Home of the infamous "I can't believe its not butter" range of tee's. Ideal office wear in any dot com.
97 posts • joined 6 Jul 2009
There was 3 comments on this story yesterday, 2 of them somewhat critical of Huawei and their claimed market impact. I went into my history having made one of the comments and its marked as deleted so no, I'm not going mad.
Has el reg "lost" a portion of its comment database or is this a new sponsored listing value ad feature for prefered sponsors?
Re: Remote Corner ?
This, I saw Sealand and thought "oh that'll be because its just up the road from the Airbus factory then" and is far from the middle of nowhere.
Re: Really ....
Because that tank design your refering to was already existing and rejigged lightly for the role. A existing spanish tank. With spanish design. And spanish production lines to make nato issue tanks.
There's nothing wrong with british tanks being built in britain, except they'd be a magnitude more expensive than repurposing whats there already with a minor refit. Has brexit Britain has a chequebook fat enough right now to achieve that currently?
Re: operate the ignition
It does however usually have a electrically operated fuel cut solenoid on the pump ;)
Re: Maybe old is best
A screwdriver? you younguns dont know your born :D my new old car doesnt even have door locks. Sorry it has internal latches you can flick, but the sliding windows dont lock either. It is from 1977 however and was designed to be driven by people with guns (land rover 101fc)
Re: self serving and without credibility
Ask yourself this. You get in your car and someone has cut your brake pipes. Do you notice when you come to the first time you need it rolling out the drive and its not there, or half a hour later when your barrelling up a motorway?
Software can do remote connections, and it can do timed attacks or tie things into gps or cell towers. Yes you can partially saw through a brake pipe or remove a few crucial nuts holding wishbones secure etc, but you still have no real control over where it might fail. MIght work, might just put the wind up someone and alert them to the fact that next time they won't be lucky.
I'm not Charlie, but I'd like to see evidence of your IT credentials too raised by the AC post and commented on by Charlie. While you might have a silver badge, all of your posts in your history appear to be political.
Should it matter? it does to me & it probably does for others here. I like coding in various languages & I've done a fair bit of it over the years, it makes me a borderline aspergers slave to logic but I value logic. I don't have a silver badge because I normally only contribute when I have something to say about tech & IT, and not fishing for upvotes. A bit like being on twitter as a apparent placeholder, only to spring into life when it matters.
So are you a Code junky, or are you a opinion steerer? There's no shame in the latter, provided your not trying to pretend to be the former.
Re: Impressive analysis, but infection vector not apparent
Anyone who wants their control network to survive a determined attack. Someone with a scada network controlling assets isn't in the same category as your local webhost or SME with a single server in the corner and they should realize the value of protecting it properly. I've worked on projects where a unprotected device put upstream of the boundary firewalls would last maybe a minute or two before getting compromised such was their exposure to attack. They had rigid control, quality targets, correct processes and investment and boy did they need it.
High profile attacks like Talktalk and others have highlighted the need to do a thorough job of securing things to a wider audience given the beancounters saved them a small sum skimping on security only to find significant amounts of value wiped off shortly after the attacks.
Talktalk have been recruiting security staff like mad since then given the amount of times I've been messaged on linked in from recruiters about it, so its a good chance at least their subset of investors and accounts are acutely aware of that lesson. If your an influencer at early adoption stage, its part of your overall governance to instill the need for security best practices at the procurement stage too, not just slap them on as a afterthought and there are some from that procurement involvement here I hope taking notes to improve things.
The industry at large has massive amounts of work to do on this front, and the security industry has to sort its own house out also. If you give recommendations to secure things and the business decides to take the risk against your advice for financial reasons, that is their decision but you have done what you can and they must own the fall out if it happens. And you get to say "I told you so" in a very sombre and professional manner...
Re: Impressive analysis, but infection vector not apparent
How would virtualizing a out of date operating system with vulnerable ports protect it any better than installing it on bare metal?
The fail is how the airgapped network got compromised, however I once was involved with writing scanning software that went hunting for interconnects amongst other things on a global "secure" airgapped network, and we found significant numbers when digging through our results. Some people breached with wifi modems to make laptops easier, some as it transited less -ahem- lawful areas etc. Most of the problem was people being lazy and processes not being rigid enough nor penalties severe enough for doing stupid things which compromised the network's security.
Lock it down, secure it, get maintainence agreements including code fixes for the life time of the kit in the original contract when buying, take steps to establish a in house policy and responsibilities and delegation to keep it patched and integral but sticking it in a vm isn't going to help, especially as the next step would be to combine all of those windows machines into a single host, giving yet another vector for a sophsiticated attack to jump about sight unseen by any network probes..
The reason the malware looks for the vm environment is a large amount of security researchers spin the vulnerable machine up in a vm because theyre looking at x different device types a week, and to have each one as a physical box to be maintained for the audit record of testing would make life awkward. Its a lazy convienience thing, not a good practice one, you cant beat electrical seperation done properly.
I used to be afraid of wasps after a mega sting incident as a kid and a nest with hundreds of stings left in my scalp, but then I met asian hornets, and after that it kind of focuses your mind on how harmless the average wasp is in comparison. Wasps are a bit of a pain in the bum near bins and in beer gardens, but not the apocolypse I used to imagine them as.
I was soldering something with a blowlamp when a extremely large asian hornet came for a persistent look, and I got it square on with the flame, and it flew off on fire with poisen running out of its sting like a hypodermic needle being purged mid flight. The singed crispy remnant managed to make it out of the garden before disappearing under its own power still.
Another year we got a actual nest up one of the tall trees, and the fire brigade were on about getting private contractors in at thousands cost with specialist suits and cherry pickers because of where it was. I was harbouring plans to buy/equip a larger drone with some kind of remote release spray and nip up and do the job, until a early test reconnisance flight with my AR ended up with a crashed drone after they all mobbed it as it got near the nest. In the end, the nest "fell out" the tree with what looked like a large hole in it following a suspicious bang noise from the direction of a neighbors and the fire brigade came back and dealt with a bunch of peed off hornets on the ground in special suits instead. The nest went away for scientific analysis and some of the grubs and smaller pieces were used in exhibits to do science at local schools.
Hopefully there was a control fight with fighting wasps with reverse painted faces to test. But have to wait for paper rather than clickbait for that.
yea gods, 21st century version of blink tag back from dead.
Re: Stop whining
Whoa there, I'm not in the UK but I was eligable to vote in the referendum being a british national and it being less than 15 years since I left the UK. I could quite legitimately sign that pettition, put my address as France and be within those terms.
The fact that Leeds fubar'd my postal vote due to "proceedural errors" then failed to tell me despite us calling the hotline on 3 occasions to check it was all still going through and told me I could vote in person if I picked up a ballot paper on the day when I was supposed to be in a business meeting on another continent is a moot point.
It would be so trivial to do a select based on useragent data from the script I saw being claimed as responsible, and just mark all of those rows bad in the database. And, I think thats exactly what some BOFH at PCCS has done.
Re: Still voting OUT!!!!
Your not making much of a logic case for your choice here are you? Are you sure you shouldn't be on the bbc HYS somewhere and doesn't the style guide say to repeat yourself a few times in case people that can't read the first OUT need more convincing?
Geez Andrew, I thought you had enough fun trolling the global warming people, but obviously you've been allocated a new target to play with now.
Has El Reg sucumbed to a bit of click bait and attention grabbing with its spate of op ed's now most people have made up their minds?
I'd be voting remain by the way, having worked in and around europe for years, and benefited massively from all the benefits it brings having got on my bike literally as norman tebbit told us to.
Re: The resources the government
Re the "Yet, without exception, everyone I have spoken to wants to leave Europe."
I think there's some kind of style guide been issued by the bodies funding the brexit crowd as nearly every shouty post making this point I've seen has said this exact phrase. And you have to pepper the discussion with END OF and absolutes if its the BBC HYS or similar swivel eyed loon locations.
There's one forum I frequent it was quoted and the main shouty people were all saying "WHEN we leave" and "NOBODY will vote" I posted up actually I know quite a lot of people voting to stay for logical reasons. THere was this short pause, then it continued with the same rhetoric.
Speaking on behalf of absolutely everyone, having someone correct you, then carrying on doing the same thing is a huge insult in my book. It might work on the weak minded, but I'm hopeful there's enough logical people who think for themselves to resist this tactic.
Now by and large we are logical here, we deal in logic (IT), have brains wired for it (ok maybe not some of the phb's). I for one would like it better if you could lease keep your reasoning to logic not the daily fail style sheet responses.
How to not get pwned on Windows: Don't run any virtual machines, open any web pages, Office docs, hyperlinks ...
Re: it's easy - take off your rose tinted spectacles and back away from the pc.
It also had no memory protection so a single bug in a single application could bring down the entire host machine. It also supported no concept of permissions or different privilege layers during execution, nor protection to prevent a simple text handler from suddenly writing bytes into the main control registers for the bit blitter and doing bad things for instance.
When you only ran a single application, didn't care about security and could just power cycle it when this happened then it was a minor annoyance. Today it would be unthinkable.
I loved the Amiga, but systems engineering has progressed significantly since. And I have a accelerated amiga and a peg2 ppc based machine running morphos next to me. And lovely as the peg2 is for demo's and being responsive, it also has no mmu and falls flat on its face fairly often.
Had to laugh at the irc bot set up to spew insults. Takes me back "quite a few" years to the days of that cesspool of attacks known as efnet and writing tcl scripts for eggdrop bots (and having lots of geographically diverse hosts for a gaggle of eggdrops to stop someone smurfing all the opers off, we had a very desirable room name and erris free lacked any protection for chanops then). Ours just served beer and stuff when you did a !beer though. Learned a lot about ddos and keeping things secure though. I'd just laugh if all the attack bot did was shout a few insults in response to a !tosser or something. Its a bit monty python french taunter isnt it :D
Have to read up why the "security consultancy" couldn't just ban it or get it a kline or worse.
One method to cool industrial computers is to have filters on the intakes to the cabinet housing the electronics for the machine and plenty of room in the cabinets to deal with reduced airflow when they are reaching the end of the filter exchange period. These are changed out to a maintenance schedule along with other service items and everything is happy.
Another method is to totally seal the case, but use the case itself as the heatsink to disperse internal heat, this way there is no filters to clog but it requires the machine to be designed that way from the start.
Excellent, look forward to this being generally available for tinkeration.
Looking at a fpga implementation of a zx spectrum running on a altera cyclone iv on the desk near me currently and trying to program a cpld into a sewing machine stitch regulator in another window.
A man's got to have a hobby after all...
Re: This is why...
We won't because some of us are gentoo users :-)
Equally we can't be smug either for the same reason, because I don't code review every single line of every single package to the depth I should be doing to be able to claim that. And if someone else does, why did you miss shellshock and the glibc bug for so long if so :-)
Re: Are you sure you have this the right way round?
This, wordpress, on the same server serving out the iso images. Physical seperation 101 or complete lack of it. I did read some comments in their announcement post that they're rattling a can for money for more hardware to buy another server just for the wordpress machine to at least give it some seperation.
For a few clients that wanted wp no matter what we advised we ended up having to deal with the devil, and so we ran the wordpress server on a local lan machine not accessible from the internet and automated scraped/rsync over ssh'd off a static version to host as a static html page on the public server.
Probably someone will pop up in a minute and offer them a cloud solution, because that's really well physically and electrically isolated also.
They need to stop with the fanboy rahrah, lick their wounds and do things betterer in future.
Re: The reason I block ads
It wont be take it or leave it (the internet). It wasn't take it or leave it before all the advertising as a business model came along, and it wont kill off everything. It wont kill off manufacturers sites with product information as a online brochure, it wont kill off SME websites supporting a bricks and mortar business.
I run a site for something non IT related, main site, discussion forum etc. Not a single banner ad, hosted on some spare capacity on a vhost I tend for other purposes. Sure it wont ever make me rich or even cover its bills in theory (though I've had people offer to give me free money to pay its hosting fees who are conditioned into paying to support things and can't get their head around the fact I think like this), but I'm doing it because I'm passionate about supporting the focus of the site, not because I want it to fund my retirement or keep the kids in shoes.
I think you mean "take it or leave the commercial spam infested crapware shallow internet", facebook, and the other "social" sites and not the actual bit of the internet thats actually of any real use.
So, those files becoming corrupted can brick the device. Ergo a disk error could do the same without any os interaction regardless of what is loaded on it.
Design implementation flaw if it won't let you back into the bios to nuke efi & a bit of a gamble all round to run with regardless of what your flavour of os happens to be.
I came here to post mad Jack Churchil for the last RECORDED longbow kill in a military conflict, but he's already up there ^
Also Wingate was a interesting chap, and his chindit unit's activities went on to form the basis of the para's. Not to be confused with the modern repurposement of the title for the geeks...
Re: Five technologies you shouldn't bother looking out for in 2016
Thats mostly because they cost more than ordering it with windows and blatting the hard disk on day 0 of ownership. Or as I do, taking it out and putting it in a storage cupboard so if it has hardware poorly sick issues I can RMA it knowing they can't wriggle out of fixing it.
And this fine bit of marketing has enabled people like you to carry on doing microsofts marketing for them.
Re: Floppy drives?
Not just "pc" in scope for the usb key issue. A Dell 1950 does that if usb hd is enabled as a target in the bios and the bootloader on the key is borked. The first time its nearly had me napping because I thought I had video issues on some of the boxes by the time I wandered back to the kvm station on another floor before deciding to get someone else to perform the complex task of pushing the on button on the contents of a rack one by one while I stood at the station and being able to see all the perc controller crap etc before going into blinky underscore of death mode.
To the original story, as a *owner of dell 1u hardware, there was obviously a requirement to be utterly deaf with no skin sensation of draft in addition to colour blind for the local IT support. When they first power before the environmental sensor tells the board thingy that no its not about to melt (this is a achievement...), all the considerable amount of very small high rpm fans arranged across the middle of the chassis accelerate to max speed and it has a go at making the rack move from the rearward thrust if you leave the rear doors off the cab/had to find a creative solution a too short rack cab...
* now ex, I ripped the xeon's and ram for my workstation out the last still twitching still overly hot carcass of the last one this week, and it felt good to finally slay the last of the beasts.
Re: Forget Cyber terrorists
Use a drone, this is the interwebs, we like cats remember.
Re: Seen it in operation.
I think I know where they got jobs anyway... Or maybe its endemic. Except now they'll be "cyber" not security as cyber is the current lightbulb job title the moths are drawn to.
Isn't letting it automatically "fix" problems without intervention flying a bit close to the edge?
Usually when something has been altered you want to know about it to go poke around and see why, its often a good way to see early on when someone might need some re-education, or that someone is up to no good or early warning signs to nip a incident in the bud before it becomes worse. Plus, there's always the chance that someone has done something for a good reason, and without understanding that reason your tool might just be rebreaking something that just got fixed before someone remembers they have to teach the fix to it too...
Not a huge fan of fixing things by script as you can imagine, I worked one place that borked most of their infrastructure with a automated change system that applied exactly the logic someone loaded into it in the most efficient manner possible. Only took about a weeks downtime and a few hundred thousand in resource to recover.
Just my experience. YMMV.
I would think this *should* be targetted for realtime monitoring of things in the field as early warning and early mop up of issues to stop more serious issues deeper in being missed, to clear the wood from the trees, not to replace skilled compliance testing during intergration testing. Its in the same space as Tennable's security centre coupled with nessus probes or IP360, though hopefully the logic in it might actually be better designed than them.
I've been involved with the latter for quite some years, and we have written some in house scripts which do the basics which hopefully will get the devices into a roughly ready for test scenario, then we dig round each component for more information and for things more complex as detailed by yourself and check the output from our scripts for false positives. Differentiating between the two end products is sadly something management and non security specialists are unable to manage. Or they don't want to manage to understand because pretending you don't lets you get rid of that resource for a immediate impact on your departmental costs. Ask talktalk and others where that leads...
This is not a pancea for everything, but in its niche its a useful and complemental technology to a wider security solution. Something I personally will download and see if I can recommend it to any future clients should my next job as pianist in a whorehouse prove not quite as palateable as its looking right now :-)
It's better than that, it'll be double rot13, then they'll burn it to cd and put that inside a envelope inside a envelope and send it through normal mail. That's sure to put off any potential interceptions!
230vac and 16amp limit is the norm on the continent, smidge over 3.6kW. CEE 7/5, 7/6 & 7/7 are 16amp 7/17 can be 16 or 10, ze german's shuko standard aka CEE 7/3 should be 16 as it accepts europlugs and 7/17 plugs so is requried to cover that capability and 7/4 can be 10 or 16, but originally was 10 which may be where your 10amp figure is coming from.
TL,DR; mostly continental europe has 3.6kW.
I reported this via the city of london site on tuesday I think, origin ip of the mailserver was in india, no spf on the domain, provided full headers and original content.
It spoofed a genuine police.uk domain, the funny bit was the attachment was a mswrod (spelt like this) filetype, with the usual macro virus payload embedded.
I only bothered reporting it because they had got most of the detail that normal people would trip up on. And well, spoofing the police is bound to actually get the police interested in sorting it out...
Re: There's a lot of embracing and extending going on here...
I can't believe its taken until capslock's post for the obvious leopard spots history of microsoft and new protocols to come out although someone hinted at it with kerberos earlier. What short memories you all have while bickering about posix and permissions systems...
Re: Arnaut the Clueless Metronews website
Matt, she's french, in France crowned miss Brittany. This is the same France that it was culturally ok to give 50 shades of Grey a 12 rating while the rest of the world went into hysteria overdrive and made it a 18 rating or higher.
I can't come up with any reasoning for this to happen apart from the American organizers imposing prudish values on the compettition, without needing to even hint at desending into anti american bashery.
<sarcasm> Just wait till they develop the next level of sophistication, zip of exe.</sarcasm>
Anyone running a milter that lets through a exe or zip of contect without blinking wants shooing with a length of ftp, ESPECIALLY those in a position of a company large enough to be a target. Its not point and click for monkeys people role, test your own stuff, do a professional job.
Of course then you might find people killing your mail server cluster with recursive zip attacks, but hey, its not 1999 anymore and you should be capable of stopping that too.
I did bring down a entire cluster sending someone carrying the EICAR test string inside this exploit payload via mail who absolutely insisted on pain of my dismissal to do so despite my dire warnings.Fun call with the cluster admin at 10pm on a friday who put in place proceedures to not have managers strong arm security staff with requests against their better judgement... And I hope harden the cluster of mailservers that it took out...
Good! You might scoff at networks for farmers, but modern farming is enhanced by having good connectivity. Forgot your image of a bod on his clapped out fergie scratching a living, modern farms are massive and professionally run enterprises with huge amounts of automation and computerization of assets, self driving tractors, uplinks for remote maintenance and diagnostics on kit etc.
Having infrastructure in place for this sort of thing rolls across the entire commercial spectrum and is massively beneficial for the countries concerned as a whole, and is a bit beyond having a few people extra getting facebook access.
Not to be a syncophant, because I have a intense dislike of redhat nowadays due to their driving of corporate linux direction (pottering et all), but this actually looks like responsible behaviour and correct management of a incident to me.
They have been compromised in some way, occasionally it happens due to things unforseen, that's been communicated out, a mitigation put in place, stuff resigned with a good key and they're doing forensics to see how its occured and to what extent. I'd be unsurprised to find once RCA has finished they look into how to avoid it or similar vectors happen in future. And... they're actually being transparent about it having been undertaken.
What a refreshing change.
Re: He used one of those new storage devices....
Enterprise level san then?
Joke, or is it...
*whoosh noise at icon*
Re: Is the word "cyber"
Nah, BT has a cyber defence team too. And hillariously its not a legacy title left over from when it was cool.
Would you work like this? Not me...
Either a client trusts I have the skillset and intent to deliver, or they don't. If they don't its not going to be much of a working relationship is it?
Every time I've felt the hot breath of oversight focusing on me, I know its time to move on.
Re: Damaging PCs ...
"You could hammer the read/write head against track 0 as fast as physically possible - if the owner was unlucky it would upset the alignment, and start to fail."
I did that accidentally in the late 80's trying to write my own diskloader for an amiga megademo.
I scoffed at all that namby pamby capturing the trackdisk device at $4c and playing nice, instead to hit the cia's that controlled disk io directly in 68k asm and write the entire disk controller for myself. Somehow I got the whole idea so spectaculary wrong it tracked the head over the whole disk surface, and the software of the day couldn't recover anything off a floppy so destroyed. So... not to look a gift horse in the mouth, we released it as the fast disk destroyer (and as far as I know, no floppy mechanisms died as a direct result, but who knows... Mine was alright mister...)
Did learn a lot about controlling hardware, though we ended up using trackdisk.device for the demo loader in the end anyway.
To the author, I mean this in the nicest possible way as I don't think it was your original intent, but, you b*stard! I pulled the SCA virus apart in a debugger to see how it worked, but only so we could see how it loaded and stayed resident and to admire the code (it was the first virus we'd ever seen) . We used that to write a intro that we jammed into the bootblock (with chipmusic to boot!) , but decided *against* making it propogate to inserted disks as quite a lot of games of the period relied on funny things being inserted into that sector as part of their copy protection (plus it took another 120bytes of precious space). Its the difference between unlocking someones bike at school for practice picking combo locks then swapping it with someone elses bike lock out of mischief vs unlocking the bike and nicking it.
I'm still locking other people's bikes together out of mischief (professionally, correctly engaged), but not nicking their bikes.
TL;DR; summary of what GCHQ really are saying:-
Please, weaken your standards, your making our job more difficult than it should be.
Having watched some of his youtube vid's slagging off his former antivirus company, he comes across as mad as a box of frogs with a pechant for getting up people's noses, scantily clad women, guns, alcohol and other fun stuff.
Hell yes I would vote for him, seems to me theres not much left in his closet to blackmail him with!
One for posterity.
From the reaction from people who actually were at the presentation, MIAOW hasnt been designed to steer clear of patents. Right now a non issue, but should it take root the big stick will come along and make its stamp... Really, not the best base for a patent free open source GPU.
It's also missing some gfx functions, texture-mapping, and has a single processing pipeline, when you start enabling more pipes you run into all sorts of caching and corruption issues you never spotted, so its not just a case of altering some parameters and resynthesising. Great start for a uni project, but there are better options out there already not gaining the publicity.
If your interested in the subject of diy gpu processors and fpga, check out Jeff Bush's amazing write up of his open gpu on fpga. You need something with a fair number of logic elements to load his design on so something like a de0 nano or similar but you can check out the code/verilog etc from github right now, and his blog is amazingly insightful to read.
I'm also interested in cpu on fpga, but its a massive massive rabbithole of learning to fall down into. There is the venerable tg68 implementation of the 68000, fpga arcade, vampire v1 and a few other interesting ones released under open source licenses you can download the sources to and check out, plus there are further closed projects in this space. The above is focused on m68k because its a chipset I knew well back in the day, so I can relate past experience to bootstrap learning for the bits I don't understand. But there are z80/6502, even machester computer on fpga...
The chinese are getting in on the area with their own fpga designs and fab, gowin semiconductor has released two designs in the past two years to compete with altera and xlinx etc. Lattice is another with interesting developments and now there is a open source toolchain (icestorm) covering the lattice icesticks to lower the difficulty bar to getting started.
Its like that guy on here that built his own diy wirewrapped discreet gated computer that took up half his house (I think he is my hero after that elreg article...) , except you can pop the dev board and usb blaster in the desk drawer between sessions without visitors spotting your a raving loon until you start to babble about von neuman architecture and the like. And its great fun giving the brain a bit of a workout compared to the level of thinking required for real work.
In light of the suggestion that this *possibly* could have a remote install vector in the bios attack, having to put a bios jumper in another physical position to reflash was a good idea after all...
But, I suspect the vast majority of people who cared about security said this at the time. Only to be shouted down by the IT ops people who no longer had to go round people's desks to do things.
"Defenders on parade: entrance to the factory tour", not one of those cars is a defender, they're all series landrovers. This opening few paragraphs of the article reads like a train wreck until further in when it kicks in properly and someone who actually understands their subject seems to have got involved, until then its a confused mess suggesting that every land rover apart from the disco was called a defender since the first 4wd landrover product. And "We all know there’s only on one true Land Rover: the Defender", er, I can hear various series owners choking on their brews from here.
For the record I drive a 90TD, which although its defender shaped, is most definitely not a defender also.
So you have a big chain of self braking cars, the front one sees a obstacle and has to throw the anchors on hard. The one behind react to the vehicle in front braking hard etc.
Imagine if they all had their own braking charecteristics, stopping distance, tyre widths, brake disc size etc. In fact a whole slew of variables which affect braking distances.
Will we see who has the best results for minimum braking distance by noting the ones without front end damage in this scenario?