Re: Oh Good Grief
That mature industry relies heavily on SCADA. Forfeit your belief, and despair.
438 posts • joined 26 Feb 2013
That mature industry relies heavily on SCADA. Forfeit your belief, and despair.
That was one mighty rant. Or it might serve as a stylish tombstone for that notorious old bugger IE4. Like a ten-foot statue for a deceased mob boss.
"Who let you out again you fucking loon!"
Gooood. I can feel your anger. Go ahead, say what you wanted to say, reveal those things that you want to be done to him - and your journey to the Dark Side shall be complete.
Sure, all you have to do is to set the whole word (comprised of bits that are located in several physical DRAM chips) and its checksum at once - during the same RAS/CAS cycle. That way it would look like a normal write.
"Systemd apparently manages X sessions"
Stunning revelation. To put it mildly.
30-something comments, and nobody has threatened to cancel the subscription yet? Or wanted 10 minutes of time back?
Gosh, I so hope that Mr Dabbs hasn't lost the knack.
"The correct Ozism for "I can't remember the brand, you've never heard of them and they'll be long gone in six months anyway" is Kung Pow."
There's another - We Con. Reserved for a very nasty stuff. Dodgy powercords that are labeled as 10 A, but their wires can barely manage 1-2 A. Power supplies that have dozens of components optimised out. Heck, who needs all those capacitors and filters and thermal resistors there.
"It may not be the case that all monopolies are illegal, but the majority are."
He was technically correct - having a monopoly is not illegal. Company may end up being a monopoly simply because others decide to leave the market.
But abusing a monopoly position is illegal. Usually it's a temptation too great to resist, so we don't get to see benign monopolies too often.
"I have installed an official windows iso from digitalriver and registered it with the serial number printed on that microsoft sticker couple of times already. Anybody with OEM licensed windows can do the same."
Not anybody. Only those who have a sticker. Windows 8 OEM versions mostly don't. And for greater amusement, Win8 SLIC code is not usable for vanilla 8.1 media, you have to install 8.0 first and then upgrade. Again, mostly. It's complicated like hell. Sometimes you'll have to sacrifice a goat to get W8 activated.
And of course you would say that they would say...
Damn, that's getting complicated.
But...but...Marx looked very wise, beard and all, how could he have written rubbish?
/it's an election time, have to play along/
"At what point do they become evil exploiters? /.../ Is there an 'evil boss' induction ceremony they have to attend?"
It's the secret handshake. Which nobody hasn't seen (it's secret, natch), but is known to exist beyond any doubt whatsoever.
Previous one was a soldering problem inside video chips, multi-layered sandwitches as they are. Nvidia took responsibility, after lots of wrangling, and paid reparations to computer companies. Web search on "Nvidia Bumpgate" should turn up a series of articles about that.
This time it's alleged to be between the video chip and motherboard. Not entirely same thing. That part of soldering is done on Foxconn lines. Whether it's done with a single heatblast for the entire board, or is there a separate step for GPU, can't really tell. Could be either way. Certainly looks like solder didn't turn out strong enough to withstand years of thermal stress (expansion and shrinkage cycles) around GPU. Which is painfully difficult to achieve.
In any case, Nvidia is probably out of the loop. Maybe Foxconn takes the hit this time. If it was an overlook in manufacturing. Or Apple will find that GPU cooling was a bit underspecced, which would be a design issue.
Thanks for the link. Especially loved the mention of ring0 rootkits.
Now that is a worthy question, the most fundamental problem of modern IT - whose rootkit do you trust, in order to keep others out? Because not having a rootkit doesn't seem to be a valid option anymore. Most security products are using shady techniques, more like 50 shades, to give us a false and perverted sense of security.
Fuckyouverymuch, purveyors of "safe computing experience". I'm going to build myself a stone abacus. Root THAT, suckers. We'll see how well you can handle a chisel.
Lavasoft? Holy crap.
Alas, seems to be true. Besides their usual ad-removal tools they have this Web Companion thingamabob, where Komodia served as an SSL analysis tool. Neat. And as a cherry on the pie, there's a fuss with Comodo certs too.
Lavasoft has said that they have removed Komodia. Not sure what'll happen with Comodo.
Thanks for sharing. Looks like you had a real scam pulled on you. Sorry for the doubts and geeky behaviour (hey, grab your keyboards, somebody seems to be wrong on the Internet! :-) )
This case wouldn't be any different between US/Europe. Refusal to fix DOA products is intolerable on either side of the pond. I assumed incorrectly that capacitors failed just outside the normal warranty, which is the most typical situation. And there it starts to depend on the context - is the problem widespread enough to justify a warranty extension, what's the cost/benefit ratio, is the component supplier willing to share costs, etc. Reputable names have done it occasionally. Albeit they don't advertise it outside the partner network. Public recalls are mostly for the safety-related issues like flaming batteries and dodgy power parts.
Anyhow, there's a saying that it's the ability to handle big screw-ups that separates boys from men. Some say even this is not enough - a real man has to cause a serious blunder first, then clean it up, and learn his lessons on the way.
Let's see how present-day Lenovo handles things. At first, CTO managed to pour oil on fire, but over the weekend, they pulled an U-turn. That's slightly better than the usual "you're holding it wrong" crap we've been accustomed to.
OK, if you really managed to encounter Lenovo products in the nineties... But no, I still cannot say "fair enough" about it. There was no infamous brouhaha back then. Capacitor failures have happened since their invention, for any number of underlying reasons. And an equipment vendor that'll repair things outside the warranty period is a rare sight. Must be a truly known and endemic issue (like it was in 200x) to get free service.
15-20 years is a very long time. Technologies have changed, product lines have came and gone, companies have changed. For better or worse, as the case may be. By such absolutist standards we shouldn't buy anything from anybody, ever. Because I really can't name a worldwide brand where I haven't seen a blown capacitor. Must've replaced thousands of little buggers over time.
"I haven't purchased or advised to purchase any Lenovo kit since the infamous brouhaha with the bubbling capacitors in the nineties."
You what?! We're giving Lenovo a good bollocking for the things they do, but you managed to spoil the fun with just one sentence.
- Lenovo was entirely unheard of in the nineties.
- First capacitor plague started around 2000, low-esr.com had a good article about it in 2002. Basically, a good half of the Taiwanese cap production was rubbish because of badly copied chemical composition. Fascinating story, actually, if anyone can be arsed to look it up.
- Second wave was a Chinese production in late 2000's. This time it included a lot of "mislabeled" caps (like having a 16uF cap in a bigger 47uF barrel), and counterfeits of the reputable names like Sanyo. Besides the usual noname business.
- In both waves, affected caps ended up pretty much everywhere. In PSU's, monitors, motherboards, etc, all over the world.
Well, besides these two major plague-like events, there have been lesser screw-ups every now and then. These are not so remarkable. It's quite easy to kill an electrolyte capacitor, if you don't leave a sufficient safety margin for it.
Disclaimer on a coffee cup: "Warning! Our coffee is so delicious that it may cause an addiction. Oh, and it's hot, too."
There are always examples and counterexamples. Asus U35 happens to be well-engineered. Had to take one apart after a domestic accident, it was a pleasant surprise. Still works, too.
Basically, brand doesn't mean much, all mentioned companies have produced lemons every now and then.
"It is unlikely the Server side of Lenovo will suffer from the Consumer laptops being infected with a security threat "
Not directly. But with clueless people at the helm, they'll bork something in servers sooner or later. Remote management cards are a prime example here. Their security sucks industry-wide. Thought that it could get even worse isn't exactly comforting. Then there's management software that all vendors are so keen to push, often claiming that only their own shitware is supported for management purposes.
Enterprise customers are able to identify threats, at least mostly, and put up a good fight. But small business just doesn't have means for it.
That's not a problem. Now THIS is a problem.
Seriously, if a corporate CTO can claim with a straight face that there's no security problem...they do deserve all the ridicule they're getting, and a good punch in the wallet.
"But if those temporary files are on a B1 or similar secure system"
There they are probably subject to same access restrictions as normal files. I was thinking about raw volume-level copies, like storage system snapshots. If (and that's a big if, as we can only use speculation and educated guesses on this matter) these copies will be mounted to a different server, which doesn't quite honour the restriction system? Or an extra duplicate gets made somewhere on the way? Point is, restrictions embedded into the data are not sufficient. Backup and test systems have to have a similar level of scrutiny than production ones. But rarely have.
A crude example closer to home. If I can get a volume dump from a Windows machine, I can happily mount this volume via Linux ntfs-3g driver, and presto - Windows ACL's that are set on files are ignored, all files, including ntuser.dat files, are readable. And nothing gets logged into the Windows audit log. Therefore a good chunk of normal security measures are already bypassed.
Oh, well. Whatever security measures you can think of - they are not absolute. There are plenty of cracks for a BOFH to slip through. And if they're not wide enough, a stolen bulldozer will help.
"You can back up the files and do sysadmin stuff without needing to be able to read the data"
Well, yes, but there is a part that's frequently overlooked. Temporary copies that are routinely created and destroyed. Quite a lot can happen to these copies during their short lifetime, without anyone really noticing.
Database dumps can be a real treasure trove. And usual tricks like access restrictions and audit trails may not be effective against an admin, whose daily job is to juggle short-lived database copies around.
It is a good thing to be sceptical, asking questions and seeking answers. If the intentions are honourable and the questions are fair. Are they?
"most intelligence services are doing it and those that aren't well they want to"
Heh. That would make a nice comedy sketch. "Because we currently lack technical means to record phonecalls, we kindly ask you to record all your phonecalls, and mail the tapes to the aforementioned address. CD and MP3 formats are also accepted. Thank you for your cooperation, citizen."
Probably so. Jury trial is supposed to be a 'common sense' test, so selection process should filter out anyone who's not so common. And remove people with a clear bias or prejudice. How's that working in practice, I wouldn't know, haven't seen it close up. Probably less than perfectly, as jury foreman in Apple vs Samsung so aptly demonstrated. He got away with playing an "expert" during a jury session.
Yes, some experts can be outright scary. Highly educated (which is kind of a requirement), highly decorated, and able to talk utter bollocks with a confidence.
Oh, that's just bloody great. In the meantime, Lenovo's corporate CTO has come out with a claim that security risks are only hypothetical. It's time for torches and pitchforks then.
"We'll run out of vendors to buy from."
Agreed. Knee-jerk reactions are often unjust, and rarely adequate.
Main thing to understand would be that corporations and their brands are not monolithic entities. There are several divisions, essentially different companies, whose goals are often in conflict. For example, Sony Music (aka former Columbia) is a very different beast than Sony Electronics or Sony Mobile. Punishing other divisions for that bloody rootkit is an overreach.
On the other hand, misbehaving division is not good for the company, nor anybody else. So there is a reason to make noise about it, in a hope that the corporate overlords can be persuaded to take actions. Hasn't happened with Sony conglomerate though. They're still stubbornly subsidizing their failing entertainment arms. Maybe they do deserve the ridicule afterall.
Speaking of Lenovo - they're not a single brand either. Consumer division seems to live on a different planet. Probably have green skin and tentacles too. Business side seems to have its own share of morons - somebody thought it's a good idea to introduce "affordable Thinkpads" like S, L and Edge series. Which are nothing like Thinkpads if you'll have a look under covers. Cheap noname stuff with a Thinkpad logo. Classic example of brand dilution. And even IT guys often fall for this scam.
Fortunately, T, X and W lines are still worthy.
"Still have no new laptop. Am I a failure?"
Maybe. But you are certainly not alone - my trusty T40 says hello. It has survived quite a lot of newer doodads, so it remains to be seen who has the last laugh on this.
True that. Business laptops are a different kettle of fish (pardon the pun). It's the consumer that gets shafted at every turn. But therein lies the danger - if such a behaviour remains unchallenged, then it's just a matter of time when some bright spark will try similar tricks in the business segment.
"2- you have 0 judge or lawyer on earth who can understand this SSL stuff"
Heck, even a good half of the IT crowd doesn't. Myself included. Maybe there's enough understanding to cope with the daily tasks, but not enough to make truly important policy decisions, or to serve as an expert in legal proceedings.
Which may be a serious problem in the legal matters. If someone's machine is hijacked for a criminal activity, then a false impression of security may become a deciding factor in a verdict. Encrypted drive? Check. Password-protected? Check. SSL? Check. That's a proof beyond reasonable doubt, m'lud. Nobody but the defendant could have gained access to this machine. Throw in an "expert" or two, and it's pretty much a done deal.
If that previous part sounds as a hyperbole - not necessarily so. Germany has a precedent on this. If any cybercrimes are performed from a "secure" WEP-protected WiFi network, then the owner is liable. Not to mention that possession of any "hack-tools" is an offence by itself, and a solid proof of guilt.
Honest mistakes undoubtedly happen. But there shall be no mercy for vendors that are knowingly exposing their customers.
You never had it. Unless you managed to download it somewhere.
"Users report Superfish is installed on the Lenovo Y50, Z40, Z50, G50 and Yoga 2 Pro laptops"
Which is consistent with the claim that only consumer-oriented machines were preloaded with it.
That's a shame. Because X1 is not affected by this brouhaha.
If anyone's using a brandname, or any other marketing label, as the only guidance for making decisions, they'll be mightily disappointed sooner or later. Brands are far too messy these days. Lots of crap is peddled under reputable brands, which in order tarnishes good products. There seems to be an infinite supply of greedy fools, who'll try to make a quick buck by misappropriating a solid brand, despite all the historical failures.
"When you buy a "windows" laptop you get a licence key on the bottom, usually under the battery. This is so you can download a vanilla copy of the OS from MS and install it, getting rid of the crapware that came with the laptop."
No you don't. Not anymore. Windows 8 Large OEM versions do not have a license sticker. Only a SLIC key buried into the motherboard.
And good luck calling Microsoft on that. OEM license keys are not compatible with vanilla. You'll get a choice of buying a new retail copy of Windows 8, or going back to OEM, who will happily sell you a "recovery media" for a tenner or so. With all the "bonus software" included for free.
Exception: if the computer has a W8 Pro license, then it may be possible to get a W7 Pro "downgrade" key from MS. W8 Standard has never had any right to use other versions.
Possible. But may not be necessary. Depends on whether these newer alternatives are good for everyone and every known usage case. Original developer seems to think so, but if anyone disagrees, they can grab a source and get hacking.
Probably won't happen. ECC SO-DIMMs and ECC-capable mobile chips are as rare as hen's teeth. And the excuse is - guess what - no market demand. Bugger.
"there must be some kind of third system that adjudicates when there is a failure"
Yes, but who'll be watching the watcher? And if you get around it by making three systems equal, then one day you'll be looking for a minority report. With Tom Cruise and ginormous touchscreens involved. Har har.
Why boo? He may have his life carved up in a way that he doesn't fancy moving anywhere.
Ah, but we're talking about a perceivably non-cool part. Phone calls? Pah. That's so last century.
If many phone designers tend to neglect it, then we cannot really blame poor reviewers for following the trend.
Same here, T40 is still going strong. With few tweaks here and there.
Can't stand newer keyboards with small Ctrl and Alt keys.
End product of fermentation, and end of fermentation. Well, mostly. Only a select few of the fermenting bacteria can live amidst acids.
Yep, it's quite plausible that some people will actually like surströmming and those other niceties. While my claim about the Danes preferring pickled fish was a generalization, thus nowhere near perfect, it's mostly true. Swedes are often bullying them (and anybody else) with surströmming.
Anyhow, let's agree that Marmite isn't the most controversial treat out there.
"Having experienced what the Danes can do to innocent herrings, I'm suprised they objected to recycled beer products."
Danes are fond of pickled stuff, which isn't quite the same thing. Vinegar kills most of the fermenting processes. But Swedish surströmming fits the description nicely. Fermented herring from hell.
TV sets that are watching people? What a novel concept.
Not entirely unheard of. That's like a principle from Muphry: "Measure with a micrometer. Mark with chalk. Cut with an axe."
Of course, if 15s delay happens to be precise, then it can be properly accounted for. But where's the fun in that.
"Except that assumes the billionaires would pay their 13%, which they wouldn't"
This Russian experiment with a flat rate of 13% had one rather unexpected result. Lots of mobsters suddenly started to pay income taxes.
Usual claim was that hiding the money required a real effort - and it was so much simpler to declare an arbitrary sum, pay it off, and forget about the matter. Of course, such an arrangement could not work for very long. As soon as the tax board could grow real teeth, they started to dig into the sources of the declared income.
It's somewhat plausible that billionaires (despite being, like, y'know, #greedybastards or something) would have similar sweet spot in regard to taxes.
"A proper chemist wears a lab coat with many and varied stains"
There is a debate, howewer, whether a true master should be able to identify all those stains. Some claim that only an apprentice will keep track of the stains, and to the master it matters not. Others claim that you cannot be a master unless you truly know all the substances around you.
/btw, icon represents a dilemma, not stains!/
And then there was a BMW driver, who crashed his car on a slippery road, and blamed it on a technical malfunction. You see, m'lud, ESP didn't pull the car straight.
Ivan Sussanin, proud inventor of the modern guidance systems.