Posts by AndyS

Blah blah, mud huts, savages, blah blah blah.

It really pisses me off that, every time there is an article anywhere about a developing nation making leaps and bounds in science, the Daily Mail rag mopping xenophobes creep out of the woodwork to moan and spread sour grapes.

1. High tech work is good for an economy

2. Development of a nation means it should end up, you know, more developed

3. The aid budget is tiny in real terms, and due to end this year

4. Good relations with a country the size of India is absolutely crucial for the future existence of small, has-been Northern European countries like the UK.

5. I'm bored now, go back and crawl under whatever self-centred, short sighted UKIP-lovefest rock you emerged from. I'm sure there's an article somewhere about the refugee crisis which is short of a comment or two accusing those fleeing from terrorism of being terrorists. They're all brown, after all.

To address your self-pitying nonsense about fireworks, the UK is part of EASA, which can send up a hell of a lot more than a firework. And India represents about 1 in 7 people in the world.

I don't know for sure, but you know, maybe the aircraft's designers have thought of that?

Pull the other one.

You'll be telling me you get your advice on Copyright law from Andrew Orlowski next.

Re: he was unaware of the "defeat device"

I honestly don't know about this. Yes, the engine (and control software) undergoes a lot of scrutiny. No, the CEO of the entire shebang does not know every detail of what every team is working on.

There is no way on earth that he would be aware of all the functions carried out by the software. There is a very fair chance he wouldn't be able to name all the cars that VAG sells, and I'd be amazed if he knew what engine options were offered in what markets.

This is a phenomenally big company, and I find it perfectly reasonable to believe he didn't, personally, know anything about the issue.

What we do know, is that the software will have been controlled well enough that the developers (or at least the team) which made the changes and committed them to manufacture will be easy to trace. The teams working on emissions control will certainly have a good idea of what was happening. There will be email communication regarding it, and the individual coders likely can show exactly why they went that way (and where the pressure was coming from). The relevant directors will know that remarkable results were achieved, but may not have dug too far into how it was done.

That may well be as far up the chain as the knowledge went. It's simply not feasible for the people at the top of an organisation this size to know every aspect of how their engineering is done.

Re: The usual

Yes, the Americans are trying (as usual) to apply US law to other countries. But this seems to be deeper than even that.

Firstly, the very existence of PRISM, and the sheer volume of spying going on, was only made public by leaks. How can something be legal, and how can laws be considered valid, if the are secret? This is fundamentally undemocratic and authoritarian, and not the sort of thing any "free" democracy should want to be within a barge-pole of.

Secondly, the entire defence handed to the US public was "It's ok, we're not spying indiscriminately on you, only on foreigners." Well, guess what? The EU is full of people the US consider "foreigners", and we don't like be spied on any more than US citizens. I guess that defence is now back-firing.

Sorry, America, your proclamations now carry about as much weight as Israel or Syria's. Except they have the benefit at least of talking a different language when they put out internal and external propaganda.

Re: Well DUH!

The cats in petrol cars don't deal with NOx though - otherwise they would also need urea. They are "reduction" catalysts which reduce CO and unburnt fuel to CO2 and H2O.

Re: how many of the MEPs were from the UK

What, like "Farage"? Dirty foreign name.

Re: Surely this is a form of fraud?

Personal anecdote. Let's say I used to have a "friend" who worked at a large vehicle manufacturer.

There are dozens of parameters of what's happening on a vehicle at any one time. Doors open? Rear wheels turning? Front wheels turning? Hmm, maybe we're on ice, or snow, or something, better cut down the available torque.

Oh, I say, I never imagined that would affect the emissions test! Terribly sorry sir.

For cars, the test is often conducted with the bonnet and some or all doors open. And guess what? If the bonnet or doors are open, it's perfectly reasonable to cut down on engine power, to try and prevent an accident, isn't it?

The one that I remember getting one company into deep water (I think Ford) is when they explicitly programmed the GPS co-ords of the test centres. Since there is no "innocent" explanation for that, wrists were firmly slapped.

Re: Just one, simple question..

Over here (UK), it's quite rare for the police to initiate an investigation without some form of report, complaint or referral. So they can be aware of wrongdoing, but unless anyone complains to them, they will often do nothing about it.

Retail staff? So someone who sells phones in the stores to the public hacked a phone

I think you're reading it wrong. Nobody has been fired for the privacy breach (there was no hack - looking up data from your own system isn't hacking). They were fired for leaking a story to the journalist. The breach was simply them figuring out who to fire.

And the company looked up the journalist's records, it doesn't specify that they looked up the retail staff records, so there is nothing saying they used a work mobile. Any registered to them would have done the trick.

Re: Dumb ideas for IoT

I don't buy it. Buttons/dials on a microwave / washing machine / coffee maker? Cheap to make, work for the entire life of the machine, don't ever need upgraded, no compatibility problems, anyone (visitor, your gran, the new owner after you sell it on gumtree) can use it, no third party control device needed, etc etc. Replacing these with an (expensive) computer with all sorts of connection possibilities would lead to all sorts of headaches, all to solve a problem that doesn't really exist. If you find the buttons annoying, buy a slightly more expensive machine. Bingo, nice buttons.

As for "Who knows what the buttons do?" Try reading the manual? How would moving the buttons to a virtual app on another device solve this?

An intelligent car safety system certainly has benefits, but isn't really internet of things. These things already exist - TPMS that adjust torque based on tyre pressure, traction control that senses road surface etc. But you know what? Just because my car can tell me I need new tyres, doesn't mean I will actually go and get new tyres. And I certainly don't want my car deciding I'm not allowed to drive any more once it decides the tyres are too low, or the wrong brand, or too old. That sort of nonsense is already bad enough with printers.

Finally, try living in a country with no MOT (eg bits of Africa, some less developed Middle East countries, and large chunks of the good ol' USA) and then tell me it's just "Monty Python safety theatre". It most certainly is not. And no amount of intelligence in the car will change that.

https://xkcd.com/16/

Re: "...details a plan to build a wall between the United States and Mexico."

A true Republican project. Oppose spending on all infrastructure (that's Socialism, after all) and government expansion (that's practically Communism), unless the project happens to be a short-sighted, contradictory, xenophobic, fear-led isolationist insult to your closest neighbours. Then, hey, where's the cheque-book?

Re: Oh well, at least you get to watch some fun TV whilst waiting for a delivery...

@ Stevie - interesting ramble, thanks. I enjoyed most of it. Could have been more relevant (this being a UK website discussing a UK TV show which has been ousted from the BBC), but hey, I value your effort.

6/10

Re: Huh?

True, but it doesn't change the fact that the data isn't sanitised.

There is also the other side of the coin - people other than the purchaser may view the receipt. It would be a good way of hacking somebody who is selling things, for example. Change your device name, buy something, then raise a query and ask them to view your invoice.

Re: Mangue des baguettes.

Not sure why Jewish would ever be relevant, so I can see why that would be listed as potentially worrying. However I've worked in a call centre, and someone having a strong accent most certainly is relevant.

As is someone being a bitch, an alcoholic, etc - but it was normal to find more generic and acceptable wording. For example, "customer has problems accepting known resolutions to their issues, and does not indicate their doubts in a polite manner."

Re: Nice

@Peter Galbavy

Sounds interesting, sounds interesting... Wait... $80 for a charger?!

What problem does this solve again?

Re: Exposing Enemy Action?

Mark, although he seems to have gained a bit more AI recently, you should know that amanfrommars is a bot, which posts seemingly intelligent comments based on parsing the text in the article and other comments, sometimes with more success than others.

In this case, he approaches something like a coherant question, which is interesting, but the last few words let him down - replace "privileged and proprietary information" with "personal user information" and the comment would be perfect.

Re: Need to apply basic secure design principles.

I worked for a few years developing new drivetrain components, so let me chime in.

Firstly, the address from which a CAN signal is sent can be spoofed. The engine we were using, as is standard, would only accept commands from a limited number of places, including up to a maximum of 2 transmission controllers (with allowable source addresses hard-coded into the engine ECU). Once we knew that, we simply told our component to pretend to be the second transmission. Bingo. Complete control over the engine.

Secondly, the messages that control a drivetrain are completely standardised. Once you understand it ( see https://en.wikipedia.org/wiki/SAE_J1939 ), you can figure out pretty much how to make the engine, gearbox etc do anything you want it to. If you have a compromised node in the powertrain CAN system, I don't think there is any way currently to protect against it.

From this point of view, separation of the essential (powertrain) systems from non-essential (infotainment, radios, lights, HEVAC etc) systems on separate CANs, with a carefully designed translator between them, strikes me as the only sensible way forward.

Now on heavy vehicles, this is already done, as there are so many components, from different manufacturers, each with their own complete ECUs that a single CAN would be too crowded (there are probably dozens of other attack vectors though, as there are so many programmable ECUs around). But in cars, where the engine, gearbox and other functions are often run from one super-ECU, and so less communication is required between them, there is more room to put other things on that CAN. So it's technically feasible to only have one CAN, and of course it's cheaper.

Once exploits like this become more public, and especially if they are used in the wild, I would expect the security of these systems to increase massively.

Reg readers will know...

...that there is nobody more pedantic than a Reg reader.

Re: "If there's a shiny new Jeep Cherokee sitting in your driveway..."

" If the air-con pump seizes there is no way to re-route the drive belt to bypass it. So then you die."

What?

What about if the cylinder head cracks, or if the sump plug falls out, or if debris from a repaired radiator blocks the thermostat, or if the transmission fluid leaks out, or or or...

There are many ways an engine can fail. And even a failed engine is no excuse to die in the desert. Never heard of a back-up plan? If you think a failed aircon pump will kill you, maybe you shouldn't really be driving into the desert to start with.

And to address that particular one, I'm pretty sure I could un-seize a pump well enough to let the pulley turn again if I needed to that badly. I'm talking from experience, having nursed two 18 year old hiluxes from the UK to South Africa, with plenty of bush repairs including, wait for it, a seized aircon pump, a cracked cylinder head, and all the other failures listed above.

Re: Wot?

Why not try to fit in, or contrast, with UDF?

I propose Illicit Robotic Abandonment.

Re: Eclipse.

Unless I'm misunderstanding, during an eclipse a camera there would see nothing but moon. If you stood on the sun (not recommended), the earth would be exactly covered by the moon. If you moved further to the far side of the sun, and could see through it, the moon would not cover the earth, but if you move towards Earth, the moon would appear to more than cover the earth's disk.

So... All you would see is the far side of the moon, well lit. Maybe with a little tiny shadow of yourself.

Re: Has anybody ever been convicted of format shifting?

That is presumably why the government, having spent pocket money (despite Orlowski's insistance, a couple of hundred thousand is pennies on the scale of a country the size of ours) with a weak argument to try and see if they could sort out the problem, have shrugged their shoulders and walked away.

After all, if the record industry want to play silly buggers, the government doesn't need to let them. Just ignore them. As you point out, it's not like anything really needs to change.

Re: @ Stoneshop (was: One wonders ...)

Wait, so you're not a Tea-bagger? I always assumed you were, sort of, everything trollish, all rolled into one. Which obviously would inherently include tea bothering.

:p

On a side note, not sure I understand your actual complaint - obviously if there are 2 users, jake and Jake, then The Reg clearly does understand the difference, and treat them differently.

Re: Some of us have no option ...

Just to add... Your situation sounds awful. But it's worth noting that you don't need to be hard up to be happy going second hand.

Like many, I have an income that can support my family well. However, many of my own and my kids clothes are from charity shops or (especially the kids) hand-me-downs from other family members, friends etc.

Never mind the cost, I'm not sure how automatic testing could ever get the same level of detail as a grubby-hands-on-glass test. Want to know what happens when a user unexpectedly presses the back button before the dialogue is dismissed? Want to know how the app behaves when data is lost mid transmission? What happens if it is put into aeroplane mode?

I get that many classes of bugs can be squashed by automated testing, but not all. And surely the ones that can be caught automatically are likely to be cross device, while the ones affecting individual device models are more likely to be the odd-balls?

Re: Pile of smelly dung.

I'm not an amazon "hater", I spend quite a lot of money there and generally get on well with them.

However, to explain my downvote, this is a discussion about Chromecast. Flaming it, promoting a basically equivalent thing, and then suggesting anyone who downvotes you must be a "hater" isn't exactly a worthwhile contribution.

Re: How to win when you can't win

And which ISA do you expect the kernel to run on, precisely?

Well obviously, the kernel will run inside a virtual machine, emulating the full x86 instruction set at all times.

Re: Also on a helpdesk

I was graduating in Glasgow on that day. My friend's girlfriend was in London (luckily unhurt) and her texts started coming through as we streamed out of the hall. In the middle of our celebration, nobody realised until much later in the day how serious it had been.

While we remember it, let's also remember the many thousands who are still attacked daily round the world. More people have been killed in suicide attacks in Baghdad in the last week, than were killed that day 10 years ago. Just yesterday, Saudi Arabia killed another 30 people (running a tally of 3,000) in a market place in Yemen.

Every one is heart wrenching.

Assuming you're not being sarcastic:

You share a link, question, or picture, and people can discuss it. What makes it unique is every user can vote on every post and comment, so everything is sorted by how new and popular it is. Votes count more early on, and less as time passes, so new, interesting content (and comments) tend to rise to the top.

There are nearly 10,000 "subreddits" (essentially forums), set up and moderated by people as they wish. So, there are niche corners for pretty much everything you can think of. Some of them spark very interesting, useful and worthwhile conversations. Some don't.