The 1980's called...
they want their scare story back.
1614 posts • joined 12 Jun 2009
they want their scare story back.
"require the consumer to log in via HTTPS, put in a good password, and then manually enable SNMP and SSH"
Reasonable requirements for 2017, but not so good to set in concrete legislation for the next 20+ years. Set down general principles in the law, and supplement with guidelines that can be updated more regularly.
And kidney stones?
Don't farmers have good, strong water jets for crop irrigation?
I'm struggling with that idea too, plus, what's this money being spent on? I'd expect the biggest item is security, and you won't want to leave that to "sponsorship". Putting seats out for the VIPs and the bunting doesn't take much, and I'd expect the contracts for the food stands and portaloos to be done well before the election date.
"10.000 stronger than any field we can produce"
You wouldn't want that stuck to your fridge...
The universe is a surprising and amazing place.
Roald Dahl described winning a photography award for a shot of desert ruins taken from his WWII training aircraft in his book Going Solo.
So I shouldn't say, "I watch BBC" when referring to my news sources?
Based on the species of the active participant, isn't it humaniality?
Attach it permanently to the user's head!
Alternatively, just use a nail.
Sorry about the long delay - I only looked back at this thread today.
Responding to your responses...
iOS and MacOS are based on Mach, but they aren't microkernels: "However, in OS X, Mach is linked with other kernel components into a single kernel address space. This is primarily for performance" https://developer.apple.com/library/content/documentation/Darwin/Conceptual/KernelProgramming/Mach/Mach.html
How this affects their security compared to Linux, I don't know.
Were we restricting the discussion to "how microkernels make IoT secure", or "how to make IoT secure"? My point is that it isn't all about microkernels. Yes, insecurity at a lower level affects all higher levels, but it is also possible to "bolt on" insecurity, To steal an analogy from cryptography, you need strong algorithms and good key lengths, but if your crypto is like a 1 mile stake in the ground - infeasible to get through or over, increasing the key length to make it a 10 mile stake doesn't improve your security - the attackers still go around the stake instead. Securing your IPC messages against an obscure attack doesn't fix a hole elsewhere. As an example of "bolt on" insecurity, SMTP email was a mostly harmless protocol until someone (Microsoft) decided to add a programming language (VBS) to their email client, and have it autorun scripts in messages on preview... then we got Loveletter. All the inherent insecurities of the underlying protocol made no difference to how the catastrophe spread, it was the add-on scripting that made the difference.
How does a precise definition of malware help? I'm saying we can't really have one, but the idea of securing everything from the microkernel depends on it. We can't really have one because the classification depends on intent: format is a useful program, but a trojan with the same function is highly destructive. So, we'll ask the microkernel, "which of these two programs that overwrite the disc should be allowed to run?", perhaps it will refer to a signature: who wrote the program? Then, who do we trust? Has the key been compromised? We're back to dancing on quicksand.
"well most servers (at least ones of any scale) are set up by experts" - Then why do we see news stories like https://www.theregister.co.uk/2016/09/22/yahoo_500m_email_accounts_hacked/ ? I would say that most servers are secured to a cost, and an expert will make a rational choice between meeting an unreasonable constraint and loosing their job.
Spend too much on a secure microkernel, and there's not enough left to identify or fix gaping holes elsewhere.
My first reaction to what you said was also "claptrap", but, on reflection, I think it lacks context. You're saying Linux is insecure and unsuited for the challenges in, "the wilds (at the edge) of the Internet"? So what alternatives have seen massive deployment in that area? Perhaps Windows, iOS, OS X? They certainly don't represent a different level of security, so I'm missing your meaning.
I took a look at your previous posts... are you thinking more in terms of formerly-defined systems, with provable behaviour? In that case I have a few criticisms:
i) Even "simple" IoT devices are too complex for easy formal definition
ii) Your concept of "security" is restricted to technical considerations. Security should encompass confidentiality, integrity and availability, and the trade-off between them is determined by the application.
iii) You say that software can come packaged with malware... but how do you define malware? I tend to use the definition, "software that does bad things", but that requires assessment of intent, which is a human quality not amenable to formal definition. Actually, this is the flip side of my point (ii)...
iv) Costs are being driven down, we don't have very controlled servers in locked data centres (and even when we do, someone's fitted an IoT lock, "for efficiency"), tended by perfect experts.
So, take a look around the real world, it is more complicated and messy than a formally-defined microkernel can cope with.
"novelty 10' plywood cheque" - I recall a news story about a cheque written on a 10' shark, by a fishmonger to the local council, IIRC.
Their mice a descended from The Brain! (0:07 in the video)
"where's the rest of the material?"
From the article:
"allegedly found a Mac, an iPhone and a hard drive storing images of underage sex"
Is it credible evidence? Let the jury decide.
I thought the US military were quite fussy in the Vietnam era too... citation: Alice's Restaurant https://www.youtube.com/watch?v=m57gzA2JCcM
"the Sun is not hidden from us by 3,000 km of rock"
Hah! It's four times that, at night!
@pauleverett - would it be smart enough not to call the cops if it hears a TV show, or one of those dinner party murder mystery games?
"Amazon Echo here - Reporting a conspiracy to steal plans for a top secret military project called 'the Death Star'."
"Now, let the management types of the Empire run the Death Star with no designers and no plans."
I recall from ANH that the Empire completed an analysis and also discovered the weakness, so therefore they still had the plans. Therefore, there was an offsite backup, or DR site, for the archives on Scarif.
I'm guessing that the consultants who completed the analysis made sure they were safely on a shuttle for home before the project team delivered the unfavourable report to top management...
@Anonymous IV - It's up to us to supply possible endings:
1. and that's how he met my Mum.
"Now according to my roman numerals chart, X is 10, and P means Million... so XP = 10,000,000"
No, XP = 999,990 , just like IV = 4
Edit: upvote to druck, I'm late by XV hours.
I'm patenting a thin plastic shim that can rest between the contacts of the power button, in combination with a warning label, "No user serviceable parts inside".
I'll rent them out... I'll only need one per computer shop, and I get paid every time they're removed.
Where's the "bundles of cash" icon?
"Galileo can be blocked for civilian use in an emergency"
1. Wait until every car, lawnmower and bulldozer is self-driving and dependant on Galileo
2. Trigger an emergency
3. Enjoy the chaos...
Am I on the watchlist now?
Did he include his PA's time in the pricing?
There is a reason why sailors stopped using larboard/starboard.
Legitimate/Bastard would be a readily-recognisable terminology.
Yeah, what's your favourite music?
@Flocke Kroes "Although PHB's from the 80's could do something constructive with the command line"
Really? I thought they were too busy asking their secretaries to print their emails. OTOH, their secretaries were probably doing quite a lot from the command line, or using obscure key combinations.
"it may provide a new way to translate speech into other languages"
Or, more likely, humorous and deadly anecdotes of mis-translation...
Consider descriptions of a cow being slaughtered in Hindi and Texan.
"My hovercraft is full of eels"
@SkippyBing - The Tamar government HQ was opened in 2011, it didn't exist in 1997. You're thinking of the former Prince of Wales Building, now the Chinese People's Liberation Army Forces Hong Kong Building: http://gallery.moeding.net/AroundTheWorld/Asia/China/HongKong/Prince_Of_Wales_Building.jpg
which is just next to Tamar:
which is built on the filled-in ship repair basin. Both were part of HMS Tamar.
The PLA went to the Prince of Wales Building first because all the military sites were transferred to them at the handover. Government House is owned by the civil government, though the first Chief Executive chose not to live there, probably to emphasise the difference from colonial times.
Was the shore station and headquarters of the British forces in Hong Kong. Tamar is now the name of the new Government headquarters on the same site.
"Any naming scheme will end in duplicates, it's unavoidable."
You've obviously never visited Hilbert's Hotel.
"If they cannot be fixed, I'm sure that most people with one of these will just junk it."
Why? Even if they see the warning, as long as it's still functioning, many people will just keep using it, completely unaware or uncaring of the DDoS or other nastyness running in the background.
@Dog11 - "How else to make a front panel with lettering that looks silkscreened?"
Mirror-image print on acetate sheet?
@MNGrrrl: "Nobody has tried something like this before"
Well, not since Atlantis, you can find the original engineer's report and planning permission buried in soft peat at the local planning office.
@jake - I think we need to know the size of a qualifying earthquake first, we don't want you dropping a feather next to your seismograph and running off with the pot...
"Sssh!, not so loudly."
Too late, HAL's already reading your lips on the webcam.
I'll get my spacesuit... with the helmet.
Or they changed from the default locale, but it silently resets on every update... or possibly, whenever it feels like it.
You've missed the point - it's not the Democrats that are calling "Vote fraud", it's some academic saying, "this looks odd". It's been shown that many of the machines can be hacked, he's asking, were they hacked?
The underlying question is why the USA tolerates insecure voting machines, but Trump it seems is also uninterested in this when the results favour him.
On a bicycle? What happened to his horse?
"Error messages should be short enough and clear enough to be remembered."
Ah - like "PC LOAD LETTER" then?
@Terry 6 - "drivers have no idea how to top-up the jets" either you have some seriously overpowered cars where you are, or you're looking for the word "pilots".
Hoist by your own petard - you did say not to use jargon terms.
Nice to see KCL getting back to the vision of their founders, but perhaps a little more emphasis on the other half of their motto is required: Sancte et Sapienter "With Holiness and Wisdom". The backups are certainly holey, but where's the wisdom?
Disclosure: I'm a UCL Grad.
Not to mention the paperwork for importing/exporting weapons components...
@Oengus - First comedy channel to hand out nuclear launch codes... watch out for the punch line!
If they come from France, do they use tiny guillotines?
AC, IanRS - you two are a right pear.