305 posts • joined 10 Jul 2009
Any data leaks here yet?
Re: Even perl has some resemblance of CGI security
Bash cgis tend to fall into the category of informational only. They don't take any inputs at all and just provide info. Those are now open to abuse since a simple wget with the right parameters can cause them to do all sorts of hackery things.
Oddly enough other shells that can share functions with subshells have similar problems. Some even allow overwriting things like cp, ls or cat and you can guess that most "write only" cgis written in a shell will use at least one of them.
Re: I don't know why they even bother with crapware
Why would they test the applications they preload other than to make sure they don't crash at once? Being able to put the facebook logo on the box will bring in at least one extra sale but who cares if it works.
The self stirring pot has been in chemistry labs for decades. A biochemist friend with a knack for electronics had on in his kitchen with an IR detector above that would control the pot so make sure its contents stayed at the proper temperature and stirred. He also hooked up a gas detector in his new born twins room and somehow managed to avoid changing dippers until his wife asked about the odd device.
I was looking at putting in an induction stove in a place that I intend to rent and I'm trying to make it mostly handicap friendly but I can't find an induction stove that can be easily used by someone who is blind.
Re: The OS is dead! Long live the new OS.
The upgrade tax on a 5 year old machine is that I can FrankenMac most of the hardware to 10.9 but since it didn't ship with a 64 bit bios, Apple has declared the machines land fill. Obsolete power macs are faster than many of the machines we bought in the last month but it is landfill. I would take the $100 Microsoft upgrade tax over the Apple "buy a while new machine" tax anyday.
The imacs are worse. We have very good monitors that will go to the tip because Apple can't do what the hacker community can?
The OS is dead! Long live the new OS.
I hope OS X Yosemite isn't out of beta since that means even more completely functional Macs are now relegated to the "your browser / flash is no longer supported" because idiot coders can't figure out how to build a fat binary using two different versions of Xcode. Seeing that OS X 10.10 has nearly no new features used by 99% of the coders out there, I wonder why the otherwise leading edge machines from just a few years ago are all of a sudden more crippled than an XP box. The obsolete 10.5 and 10.7 machines are happy doing the same work they have been doing for more than 7 years without the upgrade tax. Work has already decided that they won't be replacing them with Apple products with comments about once bitten, twice shy.
Are you sure it isn't in my dictionary?
His example of "This little piggy went to market" shows the problem. That is in my password dictionary. When the "make up a password from the 1st letter of words from a song" started to be popular, I ran a small poll asking people to write a line from 3 Beatles songs and 3 songs by a popular country artists. Several hundred people responded and there were less than 100 unique lines and 10 lines were common to something like 80 or 90% of the respondents. The result of separating the lists based on their likely musical taste resulted in some scary guesses on which lines they would pick. When the same thing was run latter without requesting the specific musicians, the results were tainted by the previous request.
/Black Helicopter since the some of the guinea pigs were supposed to keep them secure
I know someone involved with the free cheap laptops for students. They bought a bunch and oddly enough only one could hook to the LAN or wifi at a time. Not so good in a school. I was brought in to get a program to give them all unique addresses but since the hardware wouldn't let and address stick, the software picks a number, checks to see if its on the net and then uses it. The result is unique MAC addresses at nearly every connection. Sort of hard for the black helicopters to track down.
Internet of Things?
Maybe something more along the lines of Internet Devices ____ of Things would be more appropriate?
Re: Only a complete idiot...
There is a chance that current Detroit meters were designed before AA batteries became very popular late in the Walkman era. Before that, 9V batteries were the most sold smaller cells and internal switching power supplies to up the voltage to the needed 5V were very inefficient.
Where they are made matters more than brand
I've found that the Chinese made Energizer batteries don't last as long as the USA made ones so I've stopped buying them and Duracells. Both those brands have idiots in marketing that decided a pack of 10 AA was a good idea rather than 12.
Re: IPv6 like OSI is far more complex than necessary
The original point of the /bits notation was to steal bits from the source and destination port addresses when this problem 1st showed up in IPv4 space in 1991. So an address like 188.8.131.52/34 would use two bits from the source and destination port so from a core routing point of view, a web server might be on 184.108.40.206:80 and 220.127.116.11:32848 (0x8050=32k+80). The only software that needed changed would be the network addressing libraries (aka libresolve) and some edge routers (aka NAT). We had this working on an AGS+ in 1991 without any major changes to applications other than a bind library and a wrapper about a winsock function. The idea was to treat all routes as /24 starting then with long term migration to /32 so everyone could dual home with their own IP addresses. AT&T even built a router that could cope with 16 million routes in 1992.
Where is my energy storage?
My last power bill had a connection charge that was larger than the energy consumption and my solar panels are in my garage waiting to get hooked up.
There is no way I won't go to stored solar if I can buy batteries cheap enough. At work we have 16 truck sized floating cells that can run two racks for about 8 hours. I figure the batteries currently cost about 4 times the cost of the rest of a solar system and that is the high maintenance types that need toped up every few months.
/flame is for when the wrench shorts out the battery bank
Where is percentile pricing?
And yet they haven't allowed the option of 95 percentile pricing like most ISPs around the world use?
The satellite that was directly in the way was hit and it wasn't fried. The Navstar sats' primary job is to locate where atomic bombs explode by timing their EMP. I expect they are very well shielded. Of course things that depend on cheap GPS receivers to work properly would have a problem. That includes things like most modern mobile phone networks as well as some newer civil emergency communications systems and of course much of the power grid and parts of the finance community.
Odd enough, the core of the internet won't care as the core bits are connected by fiber and the core routers tend to be very well shielded and are running off data center power. Too bad most of the oceanic links would get their amps fried and there aren't enough spares to fix even a small fraction of them.
Re: On another note
What happens to the paywall subscriptions when a major ISP decides to drop his IP addresses at random times.
100 Gbs is so far off, Google has replaced most of its internal switches with the stuff but there are some steep royalties with the 10G, 40G and 100G stuff and I expect they don't like the idea of paying more for the optics section of a motherboard than the CPU+memory. I expect this reads like short run copper as well but that will be clear when they stop talking about a "top of rack switch" and start talking about "middle of the rack switch".
CVC vs AVC
That looks like download gigabits only. Will it be committed gigabits or best effort gigabits? Real symmetrical gigabits are useful, the fake kind, not so much.
This worked so well in Victoria
The attempt to get rid of the games managed to drive almost a billion dollars of game R&D out of the state.
Re: This is a very small class
I had that effect on people I know. For a start, $40k is about how much less someone from Melbourne gets when they work for Google than a US citizen for the same job. Oddly enough, if they work in the USA, they can't move to a different company (HB1+the law suit issue) nor can they move up since someone who makes more than them can't move to a different higher paying job either. This puts a limit on salaries in Australia as that extra $40k would have caused more of the top talent to move, leaving a bigger hole for local companies to throw more salary money at.
This is a very small class
This action has hurt wages all over the world. Where I work in Australia, this has a carry on effect of more than $40,000/year in wages in some some near the top of their field.
Isn't that My copyright?
The one thing that the US Govt managed to get right with their copyright law was removing the concept of a Crown Copyright. If the people of Australia had the code custom written, it belongs to the people and there should be a way to access it. The same applies for data such as were the trains and trams are and the location of the airports.
/Bob Hawke is unimpressed with the size of the beer icon
Just a sign of what is to come
Perhaps they should have considered backhauling everything to so few points of failure before the failure? Oddly enough, putting all the eggs in one national basket will make this problem far more disruptive.
Cue the spooky music
The 1940s called and want their passive radio transmitters back. "The Thing" was a carved version of the US Great Seal which happened to contain a passive listening device designed by Lev Sergeyevich Termen (aka Mr Theremin ) that worked nearly the same way as these devices do without the benefit of transistors..
Re: More BGP interception games
Your/16 is supposed to be world wide. That is why is it a /16.
More BGP interception games
Do they understand how bad of an idea this is? Once an address is free from its geographical zone, it makes it impossible to tell if it is being routed all over the world for nefarious purposes.
Upgrade what upgrade?
An iMac I have was released in 2006 which came with 1 or 2 gig of ram and you could upgrade it all the way to 3 but it was faster if you put in 4 since the memory bus would see two identical simms. Fortunately Intel made a change in the later CPUs and the os later fixed the 3 gig limit so 4 gig machines could use some of that formerly locked out memory. I would upgrade the hard drive but I need one with the right magic and they don't come in reasonable sizes. Perhaps the hard 8 gig limit in this new machine might just cause someone at Apple's HQ to consider the ram bloat that all their new applications seemed to enjoy.
My brand new Juniper SRX 110 can't talk to my ISP via IPv6 since its dynamic stuff isn't compatible. My over priced cisco ADSL router for home can't cope with IPv6 either even though that ISP was the 1st in the country to support it. My data center in Los Angles seems to be having a world of hurt providing IPv6 address space. Work's less than two year old cisco router that cost more than a small car can't talk to my other ISP's IPv6 router correctly either without lots of work around on both parts but I'm hard pressed to test it since I'm not having much luck with stuff that "just works". I have managed to publish BGP routes out IPv6 routers that can't cope with the traffic.
Just like the ISDN router from 2002 that I was messing with today, It all claimed it was IPv6 ready.
Re: Wrong argument
We are running out of routes because routers have real limits. The old limits are enshrined in the protocols that the routers now use to talk to each other as well as the management of the resources. Other rules limit how small of allocations can be made which all tie back to the limit on route counts. This results in problems such as if your small 20 person company wants a dual homed /27, there is no way to get it so they get allocated a /23 and waste over 400 addresses.
We are not even close to being out of IP addresses. We are out of IP routes. That is the problem and that is because of implementation issues from a well known major vendor and all the dead router vendors that came before them.
Re: But what...
Under the old plan I am on the 20+mb adsl but the NBN plan is to shift me to the overloaded urban satellite spot beam since my coper goes to the subdivided block out front so no glass for me. If I could get decent rates on the 400 meters of duct rental to the exchange (and the 5 under the shared driveway), I would be tempted to get my own non-shared link there but for now that exchange is Telstra only.
Re: "Encrypted" passwords
Standard salting isn't enough if you have billions logins. The standard salt on many of systems is only 8 characters and only contains about 48 bits of entropy. That is about 300 trillion unique salt values so there should only be about a 1 in 300,000 chance that your eBay password shared the same salt as another user however that assumes the random salt generator works properly and what I've seen in the real world is a few thousand people will be sharing the same salt. eBay must release details of how those passwords were stored. They also need to identify any large groups of users with shared salts since they will be the 1st targets.
Predicting 4 years down
I was at 4 shops yesterday that used to have large areas dedicated to selling smart phones. One now has its entire collection of mobile phones in the glass cases that were originally put in to market cigarettes and the other had a few $50 prepay phones. To me that means the mobile phone market is saturated and if that is the case, the premium people were paying for faster/better phones is close to drying up which means the only way telcos will compete in the near future is in their networks. Since even Telstra is already pushing the TV ads in that direction, and the other two will have to push for more bandwidth for less money which will push data prices down substantially. I would say the writing is on the wall for fixed line connectivity and that breaks the old NBN business plan. If we project US fixed connection rates to the current population, NBNco will not have more than about 5 million residential customers when they go looking for banking handouts. If we use iiNet numbers, that will be worth less than about $4 billion in revenue a year and compared with most companies would put their market cap in the $1B -> $4B range with an asset base that looks just like Telstra but without the high value customers. While I wouldn't touch it as an investment, I'm sure the morons who throw my retirement money away will sign up for as much as they can buy.
Do they know their customers?
Most of the Adobe users I know all work to tight deadlines and graphic artist types aren't well know for their outstanding time management. I wonder how many jobs won't get paid because they were too late resulting in much anger towards Adobe.
Photos of the control panels show spots for two joysticks for both the lunar lander and the control module and I expect they they only took 3 joysticks with them.
It has been heading this way all along.
At the last breakpoint security conference someone installed Linux on his hard drive. It only crashed when it couldn't find a storage device. I think it was a cheap modern HP drive that had a dual Arm based CPU as well as another very low powered one. The demonstration started off showing how easy it was to hack the firmware of a drive to look for a string in a written block and then return a different sector in place of another request (as in log "user wanted /xyzzy.html, now return hacker:abcdef in place of a sector that looks like a shadow file)
I've wondered when Flash memory sticks would go to E-sata but it looks like USB3 stole that thunder(bolt).
Mines the one with the unfiled patent application for adding a video controller and usb hub to a hard drive controller and calling it a PC.
We've seen this before
If the statute of limitations doesn't exist, why shouldn't the government keep their data for ever? It won't be pleasant if you happen to be on the receiving end of their request for an explanation decades after the fact but you didn't have anything to hide? Did you citizen?
Claiming to be fighting crime is always how the control freaks start.
Re: SInce when are secondary indexes novel?
I wonder if what they are calling "secondary index" would be more like "create geolocation index of female teenagers who like music but hate the tending boy bands" or whatever odd things their advertisers are trying to find out.
A solution to a modern IT problem
The main IT problem is how do you maintain all the licenses needed.
Are modern programmers starting to understand they can open a cached file, move its entire contents into L1 cache, sequentially parse and scan it, find the last record in the time it takes to do the TCP connection to the localhost address? You can do either about about a billion times in the time it takes to pick up the phone and get Oracle support telling you are now on hold.
There are things that used to need a database with its associated indexes but I don't know how many times I've seen full on licensed databases used to store data that will fit in one modern 4k disk block.
Yet no updates for many working apples
Once these patches are studied, many older macs will have no security as they aren't supported by any major browser. There are plenty of PPC machines stuck on 10.4 can't run an updated version of Safari, Chrome or Firefox and even 10.5 doesn't have any real options. For some odd reason there are newer version of Safari for Windows XP than there are for some of Apple's own much newer hardware.
Just don't power cycle that kit when you do the update or it might not come back if it has the bad RAM.
Maybe the next software upgrade will pull the JTAG data from the ram on boot, compare it to the list of bad ram and provide a useful message in the logs.
Terms of sale?
Just like "subject to finance", the offer I made for the house was based on approval for an ADSL service. If you are going to spend a half million dollars or more, the $127 fee to buying the old owner for a month is well worth the risk if you need it.
Re: @Big-nosed Pengie, @Winkypop
Economy is more money per square meter and kg of seats. All those people in the back are paying more than their fair share and it is time to end the heavy first class discounts.
Re: That's the problem with all this cool new NASA data
Reading data by proxy can be dangerous and it must be full of errors and scientist need to isolate those errors in the data. For example NASA will often use parts of the Australian desert to calibrate their systems but most of the time, the old sat and the new sat aren't in orbit at the same time so there is a slight gap between the data. Add in the fact that the new system will use different technology than the old one, they can't even measure the same things. Then you can throw in the calibration of the old records and modern modeling that loves to consider nearest points. The problem with that and using the Australian outback as a yard stick is that one of the 5 nearest calibrated thermometers are in Melbourne and Darwin which are very far away and have much different climates. I've seen a few of the early official weather instruments used to collect the early data points and I expect the non-linear, factory seconds state of some of them means their scale is not best to count on for high accuracy data. Science is a fractal, the closer you look, the more detail you can see. Data isn't much different.
Nothing is unique
If you can make it, they can make it. If it is hardware, someone can take the keys out of it and duplicate it. I'm not sure how anyone could win this game.
The price of complexity
Modern switches and routers are a full of unneeded features and those all cost lots of cash. Now that the chipsets are doing more and more of the real work, the only thing the vendors can provide is a stable environment for those chips and that means a minimal OS with only core features and a way for 3rd parties to provide the heavy lifting software. Sun, Apple and Microsoft all forgot that they are run the core stuff and others do their part and the greed only leads to messes.
Looking for the "right" answer?
They can't find one properly documented case of a grumpy old guy who gets wind mills installed close to his lawn and ended up with an increase in blood pressure?
Re: I've always hated the term 'DMZ' in relation to networks
The DMZ concept is the core fault here and the people who went after these cards knew it. They also know they can get inside other retail networks, and find at least one machine somewhere that isn't doing what it should and hop vlans into something else. Every vlan isolation system I have ever looked into at depth could be breached and often with simply things like mac-flooding which was the 1st attack on the isolation so long ago. I use Juniper SSG-140s loaded up with 8 port cards that look more like switches but nearly every host is in its very own zone and the DNZ zone should gone away two decades ago. The retailers are not going to be providing physically isolated networks simply because of the cost all that coper and its 100 meter limits which don't go far in a store so they are stuck with over priced fiber converters or wifi. If the PCI Security Standards Council isn't very careful, there will be far more wifi networks with far more data and far more doors. The amount of data flowing in a modern relater is increasing as the POS systems are used as time clocks, the cameras want to log POS transactions, the POS system needs to activate an prepay card, the POS system needs to record a mobile phone sale, the thermostats need to know how busy the store is, the fridges need to know how hot it is outside, the blue tooth sniffer needs to send the POS a coupon code, the alarm system needs to talk to the VOIP system, the electronics department needs internet for demos, the distributors need to phone home, the auto, pharmacy, eyeglasses and hearing aid centers all needs to send records. I don't think the network infrastructure will be getting any leaner anytime soon.
Re: Lock in the insecurity?
You know there are other ways to change flags. Hackers have been using them for decades. If the hardware can not do a function at all, you don't have to worry about what happens if controls for some security bit can be bypassed some other way.
See talks at blackhat, breakpoint, CCC etc.
Arm is young enough that it could take the option of "set this bit and the feature is off until the chip is reset" and it wouldn't have a problem. Otherwise you might find something like BCD registers can be moved to somewhere with a brand new meaning decades after anyone used that instruction in a popular application.
There are not two opposing camps and that is part of the problem.
There are at least 3:
1) IPCC is right
2) IPCC is wrong
3) IPCC is full of BS but we know we can adjust local climate but in a much different way.
Group 3 has a great deal of stories that people can adjust the local climate.
Oklahoma was known as "The Great American Desert" before they found out about the areas now known as Arizona and New Mexico. Oklahoma, Kansas and Texas had their climate changed for the worst and then fixed. The Dust bowl was caused by bad farming techniques but increasing wind breaks and creating thousands of muddy man made lakes has changed the rainfall in the area a great deal.
The first major human created climate change theory was known as "the rain follows the plow" which correctly identified some aspects of a local water cycle but managed to get the rest very wrong leading to things like the dust bowl and massive fires in the US Midwest and most of the farm land in Australia.
- YARR! Pirates walk the plank: DMCA magnets sink in Google results
- Pics Whisper tracks its users. So we tracked down its LA office. This is what happened next
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
- Apple flings iOS 8.1 at world+dog: Our AMAZEBALLS 9-step installation guide