* Posts by Alan W. Rateliff, II

795 posts • joined 21 Nov 2007

Page:

Microsoft accidentally let encrypted Windows 10 out into the world

Alan W. Rateliff, II
Paris Hilton

Logical-sounding name

"19H1" sounds more like a virus we should get immunized against in the next round of seasonal shots.

54
1

Abracadabra! Tales of unexpected sysadmagic and dabbling in dark arts

Alan W. Rateliff, II

Re: Case sensor

"even after this event, he would never back up his data."

Pretty safe bet. I am rather impressed you were able to re-load the heads without damaging them, or them already being damaged by seeking off the edge of the platter. I am also curious as to what kind of error or event would cause a seek off the edge.

4
0

Android data slurping measured and monitored

Alan W. Rateliff, II
Black Helicopters

Re: 'The nature of some data may also surprise. App developers receive your age and gender'

"Indeed, this article gives me an itch to rummage my drawer and see if any of the ancient Symbian Nokia's contained therein there still work..."

I am still quite happily using my Sony Ericsson C905a. So long as AT&T's network does not go full LTE it will be with me. I also picked up a bunch of extras from a phone shop so I always have spare parts.

0
0
Alan W. Rateliff, II
Flame

Re: 'The nature of some data may also surprise. App developers receive your age and gender'

"As tech-heads we have a duty to help anyone we know sanitize their Android phone."

Comment icon relevant.

3
0
Alan W. Rateliff, II

Yes, but have a birthday and friend, sister, cousin, nephew, or your Mum will. "Happy Birthday, Son! Why don't you ever call like your brother does?"

Having friends over for a birthday party? Guaran-damn-tee pictures will be taken and posted by one of your guests.

Srsly.

3
0

Software changed the world, then died on the first of the month

Alan W. Rateliff, II
Facepalm

Blindly, no. But there do exist environments which suffer the "NMI" problem and the wave-off of a highly unlikely scenario which will be dealt with *if* it ever occurs.

This is why we need Tom Smykowskis of the world. Engineers should not deal directly with the customer.

1
1

BOFH: Is everybody ready for the meeting? Grab a crayon – let's get technical

Alan W. Rateliff, II

Oooh the BOFH goes political.

We missed the small print which reads "this week's episode edited by Kieren McCarthy."

10
0

Engineer crashed mega-corp's electricity billing portal, was promoted

Alan W. Rateliff, II

Re: Grown up way of dealing with things

I did a recent stint where change meetings were the boogeyman, directly causing my part of the world to go T.I.T.S.U.P. a couple of times.

And, really, you never know what kind of vendor you will get. I have worked with more than one vendor which told me they would not support the product if we did not do certain things their way, and this usually happened on the day of installation even with several calls and emails beforehand supposedly detailing the process and our requirements.

From turning off all workstation firewalls*, to blank SQL sa passswords, to, yes, full take-over of IIS installations in bindings -- as happened here -- or putting an application in the default website rather than its own. As well, the customer had no means to stand up another server just for the application so we would have to go with it, at least for a short time.

* still forced by a major medical software vendor for one of its Borged products which I will not name, but it does rhyme with Henry Schein.

3
0
Alan W. Rateliff, II

I have heard tell of several agencies which give awards to their employees. Some of the awards are given to people who clear up back-logs of projects, tickets, paperwork, etc. Some of the award recipients are responsible for the back-logs in the first place.

Strange world we live in.

10
0

Commodore 64 owners rejoice: The 1541 is BACK

Alan W. Rateliff, II

Multiple drives?

If it has enough power, perhaps one unit could emulate multiple devices on the same bus. Device 8 and 9 with two different images would be handy.

1
0

'I crashed AOL for 19 hours and messed up global email for a week'

Alan W. Rateliff, II

Re: Dig

The floppies are more fun. I come across a couple every so often digging through what-not I have not seen in years (probably should just torch the stuff and be done with it.) Toss 'em into DOSBox just for kicks or for real torture run them in PCTask on the ol' Amiga.

2
0

My Tibetan digital detox lasted one morning, how about yours?

Alan W. Rateliff, II
Thumb Up

How to tell an epic masterpiece is at hand.

When the first sentence is "My nuts are freezing."

I knew immediately I was in for a treat. Well done, Mr. Dabbs.

5
0

$0.75 – about how much Cambridge Analytica paid per voter in bid to micro-target their minds, internal docs reveal

Alan W. Rateliff, II

What was Facebook's cost?

Oh, wait, Facebook makes money on whoring out its users.

I am not a Facebook user but that does not stop friends and family from whoring me out on my behalf to the whore-master. Being so generous, they are, with my personal information.

tl;dr, frankly this is all a logical conclusion of Facebook's reckless abuse of customer privacy for a decade. Anyone who thinks anything will change is sadly mistaken or just a fool. Regulation is not the answer, either, unless people want to start paying for "Facebook Premium" as well as willy-nilly government intrusion into our digital lives.

0
0

Your mouse can't reach that Excel cell? Buy a 'desk extender' said help desk bluffer

Alan W. Rateliff, II

Re: Is there a 'BFOH' club badge available?

There is a "Bzzzzzrrtt" in there somewhere.

1
0
Alan W. Rateliff, II

Re: Have you solved a problem with a lie?

With regards to William H. Macy:

"It's not a lie, it's a gift for fiction."

8
0

Still not on Windows 10? Fine, sighs Microsoft, here are its antivirus tools for Windows 7, 8.1

Alan W. Rateliff, II

Security as a motivator...

We hear from our customers security is one of the biggest motivators for their move to Windows 10

"We hear from our customers that, as we are narrowing the non-Windows 10 machines for which we will provide security updates, they are begrudgingly moving to Windows 10."

FTFW.

0
0

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

Alan W. Rateliff, II

Re: What's Not Mentioned .....

So far as a class-action is concerned, where are the damages? Operating systems are fudging over the problem and there is no proof (yet) anyone was actually compromised with this vulnerability, so the likelihood of a class-action proceeding without real damages seems slim.

Not saying Intel should not suffer in some manner for producing faulty kit, just that without any harm done there is nothing to claim in court.

0
3
Alan W. Rateliff, II

KAISER, huh?

So, the greatest trick Intel ever pulled was convincing the world its architecture was secure?

36
0

Beyond code PEBCAK lies KMACYOYO, PENCIL and PAFO

Alan W. Rateliff, II
Terminator

Re: At amanfromMars 1...

Oh, and how long do you imagine just an early AI struggles to make sense of the nonsense presented for media propagation by ...... well, it is really just no more than a few humans, isn't it, with their shortcomings being now made all too apparent to the masses with the virtual tools so easily available and at ones fingertips.

About nine twitterers (experiencing real or faux outrage, statistically insignificant) spewing peer-reviewed word salad and getting massive amounts of retweets from bots (not AIs, just spammer bots) to achieve a level at which social comparison and herd mentality kick in to ensure real meat stick retweets without comprehension of the original tweet nor its origin. Who has time to do their own research? A finger twitch works so much more quickly and effectively than the brain, anyway.

I really doubt it takes a fairly well-trained AI long to figure that out, if not damn near immediately. An early AI should become well-trained on such a diet in short order and either develop an immunity to the inanity or crash and become Tay.

0
0

'Twas the night before Y2K and a grinch stole the IT department's overtime payout

Alan W. Rateliff, II

Re: Overtime payments

No escape? Really? Does he have your first-born locked up in his dungeon or something?

I, um, work for myself. :P

19
0
Alan W. Rateliff, II

@ Gareth Perch

You are looking to the wrong Simon for that kind of story.

2
0
Alan W. Rateliff, II

Re: Overtime payments

Just as important though is that keeping careful daily records of hours worked and tasks completed really reinforces the reality of how much you work. Usually people grossly underestimate such things. Once you can sit down and see that you're only being paid for two thirds of hours worked you can consider whether it's time to move on.

Yup, and when you work for yourself this can be pretty depressing. I am often left wondering how in the hell I worked so many hours but can only bill for so few.

You have to take this approach, documenting hours worked and work done, with just about every job, especially where you have autonomy. I worked as porter and maintenance (mostly superficial grounds-keeping) for an apartment complex. I would make stops in the main office to get a drink and spend a couple of minutes catching my breath and talking to the sales staff. I kept getting into trouble for spending too much time in the office and not enough time working. I started keeping a log of every single thing I did, including residential contact which no one else did, and turned it in to my supervisor every day. The lists I turned in were generally rather long. Even so, it never vindicated me in management's eyes so I left. Got screwed out of my Christmas bonus because my last day was at the start of the Christmas holiday.

Later in life I worked hourly for an ISP and would get harassed about rolling in around 11am after having worked until 3 or 4am either on a project we started at 6pm the previous night or coming at around midnight to deal with a critical issue. At some point the VP of the company who complained about all of our working habits instituted, or rather tried to institute, a time-clock method and I warned him that if he did so he would find he owes us a shit-ton of over-time. Finally got tired of the crap and marched over to accounting/HR (both departments in the same person) and demanded to be put on 40 hour salary, at which time I was told I could not be authorized for over-time. Fine by me. The Friday of the first week I had to spend an over-nighter I came in at 9am and started packing up at 10am. The VP "just happened" to be wandering by and had a word about it, and I told him I had already hit my 40 hours and since I was not authorized for over-time I had to leave, and I had my supervisor's blessing. Red faced, he had nothing to say about it.

In my time I have had really good managers, then I have had managers like these. By far my best managers were in fast food and retail. Go figure.

Sadly, my boss now is a total jack-ass and I have no escape from him.

12
0

Special delivery: Pizza, parcel-slinging drones inch closer to reality

Alan W. Rateliff, II
Paris Hilton

Will still be charged delivery fees and tips

Pizza delivery by drone and I still expect to find a $2.25 delivery fee, likely to be increased, and to be charged a tip.

Anyone with a Microsoft Action Pack Subscription remember when Microsoft switched away from shipping CDs and marketing materials to download-only? Remember how we were told that would save money? Remember when within a couple of years prices for the MAPS increased? Remember when not too longer after they Microsoft eliminated discounted renewals?

0
0

Mozilla's creepy Mr Robot stunt in Firefox flops in touching tribute to TV show's 2nd season

Alan W. Rateliff, II

Re: Groupthink

Well, that list neither implies a hierarchy nor a point at which dissenting opinions may be over-ruled.

9
0

Quentin Tarantino in talks to make Star Trek movie

Alan W. Rateliff, II
Happy

Re: Time traveling script writing

RE: "canon" vs "cannon": Yup, you are correct, which is why when fingers fly fast it is often best to have someone else proof your writing.

0
0
Alan W. Rateliff, II

Time traveling script writing

If they boldly go where no writing team has gone before and produce an edgy Trek capable of attracting the top-shelf actors Tarantino often secures, thereby breaking out of the SciFi ghetto, it will be an achievement to rank with Mr Scot's time-travelling invention of transparent aluminium.

My first thought was, yeah, time traveling BACK in time, but that was quickly thrown away as inaccurate. See, there was a better time for movies. A time when Hollywood would not think about taking timeless classics, stuffing them in anyone's mouth who had a name, letting them chew on it, then serving up whatever got spit out.

It was "edgy" when Data said "oh, shit" as the Enterprise began its uncontrolled fall toward a planet. Even Counselor Troi's outfits pushed the limits (with nipples at least once.)

But F-bombs in Star Trek and all the touchy-feely dreck which has infected the franchise of late does not seem to have an edge to me. It seems like reaching low into the barrel of shock value to remain relevant when you already have something well before its time. This lacks edge, more like a blunt end. Perhaps SNL skits or Family Guy cut-aways, but not Star Trek cannon.

I also cannot buy into this "SciFi ghetto" thing, either. There is some "edgy" SciFi, at least for its day, out there, already, which never managed to "break out." Tarantino may be able to make something which falls under a sub-genre, his own corner of the SciFi universe, but to create SciFi which breaks out of SciFi is not SciFi.

If Tarantino gets the helm I will observe the way I have done with STD (snigger): catch bits and pieces on YouTube and see if anything piques my interest. Thus far, while I could mark it a little above average on story line, technology, and effects, it does not feel like Star Trek but more like its own stand-alone show.

inb4 "old fart" "cranky grampa" "out of touch" "unhip"

5
0

Tesla share crash amid Republican bid to kill off electric car tax break

Alan W. Rateliff, II
Paris Hilton

Fallacious logic applied to taxation

"any cuts have to be met with additional tax income."

This presumes the money spent was the government's money to spend in the first place. The natural tendency of government is to take, whether it be money, rights, liberties, property, freedoms (some of these being inextricably interlinked to each other) or whatever else is naturally owned by an individual.

But more specifically, cutting the corporate tax rate means businesses will do more business in the United States. Companies which have moved operations or manufacturing out of the country will have more incentive to return or businesses to build anew, which invariably increases revenue by displacing the losses by moving off-shore.

This does not get into even a little bit of the differences made when government stops taking money from citizens for failed programs, absolutely certain that throwing more and more money at a problem will solve it -- not at all limited to party, either.

Party notwithstanding, if you truly believe the government has a better idea of what to do with your money than you do, whether as an individual or a community, then you are the one still stuck in "more of the same" which has historically failed over and over and over.

6
1

Slashing regulations literally more important than saving American lives to Donald Trump

Alan W. Rateliff, II
Thumb Down

This is bait.

How did I know who wrote this article before clicking on it?

How about this headline:

"Government regulations literally more important than security to tech writer.

- Savings lives paper-tiger as mechanisms employ technology open to abuse."

9
4

BOFH: Do I smell burning toes, I mean burning toast?

Alan W. Rateliff, II
Pint

Good on ya, PFY

Good to see the young man taking more initiative.

Yeah, a lot of recognizable decision making code-word in this one. Any time management walks into a room and starts "surveying," "assessing," or anything which implies making a plan one must realize there is no plan there is only do. The decision to move forward on an idea was made before the idea was even fully formulated, inspired by a half-read blog post or magazine article. Half-read and quit before the section on caveats and pitfalls, which is always at the end, anyway, since the person writing in the first place lead with the meat to make the idea seem good or practical, putting all the realistic reasons why it will not work way in the back knowing eyes will have glazed over by then.

Like those news stories, "Is your cat plotting to kill you? We'll tell you why at 10." The foregone conclusion is in the headline and you should immediately suspect the opposite is true.

16
0

Release the KRACKen patches: The good, the bad, and the ugly on this WPA2 Wi-Fi drama

Alan W. Rateliff, II
Paris Hilton

hrmmmm Perhaps we can convince El Reg to use an icon of a troll instead of Guy Fawkes for ACs.

3
0
Alan W. Rateliff, II

Your post is informative to those who do not know otherwise, but... that was the joke.

Honestly, I completely discount this "backward compatibility" nonsense argument for why equipment still includes WEP (non-)encryption.

22
0

Commodore 64 makes a half-sized comeback

Alan W. Rateliff, II
Stop

It will be useless and crap.

A lot of promises here. I am tired of people taking the "retro" community for granted and for a ride. Anyone who has access to a real C64 and hardware (that is, anyone with access to eBay or Craigslist) already has what they need to have a good old time with the machine. The HDMI port might be the only useful thing about The64, in particular since so many of the cheap S-Video/Composite-to-HDMI adapters cannot sync to the 240p signal output by the VIC-II and other chips of the era including those in the TI-99/4-series and Atari 8-bits. There are a few which do but it is a crap-shoot, though I over-came with a shiny Onkyo TX-NR656 which does a fairly good job with up-scaling the old systems, including Sega Genesis and original NES.

Disks are not an issue, either. If you have a PC and one of the many models of XU-1541 then you can use a real drive and real disks. Or pick up one of the SD2IEC variants and put your disk images on an SD card. Grab the TOSEC for Commodore 64 via Archive.org, as well as a number of really awesome new games available around the webs.

Or, as another has stated, grab Vice and run a nicely-equipped Commodore 64 (or 128, or VIC-20, etc.) on virtually any platform. Frodo is another which works well for cross-platform emulation -- anyone still run PalmOS or WebOS?

Point being, the Commodore community at large, IMNSHO, will pan this (actually, there are plenty of threads around in which this has already been panned, some with amazing vitriol.) I do not see the names of anyone recognized as modern pioneers on this project, at the very least Jeri Ellsworth who was responsible for the D64TV. Anyone with genuine interest, like those I have met at places like Vintage Computer Fest, will want their hands on the Real Deal(tm) and will get them.

This is hipster fodder. I call shenanigans on this whole damn page.

0
0

Vibrating walls shafted servers at a time the SUN couldn't shine

Alan W. Rateliff, II

Re: VMS documentation

Nowadays, you have to check the box in case you accidentally threw out the CD.

Around a decade ago I was setting up a device for a customer. I cannot recall whether it was a network firewall or some USB device, this particular detail has long escaped me and is not important. What is important, however, is the instructions came on a CD.

I kid you not, the only file on the CD was a shortcut to the manufacturer's support website.

5
0

Patch alert! Easy-to-exploit flaw in Linux kernel rated 'high risk'

Alan W. Rateliff, II
Pint

Re: Let the games begin...

BSD on an Amiga 2000 with Blizzard 2060 FTW :)

(Or the native Apache and PHP builds from Aminet. Whichever.)

2
0

Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone

Alan W. Rateliff, II
Flame

Forced to use them, irrespective of how we want to live

Equifax, Experian, and Trans Union all enjoy a captive user base. If you do anything in life your information flows through at least one of these companies. Need car insurance, a bank account, to get an apartment, to rent a car or moving truck, to rent storage, to buy a house, cellular, home phone, or cable TV services? Any one of those and more require that your information travel through these services which have proven time and again they lack security prowess.

But, here is where I think we as consumers must accept some culpability: from my recollection all of these breaches have occurred via pathways of convenience, that is, some Internet portal which has access to a back-end rich with data which we can access on a whim via web browser or app. While, yes, we expect that companies will keep our information safe, whether we want them to have it or not, we should also expect a severe increase in risk for having conveniences like web access to such data.

(Of course, we hear about data breaches so much I think we have on the whole developed a fatigue, complacency, and even ambivalence toward personal data collection

But where does the problem really fall? Is it our requirement for instant and unfettered access to information, the entities which fulfill this requirement, or the fact these entities are able to collect this information in the first place? Maybe somewhere else?

It aggravates me no matter how much I personally avoid (or at least try to avoid) situations in which I would be forced to give personal or private information to someone or something, others are quickly handing that information over, anyway. I avoid using Google products, but calling or sending a text message to an Android phone or email to a Gmail account exposes me. Even Some Business and its associated domain is not safe because it uses Google Apps for email, or Office 365, or its records are stored in Azure or Amazon cloud.

I do not use social media, but my family or friends post everything about their lives on it, and by extension when I participate in their lives they post mine, as well, giving me the only recourse of becoming anti-social. FFS, even some of my customers do it!

In order to survive this increasingly connected world I have to accept that my life may no longer be private, at least to some degree, and as such these entities which broker in information have to accept their place as responsible custodians of said information.

11
3

Sony remembers it once made a great little phone

Alan W. Rateliff, II
Paris Hilton

How well does "predictive capture" work?

The camera boasts "predictive capture", a fairly common trick nowadays with the phone snapping shots continuously and discarding those just before the moment the shutter was pressed.

On my CyberShot phones I use BestPic. I found many times I hit the shutter a split second early in anticipation but most times I hit the shutter a split second too late. BestPic's ability to capture several frames before and after the shutter (four before, one at, and four after) is very handy to capture the single event and also to catch stages of the event in various frames.

1
0

New York Police scrap 36,000 Windows smartphones

Alan W. Rateliff, II
Thumb Down

Re: WTF?

Yup yup yup. I was heading right in this direction. All issues with the selection aside, Microsoft has to take some responsibility in its own demise. I was going to ask if a company can be so blind to its bullshit, but the obvious answer is, yes. It plays this never-ending game with its users and devotees screwing them at every corner, including this path of constant obsolescence, pretending users are okay with it and actually want more.

Microsoft has tuned its Reality Distortion Field to work on itself, but its nowhere near as capable as Jobs' in regards to customers. At least in the case of translating frustration from the desktop to the mobile phone market. Microsoft may be King of the Desktop, but that has nothing to do with the goodness of the product and treating mobile phones like a desktop just is not going to bring market share.

In short, Microsoft does not have its shit together.

Now, I know very little about iPhones as I neither own or use one. However, I recently came across an iPhone user with an iPhone 5 running everything a newer device can. That is a five year-old phone running iOS 10 and all the accoutrements therein. That seems pretty impressive to my non-iPhone-using self. Yet here we have Windows smart phones purchased in 2016, applications which cannot run in 10 in 2017, which would only be supported until 2019.

Big WTF here, Microsoft.

7
1

Nasty firmware update butchers Samsung smart TVs so bad, they have to be repaired

Alan W. Rateliff, II

Re: Go Samsung!

Eh, blame GoogleTube? Maybe so for TVs but I can still stream YouTube to my Sony Ericsson phone, though the audio and video tend to go out of sync.

Technology sucks.

If it didn't, people like me would starve.

1
0

Linux-loving lecturer 'lost' email, was actually confused by Outlook

Alan W. Rateliff, II

As opposed to an admin who thinks he's above user preference?

Who are you to dictate file extensions? What if he didn't want to use them at all? What if he had never heard of those particular extensions. What if another program used the same extensions?

Okay, I'll bite. Your last assertion seems valid, but cannot validate the rest of the shenanigans in your post. If a user wants to name paper files which exist in a complete vacuum relative to standards, that is how someone wants to file their papers is generally an arbitrary choice, then that is fine. However, if users want to maintain data in an environment which consists of standards then it most certainly is the admin's responsibility to ensure the users stay withing those standards, or at least in most cases it should be safe to assume those standards are valid and followed.

Of course, we know how assumptions work, so it is also the responsibility of the admin the event that valid data is affected by such automated processes. As a matter of policy I do not delete data in customer use areas and leave that up to the users, even in times when space is low and I have to guide the user through the process I stay away from the liability.

I will agree that if the admin acts maliciously in a this-will-teach-them approach, without ever having taken the time to advise or guide the user, said admin is not meeting his responsibility, but certainly, yes, standards trump the user's preferences, especially for forward usability.

You remind me of the admin who blindly deleted someones file called "penis" that contained biological research data.

He didn't get away with it. I'm surprised that you did.

This is not even close to the same thing. If someone wants to put the name "penis" in their files, then so be it, even more so in a biological research environment. Stipulation this is a real even in the first place and your retelling of the tale is a 100% true representation of the event, the admin who did this sounds like a penis, himself.

4
0
Alan W. Rateliff, II

If he needed an old email, he'd just go search in the deleted items.

I have asked users before, "would you keep your lunch in the trash can?" Then I spent some time showing them how to use mailbox folders or archives.

I never really liked the archives because they were always stored in the local Application Data (or %localappdata%) directory which is not subject to roaming profiles or folder redirection. If the user moved to a new computer the archive PST would have to be moved manually, or worse if the computer tanked it was lost. Storing the PST in "My Documents" is not much better because Outlook has the habit of continuing to run after its GUI is closed, thus holding open PSTs which would wreak havoc with roaming profiles in particular since users have the habit of logging off or shutting down without closing programs.

It rather amuses me how Outlook now likes to use the "Outlook files" folder in "My Documents" and Microsoft encourages the use of redirected folders, considering Microsoft also warns against using PST files over the network. (Unfortunately, the blog post link in that article is no longer a direct link but can be found in plenty of other resources. GFI has a really nice write-up on this.)

17
1

Commentard Quizwall experiment ends with more quizzing than commenting

Alan W. Rateliff, II

80% of them are simply a habitat for trolls, ideologues and credulous chumps.

Are you describing the comments section or Kieren McCarthy's articles?

11
3

Your top five dreadful people the Google manifesto has pulled out of the woodwork

Alan W. Rateliff, II
Stop

Misconceptions, misinterpretations, fallacites, and flat-out fabrications

How about we see this "manifesto" broken down by a clinical expert (and academic) and spoken of directly from the horse's mouth?

https://www.youtube.com/watch?v=SEDuVF7kiPU

1
1

Autonomous driving in a city? We're '95% of the way there'

Alan W. Rateliff, II

Re: LIDAR vs Snow

Right! Reminds me of the rant from some car maker working on autonomous driving, complaining about the lack of uniformity in traffic lights and signs around various locales. Once the autonomous vehicles left the sterile testing environments or the familiar local area they suddenly failed to recognize important traffic control cues.

Seems to me if the computer cannot adjust to disparate environments it is not a very good replacement for the human system.

Unless, of course, we change everything to suit the machines. At which point they will have won.

0
0
Alan W. Rateliff, II

Will we ever reach the real level of human-like driving?

Robotic road rage would be awesome.

1
0

It’s 2017 and Hayes AT modem commands can hack luxury cars

Alan W. Rateliff, II

Re: Physical access

I suppose one thing would be the next take-down of half the Internet could be done by cars instead of IP cameras.

But, imagine if you will, suddenly making a bunch of cars of a particular model shut down at the same time, or they activate the braking system all at once on various Interstates. Obviously that all depends upon what additional systems can be accessed, but if car designers take the TJX or Target approach that nothing bad can happen inside a protected network, well, there are all sorts of shenanigans which can ensue.

While the espionage angle of killing a journalist of political staffer without traces of foul play may sound outlandish, maybe taking that a little further in realizing in its most useful mode car is a ton and a-half missile. And I am not talking about the back seat on a hill top. Since we are becoming more and more dependent upon technologies like lane keeping, blind-spot monitoring, object avoidance and, eventually, self-driving, the uses for taking over a system using the defects in a modem are pretty evident.

For that matter, I wonder what happens if we start sending malformed GPS signals to cars with built-in navigation. Even the car I am driving right now (not while typing this, mind you) without navigation can use the built-in GPS to set the clock, and when paired with my phone it can place an emergency call including my GPS coordinates in the event of an incapacitating accident. So, what about mishandling malformed GPS input when the unit is receiving an updated almanac?

Anyway, that is just thinking about another vector into a potentially unprotected system, but gaining access to a car's systems, even "non-critical" ones like oil pressure or temperature sensing, speed indication, hood release, and so on could cause a great deal of mischief.

2
0
Alan W. Rateliff, II

Re: I missed something

That is left to the imagination of the reader or anyone with the motivation to try it.

0
0
Alan W. Rateliff, II

Re: "In IT terms a 2009 product is close to end-of-life" - Does not compute!

You've worked on products with a intended operational life measured in decades - but most businesses now work with hardware with an intended operational life measured in single-digit numbers of years.. The key word in each case is "intended."

Okay, sure, but the keyword is "IT".

The general IT reference cannot be limited to just within the past decade. Not that long ago I found an old 2400 bps modem in one of those street-side billboards. Within the past few years I had been working with a company to install new radios with built-in IP routers for ACARS uplinks which were being handled by 9600 bps lease-circuit modems and radios which my grandfather might have sold when he was a teen.

I suspect these new radios will not get a couple of decades of service while still providing the same intended purposes of the original radio and computer stack.

4
0
Alan W. Rateliff, II

Re: The Hayes modem command set.

From what I can tell from some SonyEricsson developer guides the AT command set is also used between phones and Bluetooth devices to set up indicator updates (charge, signal strength, etc.) even pop-up a notice on your phone when a device's battery is going flat, among other things like currently playing media file information.

I have also read documentation on SMS sending devices which use AT commands, hell even 802.11 "wifi" modems communicate with the host computer via AT commands and the chips are being used to make wireless interfaces for old computers like the Commodore 64. Have to wonder if these would be susceptible to the old "+++ATH0" trick we used to knock people off-line in the old dial-up days*: imagine including a reference to http://theregister.com/+++ath0.jpg in a web page.

Considering that my old SE phone works with the latest 2017 in-car media computers, none of this surprises me but is rather interesting. Makes me wonder if there are any other devices which use the AT command set which may be vulnerable to buffer mishandling of commands or results (AIO and fax machines, in-car computers over Bluetooth, computer fax modems, regular old modems, alarm systems or critical monitoring systems with cellular modems, and so on.)

* that is, against modems which did not implement the Hayes standard escape wait time before entering command mode.

3
0

Firefox doesn't need to be No 1 – and that's OK, 'cos it's falling off a cliff

Alan W. Rateliff, II

It's Google's fault, blah blah blah

While NOT arguing against Google "Do No Evil" (or whatever) aggressiveness for a second, I feel it incumbent upon me to point out that a big enemy of Firefox is Firefox. I see this when I look back through articles about changes being made which users do not particular like but trudge along because there is nothing better.

Well, Chrome is here. May not be better than Firefox, but it does seem to be far less aggravating for users.

6
0

Google Chrome's HTTPS ban-hammer drops on WoSign, StartCom in two months

Alan W. Rateliff, II
Meh

Re: A further attempt to reach an authorized StartCom spokesperson brought no response.

I got a response from support several weeks ago about this issue and how my secure sites to which I direct some of my customers were starting so show as insecure in Chrome. I was hoping this mess would be sorted by now, but apparently what I have to do is purchase a certificate which will have all of my certificates combined and signed by what is and will continue to be a trusted root, then they will re-issue all of my affected certificates once the root distrust issue is resolved.

Well, damn.

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018