* Posts by Kevin McMurtrie

1108 posts • joined 15 Jun 2007

Video surveillance recorders riddled with zero-days

Kevin McMurtrie
Silver badge

Re: The joy of The Internet of Things

You drill down the soft brass bottom of the keyhole. The tumblers tear out and the barrel turns.

A Bluetooth hack is good for cases where social engineering is needed to get past neighbors. You can pretend that you're talking to the resident and being invited in while sending the unlock code. It's less convincing with the cordless drill.

3
0
Kevin McMurtrie
Silver badge

Re: Are there any robust systems out there?

Axis seems good, both in quality and customer support. Their IP cameras are little Linux computers that can operate by themselves or integrate with other standard components.

I second the recommendation to avoid all Hikvision cameras if you're interested in robust software. Maybe 2/3 of the cameras on any online web site are white-label Hikvisions.

1
0
Kevin McMurtrie
Silver badge
Facepalm

PHP

What is it with PHP programmers never escaping data? Hacked with a semicolon? Really? You grabbed a URL parameter full of whatever, concatenated onto the end of a shell command, and called it done? Maybe filtered out control characters after somebody said you're doing it wrong. Wait, why are you even launching a shell?

6
0

Latest Androids have 'god mode' hack hole, thanks to Qualcomm

Kevin McMurtrie
Silver badge

Re: Risk categories

"Jailbroken" isn't all bad. A scan of Cyanogenmod 13 shows only one vulnerability and the fix is in tonight's build.

2
0

California to put all your power-hungry PCs on a low carb(on) diet

Kevin McMurtrie
Silver badge
Trollface

The fans are good

All modern computers have brushless fans. As Dyson marketing says, this design reduces carbon emissions.

3
0
Kevin McMurtrie
Silver badge

They're telling you to update

This really comes down to whether or not a computer supports clock scaling and low power modes. Older computers have little difference in power consumption whether they're rendering an action game or displaying an e-mail. Maybe they can cut their power from a peak of 750W to 350W while idle. Modern home computers already scale the clock better and use more low power modes to keep the fans quiet. It's not unusual for a new computer to consume less than 50W while idle.

Old CCFL powered LCD screens were power hogs too. They lamps glow purple unless they're kept toasty warm.

It would be an amusing twist if ad blockers were required to meet power consumption goals while using a web browser.

3
1

Two first-gen flaws carried over to HTTP/2, warn security bods

Kevin McMurtrie
Silver badge

Slow Read

It doesn't surprise me that HTTP servers don't have Slow Read protection because it doesn't work well at the server level. A single server can detect that it has too many connections from a single client but it can't see the big picture. It could be that one client has thousands of connections open but each server behind a load balancer sees what looks like a legitimate set of requests from a tolerably slow connection.

Ten years ago, the most difficult time for a server was late night when everyone finished dinner and dialed in with a POTS modem. I/O and CPU dropped to nothing but system memory maxed out maintaining all those HTTP sessions and socket buffers.

3
0

Crocodile well-done-dee: Downed Down Under chap roasted by exploding iPhone

Kevin McMurtrie
Silver badge

Don't you watch those videos in your spare time?

A car has the advantage of being able to carry enough armor to direct the flames away from the passenger compartment. You have some time to get out before the whole car catches fire.

There are videos of Lamborghini Aventadors catching fire too. Some owners don't understand that the flaming tailpipe trick is a quarter megawatt of heat with nowhere good to go.

6
0

IPv6 now faster than IPv4 when visiting 20% of top websites – and just as fast for the rest

Kevin McMurtrie
Silver badge

Actually, thank the big telcos

As much as I hate US big telcos, they are the reason that IPv6 works. I have yet to see a decent home or small business router that can work properly with IPv6 turned on. You fight your way through inconsistent terminology, auto-configure bugs for the subnet size, and numerous things that need a reboot for no good reason. You start wondering if "6rd" is pronounced as "turd." Then connections start timing out because somewhere in the 1000 miles between point A and B, the MTU is smaller than each side thinks it is. Auto-config puts your MAC address in the IP address, then another auto-config tool warns you that your MAC address is visible. Maybe router rules doesn't work for IPv6 so you have to disable IPv6 on everything that's not hardened against global access.

Plug in the big telco modem and IPv6 usually works.

3
1

Seagate: We've doubled flash capacity without density changes

Kevin McMurtrie
Silver badge

What Ta?

Consumer electronics still uses tantalum caps?

0
0

Captain Piccard's planet-orbiting solar aircraft in warped drive drama

Kevin McMurtrie
Silver badge

Personal aircraft

I see electric aircrafts winning for rural personal transportation where simplicity is more important than range and duty cycle. Keep it parked it in the sun and it's ready to go. No oil changes, tuneups, gas additives, fuel storage, or repairs for vibration wear.

0
2

I'm good, I'm fine, solid quarter, real well ... pants Sprint as it limps past, spilling $300m

Kevin McMurtrie
Silver badge

Sad, but

I don't see any hope for Sprint. They've done everything wrong and did it with conviction. They sold 2 year WiMax phone contracts even as WiMax towers were rapidly vanishing. They sold defective phones and told customers that they were stuck between a hard place and early termination fees. They advertise "4G" or "LTE" with hardly a tower to be found with bandwidth. They advertise great coverage but it's throttled roaming.

Sprint's big turnaround effort is selling off their cell towers for a quick buck then leasing them back. Wow. I just took a look at Sprint's web site and they're STILL using every trick in the book for quick money and contractual lock-in. I picture the executive staff drunk at a big party screaming, "F*ck this job. Down in flames! Down in flames!"

2
0

Cyanogen Inc 'axes 20%' staff

Kevin McMurtrie
Silver badge

Slow death of mediocracy

I don't know why Cyanogen doesn't sell direct to the public rather than promoting obscure cell phones hosting their commercial OS. Android is dynamic, buggy as hell and most cell makers have no interest in software. I know I would pay a small monthly fee to have a third party maintain a good OS, manage bug reports, and provide regular builds. Cyanogenmod is so close to being a great OS but free volunteers struggle to maintain undocumented chipset drivers. It tarnishes the Cyanogen name.

4
0

GOP delegates suckered into connecting to insecure Wi-Fi hotspots

Kevin McMurtrie
Silver badge

Re: Why? - Let's have some critical journalism

Upvote for this. How is a fake WiFi AP any more dangerous than other public forms of Internet?

Most people have their apps and browsers remember logins, and that isn't fooled by a fake encrypted site. Downgrading to HTTP would disable automatic login and likely present an insecure form warning. Mobile apps and firmware are digitally signed to prevent tampering.

The one exception is sites not using HTTPS for login. No respected site would do that, right Reg?

3
0

How's this for irony? US Navy hit with $600m software piracy claim

Kevin McMurtrie
Silver badge

Better supply a new presidential candidate with that bill

The US of Trump will declare bankruptcy, settle for an undisclosed amount, counter sue for defamation, then hire a ghostwriter for a book about defeating Germany.

2
0

Harvard gives solar batteries performance-enhancing vitamins

Kevin McMurtrie
Silver badge

Lead-acid not flow

Lead-acid batteries are not flow batteries. Power is created by sulfuric acid taking oxygen off the positive plates and creating lead sulfate on both plates. Both plates become inert lead sulfate so adding fresh acid doesn't add power. (Except for some exotic experimental designs that move dissolved lead)

0
0

Softbank promises stronger ARM: Greater overseas reach and double the UK jobs

Kevin McMurtrie
Silver badge

Re: A week is a long time in politics

Creating new companies and selling them to foreigners for mountains of money sounds like a pretty good business to be in.

2
7

FTC lets Nest off the hook over Revolv IoT hub bricking shame

Kevin McMurtrie
Silver badge

Re: Home Server

Have you seen recent cloud service subscription prices? $500 for a server is a bargain.

1
1

Thermostat biz Nest warms to home security, touts cam with cloud storage subscription

Kevin McMurtrie
Silver badge

Yawn

At those costs, might as well spend nearly $800 on an Axis standalone network camera. Same features but uses a microSD card and/or NAS rather than a Google subscription.

0
0

A bad day for DBAs: MIT boffins are replacing you with a mere spreadsheet

Kevin McMurtrie
Silver badge

A = Administrator?

Maybe you meant developers for relational databases or data mining. The new GUI won't keep the database running.

I suspect that the GUI won't replace relational database developers either. It looks like an excellent prototyping tool, though. Keeping SQL commands in sync with evolving diagrams on a whiteboard is exactly zero fun.

12
0

IoT puts assembly language back on the charts

Kevin McMurtrie
Silver badge

Re: You can "learn" assembly?

There are, in fact, assembly language courses at schools. They cover techniques for managing the call stack, passing parameters, multi-threading and interrupts, building and parsing data structures, breaking down mathematical formulas into bitwise operations, macros, optimizing instruction pipelines, virtual addressing, various means of interacting with hardware, and playing nice with an operating system. The details vary with each system but the basics remain the same.

0
0

Oracle says it is 'committed' to Java EE 8 – amid claims it quietly axed future development

Kevin McMurtrie
Silver badge

The money! The money! Won't somebody think of the money!

The phrase "Enterprise Edition" usually means "so convoluted that you need to buy help." As I understand it, the Java EE set up the pyramid of training, certification, and consulting fees that made Java profitable to the owner.

Maybe nobody is buying Java EE support anymore? Java seems to be popular enough that you can always find a library or a developer to provide a more elegant solution than what's in some of the EE packages.

2
0

Obi Worldphone MV1: It's striking, it's solid. Aaaand... we've run out of nice things to say

Kevin McMurtrie
Silver badge
FAIL

Obi Oldphone

Why would anyone buy a new Obi when there are plenty of old phones lying around that can be upgraded from KitKat to CM12 or CM13? The Obi isn't even a high-end old phone. It's a midrange old phone.

1
0

Those Xbox Fitness vids you 'bought'? Look up the meaning of the word 'rent'

Kevin McMurtrie
Silver badge

The race to $0

Anyone who has used DRM media knows it's rental. When I see a DRM "purchase" I expect it to be as cheap as a single use or as cheap as a streaming subscription. I'm not paying any more for it. Studio greed is creating social expectations of cheap media and archive quality piracy that they probably won't recover from.

8
0

Magnetic, heat scanners to catch Tour de France electric motor cheats

Kevin McMurtrie
Silver badge

Tech

We might as well let the wealthy cheaters invent some cool stuff without completely cheating: Allow any modification as long as it starts with no stored energy and it will never be patented. Use solar, regeneration, cross winds, EM harvesting, electronic transmission, vibration adsorption, or anything else as long as the bike starts at zero energy.

Let's face it. Bikes need some new technology besides weight shavings and hipster wood paneling.

18
0

Surveillance, interrogation and threats: Behind the Nest witch-hunt

Kevin McMurtrie
Silver badge

Get right up to the creepy line but not cross it

Google collects everything about you so maybe you want to know about about Google.

It's an amazing place to be - excellent free food everywhere, bikes, pools, parties, and discounted everything. It's socially close to a Utopia. Now about the job part - It's one of the worst places to work. Google has many tens of thousands of employees so the odds are against you having anything interesting to do. It's average pay, expectations of long hours, on-call rotation, and endless bureaucracy. Those who can't code will try to look useful by trash-talking everyone else's project. Your boring project, which is probably just moving protobufs around in a horribly crippled Go/C++/Java that builds like you're on an ancient mainframe, is going to get blocked by people pretending like they're saving the company from your extra whitespace. Then reviewers will argue among themselves - Your change is too big, your change is too small, undo what the other reviewer told you to do. Time for more meetings. Build system is slow. Custom IDE is crashing again... Maybe you get 300 lines of code checked in after a week of work. Your suggestions to improve team productivity are met with a lecture of Google's sacred ways.

Google employees fall into pretty much three categories. First are blissfully ignorant masses that were pulled from graduation before experiencing the real world. They translate protobufs, hunt for bugs, and sleep in their cars until they burn out. Second are frustrated and angry employees waiting for more of their stock options to Nest, I mean vest, before leaving. Their day is one hour of productivity and another 9 hours of passionate hatred. Third is a handful of visionaries who have been given special bureaucratic exemptions to get work done. None of these three categories are very productive. That's why you need over many tens of thousands of people to accomplish anything.

9
1
Kevin McMurtrie
Silver badge

For whatever defense argument Google is preparing, it's not going to work. Google's memegen has about 60000 more viewers than anyone's Facebook account.

1
0

Linux's NFV crew: Operators keen to ditch clunky networks, be 'cool' like, er, Facebook

Kevin McMurtrie
Silver badge

Re: I must be getting old

The way I read it: Marketing is going to solve old wiring performance problems by adopting more modern methodology buzzwords. I'm confident that this new plan will work as well as Facebook and G+.

3
0

Google enlists Microsoft VoIP partner to unseat Office 365+Skype

Kevin McMurtrie
Silver badge

Wait, what?

Why all the bundling and integration if it's using plain WebRTC and SIP? This is what makes Project Fi a bit odd - a very simple form of personal communication being re-imagined by a large data collection and advertising agency so that it now requires special hardware and software.

4
0

Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate

Kevin McMurtrie
Silver badge
Paris Hilton

The world is flat so non-US corporations are at risk of falling over the edge. I stood on a ladder today and checked: it's true.

0
0

Apple and Android wearables: What iceberg? It’s full steam ahead!

Kevin McMurtrie
Silver badge

World's Largest Metaphor Hits Ice-Berg

There's just enough room on your wrist to display the current time. That's why watches go there. It seems obvious that, regardless of application features, watches will remain a failure as long as they're visually driven with no almost visual area. This all seems like a huge waste of money unless somebody is working on top-secret technologies for projection or effective non-visual interaction.

(Credit to The Onion for the Titanic headline)

1
0

Spam King sent down for 30 months

Kevin McMurtrie
Silver badge

So 1990

E-mail spam is mostly a solved problem. The nice thing about TCP/IP is that the other end of the connection is known and you can maintain blacklists of spam-friendly networks. All that remains are compromised computers that rapidly come and go. Since mail is not quite real-time, an SMTP server can refuse to accept messages that are flagged by analysis. Newer mail servers don't have the messy bounce or greymail issues of post-processing.

Telephone spam is a different problem. A call receiver knows absolutely nothing about the caller. Gimmicks like Nomorobo were long ago defeated by using a random (or trusted) local phone number as the Caller ID. I don't hear stories of telcos getting huge fines for supporting illegal telemarketers so keeping Caller ID broken is all profit for them.

4
19

Google doesn’t care who makes Android phones. Or who it pisses off

Kevin McMurtrie
Silver badge
FAIL

gPhone

Honestly, Google's phones suck. The amount of shovelware and spyware on them makes you feel nostalgic for the old days of carrier shovelware. There's no external storage and the phone is pretty much a brick without constant high speed cellular service and a nearby charger. Anyone OK with all of those limitations would have purchased a superior iPhone.

Variety is Android's life. It dies a little bit every time Google tries to lock it down and restrict it.

0
0

Don't go chasing waterfalls, please stick... Hang on. They're back

Kevin McMurtrie
Silver badge

MVP

Agile assumes that the next minimum viable product is not far away. Sometimes that's not possible and you need big plans, big schedules, and very clear long-term goals. If your project manager is stuck on any one methodology, you're doomed to fail.

2
0

Wi-Fi hack disables Mitsubishi Outlander's theft alarm – white hats

Kevin McMurtrie
Silver badge

Could be worse

Give me WiFi any day. VW's Car-Net is Verizon cellular and can't be disabled without taking the dashboard apart. It costs $18/month if you somehow find a use for it.

1
0

Redmond adds malware, phish warnings to Bing

Kevin McMurtrie
Silver badge

Such amazing tech

Too bad Microsoft can't use it to stop the flood of Benin phishing spams relayed through Outlook.com.

1
0

Farewell, Fadell: Nest CEO Tony quits IoT biz

Kevin McMurtrie
Silver badge
FAIL

But... the billions and billions of customers

Nest made people realize that thermostats don't have to be complex. Anyone can replace the cryptic commercial programmable unit in your home with a thermostat that's one tap away from doing what you want. That begs the question of why anyone needs a device as complicated as a Nest. $20 buys a digital thermostat with up/down/heat/cool/fan/off buttons and a simple setup menu. Better still, the $20 thermostat isn't chatting about your activities over the Internet or bricking itself on software upgrades.

6
2

US computer-science classes churn out cut-n-paste slackers – and yes, that's a bad thing

Kevin McMurtrie
Silver badge

Visited Maker Faire

The recent Maker Faire in San Mateo, CA, US was sad. Computer board makers dumped a bunch of kits into schools and the outcome was too often mapping the arrow keys on a laptop to a pair of motors on a toy and calling it a robot. It seemed to miss the point. Dreams of building something innovative were probably crushed by watching a big ugly mess of wires on wheels twitch and short out.

3
0

Surface Book nightmare: Microsoft won't fix 'Sleep of Death' bug

Kevin McMurtrie
Silver badge
Trollface

Still copying Apple

MacOS X has been doing this for years. I don't know why it took MS so long to catch up.

8
13

US nuke arsenal runs on 1970s IBM 'puter waving 8-inch floppies

Kevin McMurtrie
Silver badge

Well, sort of. It's impossible to hack remotely because it knows nothing of the Internet, WiFi, cell networking. On the other hand, most old computers have a console or debugger switch that will let you inspect and change memory. The programs are simple enough to be hijacked by keyboard entry. Program wants a password? Break, inspect the subroutine's entry point, alter a register, advance the program counter, and resume.

2
0

Sky! Blue!, Oceans! Wet!, Yahoo! Overvalued!

Kevin McMurtrie
Silver badge

Re: Let the Bidding begin!

Good point. Yahoo would probably be worth far more if it was converted to high density housing. They might even get local and state subsidies for creating housing that's a 15 minute walk to tens of thousands of jobs.

6
0

World goes SIM-free, leaving Sony and HTC trailing behind

Kevin McMurtrie
Silver badge
Thumb Up

frequent, monthly or fortnightly updates

"That bug is fixed when you buy our new phone," say all the cell manufacturers about to go out of business.

4
1

Boffins achieve 'breakthrough' in random number generation

Kevin McMurtrie
Silver badge

Since this has been done for as long I've known code, we should also presume that a new "high-quality" press release can be generated by combining two "low-quality" research projects.

40
0

China's new rules may break the internet warns US government

Kevin McMurtrie
Silver badge
Mushroom

554 Invalid recipient

I welcome China's move to verify online users. In fact, APNIC should kick off this event by reclaiming all Chinese network addresses with falsified or inoperative ownership records. Root name servers should remove accreditation from all Chinese domain registrars with a recent history of allowing bulk registrations from unverified sources. Well done, China.

9
0

Bots half all web traffic

Kevin McMurtrie
Silver badge
Paris Hilton

Bots streaming videos from torrents to look for pirated content.

6
0

Valley VC Peter Thiel becomes an official Trump delegate

Kevin McMurtrie
Silver badge

Location

He picked an odd location for a mansion too. If it's not in the center of a traffic jam, it's only because howling wet winds have driven everyone away.

0
0

IT glitch causes 'nationwide' Post Office outage

Kevin McMurtrie
Silver badge

Re: kind of vague

It wouldn't be news if it was the US. Mail is skipped up to 2 days a week for rotating outages caused by people rage quitting.

2
1

Nvidia, Samsung pump brakes in car-crash GPU patent rip-off race

Kevin McMurtrie
Silver badge

Ah, pumping the brakes. I like that as a metaphor for an exceptionally ungraceful recovery. I recall seeing so many people skid wildly out of control pre-ABS because they heard that they should pump the brakes during a hard stop. There were more instructions for the technique but TLDR.

0
0

Pop goes the weasel! Large Hadron Collider blown up by critter chomping 66kV cable

Kevin McMurtrie
Silver badge

A beech marten

They knew exactly what kind of an animal chewed through the 66kV line. It's amazing what those scientists can deduce from nothing more than smashed particles.

13
0

Germans stick traffic lights in pavements for addicts who can't take their eyes off phones

Kevin McMurtrie
Silver badge
Thumb Down

Re: Darwin award??

The Darwin award might be deserved for some recipients but the tram operator delivering it is going to feel like shit anyways.

30
1

Forums