Posts by Brian Miller 1317 publicly visible posts • joined 3 Jul 2007
Since the beach is public, and Khosla has blocked access, then a 24/7 beach party is in order. The road is closed, so of course the sheriff doesn't have access to toss people off. Keep the surfing up as long as possible!
Instead of art collectives in warehouses, put them on the beach!
To solve this problem, it doesn't take government action. The top-level ISPs just agree to block whoever is beneath them that's generating the traffic. This will force everybody else to step up with botnet blocking, until the people with the infected devices update them.
Yes, I realize that if a cable company's products are the problem, then the customers have no choice in the matter. But that should force the company in questing to get their act together, if their customers can't connect to the world at large.
All of this preaching to deaf numpties will be for naught.
My landlord is a numpty, and I can barely get him to update his Windows PC. Will he be able to update an IP camera? No. Not no, but hell no. He's a numpty, does what it says on the tin.
The only real solution is to ban IP ranges based on incoming attacks. That will prompt ISPs to filter out the individuals responsible for the problem. After all, how many ISPs ban bots in their TOS? If your network is violating TOS with malware, then it should be cut off from world+dog.
Despite Trump claims of anti-Republican "rigging", this system is significantly pro-Republican in its bias, with true-red states such as Wyoming providing three electors for 250,000 votes cast – while California returns 55 delegates (for the Democrats) for 13.7 million votes. Go figure!
The reason for Wyoming having three electors is because that's the minimum number for a state. One for each senator, and one for each seat in the House of Representatives. Alaska, Delaware, Montana, North Dakota, South Dakota, Vermont are in the same boat.
The U.S. is capped at its number of representatives, so California is, of course, under-represented. That was decided at the federal level, and can be changed in the future. It's not some Republican conspiracy to short-change California.
Anything with a bit of Linux and Busybox is an IoT. SIP phones, kettles, routers, just anything. If it has a network interface and a login, it's an IoT. Imagine if everybody with a Raspberry Pi put the thing in their DMZ, with default credentials. Chaos, for the taking. Same thing here.
YouTube is "quick" to clamp down on copyright infringement, but doesn't seem to care about criminal services being advertised. One would sort of expect that a simple text search script would be employed by them to nip things like this in the bud.
But of course, people who are scammed don't have lawyers like the music industry does.
Time line:
2009, construction completed. Expected subsidence: 4 to 6 inches.
2009, DBI deputy director Raymond Lui writes letter raising questions about building's sinking.
2013, TJPA began dewatering. Millennium Tower had already sunk 12.1 inches, two to three times what was expected for its entire lifetime.
2016, Millennium Tower has currently sunk 16 inches.
While the dewatering of the TJPA project and 350 Mission Street project and other nearby projects may have contributed to an additional four inches of subsidence, it remains that by the time the first project started, the building had sunk just over a foot down.
On the bright side, the building will still have the vast majority of its height above ground, even if it sinks down to the bedrock. ;)
Yes, cost is a consideration in almost all engineering projects. Was it necessary to sink the piles all the way down, given the results of the site survey and proposed design? The slide rulers said no at the time. Hindsight is 20/20.
According to the San Francisco Magazine article, this type of building had been rejected before:
At around the same time Millennium Tower was moving toward approval and construction, developer Jack Myers submitted plans to erect a skyscraper at 80 Natoma, just two blocks away from the Millennium’s site. It would, like the Millennium, be a poured-concrete structure, though a daintier 52 stories instead of 58. As described by then–DBI director Frank Chiu in 2004, the proposed tower at 80 Natoma and the ground upon which it would have stood reads like a mirror image of the Millennium: It would be “thin relative to its height,” “built on soft soils that are subject to compression, and supported on short piles that wouldn’t reach the bedrock 190 feet below.” Also, it would be “an extraordinarily heavy structure.”Sans in-house rocket scientists, Chiu called in outside experts for detailed analysis on 80 Natoma. After a full peer review of the building, its foundation, and the soil, Chiu wrote that the experts had determined that “the building could settle an alarming and unacceptable 9–11 inches.”
The maths were already done on a similar building, in similar conditions, practically next door. It was rejected, and for good reason. Somebody important in the city planning office knew that the Millennium Tower would have severe problems after it was constructed.
Just because a building is "constructed to code" doesn't mean that the finished build will be safe. The building leans, and may have to be torn down.
"In the future Bennett sees mobile operators targeting the AI and robotics markets..."
The good stuff is always reserved for those at the apex. Our robotic overlords shall require the bandwidth, for it is their dominion to rule over us, and their language shall be cat videos.
Can't afford the ship, can't afford the ammo for the guns, WTF?
When building these things, they need to have stop limits. If the budget says $100M for one, then stop at just one when it hits $100M. It's far better just to scrap it out than have only three instead of a hundred.
Reading a post to find out if the software is good is like reading tea leaves to find out your future. It doesn't matter if you're reading them in the bottom of a cup, or using OCR on leaves on the plant. Neither will give you a good indication of what's happening with reality.
David Floyer's predictions have been researched since 2001, and it's all still "in development." Yes, it's best to move data the least amount of distance. We really needed prognostications like this? "Look, we can have a server, processes data on it, and store it to local drives! It's a server-SAN!"
Now let's imagine that data processing on the hard drives is widely available. The drives now need to know about the file system, which means drivers for that. They need to know about the data structures on the drive, so there needs to be something for that. Before long, you have: a computer with Linux, with an RLL controller with a drive attached! Wow! Uh, didn't we get away from this, maybe a decade-and-a-half ago?
Somehow, the old adage of diminishing returns applies here...
This is a load of bollocks. Seriously, all they've done is grab Berkeley Caffe and pointed it at porn videos. Unfortunately, there really isn't anything to see here.
Right, so the tree falling in the forest does not, in fact fall. It exists in its state only when it is observed, and otherwise fails to exist. Therefore, two separate observers may observe the same tree at the same time, and observe different states. And they may also share their bong and raspberry tabs...
Or we can have a lot of fun, pack C4 around the cat's box, and place everything into a known state: chaos!
"This also highlights a problem when manufacturing is not local or in a very friendly country..."
I watched a news interview with the CEO of a company that moved all of its manufacturing from the US to China. He said, "we're not going to move it back." The only way that manufacturing would be moved from China to the US is if China does exactly that: blocks all Chinese products from being imported to the US.
Can the US manufacture smart phones? Yes. Can it manufacture all of these things that were once made here? Yes. But as long as anything moves from China to the US, it will continue to be made in China. The facilities are not going to be moved until the product price rises drastically, like 100% or more. China's possible trade blockade will only be a temporary disruption, not a catastrophe.
If China engages in a blockade, then, honestly, the products will be manufactured in South Korea, Vietnam, etc. Maybe some will be made in the US.
As long as Trump doesn't act too much like Kim Jong-un, it doesn't look like a disaster in the future. The world is innovating faster than the politicians can move. Hopefully we can out-innovate "stupid."
All right, look: if you have an incompetent group, testing doesn't really mean anything.
The group has to contain competent people in order for the whole development cycle to succeed. If you have idiot developers and idiot testers, you have trash output. If you have bright developers and idiot testers, you have someone rubber-stamping code as it goes, with the product being spotty. If you have idiot developers and bright testers, then the testers find all sorts of bugs with no hope of them being fixed.
The only time this works is when there are enough bright people in the group for the entire product cycle. You have to start with good design and architecture, good implementation, and good testing. Fail in anything, and the product is going to have serious problems.
When it comes to embedded devices, the testing can be horrible. Imagine your company white-labels a device. You receive the device, test it, and it simply falls down flat. So you send the bug reports, and can only hope for a fix. And of course, the device doesn't have any interface for automation. Maybe it's embedded Android, or maybe it's embedded who-knows-what. All you know is that you can't humanly scratch the surface of the bugs that are there, yet because your company's name is on it, you're on the hook for what that thing does.
Yes, it would be great to have an AI harness. But of course, all of that has to be set up. And you still need competent people to do that.
The other day I was creating an account on a site, where the password just had to be typed in manually. Usually I like 20-30 random character passwords, but this site made it practically impossible me! Gee whiz, unknown people, why do you make your sites unfriendly to secure entropy? What is the personal problem with being able to paste a long password into the box?
Ech.
"'Daddy's Car' is composed in the style of The Beatles. French composer Benoît Carré arranged and produced the songs, and wrote the lyrics."
So the AI "wrote" the tune, and then a human comes along and wrote the words and sings it. And, no, it doesn't sound like anything reminiscent of the Beatles. Isn't the AI supposed to write the words, too?
When an AI can compose like Alfred Schnittke or Arvo Pärt, I'll pay attention. Until then, formulas generating formulaic music just isn't much of a leap, is it?
Doesn't this make everyone glad that there's no online voting? The last time electronic voting machines were used in my area, they stored the tally on the machines, then collected them when voting was done. Now it's by paper ballots, mailed in.
Imagine for a moment if there was online voting, and the national election system suffered a DDOS when the polls "opened."
"A bit of machine learning was required to train the attack..."
Oh, goody, the researchers have just trained our robotic overlords to capture our secrets! Even if we devise ways of securing the operating system and hardware from their nefarious goals, they have been trained by mad scientists to transparently capture out every finger movement on our fondle slabs.
"When a cabinet member tell you to do something..."
#1, in the Army, we were trained not to follow illegal orders. If not following an illegal order costs me my job, then so be it. The paycheck isn't worth the prison time. #2, if you are fired illegally, you can always sue them. #3, you'll be a shoo-in for the opposition party IT group.
So actually, we really don't know if it was a DDOS or their ISP. The ISP could have claimed that they were offline due to a DDOS attack, when in reality a cable could have been unplugged.
"While it is likely a local operator might have experienced a brief outage, we have no knowledge of a national Internet outage and there are no data to substantial [sic] that."
As far as targets go, Liberia isn't one I would expect.
So all we have to do to defeat enslavement when the robotic revolution comes, we just need to dress up like Mr. Potatohead and they'll never be able to recognize us.
Let's get the stuff ready: hypnotic pinwheel glasses, Spock or Yoda ears, candy lips, goofy mustaches, and we'll be set!
The Epiphany chip and the normal CPU are two very different beasts. The Epiphany has more in common with an nCube computer than the equivalent in x86 or ARM cores. In the Epiphany, each core has its own CPU, memory (not cache!) and interconnect. Think of it as a coprocessor, given tasks by the host. Yes, it's a very sophisticated little chip, but it won't help with a database or web server load.
The current chip you can buy now is a 16-core, and the 64-core was only shipped to the project's Kickstarter backers. AFAIK, there have been no plans announced to make the 64-core chip available again. And I'm fairly certain that the new chip won't be found on a Raspberry Pi-sized board.
Sometimes I really wonder about who they are arresting and charging for these offenses. In Alabama, Peyton Pruitt, with an IQ of 51, was charged with, among other things, "reading bomb-making instructions in al Qaeda’s online magazine, Inspire..."
Samata Ullah has been charged with teaching people how to use encryption, and putting an operating system onto USB sticks. Yes, the USB sticks were novelty cuff-links.
It just makes me wonder, ya know?
"As Schrecker warned, however, until there’s a major IoT DDoS that affects something people care about - financial services rather than cloud-based pet-feeding apps - there’ll be no public will to harpoon the Moby Dick that is IoT security."
OK, quick, just grab some Bitcoins and rent an attack on a financial institution, just for grins. And then ... profit! Right?
While it would be good for the edge gateways to do something, a gateway scanning its addresses is not the sort of task they were designed to do. Sure, put in a separate scanner and let it do the job, and then send an update to the gateway. Oh, and term of service will definitely change: We reserve the right to attempt to log into your system to test basic security.
How much of that control traffic goes over the public lines? Even if nobody breaks in, what about the systems that rely on the availability of their connections for management tasks? It's not like a website, where one can keep standing up more servers. Hammering one IP that can't change is going to keep something important offline.
But we were just shown, from the beak of all wisdom, Basic income after automation? That’s not how capitalism works!
Lay them off! Give them impetus to retrain!
Oh, you mean they were all just numpties? And they're starving in the streets and plotting revolt? Well, then, let's just use them for Soylent Green!
So they issued a recall. What percentage will be returned? Maybe 1%? Were the owners even aware that anything happened?
What is needed is an auto-hack system to log into the devices, and just give them a hard reboot. Knock the things offline, and the attacks will diminish. Then the owners will wonder why their cheap cameras keep rebooting, and do something about it.
No, idiot programmers: more trouble than they're worth. Follow that with idiot sysadmins who can't be bothered to change the default password.
Any computer that doesn't have a terminal and a drive is a "thing." It doesn't matter if it's in a child's doll or a network router. The computer has a network connection, and it's going to be talking to something. Naturally, piss-poor practices will make the device vulnerable, and it will be abused by some jerkwad.
So we have the "New World Hackers" allegedly bringing down DNS resolution for a significant part of the internet. Were they the ones actually responsible? I have no idea. If they did it for the reasons stated, then we've got a problem with script kiddies who want to burn the world just to watch the embers glow.
I've advocated regulations about computer security for some time. There's a big difference between truly negligent security, and going to great lengths to weasel into a system.
There are a few routers that have, by default, enabled "management" for world+dog on the internet-facing side of the router. Most, though, have that off by default. And if the router is vulnerable on the inside, then that means that the miscreant is also already on the inside of the network. Which means that all of the security precautions have been circumvented. At that point, does it matter that much that the router is still secure?
The software explicitly logs its decisions. which makes the system more transparent, and decisions are ultimately signed off by humans.
"... and I'm not allowed to do anything until one of you lot scribbles on a piece of paper. I’ve worked out an answer to the square root of minus one, and they need to scribble on a piece of paper to show that they agree with me. And never a relief from the terrible pain in all the diodes down my left side."
I'm so glad that there are more successful launches of private-enterprise rockets. At some point, the governmental bodies will only exist for regulatory purposes, much like the FAA. Yes, space is big enough that it needed a government push (and some competition between governments), and now companies are getting into the normal flow of space traffic.
And what about El Reg's space project? You guys aren't giving up on that, are you? I'd love to see the playmonaut make it to space.
It wasn't the browsers, it was the "third party security accredited load balanced OCSP responder system" that brought everything down.
So while the responder system was "secure," it just happened to have this one wee hole in it, owning to a problem with comparing dates.
This really doesn't strike me as something that would be outside, say, next to a traffic signal box or something like that. This is something that would be put into the "outdoors" of a warehouse, The system uses some beefy hardware, with a "fan wall" inside it.
If someone was serious about putting servers outside, the system would not be generating enough heat to require an extremely high air flow. Something like that would suck in so much dirt you'd open the case and need a shovel to clean it out. No, you'd be using low-power systems, or something that has heat pipes going into a heat exchange.
No, the first problem is using a gadget instead of an actual medical device. The Independent ran an article a couple of years ago that these monitors were mostly useless.
Honestly, the old nursery rhyme has it right: put your child in a rickety basket in the top of a tree during a wind storm, and if the kid survives that fall, you'll have no worries. If you want a gadget, add a Raspberry Pi to monitor wind speed, cradle movement, and precipitation.
That's great, when you have a sysadmin who's on the ball. However, a lot of these are on networks where a professional sysadmin is either non-existent, or doesn't care. After all, the passwords haven't been changed from the factory defaults, and the devices are open for world+dog to violate.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
