2200 posts • joined Monday 31st May 2010 16:59 GMT
I don't know why some people read an article like this and come away with "encryption is the only answer; the only solution you need!" I think it’s a tool, an important and useful one that we shouldn’t be working without. I believe it should be on by default. It’s use could prevent some easily-avoidable wetware errors such as the one detailed in the article.
It is by no means foolproof. Tape a clipboard to that airbag and you might well get a chance to watch Darwin in action. Still, if the user doesn’t have to install and configure the airbag on their car, there is a reasonable chance that – barring some world-ending clipboard-esque stupidity – that airbag will be there and functional when it is needed.
An Airbag doesn’t guarantee your survival in case of an accident. If you screw with the design of the airbag through apathy of idiocy you can render it useless. I see encryption the same way; a form of digital airbag. It isn’t guaranteed to save you, but it might just help when the brakes (wetware education, training and corporate procedures) fail.
The difference here is that you don't have to install and configure the airbag yourself. Cars are designed with the idea in mind that the end user down't know how to maintain them. We also have decades of a culture wherein "if you don't understand how to fix your car on your own, bring it to the mechanic on a regular basis."
That culture has yet to spread to computers, as does the idea that they should be simple to use. Worse yet, computers don't come out-of-the-box configured for safety. Nor to several cloud services. That the option for better security exists helps not at all if the end user knows nothing about it.
IT folk love to blame the user. They love to blame the business owner. They like to blame everyone and anyone excepting themselves. Security should be built-in, on by default and easy to understand from the word “go.” In some cases, great strides have been made. In others, even the most basic precautions aren’t followed.
There is still much work to be done; I believe that applies to all sides of the IT problem. Developers, device manufacturers, service providers, sysadmins and yes...even the end user. I don’t believe any link along that chain can reasonably be expected to bear the entire burden alone.
They did. Fortunately, Domain Admins could still turn the proxy settings off for thier user. End users couldn't. You're right though; Windows XP has no wget. If the Domain Admin couldn't change the proxy settings, I would have been Q_Qing into my coffee.
Absolutely no idea. I was a subcontractor. Some dude out of the center of the universe asked me to look at this, as he had no other wetware in my city. He was managing wetware packets all over the country, and I get the feeling we weren't the only country involved in this particular change.
I am not even sure if the fellow that contracted me for the job was directly contracted by the company that owned the network. I got the distinct impression there were /at least/ two layers of contractors above me. Maybe as many as four.
Who installed the thing? Haven’t the foggiest. What I want to know is...why the sweet merciful mother of fnord this all couldn't have been done centrally? The client systems had Teamviewer installed, but the Fortinet box programmed by the follower of Cthulhu was blocking the Teamviewer client from calling home. (How hard is it to whitelist Teamviewer's servers, really?) This sort of thing should have been handelled from a central location, using a remote control app.
I mean, for the love of $deity, these were XP Pro Systems. On a domain! They have RDP capability built into the OS that is controllable via GPO! Why they needed a tech onsite to do a simple rename/readdress/reinstall of an Office ab is absolutely beyond me. Not htat I mind. In theory I'll get paid for this. It just makes me go "hmm..."
Sounds like a corrupt TCP stack. NOt so common anymore, but it does happen.Remove IPv4 *and* IPv6 from all NICs. (Don't forget 1394!) Reboot. Re-add IPv4 and IPv6 to all NICs. Alternately, sometimes Start --> Command --> SFC /SCANNOW will solve it.
I don't actually mind "Powerphones." If I remember after running errands today, I'll plead with Her Wonderful Self and see if she'd be so kind as to set up a Register Reader Poll with a few possibilities. Maybe we the commenters can put the issue to rest once and for all?
USB Host mode
I have had a lot of people email me asking about getting a superphone to use an Ethernet port. (Some have outright accused me of lying; that it can't be done.) There are calls to detail the step-by-step procedure on how to get it done.
I'll be 100% honest with everyone here when I say "I don't remember how I did it." I have been hacking at the thing for so long, I cannot honestly remember which bit of code I slung to get it to work. I can give you a starting point, however. I started this journey here; http://forum.xda-developers.com/showthread.php?t=702742
Here is where you can get the bit of precious that lets you put your desire into USB host mode. This is where you get the ability to attach devices and make the thing run wild. I have a friend with an APad orphan M16. This unit comes with a USB Ethernet dongle that /works/ with its Android. I lifted the drivers from there and with some work got it to work on the Desire. (I required a custom modified USB cable that derived the power from a battery pack.)
The entire project is nowhere near finished and ready. I would not at this time be very interested in attaching my name to it. (El Reg commenttards are notoriously brutal when it comes to any project that isn’t absolutely perfect without any observable flaws. Even then, a dozen or so with start in with the “what’s the point.”) I’m just a sysadmin; not the kind of hardware or software hacker that does really neat things like write Cyanogenmod, cracks a PS3 or creates a one-click jailbreaker for some piece of iTat.
So I politely decline to do the write-up on my efforts; they are at a very early stage…and others within the Android community are much further along. I will leave the interested with some valuable resources that helped me along the way:
I hope that helps some truly interested soul on his path to hardware hacking glory!
@Henry Wertz 1
You get used to it. After seventy some odd articles I've (finally) learned the truth: there's at least one in every comment thread. Some folks are just contrarian. What makes this particular gripe amusing to me is that I never set out to "coin a term" at all. I see a notable difference between smartphones and superphones in terms of the attack risk they represent. As a systems administrator defending my turf, they are two completely different animals.
Other parts of the internets have been calling these new gizmos "superphones," but it's largely been a marketing term. NO attempts to actually define it have taken place. I figured, "what the hell; I lack a better term for this new class of devices." At least I defined what I believed the term represented. I'll be happy to use a different term if anyone can come up with something better.
The issue I think the commenter takes is that he doesn't believe there is a separation between old-school smartphones and modern superphones. We will have to remain at odds on that, as I must respectfully disagree with him.
No, not all boards support CMOS reset. There are several available for the paranoid with the batteries soldered on. Specifically so you can't reset them..
I write about the whole superphone-as-cracking-tool not because I think it’s a theoretical exercise worth mental masturbation. I write about this because I have had seven separate incidents in the past month where I have been legitimately called upon to break into someone’s network/local computer and the only tools I had available were my HTC Desire, a MicroUSB cable and my MicroSD to USB adapter.
I threw the USB-to-Ethernet dohicky in there largely because right after I rooted my phone I putzed about with the USB port going “hmm, what can I make this blinking thing do?” I did get it to use a USB Ethernet NIC…with much effort. I have however not been able to get the bloody thing into promiscuous mode. Yet. I do not doubt for an instant that someone with a Nokia device and way more skill has already gotten light years past me on this.
So the risks of superphones aren’t theoretical for me. I’ve had to actually use them in practice.
For all the jokes about paranoia, there actually are out there creepy dudes who have their systems set up to reboot into an infinite DBAN loop based on either remote commands or unauthorised physical entry. I have actually met folks like that. Security is a balance; like hell I'd go that far at my day job. Working at a bank, however...it would be a serious consideration.
The part that hurts is that the paranoid blokes with the e-security fetish that I know are all sysadmins for post-secondary institutions. Faculty admins largely responsible for the client side and a few scattered local file storage systems. Creepy folk. I worry about the kind of mischief some of the sysadmins working in the office right next door could get up to if they so chose. These folks worry about three-letter agencies.
We’re talking people who with a straight face argue that everyone everywhere should be running line-of-business applications from within hidden partitions inside encrypted files residing on a fully encrypted drive whilst forcing encryption upon all web and email services. Forget passwords; they prefer minimum three-factor authentication using a password, physical token and biometrics. For a professor to update a schedule on a bloody secure intranet! That’s paranoid.
I think they’re way, WAY past supergluing the USB ports shut. ;)
You cannot fight a determined attacker with physical access.
...but you can make the bugger work for it.
We have a backup administrative user. The password for which is written down on a piece of paper and kept in a saftey deposit box at the bank that the senior staff have access to if something Really Bad Happens. I believe it's also where critical things like insurance documents and other things required in case of Emergency are kept.
My personal safety deposit box contains my will, insurance information, etc. as well. (Along with whatever bits of precious I own.) Doesn't everyone do this? Banks are kind of paid to take the "physical security" bits off your hands...
I should also point out that a great many of the attacks against the local system I have been able to come up with using my phone are thwarted by some kinds of disk encryption. It just goes to show that there are a lot of good answers already in existence to the kinds of security problems that people wandering around with phones/laptops/flash drives/etc. can pose to your systems.
However, they only work if you purchase and – critically – actually implement them.
Not all boards support it. Also; it can take a lot longer to get into a system and do this than you might want to expend. Furthermore, you can always pull out a USB stick and reboot a system you were working on in a flash if someone walks down the hall. Try explaining a disassembled PC away. ;)
I think that CMOS resets are still time consuming enough and awkward-looking enough to be dismissed as a possibility in most situations. The number of folks who know how to toss a Linux distro on their pen drive however are growing…
I find it truly terrifying how few people do this. It seems everyone forgets to set the system to “boot from hard drive only” and then password protect the BIOS. Even those few that password protect the BIOS still seem to leave the things configured to boot “CD-ROM, Removable, Disk, Network.”
I am not saying that a phone pwns everything. I am saying that they are now at least as useful as a netbook or most laptops at getting the job done. Proper security will of course minimise or even eliminate the threat...
...but they are a threat. Exactly as much as someone wandering around your office with an uninspected and uncontrolled Laptop would be.
Wonderful bit of security. Pity noone uses it. Would solve a great many attacks. From phones, laptops, you name it!
My Desire cracks WEP just fine.
If you know enough about cars you can baby one along for over a hundred years. Most people don't. If you know enough about comptuers to alter your work methodology when using Windows, you're also perfectly capable of both using operating systems like Linux and digitally cleaning up after yourself.
@ Chris 244
Well, I do drive down to Vancouver once a year. Edmonton --> Prince George --> V-Town --> Cowtown and home again.
Takes a little over a week to do the circut, with only a could of days in V-town and a couple of days in Cowtown to get things done. I do agree however that Edmonton --> Seattle for a big of kit is madness. The fuel alone would be worth more than the gear!
I am not an Apple hater
I simply have requirements Apple refuses to meet. Such as the ability to actually cut down on the number of devices I use. I need to be able to use my tablet as removable storage. I need to be able to carry around more than 64GB of media. (I refuse to cart a laptop with me on vacation for no reason other than to have my library available to sync with iTunes!)
MicroSD cables are /everywhere/. iPad chargers are not. So in short: give me a standard MicroUSB interface, access to the filesystem of my device, and support for removable media, or give me death!
If Apple's iPad 2 has all these things, I'll be the very first person in line. I promise. I'll take pictures.
Yeah, but have you noticed how it's all melting, only to re-freeze tonight? They sent the graders through Beaumaris yesterday, but there's still 15cm of solid black ice on the roads. I've no real yen to see all the snowbanks melt back onto the streets only to add another quarter metre of ice.
Wake me when the snow is not only gone, but the city is significantly less /brown/. As bad as winter is, spring is worse. An entire city covered in sand. Sand and rain and sleet and more sand.
Where did I say that the technology "Flash" was bad? Flash certainly can be content. I loves me my Flash TD as much as the next guy! The point was that having a website with awesome Flash (or HTML5) transitions, animations, menus and intros has ZERO value unless the site actually has content and/or useful functionality.
The article was emphatically not about "the technology "Flash" is bad." It was about the fallacy of the notion current popular amongst web developpers. Namely: form over function.
Seems however that there are many people who are /very/ touchy about the idea that Flash the technology is "bad." It makes me wonder what made them so wound up?
@The Unexpected Bill
Good customer service indeed sells. I mean, the customer service I got from these guys was so fantastic I felt it was worth an article. The story is even better than the article tells.
You see, when I first called these guys looking for a transmission, they said they had the right one and they put it in the queue to be shipped out. I get a call the next day and they guy says "my boys apparently cut the kickdown cable on this transmission taking it out. What do you want to do?" I didn't know a think about what this meant, so he said he would get details on how this would affect me and call me back. He called his transmission guy, who told me "it would be a $300 job to reattach a new kickdown cable, assuming you can find one." I was heartbroken; the transmission they were selling me was $350 after shipping!
So the guy noodles around for a day and gets back to me. He says “I found a buddy of mine with one of these trannies. I’ll tell you what; we’ll sell it to you at the same price we quoted you on the original.” I was blown away. Gast absolutely flabbered.
Here is some random company on the other side of the continent that not only lets me use the tool I am most comfortable with (instant messenger0 to talk to a live person in real time, but they bent over backwards for me. They didn’t know me from a hole in the ground, had no previous business relationship, no reason to treat me “special” that I can think of. Yet lo and behold: fantastic customer experience.
A couple of days later I was thinking to myself “hey, I should actually get off my duff and crank out an article or two.” I thought back to this company and thought “you know what, screw all the negativity and scandal. I want to talk about someone being awesome.”
So yeah, good customer service on this guy’s part totally got them an article. I logged onto the instant messenger earlier today (after I discovered my editor had published it) and sent him the link. He was quite surprised, apparently it’s been printed and is now on the company bulletin board. ;)
The whole experience contrasts starkly with my day job. At my day job the CTO of the company is banging on one more time that we need to “completely redo the website.” I feel frustrated because I am trying to counter this with “it’s not what the website looks like that matters (it’s perfectly fine, aesthetically speaking,) it’s what is ON the website and what FUNCTIONALITY it provides that matters.” This is countered with “our website is crap, we need to start over.” There is a distinct temptation to cry/scream/howl/sob in frustration.
The reason our customers shop at the store I work at…the reason I like this random car wrecker I found on the internet…it has nothing to do with /presentation/. It’s because when you send an e-mail/text/IM/whatever there is a warm body on the other end that says “hello, how can I help you?” They then proceed to /actually help you/!
As such, I guess the whole article is a bit of cathartic venting. Since my voice is seldom heard around here, I cast my idea into the wild interwibble:
It’s not what your website looks like that matters.
It’s how you use it.
I drive a Scion XB
I think around here it's qualified as "a boxy go-cart with a plastic couch on the front." When >50% of folks in your province drive pickup trucks, (and a Ford F-150 is a "starter" truck,) then yes, a Camry is small. Most people have pickups or SUVs 'round here. People with sedans or smaller are driving small cars.
I drive my little Kleenex box around, with my head touching the roof (46" of headroom, and I still have to bend my neck.) I can tell you that thanks to her low ground clearance and general sub-compact sizing, I am generally terrified all the time whilst driving. everything around me is three times my size. Nobody can see me on the road, their are SITTING at about the same level as my SHOULDERS.
Let me tell you though; when you are toodling around in an F-350 with raised shocks and a big old cowcatcher on the front, you make your own parking spots in the winter. It’s a very Albertan thing to do.
I am not sure car-parts.com sells anything. At elast to me. (I don't work for a car shop.) I would have to look further, but suspect they only really sell the "service" to car shops who want to register thier inventories online.
Thus: nothing. There's nothing to pay for if you are just a dude searching for a transmission. ;) Although, that brings up a point: I should totally go find out who actually runs that site and let them know I wrote an article. I usually do that after it's published, but I got distracted trying to find a shop here in the city that would actually /install/ the transmission...
I know it was in jest...but I wasn't. If you can figure out a way to play Crysis without the DVI port, I'll buy you a pint. I would *love* to take these beauties for a spin! :) After all, the question has to be asked: with two Xeons, 48GB of RAM and two Tesla cards...does Crysis still run like crap?
Becuase it wrecks my laptop...
@Ian Michael Gumby
Getting the cards in the server seems way cheaper. What I am ordering really isn't that farr off the retail price. Even the local supplier I use for retail gear has a decently low retail price: http://www.cdw.ca/shop/products/Supermicro-SuperServer-6016GT-TF-FM205-no-CPU/2251250.aspx. Remember that you have to add CPUs and RAM to that.
That said, my client has some decent connections, and got a reasonable discount off of what seems to be the Canadian retial price for this gear. Also to be noted is that I don't have any disks in any of these nodes: they load thier OS over the network. It's just board/chips/RAM/GPUs.
@John Smith 19
It's a big converted warehouse sitting on top of a massive concrete slab with a two-story 3500 sq ft basement underneath. Sadly, most of the building is offices and warehousing. The corner of the building I get to work in really isn't that big...but I can punch holes in the wall/roof/floor if I need. I just can’t move walls.
I'm very sorry I didn't make that clearer. That is totally my bad. Even 48GB of RAM is probably excessive for these nodes...but I like to fill all the slots. I guess I forgot that not everyone would realise that the average video rendering box would not make use of 192GB of RAM. It's mostly about the number crunching. They typically crunch work units in the 4-8GB range, though they could get tasked with up to 36GB, depending on the job.
We're doing tests now to see if 10Gig NICs will really speed up overall farm performance, or if it is (as I suspect) going to be bottlenecked by the control software, not the network. Only tests will tell…
@Ian Michael Gumby
It only seems like a “great deal” if you assume maxed RAM. While the board supports 192GB of RAM, I'm only actually loading the systems out with 48GB. That's 12x 4GB modules, a pair of CPUs, the two GPU cards and the server. You can buy the barebones server with the 2x GPU modules retail for $5700 here in Canada. 48GB of RAM + CPUs aren't less than another grand, retail. Buy a few of them and a discount of $1000 off the retail really isn't that much.
It's an interesting compromise, this GPU processing thing.
If I made some ridiculous uber-machine with quad 12-core CPUs and 8 GPUs it would crunch numbers so fast I'd need a little lie-down. That said, what is the kind of time spend crunching numbers versus chatting with the control server looking for new jobs? Personally, I wish control software were a little bit more dynamic. I would love to have a couple real number-crunching beefcakes for the render jobs that can't quite be broken up as much. The rest could be farmed out to the smaller nodes.
Instead, you need to find a balance between speed of processing, power efficiency, cooling, ability to supply X number of watts to a single system and ability to actually get jobs from the control server. Given that the client uses Lightwave, I've found from testing that 2xCPU and 2xGPU seems to be about the right balance. At the end of the day, the control software just doesn’t seem to be good enough to deal with more.
Good luck sir. I quite enjoyed all your pieces here on El Reg. You are now giving me a reason to look up the Daily Telegraph and read their technology section!
All the best, and I hope it goes well for you. Tonight, I'll be drinking my pint in your honour!
At least we agree on something.
None of this is about me, nor do I understand why it should be about you. I don't even understand why we're having this conversation in the first place. This is about a guy who wrote a great article, one that I personally am eager to read follow-ups to. It's about someone who I think did a credible job at bringing a difficult topic "down" to the level of regular folks like me. The OP to this thread was kind of harsh on the author; I felt maybe if the OP was looking to get more info from this author...
...he'd catch more flies with honey than with vinegar. Where and how and why you got involved, I’ve honestly no idea.
Further apologies to the author for the tangential nature this comments thread has taken.
- Geek's Guide to Britain INSIDE GCHQ: Welcome to Cheltenham's cottage industry
- 'Catastrophic failure' of 3D-printed gun in Oz Police test
- Game Theory Is the next-gen console war already One?
- BBC suspends CTO after it wastes £100m on doomed IT system
- Peak Facebook: British users lose their Liking for Zuck's ad empire