Posts by Crazy Operations Guy 2513 publicly visible posts • joined 29 Jun 2009
" wasn't being administered from the UK."
I've always wondered about things like that. If you have a dumb terminal in 'country A' connected to system in 'country B' and using the session to connect to a computer in 'country C'. Which country's laws apply in this case? No actual processing is happening in Country A, the user isn't located in Country B, and only resources are being accessed in Country C.
I've wondered this because I work on encryption libraries and the US has some pretty backwards laws concerning 'exporting' encryption, so If I were to be sitting in the US but remoted into a machine in Canada and sending my code changes to Sweden, am I breaking the law?
As an aside I wonder who's laws apply to the BBS-like systems hosted on the Amateur Radio Satellites orbiting the planet...
What sordid secrets is Google hanging onto to get get so much influence? Barack is an unrepentant Apple Fanboi, and Google really didn't help all that much to get him elected (Facebook and their cattle did so much more), so I can see no reason for him to have such a throbbing hard-on for Sergey and Larry.
"Where does it say that exactly that one can't fly a drone at night?"
If you can see your drone at night without aid, there is nothing preventing night operations. The point of the restriction is that you must know exactly where the thing is at all times, even when its avionics go kaput.
In my workplace, everyone had a clause added to their contract that if they move customer data off official IT systems, they take full criminal and civil liability for protecting that data. There is even a provision where the company can sue said employee if their negligence causes the company to be sued. We bought some very high-priced lawyers that specialize in InfoSec (their most junior lawyer was top 2% of their class at Columbia Law).
These contracts have even held up in Federal Court after a a high-level exec hosted some data on his own systems and the systems got hacked. The company settled out of court with the resultant class-action by affected customers, after which the company sued the guy and the settlement amount out of him plus court and lawyer fees. The guy was senior enough that he had tens of millions in stock, all of which was sold to pay back the company, as was his fancy house, his car, and the yacht. Not that he needed any of those things as he was thrown in prison by the FTC / SEC for gross mishandling of PCI and SOx data.
No one in the company has so much plugged external storage into their machine since the lawsuit, let alone copied anything to them (we implemented some pretty heavy-duty device management software since then).
How do you know it hasn't? The Social Security Administration is, and pretty much always has been, incredibly underfunded. With as little money as they have, I doubt enough of it is going into InfoSec and even then, how much of that is going towards IDS / IPS systems and staffing to monitor those systems. It's likely that they've been hacked and people have been absconding with mounds and mounds of data.
Can we get rid of this Megabit bullshit already? Just switch to Mega-bytes already. Plus require it to be actual base-2 megabytes and not that base-10 malarkey that the storage industry has been giving us.
Some years ago, I had recently purchased and internet connection with a cap of 250 GB, what they didn't tell me was that it was really a mere 232.8 actual gigabytes that also included the packets emitted by the modem in that figure (The line was noisy, so the modem was resetting itself at least once a minute, pulling down its profile each time). When all was said and done, I only got about 175 GB of actual use out of the thing.
Finally, someone with authority that thinks these companies aren't worth nearly what people say. I get tired of bullshit like how Instagram was somehow worth a billion dollars despite not even in the same universe as profit. Then there are things like LinkedIn they were valued at $10 Billion but then crashed hard when investors realized they just pissed away all their cash...
I should take a picture of the system I built like that. I took about 30 1U server boards (Old Dell PE-1850 boards), used a bunch of 2 inch motherboard standoffs to link them together and dunked them into a 50 gallon fish tank full of mineral oil. The tank was originally designed for cold-water fish so had a big cooling rod built into it (got it surplus from the local NOAA / Oceanic Research lab).
The monstrosity was used to house a compute cluster for research lab. They didn't have space for a dedicated server closet and everything in lab had to be explosion-resistant, so the servers were dunked into the tank along with a pair of 48-port switches with fiber GBICs to communicate with the outside world
I never understood the concept of letting the submariners have the keys to the missiles. I get that they'd want to be able to launch if someone wiped out London / Moscow / Washington DC, etc., but trusting people that you keep in psychologically torturous conditions to be able to end the world seems like a pretty terrible idea...
The life of a submariner is living for 3 months with no sunlight, no privacy, no showers, no laundry, little to no contact with anyone outside of the ships, and having to share a bed with two other people (Not at the same time, everyone shares the bed in shifts). On top of that, their sole responsibility is to ensure that if their government asks, they could wipe out the whole of humanity...
"If there's a gap between the submarine and the water"
There actually is a gap, few micrometers of air attached to the hull plating due to cavitation as the sub moves through the water. It also keeps various sea-life from attaching itself to the big tube of wasted money.
Keeping an arsenal of nuclear weapons makes about as much sense as boarding a plane with a suicide vest that you'll detonate to prevent a terrorist from using their vest to blow up the plane. No matter who uses theirs first, everyone is dead and nothing was solved.
I've learned that the hard way so I built a script to connect to the ticketing system to push any changes planned for later than 4 pm or on a Friday to 9 am the following day or Monday morning, as appropriate. I ran a 10,000+ machine dev/test Datacenter so no one actually did anything outside of work hours.
Several years back I had a flight that went through Manila and I had a 1-day delay due to monsoon season at the destination, so searched for places to stay for the night. One ad network now just spams me with video-based, blinking ads for "Meet Filipino Girls Now!" or other SE Asian dating websites.
Linux machines could be infected just as easily. Had a customer where an intruder got into puppet (which was on the network edge to manage the remote offices and telecommuters) and put in a script to turn on X11-forwarding over SSH. The configuration looked like they intended for user's sessions to connect to a remote server, which would connect back to the local machine so that they could capture every keystroke, mouse movement, and window.
WIndows had nothing to do with the Home Depot breach, it was all insufficient administration.
The experiment will be started after the craft enters its terminal decent stage to ensure that the experiment doesn't cause the capsule to stay up in space, wrecking havoc. The problem is, that at those speeds, radio communication is next to impossible. Even manned craft go dark during large portions of the return flight.
This is usually due to the craft moving too quickly for a receiver to properly track it; the Doppler shift in the signal being too extreme to communicate safely; or super-heating of the air around the craft causing it to radiate immense amount of very-high frequency noise (Its actually possible to track spacecraft, meteorites, and miscellaneous junk entering the atmosphere by listening for it's "scream" on the HF to Ka bands)
Neither amendment would apply since Congress doesn't have authority over legal matters. But then the guy isn't even bound by anything to even tell the truth. He could just get up there and make fart noises with his mouth the whole time and they couldn't do a damn thing about it.
Hell, even being "In contempt of Congress" is complete meaningless outside of congress.
"body searches and scanners by the TSA at airports, which obviously thwarts terrorism"
Not in the slightest, given the recent security audits of airports, the only thing preventing terrorism is pure luck on our part. In a recent audit of Denver International, the TSA failed 67 out of 68 tests in which the auditors were able to get pipe bombs through security.
"Actual quote: "Everybody’s walking around with a Swiss bank account in their pocket. So there has to be some concession for the need to get into that information.""
That doesn't even make any sense... But from what I'm able to parse is that he wants to know what is in our phones, except without a warrant, that's a blatant violation of the Bill of Rights.
"If your argument is strong encryption no matter what, and we can and should create black boxes, that, I think, does not strike the kind of balance we have lived with for 200 or 300 years, and it’s fetishizing our phones above every other value."
Yeah, but we also used to feed people mercury and bleed people for hundreds of years as well. Phones have become so entwined with our personal lives, they contain very, very personal information including the people we communicate with, the places we've been, and even our banking and medical information.
"If there is probable cause to think that you have abducted a child, or that you are engaging in a terrorist plot, or you are guilty of some serious crime, law enforcement can appear at your doorstep and say 'I have a warrant' and go into your bedroom to rifle through your underwear and see if there's any evidence of wrongdoing."
Oh goody, the old "If you have nothing to hide, you have nothing to fear" argument. What the hell ever happened to "Innocent until proven guilty"?
If you are concerned about terrorists, then you should be working on building a society that terrorists don't want to destroy. With our treatment of refugees and military action in the Middle East, we have painted ourselves as an evil empire that seeks to wipe out Islam, making it easy for the terrorists to gain power. The Islamic State recruiting spiel is pretty much "The West doesn't care about us, they just drop bombs on us and destroy our livelihoods, and after doing so, they refuse to help us. We will give you money and food to support your family, we will take care of you after your death, no go show that Evil Empire that we will not tolerate them anymore! Stop them from harming your innocent countrymen!". Violating our civil and human rights only feeds that narrative, making these radicals stronger, so we have to violate more human rights and kill more people....
Except the general population. These tech companies are causing the cost-of-living in the Bay Area to soar. The population of employed, yet homeless, people is growing rapidly. The problem stems from all of the overly-valued tech start-ups that are paying their talent $150k a year, but blue-collar workers are still getting their old wages. As the number of tech workers increase, so does the demand for luxury real-estate and decreasing the amount of affordable housing. Its even gotten to the point where a dual-income family can no longer find affordable housing in the Tenderloin district, an area generally regarded as a complete shit-hole (To use a technical term), even Oakland is slowly becoming too costly for people.
Except if you mess up your router, it can cause significant issues for your neighbors.
One of my neighbors screwed up their router and manged to jam cell phone service in the surrounding apartments (apparently their firmware didn't set the frequency parameter correctly, so it started spewing junk into the GSM bands)
RedHat has already beaten Microsoft to the "irreparably Pervert Linux" party...
Why, oh why do I have to edit a frickin' script to change network information, then run a separate script that interprets and runs that one, what was wrong with ifconfig?
So now the scammers will just hold onto the records for 25 months before using them. I'm pretty sure they were going to do something like that anyway, don't want to alert anyone while the victims are still aware of the breach. I figure that they'd want to wait until everyone forgot about the breach before using the info, especially since its either very difficult or outright impossible to change the data that is listed on the W-2.
Pretty much anything that would embarrass the Government. Whistle-blowing on human rights violations, revealing the misdeeds of the political elite, or even just making them look foolish tend to be counted as 'serious crimes'.
At the very least, the conductors should be separated enough that something like this couldn't happen. But even then, I figure that they should have some kind of net over the switching stations to prevent birds from getting in, or at the very least, people flying drones into the things to shut down the station intentionally.
Having C-level employees leave in a merger is perfectly normal since those position already exist in the parent org. Besides, positions like are usually just filled with people that were once useful, so had iron-clad contracts, but have since just failed upwards where they can't do much harm. Now that their jobs are up for re-evaluation, they would probably feel that its a good time to deploy their Golden Parachutes and go somewhere else.
As for a product designer, they probably just wanted to go find a new challenge, and there is a lot of uncertainty and stress during a merger like this, so I wouldn't blame anyone for wanting to avoid it.
Not having a Facebook account would do exactly jack and shit to stop these attacks, and jack just left town.
The malware is only getting its command and control data from Facebook profiles under the botnet master's control. That profile would be made public so that any device with an internet connection can go grab the data, no need for a Facebook login.
The point of the attack is that Google/Apple block apps that communicate with suspicious domains, but ignore requests to Facebook as that domain is assumed safe.
And that would be the Facebook app itself. I have never seen an app that actually needs to communicate with Facebook, most of the ones that do only do so to post a user's scores and achievements (Which no one gives a rat's nuts about)
Apps should be set to communicate through a proxy run by the company hosting the app store. Users should be protected from malicious and exploited apps during the entire lifecycle of the app, not just at install. This could also be used to protect users from over-zealous apps grabbing too much data about the user.
Well, they aren't doing much work, all they are really doing is using their C&C machine to instruct its bots to attack a specific target. A command that would take, maybe, 1 minute of actual activity to set up each attack. Plus they may be receiving money from renting out the botnet for other purposes, or even just running other services. Botnets are trivial to maintain and the bots can be performing many tasks at a time, such as participating in a DDoS attack, sending spam, stealing login / banking details, ransoming files on the infected machine, etc.
Hell, the operator could even be pulling down a decent paycheck at some company and only working on the botnet in his down-time.
My view of the cloud is that it is supposed to supplement on-site software by acting as a backup, provide temporary capacity, or for use by employees out in the field.
I work in a support role and it bothers me that any update I make to an account has to leave the local network, work its way across the world to a datacenter on the other side of the planet, then work its way through the application's layer to a db, and then back again to my coworker who sits within arm's reach of my desk (who is the only one that will ever consume the data I entered) ...
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
