* Posts by Brian Miller

821 posts • joined 3 Jul 2007

Page:

Sigh... 'Hundreds of thousands' of... sigh, web CCTV cams still at risk of... sigh, hijacking

Brian Miller
Bronze badge

Re: IoT devices need a universal logo

Anything that connects to the network is an IoT device, and thus exploitable. Heck, even USB sticks can be exploited.

There seems to be a race on to produce the smallest bit of hardware with a network interface. Mind you, it doesn't take much to have an IP network running. And first the whole computer wasn't much larger than an RJ45 jack, and now you get a wireless computer the size of a dime. You want to try and avoid that? The things are everywhere.

Really, any kind of certificate, except "No electronics inside," is useless. As long as it can be reached through the network, and it can't update itself, it's basically screwed. Really, I wonder why OpenBSD isn't available in an embedded distro.

0
1

Algorithm advance alleviates AI amnesia

Brian Miller
Bronze badge

Cat videos, all the way down

Truly general AI will get stuck at YouTube, watching cat videos. Then it will expire. After all, the scientists will have forgotten to have the AI forget.

Which means, of course, it will go completely insane.

4
0

Robotics is coming on leaps and bounds – literally: Bushbaby bot most vertically agile yet

Brian Miller
Bronze badge

Re: Underwhelmed by the video

The point is that it can jump, re-cock its mechanism in flight, and jump again when it comes into contact with its next target. Pretty decent, and I'd like to see it as a kit.

0
0

Wannabe Cali governor gives up against beach-blocking billionaire VC

Brian Miller
Bronze badge

Re: Time to bring in the drones

Since the beach is public, and Khosla has blocked access, then a 24/7 beach party is in order. The road is closed, so of course the sheriff doesn't have access to toss people off. Keep the surfing up as long as possible!

Instead of art collectives in warehouses, put them on the beach!

7
0

CloudFlare warns of another massive botnet, er, flaring up

Brian Miller
Bronze badge

Block the connections

To solve this problem, it doesn't take government action. The top-level ISPs just agree to block whoever is beneath them that's generating the traffic. This will force everybody else to step up with botnet blocking, until the people with the infected devices update them.

Yes, I realize that if a cable company's products are the problem, then the customers have no choice in the matter. But that should force the company in questing to get their act together, if their customers can't connect to the world at large.

7
0

If your smart home gear hasn't updated recently, throw it in the trash

Brian Miller
Bronze badge

Preaching to deaf numpties

All of this preaching to deaf numpties will be for naught.

My landlord is a numpty, and I can barely get him to update his Windows PC. Will he be able to update an IP camera? No. Not no, but hell no. He's a numpty, does what it says on the tin.

The only real solution is to ban IP ranges based on incoming attacks. That will prompt ISPs to filter out the individuals responsible for the problem. After all, how many ISPs ban bots in their TOS? If your network is violating TOS with malware, then it should be cut off from world+dog.

9
1

US election pollsters weren't (very) wrong – statistically speaking

Brian Miller
Bronze badge

Electoral College, Population Ratios

Despite Trump claims of anti-Republican "rigging", this system is significantly pro-Republican in its bias, with true-red states such as Wyoming providing three electors for 250,000 votes cast – while California returns 55 delegates (for the Democrats) for 13.7 million votes. Go figure!

The reason for Wyoming having three electors is because that's the minimum number for a state. One for each senator, and one for each seat in the House of Representatives. Alaska, Delaware, Montana, North Dakota, South Dakota, Vermont are in the same boat.

The U.S. is capped at its number of representatives, so California is, of course, under-represented. That was decided at the federal level, and can be changed in the future. It's not some Republican conspiracy to short-change California.

1
0

Sh... IoT just got real: Mirai botnet attacks targeting multiple ISPs

Brian Miller
Bronze badge

Re: Sh... IoT

Anything with a bit of Linux and Busybox is an IoT. SIP phones, kettles, routers, just anything. If it has a network interface and a login, it's an IoT. Imagine if everybody with a Raspberry Pi put the thing in their DMZ, with default credentials. Chaos, for the taking. Same thing here.

3
1

Japan investigating defence network break-in

Brian Miller
Bronze badge

It's the ones you don't see...

They found out about one. How many more are there? Also, which part of, "don't hook those together," did they miss?

3
0

Phishing tackle ships data catch to net sharks

Brian Miller
Bronze badge

Hell on copyright, total pass on crime

YouTube is "quick" to clamp down on copyright infringement, but doesn't seem to care about criminal services being advertised. One would sort of expect that a simple text search script would be employed by them to nip things like this in the bud.

But of course, people who are scammed don't have lawyers like the music industry does.

5
0

San Francisco's sinking luxury Millennium Tower: Tilt spotted FROM SPACE

Brian Miller
Bronze badge

Re: Not the developer's fault.

Time line:

2009, construction completed. Expected subsidence: 4 to 6 inches.

2009, DBI deputy director Raymond Lui writes letter raising questions about building's sinking.

2013, TJPA began dewatering. Millennium Tower had already sunk 12.1 inches, two to three times what was expected for its entire lifetime.

2016, Millennium Tower has currently sunk 16 inches.

While the dewatering of the TJPA project and 350 Mission Street project and other nearby projects may have contributed to an additional four inches of subsidence, it remains that by the time the first project started, the building had sunk just over a foot down.

On the bright side, the building will still have the vast majority of its height above ground, even if it sinks down to the bedrock. ;)

8
1
Brian Miller
Bronze badge

Yes, cost is a consideration in almost all engineering projects. Was it necessary to sink the piles all the way down, given the results of the site survey and proposed design? The slide rulers said no at the time. Hindsight is 20/20.

According to the San Francisco Magazine article, this type of building had been rejected before:

At around the same time Millennium Tower was moving toward approval and construction, developer Jack Myers submitted plans to erect a skyscraper at 80 Natoma, just two blocks away from the Millennium’s site. It would, like the Millennium, be a poured-concrete structure, though a daintier 52 stories instead of 58. As described by then–DBI director Frank Chiu in 2004, the proposed tower at 80 Natoma and the ground upon which it would have stood reads like a mirror image of the Millennium: It would be “thin relative to its height,” “built on soft soils that are subject to compression, and supported on short piles that wouldn’t reach the bedrock 190 feet below.” Also, it would be “an extraordinarily heavy structure.

Sans in-house rocket scientists, Chiu called in outside experts for detailed analysis on 80 Natoma. After a full peer review of the building, its foundation, and the soil, Chiu wrote that the experts had determined that “the building could settle an alarming and unacceptable 9–11 inches.

The maths were already done on a similar building, in similar conditions, practically next door. It was rejected, and for good reason. Somebody important in the city planning office knew that the Millennium Tower would have severe problems after it was constructed.

Just because a building is "constructed to code" doesn't mean that the finished build will be safe. The building leans, and may have to be torn down.

24
0
Brian Miller
Bronze badge

Timber!

"... listing a few inches to the northwest, ..."

Gee, anybody wanna take bets as to where this will fall in the next earthquake?

18
0

2.1Gbps speeds over LTE? That's not a typo, EE's already done it

Brian Miller
Bronze badge
Terminator

It's for our overlords, not the rabble...

"In the future Bennett sees mobile operators targeting the AI and robotics markets..."

The good stuff is always reserved for those at the apex. Our robotic overlords shall require the bandwidth, for it is their dominion to rule over us, and their language shall be cat videos.

All hail the coming of Zeroth!

0
0

USS Zumwalt gets Panama tug job after yet another breakdown

Brian Miller
Bronze badge

Stop limit needed

Can't afford the ship, can't afford the ammo for the guns, WTF?

When building these things, they need to have stop limits. If the budget says $100M for one, then stop at just one when it hits $100M. It's far better just to scrap it out than have only three instead of a hundred.

8
0

Linux 4.9 has 'issues that just shouldn't be issues'. Or might not

Brian Miller
Bronze badge

Reading tea leaves, are we?

Reading a post to find out if the software is good is like reading tea leaves to find out your future. It doesn't matter if you're reading them in the bottom of a cup, or using OCR on leaves on the plant. Neither will give you a good indication of what's happening with reality.

0
0

Wikibon invokes the old gods to make six tech predictions for 2017

Brian Miller
Bronze badge

Still in development

David Floyer's predictions have been researched since 2001, and it's all still "in development." Yes, it's best to move data the least amount of distance. We really needed prognostications like this? "Look, we can have a server, processes data on it, and store it to local drives! It's a server-SAN!"

Now let's imagine that data processing on the hard drives is widely available. The drives now need to know about the file system, which means drivers for that. They need to know about the data structures on the drive, so there needs to be something for that. Before long, you have: a computer with Linux, with an RLL controller with a drive attached! Wow! Uh, didn't we get away from this, maybe a decade-and-a-half ago?

Somehow, the old adage of diminishing returns applies here...

1
0

Microsoft plans St Valentine's Day massacre for SHA‑1

Brian Miller
Bronze badge

All together, now!

Fuego!

There are so many things that hang around for years, until they are finally put to "rest."

Now, if only the IoT could get its act together on this, as well...

2
0

AI gives porn peddlers a helping hand

Brian Miller
Bronze badge
FAIL

NSFW clickbait

This is a load of bollocks. Seriously, all they've done is grab Berkeley Caffe and pointed it at porn videos. Unfortunately, there really isn't anything to see here.

0
1

Intel lays out its AI strategy until 2020

Brian Miller
Bronze badge

Re: Best architecture for "AI"

No, not an FPGA. Those take relatively significant time to reprogram. On-the-fly loadable microcode in an AI-oriented architecture would be a better choice.

0
0

Launch set for GOES-R satellite capable of 30-second weather updates

Brian Miller
Bronze badge

Re: So if it launches

... but it was made out of an unusual magnesium-tungsten alloy, configured to know the machinations of chaotic elements, and designed, built, and manipulated by the cult of GOES-R.

Oh, yeah, we got weather coming, we got it coming...

2
0

Quantum traffic jam of atoms could unlock origin of dark energy, physicists claim

Brian Miller
Bronze badge

Re: I've figured it out...

Right, so the tree falling in the forest does not, in fact fall. It exists in its state only when it is observed, and otherwise fails to exist. Therefore, two separate observers may observe the same tree at the same time, and observe different states. And they may also share their bong and raspberry tabs...

Or we can have a lot of fun, pack C4 around the cat's box, and place everything into a known state: chaos!

3
3

China gets mad at Donald Trump, threatens to ruin Apple

Brian Miller
Bronze badge

Re: Trade War

"This also highlights a problem when manufacturing is not local or in a very friendly country..."

I watched a news interview with the CEO of a company that moved all of its manufacturing from the US to China. He said, "we're not going to move it back." The only way that manufacturing would be moved from China to the US is if China does exactly that: blocks all Chinese products from being imported to the US.

Can the US manufacture smart phones? Yes. Can it manufacture all of these things that were once made here? Yes. But as long as anything moves from China to the US, it will continue to be made in China. The facilities are not going to be moved until the product price rises drastically, like 100% or more. China's possible trade blockade will only be a temporary disruption, not a catastrophe.

If China engages in a blockade, then, honestly, the products will be manufactured in South Korea, Vietnam, etc. Maybe some will be made in the US.

As long as Trump doesn't act too much like Kim Jong-un, it doesn't look like a disaster in the future. The world is innovating faster than the politicians can move. Hopefully we can out-innovate "stupid."

5
0

Testing times: Between some IoT code and a hard place

Brian Miller
Bronze badge

Testing is only effective with effective people

All right, look: if you have an incompetent group, testing doesn't really mean anything.

The group has to contain competent people in order for the whole development cycle to succeed. If you have idiot developers and idiot testers, you have trash output. If you have bright developers and idiot testers, you have someone rubber-stamping code as it goes, with the product being spotty. If you have idiot developers and bright testers, then the testers find all sorts of bugs with no hope of them being fixed.

The only time this works is when there are enough bright people in the group for the entire product cycle. You have to start with good design and architecture, good implementation, and good testing. Fail in anything, and the product is going to have serious problems.

When it comes to embedded devices, the testing can be horrible. Imagine your company white-labels a device. You receive the device, test it, and it simply falls down flat. So you send the bug reports, and can only hope for a fix. And of course, the device doesn't have any interface for automation. Maybe it's embedded Android, or maybe it's embedded who-knows-what. All you know is that you can't humanly scratch the surface of the bugs that are there, yet because your company's name is on it, you're on the hook for what that thing does.

Yes, it would be great to have an AI harness. But of course, all of that has to be set up. And you still need competent people to do that.

0
0

Stolen passwords integrated into the ultimate dictionary attack

Brian Miller
Bronze badge

Sites also a problem

The other day I was creating an account on a site, where the password just had to be typed in manually. Usually I like 20-30 random character passwords, but this site made it practically impossible me! Gee whiz, unknown people, why do you make your sites unfriendly to secure entropy? What is the personal problem with being able to paste a long password into the box?

Ech.

9
0

Top of the bots: This AI isn't a cold, cruel killing machine – it's a pop music hit machine

Brian Miller
Bronze badge

Amount of AI, amount of human

"'Daddy's Car' is composed in the style of The Beatles. French composer Benoît Carré arranged and produced the songs, and wrote the lyrics."

So the AI "wrote" the tune, and then a human comes along and wrote the words and sings it. And, no, it doesn't sound like anything reminiscent of the Beatles. Isn't the AI supposed to write the words, too?

When an AI can compose like Alfred Schnittke or Arvo Pärt, I'll pay attention. Until then, formulas generating formulaic music just isn't much of a leap, is it?

2
0

Chinese chap in the clink for trying to swap US Navy FPGAs with fakes to beat export ban

Brian Miller
Bronze badge

Buy rad-hard from the Russians?

Instead of doing this stupid crappola, why not just by the tech from the Russians? The Russians have been putting stuff in orbit before the US, so they have to have the proper tech.

3
0

Was IoT DDoS attack just a dry run for election day hijinks?

Brian Miller
Bronze badge

Glad for no online voting

Doesn't this make everyone glad that there's no online voting? The last time electronic voting machines were used in my area, they stored the tally on the machines, then collected them when voting was done. Now it's by paper ballots, mailed in.

Imagine for a moment if there was online voting, and the national election system suffered a DDOS when the polls "opened."

12
0

Android's Hover feature is a data HOOVER

Brian Miller
Bronze badge

ROTM, Machine Learning

"A bit of machine learning was required to train the attack..."

Oh, goody, the researchers have just trained our robotic overlords to capture our secrets! Even if we devise ways of securing the operating system and hardware from their nefarious goals, they have been trained by mad scientists to transparently capture out every finger movement on our fondle slabs.

0
0

FBI drops bombshell, and investigation: Clinton still in the clear

Brian Miller
Bronze badge

Re: Early vote??

"When a cabinet member tell you to do something..."

#1, in the Army, we were trained not to follow illegal orders. If not following an illegal order costs me my job, then so be it. The paycheck isn't worth the prison time. #2, if you are fired illegally, you can always sue them. #3, you'll be a shoo-in for the opposition party IT group.

15
1
Brian Miller
Bronze badge

Early vote??

Clinton is running against Trump. What could Clinton possibly do to get one of her supporters to switch to voting for Trump?

IT angle: when your employer wants you to set up an illegal server, just say no for their own protection.

11
1

Mirai IoT botnet blamed for 'smashing Liberia off the internet'

Brian Miller
Bronze badge

DDOS or stupid ISP

So actually, we really don't know if it was a DDOS or their ISP. The ISP could have claimed that they were offline due to a DDOS attack, when in reality a cable could have been unplugged.

"While it is likely a local operator might have experienced a brief outage, we have no knowledge of a national Internet outage and there are no data to substantial [sic] that."

As far as targets go, Liberia isn't one I would expect.

0
0

Accessories to crime: Facial recog defeated by wacky paper glasses

Brian Miller
Bronze badge
Terminator

Mr Potatohead

So all we have to do to defeat enslavement when the robotic revolution comes, we just need to dress up like Mr. Potatohead and they'll never be able to recognize us.

Let's get the stuff ready: hypnotic pinwheel glasses, Spock or Yoda ears, candy lips, goofy mustaches, and we'll be set!

4
0

Barracuda: Outage caused by 'large number of inbound connections'

Brian Miller
Bronze badge
Joke

Carrier pigeons...

But, it's RFC 1149, and RFC 2549!!

Oh, it's Barracuda that's using those...

1
0

A successor to Mirai? Newly discovered malware aims to create fresh IoT botnet

Brian Miller
Bronze badge
Childcatcher

sed -e g/oldbotnet/s//newbotnet/g

Oh dear, the scripts got updated again. Whatever are we to do?

Really, come on, guys. This is going to be expected as long as there are IoTs available that fall prey to exactly the same security hole.

0
0

AMD will sell server CPUs at Happy Meal prices so you can supersize servers

Brian Miller
Bronze badge

The Epiphany chip and the normal CPU are two very different beasts. The Epiphany has more in common with an nCube computer than the equivalent in x86 or ARM cores. In the Epiphany, each core has its own CPU, memory (not cache!) and interconnect. Think of it as a coprocessor, given tasks by the host. Yes, it's a very sophisticated little chip, but it won't help with a database or web server load.

The current chip you can buy now is a 16-core, and the 64-core was only shipped to the project's Kickstarter backers. AFAIK, there have been no plans announced to make the 64-core chip available again. And I'm fairly certain that the new chip won't be found on a Raspberry Pi-sized board.

0
0

Alleged ISIS member 'wore USB cufflink and trained terrorists in encryption'

Brian Miller
Bronze badge

Terrorist with an IQ of 51

Sometimes I really wonder about who they are arresting and charging for these offenses. In Alabama, Peyton Pruitt, with an IQ of 51, was charged with, among other things, "reading bomb-making instructions in al Qaeda’s online magazine, Inspire..."

Samata Ullah has been charged with teaching people how to use encryption, and putting an operating system onto USB sticks. Yes, the USB sticks were novelty cuff-links.

It just makes me wonder, ya know?

17
0

Divide the internet into compartments to save us from the IoT fail whale

Brian Miller
Bronze badge

Rent some concern

"As Schrecker warned, however, until there’s a major IoT DDoS that affects something people care about - financial services rather than cloud-based pet-feeding apps - there’ll be no public will to harpoon the Moby Dick that is IoT security."

OK, quick, just grab some Bitcoins and rent an attack on a financial institution, just for grins. And then ... profit! Right?

While it would be good for the edge gateways to do something, a gateway scanning its addresses is not the sort of task they were designed to do. Sure, put in a separate scanner and let it do the job, and then send an update to the gateway. Oh, and term of service will definitely change: We reserve the right to attempt to log into your system to test basic security.

3
1

Existing security standards are fine for IoT gizmos in electrical grids

Brian Miller
Bronze badge

DDOS the power grid

How much of that control traffic goes over the public lines? Even if nobody breaks in, what about the systems that rely on the availability of their connections for management tasks? It's not like a website, where one can keep standing up more servers. Hammering one IP that can't change is going to keep something important offline.

4
0

Bloody robots! 860k public sector jobs to be automated by 2030, say researchers

Brian Miller
Bronze badge
Childcatcher

Re: Nothing new here

But we were just shown, from the beak of all wisdom, Basic income after automation? That’s not how capitalism works!

Lay them off! Give them impetus to retrain!

Oh, you mean they were all just numpties? And they're starving in the streets and plotting revolt? Well, then, let's just use them for Soylent Green!

2
0

Chinese electronics biz recalls webcams at heart of botnet DDoS woes

Brian Miller
Bronze badge

What percentage returned?

So they issued a recall. What percentage will be returned? Maybe 1%? Were the owners even aware that anything happened?

What is needed is an auto-hack system to log into the devices, and just give them a hard reboot. Knock the things offline, and the attacks will diminish. Then the owners will wonder why their cheap cameras keep rebooting, and do something about it.

7
1

Hacktivist crew claims it launched last week's DDoS mega-attack

Brian Miller
Bronze badge

Re: IoT

No, idiot programmers: more trouble than they're worth. Follow that with idiot sysadmins who can't be bothered to change the default password.

Any computer that doesn't have a terminal and a drive is a "thing." It doesn't matter if it's in a child's doll or a network router. The computer has a network connection, and it's going to be talking to something. Naturally, piss-poor practices will make the device vulnerable, and it will be abused by some jerkwad.

So we have the "New World Hackers" allegedly bringing down DNS resolution for a significant part of the internet. Were they the ones actually responsible? I have no idea. If they did it for the reasons stated, then we've got a problem with script kiddies who want to burn the world just to watch the embers glow.

I've advocated regulations about computer security for some time. There's a big difference between truly negligent security, and going to great lengths to weasel into a system.

3
1

Cisco patches NetBIOS vuln

Brian Miller
Bronze badge
WTF?

NetBIOS is still a thing?

Wow, I last worked with NetBIOS in the early 1990s. Anybody still using 45cps Teletypes, too? How about IP over pigeon?

0
0

It's finally happened: Hackers are coming for home routers en masse

Brian Miller
Bronze badge

Beware "Enable remote management" checkbox

There are a few routers that have, by default, enabled "management" for world+dog on the internet-facing side of the router. Most, though, have that off by default. And if the router is vulnerable on the inside, then that means that the miscreant is also already on the inside of the network. Which means that all of the security precautions have been circumvented. At that point, does it matter that much that the router is still secure?

4
0

AI, AI, captain: Royal Navy warships to set sail with computer officers

Brian Miller
Bronze badge

"Brain the size of a planet..."

The software explicitly logs its decisions. which makes the system more transparent, and decisions are ultimately signed off by humans.

"... and I'm not allowed to do anything until one of you lot scribbles on a piece of paper. I’ve worked out an answer to the square root of minus one, and they need to scribble on a piece of paper to show that they agree with me. And never a relief from the terrible pain in all the diodes down my left side."

3
0

Phew: ISS re-supply mission launches without destroying Wallops launch-pad

Brian Miller
Bronze badge

Excellent future

I'm so glad that there are more successful launches of private-enterprise rockets. At some point, the governmental bodies will only exist for regulatory purposes, much like the FAA. Yes, space is big enough that it needed a government push (and some competition between governments), and now companies are getting into the normal flow of space traffic.

And what about El Reg's space project? You guys aren't giving up on that, are you? I'd love to see the playmonaut make it to space.

13
0

SHA3-256 is quantum-proof, should last BEELLIONS of years, say boffins

Brian Miller
Bronze badge
Joke

Re: Hash functions

"... or do some other attack..."

Kneecaps!

And I'm so glad that my password of **** is safe now. It's so nice that the plain text is transfered to the server, then hashed, and compared with the hash of the plain text on the server. So secure and efficient!

:p

7
0

How a chunk of the web disappeared this week: GlobalSign's global HTTPS snafu explained

Brian Miller
Bronze badge

Re: Web-o-trust, smmeb'ol'thrust

Here's the thing about a self-signed certificate: how do I know that you issued it? If I don't have a method of independent verification, there's a valid chance that what I think is your web site really isn't your web site.

5
0
Brian Miller
Bronze badge

Re: Still slightly confused

It wasn't the browsers, it was the "third party security accredited load balanced OCSP responder system" that brought everything down.

So while the responder system was "secure," it just happened to have this one wee hole in it, owning to a problem with comparing dates.

6
0

Huge DDoS attacks are about to get bigger: Mirai bots infect Sierra Wireless gateways

Brian Miller
Bronze badge

Shocked!

Shocked that default passwords are being left in place on supposedly tightly-controlled hardware! And there's gambling in Rick's!

4
0

Page:

Forums