NetBIOS is still a thing?
Wow, I last worked with NetBIOS in the early 1990s. Anybody still using 45cps Teletypes, too? How about IP over pigeon?
779 posts • joined 3 Jul 2007
Wow, I last worked with NetBIOS in the early 1990s. Anybody still using 45cps Teletypes, too? How about IP over pigeon?
There are a few routers that have, by default, enabled "management" for world+dog on the internet-facing side of the router. Most, though, have that off by default. And if the router is vulnerable on the inside, then that means that the miscreant is also already on the inside of the network. Which means that all of the security precautions have been circumvented. At that point, does it matter that much that the router is still secure?
The software explicitly logs its decisions. which makes the system more transparent, and decisions are ultimately signed off by humans.
"... and I'm not allowed to do anything until one of you lot scribbles on a piece of paper. I’ve worked out an answer to the square root of minus one, and they need to scribble on a piece of paper to show that they agree with me. And never a relief from the terrible pain in all the diodes down my left side."
I'm so glad that there are more successful launches of private-enterprise rockets. At some point, the governmental bodies will only exist for regulatory purposes, much like the FAA. Yes, space is big enough that it needed a government push (and some competition between governments), and now companies are getting into the normal flow of space traffic.
And what about El Reg's space project? You guys aren't giving up on that, are you? I'd love to see the playmonaut make it to space.
"... or do some other attack..."
And I'm so glad that my password of **** is safe now. It's so nice that the plain text is transfered to the server, then hashed, and compared with the hash of the plain text on the server. So secure and efficient!
Here's the thing about a self-signed certificate: how do I know that you issued it? If I don't have a method of independent verification, there's a valid chance that what I think is your web site really isn't your web site.
It wasn't the browsers, it was the "third party security accredited load balanced OCSP responder system" that brought everything down.
So while the responder system was "secure," it just happened to have this one wee hole in it, owning to a problem with comparing dates.
Shocked that default passwords are being left in place on supposedly tightly-controlled hardware! And there's gambling in Rick's!
This really doesn't strike me as something that would be outside, say, next to a traffic signal box or something like that. This is something that would be put into the "outdoors" of a warehouse, The system uses some beefy hardware, with a "fan wall" inside it.
If someone was serious about putting servers outside, the system would not be generating enough heat to require an extremely high air flow. Something like that would suck in so much dirt you'd open the case and need a shovel to clean it out. No, you'd be using low-power systems, or something that has heat pipes going into a heat exchange.
No, the first problem is using a gadget instead of an actual medical device. The Independent ran an article a couple of years ago that these monitors were mostly useless.
Honestly, the old nursery rhyme has it right: put your child in a rickety basket in the top of a tree during a wind storm, and if the kid survives that fall, you'll have no worries. If you want a gadget, add a Raspberry Pi to monitor wind speed, cradle movement, and precipitation.
That's great, when you have a sysadmin who's on the ball. However, a lot of these are on networks where a professional sysadmin is either non-existent, or doesn't care. After all, the passwords haven't been changed from the factory defaults, and the devices are open for world+dog to violate.
I have no idea if any of mine have a display problem, because I've been using all of them headless. They are a load of fun. The battery life is quite nice, and the whole package is quite small.
It's nice to see the C.H.I.P. people making more and different wares.
To a certain extent, legislation on who is liable for a robot (or car) run amok is necessary. All of the car controls in many modern cars are just suggestions to the computer. Ignition, accelerator pedal, transmission, and brakes are all drive-by-wire. Add in some computer control on the steering, and what input does the driver really have if there is a failure, or malware gets uploaded?
Of course, autonomous ground-based killing machines can already be implemented. It's just that nobody has bothered to do it as part of their arsenal. We've had missiles that self-identify a target for some time. After all, that's what guidance is all about.
I remember that somebody produced an FPGA coprocessor for AMD, but I can't remember who it was.
Yes, if you want to play with a FPGA and an ARM processor, then there are a number of little boards with a Xilinx 7010 on them, like the Parallella, which also sports a 16-core Epiphany RISC chip.
But really, doesn't it sort of seem that hell just turned down the temp a bit? Intel? ARM? +FPGA? It's rather nice to see Chipzilla experiment like this.
It's not the device getting out, it's someone outside getting in to get to the device, and dropping a payload on it.
NAT=good, disable all PNP protocols=good, and of course keep the stupid thing off the network in the first place=good.
What would be the point of either Telnet or SSH? If they have default credentials, then it doesn't matter for any access to the device. The default credentials will allow everything!
For a slightly higher hurdle, the web UI can be soundly hacked on most of these devices.
My Cisco router and Engenius AP required me to use a decent password on them. Unfortunately, companies like D-Link come hard coded for so many holes, it's absurd that they passed a competent QA or security analysis.
For now, the ISPs need to take action by shutting down access to the dodgy devices, like getting the owner's attention by cutting off access. Beyond that, the companies that made the devices need to be held accountable.
Despite all of the books that Microsoft Press has published in regards to quality and management, nobody inside Microsoft is fit for this job! I've always wondered, why don't any of the people inside Microsoft read those books and actually do what they say?
As you would expect from a lawsuit lodged by states' top lawyers, the content and explanations within the lawsuit over how the internet works and the role of the NTIA and ICANN is largely accurate – a rarity in this area.
OK, who told them, or did they crib something from Wikipedia?
Now, would the FCC become Sweeny Todd or Jack Ketch?
A good regulation would be to require ISPs to shut off access to IDIOTs.
An electrically-operated chair? Why settle for that when you could have one with a V8 running nitromethane?
More cat videos!
Oh, and lots of opportunities to replace all of that "old" kit with new kit. So far, I've never worked in a place where equipment was upgraded unless said equipment died. Like the ports stopped working, or it caught on fire, or where one time we actually upgraded the network behind the admin's back.
And the soil is full of calcium perchlorate! Yes, it's all toxic to us. NASA claims that you just need to leach out the perchlorates from the soil before planting. I wish them good luck with that.
So this is another fork of the Linux kernel, and the project has been going on for six years. Instead of counting kudos, how about counting product adoption? Is this actually going into real products?
There is also a Kernel Self-Protection Project, but that won't mean squat if the system allows binaries to be uploaded and executed. OK, so your kernel is secure, but the manufacturer left the rest of the system open.
Honestly now, how many people, besides me, have gone through the mess of upgrading the firmware on an IoT webcam?
And when is this going to be featured in an upcoming BOFH column? Mmmmm???
Awww, pwease won't you use IPv6? Pweeeeeze??
#1, I'd love to have a home router that actually uses IPv6. But I have to cook up something on my own if I want that. The average schmuck has no chance at that. None.
#2, Really, it's not my decision. That's my ISP's decision. Plug in equipment, and get ... IPv4.
#3, Could we get some software updates out here, please? There are an annoying number of packages that haven't figured out that IPv6 is a good thing.
#4, Get the local sysadmin to allow IPv6. Some people are annoyingly resistant to change...
To a certain point, I'm kind of glad that organized crime has moved in. Now it's a real problem if the mob are involved.
Patching is a great idea, when it's done right. But usually it's done with the same forethought that went into creating the software in the first place. I.e., none.
A while back, an anonymous researcher used the IoT to map out all of the corners of the Internet. At that time, I and everybody else paying attention, realized that all of these IoT devices would make a hell of a botnet, or mining net, or whatever else you wanted. And now we have Akami being nailed until they screamed.
What can be done now? Shut down service to the people with the unsecured IoT devices. Unfortunately, that takes effort at the ISP level, and there's not much chance of them doing anything without legal penalties being implemented. And that takes time.
There is no good solution that doesn't involve effort. People are going to buy these cameras, point them at the baby, open a port in their home router, and tell Grandma to have a look. No manufacturer is going to put time into securing a $20 device, even if it can be easily hacked to DDOS world+dog.
There's no penalty for bad security.
And if your processor metrics get swiped, then that means that you'll have to replace the processor. And on a laptop, that means you'd have to replace the whole computer!
Oh, wait, so that's Intel's route to forcing upgrades...
That's the problem: besides keeping the firmware up to date, and having non-default passwords, nothing can be done. They have basic configuration security holes you can fly a Deathstar through, and you can't do anything about them, except for not allowing the world+dog to access them through the network.
But most people (vast majority) not only allow world+dog to access them, but the devices don't have the passwords changed or the software updated. And this won't change until the ISPs shut access off until the customers secure the devices.
There was an investigation into why the F-35 cost so much. Basically, everybody had a finger in the pie, piling up costs, delaying everything, adding one more stupid feature after another. And nobody was bringing it to a halt.
Now we've wasted many billions on a hunk of junk, that will only fly in perfect weather. What is this jet, really? The reincarnation of the Pinto? Corvair?
The only way to really "protect" against attacks like this is to have the bandwidth to eat the attack traffic. Otherwise, you'd have to be somebody like Netflix, and I don't think they do pro bono stuff like this. Nice to see Google take up the challenge.
This is the thing that I always thought that IoT should really do: take care of people in states like this. Something small to help someone along in the day, etc.
Disorders of the brain are one of things that are so unnerving. Your brain itself goes into a state of decay, and there's nothing to be done for it.
There's been a lot of speculative fiction about bots with personalities. I think all of Asimov's androids essentially had personalities, and of course Douglas Adams posited a misguided corporation that produced far too many things that really shouldn't have had personalities at all.
I can see bots with personalities as being quite interesting as NPCs in various games. There's also the comic, Nonplayer, that's exploring the ramifications of having full AI in an online game world.
A chat bot in a support role doesn't need personality, but it might be nice. Doesn't matter, really, as most of the time you're just reading the manual to somebody. But you could program it with a sexy, alluring voice, though. Or spiff up the jive filter.
Behind paranoid eyes.
Yes, the wondrous cat-and-mouse game! Remember when the malware would just look in the registry to figure out if it was running on a virtual machine? Now it's using limited heuristics. Anybody want to guess when malware will be coming in phases, a part A and B?
He won't miss the prison bus! I imagine that prison is a familiar place for him, since he was also carrying some hard drugs. Howells' attorney opined that Howells' addiction "clouded his appreciation of the consequences" of his actions. Yeah it did, Howells was actually flying high at the time!
Troll icon, for the Dunning-Kruger effect.
"Bridge to Captain Kirk" plus sound effects. When I was in the Army, we (Signal) had the intercom in our hands in short order. I'm sure the Navy lads won't leave it alone!
It's running Linux. And it's various flavors, too.
doesn't mean that the deployed systems aren't vulnerable. There are so many systems out there that will never be fixed that it's just hideous. And some companies don't apply patches because that would just take effort...
You do know that old cars are still around, fixable, and drivable? Just ask the Motortrend Road Kill guys.
Oh, wait ...
It makes sense if you can't run your own datacenter, or someone else does it far better than you. That's the sad fact in a lot of companies. Amazon got into "cloud computing" when they realized they had a lot of extra capacity that was going to waste on a regular basis. It only made sense for them to rent out their spare computing cycles.
If you can effectively manage your own center, then renting someone else's machines doesn't make sense.
"Aliens made it!"
As if aliens, who have journeyed from another star system, would bother making a bunch of lame gears for some semi-evolved simian.
Hero of Alexandria invented the vending machine 150 years before the computer was made. So, really, is the Antikythera mechanism really that astounding? What's really astounding is none of this did that much to move their society forward. Hero also invented the aeolipile, a type of steam turbine. Did he rig it up to do any work, or did he just do a demo?
Perhaps the state of metallurgy was too primitive for general-purpose steam engines. Hard to say.
I'm not sure that anything boat-sized can avoid radar detection when they're actively looking for you. In WW-II, the U-Boat periscopes could be detected with radar (RAF Mk II Airborne Interception radar, and later the H2S radar). Radar has only gotten better since then.
The only advantage would be that being an unmanned vessel, the smugglers would not be at risk at high sea. They would only be picked up when the vessel got to its destination, tracked by the Coast Guard and the Navy.
Here's where 2B is worse: 2B will do things. Not only that, you have to spend time a: cleaning up, b: "discussing issues" with 2B, c: both. And it's not an uplifting experience.
These people never understand that they are wasting other people's time. Yeah, it's the Dunning-Kruger study, always repeated in real life, globally.
In 1975, a 1959 Opel got 376.59MPG, with its stock 4-cyl engine. Yes, they modded the rest of it like crazy, and drove it at a steady 30MPH, but that's still a rather significant achievement.
So: Clean. Efficient. And, um, that's pretty much it.
Yeah. 1975, 376+ MPG.
As an IT guy who's also in senior management (founder), I'd like to add that plenty of IT people expect the business to understand their side, while doing very little to explain the problem in business terms, or trying to understand what the business as a whole is facing and where they fit in.
Here's a problem: the business people don't understand the system, and neither do the IT people! Imagine a system that's running on an old release of Linux, and there's no real plan to replace it. Imagine that I had to explain to a developer, who'd been with the company 18 years, the difference between a C preprocessor macro and a function. Imagine that none of the developers know how to use a debugger. Imagine that two years ago, one of the developers hit the system with a load test equivalent of a large fuzzy Q-tip. The system fell over immediately, but nothing was done about it.
And of course, imagine that the business people are blithely selling the product like it can be a fabulous solution to handle bazillions of users. Which it can't. And that's been explained to them. Repeatedly.
At some point, "engineering" really means, "the work of designing and creating large structures (such as roads and bridges) or new products or systems by using scientific methods."
Scientific methods, what a concept. Designing. Planning. Estimating. Testing. There is nothing that the minion on the bottom can do to get managers off their ass and do something competent, when the managers are fully incompetent, and of course never had the training in the first place.
When does senior management take the issues seriously? Bankruptcy. "You have no money. Now go home, pack your stuff, and live in a cardboard box on the sidewalk." Then they'll take notice.
I thought that these computers were supposed to be looked up by name! What is the point of DNS when everybody tries to refer to a number? (I run into this at work all the time. "What's the server?" "It's blah.blah.com." "But what's the address?" "We have DNS. Use it." So they do a query on the command line, and then use the IP address...)
This has to have an extremely limited market! These only make sense if the system can't take a USB card. The don't make sense if the system can take a USB card. (There may not be ISA USB cards available any more, but I haven't checked.)
That was the title I expected.
The actual problem with the phone is that its charging specifications are incorrect. It actually needs 440VAC at 200A, otherwise there's too much amperage coming in through that little 5V connector.
Never mind Moore's law, it's Ohm's law here!
Yeah, drone + engine = horrific catastrophe.
No explosives required, just some additional metal mass in the engine, and ... boom! Adding any kind of projectile weapon to the plane wouldn't do anything good. You also have to account for where those bullets land. However, the airplanes could be outfitted with emergency jamming devices to drop the drone out of the air.
From what it sounds like, though, is that the pilots are not aware at all until it's way too late. You can't do anything when you see the drone within 100ft of the cockpit.
sudo killall -9 Autopilot