to you"?

Activations as described would kill the rental market as well, because you can't prevent resale without preventing rental, unless there are specific "rental" versions with a different DRM management system that would make them expensive and buggy, and limited to specific games.

2
1

More than half of Windows 8 users just treat it like Windows 7

Richard 12
Silver badge
FAIL

Re: Much ado about nothing...

That's not a folder (or directory in old language). It's useful, but doesn't serve the same function - it's got more in common with KDE plasma widgets.

I've got something like hundred items in the Start Menu on my Win7 machine. (It's relatively hard to work out)

- More than half are actually the 'uninstaller' or 'configuration' that I will probably only ever run once. They're still there though, and they'd still be be there in the Start Screen, given the same prominence as the actual application they relate to.

So, tell me, how many screenfuls worth of scrolling is that under TIFKAM? Ten to twenty? That's not "a little"! Zooming out doesn't help unless I recognise the icons because the text becomes unreadable. (It's hard enough to read normally)

If I start rearranging things to move those "only ever run once" off to the end, I'll lose any sense of "this is the config tool for that". If two happen to have similar name and icons...

It's just two 'menufuls' of folders on Win7's Start Menu, and the stuff I've used 'a lot' turns up at the beginning without user interaction. If I want I can rearrange it to squash it even smaller, while stil maintaining a sense of "This relates to that" because folders can contain folders. That is a good UI.

The TIFKAM Start Screen is a reasonable UI for a tablet or a phone where somebody's probably only going to have ten to twenty "apps" and will only install anything from a unified interface that provides both installer and uninstaller (like Synaptic or an app store).

It doesn't work for a Windows desktop, where a lot of applications aren't well behaved and many (eg Office!) have multiple components.

0
1
Richard 12
Silver badge

Re: Much ado about nothing...

What's missing from the TIFKAM Start Screen?

For a start, Folders.

Without folders it rapidly becomes impossible to find anything you need but don't use often.

Even the search bar may not help because it relies on you knowing what something is called and not what it does or is related to.

- for example the IBM Rational ClearCase Client is called "Remote Client"

Brilliant. So I type "IBM", "Rational" or "ClearCase" and I won't get it. If I type "Client" it'll appear, along with a stack of other programs and I have to recognise the icon or figure it out because it's not Git Client, Mail Client etc.

Or I could just look in the "IBM Rational ClearCase" folder that's created by default, and suddenly the name makes sense!

I could even put that into a Source Control folder along with the others I use more often if I wanted.

Most people have a small number of applications they use every day, but many also have a large number they need once or twice a month (or less)!

A GUI is supposed to be less typing and offer hints that a command line can't.

Essentially, what you're saying is that TIFKAM is just a pretty command line launcher with none of the power.

8
1

Irish deputy PM: You want more tax from Apple? Your problem, not ours

Richard 12
Silver badge

No, no

They should devise a less clever tax code.

The cleverness is the problem. If its simple, and fully described on one side of A4, any possible dodges becomes obvious to all.

That then means any avoidance techniques will be well- known and therefore clearly intended.

4
1

New 4TB drive spaffs half a telly season into your eyes AT ONCE

Richard 12
Silver badge

Re: 4TB too big for me

I have the 500GB version, it's nowhere near big enough.

I would much rather have a bigger one - because then I could go to town on "auto-record anything looking vaguely interesting" without worrying that it would run out of space and be unable to record something I really, really want.

The high capacity is so I can delete stuff at leisure.

I often go away for long periods, and find it really annoying when I come back to find Episode 3 of %great_new_series% is coming up, and I've missed the opener.

With a bigger drive I could have more stuff recording on the off-chance it's good, to be deleted when I find its awful.

0
1

Climate scientists agree: Humans cause global warming

Richard 12
Silver badge

Re: Can somebody explain...

Pop quiz - how do we know that fast temperature oscillations did not occur in the past?

The correct answer is that we do not know, because all the proxy models we have for changes in the non-historical past are very low resolution.

That means we simply cannot see whether short-period oscillations occurred or not, although we do know that one did occur in medieval Europe - but not how extensive that was, although it seems fairly reasonable to assume that anything affecting all of Europe affected the rest of the world.

To date, we have no evidence that the current period is not another short-period oscillation.

We also know that we're in an ice age and that's not the 'usual' state of the planet - however, our society really needs the planet to stay in an ice age, and we're not sure what actually causes ice ages...

0
1
Richard 12
Silver badge
WTF?

Re: Proof?

@The Craw - WTF?

You just said "scientists do not benefit financially from biasing their results in favor of that theory", followed immediately by "many scientists are paid by companies that have trillions of dollars at risk"

The amount of doublethink involved in that post is truly astounding!

Fossil fuel companies have thousands of scientists. How do you think they find the stuff in the first place, let alone extract it and convert it into useful chemicals?

The money argument is perfectly valid, as scientists are people too - thankfully it cuts both directions.

- BTW, Nobel prizes don't pay the bills. For a start, they are usually awarded more than a decade after the work was published. While the prize money is pretty large, no bank is going to lend you the money to do research on the basis that you'll pay them back with the Nobel prize money...

1
1
Richard 12
Silver badge
Alert

Re: Making the numbers look good.....

65 to 10 then.

So 87% "for" and 13% "against".

The rest are irrelevant as it would appear the paper had no evidence for the opinion, and thus is no different to asking the man on the clapham omnibus, yet will give a very high weighting to specific individuals who often put those words in their papers.

Although only 75 papers expressing a quantified opinion is an incredibly tiny number to be basing so much policy on...

0
3
Richard 12
Silver badge

Re: The most interesting point...

"Then how many of these 8547 Authors have definitive proof that AGW is real?"

Zero. Science doesn't work like that.

Science works by trying to prove something wrong and failing.

It's coming up with a hypothesis, and saying "if this is true, then that must happen. Does it?"

If it happens, try again. If it doesn't happen, reject the hypothesis.

For example, Newton's theory of universal gravitation predicted the Moon's orbit. Great. Now predict Mercury's orbit - even better, it's wrong! Wow, we need to find a better theory of gravity! (Einstein)

7
1
Richard 12
Silver badge

Re: so.what do we do....

I also know that several papers have an abstract saying things like "Due to AGW" or "May contribute to AGW", when the content of paper itself has no bearing on the matter whatsoever.

In those cases, the line in the abstract is merely the authors' opinion, with no basis in the evidence and work of the paper itself.

This isn't a meta-study, it's simply an opinion poll - and one where each paper got a vote, not each scientist. One could argue that's the right way around, but only if the papers are actually chosen by the evidence/conclusions rather than because the abstract contained certain words.

It's also irrelevant. The problem most rational people have with AGW is not whether or not it's occurring, but the insane schemes being dreamt up and firced upon us to "fix" it - most of which don't work, can't work, make it worse, kill people and/or destroy the rest of the environment purely in the name of CO2 reduction.

10
3

That $1,000 the lad in Lagos needed? Just email it with Google Wallet

Richard 12
Silver badge

Re: Also in this continent

"I would rather have my money safely resting in the bank underwritten by taxpayers, thank you very much"

Fixed it for you...

0
1

Jailed Romanian hacker repents, invents ATM security scheme

Richard 12
Silver badge
Boffin

Re: Over complex

Indeed, I'd just drive the head sideways as that's much less complex. Stick card in sideways mag-stripe first, head is driven along the stripe, chip'n'pin contacts click into place when the head hits the end of the track. Job done.

The hard part of this (both his design and the much simpler variants) is ensuring the mechanism can't jam if the card is inserted 'wrong', because most people will try to stick it in the way they're used to, and there are cards like the "Mint" ones that are odd shapes.

0
1
Richard 12
Silver badge

Re: On the subject of ATMs

I gather they're supposed to be usable by those in wheelchairs and dwarfs, as those are more common than elves and giants.

3
1
Richard 12
Silver badge

Re: Erm.

Can't use your card in the UK.

There are lots of places that only use the mag stripe, one of them is quite large and called something like "Unsecured States of America", where they don't even ask for a signature a lot of the time.

2
1

Hm, disk drive maker, what's that smell lingering around you?

Richard 12
Silver badge

Re: Reliability??

Give it a year, you'll start to see them.

SSDs don't give the kinds of warnings you're used to, they go immediately from "tickety-boo" to "ex-data" without any real indication of upcoming problems.

Many have a five-year rating under 'common usage', so you're still early in the bell curve.

2
1

United Nations: 'Overpopulated Earth? Time to EAT BUGS'

Richard 12
Silver badge

Re: A better method

Who chooses?

That's the massive stumbling block that all the "limit reproduction" schemes fall into.

One method I've heard is this one:

"Everybody has the right to parent 3/4 of a child. Thus, each couple has a 1.5 child birthright and can either sell the spare half or buy a half from another couple. Anybody not wanting to be a parent can sell their full 3/4."

I think it was Kim Stanley Robinson.

That turns the problem into one of a free market for parenthood. It might even work!

2
2

Apple asked me for my BANK statements, says outraged reader

Richard 12
Silver badge

No, it's facilitating ID theft

If a miscreant gets hold of that email - easy to trivial - then they now have a handy and complete package to go on an ID fraud spree.

After all, it's the full package of ID information a company like Apple consider good enough to identify you. So it's also enough for anybody else to claim to be you.

0
1
Richard 12
Silver badge

Re: Make the stamp, sign the book.

Yes, you're right - that line makes it considerably more likely that the correspondent was a victim of a phishing scam.

0
1
Richard 12
Silver badge

Re: Easy workaround

4) Don't want to be yet another victim of identity theft by handing the full package off to anybody who happens to be listening or gets the forwarded email.

4.5) Would like to deal only with companies complying with EU data protection laws.

- I cannot work out how this request can possibly comply, as its neither "reasonable" not "secure", both of which are necessary under EU law.

0
0

Charity chief: Get with it, gov - kids shouldn't have to write by hand

Richard 12
Silver badge

Raspberry Pis?

1W per machine, plus 50W for a standard monitor.

That king of machine has the advantage of being dead easy to mass-wipe as well.

0
0
Richard 12
Silver badge

Re: MCSEs

Worse than that - CSCS card exams.

I kid you not, one of the questions in that mulyiple-guess test has these two as possible answers:

X) Try to kill it.

Y) Everybody needs to bring a cat onto site.

These are tests it is almost impossible to fail, yet anybody needing to enter a building site is required to waste an afternoon doing a "test" that takes anybody vaguely computer literate and not utterly insane around ten minutes.

On the other hand, he does have a point when it comes to "wordy" essay-based exams. I couldn't physically write a legible multi-page essay, but could easily type one.

However, if you're going to offer this then it absolutely cannot be BYOD. It can only be "use school computer", because that is the only way it is possible for the invigilators to offer a level playing field to the candidates, giving all of them access to the same information abd software.

4
0

The great $45m bank cyber-heist: Seven New Yorkers cuffed

Richard 12
Silver badge

Re: card readers

Intercepting a cheque is beyond trivial, and if you pay it into an account in your name, the money takes a week or more to "clear", and even then can still be taken away from you if the cheque is later declared fraudulent.

That's why those "cheques cashed" services charge a hefty percentage, to cover that risk.

If "the man" wants to screw you over, a cheque's the best way to do it! That's why so few EU shops accept them!

Incidentally, in the EU we now have "faster payments", which transfer cleared money between bank accounts in under 2 hours, usually in seconds. It did take a Government action to force that though, as the three-day clearing is a nice little earner for the banks!

0
0

'Hotmail, since you changed to Outlook, you've been a massive pr**k'

Richard 12
Silver badge

Re: Rule of Thumb

The thing about a bad webmail experience, is that users just leave.

They might set up a rule to auto-forward to the new account, but they might not.

Either way, people really aren't very attached to a specific email address anymore. They just quietly leave, and tell their good friends where they've moved to.

2
0
Richard 12
Silver badge

"Faster and cleaner"?

What planet are you on? Do you live in their datacentre?

The old Hotmail interface loaded quickly and ran smoothly - except for the adverts, which I blocked anyway so didn't care.

The new Outlook interface generally hasn't even loaded by the time I've finished checking my Gmail mail, and I've lost count of the number of times it's sat doing the "dots spinning along" for a minute or two before giving up and saying its dead.

How much of that is shoddy web interface and how much is shoddy MS servers in Europe doesn't matter to me, but my experience is that Outlook.com is slow and horrible.

On top of that it is incredibly irritating that scrolling to the bottom of an email, then clicking the next/last button puts me at the bottom of the other email.

Seriously - WTF? I've not seen any other webmail behave like that, so it's clearly not a difficult problem to solve and I can't think of a single reason why the current Outlook.com behaviour could be desirable.

4
0

Think enterprise software is complex? Check out the licences

Richard 12
Silver badge

"Support licence"?

Rubbish. There is quite literally no such thing.

Paid-for support contract, yes. But that is not a licence, it's a contract, and like all contracts, you can end up in court if you break it - no different to refusing to pay the rent on your premises.

Secondly, by definition the licence to use all FOSS software costs precisely zero money, no more and no less. If it isn't, then it is not FOSS, it's something else.

And a supplier requiring you to take out a support contract to use their software is not offering a FOSS solution either. Recommending that you buy a support package, yes, that's common.

0
0

Snoopers' charter rests in shallow grave - likely to rise again

Richard 12
Silver badge
FAIL

Re: Nope

This can't even identify a business or household either.

All it takes is for a connection to 'bounce' into and back out of one of them for the existing DHCP/ARP log and the purported IP connections logs to be completely and utterly useless.

How could that happen? Botnet, internal corporate network, distributed VOIP (torrents, Skype!)... All of which already exist and are in common usage, and except for the botnets for perfectly law-abiding reasons as well as the presumed 'black hats'.

There is no possible way to know if a given connection 'in/out' is in any way related to another 'in/out' connection from the logs - short of DPI with man-in-the-middle attacks and logging all the transmitted data. (How many petabytes per day?) Even that would only require encryption done 'mid-bounce' to make it utterly useless.

So truly, this is worse than useless in every possible way - not only does it require a loss of privacy on the part of every UK resident, even if it worked (which it can't), it could only serve to make the haystack several orders of magnitude bigger for the security services.

2
0

German court: 'Nein' to Apple 'global consent' on fanbois' privacy

Richard 12
Silver badge

So much for the EU

I thought privacy laws were supposed to be harmonised, just like voltage and electrical safety.

Or are some EU states more harmonised than others?

Bah!

4
0

Facebook crashes into networking with open switch

Richard 12
Silver badge

Re: Riiigghhtt

'Cos they buy a lot of switches, and don't like being stuck with "can only buy Cisco", but want "Can buy anything with compatible hardware and put our spin of SwitchOS on it"

- Heck, I like the idea. A couple of our suppliers make custom, industry-specific switches with industry-specific features.

Like a display on the front showing selectable details of important protocols passing through the switch, where "important" is user-definable - what matters to Facebook doesn't matter (much) to you and vice-versa.

Even in a big data centre, having a display on a switch is handy - even if merely to locate and confirm exactly which switch is having the hissy fit without relying on stuck-on labels.

1
2

Adobe kills Creative Suite – all future features online only

Richard 12
Silver badge

Re: So, what happens if you decide to stop renting?

So no different to borrowing from the bank to fund the purchase of essential tools, except now you're stuck paying that forever instead of paying the loan off completely in six months to a year?

Why would any sane small business choose to do that?

It can fit in with the capital/running budget madness that is a large corporate entity by moving the bill under the Finance radar, but that's it.

1
0
Richard 12
Silver badge

Re: The risk it to kill the paying hobbyst market

Whaddya mean, "risk"?

This is a near one-shot kill to the hobbyist market!

Very few partners will happily allow someone to spend that much every month on hobby software, compared to "It's your birthday so I got you the newest Photoshop" every four/five years.

Smaller outfits will be concerned as well.

Given the other attacks on photographers (commercial k copyright grabs), I suspect many one-man-band professionals will also be reexamining whether they actually need any new versions of Photoshop or can get by with the old one they currently have, or something else entirely. Margins are tight.

1
0
Richard 12
Silver badge
FAIL

Re: What a huge fraud! Adobe worse than Electronic Arts (SimCity fraud)...

Yup. Cash flow is what kills small businesses.

This is why they usually need to borrow from a bank to fund their startup and expansion costs, like purchasing important tools.

You don't hire a lathe if your business is turning widgets. You hire the tools that you don't use often, and you buy the tools you use every day - probably on credit, but you still buy them so that next year, the monthly payments have gone and your cashflow is therefore improved, leaving cash for other expansion.

There are exceptions - the really, really high capital cost things like premises are usually rented.

2
0

VTOL hybrid flying car promises the skies

Richard 12
Silver badge
Boffin

Re: Maintenance costs slain by electric motors?

Diesel-Electric drive on ships has been in common use for a long time - at least 20 years.

Pretty much every new-build cruise ship is that way - the exceptions are the gas turbine vessels, which have - you guessed it - gas turbines to generate instead of fuel-oil diesels.

Also, the manoeuvring thrusters have been electric for much, much longer.

0
0

37,000-machine study finds most reliable Windows PC is a Mac

Richard 12
Silver badge
Happy

Re: @JC_

Side-by-side is the solution to the DLL problem, and it works very well when used properly.

Given that you cannot guarantee binary* compatibility of all versions of a DLL with all versions of all programs that use it, you have two choices:

1) Install a copy of the DLL with every single application.

This uses lots of disk space (how many copies of the same release of MSVCP90.dll do you need?), and perhaps more importantly the user cannot (easily) update the DLLs to fix bugs.

The advantage is that the application will always use the exact same version it originally shipped with. One hopes that's also the version it was tested with!

2) Have a central repository of DLLs that maintains a list of all versions installed and ensures the most up to date binary compatible version is loaded by each program.

This saves disk space and means DLL updates can easily be applied - and rolled back.

The downside is that every program needs a correct manifest stating which version is binary compatible - and a bad application/installer can of course screw that up or forget it altogether!

3) Install the newest version of the DLL into a central repository and don't bother checking anything.

This will blow up in your face. Microsoft did finally learn that.

4) Compile everything from source so it all uses the same version of the DLL.

Not an option for proprietary software!

* Or source compatibility either.

2
0

US Labor Dept website serving malware to innocent visitors

Richard 12
Silver badge

Re: Swiss cheese internet anyone...?

How about just blocking all forms of webmail?

Ok, it doesn't stop idiots from using remote access from home machines to compromise your servers, but there usually isn't a business case for allowing any webmail on corporate networks and there are business reasons for blocking it (IP theft etc)

(Unless your corporate email is provided by one of these webmail services, in which case, $deity help you!)

0
0

Picture this: Kodak could get out of bankruptcy as early as July

Richard 12
Silver badge

Re: Sad, Really.

Hah! Domestic solar PV is completely irrelevant to the generating companies, the output from those isn't even a rounding error and that's unlikely to change in the next fifty years.

It does however mess with the supply/billing companies, because they have to pay out to the rich landlords who have them installed. Of course, they do it by cranking up everybody else's bills (yes, FITs are a near-pure 'steal from the poor' scheme).

At least in the UK, the larger-scale wind and PV installs cause massive headaches and expense for the distribution infrastructure as they both must buy all its output whenever available even though it's more expensive, rather than requesting it when needed at varying spot price (possibly negative) like everything else, and have to build out transmission to "the middle of nowhere" in order to do so.

National Grid are really pissed off at the Government, it comes through quite clearly in their publications.

3
0

AMD reveals potent parallel processing breakthrough

Richard 12
Silver badge

Re: Bittiness?

It's for their "APU"s, which are CPU with on-chip (possibly on die?) GPU.

So their GPU is already using the same physical memory bus and memory hardware as the CPU.

This isn't for discrete GPUs.

Looking at the list of partners, seeing ARM is very, very interesting - GPGPU in a Cortex A* is already very cool, and this would not only add go-faster stripes but severely reduce the CPU needed.

Anybody for 2-big.2-little.loads-of-titchy?

0
0

Serial killer hack threat to gas pipes, traffic lights, power plants

Richard 12
Silver badge

Re: Ah... Serial ports

I use serial-controlled devices regularly. It's part of my day job.

Most of them are 9600 baud, many are in fact an 8-bit PIC/Arduino class microcontroller. So yes, we really are talking single-digit MIPs and 100's KB RAM - less than your Microvax.

Nearly all of these serial links are intended for integration of disparate systems from different manufacturers.

Add encryption and both ends need to handle it.

If the link doesn't work, it needs "sniffing" to test it because one or both ends won't have any form of UI.

Unless the transmission itself is encrypted, then username/password is utterly useless because a trivial replay attack will crack it!

And in many cases, one end isn't made anymore.

The security belongs on the Internet connection device.

In most cases, it is simply not practical (or useful) on the serial link itself!

1
0
Richard 12
Silver badge

Re: Ah... Serial ports

You can't put useful security on the serial port itself, there isn't the CPU (or the bandwidth) in most devices.

Aside from that, even if you did it could not even begin to protect against man-in-the-middle or replay attacks without making the port itself useless for its intended purpose - namely simple interconnect between disparate systems.

Your TV probably has a serial port - it's for remote control like on/off and channel select when used in places like the Heathrow baggage area.

As long as that network stays private, the risk is easily mitigated. The trouble arises when the network is not private!

The security has to be in the serial-to-internet link, that's the only effective location.

0
0
Richard 12
Silver badge

Re: I know many systems using it.

What if the evil hacker just doesn't care about side effects?

If they just squirt some fairly random data at it until it responds, what happens?

A lot of these have a very simple command set, so the odds of a random data stream doing something are pretty good. In some cases even the bootloader or test modes might be exposed, so random data could even "brick" the kit by accident!

Many of the rest have normal terminals, complete with headers saying what they are - so a black hat could simply look up the manual for the equipment to find valid commands.

On top of that, most serial devices respond with things like "NACK" or "?" if they don't understand a request, and as many don't have much CPU, simply flooding the serial port can affect their ability to do whatever job they are doing.

Aside from that, a miscreant could easily prevent legitimate use of the device.

Either way results in a denial of service to a piece of physical plant, which could be quite dangerous.

0
0

Ubuntu without the 'U': Booting the Big Four remixes

Richard 12
Silver badge
Facepalm

Re: 119 MB is lightweight?

@ Liam - So I am. Whoops.

0
0